From patchwork Wed Sep 24 08:18:05 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4443 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:c08a:b0:72f:f16c:e055 with SMTP id jr10csp1390185mab; Wed, 24 Sep 2025 01:18:30 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVVoaWa5UWbC8Pu8JH8A5acECoyrF8rsoa1sMsHTvNCiP37ESO2/k0A/O5oQRFoa1jNFR9jV4sYP4I=@openvpn.net X-Google-Smtp-Source: AGHT+IFmW4/blsWljvts6D3+2HmxUBV0wIqvxw7ZbjklwLUXhJgYE7po7/heNUKVXFDVWq8+wxSo X-Received: by 2002:a05:6820:82a:b0:621:76b6:b3c with SMTP id 006d021491bc7-6331bdddb08mr2861130eaf.4.1758701910192; Wed, 24 Sep 2025 01:18:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1758701910; cv=none; d=google.com; s=arc-20240605; b=c4W7bFkDMe7ZKVau9dSqvoXza5HFwgA36rwhB+uNUycig87Cpec0KG/CKCvuKCG7pk Z4GyPAuK92dx0WtZ4SK0q9YbF/FmMf1H8pXvwftxJxTG02zZITEUciDevIeO2XDqe+OC QJ4YT/ExBu9+XSbhXm9n6e6zPVn0wJGu1xlOrU+SMG7/GI1O3NKZCZnJKTwE7kwUOKzO Kb/QWyXliCQ3QGeufVbAQXrBfrb1mzxpE71StZJji9DvBpmDs8wmQRRASK/8pQYhb31M 1eWQw09Ir4bOnbwyGV/Rks0Bll1/gaw3nsYCf3ng/4j52n1WKLjKx480rtkydaVHnzXN P+Mw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=kinhJYeNgaVBYw6VOi6BAfYamp4QMnbJF8WKpUYsyx0=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=TXulxu0ZQT7SQaMuQpm/ka49DrVO7u88lf9WemrWnWL8UEBwuWqjzXJ2Yg/N9SVOqF 43n2h5fKAK6kS6mRVnNpPOmvoPF6xcAP8FzSj/N2FCl39UjL8auPMEpaOUNWFFx4TU33 /lLCF6OhLz5QGelqW4h7yKNvv7lpy46BvINAx25TFlFpNUkHvMXpSmkmFRk0BFb7TVjj mdSZ/4tJoizZ0Uj/gGVzLE8d244i2Iipp9lIp/SkxvtejiPVyP21ioGJnWXTRS9H+gd+ xqeKWhflAGN6NfBgJqIT60ZVClErSqRbU2xvuf35As44n5bvmaWGcYFwEY73SeNtVq/s al1A==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=Bzwog4+2; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="W/jbu8r1"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="LRn/lS5V"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 006d021491bc7-636be6fcc49si467469eaf.93.2025.09.24.01.18.29 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 24 Sep 2025 01:18:30 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=Bzwog4+2; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="W/jbu8r1"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="LRn/lS5V"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=kinhJYeNgaVBYw6VOi6BAfYamp4QMnbJF8WKpUYsyx0=; b=Bzwog4+2arz/us+ub3fqI3/C9g sOUwXVXTkJzjezJHnIrLECzSuZHOmEkHP8vjIvn01LarajuHTXlFP5HmYz/IM0Hqfw1FifXFEPgfZ iTQ7/hmk/lyW0HljlTyoHgbYRE1OhZeZi3ArmIN3nSTmGcZ6vtn16gW+kcG9gSSws/Zg=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1v1Khn-000557-NF; Wed, 24 Sep 2025 08:18:27 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1v1Khm-000551-Sm for openvpn-devel@lists.sourceforge.net; Wed, 24 Sep 2025 08:18:26 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=agxEpCe45zQZq0XwX4nuyuQJRMs5EpQFNv772DYMktU=; b=W/jbu8r1ddhAoPhDbArbOEO9uZ HQqh6A2cKVguZsKETs8USW5M/Rb1CM9/rf1Ho2vLcZkL0s5zTpQeK/+hugCZK017JQQ1RDOkjEDTW dRiqrW/vdikd/fdsdNfQBulmwW0s4SwyHeEFyuCP/lsdDpzQ6crBricOlfPVMxj2jLqw=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=agxEpCe45zQZq0XwX4nuyuQJRMs5EpQFNv772DYMktU=; b=LRn/lS5VbVhOmHkzVafDctLE3b DhGCdcExHVOTxLNeuLMUtaYwzefR07sA2u+li0ZQTj6fRRkLRARnontdQCq/erXyJ1+el7tNNH1tC QuN6c6WIKXOKLslueTAt9Fk25Bpjvlw7XNXME93iVPH+Q+O0T6mugFhEqdaBGfwf/oP0=; Received: from [193.149.48.134] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1v1Khj-0007G8-9p for openvpn-devel@lists.sourceforge.net; Wed, 24 Sep 2025 08:18:26 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 58O8IBgj022873 for ; Wed, 24 Sep 2025 10:18:11 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 58O8IBYF022872 for openvpn-devel@lists.sourceforge.net; Wed, 24 Sep 2025 10:18:11 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Wed, 24 Sep 2025 10:18:05 +0200 Message-ID: <20250924081811.22859-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.49.1 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld Grand-father all known locations of existing errors, so that -Werror builds still pass and we do not spam build logs. Still, this should give us a much better roadmap to work on these issues one by one while still enabling the warnings for a lot of code-paths. Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1v1Khj-0007G8-9p Subject: [Openvpn-devel] [PATCH v13] Enable -Wconversion -Wno-sign-conversion by default X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1844132614518006387?= X-GMAIL-MSGID: =?utf-8?q?1844132614518006387?= From: Frank Lichtenheld Grand-father all known locations of existing errors, so that -Werror builds still pass and we do not spam build logs. Still, this should give us a much better roadmap to work on these issues one by one while still enabling the warnings for a lot of code-paths. In general I did go for least amount of pragmas, so usually there is only one override per file, covering ALL of the failures in that file. While this protects a lot of code that doesn't need it, it also cut down the amount of pragmas by a lot. This does cover gcc builds including mingw and clang builds. Does not cover MSVC. Once the amount of issues has been suitable reduced more warnings could be enabled. Change-Id: Iad5b00c35a1f1993b1fa99e8b945ab17b230ef59 Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1168 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1168 This mail reflects revision 13 