Menu
▾
▴
openvpn-devel
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-09-03 10:21:37
|
Attention is currently required from: plaisthos.
Hello plaisthos,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/1168?usp=email
to review the following change.
Change subject: Enable -Wconversion -Wno-sign-conversion by default
......................................................................
Enable -Wconversion -Wno-sign-conversion by default
Grand-father all known locations of existing errors,
so that -Werror builds still pass and we do not spam
build logs.
Still, this should give us a much better roadmap to
work on these issues one by one while still enabling
the warnings for a lot of code-paths.
In general I did go for least amount of pragmas, so
usually there is only one override per file, covering
ALL of the failures in that file. While this protects
a lot of code that doesn't need it, it also cut down
the amount of pragmas by a lot.
This does cover gcc builds including mingw and clang
builds. Does not cover MSVC.
Once the amount of issues has been suitable reduced
more warnings could be enabled.
Change-Id: Iad5b00c35a1f1993b1fa99e8b945ab17b230ef59
Signed-off-by: Frank Lichtenheld <fr...@li...>
---
M CMakeLists.txt
M configure.ac
M src/openvpn/base64.c
M src/openvpn/buffer.h
M src/openvpn/comp-lz4.c
M src/openvpn/console_builtin.c
M src/openvpn/crypto.c
M src/openvpn/crypto_epoch.c
M src/openvpn/crypto_mbedtls.c
M src/openvpn/crypto_openssl.c
M src/openvpn/cryptoapi.c
M src/openvpn/dco.c
M src/openvpn/dco_linux.c
M src/openvpn/dco_win.c
M src/openvpn/dhcp.c
M src/openvpn/event.c
M src/openvpn/forward.c
M src/openvpn/gremlin.c
M src/openvpn/httpdigest.c
M src/openvpn/init.c
M src/openvpn/interval.c
M src/openvpn/lzo.c
M src/openvpn/manage.c
M src/openvpn/mbuf.c
M src/openvpn/misc.c
M src/openvpn/mroute.c
M src/openvpn/mtcp.c
M src/openvpn/mtu.c
M src/openvpn/mudp.c
M src/openvpn/multi.c
M src/openvpn/networking_sitnl.c
M src/openvpn/ntlm.c
M src/openvpn/occ.c
M src/openvpn/openssl_compat.h
M src/openvpn/options.c
M src/openvpn/options_util.c
M src/openvpn/otime.c
M src/openvpn/otime.h
M src/openvpn/packet_id.c
M src/openvpn/packet_id.h
M src/openvpn/pkcs11.c
M src/openvpn/pkcs11_openssl.c
M src/openvpn/proxy.c
M src/openvpn/ps.c
M src/openvpn/push.c
M src/openvpn/push_util.c
M src/openvpn/reliable.c
M src/openvpn/schedule.c
M src/openvpn/socket.c
M src/openvpn/socks.c
M src/openvpn/ssl.c
M src/openvpn/ssl_mbedtls.c
M src/openvpn/ssl_ncp.c
M src/openvpn/ssl_openssl.c
M src/openvpn/ssl_pkt.c
M src/openvpn/ssl_util.c
M src/openvpn/ssl_verify.c
M src/openvpn/ssl_verify_mbedtls.c
M src/openvpn/ssl_verify_openssl.c
M src/openvpn/status.c
M src/openvpn/tls_crypt.c
M src/openvpn/tun.c
M src/openvpn/win32.c
M src/openvpnserv/interactive.c
M tests/unit_tests/openvpn/test_crypto.c
M tests/unit_tests/openvpn/test_misc.c
66 files changed, 585 insertions(+), 4 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/68/1168/1
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 35513e9..8e93653 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -113,8 +113,7 @@
check_and_add_compiler_flag(-Wno-stringop-truncation NoStringOpTruncation)
check_and_add_compiler_flag(-Wstrict-prototypes StrictPrototypes)
check_and_add_compiler_flag(-Wold-style-definition OldStyleDefinition)
- # We are not ready for this
- #add_compile_options(-Wconversion -Wno-sign-conversion -Wsign-compare)
+ add_compile_options(-Wconversion -Wno-sign-conversion)
if (USE_WERROR)
add_compile_options(-Werror)
endif ()
diff --git a/configure.ac b/configure.ac
index 7059871..957205e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1396,6 +1396,7 @@
ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-stringop-truncation])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wstrict-prototypes])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wold-style-definition])
+ACL_CHECK_ADD_COMPILE_FLAGS([-Wconversion -Wno-sign-conversion])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wall])
if test "${enable_pedantic}" = "yes"; then
diff --git a/src/openvpn/base64.c b/src/openvpn/base64.c
index 54d5b79..2a5a46d 100644
--- a/src/openvpn/base64.c
+++ b/src/openvpn/base64.c
@@ -41,6 +41,11 @@
#include "memdbg.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static char base64_chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
/*
* base64 encode input data of length size to malloced
@@ -197,3 +202,7 @@
}
return q - (unsigned char *)data;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/buffer.h b/src/openvpn/buffer.h
index 1405667..11a91be 100644
--- a/src/openvpn/buffer.h
+++ b/src/openvpn/buffer.h
@@ -119,7 +119,6 @@
struct gc_entry_special *list_special;
};
-
#define BPTR(buf) (buf_bptr(buf))
#define BEND(buf) (buf_bend(buf))
#define BLAST(buf) (buf_blast(buf))
diff --git a/src/openvpn/comp-lz4.c b/src/openvpn/comp-lz4.c
index 6736469..a78c664 100644
--- a/src/openvpn/comp-lz4.c
+++ b/src/openvpn/comp-lz4.c
@@ -88,6 +88,11 @@
compv2_escape_data_ifneeded(buf);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
do_lz4_decompress(size_t zlen_max, struct buffer *work, struct buffer *buf,
struct compress_context *compctx)
@@ -113,6 +118,10 @@
*buf = *work;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
lz4_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx,
const struct frame *frame)
diff --git a/src/openvpn/console_builtin.c b/src/openvpn/console_builtin.c
index b0228dd..71c0025 100644
--- a/src/openvpn/console_builtin.c
+++ b/src/openvpn/console_builtin.c
@@ -45,6 +45,11 @@
#include "win32.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* Get input from a Windows console.
*
@@ -134,6 +139,10 @@
return false;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* _WIN32 */
@@ -264,6 +273,10 @@
return ret;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
/**
* @copydoc query_user_exec()
@@ -296,3 +309,7 @@
return ret;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index a63e543..804d2ad 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -186,6 +186,11 @@
return;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
openvpn_encrypt_v1(struct buffer *buf, struct buffer work, struct crypto_options *opt)
{
@@ -1532,6 +1537,10 @@
gc_free(&gc);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
write_key_file(const int nkeys, const char *filename)
{
diff --git a/src/openvpn/crypto_epoch.c b/src/openvpn/crypto_epoch.c
index b5cbc8d..7026ff8 100644
--- a/src/openvpn/crypto_epoch.c
+++ b/src/openvpn/crypto_epoch.c
@@ -72,6 +72,11 @@
hmac_ctx_free(hmac_ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
ovpn_expand_label(const uint8_t *secret, size_t secret_len, const uint8_t *label, size_t label_len,
const uint8_t *context, size_t context_len, uint8_t *out, uint16_t out_len)
@@ -163,6 +168,10 @@
key->epoch = epoch_key->epoch;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
epoch_init_send_key_ctx(struct crypto_options *co)
{
diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c
index 86317dd..40978d9 100644
--- a/src/openvpn/crypto_mbedtls.c
+++ b/src/openvpn/crypto_mbedtls.c
@@ -230,6 +230,11 @@
"available\n");
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
crypto_pem_encode(const char *name, struct buffer *dst, const struct buffer *src,
struct gc_arena *gc)
@@ -760,6 +765,9 @@
return 1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
/*
*
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index 4fb6393..d82269c 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -895,6 +895,10 @@
return EVP_CIPHER_CTX_mode(ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
bool
cipher_ctx_mode_cbc(const cipher_ctx_t *ctx)
@@ -999,6 +1003,9 @@
return cipher_ctx_final(ctx, dst, dst_len);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
/*
*
diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c
index d91d9a1..bba6ed2 100644
--- a/src/openvpn/cryptoapi.c
+++ b/src/openvpn/cryptoapi.c
@@ -62,7 +62,7 @@
return 0;
}
-#else /* HAVE_XKEY_PROVIDER */
+#else /* HAVE_XKEY_PROVIDER */
static XKEY_EXTERNAL_SIGN_fn xkey_cng_sign;
@@ -342,6 +342,11 @@
return rv;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/** Sign hash in tbs using EC key in cd and NCryptSignHash */
static int
xkey_cng_ec_sign(CAPI_DATA *cd, unsigned char *sig, size_t *siglen, const unsigned char *tbs,
@@ -438,6 +443,10 @@
return (*siglen > 0);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/** Dispatch sign op to xkey_cng_<rsa/ec>_sign */
static int
xkey_cng_sign(void *handle, unsigned char *sig, size_t *siglen, const unsigned char *tbs,
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 1abebbb..fc45e67 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -491,6 +491,11 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
dco_p2p_add_new_peer(struct context *c)
{
@@ -645,6 +650,10 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
dco_install_iroute(struct multi_context *m, struct multi_instance *mi, struct mroute_addr *addr)
{
diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c
index 40674e7..3b08f33 100644
--- a/src/openvpn/dco_linux.c
+++ b/src/openvpn/dco_linux.c
@@ -62,6 +62,11 @@
typedef int (*ovpn_nl_cb)(struct nl_msg *msg, void *arg);
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* @brief resolves the netlink ID for ovpn-dco
*
@@ -1298,4 +1303,8 @@
return "AES-128-GCM:AES-256-GCM:AES-192-GCM:CHACHA20-POLY1305";
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* defined(ENABLE_DCO) && defined(TARGET_LINUX) */
diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c
index 01ba017..1dc5cf8 100644
--- a/src/openvpn/dco_win.c
+++ b/src/openvpn/dco_win.c
@@ -525,6 +525,11 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
dco_new_key(dco_context_t *dco, unsigned int peerid, int keyid, dco_key_slot_t slot,
const uint8_t *encrypt_key, const uint8_t *encrypt_iv, const uint8_t *decrypt_key,
@@ -564,6 +569,11 @@
}
return 0;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
dco_del_key(dco_context_t *dco, unsigned int peerid, dco_key_slot_t slot)
{
diff --git a/src/openvpn/dhcp.c b/src/openvpn/dhcp.c
index 7abade5..38e8d40 100644
--- a/src/openvpn/dhcp.c
+++ b/src/openvpn/dhcp.c
@@ -72,6 +72,11 @@
return -1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static in_addr_t
do_extract(struct dhcp *dhcp, int optlen)
{
@@ -185,3 +190,7 @@
}
return 0;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/event.c b/src/openvpn/event.c
index 581bdbb..2f60b78 100644
--- a/src/openvpn/event.c
+++ b/src/openvpn/event.c
@@ -65,6 +65,11 @@
#define SELECT_MAX_FDS 256
#endif
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline int
tv_to_ms_timeout(const struct timeval *tv)
{
@@ -78,6 +83,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#ifdef _WIN32
struct we_set
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 03b6a0c..5dc244a 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -367,6 +367,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
send_control_channel_string_dowork(struct tls_session *session, const char *str, int msglevel)
{
@@ -1965,6 +1970,10 @@
perf_pop();
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
pre_select(struct context *c)
{
diff --git a/src/openvpn/gremlin.c b/src/openvpn/gremlin.c
index e6ebbef..0e5e93f 100644
--- a/src/openvpn/gremlin.c
+++ b/src/openvpn/gremlin.c
@@ -98,6 +98,11 @@
return (get_random() % n) == 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Return uniformly distributed random number between
* low and high.
@@ -229,4 +234,9 @@
}
}
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* ifdef ENABLE_DEBUG */
diff --git a/src/openvpn/httpdigest.c b/src/openvpn/httpdigest.c
index be20638..f665b17 100644
--- a/src/openvpn/httpdigest.c
+++ b/src/openvpn/httpdigest.c
@@ -61,6 +61,11 @@
Hex[HASHHEXLEN] = '\0';
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/* calculate H(A1) as per spec */
void
DigestCalcHA1(IN char *pszAlg, IN char *pszUserName, IN char *pszRealm, IN char *pszPassword,
@@ -145,4 +150,8 @@
CvtHex(RespHash, Response);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* if PROXY_DIGEST_AUTH */
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 39ea8e4..fcb3365 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -455,6 +455,11 @@
}
#endif /* ENABLE_MANAGEMENT */
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Initialize and possibly randomize the connection list.
*
@@ -3490,6 +3495,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* No encryption or authentication.
*/
diff --git a/src/openvpn/interval.c b/src/openvpn/interval.c
index 2b35314..fbefcd9 100644
--- a/src/openvpn/interval.c
+++ b/src/openvpn/interval.c
@@ -38,6 +38,11 @@
top->horizon = horizon;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
event_timeout_trigger(struct event_timeout *et, struct timeval *tv, const int et_const_retry)
{
@@ -77,3 +82,7 @@
}
return ret;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/lzo.c b/src/openvpn/lzo.c
index 3a73d5f..8daaec0 100644
--- a/src/openvpn/lzo.c
+++ b/src/openvpn/lzo.c
@@ -72,6 +72,11 @@
*header = NO_COMPRESS_BYTE;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
lzo_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx,
const struct frame *frame)
@@ -121,6 +126,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
const struct compress_alg lzo_alg = { "lzo", lzo_compress_init, lzo_compress_uninit, lzo_compress,
lzo_decompress };
#endif /* ENABLE_LZO */
diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index 5b2a7de..207247e 100644
--- a/src/openvpn/manage.c
+++ b/src/openvpn/manage.c
@@ -203,6 +203,11 @@
return man->settings.up.defined && !man->connection.password_verified;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
man_check_password(struct management *man, const char *line)
{
@@ -4172,6 +4177,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#else /* ifdef ENABLE_MANAGEMENT */
#include "win32.h"
diff --git a/src/openvpn/mbuf.c b/src/openvpn/mbuf.c
index 0750fec..448124c 100644
--- a/src/openvpn/mbuf.c
+++ b/src/openvpn/mbuf.c
@@ -34,6 +34,11 @@
#include "memdbg.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
struct mbuf_set *
mbuf_init(unsigned int size)
{
@@ -44,6 +49,10 @@
return ret;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
mbuf_free(struct mbuf_set *ms)
{
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index 59bf52b..e0fddac 100644
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -105,6 +105,11 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* Parses an authentication challenge string and returns an auth_challenge_info structure.
* The authentication challenge string should follow the dynamic challenge/response protocol.
@@ -461,6 +466,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
purge_user_pass(struct user_pass *up, const bool force)
{
diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c
index ab01874..88ea647 100644
--- a/src/openvpn/mroute.c
+++ b/src/openvpn/mroute.c
@@ -103,6 +103,11 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline void
mroute_get_in_addr_t(struct mroute_addr *ma, const in_addr_t src, unsigned int mask)
{
@@ -547,6 +552,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
mroute_helper_free(struct mroute_helper *mh)
{
diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c
index 81310a2..83edec6 100644
--- a/src/openvpn/mtcp.c
+++ b/src/openvpn/mtcp.c
@@ -45,6 +45,11 @@
unsigned int sock;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
struct multi_instance *
multi_create_instance_tcp(struct multi_context *m, struct link_socket *sock)
{
@@ -120,6 +125,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
multi_tcp_instance_specific_free(struct multi_instance *mi)
{
diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c
index a419e32..1e021e3 100644
--- a/src/openvpn/mtu.c
+++ b/src/openvpn/mtu.c
@@ -280,6 +280,11 @@
struct timeval tv;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
const char *
format_extended_socket_error(int fd, int *mtu, struct gc_arena *gc)
{
@@ -389,6 +394,10 @@
return BSTR(&out);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
set_sock_extended_error_passing(int sd, sa_family_t proto_af)
{
diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c
index 31134be..a373a6a 100644
--- a/src/openvpn/mudp.c
+++ b/src/openvpn/mudp.c
@@ -180,6 +180,11 @@
return false;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Get a client instance based on real address. If
* the instance doesn't exist, create it while
@@ -310,6 +315,10 @@
return mi;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* Send a packet to UDP socket.
*/
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index f1abdbe..053e779 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -279,6 +279,11 @@
}
#endif
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Main initialization function, init multi_context object.
