From patchwork Sat Oct 4 06:15:38 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4459 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:7505:b0:72f:f16c:e055 with SMTP id r5csp5645732mai; Fri, 3 Oct 2025 23:16:05 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVf5eUuS6plehvXcFCLmKZNn5HGpAamMrFU4C0ElmkEE3QYGFljpc2kV9iQL6MeJ+wDKhxHllZDTRk=@openvpn.net X-Google-Smtp-Source: AGHT+IG/Ai38gh4yKgshDdMPdgX9t+XrFvBhtMucoYs6L8yxTXaUvDc5T90j6uJFRkR7F6iU/eFi X-Received: by 2002:a05:6871:413:b0:36f:6985:82d7 with SMTP id 586e51a60fabf-3b0f90c9a5dmr3231253fac.32.1759558564938; Fri, 03 Oct 2025 23:16:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1759558564; cv=none; d=google.com; s=arc-20240605; b=cQBWtjacvRpyl04EtukuTzfrBTk9GnoEuNCPk6CzikL3c74QAqb3sXthIgSyxSziG7 ChGNTptR8rYkaC2p5cH8e1Q19cg4BJSqx1C8MPHpFw3MoztCKsXNrNYCAYNGkkLyQaos bwCNFUegRTK4VA64YH7MjK8xapqoocbb28wk+Tv3tAmsAOVpY4QFoVo9QOC4y3XlB2oV A3JhxiBcdELSyWkZ5Wh3jwtTsOghb7aahScqthrAHtyDHW4y/d6fYsDsc/rLkfxFDf0O jN6IPtJ3gpw2EciYarQz7si6ZmiUsngBnpwOUEKoGiu4Fl2E+/x+dFUju8JsXmFFE+UZ V2gg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=diGy5TJMZalJTeb0NBI4niiqFPQ0JJEU7omdACXRauk=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=bwUun/zZYi58UOORuZsh3Wcwr1uFRrV5RkoQnPHZ6lPYHwdGUJRyQdppADaMSr7eFj OpXbbYyaUyHd+AkxAHuy6SzgeTkB3r2XiW6FKxmcojBsBZ5NPHbPPQmEXKer2OU61Ghu h3TrVJdgBg3NcyBXQUV29UY3oPlCLV8o08g+sj0MBJI217EntY6If9iaua+H1fXy9r/K jv0Vhp9pAgA07PjKzXI9BIj9tI1z28+KNArbjp8Ts++aK9NyGioARjAP5N17ZBXm9XGG vWz6APkER9tr4V022zkD2T36RPflZ/QM2zWtbnQ1htv2svEVz38X0qG8GtgZE4AMdDYa D8FA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=cNSLSTNY; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=KX4A3t8n; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=P3fUXtG3; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-3ab9f8a06f2si2119921fac.386.2025.10.03.23.16.04 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 03 Oct 2025 23:16:04 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=cNSLSTNY; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=KX4A3t8n; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=P3fUXtG3; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=diGy5TJMZalJTeb0NBI4niiqFPQ0JJEU7omdACXRauk=; b=cNSLSTNYZWc8m05b0K0OmmM/zI jTnFRTq8UrYHblilxbWJc2loQfck85uasUNiQFT7IEIkth/sMTv98GByRxv0PNQrnIxP+QJ94zGkD NQTKWCWY0ja9iwKhJmv8Abqfc7wfq1ZcccZIW4FHPjneBYUTIWSXYMJvYKiZZiZ4kYV0=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1v4vYi-00044t-UN; Sat, 04 Oct 2025 06:15:56 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1v4vYh-00044m-0O for openvpn-devel@lists.sourceforge.net; Sat, 04 Oct 2025 06:15:55 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=TZdkiA70VVutVfZXFgyUW9SeAFVKebebRWFigqZhesk=; b=KX4A3t8nEbsHCtkwoRKgtgG4Ic E4GRhmMdNbTzh4DDMnLO2w1xbIPYA2bCNjh0jTgf0UV8Rb0PBQ5dJo+1/YthFBmdfDdonW+4KkPuo G2VtnBGV2J5JOfaaXemmdbEnzl7FXBVrMxq0wK0DasmPKsGAKVC/dCLMQ4mvBS7HJ6mA=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=TZdkiA70VVutVfZXFgyUW9SeAFVKebebRWFigqZhesk=; b=P3fUXtG3uYw/EK0cPWz3aXFBxz DQa9DAMjQHTHgPtH0+eKv2tpqSfZnjy9p/bqabqvAzhcauNKcgfkGGfb8TwmzvK//rGWlowFpflKV YELbAHFZdQ3Yvhmmcj/hAdccMCsf46iQguYEe0sPOfx31tU1Z+G7lyU4FmFYNdXXK7eA=; Received: from [193.149.48.134] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1v4vYf-0006CL-If for openvpn-devel@lists.sourceforge.net; Sat, 04 Oct 2025 06:15:54 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 5946FkXp007296 for ; Sat, 4 Oct 2025 08:15:46 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 5946FkEb007295 for openvpn-devel@lists.sourceforge.net; Sat, 4 Oct 2025 08:15:46 