cron2 has uploaded a new patch set (#7) to the change originally created by
flichtenheld. ( http://gerrit.openvpn.net/c/openvpn/+/1301?usp=email )
The following approvals got outdated and were removed:
Code-Review+2 by cron2
Change subject: ssl: Clean up type handling in export_user_keying_material()
......................................................................
ssl: Clean up type handling in export_user_keying_material()
For this we actually change the API of the
format_hex{,_ex} functions by changing int
to size_t for length parameters. While we
call this function with int paramters in
a lot of places (usually BLEN), this will
not produce warnings under
-Wno-sign-conversion. And we're sure those
values are positive since format_hex already
uses size_t internally.
Change-Id: Id7bacec23edc6dcd94465c308ea2144c7329a0c1
Signed-off-by: Frank Lichtenheld <[email protected]>
Acked-by: Gert Doering <[email protected]>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1301
Message-Id: <[email protected]>
URL:
https://www.mail-archive.com/[email protected]/msg34036.html
Signed-off-by: Gert Doering <[email protected]>
---
M src/openvpn/buffer.c
M src/openvpn/buffer.h
M src/openvpn/ssl.c
3 files changed, 12 insertions(+), 13 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/01/1301/7
diff --git a/src/openvpn/buffer.c b/src/openvpn/buffer.c
index 28de00f..293622f 100644
--- a/src/openvpn/buffer.c
+++ b/src/openvpn/buffer.c
@@ -480,18 +480,17 @@
*/
char *
-format_hex_ex(const uint8_t *data, int size, int maxoutput, unsigned int
space_break_flags,
+format_hex_ex(const uint8_t *data, size_t size, size_t maxoutput, unsigned int
space_break_flags,
const char *separator, struct gc_arena *gc)
{
const size_t bytes_per_hexblock = space_break_flags & FHE_SPACE_BREAK_MASK;
const size_t separator_len = separator ? strlen(separator) : 0;
- static_assert(INT_MAX <= SIZE_MAX, "Code assumes INT_MAX <= SIZE_MAX");
const size_t out_len = maxoutput > 0
? maxoutput
: ((size * 2) + ((size / bytes_per_hexblock) *
separator_len) + 2);
struct buffer out = alloc_buf_gc(out_len, gc);
- for (int i = 0; i < size; ++i)
+ for (size_t i = 0; i < size; ++i)
{
if (separator && i && !(i % bytes_per_hexblock))
{
diff --git a/src/openvpn/buffer.h b/src/openvpn/buffer.h
index 148cee0..ab2a29d 100644
--- a/src/openvpn/buffer.h
+++ b/src/openvpn/buffer.h
@@ -496,11 +496,11 @@
*/
#define FHE_SPACE_BREAK_MASK 0xFF /* space_break parameter in lower 8 bits */
#define FHE_CAPS 0x100 /* output hex in caps */
-char *format_hex_ex(const uint8_t *data, int size, int maxoutput, unsigned int
space_break_flags,
+char *format_hex_ex(const uint8_t *data, size_t size, size_t maxoutput,
unsigned int space_break_flags,
const char *separator, struct gc_arena *gc);
static inline char *
-format_hex(const uint8_t *data, int size, int maxoutput, struct gc_arena *gc)
+format_hex(const uint8_t *data, size_t size, size_t maxoutput, struct gc_arena
*gc)
{
return format_hex_ex(data, size, maxoutput, 4, " ", gc);
}
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 22a1f52..4841837 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -1829,11 +1829,6 @@
return len;
}
-#if defined(__GNUC__) || defined(__clang__)
-#pragma GCC diagnostic push
-#pragma GCC diagnostic ignored "-Wconversion"
-#endif
-
static char *
read_string_alloc(struct buffer *buf)
{
@@ -2174,15 +2169,15 @@
{
if (session->opt->ekm_size > 0)
{
- unsigned int size = session->opt->ekm_size;
+ const size_t size = session->opt->ekm_size;
struct gc_arena gc = gc_new();
- unsigned char *ekm = gc_malloc(session->opt->ekm_size, true, &gc);
+ unsigned char *ekm = gc_malloc(size, true, &gc);
if (key_state_export_keying_material(session, session->opt->ekm_label,
session->opt->ekm_label_size, ekm,
session->opt->ekm_size))
{
- unsigned int len = (size * 2) + 2;
+ const size_t len = (size * 2) + 2;
const char *key = format_hex_ex(ekm, size, len, 0, NULL, &gc);
setenv_str(session->opt->es, "exported_keying_material", key);
@@ -2199,6 +2194,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* Handle reading key data, peer-info, username/password, OCC
* from the TLS control channel (cleartext).
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1301?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings?usp=email
Gerrit-MessageType: newpatchset
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Id7bacec23edc6dcd94465c308ea2144c7329a0c1
Gerrit-Change-Number: 1301
Gerrit-PatchSet: 7
Gerrit-Owner: flichtenheld <[email protected]>
Gerrit-Reviewer: cron2 <[email protected]>
Gerrit-Reviewer: plaisthos <[email protected]>
Gerrit-CC: openvpn-devel <[email protected]>
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