*/
@@ -3986,6 +3991,10 @@
return count;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
management_delete_event(void *arg, event_t event)
{
diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c
index 4210e92..168401f 100644
--- a/src/openvpn/networking_sitnl.c
+++ b/src/openvpn/networking_sitnl.c
@@ -130,6 +130,11 @@
inet_address_t gw;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* Helper function used to easily add attributes to a rtnl message
*/
@@ -1461,6 +1466,10 @@
return sitnl_send(&req.n, 0, 0, NULL, NULL);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* !ENABLE_SITNL */
#endif /* TARGET_LINUX */
diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c
index c2a93e8..521677b 100644
--- a/src/openvpn/ntlm.c
+++ b/src/openvpn/ntlm.c
@@ -74,6 +74,11 @@
hmac_ctx_free(hmac_ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
gen_timestamp(uint8_t *timestamp)
{
@@ -383,4 +388,8 @@
return ((const char *)make_base64_string2((unsigned char *)phase3, phase3_bufpos, gc));
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
#endif /* if NTLM */
diff --git a/src/openvpn/occ.c b/src/openvpn/occ.c
index 8821a06..78013ae 100644
--- a/src/openvpn/occ.c
+++ b/src/openvpn/occ.c
@@ -174,6 +174,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
void
check_send_occ_load_test_dowork(struct context *c)
{
@@ -347,6 +352,10 @@
c->c2.occ_op = -1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
process_received_occ_msg(struct context *c)
{
diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h
index 143a3cf..6607f2d 100644
--- a/src/openvpn/openssl_compat.h
+++ b/src/openvpn/openssl_compat.h
@@ -194,12 +194,21 @@
LIBRESSL_VERSION_NUMBER > 0x3050400fL) */
#if OPENSSL_VERSION_NUMBER < 0x30200000L && OPENSSL_VERSION_NUMBER >= 0x30000000L
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline const char *
SSL_get0_group_name(SSL *s)
{
int nid = SSL_get_negotiated_group(s);
return SSL_group_to_name(s, nid);
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
#endif
#endif /* OPENSSL_COMPAT_H_ */
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index a268b92..1ed5966 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -1158,6 +1158,11 @@
return get_ipv6_addr(ipv6_prefix_spec, &t_addr, &t_bits, M_WARN);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static char *
string_substitute(const char *src, int from, int to, struct gc_arena *gc)
{
@@ -9908,6 +9913,10 @@
gc_free(&gc);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
bool
has_udp_in_local_list(const struct options *options)
{
diff --git a/src/openvpn/options_util.c b/src/openvpn/options_util.c
index be1eefc..15a1c0c 100644
--- a/src/openvpn/options_util.c
+++ b/src/openvpn/options_util.c
@@ -146,6 +146,11 @@
return (int)i;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
atoi_constrained(const char *str, int *value, const char *name, int min, int max, int msglevel)
{
@@ -177,6 +182,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static const char *updatable_options[] = { "block-ipv6", "block-outside-dns",
"dhcp-option", "dns",
"ifconfig", "ifconfig-ipv6",
diff --git a/src/openvpn/otime.c b/src/openvpn/otime.c
index 717f749..d9bf157 100644
--- a/src/openvpn/otime.c
+++ b/src/openvpn/otime.c
@@ -100,6 +100,11 @@
/* format a time_t as ascii, or use current time if 0 */
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
const char *
time_string(time_t t, long usec, bool show_usec, struct gc_arena *gc)
{
@@ -130,6 +135,10 @@
return BSTR(&out);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* Limit the frequency of an event stream.
*
diff --git a/src/openvpn/otime.h b/src/openvpn/otime.h
index 5c700bb..108d0f2 100644
--- a/src/openvpn/otime.h
+++ b/src/openvpn/otime.h
@@ -59,6 +59,11 @@
extern time_t now_usec;
void update_now_usec(struct timeval *tv);
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline int
openvpn_gettimeofday(struct timeval *tv, void *tz)
{
@@ -236,6 +241,10 @@
dest->tv_usec = usec;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#define TV_WITHIN_SIGMA_MAX_SEC 600
#define TV_WITHIN_SIGMA_MAX_USEC (TV_WITHIN_SIGMA_MAX_SEC * 1000000)
diff --git a/src/openvpn/packet_id.c b/src/openvpn/packet_id.c
index 09696db..0b33c9c 100644
--- a/src/openvpn/packet_id.c
+++ b/src/openvpn/packet_id.c
@@ -71,6 +71,11 @@
#endif
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
packet_id_init_recv(struct packet_id_rec *rec, int seq_backtrack, int time_backtrack,
const char *name, int unit)
@@ -662,6 +667,10 @@
return epoch;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
bool
packet_id_write_epoch(struct packet_id_send *p, uint16_t epoch, struct buffer *buf)
{
diff --git a/src/openvpn/packet_id.h b/src/openvpn/packet_id.h
index a7eb256..e9d3647 100644
--- a/src/openvpn/packet_id.h
+++ b/src/openvpn/packet_id.h
@@ -280,6 +280,11 @@
return p->fd >= 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/* transfer packet_id -> packet_id_persist */
static inline void
packet_id_persist_save_obj(struct packet_id_persist *p, const struct packet_id *pid)
@@ -291,6 +296,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/**
* Reset the current send packet id to its initial state.
* Use very carefully (e.g. in the standalone reset packet context) to
diff --git a/src/openvpn/pkcs11.c b/src/openvpn/pkcs11.c
index dfc87f6..25071e2 100644
--- a/src/openvpn/pkcs11.c
+++ b/src/openvpn/pkcs11.c
@@ -426,6 +426,11 @@
return count;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
pkcs11_management_id_get(const int index, char **id, char **base64)
{
@@ -558,6 +563,10 @@
return success;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
tls_ctx_use_pkcs11(struct tls_root_ctx *const ssl_ctx, bool pkcs11_id_management,
const char *const pkcs11_id)
diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11_openssl.c
index a912747..70349aa 100644
--- a/src/openvpn/pkcs11_openssl.c
+++ b/src/openvpn/pkcs11_openssl.c
@@ -428,6 +428,11 @@
return dn;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
pkcs11_certificate_serial(pkcs11h_certificate_t certificate, char *serial, size_t serial_len)
{
@@ -468,4 +473,9 @@
return ret;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* defined(ENABLE_PKCS11) && defined(ENABLE_OPENSSL) */
diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c
index 054cc79..f19dc44 100644
--- a/src/openvpn/proxy.c
+++ b/src/openvpn/proxy.c
@@ -54,6 +54,11 @@
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/* cached proxy username/password */
static struct user_pass static_proxy_user_pass;
@@ -1063,3 +1068,7 @@
gc_free(&gc);
return ret;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/ps.c b/src/openvpn/ps.c
index eae03e3..4286482 100644
--- a/src/openvpn/ps.c
+++ b/src/openvpn/ps.c
@@ -327,6 +327,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pr...
[truncated message content] |
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-09-03 16:19:19
|
Attention is currently required from: plaisthos.
Hello plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1168?usp=email
to look at the new patch set (#2).
Change subject: Enable -Wconversion -Wno-sign-conversion by default
......................................................................
Enable -Wconversion -Wno-sign-conversion by default
Grand-father all known locations of existing errors,
so that -Werror builds still pass and we do not spam
build logs.
Still, this should give us a much better roadmap to
work on these issues one by one while still enabling
the warnings for a lot of code-paths.
In general I did go for least amount of pragmas, so
usually there is only one override per file, covering
ALL of the failures in that file. While this protects
a lot of code that doesn't need it, it also cut down
the amount of pragmas by a lot.
This does cover gcc builds including mingw and clang
builds. Does not cover MSVC.
Once the amount of issues has been suitable reduced
more warnings could be enabled.
Change-Id: Iad5b00c35a1f1993b1fa99e8b945ab17b230ef59
Signed-off-by: Frank Lichtenheld <fr...@li...>
---
M CMakeLists.txt
M configure.ac
M src/openvpn/base64.c
M src/openvpn/buffer.h
M src/openvpn/comp-lz4.c
M src/openvpn/console_builtin.c
M src/openvpn/crypto.c
M src/openvpn/crypto_epoch.c
M src/openvpn/crypto_mbedtls.c
M src/openvpn/crypto_openssl.c
M src/openvpn/cryptoapi.c
M src/openvpn/dco.c
M src/openvpn/dco_freebsd.c
M src/openvpn/dco_linux.c
M src/openvpn/dco_win.c
M src/openvpn/dhcp.c
M src/openvpn/event.c
M src/openvpn/forward.c
M src/openvpn/gremlin.c
M src/openvpn/httpdigest.c
M src/openvpn/init.c
M src/openvpn/interval.c
M src/openvpn/lzo.c
M src/openvpn/manage.c
M src/openvpn/mbuf.c
M src/openvpn/misc.c
M src/openvpn/mroute.c
M src/openvpn/mtcp.c
M src/openvpn/mtu.c
M src/openvpn/mudp.c
M src/openvpn/multi.c
M src/openvpn/networking_sitnl.c
M src/openvpn/ntlm.c
M src/openvpn/occ.c
M src/openvpn/openssl_compat.h
M src/openvpn/options.c
M src/openvpn/options_util.c
M src/openvpn/otime.c
M src/openvpn/otime.h
M src/openvpn/packet_id.c
M src/openvpn/packet_id.h
M src/openvpn/pkcs11.c
M src/openvpn/pkcs11_openssl.c
M src/openvpn/proxy.c
M src/openvpn/ps.c
M src/openvpn/push.c
M src/openvpn/push_util.c
M src/openvpn/reliable.c
M src/openvpn/schedule.c
M src/openvpn/socket.c
M src/openvpn/socks.c
M src/openvpn/ssl.c
M src/openvpn/ssl_mbedtls.c
M src/openvpn/ssl_ncp.c
M src/openvpn/ssl_openssl.c
M src/openvpn/ssl_pkt.c
M src/openvpn/ssl_util.c
M src/openvpn/ssl_verify.c
M src/openvpn/ssl_verify_mbedtls.c
M src/openvpn/ssl_verify_openssl.c
M src/openvpn/status.c
M src/openvpn/tls_crypt.c
M src/openvpn/tun.c
M src/openvpn/win32.c
M src/openvpnserv/interactive.c
M tests/unit_tests/openvpn/test_crypto.c
M tests/unit_tests/openvpn/test_misc.c
67 files changed, 594 insertions(+), 4 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/68/1168/2
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 35513e9..8e93653 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -113,8 +113,7 @@
check_and_add_compiler_flag(-Wno-stringop-truncation NoStringOpTruncation)
check_and_add_compiler_flag(-Wstrict-prototypes StrictPrototypes)
check_and_add_compiler_flag(-Wold-style-definition OldStyleDefinition)
- # We are not ready for this
- #add_compile_options(-Wconversion -Wno-sign-conversion -Wsign-compare)
+ add_compile_options(-Wconversion -Wno-sign-conversion)
if (USE_WERROR)
add_compile_options(-Werror)
endif ()
diff --git a/configure.ac b/configure.ac
index 7059871..957205e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1396,6 +1396,7 @@
ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-stringop-truncation])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wstrict-prototypes])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wold-style-definition])
+ACL_CHECK_ADD_COMPILE_FLAGS([-Wconversion -Wno-sign-conversion])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wall])
if test "${enable_pedantic}" = "yes"; then
diff --git a/src/openvpn/base64.c b/src/openvpn/base64.c
index 54d5b79..2a5a46d 100644
--- a/src/openvpn/base64.c
+++ b/src/openvpn/base64.c
@@ -41,6 +41,11 @@
#include "memdbg.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static char base64_chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
/*
* base64 encode input data of length size to malloced
@@ -197,3 +202,7 @@
}
return q - (unsigned char *)data;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/buffer.h b/src/openvpn/buffer.h
index 1405667..11a91be 100644
--- a/src/openvpn/buffer.h
+++ b/src/openvpn/buffer.h
@@ -119,7 +119,6 @@
struct gc_entry_special *list_special;
};
-
#define BPTR(buf) (buf_bptr(buf))
#define BEND(buf) (buf_bend(buf))
#define BLAST(buf) (buf_blast(buf))
diff --git a/src/openvpn/comp-lz4.c b/src/openvpn/comp-lz4.c
index 6736469..a78c664 100644
--- a/src/openvpn/comp-lz4.c
+++ b/src/openvpn/comp-lz4.c
@@ -88,6 +88,11 @@
compv2_escape_data_ifneeded(buf);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
do_lz4_decompress(size_t zlen_max, struct buffer *work, struct buffer *buf,
struct compress_context *compctx)
@@ -113,6 +118,10 @@
*buf = *work;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
lz4_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx,
const struct frame *frame)
diff --git a/src/openvpn/console_builtin.c b/src/openvpn/console_builtin.c
index b0228dd..71c0025 100644
--- a/src/openvpn/console_builtin.c
+++ b/src/openvpn/console_builtin.c
@@ -45,6 +45,11 @@
#include "win32.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* Get input from a Windows console.
*
@@ -134,6 +139,10 @@
return false;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* _WIN32 */
@@ -264,6 +273,10 @@
return ret;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
/**
* @copydoc query_user_exec()
@@ -296,3 +309,7 @@
return ret;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index a63e543..804d2ad 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -186,6 +186,11 @@
return;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
openvpn_encrypt_v1(struct buffer *buf, struct buffer work, struct crypto_options *opt)
{
@@ -1532,6 +1537,10 @@
gc_free(&gc);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
write_key_file(const int nkeys, const char *filename)
{
diff --git a/src/openvpn/crypto_epoch.c b/src/openvpn/crypto_epoch.c
index b5cbc8d..7026ff8 100644
--- a/src/openvpn/crypto_epoch.c
+++ b/src/openvpn/crypto_epoch.c
@@ -72,6 +72,11 @@
hmac_ctx_free(hmac_ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
ovpn_expand_label(const uint8_t *secret, size_t secret_len, const uint8_t *label, size_t label_len,
const uint8_t *context, size_t context_len, uint8_t *out, uint16_t out_len)
@@ -163,6 +168,10 @@
key->epoch = epoch_key->epoch;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
epoch_init_send_key_ctx(struct crypto_options *co)
{
diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c
index 86317dd..40978d9 100644
--- a/src/openvpn/crypto_mbedtls.c
+++ b/src/openvpn/crypto_mbedtls.c
@@ -230,6 +230,11 @@
"available\n");
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
crypto_pem_encode(const char *name, struct buffer *dst, const struct buffer *src,
struct gc_arena *gc)
@@ -760,6 +765,9 @@
return 1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
/*
*
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index 4fb6393..d82269c 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -895,6 +895,10 @@
return EVP_CIPHER_CTX_mode(ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
bool
cipher_ctx_mode_cbc(const cipher_ctx_t *ctx)
@@ -999,6 +1003,9 @@
return cipher_ctx_final(ctx, dst, dst_len);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
/*
*
diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c
index d91d9a1..bba6ed2 100644
--- a/src/openvpn/cryptoapi.c
+++ b/src/openvpn/cryptoapi.c
@@ -62,7 +62,7 @@
return 0;
}
-#else /* HAVE_XKEY_PROVIDER */
+#else /* HAVE_XKEY_PROVIDER */
static XKEY_EXTERNAL_SIGN_fn xkey_cng_sign;
@@ -342,6 +342,11 @@
return rv;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/** Sign hash in tbs using EC key in cd and NCryptSignHash */
static int
xkey_cng_ec_sign(CAPI_DATA *cd, unsigned char *sig, size_t *siglen, const unsigned char *tbs,
@@ -438,6 +443,10 @@
return (*siglen > 0);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/** Dispatch sign op to xkey_cng_<rsa/ec>_sign */
static int
xkey_cng_sign(void *handle, unsigned char *sig, size_t *siglen, const unsigned char *tbs,
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 1abebbb..fc45e67 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -491,6 +491,11 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
dco_p2p_add_new_peer(struct context *c)
{
@@ -645,6 +650,10 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
dco_install_iroute(struct multi_context *m, struct multi_instance *mi, struct mroute_addr *addr)
{
diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c
index 931f9f6..0bdad14 100644
--- a/src/openvpn/dco_freebsd.c
+++ b/src/openvpn/dco_freebsd.c
@@ -72,6 +72,11 @@
return (nvl);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static bool
nvlist_to_sockaddr(const nvlist_t *nvl, struct sockaddr_storage *ss)
{
@@ -854,6 +859,10 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err)
{
diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c
index 40674e7..3b08f33 100644
--- a/src/openvpn/dco_linux.c
+++ b/src/openvpn/dco_linux.c
@@ -62,6 +62,11 @@
typedef int (*ovpn_nl_cb)(struct nl_msg *msg, void *arg);
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* @brief resolves the netlink ID for ovpn-dco
*
@@ -1298,4 +1303,8 @@
return "AES-128-GCM:AES-256-GCM:AES-192-GCM:CHACHA20-POLY1305";
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* defined(ENABLE_DCO) && defined(TARGET_LINUX) */
diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c
index 01ba017..1dc5cf8 100644
--- a/src/openvpn/dco_win.c
+++ b/src/openvpn/dco_win.c
@@ -525,6 +525,11 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
dco_new_key(dco_context_t *dco, unsigned int peerid, int keyid, dco_key_slot_t slot,
const uint8_t *encrypt_key, const uint8_t *encrypt_iv, const uint8_t *decrypt_key,
@@ -564,6 +569,11 @@
}
return 0;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
dco_del_key(dco_context_t *dco, unsigned int peerid, dco_key_slot_t slot)
{
diff --git a/src/openvpn/dhcp.c b/src/openvpn/dhcp.c
index 7abade5..38e8d40 100644
--- a/src/openvpn/dhcp.c
+++ b/src/openvpn/dhcp.c
@@ -72,6 +72,11 @@
return -1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static in_addr_t
do_extract(struct dhcp *dhcp, int optlen)
{
@@ -185,3 +190,7 @@
}
return 0;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/event.c b/src/openvpn/event.c
index 581bdbb..2f60b78 100644
--- a/src/openvpn/event.c
+++ b/src/openvpn/event.c
@@ -65,6 +65,11 @@
#define SELECT_MAX_FDS 256
#endif
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline int
tv_to_ms_timeout(const struct timeval *tv)
{
@@ -78,6 +83,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#ifdef _WIN32
struct we_set
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 03b6a0c..5dc244a 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -367,6 +367,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
send_control_channel_string_dowork(struct tls_session *session, const char *str, int msglevel)
{
@@ -1965,6 +1970,10 @@
perf_pop();
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
pre_select(struct context *c)
{
diff --git a/src/openvpn/gremlin.c b/src/openvpn/gremlin.c
index e6ebbef..0e5e93f 100644
--- a/src/openvpn/gremlin.c
+++ b/src/openvpn/gremlin.c
@@ -98,6 +98,11 @@
return (get_random() % n) == 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Return uniformly distributed random number between
* low and high.
