From patchwork Wed May 10 11:22:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Frank Lichtenheld X-Patchwork-Id: 3209 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:7b9a:b0:c3:1364:a2a2 with SMTP id j26csp3536001dyk; Wed, 10 May 2023 04:23:50 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7DNEkF6dhRMwTvN34zELnfebKpjYkoUTCFYT+IvJoJmVwT+pgIkkPJ1vusvX3iXC/xfMgO X-Received: by 2002:a5d:88cf:0:b0:753:ca30:6bb0 with SMTP id i15-20020a5d88cf000000b00753ca306bb0mr12711960iol.4.1683717829994; Wed, 10 May 2023 04:23:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1683717829; cv=none; d=google.com; s=arc-20160816; b=aPbIzDJFDz2tp11171U9+gihhHSejHH9GwIVWamyO5uOfqgKkhfHTyljSP+G+LIyKK oHHmKAWD8QlDcPBygjdHukfmWmEG0rcrGR27PcsgWPe94qhGbbm3fF3gReJDse2DTjmA rRCAZs54WBWeXD6w15xzkFgTq1dM7lv6hxjL4zlQarTR/AesJhD569sI2L2tdoTtTspK SEQUhuJT0b0v0wpwXoWy6luPzlbv/exOHqVzm3BmPswymvVlL5fL83CbrOw59p0j9ltx WAOn+3x8GV/4D2sjMmv+1KW9wH2mkeD0UFjOLpSn3zgdzecNS+ZE91+yUHHmVQTLMHFm fuSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=q6HHKLWmuQc8SjzOLzmGVyO3QMIixTMJaT0RMyGrEK4=; b=XHwF/vFF7yd5iZu5eiNXQsoI/q+tXeySu4Hc+V1UiFQiMZrD5GXCwggGfnqhM84aWj Bodo0uzPUV2SMlHAChhPkT29jF2H3ctKdpF6gIkbq575hNAJ6jH4noVySsZOqwlFdt8j /1qwPZn5KaCVjuYcLYwXfh3sSjJTSF03LEgKQuU09D6BPMDT7MalY02ed9TB38S5lHp4 PBJaMG5F2ci9XgkjmlRzdilR6zNT3wbOs/QYnNRdto0Is2rudc/x90GVvbYWXbmXzo8T +jygOJG3HItCl04rOp9HYupTdl6QKXzq/va+lJdWEp67tI6cDh7OpN3FCjGMAreJc4ki x/Ug== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="abr/mUgf"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=FWFbDKZn; dkim=neutral (body hash did not verify) header.i=@lichtenheld.com header.s=MBO0001 header.b=j3kIPPPU; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id w20-20020a6bf014000000b007077257299csi6235227ioc.12.2023.05.10.04.23.49 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 10 May 2023 04:23:49 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="abr/mUgf"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=FWFbDKZn; dkim=neutral (body hash did not verify) header.i=@lichtenheld.com header.s=MBO0001 header.b=j3kIPPPU; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pwhuJ-0000IN-Qx; Wed, 10 May 2023 11:22:56 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pwhuH-0000Hy-HU for openvpn-devel@lists.sourceforge.net; Wed, 10 May 2023 11:22:54 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=u5JWQRtQ3qAqICkwbtDMdxPbRplm/DsX8d7DoZQKcfw=; b=abr/mUgfy3RMd+LDGXQ+XmyEj4 XlboHNS4zflqYmUudtVYgMvdSRRNUORQclItTiax15dYsmOAq1rG2Ft5DkSu02qlKPaKbJeyvokA6 N0t8e1aAA1jHIylE7ZNxHlrMt/Py4W5zklsHPsRAocKKs6qsvgJpVFJ0vaxoTcciGxNM=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=u5JWQRtQ3qAqICkwbtDMdxPbRplm/DsX8d7DoZQKcfw=; b=FWFbDKZnS/3EEjUxA2OmvFZKS9 gJXLn+Ke7FkOTIgWCYkSpU+NPt/O5kaVg2VC1p/auJdlpQom83OO0ZW0+bLLcmEhciArJwWu0NR+v r1l4V6yW3hx2CNEJV4zl7gLlIQTZphgHuJiTyc982Tc1wT638BkpF6zujkLBjFV9eSvE=; Received: from mout-p-102.mailbox.org ([80.241.56.152]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1pwhuA-00260Y-C8 for openvpn-devel@lists.sourceforge.net; Wed, 10 May 2023 11:22:53 +0000 Received: from smtp202.mailbox.org (smtp202.mailbox.org [IPv6:2001:67c:2050:b231:465::202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-102.mailbox.org (Postfix) with ESMTPS id 4QGXgd2dPDz9slv for ; Wed, 10 May 2023 13:22:37 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lichtenheld.com; s=MBO0001; t=1683717757; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=u5JWQRtQ3qAqICkwbtDMdxPbRplm/DsX8d7DoZQKcfw=; b=j3kIPPPUeavyxw7UZhaphL0wKaNPVn69cBPvmym/z3FnAOcfJs3KRWjYU9cbYtNJlqwNLt mUorpo+mJp4PzRuSR+gkIcXfHQWR3nHsh0ClGM+kAia9DfBjbxgyKBSpSj0RKpbbHJa75w 5YUU0Yr8vGr+dCF4H/yixbAASZ4kspUrgbxHVCigbm+80gIyYOpyFhWz3k/urIaMz8J9ar U0fU477Ic67jE5yNLcrbZpumXc0zULga3P69Xu2nibKTdV2HDFQIqS1SxQ55MSRkSiB/Nr wXpVafbSwkKWTabk7666vfHGsY2Af4uiXKAb25WTz4FqyzoQERCHA9+tzB6HCQ== From: Frank Lichtenheld To: openvpn-devel@lists.sourceforge.net Date: Wed, 10 May 2023 13:22:34 +0200 Message-Id: <20230510112236.248026-2-frank@lichtenheld.com> In-Reply-To: <20230510112236.248026-1-frank@lichtenheld.com> References: <20230510112236.248026-1-frank@lichtenheld.com> MIME-Version: 1.0 X-Rspamd-Queue-Id: 4QGXgd2dPDz9slv X-Spam-Score: -0.9 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: These are all fixes I considered "safe". They either - Have sufficient checks/shifts for a cast to be safe - Fix the type of a variable without requiring code changes - Are in non-critical unittest code Content analysis details: (-0.9 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [80.241.56.152 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1pwhuA-00260Y-C8 Subject: [Openvpn-devel] [PATCH 1/3] Various fixes for -Wconversion errors X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1765506107083794532?