From patchwork Sun Oct 8 10:40:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Frank Lichtenheld X-Patchwork-Id: 3381 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:b412:b0:f2:62eb:61c1 with SMTP id dj18csp1441996dyb; Sun, 8 Oct 2023 03:41:27 -0700 (PDT) X-Google-Smtp-Source: AGHT+IECTo7RRiYKcRTnFfP9STOoWhscvPf/tUfB+qk4bE1mkFExJec1MhMIFzgGNV5GWhTgo/f+ X-Received: by 2002:a17:902:d512:b0:1bf:349f:b85c with SMTP id b18-20020a170902d51200b001bf349fb85cmr14472088plg.1.1696761687450; Sun, 08 Oct 2023 03:41:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696761687; cv=none; d=google.com; s=arc-20160816; b=oIeDZkW181SnyNBTixdwHIL1qBRme6zrAJmj8yJOQK95+aiIbsQnbJrBN9vtu42wJZ +pZz8VOxbnjuL2zFd0cNa+7T+OYrAaNW8vQfi81dUdkHw+oCQtxi3jJMMJT8F8cSOa7s TrtHiU+dtUnOt0/bOWFwliQ9orC6H2ebHA/CD02j7WqHj96P13D6NpgqB1TtV2WTYvAp XPGT7efbfIkvsGYgJbENLhPOXZp4l/YQ/S/lCtLZIVpDFe9Aw1MDHQx1+4obkUEz1F4I 6zVBCroeUq0KwIFZvsLFkctaQz5svqpDHIRQzdOJ5KsJ5pQtn0b/HaSwwm+SMQYSMka3 AFvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=xo0GZxQwXIwJ14A9Pnma6Q7pHg3oBLzhHxXXYc1dRUg=; fh=CfxSpwd5kfiMJoL3kcov7PTxVKT7pGe/79idnx9XlBs=; b=t/4YifffzopXmYzVj+yzGjolQP1hV8R2FOHqGiYLFasuZmQiLtDbFq6OW/j7DTlztS EK8xFOTxynWk/haURkDLAz8nTnpou1/WFsBBgp0GGMfkk2kUsIro4TRtwNogCRg6EIXt x1qrkjDqhSwUxKLE05wuc0R5yk9Z9ZT7EBWswr/TV5Kh64d4ZtadhsCBq1q/7Rf/Aj02 3zlXQql00Cq86DrX6v1YhqUj5V0XMllhWM8yNFyKqpQrIr9JgrfPQdl4VgYOMyPbAEWk p2n+lsosabhghpdLfAT4lmUzRAj2YMhgqapao96xGoFt0ALNvgfPmFPYXg1OeZn9KCs8 eDbg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=CMxp5KJg; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=D17voSpA; dkim=neutral (body hash did not verify) header.i=@lichtenheld.com header.s=MBO0001 header.b=eOvdOOaJ; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id q5-20020a170902a3c500b001c76e9f12a3si7588458plb.575.2023.10.08.03.41.27 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 08 Oct 2023 03:41:27 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=CMxp5KJg; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=D17voSpA; dkim=neutral (body hash did not verify) header.i=@lichtenheld.com header.s=MBO0001 header.b=eOvdOOaJ; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1qpRDC-0000ad-98; Sun, 08 Oct 2023 10:40:38 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1qpRDA-0000aR-0p for openvpn-devel@lists.sourceforge.net; Sun, 08 Oct 2023 10:40:36 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=1PFbJ+reLT+HYuE22iUkFfAp31QN482r8qb7q+xPAvI=; b=CMxp5KJgiduJqJ6NlyxLdZZw0t mJCSg7Kw1npazpW4iRFO19gn5TApgOlu5ovg020KK6cqpxWXMVz61YIx+Ot10hmQq05EcnBYQ+6Ur Q7wcpVQic1fILd43JXNC2yw+W/N5e66XARSQy1/VrWiqpMvKN/DrmZMWMUetyzlZpbE4=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=1PFbJ+reLT+HYuE22iUkFfAp31QN482r8qb7q+xPAvI=; b=D17voSpAEzLO3aYikifYMzklTi 3dv0OqiusSAQqQPKSyZVTNO3pSZdy1CIwLvMJygcsYEoqEnDcwmmBKBt6izNTHEnRSQU7qMjAwmK8 tRs0rspHgV3PZP6nQFqQRZ/rsbeK3j3xNI1GDlBKfYAsxNBYyN9n90n8soO1TeZZPBFI=; Received: from mout-p-102.mailbox.org ([80.241.56.152]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1qpRD8-0071HL-76 for openvpn-devel@lists.sourceforge.net; Sun, 08 Oct 2023 10:40:35 +0000 Received: from smtp102.mailbox.org (smtp102.mailbox.org [IPv6:2001:67c:2050:b231:465::102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-102.mailbox.org (Postfix) with ESMTPS id 4S3JbD21bWz9sm9; Sun, 8 Oct 2023 12:40:24 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lichtenheld.com; s=MBO0001; t=1696761624; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=1PFbJ+reLT+HYuE22iUkFfAp31QN482r8qb7q+xPAvI=; b=eOvdOOaJzwK5VbvKtTJ7Wk3W61Td93NTvIh033Kk0nT2+TRFm1SDAwof/6nvrrqsVngR1/ nY7EYC2LIB8llCYMW0LJLCSpWVbPM4an1zsnuAOY9aEMk6XzeReS3Df1Dv3a/5ZAzQRQwE lvRkrLqGhoYPH5/Pu2l1wK1NBNb+iNPJhVB6JsGNZey7mUH5mPaCBN/mUhaSAFtUA81qHz 7tG47035xReud+rxlOdg62SBt/bS++RFpvn22C1bdSORDcOIVL5Idg8RA0ps/MffadDMhA K8A9Z9aObmlg5VQAsHL+5r3NOxhI7cysHgWyIKrTWqkThs5wmBaLYgd0fc0f9A== From: Frank Lichtenheld To: openvpn-devel@lists.sourceforge.net Date: Sun, 8 Oct 2023 12:40:22 +0200 Message-Id: <20231008104022.20200-1-frank@lichtenheld.com> In-Reply-To: References: MIME-Version: 1.0 X-Rspamd-Queue-Id: 4S3JbD21bWz9sm9 X-Spam-Score: -0.9 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Half of them used unsigned int, the other half size_t. Standardize on one. Could've also standardized on the other, both are much too big for the expected numbers anyway. Add a new utility function clamp_size_to_int for cases we need to change from size_t to int (there are a lot of those all over our codebase). Content analysis details: (-0.9 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [80.241.56.152 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain X-Headers-End: 1qpRD8-0071HL-76 Subject: [Openvpn-devel] [PATCH] mss/mtu: make all size calculations use size_t X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Arne Schwabe Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1779183583005505339?