@@ -229,4 +234,9 @@
}
}
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* ifdef ENABLE_DEBUG */
diff --git a/src/openvpn/httpdigest.c b/src/openvpn/httpdigest.c
index be20638..f665b17 100644
--- a/src/openvpn/httpdigest.c
+++ b/src/openvpn/httpdigest.c
@@ -61,6 +61,11 @@
Hex[HASHHEXLEN] = '\0';
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/* calculate H(A1) as per spec */
void
DigestCalcHA1(IN char *pszAlg, IN char *pszUserName, IN char *pszRealm, IN char *pszPassword,
@@ -145,4 +150,8 @@
CvtHex(RespHash, Response);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* if PROXY_DIGEST_AUTH */
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 39ea8e4..fcb3365 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -455,6 +455,11 @@
}
#endif /* ENABLE_MANAGEMENT */
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Initialize and possibly randomize the connection list.
*
@@ -3490,6 +3495,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* No encryption or authentication.
*/
diff --git a/src/openvpn/interval.c b/src/openvpn/interval.c
index 2b35314..fbefcd9 100644
--- a/src/openvpn/interval.c
+++ b/src/openvpn/interval.c
@@ -38,6 +38,11 @@
top->horizon = horizon;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
event_timeout_trigger(struct event_timeout *et, struct timeval *tv, const int et_const_retry)
{
@@ -77,3 +82,7 @@
}
return ret;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/lzo.c b/src/openvpn/lzo.c
index 3a73d5f..8daaec0 100644
--- a/src/openvpn/lzo.c
+++ b/src/openvpn/lzo.c
@@ -72,6 +72,11 @@
*header = NO_COMPRESS_BYTE;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
lzo_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx,
const struct frame *frame)
@@ -121,6 +126,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
const struct compress_alg lzo_alg = { "lzo", lzo_compress_init, lzo_compress_uninit, lzo_compress,
lzo_decompress };
#endif /* ENABLE_LZO */
diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index 5b2a7de..207247e 100644
--- a/src/openvpn/manage.c
+++ b/src/openvpn/manage.c
@@ -203,6 +203,11 @@
return man->settings.up.defined && !man->connection.password_verified;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
man_check_password(struct management *man, const char *line)
{
@@ -4172,6 +4177,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#else /* ifdef ENABLE_MANAGEMENT */
#include "win32.h"
diff --git a/src/openvpn/mbuf.c b/src/openvpn/mbuf.c
index 0750fec..448124c 100644
--- a/src/openvpn/mbuf.c
+++ b/src/openvpn/mbuf.c
@@ -34,6 +34,11 @@
#include "memdbg.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
struct mbuf_set *
mbuf_init(unsigned int size)
{
@@ -44,6 +49,10 @@
return ret;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
mbuf_free(struct mbuf_set *ms)
{
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index 59bf52b..e0fddac 100644
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -105,6 +105,11 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* Parses an authentication challenge string and returns an auth_challenge_info structure.
* The authentication challenge string should follow the dynamic challenge/response protocol.
@@ -461,6 +466,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
purge_user_pass(struct user_pass *up, const bool force)
{
diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c
index ab01874..88ea647 100644
--- a/src/openvpn/mroute.c
+++ b/src/openvpn/mroute.c
@@ -103,6 +103,11 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline void
mroute_get_in_addr_t(struct mroute_addr *ma, const in_addr_t src, unsigned int mask)
{
@@ -547,6 +552,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
mroute_helper_free(struct mroute_helper *mh)
{
diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c
index 81310a2..83edec6 100644
--- a/src/openvpn/mtcp.c
+++ b/src/openvpn/mtcp.c
@@ -45,6 +45,11 @@
unsigned int sock;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
struct multi_instance *
multi_create_instance_tcp(struct multi_context *m, struct link_socket *sock)
{
@@ -120,6 +125,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
multi_tcp_instance_specific_free(struct multi_instance *mi)
{
diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c
index a419e32..1e021e3 100644
--- a/src/openvpn/mtu.c
+++ b/src/openvpn/mtu.c
@@ -280,6 +280,11 @@
struct timeval tv;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
const char *
format_extended_socket_error(int fd, int *mtu, struct gc_arena *gc)
{
@@ -389,6 +394,10 @@
return BSTR(&out);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
set_sock_extended_error_passing(int sd, sa_family_t proto_af)
{
diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c
index 31134be..a373a6a 100644
--- a/src/openvpn/mudp.c
+++ b/src/openvpn/mudp.c
@@ -180,6 +180,11 @@
return false;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Get a client instance based on real address. If
* the instance doesn't exist, create it while
@@ -310,6 +315,10 @@
return mi;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* Send a packet to UDP socket.
*/
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index f1abdbe..053e779 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -279,6 +279,11 @@
}
#endif
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Main initialization function, init multi_context object.
*/
@@ -3986,6 +3991,10 @@
return count;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
management_delete_event(void *arg, event_t event)
{
diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c
index 4210e92..168401f 100644
--- a/src/openvpn/networking_sitnl.c
+++ b/src/openvpn/networking_sitnl.c
@@ -130,6 +130,11 @@
inet_address_t gw;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* Helper function used to easily add attributes to a rtnl message
*/
@@ -1461,6 +1466,10 @@
return sitnl_send(&req.n, 0, 0, NULL, NULL);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* !ENABLE_SITNL */
#endif /* TARGET_LINUX */
diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c
index c2a93e8..521677b 100644
--- a/src/openvpn/ntlm.c
+++ b/src/openvpn/ntlm.c
@@ -74,6 +74,11 @@
hmac_ctx_free(hmac_ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
gen_timestamp(uint8_t *timestamp)
{
@@ -383,4 +388,8 @@
return ((const char *)make_base64_string2((unsigned char *)phase3, phase3_bufpos, gc));
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
#endif /* if NTLM */
diff --git a/src/openvpn/occ.c b/src/openvpn/occ.c
index 8821a06..78013ae 100644
--- a/src/openvpn/occ.c
+++ b/src/openvpn/occ.c
@@ -174,6 +174,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
void
check_send_occ_load_test_dowork(struct context *c)
{
@@ -347,6 +352,10 @@
c->c2.occ_op = -1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
process_received_occ_msg(struct context *c)
{
diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h
index 143a3cf..6607f2d 100644
--- a/src/openvpn/openssl_compat.h
+++ b/src/openvpn/openssl_compat.h
@@ -194,12 +194,21 @@
LIBRESSL_VERSION_NUMBER > 0x3050400fL) */
#if OPENSSL_VERSION_NUMBER < 0x30200000L && OPENSSL_VERSION_NUMBER >= 0x30000000L
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline const char *
SSL_get0_group_name(SSL *s)
{
int nid = SSL_get_negotiated_group(s);
return SSL_group_to_name(s, nid);
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
#endif
#endif /* OPENSSL_COMPAT_H_ */
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index a268b92..1ed5966 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -1158,6 +1158,11 @@
return get_ipv6_addr(ipv6_prefix_spec, &t_addr, &t_bits, M_WARN);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static char *
string_substitute(const char *src, int from, int to, struct gc_arena *gc)
{
@@ -9908,6 +9913,10 @@
gc_free(&gc);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
bool
has_udp_in_local_list(const struct options *options)
{
diff --git a/src/openvpn/options_util.c b/src/openvpn/options_util.c
index be1eefc..15a1c0c 100644
--- a/src/openvpn/options_util.c
+++ b/src/openvpn/options_util.c
@@ -146,6 +146,11 @@
return (int)i;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
atoi_constrained(const char *str, int *value, const char *name, int min, int max, int msglevel)
{
@@ -177,6 +182,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static const char *updatable_options[] = { "block-ipv6", "block-outside-dns",
"dhcp-option", "dns",
"ifconfig", "ifconfig-ipv6",
diff --git a/src/openvpn/otime.c b/src/openvpn/otime.c
index 717f749..d9bf157 100644
--- a/src/openvpn/otime.c
+++ b/src/openvpn/otime.c
@@ -100,6 +100,11 @@
/* format a time_t as ascii, or use current time if 0 */
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
const char *
time_string(time_t t, long usec, bool show_usec, struct gc_arena *gc)
{
@@ -130,6 +135,10 @@
return BSTR(&out);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* Limit the frequency of an event stream.
*
diff --git a/src/openvpn/otime.h b/src/openvpn/otime.h
index 5c700bb..108d0f2 100644
--- a/src/openvpn/otime.h
+++ b/src/openvpn/otime.h
@@ -59,6 +59,11 @@
extern time_t now_usec;
void update_now_usec(struct timeval *tv);
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline int
openvpn_gettimeofday(struct timeval *tv, void *tz)
{
@@ -236,6 +241,10 @@
dest->tv_usec = usec;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#define TV_WITHIN_SIGMA_MAX_SEC 600
#define TV_WITHIN_SIGMA_MAX_USEC (TV_WITHIN_SIGMA_MAX_SEC * 1000000)
diff --git a/src/openvpn/packet_id.c b/src/openvpn/packet_id.c
index 09696db..0b33c9c 100644
--- a/src/openvpn/packet_id.c
+++ b/src/openvpn/packet_id.c
@@ -71,6 +71,11 @@
#endif
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
packet_id_init_recv(struct packet_id_rec *rec, int seq_backtrack, int time_backtrack,
const char *name, int unit)
@@ -662,6 +667,10 @@
return epoch;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
bool
packet_id_write_epoch(struct packet_id_send *p, uint16_t epoch, struct buffer *buf)
{
diff --git a/src/openvpn/packet_id.h b/src/openvpn/packet_id.h
index a7eb256..e9d3647 100644
--- a/src/openvpn/packet_id.h
+++ b/src/openvpn/packet_id.h
@@ -280,6 +280,11 @@
return p->fd >= 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/* transfer packet_id -> packet_id_persist */
static inline void
packet_id_persist_save_obj(struct packet_id_persist *p, const struct packet_id *pid)
@@ -291,6 +296,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/**
* Reset the current send packet id to its initial state.
* Use very carefully (e.g. in the standalone reset packet context) to
diff --git a/src/openvpn/pkcs11.c b/src/openvpn/pkcs11.c
index dfc87f6..25071e2 100644
--- a/src/openvpn/pkcs11.c
+++ b/src/openvpn/pkcs11.c
@@ -426,6 +426,11 @@
return count;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
pkcs11_management_id_get(const int index, char **id, char **base64)
{
@@ -558,6 +563,10 @@
return success;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
tls_ctx_use_pkcs11(struct tls_root_ctx *const ssl_ctx, bool pkcs11_id_management,
const char *const pkcs11_id)
diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11_openssl.c
index a912747..70349aa 100644
--- a/src/openvpn/pkcs11_openssl.c
+++ b/src/openvpn/pkcs11_openssl.c
@@ -428,6 +428,11 @@
return dn;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
pkcs11_certificate_serial(pkcs11h_certificate_t certificate, char *serial, size_t serial_len)
{
@@ -468,4 +473,9 @@
return ret;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* defined(ENABLE_PKCS11) && defined(ENABLE_OPENSSL) */
diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c
index 054cc79..f19dc4...
[truncated message content] |
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-09-03 16:21:39
|
Attention is currently required from: plaisthos.
Hello plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1168?usp=email
to look at the new patch set (#3).
Change subject: Enable -Wconversion -Wno-sign-conversion by default
......................................................................
Enable -Wconversion -Wno-sign-conversion by default
Grand-father all known locations of existing errors,
so that -Werror builds still pass and we do not spam
build logs.
Still, this should give us a much better roadmap to
work on these issues one by one while still enabling
the warnings for a lot of code-paths.
In general I did go for least amount of pragmas, so
usually there is only one override per file, covering
ALL of the failures in that file. While this protects
a lot of code that doesn't need it, it also cut down
the amount of pragmas by a lot.
This does cover gcc builds including mingw and clang
builds. Does not cover MSVC.
Once the amount of issues has been suitable reduced
more warnings could be enabled.
Change-Id: Iad5b00c35a1f1993b1fa99e8b945ab17b230ef59
Signed-off-by: Frank Lichtenheld <fr...@li...>
---
M CMakeLists.txt
M configure.ac
M src/openvpn/base64.c
M src/openvpn/buffer.h
M src/openvpn/comp-lz4.c
M src/openvpn/console_builtin.c
M src/openvpn/crypto.c
M src/openvpn/crypto_epoch.c
M src/openvpn/crypto_mbedtls.c
M src/openvpn/crypto_openssl.c
M src/openvpn/cryptoapi.c
M src/openvpn/dco.c
M src/openvpn/dco_freebsd.c
M src/openvpn/dco_linux.c
M src/openvpn/dco_win.c
M src/openvpn/dhcp.c
M src/openvpn/event.c
M src/openvpn/forward.c
M src/openvpn/gremlin.c
M src/openvpn/httpdigest.c
M src/openvpn/init.c
M src/openvpn/interval.c
M src/openvpn/lzo.c
M src/openvpn/manage.c
M src/openvpn/mbuf.c
M src/openvpn/misc.c
M src/openvpn/mroute.c
M src/openvpn/mss.c
M src/openvpn/mtcp.c
M src/openvpn/mtu.c
M src/openvpn/mudp.c
M src/openvpn/multi.c
M src/openvpn/networking_sitnl.c
M src/openvpn/ntlm.c
M src/openvpn/occ.c
M src/openvpn/openssl_compat.h
M src/openvpn/options.c
M src/openvpn/options_util.c
M src/openvpn/otime.c
M src/openvpn/otime.h
M src/openvpn/packet_id.c
M src/openvpn/packet_id.h
M src/openvpn/pkcs11.c
M src/openvpn/pkcs11_openssl.c
M src/openvpn/proxy.c
M src/openvpn/ps.c
M src/openvpn/push.c
M src/openvpn/push_util.c
M src/openvpn/reliable.c
M src/openvpn/schedule.c
M src/openvpn/socket.c
M src/openvpn/socks.c
M src/openvpn/ssl.c
M src/openvpn/ssl_mbedtls.c
M src/openvpn/ssl_ncp.c
M src/openvpn/ssl_openssl.c
M src/openvpn/ssl_pkt.c
M src/openvpn/ssl_util.c
M src/openvpn/ssl_verify.c
M src/openvpn/ssl_verify_mbedtls.c
M src/openvpn/ssl_verify_openssl.c
M src/openvpn/status.c
M src/openvpn/tls_crypt.c
M src/openvpn/tun.c
M src/openvpn/win32.c
M src/openvpnserv/interactive.c
M tests/unit_tests/openvpn/test_crypto.c
M tests/unit_tests/openvpn/test_misc.c
68 files changed, 603 insertions(+), 4 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/68/1168/3
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 35513e9..8e93653 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -113,8 +113,7 @@
check_and_add_compiler_flag(-Wno-stringop-truncation NoStringOpTruncation)
check_and_add_compiler_flag(-Wstrict-prototypes StrictPrototypes)
check_and_add_compiler_flag(-Wold-style-definition OldStyleDefinition)
- # We are not ready for this
- #add_compile_options(-Wconversion -Wno-sign-conversion -Wsign-compare)
+ add_compile_options(-Wconversion -Wno-sign-conversion)
if (USE_WERROR)
add_compile_options(-Werror)
endif ()
diff --git a/configure.ac b/configure.ac
index 7059871..957205e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1396,6 +1396,7 @@
ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-stringop-truncation])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wstrict-prototypes])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wold-style-definition])
+ACL_CHECK_ADD_COMPILE_FLAGS([-Wconversion -Wno-sign-conversion])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wall])
if test "${enable_pedantic}" = "yes"; then
diff --git a/src/openvpn/base64.c b/src/openvpn/base64.c
index 54d5b79..2a5a46d 100644
--- a/src/openvpn/base64.c
+++ b/src/openvpn/base64.c
@@ -41,6 +41,11 @@
#include "memdbg.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static char base64_chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
/*
* base64 encode input data of length size to malloced
@@ -197,3 +202,7 @@
}
return q - (unsigned char *)data;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/buffer.h b/src/openvpn/buffer.h
index 1405667..11a91be 100644
--- a/src/openvpn/buffer.h
+++ b/src/openvpn/buffer.h
@@ -119,7 +119,6 @@
struct gc_entry_special *list_special;
};
-
#define BPTR(buf) (buf_bptr(buf))
#define BEND(buf) (buf_bend(buf))
#define BLAST(buf) (buf_blast(buf))
diff --git a/src/openvpn/comp-lz4.c b/src/openvpn/comp-lz4.c
index 6736469..a78c664 100644
--- a/src/openvpn/comp-lz4.c
+++ b/src/openvpn/comp-lz4.c
@@ -88,6 +88,11 @@
compv2_escape_data_ifneeded(buf);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
do_lz4_decompress(size_t zlen_max, struct buffer *work, struct buffer *buf,
struct compress_context *compctx)
@@ -113,6 +118,10 @@
*buf = *work;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
lz4_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx,
const struct frame *frame)
diff --git a/src/openvpn/console_builtin.c b/src/openvpn/console_builtin.c
index b0228dd..71c0025 100644
--- a/src/openvpn/console_builtin.c
+++ b/src/openvpn/console_builtin.c
@@ -45,6 +45,11 @@
#include "win32.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* Get input from a Windows console.