= X-GMAIL-MSGID: =?utf-8?q?1765506107083794532?= These are all fixes I considered "safe". They either - Have sufficient checks/shifts for a cast to be safe - Fix the type of a variable without requiring code changes - Are in non-critical unittest code Change-Id: I6818b153bdeb1eed65870af99b0531e95807fe0f Signed-off-by: Frank Lichtenheld --- src/openvpn/buffer.c | 4 ++-- src/openvpn/crypto.c | 10 ++++++---- src/openvpn/integer.h | 4 ++-- src/openvpn/mss.c | 2 +- src/openvpn/otime.c | 2 +- src/openvpn/otime.h | 2 +- src/openvpn/packet_id.c | 4 ++-- src/openvpn/reliable.c | 7 +++---- src/openvpn/socket.h | 4 ++-- src/openvpn/tls_crypt.c | 2 +- src/openvpn/xkey_helper.c | 14 +++++++------- tests/unit_tests/openvpn/mock_get_random.c | 2 +- tests/unit_tests/openvpn/test_crypto.c | 6 +++--- tests/unit_tests/openvpn/test_packet_id.c | 6 +++--- tests/unit_tests/openvpn/test_provider.c | 2 +- tests/unit_tests/openvpn/test_tls_crypt.c | 2 +- 16 files changed, 37 insertions(+), 36 deletions(-) diff --git a/src/openvpn/buffer.c b/src/openvpn/buffer.c index d099795b..7ca9dd4f 100644 --- a/src/openvpn/buffer.c +++ b/src/openvpn/buffer.c @@ -354,7 +354,7 @@ buffer_write_file(const char *filename, const struct buffer *buf) return false; } - const int size = write(fd, BPTR(buf), BLEN(buf)); + const ssize_t size = write(fd, BPTR(buf), BLEN(buf)); if (size != BLEN(buf)) { msg(M_ERRNO, "Write error on file '%s'", filename); @@ -891,7 +891,7 @@ buf_parse(struct buffer *buf, const int delim, char *line, const int size) { break; } - line[n++] = c; + line[n++] = (char)c; } while (c); diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index b5ae17ec..0eaebba2 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -28,6 +28,8 @@ #include "config-msvc.h" #endif +#include + #include "syshead.h" #include "crypto.h" @@ -1293,8 +1295,8 @@ read_key_file(struct key2 *key2, const char *file, const unsigned int flags) hex_byte[hb_index++] = c; if (hb_index == 2) { - unsigned int u; - ASSERT(sscanf((const char *)hex_byte, "%x", &u) == 1); + uint8_t u; + ASSERT(sscanf((const char *)hex_byte, "%" SCNx8, &u) == 1); *out++ = u; hb_index = 0; if (++count == keylen) @@ -1556,13 +1558,13 @@ write_key(const struct key *key, const struct key_type *kt, ASSERT(cipher_kt_key_size(kt->cipher) <= MAX_CIPHER_KEY_LENGTH && md_kt_size(kt->digest) <= MAX_HMAC_KEY_LENGTH); - const uint8_t cipher_length = cipher_kt_key_size(kt->cipher); + const uint8_t cipher_length = (uint8_t)cipher_kt_key_size(kt->cipher); if (!buf_write(buf, &cipher_length, 1)) { return false; } - uint8_t hmac_length = md_kt_size(kt->digest); + uint8_t hmac_length = (uint8_t)md_kt_size(kt->digest); if (!buf_write(buf, &hmac_length, 1)) { diff --git a/src/openvpn/integer.h b/src/openvpn/integer.h index 215c159f..2551428e 100644 --- a/src/openvpn/integer.h +++ b/src/openvpn/integer.h @@ -28,12 +28,12 @@ #ifndef htonll #define htonll(x) ((1==htonl(1)) ? (x) : \ - ((uint64_t)htonl((x) & 0xFFFFFFFF) << 32) | htonl((x) >> 32)) + ((uint64_t)htonl((uint32_t)((x) & 0xFFFFFFFF)) << 32) | htonl((uint32_t)((x) >> 32))) #endif #ifndef ntohll #define ntohll(x) ((1==ntohl(1)) ? (x) : \ - ((uint64_t)ntohl((x) & 0xFFFFFFFF) << 32) | ntohl((x) >> 32)) + ((uint64_t)ntohl((uint32_t)((x) & 0xFFFFFFFF)) << 32) | ntohl((uint32_t)((x) >> 32))) #endif /* diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c index 98d54068..fd2d3c1d 100644 --- a/src/openvpn/mss.c +++ b/src/openvpn/mss.c @@ -167,7 +167,7 @@ mss_fixup_dowork(struct buffer *buf, uint16_t maxmss) return; } - for (olen = hlen - sizeof(struct openvpn_tcphdr), + for (olen = hlen - (int) sizeof(struct openvpn_tcphdr), opt = (uint8_t *)(tc + 1); olen > 1; olen -= optlen, opt += optlen) diff --git a/src/openvpn/otime.c b/src/openvpn/otime.c index 0bbed81d..1694bc54 100644 --- a/src/openvpn/otime.c +++ b/src/openvpn/otime.c @@ -107,7 +107,7 @@ tv_string_abs(const struct timeval *tv, struct gc_arena *gc) /* format a time_t as ascii, or use current time if 0 */ const char * -time_string(time_t t, int usec, bool show_usec, struct gc_arena *gc) +time_string(time_t t, long usec, bool show_usec, struct gc_arena *gc) { struct buffer out = alloc_buf_gc(64, gc); struct timeval tv; diff --git a/src/openvpn/otime.h