cron2 has uploaded a new patch set (#2) to the change originally created by flichtenheld. ( http://gerrit.openvpn.net/c/openvpn/+/1379?usp=email )
The following approvals got outdated and were removed: Code-Review+2 by cron2 Change subject: tls_crypt: Avoid some conversion warnings ...................................................................... tls_crypt: Avoid some conversion warnings The casts should be safe, since one is a constant (but got type from sizeof()) and the other is limited by the buffer length. While here make the code in tls_crypt_v2_wrap_client_key as little easier to follow. Change-Id: I3f11423834814bab5d653f160fc2326dae4c0e8e Signed-off-by: Frank Lichtenheld <[email protected]> Acked-by: Gert Doering <[email protected]> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1379 Message-Id: <[email protected]> URL: https://www.mail-archive.com/[email protected]/msg34466.html Signed-off-by: Gert Doering <[email protected]> --- M src/openvpn/tls_crypt.c 1 file changed, 6 insertions(+), 14 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/79/1379/2 diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c index a808de3..ab719b3 100644 --- a/src/openvpn/tls_crypt.c +++ b/src/openvpn/tls_crypt.c @@ -205,11 +205,6 @@ return false; } -#if defined(__GNUC__) || defined(__clang__) -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wconversion" -#endif - bool tls_crypt_unwrap(const struct buffer *src, struct buffer *dst, struct crypto_options *opt) { @@ -246,7 +241,7 @@ CRYPT_ERROR("cipher reset failed"); } if (!cipher_ctx_update(ctx->cipher, BPTR(dst), &outlen, BPTR(src) + TLS_CRYPT_OFF_CT, - BLEN(src) - TLS_CRYPT_OFF_CT)) + BLEN(src) - (int)TLS_CRYPT_OFF_CT)) { CRYPT_ERROR("cipher update failed"); } @@ -381,8 +376,9 @@ msg(M_WARN, "ERROR: could not write tag"); return false; } - uint16_t net_len = htons(sizeof(src_key->keys) + BLEN(src_metadata) + TLS_CRYPT_V2_TAG_SIZE - + sizeof(uint16_t)); + const int data_len = BLEN(src_metadata) + sizeof(src_key->keys) + sizeof(uint16_t); + const int tagged_len = data_len + TLS_CRYPT_TAG_SIZE; + const uint16_t net_len = htons((uint16_t)tagged_len); hmac_ctx_t *hmac_ctx = server_key->hmac; hmac_ctx_reset(hmac_ctx); hmac_ctx_update(hmac_ctx, (void *)&net_len, sizeof(net_len)); @@ -396,8 +392,8 @@ ASSERT(cipher_ctx_reset(cipher_ctx, tag)); /* Overflow check (OpenSSL requires an extra block in the dst buffer) */ - if (buf_forward_capacity(&work) < (sizeof(src_key->keys) + BLEN(src_metadata) + sizeof(net_len) - + cipher_ctx_block_size(cipher_ctx))) + const int padded_len = data_len + cipher_ctx_block_size(cipher_ctx); + if (buf_forward_capacity(&work) < padded_len) { msg(M_WARN, "ERROR: could not crypt: insufficient space in dst"); return false; @@ -418,10 +414,6 @@ return buf_copy(wkc, &work); } -#if defined(__GNUC__) || defined(__clang__) -#pragma GCC diagnostic pop -#endif - static bool tls_crypt_v2_unwrap_client_key(struct key2 *client_key, struct buffer *metadata, struct buffer wrapped_client_key, struct key_ctx *server_key) -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1379?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: newpatchset Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I3f11423834814bab5d653f160fc2326dae4c0e8e Gerrit-Change-Number: 1379 Gerrit-PatchSet: 2 Gerrit-Owner: flichtenheld <[email protected]> Gerrit-Reviewer: cron2 <[email protected]> Gerrit-Reviewer: plaisthos <[email protected]> Gerrit-CC: openvpn-devel <[email protected]>
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