*
@@ -134,6 +139,10 @@
return false;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* _WIN32 */
@@ -264,6 +273,10 @@
return ret;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
/**
* @copydoc query_user_exec()
@@ -296,3 +309,7 @@
return ret;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index a63e543..804d2ad 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -186,6 +186,11 @@
return;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
openvpn_encrypt_v1(struct buffer *buf, struct buffer work, struct crypto_options *opt)
{
@@ -1532,6 +1537,10 @@
gc_free(&gc);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
write_key_file(const int nkeys, const char *filename)
{
diff --git a/src/openvpn/crypto_epoch.c b/src/openvpn/crypto_epoch.c
index b5cbc8d..7026ff8 100644
--- a/src/openvpn/crypto_epoch.c
+++ b/src/openvpn/crypto_epoch.c
@@ -72,6 +72,11 @@
hmac_ctx_free(hmac_ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
ovpn_expand_label(const uint8_t *secret, size_t secret_len, const uint8_t *label, size_t label_len,
const uint8_t *context, size_t context_len, uint8_t *out, uint16_t out_len)
@@ -163,6 +168,10 @@
key->epoch = epoch_key->epoch;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
epoch_init_send_key_ctx(struct crypto_options *co)
{
diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c
index 86317dd..40978d9 100644
--- a/src/openvpn/crypto_mbedtls.c
+++ b/src/openvpn/crypto_mbedtls.c
@@ -230,6 +230,11 @@
"available\n");
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
crypto_pem_encode(const char *name, struct buffer *dst, const struct buffer *src,
struct gc_arena *gc)
@@ -760,6 +765,9 @@
return 1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
/*
*
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index 4fb6393..d82269c 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -895,6 +895,10 @@
return EVP_CIPHER_CTX_mode(ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
bool
cipher_ctx_mode_cbc(const cipher_ctx_t *ctx)
@@ -999,6 +1003,9 @@
return cipher_ctx_final(ctx, dst, dst_len);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
/*
*
diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c
index d91d9a1..bba6ed2 100644
--- a/src/openvpn/cryptoapi.c
+++ b/src/openvpn/cryptoapi.c
@@ -62,7 +62,7 @@
return 0;
}
-#else /* HAVE_XKEY_PROVIDER */
+#else /* HAVE_XKEY_PROVIDER */
static XKEY_EXTERNAL_SIGN_fn xkey_cng_sign;
@@ -342,6 +342,11 @@
return rv;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/** Sign hash in tbs using EC key in cd and NCryptSignHash */
static int
xkey_cng_ec_sign(CAPI_DATA *cd, unsigned char *sig, size_t *siglen, const unsigned char *tbs,
@@ -438,6 +443,10 @@
return (*siglen > 0);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/** Dispatch sign op to xkey_cng_<rsa/ec>_sign */
static int
xkey_cng_sign(void *handle, unsigned char *sig, size_t *siglen, const unsigned char *tbs,
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 1abebbb..fc45e67 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -491,6 +491,11 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
dco_p2p_add_new_peer(struct context *c)
{
@@ -645,6 +650,10 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
dco_install_iroute(struct multi_context *m, struct multi_instance *mi, struct mroute_addr *addr)
{
diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c
index 931f9f6..0bdad14 100644
--- a/src/openvpn/dco_freebsd.c
+++ b/src/openvpn/dco_freebsd.c
@@ -72,6 +72,11 @@
return (nvl);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static bool
nvlist_to_sockaddr(const nvlist_t *nvl, struct sockaddr_storage *ss)
{
@@ -854,6 +859,10 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err)
{
diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c
index 40674e7..3b08f33 100644
--- a/src/openvpn/dco_linux.c
+++ b/src/openvpn/dco_linux.c
@@ -62,6 +62,11 @@
typedef int (*ovpn_nl_cb)(struct nl_msg *msg, void *arg);
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* @brief resolves the netlink ID for ovpn-dco
*
@@ -1298,4 +1303,8 @@
return "AES-128-GCM:AES-256-GCM:AES-192-GCM:CHACHA20-POLY1305";
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* defined(ENABLE_DCO) && defined(TARGET_LINUX) */
diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c
index 01ba017..1dc5cf8 100644
--- a/src/openvpn/dco_win.c
+++ b/src/openvpn/dco_win.c
@@ -525,6 +525,11 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
dco_new_key(dco_context_t *dco, unsigned int peerid, int keyid, dco_key_slot_t slot,
const uint8_t *encrypt_key, const uint8_t *encrypt_iv, const uint8_t *decrypt_key,
@@ -564,6 +569,11 @@
}
return 0;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
dco_del_key(dco_context_t *dco, unsigned int peerid, dco_key_slot_t slot)
{
diff --git a/src/openvpn/dhcp.c b/src/openvpn/dhcp.c
index 7abade5..38e8d40 100644
--- a/src/openvpn/dhcp.c
+++ b/src/openvpn/dhcp.c
@@ -72,6 +72,11 @@
return -1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static in_addr_t
do_extract(struct dhcp *dhcp, int optlen)
{
@@ -185,3 +190,7 @@
}
return 0;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/event.c b/src/openvpn/event.c
index 581bdbb..2f60b78 100644
--- a/src/openvpn/event.c
+++ b/src/openvpn/event.c
@@ -65,6 +65,11 @@
#define SELECT_MAX_FDS 256
#endif
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline int
tv_to_ms_timeout(const struct timeval *tv)
{
@@ -78,6 +83,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#ifdef _WIN32
struct we_set
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 03b6a0c..5dc244a 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -367,6 +367,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
send_control_channel_string_dowork(struct tls_session *session, const char *str, int msglevel)
{
@@ -1965,6 +1970,10 @@
perf_pop();
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
pre_select(struct context *c)
{
diff --git a/src/openvpn/gremlin.c b/src/openvpn/gremlin.c
index e6ebbef..0e5e93f 100644
--- a/src/openvpn/gremlin.c
+++ b/src/openvpn/gremlin.c
@@ -98,6 +98,11 @@
return (get_random() % n) == 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Return uniformly distributed random number between
* low and high.
@@ -229,4 +234,9 @@
}
}
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* ifdef ENABLE_DEBUG */
diff --git a/src/openvpn/httpdigest.c b/src/openvpn/httpdigest.c
index be20638..f665b17 100644
--- a/src/openvpn/httpdigest.c
+++ b/src/openvpn/httpdigest.c
@@ -61,6 +61,11 @@
Hex[HASHHEXLEN] = '\0';
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/* calculate H(A1) as per spec */
void
DigestCalcHA1(IN char *pszAlg, IN char *pszUserName, IN char *pszRealm, IN char *pszPassword,
@@ -145,4 +150,8 @@
CvtHex(RespHash, Response);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* if PROXY_DIGEST_AUTH */
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 39ea8e4..fcb3365 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -455,6 +455,11 @@
}
#endif /* ENABLE_MANAGEMENT */
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Initialize and possibly randomize the connection list.
*
@@ -3490,6 +3495,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* No encryption or authentication.
*/
diff --git a/src/openvpn/interval.c b/src/openvpn/interval.c
index 2b35314..fbefcd9 100644
--- a/src/openvpn/interval.c
+++ b/src/openvpn/interval.c
@@ -38,6 +38,11 @@
top->horizon = horizon;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
event_timeout_trigger(struct event_timeout *et, struct timeval *tv, const int et_const_retry)
{
@@ -77,3 +82,7 @@
}
return ret;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/lzo.c b/src/openvpn/lzo.c
index 3a73d5f..8daaec0 100644
--- a/src/openvpn/lzo.c
+++ b/src/openvpn/lzo.c
@@ -72,6 +72,11 @@
*header = NO_COMPRESS_BYTE;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
lzo_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx,
const struct frame *frame)
@@ -121,6 +126,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
const struct compress_alg lzo_alg = { "lzo", lzo_compress_init, lzo_compress_uninit, lzo_compress,
lzo_decompress };
#endif /* ENABLE_LZO */
diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index 5b2a7de..207247e 100644
--- a/src/openvpn/manage.c
+++ b/src/openvpn/manage.c
@@ -203,6 +203,11 @@
return man->settings.up.defined && !man->connection.password_verified;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
man_check_password(struct management *man, const char *line)
{
@@ -4172,6 +4177,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#else /* ifdef ENABLE_MANAGEMENT */
#include "win32.h"
diff --git a/src/openvpn/mbuf.c b/src/openvpn/mbuf.c
index 0750fec..448124c 100644
--- a/src/openvpn/mbuf.c
+++ b/src/openvpn/mbuf.c
@@ -34,6 +34,11 @@
#include "memdbg.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
struct mbuf_set *
mbuf_init(unsigned int size)
{
@@ -44,6 +49,10 @@
return ret;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
mbuf_free(struct mbuf_set *ms)
{
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index 59bf52b..e0fddac 100644
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -105,6 +105,11 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* Parses an authentication challenge string and returns an auth_challenge_info structure.
* The authentication challenge string should follow the dynamic challenge/response protocol.
@@ -461,6 +466,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
purge_user_pass(struct user_pass *up, const bool force)
{
diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c
index ab01874..88ea647 100644
--- a/src/openvpn/mroute.c
+++ b/src/openvpn/mroute.c
@@ -103,6 +103,11 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline void
mroute_get_in_addr_t(struct mroute_addr *ma, const in_addr_t src, unsigned int mask)
{
@@ -547,6 +552,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
mroute_helper_free(struct mroute_helper *mh)
{
diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c
index 32cd3f8..e7111a8 100644
--- a/src/openvpn/mss.c
+++ b/src/openvpn/mss.c
@@ -130,6 +130,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* change TCP MSS option in SYN/SYN-ACK packets, if present
* this is generic for IPv4 and IPv6, as the TCP header is the same
@@ -199,6 +204,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static inline size_t
adjust_payload_max_cbc(const struct key_type *kt, size_t target)
{
diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c
index 81310a2..83edec6 100644
--- a/src/openvpn/mtcp.c
+++ b/src/openvpn/mtcp.c
@@ -45,6 +45,11 @@
unsigned int sock;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
struct multi_instance *
multi_create_instance_tcp(struct multi_context *m, struct link_socket *sock)
{
@@ -120,6 +125,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
multi_tcp_instance_specific_free(struct multi_instance *mi)
{
diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c
index a419e32..1e021e3 100644
--- a/src/openvpn/mtu.c
+++ b/src/openvpn/mtu.c
@@ -280,6 +280,11 @@
struct timeval tv;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
const char *
format_extended_socket_error(int fd, int *mtu, struct gc_arena *gc)
{
@@ -389,6 +394,10 @@
return BSTR(&out);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
set_sock_extended_error_passing(int sd, sa_family_t proto_af)
{
diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c
index 31134be..a373a6a 100644
--- a/src/openvpn/mudp.c
+++ b/src/openvpn/mudp.c
@@ -180,6 +180,11 @@
return false;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Get a client instance based on real address. If
* the instance doesn't exist, create it while
@@ -310,6 +315,10 @@
return mi;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* Send a packet to UDP socket.
*/
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index f1abdbe..053e779 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -279,6 +279,11 @@
}
#endif
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Main initialization function, init multi_context object.
*/
@@ -3986,6 +3991,10 @@
return count;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
management_delete_event(void *arg, event_t event)
{
diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c
index 4210e92..168401f 100644
--- a/src/openvpn/networking_sitnl.c
+++ b/src/openvpn/networking_sitnl.c
@@ -130,6 +130,11 @@
inet_address_t gw;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* Helper function used to easily add attributes to a rtnl message
*/
@@ -1461,6 +1466,10 @@
return sitnl_send(&req.n, 0, 0, NULL, NULL);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* !ENABLE_SITNL */
#endif /* TARGET_LINUX */
diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c
index c2a93e8..521677b 100644
--- a/src/openvpn/ntlm.c
+++ b/src/openvpn/ntlm.c
@@ -74,6 +74,11 @@
hmac_ctx_free(hmac_ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
gen_timestamp(uint8_t *timestamp)
{
@@ -383,4 +388,8 @@
return ((const char *)make_base64_string2((unsigned char *)phase3, phase3_bufpos, gc));
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
#endif /* if NTLM */
diff --git a/src/openvpn/occ.c b/src/openvpn/occ.c
index 8821a06..78013ae 100644
--- a/src/openvpn/occ.c
+++ b/src/openvpn/occ.c
@@ -174,6 +174,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
void
check_send_occ_load_test_dowork(struct context *c)
{
@@ -347,6 +352,10 @@
c->c2.occ_op = -1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
process_received_occ_msg(struct context *c)
{
diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h
index 143a3cf..6607f2d 100644
--- a/src/openvpn/openssl_compat.h
+++ b/src/openvpn/openssl_compat.h
@@ -194,12 +194,21 @@
LIBRESSL_VERSION_NUMBER > 0x3050400fL) */
#if OPENSSL_VERSION_NUMBER < 0x30200000L && OPENSSL_VERSION_NUMBER >= 0x30000000L
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline const char *
SSL_get0_group_name(SSL *s)
{
int nid = SSL_get_negotiated_group(s);
return SSL_group_to_name(s, nid);
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
#endif
#endif /* OPENSSL_COMPAT_H_ */
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index a268b92..1ed5966 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -1158,6 +1158,11 @@
return get_ipv6_addr(ipv6_prefix_spec, &t_addr, &t_bits, M_WARN);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static char *
string_substitute(const char *src, int from, int to, struct gc_arena *gc)
{
@@ -9908,6 +9913,10 @@
gc_free(&gc);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
bool
has_udp_in_local_list(const struct options *options)
{
diff --git a/src/openvpn/options_util.c b/src/openvpn/options_util.c
index be1eefc..15a1c0c 100644
--- a/src/openvpn/options_util.c
+++ b/src/openvpn/options_util.c
@@ -146,6 +146,11 @@
return (int)i;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
atoi_constrained(const char *str, int *value, const char *name, int min, int max, int msglevel)
{
@@ -177,6 +182,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static const char *updatable_options[] = { "block-ipv6", "block-outside-dns",
"dhcp-option", "dns",
"ifconfig", "ifconfig-ipv6",
diff --git a/src/openvpn/otime.c b/src/openvpn/otime.c
index 717f749..d9bf157 100644
--- a/src/openvpn/otime.c
+++ b/src/openvpn/otime.c
@@ -100,6 +100,11 @@
/* format a time_t as ascii, or use current time if 0 */
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
const char *
time_string(time_t t, long usec, bool show_usec, struct gc_arena *gc)
{
@@ -130,6 +135,10 @@
return BSTR(&out);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* Limit the frequency of an event stream.
*
diff --git a/src/openvpn/otime.h b/src/openvpn/otime.h
index 5c700bb..108d0f2 100644
--- a/src/openvpn/otime.h
+++ b/src/openvpn/otime.h
@@ -59,6 +59,11 @@
extern time_t now_usec;
void update_now_usec(struct timeval *tv);
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline int
openvpn_gettimeofday(struct timeval *tv, void *tz)
{
@@ -236,6 +241,10 @@
dest->tv_usec = usec;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#define TV_WITHIN_SIGMA_MAX_SEC 600
#define TV_WITHIN_SIGMA_MAX_USEC (TV_WITHIN_SIGMA_MAX_SEC * 1000000)
diff --git a/src/openvpn/packet_id.c b/src/openvpn/packet_id.c
index 09696db..0b33c9c 100644
--- a/src/openvpn/packet_id.c
+++ b/src/openvpn/packet_id.c
@@ -71,6 +71,11 @@
#endif
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
packet_id_init_recv(struct packet_id_rec *rec, int seq_backtrack, int time_backtrack,
const char *name, int unit)
@@ -662,6 +667,10 @@
return epoch;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
bool
packet_id_write_epoch(struct packet_id_send *p, uint16_t epoch, struct buffer *buf)
{
diff --git a/src/openvpn/packet_id.h b/src/openvpn/packet_id.h
index a7eb256..e9d3647 100644
--- a/src/openvpn/packet_id.h
+++ b/src/openvpn/packet_id.h
@@ -280,6 +280,11 @@
return p->fd >= 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/* transfer packet_id -> packet_id_persist */
static inline void
packet_id_persist_save_obj(struct packet_id_persist *p, const struct packet_id *pid)
@@ -291,6 +296,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/**
* Reset the current send packet id to its initial state.
* Use very carefully (e.g. in the standalone reset packet context) to
diff --git a/src/openvpn/pkcs11.c b/src/openvpn/pkcs11.c
index dfc87f6..25071e2 100644
--- a/src/openvpn/pkcs11.c
+++ b/src/openvpn/pkcs11.c
@@ -426,6 +426,11 @@
return count;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
pkcs11_management_id_get(const int index, char **id, char **base64)
{
@@ -558,6 +563,10 @@
return success;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
tls_ctx_use_pkcs11(struct tls_root_ctx *const ssl_ctx, bool pkcs11_id_management,
const char *const pkcs11_id)
diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11...
[truncated message content] |
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-09-03 16:27:43
|
Attention is currently required from: plaisthos.
Hello plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1168?usp=email
to look at the new patch set (#4).
Change subject: Enable -Wconversion -Wno-sign-conversion by default
......................................................................
Enable -Wconversion -Wno-sign-conversion by default
Grand-father all known locations of existing errors,
so that -Werror builds still pass and we do not spam
build logs.
Still, this should give us a much better roadmap to
work on these issues one by one while still enabling
the warnings for a lot of code-paths.