b/src/openvpn/otime.h index c27be892..d795c3c3 100644 --- a/src/openvpn/otime.h +++ b/src/openvpn/otime.h @@ -43,7 +43,7 @@ void frequency_limit_free(struct frequency_limit *f); bool frequency_limit_event_allowed(struct frequency_limit *f); /* format a time_t as ascii, or use current time if 0 */ -const char *time_string(time_t t, int usec, bool show_usec, struct gc_arena *gc); +const char *time_string(time_t t, long usec, bool show_usec, struct gc_arena *gc); /* struct timeval functions */ diff --git a/src/openvpn/packet_id.c b/src/openvpn/packet_id.c index bb790f03..6239bada 100644 --- a/src/openvpn/packet_id.c +++ b/src/openvpn/packet_id.c @@ -590,14 +590,14 @@ packet_id_debug_print(int msglevel, } else { - diff = (int) prev_now - v; + diff = (int)(prev_now - v); if (diff < 0) { c = 'N'; } else if (diff < 10) { - c = '0' + diff; + c = (char)('0' + diff); } else { diff --git a/src/openvpn/reliable.c b/src/openvpn/reliable.c index 32b346b4..0df7072c 100644 --- a/src/openvpn/reliable.c +++ b/src/openvpn/reliable.c @@ -259,8 +259,7 @@ reliable_ack_write(struct reliable_ack *ack, struct buffer *buf, const struct session_id *sid, int max, bool prepend) { - int i, j; - uint8_t n; + int i, j, n; struct buffer sub; n = ack->len; @@ -272,9 +271,9 @@ reliable_ack_write(struct reliable_ack *ack, copy_acks_to_mru(ack, ack_mru, n); /* Number of acks we can resend that still fit into the packet */ - uint8_t total_acks = min_int(max, ack_mru->len); + uint8_t total_acks = (uint8_t)min_int(max, ack_mru->len); - sub = buf_sub(buf, ACK_SIZE(total_acks), prepend); + sub = buf_sub(buf, (int)ACK_SIZE(total_acks), prepend); if (!BDEF(&sub)) { goto error; diff --git a/src/openvpn/socket.h b/src/openvpn/socket.h index bfc1253b..a4acc5dd 100644 --- a/src/openvpn/socket.h +++ b/src/openvpn/socket.h @@ -1181,7 +1181,7 @@ link_socket_write_udp(struct link_socket *sock, } /* write a TCP or UDP packet to link */ -static inline int +static inline size_t link_socket_write(struct link_socket *sock, struct buffer *buf, struct link_socket_actual *to) @@ -1198,7 +1198,7 @@ link_socket_write(struct link_socket *sock, else { ASSERT(0); - return -1; /* NOTREACHED */ + return 0; /* NOTREACHED */ } } diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c index 88b2d6d7..e8ff6c6b 100644 --- a/src/openvpn/tls_crypt.c +++ b/src/openvpn/tls_crypt.c @@ -634,7 +634,7 @@ tls_crypt_v2_extract_client_key(struct buffer *buf, memcpy(&net_len, BEND(&wrapped_client_key) - sizeof(net_len), sizeof(net_len)); - size_t wkc_len = ntohs(net_len); + uint16_t wkc_len = ntohs(net_len); if (!buf_advance(&wrapped_client_key, BLEN(&wrapped_client_key) - wkc_len)) { msg(D_TLS_ERRORS, "Can not locate tls-crypt-v2 client key"); diff --git a/src/openvpn/xkey_helper.c b/src/openvpn/xkey_helper.c index ee9677ab..214d43a4 100644 --- a/src/openvpn/xkey_helper.c +++ b/src/openvpn/xkey_helper.c @@ -294,7 +294,7 @@ xkey_management_sign(void *unused, unsigned char *sig, size_t *siglen, * @return false on error, true on success * * On return enc_len is set to actual size of the result. - * enc is NULL or enc_len is not enough to store the result, it is set + * If enc is NULL or enc_len is not enough to store the result, it is set * to the required size and false is returned. */ bool @@ -339,8 +339,8 @@ encode_pkcs1(unsigned char *enc, size_t *enc_len, const char *mdname, MAKE_DI(sha512), MAKE_DI(sha224), MAKE_DI(sha512_224), MAKE_DI(sha512_256), {0, NULL, 0}}; - int out_len = 0; - int ret = 0; + size_t out_len = 0; + bool ret = false; int nid = OBJ_sn2nid(mdname); if (nid == NID_undef) @@ -356,7 +356,7 @@ encode_pkcs1(unsigned char *enc, size_t *enc_len, const char *mdname, if (tbslen != EVP_MD_size(EVP_get_digestbyname(mdname))) { - msg(M_WARN, "Error: encode_pkcs11: invalid input length <%d>", (int)tbslen); + msg(M_WARN, "Error: encode_pkcs11: invalid input length <%zu>", tbslen); goto done; } @@ -385,13 +385,13 @@ encode_pkcs1(unsigned char *enc, size_t *enc_len, const char *mdname, out_len = tbslen + di->sz; - if (enc && (out_len <= (int) *enc_len)) + if (enc && (out_len <= *enc_len)) { /* combine header and digest */ memcpy(enc, di->header, di->sz); memcpy(enc + di->sz, tbs, tbslen); - dmsg(D_XKEY, "encode_pkcs1: digest length = %d encoded length = %d", - (int) tbslen, (int) out_len); + dmsg(D_XKEY, "encode_pkcs1: digest length = %zu encoded length = %zu", + tbslen, out_len); ret = true; } diff --git a/tests/unit_tests/openvpn/mock_get_random.c b/tests/unit_tests/openvpn/mock_get_random.c index 