From patchwork Mon Nov 17 07:49:15 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4610 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:6d04:b0:7b1:439f:bdf with SMTP id e4csp3062270may; Sun, 16 Nov 2025 23:49:42 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCXpATU/ptq36uop1tZ4mHnGE5PK2Cx2jWcvDO5+Ho31hzuZz3B/9fisXS0OMBnWTbgw0w8It8YdQW0=@openvpn.net X-Google-Smtp-Source: AGHT+IGzeYRhNhgKc8jbVEmydTB1GPJeDqx/fMLRn4oPpNGx/Bu1CskjNG6B5D8wpMADPOcYqcLz X-Received: by 2002:a05:6808:15a9:b0:450:b3a:53a1 with SMTP id 5614622812f47-45097383e81mr6236649b6e.15.1763365782032; Sun, 16 Nov 2025 23:49:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1763365782; cv=none; d=google.com; s=arc-20240605; b=C/LYDXYw+aqwaQ9dcHIzrVGGjHh0eZshvgDX1drziu5CC1E6Sug0tk4qyiAAn6njn+ wuUJyk4HKxKCRu3pwhhSrVLY/Uni3vKLKnY0rDJTCMQrnMMLllalL9A1VpYLDYawd3uP xClrdMSksyCKXXLVAs43O1Ai19zo9vBX8pz42pGXq7XwakKUIxXcPn4yZ4Ncf55SAnj5 qQr2tciItmAJRzglLvWrilEd0VtOrDk59heML1pPZuVrreMXS2Rqafc3cAuSr0UalVgC ntWaVOYChQfzCjufFX7CnxH5LRbYpe85iXbVZpHaKrAp5hu2XHfkdSdLDfxX2SwlYhFW gt+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=6xBTc9ThrXqF+gW1Xdg4hY907DHu0KeFu1FA/BgXQKc=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=Cnk9FH+zTDYRw1l8kS5ywKKLZieje4+58+P/CFOMs40dm9/YMNUlcEH9zCaRF++rfV WrCSvj15P67PLht6VDHUwmWTzVmSj7P+PwAoWnFYcvxzHya4zWqFoymAdQ7E7envvUZe WJcS8qpWHjGW9LL9er6MaVAzRp7AFLtQdHM1UNEdtmAcHKRfwDJfJKgxKSYW9RGaCPTh ITqZKLz2PCrtc4aqffRBNMafcvrke3FmbyMOsb/tPSk0LvSXRRvdfjLzNmqoHdo2/pRL jUdQphWROpGa8LeSvBuGyrknwN9jooZJxvirl/B/kVjsQqTYhywqRFPXsQfFUYKrpjok NRXw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=Gwae8w3B; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=eQYRTxDZ; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=EJRDDILd; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 5614622812f47-450c883d912si494999b6e.362.2025.11.16.23.49.41 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 16 Nov 2025 23:49:41 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=Gwae8w3B; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=eQYRTxDZ; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=EJRDDILd; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=6xBTc9ThrXqF+gW1Xdg4hY907DHu0KeFu1FA/BgXQKc=; b=Gwae8w3BGKHnJUTTQ+xZ4DMvUP CaKyeMKXzWxkacI7XUjEmvNnf0+C3Yz23mdLMS/7G9SyIjqytywMT2Nnd1HjewRwsyohgzx1sKIJ/ JRdLXf/Q2oW8kapQYkET6qPK0cozM+Y4UVxZeDGfzT4qZ7d8euqdqg6Ai9Ssx7Y+hJ6w=; Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vKtzU-0007DA-79; Mon, 17 Nov 2025 07:49:37 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vKtzS-0007Ct-9g for openvpn-devel@lists.sourceforge.net; Mon, 17 Nov 2025 07:49:35 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=xlMfMCeRa3H1nhUCJ0cZ5acpHWK2Bb0/8xe+TYKWxCw=; b=eQYRTxDZAhioNbRPjKOUCUob4d JQz0mZF62l/CywBjbqOLJ1pENGWDiTifl6XGiWKhNuAt9YiccNucMJHfH+MAi95QvPeBBn9ZeIX8Q m5lRkyfcEFeCqVjN2cKCsci353R3n93AE+/BHfOov9Y73l7bptMebs9tAzrH+IKn14KY=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=xlMfMCeRa3H1nhUCJ0cZ5acpHWK2Bb0/8xe+TYKWxCw=; b=EJRDDILdrdnO7wp/ZFx3QwIPKj 5eKIG/rbGAEkCB7pe0DrBftR9+f3MmRPzv+XGRkz+/NMLjwS2Pb1Oe+pn9bu34j1nlQbLueZWQlVb