In general I did go for least amount of pragmas, so
usually there is only one override per file, covering
ALL of the failures in that file. While this protects
a lot of code that doesn't need it, it also cut down
the amount of pragmas by a lot.
This does cover gcc builds including mingw and clang
builds. Does not cover MSVC.
Once the amount of issues has been suitable reduced
more warnings could be enabled.
Change-Id: Iad5b00c35a1f1993b1fa99e8b945ab17b230ef59
Signed-off-by: Frank Lichtenheld <fr...@li...>
---
M CMakeLists.txt
M configure.ac
M src/openvpn/base64.c
M src/openvpn/buffer.h
M src/openvpn/comp-lz4.c
M src/openvpn/console_builtin.c
M src/openvpn/crypto.c
M src/openvpn/crypto_epoch.c
M src/openvpn/crypto_mbedtls.c
M src/openvpn/crypto_openssl.c
M src/openvpn/cryptoapi.c
M src/openvpn/dco.c
M src/openvpn/dco_freebsd.c
M src/openvpn/dco_linux.c
M src/openvpn/dco_win.c
M src/openvpn/dhcp.c
M src/openvpn/event.c
M src/openvpn/forward.c
M src/openvpn/gremlin.c
M src/openvpn/httpdigest.c
M src/openvpn/init.c
M src/openvpn/interval.c
M src/openvpn/lzo.c
M src/openvpn/manage.c
M src/openvpn/mbuf.c
M src/openvpn/misc.c
M src/openvpn/mroute.c
M src/openvpn/mss.c
M src/openvpn/mtcp.c
M src/openvpn/mtu.c
M src/openvpn/mudp.c
M src/openvpn/multi.c
M src/openvpn/networking_sitnl.c
M src/openvpn/ntlm.c
M src/openvpn/occ.c
M src/openvpn/openssl_compat.h
M src/openvpn/options.c
M src/openvpn/options_util.c
M src/openvpn/otime.c
M src/openvpn/otime.h
M src/openvpn/packet_id.c
M src/openvpn/packet_id.h
M src/openvpn/pkcs11.c
M src/openvpn/pkcs11_openssl.c
M src/openvpn/proxy.c
M src/openvpn/ps.c
M src/openvpn/push.c
M src/openvpn/push_util.c
M src/openvpn/reliable.c
M src/openvpn/route.c
M src/openvpn/schedule.c
M src/openvpn/socket.c
M src/openvpn/socks.c
M src/openvpn/ssl.c
M src/openvpn/ssl_mbedtls.c
M src/openvpn/ssl_ncp.c
M src/openvpn/ssl_openssl.c
M src/openvpn/ssl_pkt.c
M src/openvpn/ssl_util.c
M src/openvpn/ssl_verify.c
M src/openvpn/ssl_verify_mbedtls.c
M src/openvpn/ssl_verify_openssl.c
M src/openvpn/status.c
M src/openvpn/tls_crypt.c
M src/openvpn/tun.c
M src/openvpn/win32.c
M src/openvpnserv/interactive.c
M tests/unit_tests/openvpn/test_crypto.c
M tests/unit_tests/openvpn/test_misc.c
69 files changed, 621 insertions(+), 4 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/68/1168/4
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 35513e9..8e93653 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -113,8 +113,7 @@
check_and_add_compiler_flag(-Wno-stringop-truncation NoStringOpTruncation)
check_and_add_compiler_flag(-Wstrict-prototypes StrictPrototypes)
check_and_add_compiler_flag(-Wold-style-definition OldStyleDefinition)
- # We are not ready for this
- #add_compile_options(-Wconversion -Wno-sign-conversion -Wsign-compare)
+ add_compile_options(-Wconversion -Wno-sign-conversion)
if (USE_WERROR)
add_compile_options(-Werror)
endif ()
diff --git a/configure.ac b/configure.ac
index 7059871..957205e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1396,6 +1396,7 @@
ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-stringop-truncation])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wstrict-prototypes])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wold-style-definition])
+ACL_CHECK_ADD_COMPILE_FLAGS([-Wconversion -Wno-sign-conversion])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wall])
if test "${enable_pedantic}" = "yes"; then
diff --git a/src/openvpn/base64.c b/src/openvpn/base64.c
index 54d5b79..2a5a46d 100644
--- a/src/openvpn/base64.c
+++ b/src/openvpn/base64.c
@@ -41,6 +41,11 @@
#include "memdbg.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static char base64_chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
/*
* base64 encode input data of length size to malloced
@@ -197,3 +202,7 @@
}
return q - (unsigned char *)data;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/buffer.h b/src/openvpn/buffer.h
index 1405667..11a91be 100644
--- a/src/openvpn/buffer.h
+++ b/src/openvpn/buffer.h
@@ -119,7 +119,6 @@
struct gc_entry_special *list_special;
};
-
#define BPTR(buf) (buf_bptr(buf))
#define BEND(buf) (buf_bend(buf))
#define BLAST(buf) (buf_blast(buf))
diff --git a/src/openvpn/comp-lz4.c b/src/openvpn/comp-lz4.c
index 6736469..a78c664 100644
--- a/src/openvpn/comp-lz4.c
+++ b/src/openvpn/comp-lz4.c
@@ -88,6 +88,11 @@
compv2_escape_data_ifneeded(buf);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
do_lz4_decompress(size_t zlen_max, struct buffer *work, struct buffer *buf,
struct compress_context *compctx)
@@ -113,6 +118,10 @@
*buf = *work;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
lz4_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx,
const struct frame *frame)
diff --git a/src/openvpn/console_builtin.c b/src/openvpn/console_builtin.c
index b0228dd..71c0025 100644
--- a/src/openvpn/console_builtin.c
+++ b/src/openvpn/console_builtin.c
@@ -45,6 +45,11 @@
#include "win32.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* Get input from a Windows console.
*
@@ -134,6 +139,10 @@
return false;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* _WIN32 */
@@ -264,6 +273,10 @@
return ret;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
/**
* @copydoc query_user_exec()
@@ -296,3 +309,7 @@
return ret;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index a63e543..804d2ad 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -186,6 +186,11 @@
return;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
openvpn_encrypt_v1(struct buffer *buf, struct buffer work, struct crypto_options *opt)
{
@@ -1532,6 +1537,10 @@
gc_free(&gc);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
write_key_file(const int nkeys, const char *filename)
{
diff --git a/src/openvpn/crypto_epoch.c b/src/openvpn/crypto_epoch.c
index b5cbc8d..7026ff8 100644
--- a/src/openvpn/crypto_epoch.c
+++ b/src/openvpn/crypto_epoch.c
@@ -72,6 +72,11 @@
hmac_ctx_free(hmac_ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
ovpn_expand_label(const uint8_t *secret, size_t secret_len, const uint8_t *label, size_t label_len,
const uint8_t *context, size_t context_len, uint8_t *out, uint16_t out_len)
@@ -163,6 +168,10 @@
key->epoch = epoch_key->epoch;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
epoch_init_send_key_ctx(struct crypto_options *co)
{
diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c
index 86317dd..40978d9 100644
--- a/src/openvpn/crypto_mbedtls.c
+++ b/src/openvpn/crypto_mbedtls.c
@@ -230,6 +230,11 @@
"available\n");
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
crypto_pem_encode(const char *name, struct buffer *dst, const struct buffer *src,
struct gc_arena *gc)
@@ -760,6 +765,9 @@
return 1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
/*
*
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index 4fb6393..d82269c 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -895,6 +895,10 @@
return EVP_CIPHER_CTX_mode(ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
bool
cipher_ctx_mode_cbc(const cipher_ctx_t *ctx)
@@ -999,6 +1003,9 @@
return cipher_ctx_final(ctx, dst, dst_len);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
/*
*
diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c
index d91d9a1..bba6ed2 100644
--- a/src/openvpn/cryptoapi.c
+++ b/src/openvpn/cryptoapi.c
@@ -62,7 +62,7 @@
return 0;
}
-#else /* HAVE_XKEY_PROVIDER */
+#else /* HAVE_XKEY_PROVIDER */
static XKEY_EXTERNAL_SIGN_fn xkey_cng_sign;
@@ -342,6 +342,11 @@
return rv;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/** Sign hash in tbs using EC key in cd and NCryptSignHash */
static int
xkey_cng_ec_sign(CAPI_DATA *cd, unsigned char *sig, size_t *siglen, const unsigned char *tbs,
@@ -438,6 +443,10 @@
return (*siglen > 0);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/** Dispatch sign op to xkey_cng_<rsa/ec>_sign */
static int
xkey_cng_sign(void *handle, unsigned char *sig, size_t *siglen, const unsigned char *tbs,
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 1abebbb..fc45e67 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -491,6 +491,11 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
dco_p2p_add_new_peer(struct context *c)
{
@@ -645,6 +650,10 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
dco_install_iroute(struct multi_context *m, struct multi_instance *mi, struct mroute_addr *addr)
{
diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c
index 931f9f6..0bdad14 100644
--- a/src/openvpn/dco_freebsd.c
+++ b/src/openvpn/dco_freebsd.c
@@ -72,6 +72,11 @@
return (nvl);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static bool
nvlist_to_sockaddr(const nvlist_t *nvl, struct sockaddr_storage *ss)
{
@@ -854,6 +859,10 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err)
{
diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c
index 40674e7..3b08f33 100644
--- a/src/openvpn/dco_linux.c
+++ b/src/openvpn/dco_linux.c
@@ -62,6 +62,11 @@
typedef int (*ovpn_nl_cb)(struct nl_msg *msg, void *arg);
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* @brief resolves the netlink ID for ovpn-dco
*
@@ -1298,4 +1303,8 @@
return "AES-128-GCM:AES-256-GCM:AES-192-GCM:CHACHA20-POLY1305";
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* defined(ENABLE_DCO) && defined(TARGET_LINUX) */
diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c
index 01ba017..1dc5cf8 100644
--- a/src/openvpn/dco_win.c
+++ b/src/openvpn/dco_win.c
@@ -525,6 +525,11 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
dco_new_key(dco_context_t *dco, unsigned int peerid, int keyid, dco_key_slot_t slot,
const uint8_t *encrypt_key, const uint8_t *encrypt_iv, const uint8_t *decrypt_key,
@@ -564,6 +569,11 @@
}
return 0;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
dco_del_key(dco_context_t *dco, unsigned int peerid, dco_key_slot_t slot)
{
diff --git a/src/openvpn/dhcp.c b/src/openvpn/dhcp.c
index 7abade5..38e8d40 100644
--- a/src/openvpn/dhcp.c
+++ b/src/openvpn/dhcp.c
@@ -72,6 +72,11 @@
return -1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static in_addr_t
do_extract(struct dhcp *dhcp, int optlen)
{
@@ -185,3 +190,7 @@
}
return 0;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/event.c b/src/openvpn/event.c
index 581bdbb..2f60b78 100644
--- a/src/openvpn/event.c
+++ b/src/openvpn/event.c
@@ -65,6 +65,11 @@
#define SELECT_MAX_FDS 256
#endif
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline int
tv_to_ms_timeout(const struct timeval *tv)
{
@@ -78,6 +83,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#ifdef _WIN32
struct we_set
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 03b6a0c..5dc244a 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -367,6 +367,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
send_control_channel_string_dowork(struct tls_session *session, const char *str, int msglevel)
{
@@ -1965,6 +1970,10 @@
perf_pop();
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
pre_select(struct context *c)
{
diff --git a/src/openvpn/gremlin.c b/src/openvpn/gremlin.c
index e6ebbef..0e5e93f 100644
--- a/src/openvpn/gremlin.c
+++ b/src/openvpn/gremlin.c
@@ -98,6 +98,11 @@
return (get_random() % n) == 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Return uniformly distributed random number between
* low and high.
@@ -229,4 +234,9 @@
}
}
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* ifdef ENABLE_DEBUG */
diff --git a/src/openvpn/httpdigest.c b/src/openvpn/httpdigest.c
index be20638..f665b17 100644
--- a/src/openvpn/httpdigest.c
+++ b/src/openvpn/httpdigest.c
@@ -61,6 +61,11 @@
Hex[HASHHEXLEN] = '\0';
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/* calculate H(A1) as per spec */
void
DigestCalcHA1(IN char *pszAlg, IN char *pszUserName, IN char *pszRealm, IN char *pszPassword,
@@ -145,4 +150,8 @@
CvtHex(RespHash, Response);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* if PROXY_DIGEST_AUTH */
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 39ea8e4..fcb3365 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -455,6 +455,11 @@
}
#endif /* ENABLE_MANAGEMENT */
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Initialize and possibly randomize the connection list.
*
@@ -3490,6 +3495,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* No encryption or authentication.
*/
diff --git a/src/openvpn/interval.c b/src/openvpn/interval.c
index 2b35314..fbefcd9 100644
--- a/src/openvpn/interval.c
+++ b/src/openvpn/interval.c
@@ -38,6 +38,11 @@
top->horizon = horizon;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
event_timeout_trigger(struct event_timeout *et, struct timeval *tv, const int et_const_retry)
{
@@ -77,3 +82,7 @@
}
return ret;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/lzo.c b/src/openvpn/lzo.c
index 3a73d5f..8daaec0 100644
--- a/src/openvpn/lzo.c
+++ b/src/openvpn/lzo.c
@@ -72,6 +72,11 @@
*header = NO_COMPRESS_BYTE;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
lzo_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx,
const struct frame *frame)
@@ -121,6 +126,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
const struct compress_alg lzo_alg = { "lzo", lzo_compress_init, lzo_compress_uninit, lzo_compress,
lzo_decompress };
#endif /* ENABLE_LZO */
diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index 5b2a7de..207247e 100644
--- a/src/openvpn/manage.c
+++ b/src/openvpn/manage.c
@@ -203,6 +203,11 @@
return man->settings.up.defined && !man->connection.password_verified;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
man_check_password(struct management *man, const char *line)
{
@@ -4172,6 +4177,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#else /* ifdef ENABLE_MANAGEMENT */
#include "win32.h"
diff --git a/src/openvpn/mbuf.c b/src/openvpn/mbuf.c
index 0750fec..448124c 100644
--- a/src/openvpn/mbuf.c
+++ b/src/openvpn/mbuf.c
@@ -34,6 +34,11 @@
#include "memdbg.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
struct mbuf_set *
mbuf_init(unsigned int size)
{
@@ -44,6 +49,10 @@
return ret;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
mbuf_free(struct mbuf_set *ms)
{
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index 59bf52b..e0fddac 100644
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -105,6 +105,11 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* Parses an authentication challenge string and returns an auth_challenge_info structure.
* The authentication challenge string should follow the dynamic challenge/response protocol.
@@ -461,6 +466,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
purge_user_pass(struct user_pass *up, const bool force)
{
diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c
index ab01874..88ea647 100644
--- a/src/openvpn/mroute.c
+++ b/src/openvpn/mroute.c
@@ -103,6 +103,11 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline void
mroute_get_in_addr_t(struct mroute_addr *ma, const in_addr_t src, unsigned int mask)
{
@@ -547,6 +552,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
mroute_helper_free(struct mroute_helper *mh)
{
diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c
index 32cd3f8..e7111a8 100644
--- a/src/openvpn/mss.c
+++ b/src/openvpn/mss.c
@@ -130,6 +130,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* change TCP MSS option in SYN/SYN-ACK packets, if present
* this is generic for IPv4 and IPv6, as the TCP header is the same
@@ -199,6 +204,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static inline size_t
adjust_payload_max_cbc(const struct key_type *kt, size_t target)
{
diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c
index 81310a2..83edec6 100644
--- a/src/openvpn/mtcp.c
+++ b/src/openvpn/mtcp.c
@@ -45,6 +45,11 @@
unsigned int sock;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
struct multi_instance *
multi_create_instance_tcp(struct multi_context *m, struct link_socket *sock)
{
@@ -120,6 +125,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
multi_tcp_instance_specific_free(struct multi_instance *mi)
{
diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c
index a419e32..1e021e3 100644
--- a/src/openvpn/mtu.c
+++ b/src/openvpn/mtu.c
@@ -280,6 +280,11 @@
struct timeval tv;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
const char *
format_extended_socket_error(int fd, int *mtu, struct gc_arena *gc)
{
@@ -389,6 +394,10 @@
return BSTR(&out);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
set_sock_extended_error_passing(int sd, sa_family_t proto_af)
{
diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c
index 31134be..a373a6a 100644
--- a/src/openvpn/mudp.c
+++ b/src/openvpn/mudp.c
@@ -180,6 +180,11 @@
return false;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Get a client instance based on real address. If
* the instance doesn't exist, create it while
@@ -310,6 +315,10 @@
return mi;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* Send a packet to UDP socket.
*/
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index f1abdbe..053e779 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -279,6 +279,11 @@
}
#endif
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Main initialization function, init multi_context object.