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/CMakeLists.txt b/CMakeLists.txt index fdc0162..3f6196f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -113,8 +113,7 @@ check_and_add_compiler_flag(-Wno-stringop-truncation NoStringOpTruncation) check_and_add_compiler_flag(-Wstrict-prototypes StrictPrototypes) check_and_add_compiler_flag(-Wold-style-definition OldStyleDefinition) - # We are not ready for this - #add_compile_options(-Wconversion -Wno-sign-conversion) + add_compile_options(-Wconversion -Wno-sign-conversion) add_compile_options(-Wextra -Wno-sign-compare -Wno-type-limits -Wno-unused-parameter) # clang doesn't have the different levels but also doesn't include it in -Wextra check_and_add_compiler_flag(-Wimplicit-fallthrough=2 GCCImplicitFallthrough) diff --git a/configure.ac b/configure.ac index c2feeea..8f3c01d 100644 --- a/configure.ac +++ b/configure.ac @@ -1397,6 +1397,7 @@ ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-stringop-truncation]) ACL_CHECK_ADD_COMPILE_FLAGS([-Wstrict-prototypes]) ACL_CHECK_ADD_COMPILE_FLAGS([-Wold-style-definition]) +ACL_CHECK_ADD_COMPILE_FLAGS([-Wconversion -Wno-sign-conversion]) ACL_CHECK_ADD_COMPILE_FLAGS([-Wall]) ACL_CHECK_ADD_COMPILE_FLAGS([-Wextra -Wno-sign-compare -Wno-type-limits -Wno-unused-parameter]) # clang doesn't have the different levels but also doesn't include it in -Wextra diff --git a/src/openvpn/comp-lz4.c b/src/openvpn/comp-lz4.c index 6736469..a78c664 100644 --- a/src/openvpn/comp-lz4.c +++ b/src/openvpn/comp-lz4.c @@ -88,6 +88,11 @@ compv2_escape_data_ifneeded(buf); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static void do_lz4_decompress(size_t zlen_max, struct buffer *work, struct buffer *buf, struct compress_context *compctx) @@ -113,6 +118,10 @@ *buf = *work; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static void lz4_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx, const struct frame *frame) diff --git a/src/openvpn/console_builtin.c b/src/openvpn/console_builtin.c index b0228dd..71c0025 100644 --- a/src/openvpn/console_builtin.c +++ b/src/openvpn/console_builtin.c @@ -45,6 +45,11 @@ #include "win32.h" +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /** * Get input from a Windows console. * @@ -134,6 +139,10 @@ return false; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #endif /* _WIN32 */ @@ -264,6 +273,10 @@ return ret; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif /** * @copydoc query_user_exec() @@ -296,3 +309,7 @@ return ret; } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index ec7da43..6376c11 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -186,6 +186,11 @@ return; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static void openvpn_encrypt_v1(struct buffer *buf, struct buffer work, struct crypto_options *opt) { @@ -1532,6 +1537,10 @@ gc_free(&gc); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + int write_key_file(const int nkeys, const char *filename) { diff --git a/src/openvpn/crypto_epoch.c b/src/openvpn/crypto_epoch.c index b5cbc8d..7026ff8 100644 --- a/src/openvpn/crypto_epoch.c +++ b/src/openvpn/crypto_epoch.c @@ -72,6 +72,11 @@ hmac_ctx_free(hmac_ctx); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + bool ovpn_expand_label(const uint8_t *secret, size_t secret_len, const uint8_t *label, size_t label_len, const uint8_t *context, size_t context_len, uint8_t *out, uint16_t out_len) @@ -163,6 +168,10 @@ key->epoch = epoch_key->epoch; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static void epoch_init_send_key_ctx(struct crypto_options *co) { diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c index 2bab312..076d4ee 100644 --- a/src/openvpn/crypto_mbedtls.c +++ b/src/openvpn/crypto_mbedtls.c @@ -230,6 +230,11 @@ "available\n"); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + bool crypto_pem_encode(const char *name, struct buffer *dst, const struct buffer *src, struct gc_arena *gc) @@ -760,7 +765,6 @@ return 1; } - /* * * Generic message digest information functions @@ -1119,4 +1123,9 @@ return true; } #endif /* HAVE_MBEDTLS_SSL_TLS_PRF && defined(MBEDTLS_SSL_TLS_PRF_TLS1) */ + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #endif /* ENABLE_CRYPTO_MBEDTLS */ diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index 2d0265a..7688add 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -895,6 +895,10 @@ return EVP_CIPHER_CTX_mode(ctx); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif bool cipher_ctx_mode_cbc(const cipher_ctx_t *ctx) @@ -999,6 +1003,9 @@ return cipher_ctx_final(ctx, dst, dst_len); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif /* * @@ -1214,12 +1221,21 @@ HMAC_CTX_reset(ctx); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + int hmac_ctx_size(HMAC_CTX *ctx) { return HMAC_size(ctx); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void hmac_ctx_reset(HMAC_CTX *ctx) { @@ -1398,6 +1414,11 @@ CRYPTO_tls1_prf(EVP_md5_sha1(), out1, olen, sec, slen, label, label_len, NULL, 0, NULL, 0); } #elif !defined(LIBRESSL_VERSION_NUMBER) && !defined(ENABLE_CRYPTO_WOLFSSL) +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + bool ssl_tls1_PRF(const uint8_t *seed, size_t seed_len, const uint8_t *secret, size_t secret_len, uint8_t *output, size_t output_len) @@ -1443,6 +1464,11 @@ EVP_PKEY_CTX_free(pctx); return