From patchwork Thu Oct 30 14:52:26 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4545 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7001:2f13:b0:72f:f16c:e055 with SMTP id sa19csp971937mab; Thu, 30 Oct 2025 07:52:50 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXdfClCQlOH5kwIZxNDguKNS+kpZfBUfx5SdPIGHwYo780PQjnKzhxPCLNdrIqAIysR0lIG2dtIngE=@openvpn.net X-Google-Smtp-Source: AGHT+IG/pmfHwitBMgfM730hO0zP0eeIXyZhQOk4ProF/7zImwAGMI+XJwFzGTBCCB/deT/fVcjx X-Received: by 2002:a05:6e02:350d:b0:425:7526:7f56 with SMTP id e9e14a558f8ab-4330d125e1dmr42475ab.5.1761835969776; Thu, 30 Oct 2025 07:52:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1761835969; cv=none; d=google.com; s=arc-20240605; b=lb2yiEv04Facd98gqzvwn5PcqmcDf29tHoGf6RDmjiJoqTjcU7xnbTAnASESO7gjTK bx+zHkPV/j7RcbCzcot2ls5fl2VnuVIdpyNmY0xm17GfygnuFkffL78Fa+Tag8eoqxGI +M1sKb1MC2Hw+eFaULsVlJagXR37M4LgLCaOAWC97STFhEw5267v7k2TWHQlFc/IZGzs mpiVpF/xfPN9QNbQsSBcU4y0/ObsXfAoUM2Zg3McnwkaAVga9xt5kM1WbRlrH+h2f6rK 15abYudXzKojIXgaBj64BlwcHHBgpO0KozXSWrh/WeoY/+W7q9PAWV49CMUHewc0ZdxN nRiw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=0kFp4S/eP4xeFisxldg4O2AIhrUTEM2fmrBwI6jZYZI=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=XFONoj6XrN9RQiu2xdClVw6QsadRVXzfIIYPq4k7vqiLk6tO9/+jmQ6IygqoFs0N1p GMj6zldBtIZt22I06f/nwrpv451ctRss7SU+Yljdw2cGIIUwfoKZ+JUtn8dKq6u6MIJE EMdXH2KUjvhekkYtvGxN6GSwKOdAkYgihbBu17CH5Ta9StrI/1nco1Uee5gUf0ebJ8OB w0WJ75f00v8U6iR2lKhFxVCEX/NkHfRQqKrPIWsdNai3mMfI5Zp+n4TJa3HmfVJgUQEg Mn1jyDIE2FC6O16oFtER7ZmrPzyiNVO1746L3INGZXFHXwEN6Kw2l3CQ6hOHnufsy+pe Uojg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=U7WEMdCZ; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="T2kFG9/7"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=WbY0fTlH; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 8926c6da1cb9f-5aec8408860si11564356173.124.2025.10.30.07.52.49 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 30 Oct 2025 07:52:49 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=U7WEMdCZ; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="T2kFG9/7"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=WbY0fTlH; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=0kFp4S/eP4xeFisxldg4O2AIhrUTEM2fmrBwI6jZYZI=; b=U7WEMdCZhUDokW+jleVdLt4sxq y1yHwJyTCd3Hl5qAyi52pXSVKtRl3iRAlmU4/Wkuad2XVc1jAr3sBtWb+gbrrEUxMFtfYl6fyLHiK Jmi+WLnKZcKit2NT3qDVSHHCxzPW1zDSvIsec9WUTG4BgrAOlDgF9go0QKAB/6+NaHhQ=; Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vEU19-0004If-IB; Thu, 30 Oct 2025 14:52:47 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vEU17-0004IZ-P8 for openvpn-devel@lists.sourceforge.net; Thu, 30 Oct 2025 14:52:45 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=X8thnCqujHjywlBl7LaetkZJusqXxzTWGXSoyFOjPF4=; b=T2kFG9/7QRdMWv3bNFdLE7PhjQ RN6iILRiptEyCRFt/epGFNXmAC87E5Ul2839qZEeSd02t0hXCIkoIYDKBn9cgCiuFOktc/M0+qPO3 svBFucxioX3iaNbTHBUvc91Smqw+zeTqNNCkPuJ/JMuywxFyaok0iiKplbtezcZv+sO4=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=X8thnCqujHjywlBl7LaetkZJusqXxzTWGXSoyFOjPF4=; b=WbY0fTlHBDFnXSFlzzLi4TWnI2 93JKbMs7bJfqlF6rrzjAoTieIARHrqOj6dGwhoa8mSQ50lmpGhizS9vNjvlD8b3HwE91gcpCeMCPM D79IFdNgbikj4Tf7gL5i4b8A50JxyVu4yCQD7o0NDADVtPqhIllJKuzsgQEl54Yb/COI=; Received: from [193.149.48.134] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1vEU15-00046M-Qa for openvpn-devel@lists.sourceforge.net; Thu, 30 Oct 2025 14:52:45 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 59UEqWDY002815 for ; Thu, 30 Oct 2025 15:52:32 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 59UEqWZA002814 for openvpn-devel@lists.sourceforge.net; Thu, 30 Oct 2025 15:52:32 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Thu, 30 Oct 2025 15:52:26 +0100 Message-ID: <20251030145231.2792-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.49.1 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld For this we actually change the API of the format_hex{,_ex} functions by changing int to size_t for length parameters. While we call this function with int paramters in a lot of places (usually BLEN), [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1vEU15-00046M-Qa Subject: [Openvpn-devel] [PATCH v3] ssl: Clean up type handling in export_user_keying_material() X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1847418913889441227?