787b5e33..dfc72874 100644 --- a/tests/unit_tests/openvpn/mock_get_random.c +++ b/tests/unit_tests/openvpn/mock_get_random.c @@ -41,6 +41,6 @@ prng_bytes(uint8_t *output, int len) { for (int i = 0; i < len; i++) { - output[i] = rand(); + output[i] = (uint8_t)rand(); } } diff --git a/tests/unit_tests/openvpn/test_crypto.c b/tests/unit_tests/openvpn/test_crypto.c index aec4e049..fc367dac 100644 --- a/tests/unit_tests/openvpn/test_crypto.c +++ b/tests/unit_tests/openvpn/test_crypto.c @@ -99,8 +99,8 @@ test_cipher_names(const char *ciphername, const char *openvpn_name) for (int i = 0; i < strlen(ciphername); i++) { - upper[i] = toupper(ciphername[i]); - lower[i] = tolower(ciphername[i]); + upper[i] = (char)toupper((unsigned char)ciphername[i]); + lower[i] = (char)tolower((unsigned char)ciphername[i]); if (rand() & 0x1) { random_case[i] = upper[i]; @@ -162,7 +162,7 @@ crypto_test_tls_prf(void **state) uint8_t out[32]; - ssl_tls1_PRF(seed, seed_len, secret, secret_len, out, sizeof(out)); + ssl_tls1_PRF(seed, (int)seed_len, secret, (int)secret_len, out, sizeof(out)); assert_memory_equal(good_prf, out, sizeof(out)); } diff --git a/tests/unit_tests/openvpn/test_packet_id.c b/tests/unit_tests/openvpn/test_packet_id.c index 9b653a8b..a576a576 100644 --- a/tests/unit_tests/openvpn/test_packet_id.c +++ b/tests/unit_tests/openvpn/test_packet_id.c @@ -96,7 +96,7 @@ test_packet_id_write_long(void **state) assert(data->pis.id == 1); assert(data->pis.time == now); assert_true(data->test_buf_data.buf_id == htonl(1)); - assert_true(data->test_buf_data.buf_time == htonl(now)); + assert_true(data->test_buf_data.buf_time == htonl((uint32_t)now)); } static void @@ -123,7 +123,7 @@ test_packet_id_write_long_prepend(void **state) assert(data->pis.id == 1); assert(data->pis.time == now); assert_true(data->test_buf_data.buf_id == htonl(1)); - assert_true(data->test_buf_data.buf_time == htonl(now)); + assert_true(data->test_buf_data.buf_time == htonl((uint32_t)now)); } static void @@ -154,7 +154,7 @@ test_packet_id_write_long_wrap(void **state) assert(data->pis.id == 1); assert(data->pis.time == now); assert_true(data->test_buf_data.buf_id == htonl(1)); - assert_true(data->test_buf_data.buf_time == htonl(now)); + assert_true(data->test_buf_data.buf_time == htonl((uint32_t)now)); } static void diff --git a/tests/unit_tests/openvpn/test_provider.c b/tests/unit_tests/openvpn/test_provider.c index 255067c7..79db9155 100644 --- a/tests/unit_tests/openvpn/test_provider.c +++ b/tests/unit_tests/openvpn/test_provider.c @@ -367,7 +367,7 @@ xkey_sign(void *handle, unsigned char *sig, size_t *siglen, } /* return a predefined string as sig */ - memcpy(sig, good_sig, min_int(sizeof(good_sig), *siglen)); + memcpy(sig, good_sig, min_int((int)sizeof(good_sig), (int)*siglen)); return 1; } diff --git a/tests/unit_tests/openvpn/test_tls_crypt.c b/tests/unit_tests/openvpn/test_tls_crypt.c index 19ae29cc..2966ebb2 100644 --- a/tests/unit_tests/openvpn/test_tls_crypt.c +++ b/tests/unit_tests/openvpn/test_tls_crypt.c @@ -140,7 +140,7 @@ __wrap_rand_bytes(uint8_t *output, int len) { for (int i = 0; i < len; i++) { - output[i] = i; + output[i] = (uint8_t)i; } return true; } From patchwork Wed May 10 11:22:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Frank Lichtenheld X-Patchwork-Id: 3208 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:7b9a:b0:c3:1364:a2a2 with SMTP id j26csp3535827dyk; Wed, 10 May 2023 04:23:26 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7OgjowNxnvJ55VU/P9nkURf/vCTUf0+V6KbSy08Qmok/Fm+Yr9sr+aKFpHoeKlMtDcmoUO X-Received: by 2002:a92:dcc7:0:b0:325:eb13:1045 with SMTP id b7-20020a92dcc7000000b00325eb131045mr13876123ilr.2.1683717806141; Wed, 10 May 2023 04:23:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1683717806; cv=none; d=google.com; s=arc-20160816; b=NwHhnq8zBrkWzfWttQNv6NxtwSf/UzMtJE710gtxDWGDkAvR4TOOpPNAkJHDxg0c7h Gxonh9LxM6XsaUo9MPaabbHhGuLC8waoGph7Iy18oak6rdWT50/0jXTt8WuOpKnnUqE5 oPPxZ9F3sNFFqQIVhOnLjKPsgdSFxfT/TlkOpIqcl1LgfVQTyDb+uo7fh6I9SYCQadTr ynVXNoNgtyP8+sEDbglQZ89vBJ5kepaDU6ZjuD/YzcVT0VCroFDA7a2Myz9FGxErNI7b v2uftpGXvWHkihZvijK1rcOHESXEi2Pp12j3z8hLYpjYVCGztkFcYRDFbArEKkAMFtIN cM1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=3PItXtukIO8/gTo6MaBh4qDuLa4EI8EHOV+/hhh3zLk=; b=tYqq+x0Koqb8zqK+BmbCwePV2TL/CxEkr7V0VBM7yYA/2rNBLkFv4igj1PUP6zIT0u HyTO+N3ZCeYAhZ7uGcxP/cG7SaJW8aJ+TUIM4rQ3TCUY4IhNC5xUNhxw1gUdKCoOcWSm 619V6Kbt+SbrRY9ORB8MOoYYwNo+vtK/k1237Yc+ZBhoY1YxjAgKu1NoYUOge1qvw0Sx niB8tQWmculffvn4qYk0H/BlCQV67w2pdBgs1quLPaDby+IwPqIZiZU+5M7WXvZ3DaIC