*/
@@ -3986,6 +3991,10 @@
return count;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
management_delete_event(void *arg, event_t event)
{
diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c
index 4210e92..168401f 100644
--- a/src/openvpn/networking_sitnl.c
+++ b/src/openvpn/networking_sitnl.c
@@ -130,6 +130,11 @@
inet_address_t gw;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* Helper function used to easily add attributes to a rtnl message
*/
@@ -1461,6 +1466,10 @@
return sitnl_send(&req.n, 0, 0, NULL, NULL);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* !ENABLE_SITNL */
#endif /* TARGET_LINUX */
diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c
index c2a93e8..521677b 100644
--- a/src/openvpn/ntlm.c
+++ b/src/openvpn/ntlm.c
@@ -74,6 +74,11 @@
hmac_ctx_free(hmac_ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
gen_timestamp(uint8_t *timestamp)
{
@@ -383,4 +388,8 @@
return ((const char *)make_base64_string2((unsigned char *)phase3, phase3_bufpos, gc));
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
#endif /* if NTLM */
diff --git a/src/openvpn/occ.c b/src/openvpn/occ.c
index 8821a06..78013ae 100644
--- a/src/openvpn/occ.c
+++ b/src/openvpn/occ.c
@@ -174,6 +174,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
void
check_send_occ_load_test_dowork(struct context *c)
{
@@ -347,6 +352,10 @@
c->c2.occ_op = -1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
process_received_occ_msg(struct context *c)
{
diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h
index 143a3cf..6607f2d 100644
--- a/src/openvpn/openssl_compat.h
+++ b/src/openvpn/openssl_compat.h
@@ -194,12 +194,21 @@
LIBRESSL_VERSION_NUMBER > 0x3050400fL) */
#if OPENSSL_VERSION_NUMBER < 0x30200000L && OPENSSL_VERSION_NUMBER >= 0x30000000L
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline const char *
SSL_get0_group_name(SSL *s)
{
int nid = SSL_get_negotiated_group(s);
return SSL_group_to_name(s, nid);
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
#endif
#endif /* OPENSSL_COMPAT_H_ */
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index a268b92..1ed5966 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -1158,6 +1158,11 @@
return get_ipv6_addr(ipv6_prefix_spec, &t_addr, &t_bits, M_WARN);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static char *
string_substitute(const char *src, int from, int to, struct gc_arena *gc)
{
@@ -9908,6 +9913,10 @@
gc_free(&gc);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
bool
has_udp_in_local_list(const struct options *options)
{
diff --git a/src/openvpn/options_util.c b/src/openvpn/options_util.c
index be1eefc..15a1c0c 100644
--- a/src/openvpn/options_util.c
+++ b/src/openvpn/options_util.c
@@ -146,6 +146,11 @@
return (int)i;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
atoi_constrained(const char *str, int *value, const char *name, int min, int max, int msglevel)
{
@@ -177,6 +182,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static const char *updatable_options[] = { "block-ipv6", "block-outside-dns",
"dhcp-option", "dns",
"ifconfig", "ifconfig-ipv6",
diff --git a/src/openvpn/otime.c b/src/openvpn/otime.c
index 717f749..d9bf157 100644
--- a/src/openvpn/otime.c
+++ b/src/openvpn/otime.c
@@ -100,6 +100,11 @@
/* format a time_t as ascii, or use current time if 0 */
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
const char *
time_string(time_t t, long usec, bool show_usec, struct gc_arena *gc)
{
@@ -130,6 +135,10 @@
return BSTR(&out);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* Limit the frequency of an event stream.
*
diff --git a/src/openvpn/otime.h b/src/openvpn/otime.h
index 5c700bb..108d0f2 100644
--- a/src/openvpn/otime.h
+++ b/src/openvpn/otime.h
@@ -59,6 +59,11 @@
extern time_t now_usec;
void update_now_usec(struct timeval *tv);
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline int
openvpn_gettimeofday(struct timeval *tv, void *tz)
{
@@ -236,6 +241,10 @@
dest->tv_usec = usec;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#define TV_WITHIN_SIGMA_MAX_SEC 600
#define TV_WITHIN_SIGMA_MAX_USEC (TV_WITHIN_SIGMA_MAX_SEC * 1000000)
diff --git a/src/openvpn/packet_id.c b/src/openvpn/packet_id.c
index 09696db..0b33c9c 100644
--- a/src/openvpn/packet_id.c
+++ b/src/openvpn/packet_id.c
@@ -71,6 +71,11 @@
#endif
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
packet_id_init_recv(struct packet_id_rec *rec, int seq_backtrack, int time_backtrack,
const char *name, int unit)
@@ -662,6 +667,10 @@
return epoch;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
bool
packet_id_write_epoch(struct packet_id_send *p, uint16_t epoch, struct buffer *buf)
{
diff --git a/src/openvpn/packet_id.h b/src/openvpn/packet_id.h
index a7eb256..e9d3647 100644
--- a/src/openvpn/packet_id.h
+++ b/src/openvpn/packet_id.h
@@ -280,6 +280,11 @@
return p->fd >= 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/* transfer packet_id -> packet_id_persist */
static inline void
packet_id_persist_save_obj(struct packet_id_persist *p, const struct packet_id *pid)
@@ -291,6 +296,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/**
* Reset the current send packet id to its initial state.
* Use very carefully (e.g. in the standalone reset packet context) to
diff --git a/src/openvpn/pkcs11.c b/src/openvpn/pkcs11.c
index dfc87f6..25071e2 100644
--- a/src/openvpn/pkcs11.c
+++ b/src/openvpn/pkcs11.c
@@ -426,6 +426,11 @@
return count;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
pkcs11_management_id_get(const int index, char **id, char **base64)
{
@@ -558,6 +563,10 @@
return success;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
tls_ctx_use_pkcs11(struct tls_root_ctx *const ssl_ctx, bool pkcs11_id_management,
const char *const pkcs11_id)
diff --git a/src/openvpn/pkcs11_openssl....
[truncated message content] |
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-09-03 16:30:00
|
Attention is currently required from: plaisthos.
Hello plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1168?usp=email
to look at the new patch set (#5).
Change subject: Enable -Wconversion -Wno-sign-conversion by default
......................................................................
Enable -Wconversion -Wno-sign-conversion by default
Grand-father all known locations of existing errors,
so that -Werror builds still pass and we do not spam
build logs.
Still, this should give us a much better roadmap to
work on these issues one by one while still enabling
the warnings for a lot of code-paths.
In general I did go for least amount of pragmas, so
usually there is only one override per file, covering
ALL of the failures in that file. While this protects
a lot of code that doesn't need it, it also cut down
the amount of pragmas by a lot.
This does cover gcc builds including mingw and clang
builds. Does not cover MSVC.
Once the amount of issues has been suitable reduced
more warnings could be enabled.
Change-Id: Iad5b00c35a1f1993b1fa99e8b945ab17b230ef59
Signed-off-by: Frank Lichtenheld <fr...@li...>
---
M CMakeLists.txt
M configure.ac
M src/openvpn/base64.c
M src/openvpn/buffer.h
M src/openvpn/comp-lz4.c
M src/openvpn/console_builtin.c
M src/openvpn/crypto.c
M src/openvpn/crypto_epoch.c
M src/openvpn/crypto_mbedtls.c
M src/openvpn/crypto_openssl.c
M src/openvpn/cryptoapi.c
M src/openvpn/dco.c
M src/openvpn/dco_freebsd.c
M src/openvpn/dco_linux.c
M src/openvpn/dco_win.c
M src/openvpn/dhcp.c
M src/openvpn/event.c
M src/openvpn/forward.c
M src/openvpn/gremlin.c
M src/openvpn/httpdigest.c
M src/openvpn/init.c
M src/openvpn/interval.c
M src/openvpn/lzo.c
M src/openvpn/manage.c
M src/openvpn/mbuf.c
M src/openvpn/misc.c
M src/openvpn/mroute.c
M src/openvpn/mss.c
M src/openvpn/mtcp.c
M src/openvpn/mtu.c
M src/openvpn/mudp.c
M src/openvpn/multi.c
M src/openvpn/networking_sitnl.c
M src/openvpn/ntlm.c
M src/openvpn/occ.c
M src/openvpn/openssl_compat.h
M src/openvpn/options.c
M src/openvpn/options_util.c
M src/openvpn/otime.c
M src/openvpn/otime.h
M src/openvpn/packet_id.c
M src/openvpn/packet_id.h
M src/openvpn/pkcs11.c
M src/openvpn/pkcs11_openssl.c
M src/openvpn/proxy.c
M src/openvpn/ps.c
M src/openvpn/push.c
M src/openvpn/push_util.c
M src/openvpn/reliable.c
M src/openvpn/route.c
M src/openvpn/schedule.c
M src/openvpn/socket.c
M src/openvpn/socks.c
M src/openvpn/ssl.c
M src/openvpn/ssl_mbedtls.c
M src/openvpn/ssl_ncp.c
M src/openvpn/ssl_openssl.c
M src/openvpn/ssl_pkt.c
M src/openvpn/ssl_util.c
M src/openvpn/ssl_verify.c
M src/openvpn/ssl_verify_mbedtls.c
M src/openvpn/ssl_verify_openssl.c
M src/openvpn/status.c
M src/openvpn/tls_crypt.c
M src/openvpn/tun.c
M src/openvpn/win32.c
M src/openvpnserv/interactive.c
M tests/unit_tests/openvpn/test_crypto.c
M tests/unit_tests/openvpn/test_misc.c
69 files changed, 630 insertions(+), 4 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/68/1168/5
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 35513e9..8e93653 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -113,8 +113,7 @@
check_and_add_compiler_flag(-Wno-stringop-truncation NoStringOpTruncation)
check_and_add_compiler_flag(-Wstrict-prototypes StrictPrototypes)
check_and_add_compiler_flag(-Wold-style-definition OldStyleDefinition)
- # We are not ready for this
- #add_compile_options(-Wconversion -Wno-sign-conversion -Wsign-compare)
+ add_compile_options(-Wconversion -Wno-sign-conversion)
if (USE_WERROR)
add_compile_options(-Werror)
endif ()
diff --git a/configure.ac b/configure.ac
index 7059871..957205e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1396,6 +1396,7 @@
ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-stringop-truncation])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wstrict-prototypes])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wold-style-definition])
+ACL_CHECK_ADD_COMPILE_FLAGS([-Wconversion -Wno-sign-conversion])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wall])
if test "${enable_pedantic}" = "yes"; then
diff --git a/src/openvpn/base64.c b/src/openvpn/base64.c
index 54d5b79..2a5a46d 100644
--- a/src/openvpn/base64.c
+++ b/src/openvpn/base64.c
@@ -41,6 +41,11 @@
#include "memdbg.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static char base64_chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
/*
* base64 encode input data of length size to malloced
@@ -197,3 +202,7 @@
}
return q - (unsigned char *)data;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/buffer.h b/src/openvpn/buffer.h
index 1405667..11a91be 100644
--- a/src/openvpn/buffer.h
+++ b/src/openvpn/buffer.h
@@ -119,7 +119,6 @@
struct gc_entry_special *list_special;
};
-
#define BPTR(buf) (buf_bptr(buf))
#define BEND(buf) (buf_bend(buf))
#define BLAST(buf) (buf_blast(buf))
diff --git a/src/openvpn/comp-lz4.c b/src/openvpn/comp-lz4.c
index 6736469..a78c664 100644
--- a/src/openvpn/comp-lz4.c
+++ b/src/openvpn/comp-lz4.c
@@ -88,6 +88,11 @@
compv2_escape_data_ifneeded(buf);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
do_lz4_decompress(size_t zlen_max, struct buffer *work, struct buffer *buf,
struct compress_context *compctx)
@@ -113,6 +118,10 @@
*buf = *work;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
lz4_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx,
const struct frame *frame)
diff --git a/src/openvpn/console_builtin.c b/src/openvpn/console_builtin.c
index b0228dd..71c0025 100644
--- a/src/openvpn/console_builtin.c
+++ b/src/openvpn/console_builtin.c
@@ -45,6 +45,11 @@
#include "win32.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* Get input from a Windows console.
*
@@ -134,6 +139,10 @@
return false;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* _WIN32 */
@@ -264,6 +273,10 @@
return ret;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
/**
* @copydoc query_user_exec()
@@ -296,3 +309,7 @@
return ret;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index a63e543..804d2ad 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -186,6 +186,11 @@
return;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
openvpn_encrypt_v1(struct buffer *buf, struct buffer work, struct crypto_options *opt)
{
@@ -1532,6 +1537,10 @@
gc_free(&gc);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
write_key_file(const int nkeys, const char *filename)
{
diff --git a/src/openvpn/crypto_epoch.c b/src/openvpn/crypto_epoch.c
index b5cbc8d..7026ff8 100644
--- a/src/openvpn/crypto_epoch.c
+++ b/src/openvpn/crypto_epoch.c
@@ -72,6 +72,11 @@
hmac_ctx_free(hmac_ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
ovpn_expand_label(const uint8_t *secret, size_t secret_len, const uint8_t *label, size_t label_len,
const uint8_t *context, size_t context_len, uint8_t *out, uint16_t out_len)
@@ -163,6 +168,10 @@
key->epoch = epoch_key->epoch;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
epoch_init_send_key_ctx(struct crypto_options *co)
{
diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c
index 86317dd..40978d9 100644
--- a/src/openvpn/crypto_mbedtls.c
+++ b/src/openvpn/crypto_mbedtls.c
@@ -230,6 +230,11 @@
"available\n");
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
crypto_pem_encode(const char *name, struct buffer *dst, const struct buffer *src,
struct gc_arena *gc)
@@ -760,6 +765,9 @@
return 1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
/*
*
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index 4fb6393..d82269c 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -895,6 +895,10 @@
return EVP_CIPHER_CTX_mode(ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
bool
cipher_ctx_mode_cbc(const cipher_ctx_t *ctx)
@@ -999,6 +1003,9 @@
return cipher_ctx_final(ctx, dst, dst_len);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
/*
*
diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c
index d91d9a1..bba6ed2 100644
--- a/src/openvpn/cryptoapi.c
+++ b/src/openvpn/cryptoapi.c
@@ -62,7 +62,7 @@
return 0;
}
-#else /* HAVE_XKEY_PROVIDER */
+#else /* HAVE_XKEY_PROVIDER */
static XKEY_EXTERNAL_SIGN_fn xkey_cng_sign;
@@ -342,6 +342,11 @@
return rv;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/** Sign hash in tbs using EC key in cd and NCryptSignHash */
static int
xkey_cng_ec_sign(CAPI_DATA *cd, unsigned char *sig, size_t *siglen, const unsigned char *tbs,
@@ -438,6 +443,10 @@
return (*siglen > 0);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/** Dispatch sign op to xkey_cng_<rsa/ec>_sign */
static int
xkey_cng_sign(void *handle, unsigned char *sig, size_t *siglen, const unsigned char *tbs,
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 1abebbb..fc45e67 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -491,6 +491,11 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
dco_p2p_add_new_peer(struct context *c)
{
@@ -645,6 +650,10 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
dco_install_iroute(struct multi_context *m, struct multi_instance *mi, struct mroute_addr *addr)
{
diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c
index 931f9f6..0bdad14 100644
--- a/src/openvpn/dco_freebsd.c
+++ b/src/openvpn/dco_freebsd.c
@@ -72,6 +72,11 @@
return (nvl);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static bool
nvlist_to_sockaddr(const nvlist_t *nvl, struct sockaddr_storage *ss)
{
@@ -854,6 +859,10 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err)
{
diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c
index 40674e7..3b08f33 100644
--- a/src/openvpn/dco_linux.c
+++ b/src/openvpn/dco_linux.c
@@ -62,6 +62,11 @@
typedef int (*ovpn_nl_cb)(struct nl_msg *msg, void *arg);
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* @brief resolves the netlink ID for ovpn-dco
*
@@ -1298,4 +1303,8 @@
return "AES-128-GCM:AES-256-GCM:AES-192-GCM:CHACHA20-POLY1305";
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* defined(ENABLE_DCO) && defined(TARGET_LINUX) */
diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c
index 01ba017..1dc5cf8 100644
--- a/src/openvpn/dco_win.c
+++ b/src/openvpn/dco_win.c
@@ -525,6 +525,11 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
dco_new_key(dco_context_t *dco, unsigned int peerid, int keyid, dco_key_slot_t slot,
const uint8_t *encrypt_key, const uint8_t *encrypt_iv, const uint8_t *decrypt_key,
@@ -564,6 +569,11 @@
}
return 0;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
dco_del_key(dco_context_t *dco, unsigned int peerid, dco_key_slot_t slot)
{
diff --git a/src/openvpn/dhcp.c b/src/openvpn/dhcp.c
index 7abade5..38e8d40 100644
--- a/src/openvpn/dhcp.c
+++ b/src/openvpn/dhcp.c
@@ -72,6 +72,11 @@
return -1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static in_addr_t
do_extract(struct dhcp *dhcp, int optlen)
{
@@ -185,3 +190,7 @@
}
return 0;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/event.c b/src/openvpn/event.c
index 581bdbb..2f60b78 100644
--- a/src/openvpn/event.c
+++ b/src/openvpn/event.c
@@ -65,6 +65,11 @@
#define SELECT_MAX_FDS 256
#endif
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline int
tv_to_ms_timeout(const struct timeval *tv)
{
@@ -78,6 +83,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#ifdef _WIN32
struct we_set
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 03b6a0c..5dc244a 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -367,6 +367,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
send_control_channel_string_dowork(struct tls_session *session, const char *str, int msglevel)
{
@@ -1965,6 +1970,10 @@
perf_pop();
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
pre_select(struct context *c)
{
diff --git a/src/openvpn/gremlin.c b/src/openvpn/gremlin.c
index e6ebbef..0e5e93f 100644
--- a/src/openvpn/gremlin.c
+++ b/src/openvpn/gremlin.c
@@ -98,6 +98,11 @@
return (get_random() % n) == 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Return uniformly distributed random number between
* low and high.