= X-GMAIL-MSGID: =?utf-8?q?1779183583005505339?= Half of them used unsigned int, the other half size_t. Standardize on one. Could've also standardized on the other, both are much too big for the expected numbers anyway. Add a new utility function clamp_size_to_int for cases we need to change from size_t to int (there are a lot of those all over our codebase). Resolves some -Wconversion warnings. Change-Id: Ic996eca227d9e68279a454db93fcbc86a7bd0380 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/269 This mail reflects revision 3 of this Change. Acked-by according to Gerrit (reflected above): Arne Schwabe diff --git a/src/openvpn/integer.h b/src/openvpn/integer.h index 30b9ecf..a0e421d 100644 --- a/src/openvpn/integer.h +++ b/src/openvpn/integer.h @@ -36,6 +36,13 @@ ((uint64_t)ntohl((uint32_t)((x) & 0xFFFFFFFF)) << 32) | ntohl((uint32_t)((x) >> 32))) #endif +static inline int +clamp_size_to_int(size_t size) +{ + ASSERT(size <= INT_MAX); + return (int)size; +} + /* * min/max functions */ @@ -201,8 +208,8 @@ /** * Rounds down num to the nearest multiple of multiple */ -static inline unsigned int -round_down_uint(unsigned int num, unsigned int multiple) +static inline size_t +round_down_size(size_t num, size_t multiple) { return (num / multiple) * multiple; } diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c index d7ee4c2..108b370 100644 --- a/src/openvpn/mss.c +++ b/src/openvpn/mss.c @@ -207,8 +207,8 @@ } } -static inline unsigned int -adjust_payload_max_cbc(const struct key_type *kt, unsigned int target) +static inline size_t +adjust_payload_max_cbc(const struct key_type *kt, size_t target) { if (!cipher_kt_mode_cbc(kt->cipher)) { @@ -221,13 +221,13 @@ /* With CBC we need at least one extra byte for padding and then need * to ensure that the resulting CBC ciphertext length, which is always * a multiple of the block size, is not larger than the target value */ - unsigned int block_size = cipher_kt_block_size(kt->cipher); - target = round_down_uint(target, block_size); + size_t block_size = cipher_kt_block_size(kt->cipher); + target = round_down_size(target, block_size); return target - 1; } } -static unsigned int +static size_t get_ip_encap_overhead(const struct options *options, const struct link_socket_info *lsi) { @@ -258,7 +258,7 @@ struct link_socket_info *lsi) { #if defined(ENABLE_FRAGMENT) - unsigned int overhead; + size_t overhead; overhead = frame_calculate_protocol_header_size(kt, options, false); @@ -267,12 +267,12 @@ overhead += get_ip_encap_overhead(options, lsi); } - unsigned int target = options->ce.fragment - overhead; + size_t target = options->ce.fragment - overhead; /* The 4 bytes of header that fragment adds itself. The other extra payload * bytes (Ethernet header/compression) are handled by the fragment code * just as part of the payload and therefore automatically taken into * account if the packet needs to fragmented */ - frame->max_fragment_size = adjust_payload_max_cbc(kt, target) - 4; + frame->max_fragment_size = clamp_size_to_int(adjust_payload_max_cbc(kt, target)) - 4; if (cipher_kt_mode_cbc(kt->cipher)) { @@ -296,7 +296,7 @@ return; } - unsigned int overhead, payload_overhead; + size_t overhead, payload_overhead; overhead = frame_calculate_protocol_header_size(kt, options, false); @@ -325,7 +325,7 @@ * by ce.mssfix */ /* This is the target value our payload needs to be smaller */ - unsigned int target = options->ce.mssfix - overhead; + size_t target = options->ce.mssfix - overhead; frame->mss_fix = (uint16_t)(adjust_payload_max_cbc(kt, target) - payload_overhead); diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c index 389d140..df6ba13 100644 --- a/src/openvpn/mtu.c +++ b/src/openvpn/mtu.c @@ -174,7 +174,7 @@ */ const char *ciphername = o->ciphername; - unsigned int overhead = 0; + size_t overhead = 0; if (strcmp(o->ciphername, "BF-CBC") == 0) { @@ -192,7 +192,7 @@ * the ciphers are actually valid for non tls in occ calucation */ init_key_type(&occ_kt, ciphername, o->authname, true, false); - unsigned int payload = frame_calculate_payload_size(frame, o, &occ_kt); + size_t payload = frame_calculate_payload_size(frame, o, &occ_kt); overhead += frame_calculate_protocol_header_size(&occ_kt, o, true); return payload + overhead;