RUoBKsa1i6SvNvUQEdwca7kByfTvZAnwWfR1JTibaG64nBxb7pOy1zhdjtFHLXdRFyCQ 8gcA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=EMA3YENA; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=OvSGAKw7; dkim=neutral (body hash did not verify) header.i=@lichtenheld.com header.s=MBO0001 header.b=Cuzm8k43; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id t5-20020a026405000000b0040fa8c648d3si5646925jac.164.2023.05.10.04.23.25 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 10 May 2023 04:23:26 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=EMA3YENA; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=OvSGAKw7; dkim=neutral (body hash did not verify) header.i=@lichtenheld.com header.s=MBO0001 header.b=Cuzm8k43; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pwhuO-0002Qh-Et; Wed, 10 May 2023 11:23:00 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pwhuF-0002QB-1x for openvpn-devel@lists.sourceforge.net; Wed, 10 May 2023 11:22:51 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=wGzV2wQeBuUYYYbg8dV2nvY/2bHf31H6r02U9koomus=; b=EMA3YENAiIeNn6BzgeVLqawMcq nTFM3k6YJyE+JfSHqdF9/dkrK0/+p6zBEHgbRRfuht08DOG2F9G60ciFfWjeBMLKo61ObatQ/G3sL ljP59SuluI+xEP9HXfxg2EDQM6Q5tIqdWo2tKzyjTquIzV+ILGlcnRK7UPdoHFSk3lJg=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=wGzV2wQeBuUYYYbg8dV2nvY/2bHf31H6r02U9koomus=; b=OvSGAKw7an5L80s2tJtg1HPGIG fMNAy2TEvaT5gVEINvUlmSfj8mrwMX58EdDZ0POpdIOoOsukfPvYS6eFLSj+T5wC6tDt24+LBvnBE LrYjgsP3R8krRR6hRgkPFcCEsJ9Sru6rEwO/laCGl4VIU9nnNYA3PDtm252ysuVhTexw=; Received: from mout-p-202.mailbox.org ([80.241.56.172]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1pwhuA-00260Z-Fl for openvpn-devel@lists.sourceforge.net; Wed, 10 May 2023 11:22:51 +0000 Received: from smtp202.mailbox.org (smtp202.mailbox.org [IPv6:2001:67c:2050:b231:465::202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-202.mailbox.org (Postfix) with ESMTPS id 4QGXgd4HnQz9sbw for ; Wed, 10 May 2023 13:22:37 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lichtenheld.com; s=MBO0001; t=1683717757; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wGzV2wQeBuUYYYbg8dV2nvY/2bHf31H6r02U9koomus=; b=Cuzm8k43jCQ7XyjJE8ei2swBh7HIwUUItEEAscFTqH59PcXfR6T2gjPOD8JiYl40yNdIYX 4BFbe4fLWu0eWFi/N7JgJ5EIn4XUwKui3HopNbyNyIAj4bMxk3E/eTQz9QumwzdI6lMUCs Lehbh2Aog7DXFSbszjIt1cp8WSXgYTqJNX20sr69c8UKfhmd5RIAjOhB1cAK2Td5onDPO8 iiqv5Itqw6YIlLRvlmKQWg6mGuLRktena0h8ux3B5gGcA8RlXq9Qgn/b+6b/WWO/2j+d7o KWGq3ERIXi4AkRS90v3NvlesiAqAcHkqwQ0FGNc9qAoOUgAxhw7o9nmGmehTgg== From: Frank Lichtenheld To: openvpn-devel@lists.sourceforge.net Date: Wed, 10 May 2023 13:22:35 +0200 Message-Id: <20230510112236.248026-3-frank@lichtenheld.com> In-Reply-To: <20230510112236.248026-1-frank@lichtenheld.com> References: <20230510112236.248026-1-frank@lichtenheld.com> MIME-Version: 1.0 X-Rspamd-Queue-Id: 4QGXgd4HnQz9sbw X-Spam-Score: -0.9 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Since in the end this always ends up as an uint16_t anyway, just make the conversion much earlier. Cleans up the code and removes some -Wconversion warnings. Change-Id: Id8321dfbb8ad8d79f4bb2a9da61f8cd6b6c6ee26 Signed-off-by: Frank Lichtenheld --- src/openvpn/mss.c | 21 +++++++++++ src/openvpn/mss.h | 4 ++-- src/openvpn/mt [...] Content analysis details: (-0.9 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [80.241.56.172 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1pwhuA-00260Z-Fl Subject: [Openvpn-devel] [PATCH 2/3] Change type of frame.mss_fix to uint16_t X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1765506082700618037?= X-GMAIL-MSGID: =?utf-8?q?1765506082700618037?= Since in the end this always ends up as an uint16_t anyway, just make the conversion much earlier. Cleans up the code and removes some -Wconversion warnings. Change-Id: Id8321dfbb8ad8d79f4bb2a9da61f8cd6b6c6ee26 Signed-off-by: Frank Lichtenheld --- src/openvpn/mss.c | 21 +++++++++++---------- src/openvpn/mss.h | 4 ++-- src/openvpn/mtu.c | 2 +- src/openvpn/mtu.h | 2 +- src/openvpn/options.c | 1 + 5 files changed, 16 insertions(+), 14 deletions(-) diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c index fd2d3c1d..44b316da 100644 --- a/src/openvpn/mss.c +++ b/src/openvpn/mss.c @@ -46,7 +46,7 @@ * if yes, hand to mss_fixup_dowork() */ void -mss_fixup_ipv4(struct buffer *buf, int maxmss) +mss_fixup_ipv4(struct buffer *buf, uint16_t maxmss) { const struct openvpn_iphdr *pip; int hlen; @@ -74,7 +74,7 @@ mss_fixup_ipv4(struct buffer *buf, int maxmss) struct openvpn_tcphdr *tc = (struct openvpn_tcphdr *) BPTR(&newbuf); if (tc->flags & OPENVPN_TCPH_SYN_MASK) { - mss_fixup_dowork(&newbuf, (uint16_t) maxmss); + mss_fixup_dowork(&newbuf, maxmss); } } } @@ -86,7 +86,7 @@ mss_fixup_ipv4(struct buffer *buf, int maxmss) * (IPv6 header structure is sufficiently different from IPv4...) */ void -mss_fixup_ipv6(struct buffer *buf, int maxmss) +mss_fixup_ipv6(struct buffer *buf, uint16_t maxmss) { const struct openvpn_ipv6hdr *pip6; struct buffer newbuf; @@ -132,7 +132,7 @@ mss_fixup_ipv6(struct buffer *buf, int maxmss) struct openvpn_tcphdr *tc = (struct openvpn_tcphdr *) BPTR(&newbuf); if (tc->flags & OPENVPN_TCPH_SYN_MASK) { - mss_fixup_dowork(&newbuf, (uint16_t) maxmss-20); + mss_fixup_dowork(&newbuf, maxmss-20); } } } @@ -193,13 +193,14 @@ mss_fixup_dowork(struct buffer *buf, uint16_t maxmss) { continue; } - mssval = (opt[2]<<8)+opt[3]; + mssval = opt[2] << 8; + mssval += opt[3]; if (mssval > maxmss) { - dmsg(D_MSS, "MSS: %d -> %d", (int) mssval, (int) maxmss); + dmsg(D_MSS, "MSS: %" PRIu16 " -> %" PRIu16, mssval, maxmss); accumulate = htons(mssval); - opt[2] = (maxmss>>8)&0xff; - opt[3] = maxmss&0xff; + opt[2] = (uint8_t)((maxmss>>8)&0xff); + opt[3] = (uint8_t)(maxmss&0xff); accumulate -= htons(maxmss); ADJUST_CHECKSUM(accumulate, tc->check); } @@ -293,7 +294,7 @@ frame_calculate_mssfix(struct frame *frame, struct key_type *kt, { /* we subtract IPv4 and TCP overhead here, mssfix method will add the * extra 20 for IPv6 */ - frame->mss_fix = options->ce.mssfix - (20 + 20); + frame->mss_fix = (uint16_t)(options->ce.mssfix - (20 + 20)); return; } @@ -327,7 +328,7 @@ frame_calculate_mssfix(struct frame *frame, struct key_type *kt, /* This is the target value our payload needs to be smaller */ unsigned int target = options->ce.mssfix - overhead; - frame->mss_fix = adjust_payload_max_cbc(kt, target) - payload_overhead; + frame->mss_fix = (uint16_t)(adjust_payload_max_cbc(kt, target) - payload_overhead); } diff --git a/src/openvpn/mss.h b/src/openvpn/mss.h index 1c4704bd..b2a68cf7 100644 --- a/src/openvpn/mss.h +++ b/src/openvpn/mss.h @@ -29,9 +29,9 @@ #include "mtu.h" #include "ssl_common.h" -void mss_fixup_ipv4(struct buffer *buf, int maxmss); +void mss_fixup_ipv4(struct buffer *buf, uint16_t maxmss); -void mss_fixup_ipv6(struct buffer *buf, int maxmss); +void mss_fixup_ipv6(struct buffer *buf, uint16_t maxmss); void mss_fixup_dowork(struct buffer *buf, uint16_t maxmss); diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c index 2925b7fe..3c8468a9 100644 --- a/src/openvpn/mtu.c +++ b/src/openvpn/mtu.c @@ -212,7 +212,7 @@ frame_print(const struct frame *frame, buf_printf(&out, "%s ", prefix); } buf_printf(&out, "["); - buf_printf(&out, " mss_fix:%d", frame->mss_fix); + buf_printf(&out, " mss_fix:%" PRIu16, frame->mss_fix); #ifdef ENABLE_FRAGMENT buf_printf(&out, " max_frag:%d", frame->max_fragment_size); #endif diff --git a/src/openvpn/mtu.h b/src/openvpn/mtu.h index b602b86b..c64398de 100644 --- a/src/openvpn/mtu.h +++ b/src/openvpn/mtu.h @@ -115,7 +115,7 @@ struct frame { * decryption/encryption or compression. */ } buf; - unsigned int mss_fix; /**< The actual MSS value that should be + uint16_t mss_fix; /**< The actual MSS value that should be * written to the payload packets. This * is the value for IPv4 TCP packets. For * IPv6 packets another 20 bytes must diff --git a/src/openvpn/options.c b/src/openvpn/options.c index fa435c1d..94859294 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -7260,6 +7260,7 @@ add_option(struct options *options, /* value specified, assume encapsulation is not * included unless "mtu" follows later */ options->ce.mssfix = positive_atoi(p[1]); + ASSERT(options->ce.mssfix <= UINT16_MAX); options->ce.mssfix_encap = false; options->ce.mssfix_default = false; } From patchwork Wed May 10 11:22:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Frank Lichtenheld X-Patchwork-Id: 3207 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:7b9a:b0:c3:1364:a2a2 with SMTP id j26csp3535787dyk; Wed, 10 May 2023 04:23:22 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7N+bR90XdX9uiQu/s+Z6QsslCgOZHGEUNijU4qAANFX87u//Mi98M3g5peR3EIy4WbjFya X-Received: by 2002:a92:d0c9:0:b0:331:40f0:69b2 with SMTP id y9-20020a92d0c9000000b0033140f069b2mr11459011ila.31.1683717802798; Wed, 10 May 2023 04:23:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1683717802; cv=none; d=google.com; s=arc-20160816; b=mu9BYT9ymK2FPFQoAcZZTFqBd1lHKEeNY4Vp7V9N1V2cQNBSDnJY9W2odXJ/PGK+Lb