@@ -229,4 +234,9 @@
}
}
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* ifdef ENABLE_DEBUG */
diff --git a/src/openvpn/httpdigest.c b/src/openvpn/httpdigest.c
index be20638..f665b17 100644
--- a/src/openvpn/httpdigest.c
+++ b/src/openvpn/httpdigest.c
@@ -61,6 +61,11 @@
Hex[HASHHEXLEN] = '\0';
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/* calculate H(A1) as per spec */
void
DigestCalcHA1(IN char *pszAlg, IN char *pszUserName, IN char *pszRealm, IN char *pszPassword,
@@ -145,4 +150,8 @@
CvtHex(RespHash, Response);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* if PROXY_DIGEST_AUTH */
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 39ea8e4..fcb3365 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -455,6 +455,11 @@
}
#endif /* ENABLE_MANAGEMENT */
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Initialize and possibly randomize the connection list.
*
@@ -3490,6 +3495,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* No encryption or authentication.
*/
diff --git a/src/openvpn/interval.c b/src/openvpn/interval.c
index 2b35314..fbefcd9 100644
--- a/src/openvpn/interval.c
+++ b/src/openvpn/interval.c
@@ -38,6 +38,11 @@
top->horizon = horizon;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
event_timeout_trigger(struct event_timeout *et, struct timeval *tv, const int et_const_retry)
{
@@ -77,3 +82,7 @@
}
return ret;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/lzo.c b/src/openvpn/lzo.c
index 3a73d5f..8daaec0 100644
--- a/src/openvpn/lzo.c
+++ b/src/openvpn/lzo.c
@@ -72,6 +72,11 @@
*header = NO_COMPRESS_BYTE;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
lzo_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx,
const struct frame *frame)
@@ -121,6 +126,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
const struct compress_alg lzo_alg = { "lzo", lzo_compress_init, lzo_compress_uninit, lzo_compress,
lzo_decompress };
#endif /* ENABLE_LZO */
diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index 5b2a7de..207247e 100644
--- a/src/openvpn/manage.c
+++ b/src/openvpn/manage.c
@@ -203,6 +203,11 @@
return man->settings.up.defined && !man->connection.password_verified;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
man_check_password(struct management *man, const char *line)
{
@@ -4172,6 +4177,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#else /* ifdef ENABLE_MANAGEMENT */
#include "win32.h"
diff --git a/src/openvpn/mbuf.c b/src/openvpn/mbuf.c
index 0750fec..448124c 100644
--- a/src/openvpn/mbuf.c
+++ b/src/openvpn/mbuf.c
@@ -34,6 +34,11 @@
#include "memdbg.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
struct mbuf_set *
mbuf_init(unsigned int size)
{
@@ -44,6 +49,10 @@
return ret;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
mbuf_free(struct mbuf_set *ms)
{
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index 59bf52b..e0fddac 100644
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -105,6 +105,11 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* Parses an authentication challenge string and returns an auth_challenge_info structure.
* The authentication challenge string should follow the dynamic challenge/response protocol.
@@ -461,6 +466,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
purge_user_pass(struct user_pass *up, const bool force)
{
diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c
index ab01874..88ea647 100644
--- a/src/openvpn/mroute.c
+++ b/src/openvpn/mroute.c
@@ -103,6 +103,11 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline void
mroute_get_in_addr_t(struct mroute_addr *ma, const in_addr_t src, unsigned int mask)
{
@@ -547,6 +552,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
mroute_helper_free(struct mroute_helper *mh)
{
diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c
index 32cd3f8..e7111a8 100644
--- a/src/openvpn/mss.c
+++ b/src/openvpn/mss.c
@@ -130,6 +130,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* change TCP MSS option in SYN/SYN-ACK packets, if present
* this is generic for IPv4 and IPv6, as the TCP header is the same
@@ -199,6 +204,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static inline size_t
adjust_payload_max_cbc(const struct key_type *kt, size_t target)
{
diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c
index 81310a2..83edec6 100644
--- a/src/openvpn/mtcp.c
+++ b/src/openvpn/mtcp.c
@@ -45,6 +45,11 @@
unsigned int sock;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
struct multi_instance *
multi_create_instance_tcp(struct multi_context *m, struct link_socket *sock)
{
@@ -120,6 +125,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
multi_tcp_instance_specific_free(struct multi_instance *mi)
{
diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c
index a419e32..1e021e3 100644
--- a/src/openvpn/mtu.c
+++ b/src/openvpn/mtu.c
@@ -280,6 +280,11 @@
struct timeval tv;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
const char *
format_extended_socket_error(int fd, int *mtu, struct gc_arena *gc)
{
@@ -389,6 +394,10 @@
return BSTR(&out);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
set_sock_extended_error_passing(int sd, sa_family_t proto_af)
{
diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c
index 31134be..a373a6a 100644
--- a/src/openvpn/mudp.c
+++ b/src/openvpn/mudp.c
@@ -180,6 +180,11 @@
return false;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Get a client instance based on real address. If
* the instance doesn't exist, create it while
@@ -310,6 +315,10 @@
return mi;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* Send a packet to UDP socket.
*/
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index f1abdbe..053e779 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -279,6 +279,11 @@
}
#endif
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Main initialization function, init multi_context object.
*/
@@ -3986,6 +3991,10 @@
return count;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
management_delete_event(void *arg, event_t event)
{
diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c
index 4210e92..168401f 100644
--- a/src/openvpn/networking_sitnl.c
+++ b/src/openvpn/networking_sitnl.c
@@ -130,6 +130,11 @@
inet_address_t gw;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* Helper function used to easily add attributes to a rtnl message
*/
@@ -1461,6 +1466,10 @@
return sitnl_send(&req.n, 0, 0, NULL, NULL);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* !ENABLE_SITNL */
#endif /* TARGET_LINUX */
diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c
index c2a93e8..521677b 100644
--- a/src/openvpn/ntlm.c
+++ b/src/openvpn/ntlm.c
@@ -74,6 +74,11 @@
hmac_ctx_free(hmac_ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
gen_timestamp(uint8_t *timestamp)
{
@@ -383,4 +388,8 @@
return ((const char *)make_base64_string2((unsigned char *)phase3, phase3_bufpos, gc));
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
#endif /* if NTLM */
diff --git a/src/openvpn/occ.c b/src/openvpn/occ.c
index 8821a06..78013ae 100644
--- a/src/openvpn/occ.c
+++ b/src/openvpn/occ.c
@@ -174,6 +174,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
void
check_send_occ_load_test_dowork(struct context *c)
{
@@ -347,6 +352,10 @@
c->c2.occ_op = -1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
process_received_occ_msg(struct context *c)
{
diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h
index 143a3cf..6607f2d 100644
--- a/src/openvpn/openssl_compat.h
+++ b/src/openvpn/openssl_compat.h
@@ -194,12 +194,21 @@
LIBRESSL_VERSION_NUMBER > 0x3050400fL) */
#if OPENSSL_VERSION_NUMBER < 0x30200000L && OPENSSL_VERSION_NUMBER >= 0x30000000L
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline const char *
SSL_get0_group_name(SSL *s)
{
int nid = SSL_get_negotiated_group(s);
return SSL_group_to_name(s, nid);
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
#endif
#endif /* OPENSSL_COMPAT_H_ */
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index a268b92..1ed5966 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -1158,6 +1158,11 @@
return get_ipv6_addr(ipv6_prefix_spec, &t_addr, &t_bits, M_WARN);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static char *
string_substitute(const char *src, int from, int to, struct gc_arena *gc)
{
@@ -9908,6 +9913,10 @@
gc_free(&gc);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
bool
has_udp_in_local_list(const struct options *options)
{
diff --git a/src/openvpn/options_util.c b/src/openvpn/options_util.c
index be1eefc..15a1c0c 100644
--- a/src/openvpn/options_util.c
+++ b/src/openvpn/options_util.c
@@ -146,6 +146,11 @@
return (int)i;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
atoi_constrained(const char *str, int *value, const char *name, int min, int max, int msglevel)
{
@@ -177,6 +182,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static const char *updatable_options[] = { "block-ipv6", "block-outside-dns",
"dhcp-option", "dns",
"ifconfig", "ifconfig-ipv6",
diff --git a/src/openvpn/otime.c b/src/openvpn/otime.c
index 717f749..d9bf157 100644
--- a/src/openvpn/otime.c
+++ b/src/openvpn/otime.c
@@ -100,6 +100,11 @@
/* format a time_t as ascii, or use current time if 0 */
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
const char *
time_string(time_t t, long usec, bool show_usec, struct gc_arena *gc)
{
@@ -130,6 +135,10 @@
return BSTR(&out);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* Limit the frequency of an event stream.
*
diff --git a/src/openvpn/otime.h b/src/openvpn/otime.h
index 5c700bb..108d0f2 100644
--- a/src/openvpn/otime.h
+++ b/src/openvpn/otime.h
@@ -59,6 +59,11 @@
extern time_t now_usec;
void update_now_usec(struct timeval *tv);
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline int
openvpn_gettimeofday(struct timeval *tv, void *tz)
{
@@ -236,6 +241,10 @@
dest->tv_usec = usec;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#define TV_WITHIN_SIGMA_MAX_SEC 600
#define TV_WITHIN_SIGMA_MAX_USEC (TV_WITHIN_SIGMA_MAX_SEC * 1000000)
diff --git a/src/openvpn/packet_id.c b/src/openvpn/packet_id.c
index 09696db..0b33c9c 100644
--- a/src/openvpn/packet_id.c
+++ b/src/openvpn/packet_id.c
@@ -71,6 +71,11 @@
#endif
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
packet_id_init_recv(struct packet_id_rec *rec, int seq_backtrack, int time_backtrack,
const char *name, int unit)
@@ -662,6 +667,10 @@
return epoch;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
bool
packet_id_write_epoch(struct packet_id_send *p, uint16_t epoch, struct buffer *buf)
{
diff --git a/src/openvpn/packet_id.h b/src/openvpn/packet_id.h
index a7eb256..e9d3647 100644
--- a/src/openvpn/packet_id.h
+++ b/src/openvpn/packet_id.h
@@ -280,6 +280,11 @@
return p->fd >= 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/* transfer packet_id -> packet_id_persist */
static inline void
packet_id_persist_save_obj(struct packet_id_persist *p, const struct packet_id *pid)
@@ -291,6 +296,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/**
* Reset the current send packet id to its initial state.
* Use very carefully (e.g. in the standalone reset packet context) to
diff --git a/src/openvpn/pkcs11.c b/src/openvpn/pkcs11.c
index dfc87f6..25071e2 100644
--- a/src/openvpn/pkcs11.c
+++ b/src/openvpn/pkcs11.c
@@ -426,6 +426,11 @@
return count;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
pkcs11_management_id_get(const int index, char **id, char **base64)
{
@@ -558,6 +563,10 @@
return success;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
tls_ctx_use_pkcs11(struct tls_root_ctx *const ssl_ctx, bool pkcs11_id_management,
const char *const pkcs11_id)
diff --git a/src/openvpn/pkcs11_openssl....
[truncated message content] |
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-09-03 18:38:51
|
Attention is currently required from: plaisthos.
Hello plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1168?usp=email
to look at the new patch set (#6).
Change subject: Enable -Wconversion -Wno-sign-conversion by default
......................................................................
Enable -Wconversion -Wno-sign-conversion by default
Grand-father all known locations of existing errors,
so that -Werror builds still pass and we do not spam
build logs.
Still, this should give us a much better roadmap to
work on these issues one by one while still enabling
the warnings for a lot of code-paths.
In general I did go for least amount of pragmas, so
usually there is only one override per file, covering
ALL of the failures in that file. While this protects
a lot of code that doesn't need it, it also cut down
the amount of pragmas by a lot.
This does cover gcc builds including mingw and clang
builds. Does not cover MSVC.
Once the amount of issues has been suitable reduced
more warnings could be enabled.
Change-Id: Iad5b00c35a1f1993b1fa99e8b945ab17b230ef59
Signed-off-by: Frank Lichtenheld <fr...@li...>
---
M CMakeLists.txt
M configure.ac
M src/openvpn/base64.c
M src/openvpn/buffer.h
M src/openvpn/comp-lz4.c
M src/openvpn/console_builtin.c
M src/openvpn/crypto.c
M src/openvpn/crypto_epoch.c
M src/openvpn/crypto_mbedtls.c
M src/openvpn/crypto_openssl.c
M src/openvpn/cryptoapi.c
M src/openvpn/dco.c
M src/openvpn/dco_freebsd.c
M src/openvpn/dco_linux.c
M src/openvpn/dco_win.c
M src/openvpn/dhcp.c
M src/openvpn/event.c
M src/openvpn/forward.c
M src/openvpn/gremlin.c
M src/openvpn/httpdigest.c
M src/openvpn/init.c
M src/openvpn/interval.c
M src/openvpn/lzo.c
M src/openvpn/manage.c
M src/openvpn/mbuf.c
M src/openvpn/misc.c
M src/openvpn/mroute.c
M src/openvpn/mss.c
M src/openvpn/mtcp.c
M src/openvpn/mtu.c
M src/openvpn/mudp.c
M src/openvpn/multi.c
M src/openvpn/networking_sitnl.c
M src/openvpn/ntlm.c
M src/openvpn/occ.c
M src/openvpn/openssl_compat.h
M src/openvpn/options.c
M src/openvpn/options_util.c
M src/openvpn/otime.c
M src/openvpn/otime.h
M src/openvpn/packet_id.c
M src/openvpn/packet_id.h
M src/openvpn/pkcs11.c
M src/openvpn/pkcs11_openssl.c
M src/openvpn/proxy.c
M src/openvpn/ps.c
M src/openvpn/push.c
M src/openvpn/push_util.c
M src/openvpn/reliable.c
M src/openvpn/route.c
M src/openvpn/schedule.c
M src/openvpn/socket.c
M src/openvpn/socks.c
M src/openvpn/ssl.c
M src/openvpn/ssl_mbedtls.c
M src/openvpn/ssl_ncp.c
M src/openvpn/ssl_openssl.c
M src/openvpn/ssl_pkt.c
M src/openvpn/ssl_util.c
M src/openvpn/ssl_verify.c
M src/openvpn/ssl_verify_mbedtls.c
M src/openvpn/ssl_verify_openssl.c
M src/openvpn/status.c
M src/openvpn/tls_crypt.c
M src/openvpn/tun.c
M src/openvpn/vlan.c
M src/openvpn/win32.c
M src/openvpnserv/interactive.c
M tests/unit_tests/openvpn/test_crypto.c
M tests/unit_tests/openvpn/test_misc.c
70 files changed, 666 insertions(+), 4 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/68/1168/6
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 35513e9..8e93653 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -113,8 +113,7 @@
check_and_add_compiler_flag(-Wno-stringop-truncation NoStringOpTruncation)
check_and_add_compiler_flag(-Wstrict-prototypes StrictPrototypes)
check_and_add_compiler_flag(-Wold-style-definition OldStyleDefinition)
- # We are not ready for this
- #add_compile_options(-Wconversion -Wno-sign-conversion -Wsign-compare)
+ add_compile_options(-Wconversion -Wno-sign-conversion)
if (USE_WERROR)
add_compile_options(-Werror)
endif ()
diff --git a/configure.ac b/configure.ac
index 7059871..957205e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1396,6 +1396,7 @@
ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-stringop-truncation])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wstrict-prototypes])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wold-style-definition])
+ACL_CHECK_ADD_COMPILE_FLAGS([-Wconversion -Wno-sign-conversion])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wall])
if test "${enable_pedantic}" = "yes"; then
diff --git a/src/openvpn/base64.c b/src/openvpn/base64.c
index 54d5b79..2a5a46d 100644
--- a/src/openvpn/base64.c
+++ b/src/openvpn/base64.c
@@ -41,6 +41,11 @@
#include "memdbg.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static char base64_chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
/*
* base64 encode input data of length size to malloced
@@ -197,3 +202,7 @@
}
return q - (unsigned char *)data;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/buffer.h b/src/openvpn/buffer.h
index 1405667..11a91be 100644
--- a/src/openvpn/buffer.h
+++ b/src/openvpn/buffer.h
@@ -119,7 +119,6 @@
struct gc_entry_special *list_special;
};
-
#define BPTR(buf) (buf_bptr(buf))
#define BEND(buf) (buf_bend(buf))
#define BLAST(buf) (buf_blast(buf))
diff --git a/src/openvpn/comp-lz4.c b/src/openvpn/comp-lz4.c
index 6736469..a78c664 100644
--- a/src/openvpn/comp-lz4.c
+++ b/src/openvpn/comp-lz4.c
@@ -88,6 +88,11 @@
compv2_escape_data_ifneeded(buf);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
do_lz4_decompress(size_t zlen_max, struct buffer *work, struct buffer *buf,
struct compress_context *compctx)
@@ -113,6 +118,10 @@
*buf = *work;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
lz4_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx,
const struct frame *frame)
diff --git a/src/openvpn/console_builtin.c b/src/openvpn/console_builtin.c
index b0228dd..71c0025 100644
--- a/src/openvpn/console_builtin.c
+++ b/src/openvpn/console_builtin.c
@@ -45,6 +45,11 @@
#include "win32.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* Get input from a Windows console.