ret; } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #else /* if defined(LIBRESSL_VERSION_NUMBER) */ /* LibreSSL and wolfSSL do not expose a TLS 1.0/1.1 PRF via the same APIs as * OpenSSL does. As result they will only be able to support diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c index d91d9a1..bba6ed2 100644 --- a/src/openvpn/cryptoapi.c +++ b/src/openvpn/cryptoapi.c @@ -62,7 +62,7 @@ return 0; } -#else /* HAVE_XKEY_PROVIDER */ +#else /* HAVE_XKEY_PROVIDER */ static XKEY_EXTERNAL_SIGN_fn xkey_cng_sign; @@ -342,6 +342,11 @@ return rv; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /** Sign hash in tbs using EC key in cd and NCryptSignHash */ static int xkey_cng_ec_sign(CAPI_DATA *cd, unsigned char *sig, size_t *siglen, const unsigned char *tbs, @@ -438,6 +443,10 @@ return (*siglen > 0); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /** Dispatch sign op to xkey_cng__sign */ static int xkey_cng_sign(void *handle, unsigned char *sig, size_t *siglen, const unsigned char *tbs, diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c index 881459c..2cf90af 100644 --- a/src/openvpn/dco.c +++ b/src/openvpn/dco.c @@ -491,6 +491,11 @@ return true; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + int dco_p2p_add_new_peer(struct context *c) { @@ -645,6 +650,10 @@ return 0; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void dco_install_iroute(struct multi_context *m, struct multi_instance *mi, struct mroute_addr *addr) { diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c index d5ca277..b9f6bc7 100644 --- a/src/openvpn/dco_freebsd.c +++ b/src/openvpn/dco_freebsd.c @@ -72,6 +72,11 @@ return (nvl); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static bool nvlist_to_sockaddr(const nvlist_t *nvl, struct sockaddr_storage *ss) { @@ -854,6 +859,10 @@ return 0; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + int dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err) { diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c index d8357ca..395a38f 100644 --- a/src/openvpn/dco_linux.c +++ b/src/openvpn/dco_linux.c @@ -62,6 +62,11 @@ typedef int (*ovpn_nl_cb)(struct nl_msg *msg, void *arg); +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /** * @brief resolves the netlink ID for ovpn-dco * @@ -1298,4 +1303,8 @@ return "AES-128-GCM:AES-256-GCM:AES-192-GCM:CHACHA20-POLY1305"; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #endif /* defined(ENABLE_DCO) && defined(TARGET_LINUX) */ diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c index 2d08ed8..9e52859 100644 --- a/src/openvpn/dco_win.c +++ b/src/openvpn/dco_win.c @@ -525,6 +525,11 @@ return 0; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + int dco_new_key(dco_context_t *dco, unsigned int peerid, int keyid, dco_key_slot_t slot, const uint8_t *encrypt_key, const uint8_t *encrypt_iv, const uint8_t *decrypt_key, @@ -564,6 +569,11 @@ } return 0; } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + int dco_del_key(dco_context_t *dco, unsigned int peerid, dco_key_slot_t slot) { diff --git a/src/openvpn/dhcp.c b/src/openvpn/dhcp.c index 7abade5..38e8d40 100644 --- a/src/openvpn/dhcp.c +++ b/src/openvpn/dhcp.c @@ -72,6 +72,11 @@ return -1; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static in_addr_t do_extract(struct dhcp *dhcp, int optlen) { @@ -185,3 +190,7 @@ } return 0; } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif diff --git a/src/openvpn/event.c b/src/openvpn/event.c index 581bdbb..2f60b78 100644 --- a/src/openvpn/event.c +++ b/src/openvpn/event.c @@ -65,6 +65,11 @@ #define SELECT_MAX_FDS 256 #endif +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static inline int tv_to_ms_timeout(const struct timeval *tv) { @@ -78,6 +83,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #ifdef _WIN32 struct we_set diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 12dd6a7..f342958 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -367,6 +367,11 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + bool send_control_channel_string_dowork(struct tls_session *session, const char *str, msglvl_t msglevel) @@ -1966,6 +1971,10 @@ perf_pop(); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void pre_select(struct context *c) { diff --git a/src/openvpn/gremlin.c b/src/openvpn/gremlin.c index e6ebbef..0e5e93f 100644 --- a/src/openvpn/gremlin.c +++ b/src/openvpn/gremlin.c @@ -98,6 +98,11 @@ return (get_random() % n) == 0; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /* * Return uniformly distributed random number between * low and high. @@ -229,4 +234,9 @@ } } } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #endif /* ifdef ENABLE_DEBUG */ diff --git a/src/openvpn/httpdigest.c b/src/openvpn/httpdigest.c index be20638..f665b17 100644 --- a/src/openvpn/httpdigest.c +++ b/src/openvpn/httpdigest.c @@ -61,6 +61,11 @@ Hex[HASHHEXLEN] = '\0'; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /* calculate H(A1) as per spec */ void DigestCalcHA1(IN char *pszAlg, IN char *pszUserName, IN char *pszRealm, IN char *pszPassword, @@ -145,4 +150,8 @@ CvtHex(RespHash, Response); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #endif /* if PROXY_DIGEST_AUTH */ diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 0d7a2ec..f8a0fee 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -455,6 +455,11 @@ } #endif /* ENABLE_MANAGEMENT */ +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /* * Initialize and possibly randomize the connection list. * @@ -3490,6 +3495,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /* * No encryption or authentication. */ diff --git a/src/openvpn/interval.c b/src/openvpn/interval.c index 2b35314..fbefcd9 100644 --- a/src/openvpn/interval.c +++ b/src/openvpn/interval.c @@ -38,6 +38,11 @@ top->horizon = horizon; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + bool event_timeout_trigger(struct event_timeout *et, struct timeval *tv, const int et_const_retry) { @@ -77,3 +82,7 @@ } return ret; } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif diff --git a/src/openvpn/lzo.c b/src/openvpn/lzo.c index 3a73d5f..8daaec0 100644 --- a/src/openvpn/lzo.c +++ b/src/openvpn/lzo.c @@ -72,6 +72,11 @@ *header = NO_COMPRESS_BYTE; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static void lzo_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx, const struct frame *frame) @@ -121,6 +126,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + const struct compress_alg lzo_alg = { "lzo", lzo_compress_init, lzo_compress_uninit, lzo_compress, lzo_decompress }; #endif /* ENABLE_LZO */ diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c index c675e95..5a41a0f 100644 --- a/src/openvpn/manage.c +++ b/src/openvpn/manage.c @@ -206,6 +206,11 @@ return man->settings.up.defined && !man->connection.password_verified; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static void man_check_password(struct management *man, const char *line) { @@ -236,6 +241,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static void man_update_io_state(struct management *man) { @@ -2305,6 +2314,11 @@ #endif /* ifdef TARGET_ANDROID */ +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static int man_read(struct management *man) { @@ -2442,6 +2456,10 @@ return sent; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static void man_connection_clear(struct man_connection *mc) { diff --git a/src/openvpn/mbuf.c b/src/openvpn/mbuf.c index 0750fec..448124c 100644 --- a/src/openvpn/mbuf.c +++ b/src/openvpn/mbuf.c @@ -34,6 +34,11 @@ #include "memdbg.h" +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + struct mbuf_set * mbuf_init(unsigned int size) { @@ -44,6 +49,10 @@ return ret; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void mbuf_free(struct mbuf_set *ms) { diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index d3d316d..caf4725 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -72,6 +72,11 @@ #endif } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + #ifdef ENABLE_MANAGEMENT /* Get username/password from the management interface */ static bool @@ -184,6 +189,10 @@ #endif /* ifdef ENABLE_MANAGEMENT */ +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /* * Get and store a username/password */ diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c index ab01874..88ea647 100644 --- a/src/openvpn/mroute.c +++ b/src/openvpn/mroute.c @@ -103,6 +103,11 @@ return true; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static inline void mroute_get_in_addr_t(struct mroute_addr *ma, const in_addr_t src, unsigned int mask) { @@ -547,6 +552,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void mroute_helper_free(struct mroute_helper *mh) { diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c index 32cd3f8..e7111a8 100644 --- a/src/openvpn/mss.c +++ b/src/openvpn/mss.c @@ -130,6 +130,11 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /* * change TCP MSS option in SYN/SYN-ACK packets, if present * this is generic for IPv4 and IPv6, as the TCP header is the same @@ -199,6 +204,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static inline size_t adjust_payload_max_cbc(const struct key_type *kt, size_t target) { diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c index 81310a2..83edec6 100644 --- a/src/openvpn/mtcp.c +++ b/src/openvpn/mtcp.c @@ -45,6 +45,11 @@ unsigned int sock; }; +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + struct multi_instance * multi_create_instance_tcp(struct multi_context *m, struct link_socket *sock) { @@ -120,6 +125,10 @@ return true; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void multi_tcp_instance_specific_free(struct multi_instance *mi) { diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c index 9c1a772..66f81a6 100644 --- a/src/openvpn/mtu.c +++ b/src/openvpn/mtu.c @@ -280,6 +280,11 @@ struct timeval tv; }; +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + const char * format_extended_socket_error(int fd, int *mtu, struct gc_arena *gc) { @@ -389,6 +394,10 @@ return BSTR(&out); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void set_sock_extended_error_passing(int sd, sa_family_t proto_af) { diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c index 31134be..a373a6a 100644 --- a/src/openvpn/mudp.c +++ b/src/openvpn/mudp.c @@ -180,6 +180,11 @@ return false; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /* * Get a client instance based on real address. If * the instance doesn't exist, create it while @@ -310,6 +315,10 @@ return mi; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /* * Send a packet to UDP socket. */ diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 