From patchwork Tue Nov 11 17:24:31 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4581 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:33c4:b0:7b1:439f:bdf with SMTP id u4csp2038889maf; Tue, 11 Nov 2025 09:24:55 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCXAaBXU4oW/vOgJihyv8zCQ6myGB12fGblc5INKuytuStBU5DDMhb2MFqYEb5NlM9fPctZM2jDaHOk=@openvpn.net X-Google-Smtp-Source: AGHT+IHYR2PxlTTaWV/uMdd117CvFrVc7mtyzABpZEJZURh5jRZi7dOAAV4YZ+zzWdLQnvALJMT5 X-Received: by 2002:a05:6808:308d:b0:450:3ff9:f4ef with SMTP id 5614622812f47-4503ffa018cmr4759686b6e.56.1762881894887; Tue, 11 Nov 2025 09:24:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1762881894; cv=none; d=google.com; s=arc-20240605; b=Rf7DUd1dk+Scw/hzziNu22487lxqqs6XYttHxEf8UwWtZl+VT8b8Suzi9uUtU550Wj XahofBCnIxQvzCkahyjPlL+06NUG/VEV2crClvFZL9XJjpaLng1W6j3a78M+OLJT7K/+ G+67GJy8K2kyjY87vY1Pn1RohhCtKvAru3PfDI/K3bwVU+5csxFPks8qgvyZEdoqyPCo ZIa1JB8COj//hsPb7fEGKil4epC5pN/8+s2tGavKm0AKGH11jahhVMLxNQL5X/XO+80Y jBJyc2WBB0AdYyrPFau0f903jDfqDmK8JBRtq0TDYprPelVJo+LUXLwqF4uuy+plvJ0c hMGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=1Ri0vjqkfNwz/S2/sbcPI8YpIX5/PHjVgZ0N7bs4QNU=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=MiGXtnWZG0PoeaTHS4jn9ySOSUJOtpbbcvghM98ZbB6kJne1hSxUb0xvrofSP8lXui eUANF2Ym98If3XWoogT4fRLJJNIO13BGv1RYRXul96k/72QqNCa/hRCflgDc76KI4yix hn5GKITAyCVPOmMGmRu6ingd/SWEXNgPZ7Z2YRVLd4m1wrSxg1rtsj8CI1HH6eo1yYOK 4MvKzLwgZbeWIQbHYj3/0GqKe1KyxdNkYv3YCTFPshWyjBh8o+ehOsJGXi2OUdPXVCoJ +5189PEExKJPkqiIrwJffnPiaTY2OAkAXNI5W0a3we3aWUazPMaBKgFfYRaczMrg9vtV rWbA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=CeeEjSac; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=L532qget; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=hmSn54d3; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 46e09a7af769-7c6f0f0a789si4747012a34.67.2025.11.11.09.24.54 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 11 Nov 2025 09:24:54 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=CeeEjSac; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=L532qget; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=hmSn54d3; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=1Ri0vjqkfNwz/S2/sbcPI8YpIX5/PHjVgZ0N7bs4QNU=; b=CeeEjSacalMJ8X19FxQIt9kuEb UMYjEny/ry/H4qt87b/JYRGgXJHg7e+z4SETm+k+Nf5f50xtB7QWnkiTcgbKMjZWNW376WixDicoo A0wgANVV5m/BvTCMFeiHfwIiIeJKC6I9nMQgoSnUsKvyoN8LLmeH8vj0Px/ktocU3UeE=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vIs6r-0004GU-CB; Tue, 11 Nov 2025 17:24:49 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vIs6p-0004GL-7O for openvpn-devel@lists.sourceforge.net; Tue, 11 Nov 2025 17:24:47 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=nVtf95yqztPCPFXetBLihu6tPKs7JII1Zgm3+dWKCuQ=; b=L532qgettJdrUi5AZFIHsl1Z8m SEng2ugv+kZSN8xCZKYkw/gTkWnUP5/Dcv+P9kAhwrqVQZI+SRtkc/NRnbeGeaikKtYgzYVDQsEAB jtCgQVFoK51772u7NTVQ5kU4Qlzgbx7nmQeHZp8NXE0tWmL4hDJMOS5lrexA1TcH9pCM=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=nVtf95yqztPCPFXetBLihu6tPKs7JII1Zgm3+dWKCuQ=; b=hmSn54d3wUmYG0ymdB9+J9KRi+ Ta1EllgvRExO/FmQJyKupMlPcOgn6iCoG/ggGBqGzEVP/yQfbi7SLCe7V1xeSdRc+LEH0dAJot/0o xBm7IBeTGNSXUxsxdst0YdS2fqn34N65FY174pG7AWY9GEc72KMVvcQBkS3BJVEGy50w=; Received: from [193.149.48.134] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1vIs6o-0002iQ-11 for openvpn-devel@lists.sourceforge.net; Tue, 11 Nov 2025 17:24:47 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 5ABHOcJK007658 for ; Tue, 11 Nov 2025 18:24:38 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 5ABHOchG007657 for openvpn-devel@lists.sourceforge.net; Tue, 11 Nov 2025 18:24:38 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Tue, 11 Nov 2025 18:24:31 +0100 Message-ID: <20251111172437.7634-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.49.1 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld This avoids dealing with conversion warnings inside the function. Since we only add values that are supposed to be positive this should be safe. Note that we now cast the return value to int at the caller side. There we actually substract it and want to catch the case where the result gets negative. Since all the involved values are quite smal [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1vIs6o-0002iQ-11 Subject: [Openvpn-devel] [PATCH v4] ssl: change return type of calc_control_channel_frame_overhead to size_t X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1848515645375403413?= X-GMAIL-MSGID: =?utf-8?q?1848515645375403413?= From: Frank Lichtenheld This avoids dealing with conversion warnings inside the function. Since we only add values that are supposed to be positive this should be safe. Note that we now cast the return value to int at the caller side. There we actually substract it and want to catch the case where the result gets negative. Since all the involved values are quite small compared to INT_MAX I decided to just cast it without further checks. Change-Id: I71e9d4a61d37483685723c16e98f59755694cadf Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1297 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1297 This mail reflects revision 4 of this Change. Acked-by according to Gerrit (reflected above): Arne Schwabe diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 908854a..eb5c4fc 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -179,21 +179,16 @@ frame->tun_mtu = max_int(frame->tun_mtu, TLS_CHANNEL_MTU_MIN); } -#if defined(__GNUC__) || defined(__clang__) -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wconversion" -#endif - /** * calculate the maximum overhead that control channel frames have * This includes header, op code and everything apart from the * payload itself. This method is a bit pessimistic and might give higher * overhead than we actually have */ -static int +static size_t calc_control_channel_frame_overhead(const struct tls_session *session) { const struct key_state *ks = &session->key[KS_PRIMARY]; - int overhead = 0; + size_t overhead = 0; /* opcode */ overhead += 1; @@ -226,10 +221,6 @@ return overhead; } -#if defined(__GNUC__) || defined(__clang__) -#pragma GCC diagnostic pop -#endif - void init_ssl_lib(void) { @@ -2650,7 +2641,7 @@ int max_pkt_len = min_int(TLS_CHANNEL_BUF_SIZE, session->opt->frame.tun_mtu); /* Subtract overhead */ - max_pkt_len -= calc_control_channel_frame_overhead(session); + max_pkt_len -= (int)calc_control_channel_frame_overhead(session); /* calculate total available length for outgoing tls ciphertext */ int maxlen = max_pkt_len * rel_avail;