yNkB2HU2OzP4WpdWRmkfb0JAyppgiw9A0sf+K//f85DWJ+zgFVQLrOGWHf1C55AoLImk 8khqAc8LaQjmtbLoc5dx0orL3HWIbMy/9X1IvlGNrBYGvBMcMrAsaJkUmDN1k0nc6xPA d5Wc+gN0s74W4cSrj+okFzC78yvVmmd66OiQ1E0mkqfyb88x5o4mHRsoHIsnahyrHy0b no9YW/5Q7Cfrnr5YgN8aPopNkXZKc/thTDIQPzSJFAR62lo0J5rIbS/AZZ1ht6le84T1 SOpg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=gzCFJm6PpE3Wfw0MToP/LK3aRQSzMWrHXPU5ag2zk0o=; b=wUUJmzAfnTAC4b1rDaXReuSXaVbIkYeTzpr9pRajjAen3CaPN6bRBtWfFBfTc5bMeC aK+cVmOr1H37ZUGtsbt4XOH/sIqfoCHjKB5+bt+SXkKtzlEghPDE3KnYFVK54UHiYFwL +t631WNsBgzXBWuNq5IKI43SZpVwul5NDSHIgu4Vf2M8Dhn1nTrf2cKh6Xjfz7EMCz83 W8Ob7PDwjj95fmO526CX4WCMvsOZgtgoKeJL7yezfS5o9XoS5NhayfXz/ZocxNGUXszT 6ToOwT1xnDMX9c7rEkb1BxJMTkmLnHfYRvdUvTqNtyB+r+HzdptdodZjBhjPKfJ+mlTK 7SIw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=heBvY+5M; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=adAeA+3j; dkim=neutral (body hash did not verify) header.i=@lichtenheld.com header.s=MBO0001 header.b=B8Bt4XSd; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id a18-20020a926612000000b0032b62593094si6877947ilc.143.2023.05.10.04.23.22 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 10 May 2023 04:23:22 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=heBvY+5M; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=adAeA+3j; dkim=neutral (body hash did not verify) header.i=@lichtenheld.com header.s=MBO0001 header.b=B8Bt4XSd; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pwhuM-0003IX-IM; Wed, 10 May 2023 11:22:58 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pwhuF-0003IL-0j for openvpn-devel@lists.sourceforge.net; Wed, 10 May 2023 11:22:52 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=RRgHzegr5f14igDcIy+efwcVxJilzzMHFJuvyQXUnPc=; b=heBvY+5M8Dps7PZgUxE+ZjgiRB /k6IFkkX4sORE4jVQvjR+fWuyW9SDMLZxoKfsyjG5jGxImGFG9bv6y6eg06GMZf0bV7qPDMRbJ5o4 QU3PceJkLgCim+VCiSF8Kp7yluMmIsGRTINd5ZKuML0xL2sBAZV1ONxpckXmKvHR1wvs=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=RRgHzegr5f14igDcIy+efwcVxJilzzMHFJuvyQXUnPc=; b=adAeA+3jrvgpQ+0NE6Qec8zsJ3 N1D2XaEkSBT2O9hL7pYjQ68HxrkdabjmblvoBF2qM3w5YaUofJzn2PWnZGf81D2bgm4wjJ0SFH+nx DdY5n86kbT++mHHRdc49xIKH893B/b14BI2G+eB035CGmm7Sw6wTblsuPixMeX9j5RJM=; Received: from mout-p-202.mailbox.org ([80.241.56.172]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1pwhuC-0002Ma-Am for openvpn-devel@lists.sourceforge.net; Wed, 10 May 2023 11:22:50 +0000 Received: from smtp202.mailbox.org (smtp202.mailbox.org [10.196.197.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-202.mailbox.org (Postfix) with ESMTPS id 4QGXgd5yr9z9skQ for ; Wed, 10 May 2023 13:22:37 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lichtenheld.com; s=MBO0001; t=1683717757; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=RRgHzegr5f14igDcIy+efwcVxJilzzMHFJuvyQXUnPc=; b=B8Bt4XSddbdgsXinxf/QxTUAYuebS1W+tkT7xcLIwDQhEbGlA/2i1a9Iyu4oErE/55arec JYz+FOlY9biwTFR7mfsYLSqah9jyQGxc3sv07j97hlJSYzcpatThRSzFZwq1Qj29mzpaq1 oU3L4teecwr7Hj/oPFqM9oIpGCT14zpRvxnqKBqMh7O8LpmtYcKbEZciGMUgtSokjbONUK jfWghuYxj10cRpLC9V/7Vcf+RcO2BVClrqfg31BS8nhvScT6l687GBAvNOBnjwqnkA9iEG H4zJHQopf85ORQSgYs9GTSf1g1eUvLKeAlYQdOYQ0e7sT1QQQiyzM3qZHO3qqA== From: Frank Lichtenheld To: openvpn-devel@lists.sourceforge.net Date: Wed, 10 May 2023 13:22:36 +0200 Message-Id: <20230510112236.248026-4-frank@lichtenheld.com> In-Reply-To: <20230510112236.248026-1-frank@lichtenheld.com> References: <20230510112236.248026-1-frank@lichtenheld.com> MIME-Version: 1.0 X-Spam-Score: -0.9 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Half of them used unsigned int, the other half size_t. Standardize on one. Could've also standardized on the other, both are much too big for the expected numbers anyway. Add a new utility function clamp_size_to_int for cases we need to change from size_t to int (there are a lot of those all over our codebase). Content analysis details: (-0.9 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [80.241.56.172 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1pwhuC-0002Ma-Am Subject: [Openvpn-devel] [PATCH 3/3] mss/mtu: make all size calculations use size_t X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1765506078678347419?= X-GMAIL-MSGID: =?utf-8?q?1765506078678347419?