ENCMjAcaR8SkOkiUKlpBhVwGA+yeFWUxs2idonLWA6S0gZTpdG0bm8QFc99Gnum2/Ea4=; Received: from [193.149.48.134] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1vKtzS-00006g-8X for openvpn-devel@lists.sourceforge.net; Mon, 17 Nov 2025 07:49:35 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 5AH7nMU6026548 for ; Mon, 17 Nov 2025 08:49:22 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 5AH7nMW6026547 for openvpn-devel@lists.sourceforge.net; Mon, 17 Nov 2025 08:49:22 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Mon, 17 Nov 2025 08:49:15 +0100 Message-ID: <20251117074921.26531-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.49.1 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld I considered changing opcode to be uint8_t directly, but most code treats it as int now, so that would be a much bigger change. Similar for key_id. Change-Id: I2a1786b2bf15852222c28e1b73ab7edbb5f19d7f Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering Gerrit URL: https://gerrit.openvpn.net/c/open [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1vKtzS-00006g-8X Subject: [Openvpn-devel] [PATCH v2] ssl_pkt: Avoid conversion warnings X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1849023037929057915?= X-GMAIL-MSGID: =?utf-8?q?1849023037929057915?= From: Frank Lichtenheld I considered changing opcode to be uint8_t directly, but most code treats it as int now, so that would be a much bigger change. Similar for key_id. Change-Id: I2a1786b2bf15852222c28e1b73ab7edbb5f19d7f Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1360 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1360 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/ssl_pkt.c b/src/openvpn/ssl_pkt.c index d7f7ac3..f216e88 100644 --- a/src/openvpn/ssl_pkt.c +++ b/src/openvpn/ssl_pkt.c @@ -160,17 +160,14 @@ } } -#if defined(__GNUC__) || defined(__clang__) -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wconversion" -#endif - void write_control_auth(struct tls_session *session, struct key_state *ks, struct buffer *buf, struct link_socket_actual **to_link_addr, int opcode, int max_ack, bool prepend_ack) { - uint8_t header = ks->key_id | (opcode << P_OPCODE_SHIFT); + ASSERT(ks->key_id >= 0 && ks->key_id <= P_KEY_ID_MASK); + ASSERT(opcode >= 0 && opcode <= P_LAST_OPCODE); + uint8_t header = (uint8_t)(ks->key_id | (opcode << P_OPCODE_SHIFT)); /* Workaround for Softether servers. Softether has a bug that it only * allows 4 ACks in packets and drops packets if more ACKs are contained @@ -474,7 +471,7 @@ /* Get the valid time quantisation for our hmac, * we divide time by handwindow/2 and allow the previous * and future session time if specified by offset */ - uint32_t session_id_time = ntohl(now / ((handwindow + 1) / 2) + offset); + uint32_t session_id_time = ntohl((uint32_t)(now / ((handwindow + 1) / 2) + offset)); hmac_ctx_reset(hmac); /* We do not care about endian here since it does not need to be @@ -501,10 +498,6 @@ return result.sid; } -#if defined(__GNUC__) || defined(__clang__) -#pragma GCC diagnostic pop -#endif - bool check_session_hmac_and_pkt_id(struct tls_pre_decrypt_state *state, const struct openvpn_sockaddr *from,