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Sat, 4 Oct 2025 08:15:38 +0200 Message-ID: <20251004061545.7277-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.49.1 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld - Add explicit casts where we have checked the value and need to put it into a smaller type. - Adapt some types to actual usage. Change-Id: Iad717f0ff3c79ae199c8be5f93bc51bf258c68c3 Signed-off-by: Frank Lichtenheld Acked-by: MaxF Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/ [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1v4vYf-0006CL-If Subject: [Openvpn-devel] [PATCH v3] crypto_epoch: Clean up type handling in ovpn_expand_label() X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1845030881918057891?= X-GMAIL-MSGID: =?utf-8?q?1845030881918057891?= From: Frank Lichtenheld - Add explicit casts where we have checked the value and need to put it into a smaller type. - Adapt some types to actual usage. Change-Id: Iad717f0ff3c79ae199c8be5f93bc51bf258c68c3 Signed-off-by: Frank Lichtenheld Acked-by: MaxF Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1218 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1218 This mail reflects revision 3 of this Change. Acked-by according to Gerrit (reflected above): MaxF diff --git a/src/openvpn/crypto_epoch.c b/src/openvpn/crypto_epoch.c index 7026ff8..f34dc8c 100644 --- a/src/openvpn/crypto_epoch.c +++ b/src/openvpn/crypto_epoch.c @@ -72,14 +72,9 @@ hmac_ctx_free(hmac_ctx); } -#if defined(__GNUC__) || defined(__clang__) -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wconversion" -#endif - bool ovpn_expand_label(const uint8_t *secret, size_t secret_len, const uint8_t *label, size_t label_len, - const uint8_t *context, size_t context_len, uint8_t *out, uint16_t out_len) + const uint8_t *context, size_t context_len, uint8_t *out, int out_len) { if (secret_len != 32 || label_len > 250 || context_len > 255 || label_len < 1) { @@ -89,22 +84,23 @@ * need need to be in range */ return false; } + ASSERT(out_len >= 0 && out_len <= UINT16_MAX); struct gc_arena gc = gc_new(); /* 2 byte for the outlen encoded as uint16, 5 bytes for "ovpn ", * 1 byte for context len byte and 1 byte for label len byte */ const uint8_t *label_prefix = (const uint8_t *)("ovpn "); - int prefix_len = 5; + uint8_t prefix_len = 5; - int hkdf_label_len = 2 + prefix_len + 1 + label_len + 1 + context_len; + size_t hkdf_label_len = 2 + prefix_len + 1 + label_len + 1 + context_len; struct buffer hkdf_label = alloc_buf_gc(hkdf_label_len, &gc); - buf_write_u16(&hkdf_label, out_len); - buf_write_u8(&hkdf_label, prefix_len + label_len); + buf_write_u16(&hkdf_label, (uint16_t)out_len); + buf_write_u8(&hkdf_label, prefix_len + (uint8_t)label_len); buf_write(&hkdf_label, label_prefix, prefix_len); buf_write(&hkdf_label, label, label_len); - buf_write_u8(&hkdf_label, context_len); + buf_write_u8(&hkdf_label, (uint8_t)context_len); if (context_len > 0) { buf_write(&hkdf_label, context, context_len); @@ -168,10 +164,6 @@ key->epoch = epoch_key->epoch; } -#if defined(__GNUC__) || defined(__clang__) -#pragma GCC diagnostic pop -#endif - static void epoch_init_send_key_ctx(struct crypto_options *co) { diff --git a/src/openvpn/crypto_epoch.h b/src/openvpn/crypto_epoch.h index 33ca741..a6fa116 100644 --- a/src/openvpn/crypto_epoch.h +++ b/src/openvpn/crypto_epoch.h @@ -60,7 +60,7 @@ */ bool ovpn_expand_label(const uint8_t *secret, size_t secret_len, const uint8_t *label, size_t label_len, const uint8_t *context, size_t context_len, uint8_t *out, - uint16_t out_len); + int out_len); /** * Generate a data channel key pair from the epoch key