= X-GMAIL-MSGID: =?utf-8?q?1847418913889441227?= From: Frank Lichtenheld For this we actually change the API of the format_hex{,_ex} functions by changing int to size_t for length parameters. While we call this function with int paramters in a lot of places (usually BLEN), this will not produce warnings under -Wno-sign-conversion. And we're sure those values are positive since format_hex already uses size_t internally. Change-Id: Id7bacec23edc6dcd94465c308ea2144c7329a0c1 Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1301 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1301 This mail reflects revision 3 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/buffer.c b/src/openvpn/buffer.c index 28de00f..293622f 100644 --- a/src/openvpn/buffer.c +++ b/src/openvpn/buffer.c @@ -480,18 +480,17 @@ */ char * -format_hex_ex(const uint8_t *data, int size, int maxoutput, unsigned int space_break_flags, +format_hex_ex(const uint8_t *data, size_t size, size_t maxoutput, unsigned int space_break_flags, const char *separator, struct gc_arena *gc) { const size_t bytes_per_hexblock = space_break_flags & FHE_SPACE_BREAK_MASK; const size_t separator_len = separator ? strlen(separator) : 0; - static_assert(INT_MAX <= SIZE_MAX, "Code assumes INT_MAX <= SIZE_MAX"); const size_t out_len = maxoutput > 0 ? maxoutput : ((size * 2) + ((size / bytes_per_hexblock) * separator_len) + 2); struct buffer out = alloc_buf_gc(out_len, gc); - for (int i = 0; i < size; ++i) + for (size_t i = 0; i < size; ++i) { if (separator && i && !(i % bytes_per_hexblock)) { diff --git a/src/openvpn/buffer.h b/src/openvpn/buffer.h index 148cee0..ab2a29d 100644 --- a/src/openvpn/buffer.h +++ b/src/openvpn/buffer.h @@ -496,11 +496,11 @@ */ #define FHE_SPACE_BREAK_MASK 0xFF /* space_break parameter in lower 8 bits */ #define FHE_CAPS 0x100 /* output hex in caps */ -char *format_hex_ex(const uint8_t *data, int size, int maxoutput, unsigned int space_break_flags, +char *format_hex_ex(const uint8_t *data, size_t size, size_t maxoutput, unsigned int space_break_flags, const char *separator, struct gc_arena *gc); static inline char * -format_hex(const uint8_t *data, int size, int maxoutput, struct gc_arena *gc) +format_hex(const uint8_t *data, size_t size, size_t maxoutput, struct gc_arena *gc) { return format_hex_ex(data, size, maxoutput, 4, " ", gc); } diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index be29367..987d450 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -1829,11 +1829,6 @@ return len; } -#if defined(__GNUC__) || defined(__clang__) -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wconversion" -#endif - static char * read_string_alloc(struct buffer *buf) { @@ -2174,15 +2169,15 @@ { if (session->opt->ekm_size > 0) { - unsigned int size = session->opt->ekm_size; + const size_t size = session->opt->ekm_size; struct gc_arena gc = gc_new(); - unsigned char *ekm = gc_malloc(session->opt->ekm_size, true, &gc); + unsigned char *ekm = gc_malloc(size, true, &gc); if (key_state_export_keying_material(session, session->opt->ekm_label, session->opt->ekm_label_size, ekm, session->opt->ekm_size)) { - unsigned int len = (size * 2) + 2; + const size_t len = (size * 2) + 2; const char *key = format_hex_ex(ekm, size, len, 0, NULL, &gc); setenv_str(session->opt->es, "exported_keying_material", key); @@ -2199,6 +2194,11 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /** * Handle reading key data, peer-info, username/password, OCC * from the TLS control channel (cleartext).