= Half of them used unsigned int, the other half size_t. Standardize on one. Could've also standardized on the other, both are much too big for the expected numbers anyway. Add a new utility function clamp_size_to_int for cases we need to change from size_t to int (there are a lot of those all over our codebase). Resolves some -Wconversion warnings. Change-Id: Ic996eca227d9e68279a454db93fcbc86a7bd0380 Signed-off-by: Frank Lichtenheld --- src/openvpn/integer.h | 11 +++++++++-- src/openvpn/mss.c | 20 ++++++++++---------- src/openvpn/mtu.c | 4 ++-- 3 files changed, 21 insertions(+), 14 deletions(-) diff --git a/src/openvpn/integer.h b/src/openvpn/integer.h index 2551428e..8be7c3c2 100644 --- a/src/openvpn/integer.h +++ b/src/openvpn/integer.h @@ -36,6 +36,13 @@ ((uint64_t)ntohl((uint32_t)((x) & 0xFFFFFFFF)) << 32) | ntohl((uint32_t)((x) >> 32))) #endif +static inline int +clamp_size_to_int(size_t size) +{ + ASSERT(size <= INT_MAX); + return (int)size; +} + /* * min/max functions */ @@ -188,8 +195,8 @@ index_verify(int index, int size, const char *file, int line) /** * Rounds down num to the nearest multiple of multiple */ -static inline unsigned int -round_down_uint(unsigned int num, unsigned int multiple) +static inline size_t +round_down_size(size_t num, size_t multiple) { return (num / multiple) * multiple; } diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c index 44b316da..d0471ebf 100644 --- a/src/openvpn/mss.c +++ b/src/openvpn/mss.c @@ -209,8 +209,8 @@ mss_fixup_dowork(struct buffer *buf, uint16_t maxmss) } } -static inline unsigned int -adjust_payload_max_cbc(const struct key_type *kt, unsigned int target) +static inline size_t +adjust_payload_max_cbc(const struct key_type *kt, size_t target) { if (!cipher_kt_mode_cbc(kt->cipher)) { @@ -223,13 +223,13 @@ adjust_payload_max_cbc(const struct key_type *kt, unsigned int target) /* With CBC we need at least one extra byte for padding and then need * to ensure that the resulting CBC ciphertext length, which is always * a multiple of the block size, is not larger than the target value */ - unsigned int block_size = cipher_kt_block_size(kt->cipher); - target = round_down_uint(target, block_size); + size_t block_size = cipher_kt_block_size(kt->cipher); + target = round_down_size(target, block_size); return target - 1; } } -static unsigned int +static size_t get_ip_encap_overhead(const struct options *options, const struct link_socket_info *lsi) { @@ -260,7 +260,7 @@ frame_calculate_fragment(struct frame *frame, struct key_type *kt, struct link_socket_info *lsi) { #if defined(ENABLE_FRAGMENT) - unsigned int overhead; + size_t overhead; overhead = frame_calculate_protocol_header_size(kt, options, false); @@ -269,12 +269,12 @@ frame_calculate_fragment(struct frame *frame, struct key_type *kt, overhead += get_ip_encap_overhead(options, lsi); } - unsigned int target = options->ce.fragment - overhead; + size_t target = options->ce.fragment - overhead; /* The 4 bytes of header that fragment adds itself. The other extra payload * bytes (Ethernet header/compression) are handled by the fragment code * just as part of the payload and therefore automatically taken into * account if the packet needs to fragmented */ - frame->max_fragment_size = adjust_payload_max_cbc(kt, target) - 4; + frame->max_fragment_size = clamp_size_to_int(adjust_payload_max_cbc(kt, target)) - 4; if (cipher_kt_mode_cbc(kt->cipher)) { @@ -298,7 +298,7 @@ frame_calculate_mssfix(struct frame *frame, struct key_type *kt, return; } - unsigned int overhead, payload_overhead; + size_t overhead, payload_overhead; overhead = frame_calculate_protocol_header_size(kt, options, false); @@ -327,7 +327,7 @@ frame_calculate_mssfix(struct frame *frame, struct key_type *kt, * by ce.mssfix */ /* This is the target value our payload needs to be smaller */ - unsigned int target = options->ce.mssfix - overhead; + size_t target = options->ce.mssfix - overhead; frame->mss_fix = (uint16_t)(adjust_payload_max_cbc(kt, target) - payload_overhead); diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c index 3c8468a9..c1d55ade 100644 --- a/src/openvpn/mtu.c +++ b/src/openvpn/mtu.c @@ -176,7 +176,7 @@ calc_options_string_link_mtu(const struct options *o, const struct frame *frame) */ const char *ciphername = o->ciphername; - unsigned int overhead = 0; + size_t overhead = 0; if (strcmp(o->ciphername, "BF-CBC") == 0) { @@ -194,7 +194,7 @@ calc_options_string_link_mtu(const struct options *o, const struct frame *frame) * the ciphers are actually valid for non tls in occ calucation */ init_key_type(&occ_kt, ciphername, o->authname, true, false); - unsigned int payload = frame_calculate_payload_size(frame, o, &occ_kt); + size_t payload = frame_calculate_payload_size(frame, o, &occ_kt); overhead += frame_calculate_protocol_header_size(&occ_kt, o, true); return payload + overhead;