9256127..777c62e 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -256,6 +256,11 @@ #endif +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + #ifdef ENABLE_ASYNC_PUSH static uint32_t /* @@ -3982,6 +3987,10 @@ return count; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static void management_delete_event(void *arg, event_t event) { diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c index 00d6106..1815faf 100644 --- a/src/openvpn/networking_sitnl.c +++ b/src/openvpn/networking_sitnl.c @@ -131,6 +131,11 @@ inet_address_t gw; }; +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /** * Helper function used to easily add attributes to a rtnl message */ @@ -1469,6 +1474,10 @@ return sitnl_send(&req.n, 0, 0, NULL, NULL); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #endif /* !ENABLE_SITNL */ #endif /* TARGET_LINUX */ diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c index c2a93e8..521677b 100644 --- a/src/openvpn/ntlm.c +++ b/src/openvpn/ntlm.c @@ -74,6 +74,11 @@ hmac_ctx_free(hmac_ctx); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static void gen_timestamp(uint8_t *timestamp) { @@ -383,4 +388,8 @@ return ((const char *)make_base64_string2((unsigned char *)phase3, phase3_bufpos, gc)); } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif #endif /* if NTLM */ diff --git a/src/openvpn/occ.c b/src/openvpn/occ.c index 8821a06..78013ae 100644 --- a/src/openvpn/occ.c +++ b/src/openvpn/occ.c @@ -174,6 +174,11 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + void check_send_occ_load_test_dowork(struct context *c) { @@ -347,6 +352,10 @@ c->c2.occ_op = -1; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void process_received_occ_msg(struct context *c) { diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h index 6fd7390..e3e7cf8 100644 --- a/src/openvpn/openssl_compat.h +++ b/src/openvpn/openssl_compat.h @@ -194,12 +194,21 @@ LIBRESSL_VERSION_NUMBER > 0x3050400fL) */ #if OPENSSL_VERSION_NUMBER < 0x30200000L && OPENSSL_VERSION_NUMBER >= 0x30000000L +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static inline const char * SSL_get0_group_name(SSL *s) { int nid = SSL_get_negotiated_group(s); return SSL_group_to_name(s, nid); } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif #endif #endif /* OPENSSL_COMPAT_H_ */ diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 151a016..f801743 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -1158,6 +1158,11 @@ return get_ipv6_addr(ipv6_prefix_spec, &t_addr, &t_bits, M_WARN); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static char * string_substitute(const char *src, int from, int to, struct gc_arena *gc) { @@ -9900,6 +9905,10 @@ gc_free(&gc); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + bool has_udp_in_local_list(const struct options *options) { diff --git a/src/openvpn/options_util.c b/src/openvpn/options_util.c index fdc0c55..8a1c083 100644 --- a/src/openvpn/options_util.c +++ b/src/openvpn/options_util.c @@ -162,6 +162,11 @@ return (int)i; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + bool atoi_constrained(const char *str, int *value, const char *name, int min, int max, msglvl_t msglevel) { @@ -193,6 +198,10 @@ return true; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static const char *updatable_options[] = { "block-ipv6", "block-outside-dns", "dhcp-option", "dns", "ifconfig", "ifconfig-ipv6", diff --git a/src/openvpn/otime.c b/src/openvpn/otime.c index 717f749..d9bf157 100644 --- a/src/openvpn/otime.c +++ b/src/openvpn/otime.c @@ -100,6 +100,11 @@ /* format a time_t as ascii, or use current time if 0 */ +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + const char * time_string(time_t t, long usec, bool show_usec, struct gc_arena *gc) { @@ -130,6 +135,10 @@ return BSTR(&out); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /* * Limit the frequency of an event stream. * diff --git a/src/openvpn/otime.h b/src/openvpn/otime.h index 5c700bb..108d0f2 100644 --- a/src/openvpn/otime.h +++ b/src/openvpn/otime.h @@ -59,6 +59,11 @@ extern time_t now_usec; void update_now_usec(struct timeval *tv); +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static inline int openvpn_gettimeofday(struct timeval *tv, void *tz) { @@ -236,6 +241,10 @@ dest->tv_usec = usec; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #define TV_WITHIN_SIGMA_MAX_SEC 600 #define TV_WITHIN_SIGMA_MAX_USEC (TV_WITHIN_SIGMA_MAX_SEC * 1000000) diff --git a/src/openvpn/packet_id.c b/src/openvpn/packet_id.c index ca318eb..880eee1 100644 --- a/src/openvpn/packet_id.c +++ b/src/openvpn/packet_id.c @@ -71,6 +71,11 @@ #endif } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static void packet_id_init_recv(struct packet_id_rec *rec, int seq_backtrack, int time_backtrack, const char *name, int unit) @@ -663,6 +668,10 @@ return epoch; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + bool packet_id_write_epoch(struct packet_id_send *p, uint16_t epoch, struct buffer *buf) { diff --git a/src/openvpn/packet_id.h b/src/openvpn/packet_id.h index a7eb256..e9d3647 100644 --- a/src/openvpn/packet_id.h +++ b/src/openvpn/packet_id.h @@ -280,6 +280,11 @@ return p->fd >= 0; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /* transfer packet_id -> packet_id_persist */ static inline void packet_id_persist_save_obj(struct packet_id_persist *p, const struct packet_id *pid) @@ -291,6 +296,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /** * Reset the current send packet id to its initial state. * Use very carefully (e.g. in the standalone reset packet context) to diff --git a/src/openvpn/pkcs11.c b/src/openvpn/pkcs11.c index 8a7a320..16149ca 100644 --- a/src/openvpn/pkcs11.c +++ b/src/openvpn/pkcs11.c @@ -53,6 +53,11 @@ } #endif +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static void __mysleep(const unsigned long usec) { @@ -558,6 +563,10 @@ return success; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + int tls_ctx_use_pkcs11(struct tls_root_ctx *const ssl_ctx, bool pkcs11_id_management, const char *const pkcs11_id) diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11_openssl.c index 23c01ab..f619b95 100644 --- a/src/openvpn/pkcs11_openssl.c +++ b/src/openvpn/pkcs11_openssl.c @@ -428,6 +428,11 @@ return dn; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + int pkcs11_certificate_serial(pkcs11h_certificate_t certificate, char *serial, size_t serial_len) { @@ -468,4 +473,9 @@ return ret; } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #endif /* defined(ENABLE_PKCS11) && defined(ENABLE_OPENSSL) */ diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c index 9d8fe75..02554ba 100644 --- a/src/openvpn/proxy.c +++ b/src/openvpn/proxy.c @@ -54,6 +54,11 @@ } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /* cached proxy username/password */ static struct user_pass static_proxy_user_pass; @@ -1063,3 +1068,7 @@ gc_free(&gc); return ret; } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif diff --git a/src/openvpn/ps.c b/src/openvpn/ps.c index a10df2e..1d14367 100644 --- a/src/openvpn/ps.c +++ b/src/openvpn/ps.c @@ -475,6 +475,11 @@ return true; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /* * This function runs in the context of the background proxy process. * Receive a control message from the parent (sent by the port_share_sendmsg @@ -792,6 +797,10 @@ msg(M_INFO, "PORT SHARE PROXY: proxy exiting"); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /* * Called from the main OpenVPN process to enable the port * share proxy. diff --git a/src/openvpn/push.c b/src/openvpn/push.c index 60ca25f..e7fc50c 100644 --- a/src/openvpn/push.c +++ b/src/openvpn/push.c @@ -429,6 +429,10 @@ gc_free(&gc); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif bool send_auth_pending_messages(struct tls_multi *tls_multi, struct tls_session *session, @@ -1086,6 +1090,10 @@ return ret; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + int process_incoming_push_msg(struct context *c, const struct buffer *buffer, bool honor_received_options, unsigned int permission_mask, diff --git a/src/openvpn/push_util.c b/src/openvpn/push_util.c index f7a4fca..9138bdb 100644 --- a/src/openvpn/push_util.c +++ b/src/openvpn/push_util.c @@ -9,6 +9,11 @@ #include "multi.h" #endif +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + int process_incoming_push_update(struct context *c, unsigned int permission_mask, unsigned int *option_types_found, struct buffer *buf, @@ -306,3 +311,7 @@ RETURN_UPDATE_STATUS(n_sent); } #endif /* ifdef ENABLE_MANAGEMENT */ + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif diff --git a/src/openvpn/reliable.c b/src/openvpn/reliable.c index b4a747f..0c8b552 100644 --- a/src/openvpn/reliable.c +++ b/src/openvpn/reliable.c @@ -687,6 +687,11 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /* in how many seconds should we wake up to check for timeout */ /* if we return BIG_TIMEOUT, nothing to wait for */ interval_t @@ -719,6 +724,10 @@ return ret; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /* * Enable an incoming buffer previously returned by a get function as active. */ diff --git a/src/openvpn/route.c b/src/openvpn/route.c index aa5ce69..156a99e 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -1760,6 +1760,10 @@ return (status != RTA_ERROR); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif void route_ipv6_clear_host_bits(struct route_ipv6 *r6) @@ -2364,6 +2368,10 @@ net_ctx_reset(ctx); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /* * The --redirect-gateway option requires OS-specific code below * to get the current default gateway. @@ -3360,6 +3368,11 @@ #define max(a, b) ((a) > (b) ? (a) : (b)) +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + void get_default_gateway(struct route_gateway_info *rgi, in_addr_t dest, openvpn_net_ctx_t *ctx) { @@ -3733,6 +3746,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #undef max #elif defined(TARGET_HAIKU) diff --git a/src/openvpn/schedule.c b/src/openvpn/schedule.c index c9fef24..1389889 100644 --- a/src/openvpn/schedule.c +++ b/src/openvpn/schedule.c @@ -65,6 +65,11 @@ } #endif +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static inline void schedule_set_pri(struct schedule_entry *e) { @@ -75,6 +80,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /* This is the master key comparison routine. A key is * simply a struct timeval containing the absolute time for * an event. The unique treap priority (pri) is used to ensure diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index afedf5d..5fcf820 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -72,6 +72,11 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /* * Functions related to the translation of DNS names to IP addresses. */ @@ -2449,6 +2454,10 @@ #endif } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #if ENABLE_IP_PKTINFO ssize_t diff --git a/src/openvpn/socks.c b/src/openvpn/socks.c index 1102421..85bbde5 100644 --- a/src/openvpn/socks.c +++ b/src/openvpn/socks.c @@ -80,6 +80,11 @@ free(sp); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static bool socks_proxy_recv_char(char *c, const char *name, socket_descriptor_t sd, struct event_timeout *server_poll_timeout, @@ -438,6 +443,10 @@ return; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void establish_socks_proxy_udpassoc(struct socks_proxy_info *p, socket_descriptor_t ctrl_sd, /* already open to proxy */ diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index ba6919b..34036f2 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -180,6 +180,11 @@ frame->tun_mtu = max_int(frame->tun_mtu, TLS_CHANNEL_MTU_MIN); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /** * calculate the maximum overhead that control channel frames have * This includes header, op code and everything apart from the @@ -222,6 +227,10 @@ return overhead; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void init_ssl_lib(void) { @@ -1120,6 +1129,11 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /* * Return true if "lame duck" or retiring key has expired and can * no longer be used. @@ -3979,6 +3993,10 @@ ASSERT(buf_write_prepend(buf, &op, 1)); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void tls_prepend_opcode_v2(const struct tls_multi *multi, struct buffer *buf) { diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index b2d511e..80eb51b 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -585,6 +585,11 @@ return 0; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /** * external_pkcs1_sign implements a mbed TLS rsa_sign_func callback, that uses * the management interface to request an RSA signature for the supplied hash. @@ -1004,6 +1009,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + int tls_version_max(void) { diff --git a/src/openvpn/ssl_ncp.c b/src/openvpn/ssl_ncp.c index 958acea..790e50f 100644 --- a/src/openvpn/ssl_ncp.c +++ b/src/openvpn/ssl_ncp.c @@ -534,6 +534,11 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /** * Replaces the string DEFAULT with the string \c replace. * @@ -566,6 +571,10 @@ o->ncp_ciphers = (char *)ncp_ciphers; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /** * Checks for availibility of Chacha20-Poly1305 and sets * the ncp_cipher to either AES-256-GCM:AES-128-GCM or diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 8c8b1e21..eb7f2ea 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -272,6 +272,11 @@ return 0; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static bool tls_ctx_set_tls_versions(struct tls_root_ctx *ctx, unsigned int ssl_flags) { @@ -424,6 +429,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers) { diff --git a/src/openvpn/ssl_pkt.c b/src/openvpn/ssl_pkt.c index 6ec05a7..825719c 100644 --- a/src/openvpn/ssl_pkt.c +++ b/src/openvpn/ssl_pkt.c @@ -160,6 +160,11 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + void write_control_auth(struct tls_session *session, struct key_state *ks, struct buffer *buf, struct link_socket_actual **to_link_addr, int opcode, int max_ack, @@ -495,6 +500,10 @@ return result.sid; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + bool check_session_hmac_and_pkt_id(struct tls_pre_decrypt_state *state, const struct openvpn_sockaddr *from, diff --git a/src/openvpn/ssl_util.c b/src/openvpn/ssl_util.c index 918a1f1..50e8c03 100644 --- a/src/openvpn/ssl_util.c +++ b/src/openvpn/ssl_util.c @@ -290,6 +290,11 @@ return NULL; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + int get_num_elements(const char *string, char delimiter) { @@ -309,3 +314,7 @@ return element_count; } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c index 7658f2d..04ef27e 100644 --- a/src/openvpn/ssl_verify.c +++ b/src/openvpn/ssl_verify.c @@ -874,6 +874,11 @@ return supported; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /** * Checks if the deferred state should also send auth pending * request to the client. Also removes the auth_pending control file @@ -945,6 +950,9 @@ return ret; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif /** * Removes auth_pending and auth_control files from file system diff --git a/src/openvpn/ssl_verify_mbedtls.c b/src/openvpn/ssl_verify_mbedtls.c index c92eaf1..472eb49 100644 --- a/src/openvpn/ssl_verify_mbedtls.c +++ b/src/openvpn/ssl_verify_mbedtls.c @@ -250,6 +250,11 @@ return FAILURE; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static struct buffer x509_get_fingerprint(const mbedtls_md_info_t *md_info, mbedtls_x509_crt *cert, struct gc_arena *gc) { @@ -260,6 +265,10 @@ return fingerprint; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + struct buffer x509_get_sha1_fingerprint(mbedtls_x509_crt *cert, struct gc_arena *gc) { diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c index f1b8902..40d117b 100644 --- a/src/openvpn/ssl_verify_openssl.c +++ b/src/openvpn/ssl_verify_openssl.c @@ -667,6 +667,11 @@ return FAILURE; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + result_t x509_verify_cert_ku(X509 *x509, const unsigned *const expected_ku, int expected_len) { @@ -726,6 +731,10 @@ return fFound; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + result_t x509_verify_cert_eku(X509 *x509, const char *const expected_oid) { diff --git a/src/openvpn/status.c b/src/openvpn/status.c index cea31f5..1e1e3fb 100644 --- a/src/openvpn/status.c +++ b/src/openvpn/status.c @@ -207,6 +207,11 @@ return ret; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + #define STATUS_PRINTF_MAXLEN 512 void @@ -303,3 +308,7 @@ return ret; } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c index 737b556..51b4eb3 100644 --- a/src/openvpn/tls_crypt.c +++ b/src/openvpn/tls_crypt.c @@ -205,6 +205,11 @@ return false; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + bool tls_crypt_unwrap(const struct buffer *src, struct buffer *dst, struct crypto_options *opt) { @@ -413,6 +418,10 @@ return buf_copy(wkc, &work); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static bool tls_crypt_v2_unwrap_client_key(struct key2 *client_key, struct buffer *metadata, struct buffer wrapped_client_key, struct key_ctx *server_key) diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index c213c4b..e35f889 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -1720,6 +1720,11 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static int write_tun_header(struct tuntap *tt, uint8_t *buf, int len) { @@ -1773,6 +1778,11 @@ return read(tt->fd, buf, len); } } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #endif /* if defined (TARGET_OPENBSD) || defined(TARGET_DARWIN) */ bool @@ -2244,6 +2254,11 @@ free(tt); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + int write_tun(struct tuntap *tt, uint8_t *buf, int len) { @@ -2256,6 +2271,10 @@ return read(tt->fd, buf, len); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #elif defined(TARGET_SOLARIS) #ifndef TUNNEWPPA @@ -2935,6 +2954,11 @@ argv_free(&argv); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + int write_tun(struct tuntap *tt, uint8_t *buf, int len) { @@ -2989,6 +3013,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #elif defined(TARGET_DRAGONFLY) static inline int @@ -3277,6 +3305,11 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + void close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) { @@ -3326,6 +3359,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #elif defined(TARGET_AIX) void @@ -5517,6 +5554,11 @@ return ret; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /* * Convert DHCP options from the command line / config file * into a raw DHCP-format options string. @@ -5656,6 +5698,10 @@ buf_write(buf, tmp_buf, len); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static bool build_dhcp_options_string(struct buffer *buf, const struct tuntap_options *o) { diff --git a/src/openvpn/vlan.c b/src/openvpn/vlan.c index a6a6e93..3da470a 100644 --- a/src/openvpn/vlan.c +++ b/src/openvpn/vlan.c @@ -43,6 +43,11 @@ return ntohs(hdr->pcp_cfi_vid & OPENVPN_8021Q_MASK_VID); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /* * Set the VLAN Identifier (VID) in an IEEE 802.1Q header. * @@ -56,6 +61,10 @@ (hdr->pcp_cfi_vid & ~OPENVPN_8021Q_MASK_VID) | (htons(vid) & OPENVPN_8021Q_MASK_VID); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /* * vlan_decapsulate - remove 802.1q header and return VID * diff --git a/src/openvpn/win32.c b/src/openvpn/win32.c index 15bcf37..eac2352 100644 --- a/src/openvpn/win32.c +++ b/src/openvpn/win32.c @@ -1418,6 +1418,11 @@ return (const char *)out.data; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + bool send_msg_iservice(HANDLE pipe, const void *data, size_t size, ack_message_t *ack, const char *context) @@ -1632,4 +1637,8 @@ return ret; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #endif /* ifdef _WIN32 */ diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c index 0983e59..ce0d4dd 100644 --- a/src/openvpnserv/interactive.c +++ b/src/openvpnserv/interactive.c @@ -1383,6 +1383,11 @@ return TRUE; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /** * Prepare DNS domain "SearchList" registry value, so additional * VPN domains can be added and its original state can be restored @@ -2614,6 +2619,10 @@ return err; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /** * Return the registry key where NRPT rules are stored * diff --git a/tests/unit_tests/openvpn/test_crypto.c b/tests/unit_tests/openvpn/test_crypto.c index 3f327c2..22e6912 100644 --- a/tests/unit_tests/openvpn/test_crypto.c +++ b/tests/unit_tests/openvpn/test_crypto.c @@ -674,6 +674,11 @@ struct crypto_options co; }; +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static int crypto_test_epoch_setup(void **state) { @@ -694,6 +699,10 @@ return 0; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static int crypto_test_epoch_teardown(void **state) { diff --git a/tests/unit_tests/openvpn/test_ssl.c b/tests/unit_tests/openvpn/test_ssl.c index bb02fcc..ed40a7d 100644 --- a/tests/unit_tests/openvpn/test_ssl.c +++ b/tests/unit_tests/openvpn/test_ssl.c @@ -133,6 +133,11 @@ const char *keyfile; } global_state; +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static int init(void **state) { @@ -154,6 +159,10 @@ return 0; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static int cleanup(void **state) {