*
@@ -134,6 +139,10 @@
return false;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* _WIN32 */
@@ -264,6 +273,10 @@
return ret;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
/**
* @copydoc query_user_exec()
@@ -296,3 +309,7 @@
return ret;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index a63e543..804d2ad 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -186,6 +186,11 @@
return;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
openvpn_encrypt_v1(struct buffer *buf, struct buffer work, struct crypto_options *opt)
{
@@ -1532,6 +1537,10 @@
gc_free(&gc);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
write_key_file(const int nkeys, const char *filename)
{
diff --git a/src/openvpn/crypto_epoch.c b/src/openvpn/crypto_epoch.c
index b5cbc8d..7026ff8 100644
--- a/src/openvpn/crypto_epoch.c
+++ b/src/openvpn/crypto_epoch.c
@@ -72,6 +72,11 @@
hmac_ctx_free(hmac_ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
ovpn_expand_label(const uint8_t *secret, size_t secret_len, const uint8_t *label, size_t label_len,
const uint8_t *context, size_t context_len, uint8_t *out, uint16_t out_len)
@@ -163,6 +168,10 @@
key->epoch = epoch_key->epoch;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
epoch_init_send_key_ctx(struct crypto_options *co)
{
diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c
index 86317dd..40978d9 100644
--- a/src/openvpn/crypto_mbedtls.c
+++ b/src/openvpn/crypto_mbedtls.c
@@ -230,6 +230,11 @@
"available\n");
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
crypto_pem_encode(const char *name, struct buffer *dst, const struct buffer *src,
struct gc_arena *gc)
@@ -760,6 +765,9 @@
return 1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
/*
*
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index 4fb6393..f1bfd9f 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -895,6 +895,10 @@
return EVP_CIPHER_CTX_mode(ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
bool
cipher_ctx_mode_cbc(const cipher_ctx_t *ctx)
@@ -999,6 +1003,9 @@
return cipher_ctx_final(ctx, dst, dst_len);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
/*
*
@@ -1214,12 +1221,21 @@
HMAC_CTX_reset(ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
hmac_ctx_size(HMAC_CTX *ctx)
{
return HMAC_size(ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
hmac_ctx_reset(HMAC_CTX *ctx)
{
diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c
index d91d9a1..bba6ed2 100644
--- a/src/openvpn/cryptoapi.c
+++ b/src/openvpn/cryptoapi.c
@@ -62,7 +62,7 @@
return 0;
}
-#else /* HAVE_XKEY_PROVIDER */
+#else /* HAVE_XKEY_PROVIDER */
static XKEY_EXTERNAL_SIGN_fn xkey_cng_sign;
@@ -342,6 +342,11 @@
return rv;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/** Sign hash in tbs using EC key in cd and NCryptSignHash */
static int
xkey_cng_ec_sign(CAPI_DATA *cd, unsigned char *sig, size_t *siglen, const unsigned char *tbs,
@@ -438,6 +443,10 @@
return (*siglen > 0);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/** Dispatch sign op to xkey_cng_<rsa/ec>_sign */
static int
xkey_cng_sign(void *handle, unsigned char *sig, size_t *siglen, const unsigned char *tbs,
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 1abebbb..fc45e67 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -491,6 +491,11 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
dco_p2p_add_new_peer(struct context *c)
{
@@ -645,6 +650,10 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
dco_install_iroute(struct multi_context *m, struct multi_instance *mi, struct mroute_addr *addr)
{
diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c
index 931f9f6..0bdad14 100644
--- a/src/openvpn/dco_freebsd.c
+++ b/src/openvpn/dco_freebsd.c
@@ -72,6 +72,11 @@
return (nvl);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static bool
nvlist_to_sockaddr(const nvlist_t *nvl, struct sockaddr_storage *ss)
{
@@ -854,6 +859,10 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err)
{
diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c
index 40674e7..3b08f33 100644
--- a/src/openvpn/dco_linux.c
+++ b/src/openvpn/dco_linux.c
@@ -62,6 +62,11 @@
typedef int (*ovpn_nl_cb)(struct nl_msg *msg, void *arg);
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* @brief resolves the netlink ID for ovpn-dco
*
@@ -1298,4 +1303,8 @@
return "AES-128-GCM:AES-256-GCM:AES-192-GCM:CHACHA20-POLY1305";
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* defined(ENABLE_DCO) && defined(TARGET_LINUX) */
diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c
index 01ba017..1dc5cf8 100644
--- a/src/openvpn/dco_win.c
+++ b/src/openvpn/dco_win.c
@@ -525,6 +525,11 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
dco_new_key(dco_context_t *dco, unsigned int peerid, int keyid, dco_key_slot_t slot,
const uint8_t *encrypt_key, const uint8_t *encrypt_iv, const uint8_t *decrypt_key,
@@ -564,6 +569,11 @@
}
return 0;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
dco_del_key(dco_context_t *dco, unsigned int peerid, dco_key_slot_t slot)
{
diff --git a/src/openvpn/dhcp.c b/src/openvpn/dhcp.c
index 7abade5..38e8d40 100644
--- a/src/openvpn/dhcp.c
+++ b/src/openvpn/dhcp.c
@@ -72,6 +72,11 @@
return -1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static in_addr_t
do_extract(struct dhcp *dhcp, int optlen)
{
@@ -185,3 +190,7 @@
}
return 0;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/event.c b/src/openvpn/event.c
index 581bdbb..2f60b78 100644
--- a/src/openvpn/event.c
+++ b/src/openvpn/event.c
@@ -65,6 +65,11 @@
#define SELECT_MAX_FDS 256
#endif
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline int
tv_to_ms_timeout(const struct timeval *tv)
{
@@ -78,6 +83,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#ifdef _WIN32
struct we_set
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 03b6a0c..5dc244a 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -367,6 +367,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
send_control_channel_string_dowork(struct tls_session *session, const char *str, int msglevel)
{
@@ -1965,6 +1970,10 @@
perf_pop();
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
pre_select(struct context *c)
{
diff --git a/src/openvpn/gremlin.c b/src/openvpn/gremlin.c
index e6ebbef..0e5e93f 100644
--- a/src/openvpn/gremlin.c
+++ b/src/openvpn/gremlin.c
@@ -98,6 +98,11 @@
return (get_random() % n) == 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Return uniformly distributed random number between
* low and high.
@@ -229,4 +234,9 @@
}
}
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* ifdef ENABLE_DEBUG */
diff --git a/src/openvpn/httpdigest.c b/src/openvpn/httpdigest.c
index be20638..f665b17 100644
--- a/src/openvpn/httpdigest.c
+++ b/src/openvpn/httpdigest.c
@@ -61,6 +61,11 @@
Hex[HASHHEXLEN] = '\0';
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/* calculate H(A1) as per spec */
void
DigestCalcHA1(IN char *pszAlg, IN char *pszUserName, IN char *pszRealm, IN char *pszPassword,
@@ -145,4 +150,8 @@
CvtHex(RespHash, Response);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* if PROXY_DIGEST_AUTH */
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 39ea8e4..fcb3365 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -455,6 +455,11 @@
}
#endif /* ENABLE_MANAGEMENT */
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Initialize and possibly randomize the connection list.
*
@@ -3490,6 +3495,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* No encryption or authentication.
*/
diff --git a/src/openvpn/interval.c b/src/openvpn/interval.c
index 2b35314..fbefcd9 100644
--- a/src/openvpn/interval.c
+++ b/src/openvpn/interval.c
@@ -38,6 +38,11 @@
top->horizon = horizon;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
event_timeout_trigger(struct event_timeout *et, struct timeval *tv, const int et_const_retry)
{
@@ -77,3 +82,7 @@
}
return ret;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/lzo.c b/src/openvpn/lzo.c
index 3a73d5f..8daaec0 100644
--- a/src/openvpn/lzo.c
+++ b/src/openvpn/lzo.c
@@ -72,6 +72,11 @@
*header = NO_COMPRESS_BYTE;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
lzo_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx,
const struct frame *frame)
@@ -121,6 +126,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
const struct compress_alg lzo_alg = { "lzo", lzo_compress_init, lzo_compress_uninit, lzo_compress,
lzo_decompress };
#endif /* ENABLE_LZO */
diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index 5b2a7de..207247e 100644
--- a/src/openvpn/manage.c
+++ b/src/openvpn/manage.c
@@ -203,6 +203,11 @@
return man->settings.up.defined && !man->connection.password_verified;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
man_check_password(struct management *man, const char *line)
{
@@ -4172,6 +4177,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#else /* ifdef ENABLE_MANAGEMENT */
#include "win32.h"
diff --git a/src/openvpn/mbuf.c b/src/openvpn/mbuf.c
index 0750fec..448124c 100644
--- a/src/openvpn/mbuf.c
+++ b/src/openvpn/mbuf.c
@@ -34,6 +34,11 @@
#include "memdbg.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
struct mbuf_set *
mbuf_init(unsigned int size)
{
@@ -44,6 +49,10 @@
return ret;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
mbuf_free(struct mbuf_set *ms)
{
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index 59bf52b..e0fddac 100644
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -105,6 +105,11 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* Parses an authentication challenge string and returns an auth_challenge_info structure.
* The authentication challenge string should follow the dynamic challenge/response protocol.
@@ -461,6 +466,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
purge_user_pass(struct user_pass *up, const bool force)
{
diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c
index ab01874..88ea647 100644
--- a/src/openvpn/mroute.c
+++ b/src/openvpn/mroute.c
@@ -103,6 +103,11 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline void
mroute_get_in_addr_t(struct mroute_addr *ma, const in_addr_t src, unsigned int mask)
{
@@ -547,6 +552,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
mroute_helper_free(struct mroute_helper *mh)
{
diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c
index 32cd3f8..e7111a8 100644
--- a/src/openvpn/mss.c
+++ b/src/openvpn/mss.c
@@ -130,6 +130,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* change TCP MSS option in SYN/SYN-ACK packets, if present
* this is generic for IPv4 and IPv6, as the TCP header is the same
@@ -199,6 +204,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static inline size_t
adjust_payload_max_cbc(const struct key_type *kt, size_t target)
{
diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c
index 81310a2..83edec6 100644
--- a/src/openvpn/mtcp.c
+++ b/src/openvpn/mtcp.c
@@ -45,6 +45,11 @@
unsigned int sock;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
struct multi_instance *
multi_create_instance_tcp(struct multi_context *m, struct link_socket *sock)
{
@@ -120,6 +125,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
multi_tcp_instance_specific_free(struct multi_instance *mi)
{
diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c
index a419e32..1e021e3 100644
--- a/src/openvpn/mtu.c
+++ b/src/openvpn/mtu.c
@@ -280,6 +280,11 @@
struct timeval tv;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
const char *
format_extended_socket_error(int fd, int *mtu, struct gc_arena *gc)
{
@@ -389,6 +394,10 @@
return BSTR(&out);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
set_sock_extended_error_passing(int sd, sa_family_t proto_af)
{
diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c
index 31134be..a373a6a 100644
--- a/src/openvpn/mudp.c
+++ b/src/openvpn/mudp.c
@@ -180,6 +180,11 @@
return false;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Get a client instance based on real address. If
* the instance doesn't exist, create it while
@@ -310,6 +315,10 @@
return mi;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* Send a packet to UDP socket.
*/
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index f1abdbe..e74affa 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -262,6 +262,11 @@
#endif
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
#ifdef ENABLE_ASYNC_PUSH
static uint32_t
/*
@@ -3986,6 +3991,10 @@
return count;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
management_delete_event(void *arg, event_t event)
{
diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c
index 4210e92..168401f 100644
--- a/src/openvpn/networking_sitnl.c
+++ b/src/openvpn/networking_sitnl.c
@@ -130,6 +130,11 @@
inet_address_t gw;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* Helper function used to easily add attributes to a rtnl message
*/
@@ -1461,6 +1466,10 @@
return sitnl_send(&req.n, 0, 0, NULL, NULL);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* !ENABLE_SITNL */
#endif /* TARGET_LINUX */
diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c
index c2a93e8..521677b 100644
--- a/src/openvpn/ntlm.c
+++ b/src/openvpn/ntlm.c
@@ -74,6 +74,11 @@
hmac_ctx_free(hmac_ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
gen_timestamp(uint8_t *timestamp)
{
@@ -383,4 +388,8 @@
return ((const char *)make_base64_string2((unsigned char *)phase3, phase3_bufpos, gc));
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
#endif /* if NTLM */
diff --git a/src/openvpn/occ.c b/src/openvpn/occ.c
index 8821a06..78013ae 100644
--- a/src/openvpn/occ.c
+++ b/src/openvpn/occ.c
@@ -174,6 +174,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
void
check_send_occ_load_test_dowork(struct context *c)
{
@@ -347,6 +352,10 @@
c->c2.occ_op = -1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
process_received_occ_msg(struct context *c)
{
diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h
index 143a3cf..6607f2d 100644
--- a/src/openvpn/openssl_compat.h
+++ b/src/openvpn/openssl_compat.h
@@ -194,12 +194,21 @@
LIBRESSL_VERSION_NUMBER > 0x3050400fL) */
#if OPENSSL_VERSION_NUMBER < 0x30200000L && OPENSSL_VERSION_NUMBER >= 0x30000000L
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline const char *
SSL_get0_group_name(SSL *s)
{
int nid = SSL_get_negotiated_group(s);
return SSL_group_to_name(s, nid);
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
#endif
#endif /* OPENSSL_COMPAT_H_ */
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index a268b92..1ed5966 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -1158,6 +1158,11 @@
return get_ipv6_addr(ipv6_prefix_spec, &t_addr, &t_bits, M_WARN);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static char *
string_substitute(const char *src, int from, int to, struct gc_arena *gc)
{
@@ -9908,6 +9913,10 @@
gc_free(&gc);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
bool
has_udp_in_local_list(const struct options *options)
{
diff --git a/src/openvpn/options_util.c b/src/openvpn/options_util.c
index be1eefc..15a1c0c 100644
--- a/src/openvpn/options_util.c
+++ b/src/openvpn/options_util.c
@@ -146,6 +146,11 @@
return (int)i;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
atoi_constrained(const char *str, int *value, const char *name, int min, int max, int msglevel)
{
@@ -177,6 +182,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static const char *updatable_options[] = { "block-ipv6", "block-outside-dns",
"dhcp-option", "dns",
"ifconfig", "ifconfig-ipv6",
diff --git a/src/openvpn/otime.c b/src/openvpn/otime.c
index 717f749..d9bf157 100644
--- a/src/openvpn/otime.c
+++ b/src/openvpn/otime.c
@@ -100,6 +100,11 @@
/* format a time_t as ascii, or use current time if 0 */
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
const char *
time_string(time_t t, long usec, bool show_usec, struct gc_arena *gc)
{
@@ -130,6 +135,10 @@
return BSTR(&out);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* Limit the frequency of an event stream.
*
diff --git a/src/openvpn/otime.h b/src/openvpn/otime.h
index 5c700bb..108d0f2 100644
--- a/src/openvpn/otime.h
+++ b/src/openvpn/otime.h
@@ -59,6 +59,11 @@
extern time_t now_usec;
void update_now_usec(struct timeval *tv);
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline int
openvpn_gettimeofday(struct timeval *tv, void *tz)
{
@@ -236,6 +241,10 @@
dest->tv_usec = usec;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#define TV_WITHIN_SIGMA_MAX_SEC 600
#define TV_WITHIN_SIGMA_MAX_USEC (TV_WITHIN_SIGMA_MAX_SEC * 1000000)
diff --git a/src/openvpn/packet_id.c b/src/openvpn/packet_id.c
index 09696db..0b33c9c 100644
--- a/src/openvpn/packet_id.c
+++ b/src/openvpn/packet_id.c
@@ -71,6 +71,11 @@
#endif
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
packet_id_init_recv(struct packet_id_rec *rec, int seq_backtrack, int time_backtrack,
const char *name, int unit)
@@ -662,6 +667,10 @@
return epoch;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
bool
packet_id_write_epoch(struct packet_id_send *p, uint16_t epoch, struct buffer *buf)
{
diff --git a/src/openvpn/packet_id.h b/src/openvpn/packet_id.h
index a7eb256..e9d3647 100644
--- a/src/openvpn/packet_id.h
+++ b/src/openvpn/packet_id.h
@@ -280,6 +280,11 @@
return p->fd >= 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/* transfer packet_id -> packet_id_persist */
static inline void
packet_id_persist_save_obj(struct packet_id_persist *p, const struct packet_id *pid)
@@ -291,6 +296,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/**
* Reset the current send packet id to its initial state.
* Use very carefully (e.g. in the standalone reset packet context) to
diff --git a/src/openvpn/pkcs11.c b/src/openvpn/pkcs11.c
index dfc87f6..d9c16d9 100644
--- a/src/openvpn/pkcs11.c
+++ b/src/openvpn/pkcs11.c
@@ -53,6 +53,11 @@
}
#endif
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
__mysle...
[truncated message content] |
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-09-03 19:26:29
|
Attention is currently required from: plaisthos.
Hello plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1168?usp=email
to look at the new patch set (#7).
Change subject: Enable -Wconversion -Wno-sign-conversion by default
......................................................................
Enable -Wconversion -Wno-sign-conversion by default
Grand-father all known locations of existing errors,
so that -Werror builds still pass and we do not spam
build logs.
Still, this should give us a much better roadmap to
work on these issues one by one while still enabling
the warnings for a lot of code-paths.
In general I did go for least amount of pragmas, so
usually there is only one override per file, covering
ALL of the failures in that file. While this protects
a lot of code that doesn't need it, it also cut down
the amount of pragmas by a lot.
This does cover gcc builds including mingw and clang
builds. Does not cover MSVC.
Once the amount of issues has been suitable reduced
more warnings could be enabled.
Change-Id: Iad5b00c35a1f1993b1fa99e8b945ab17b230ef59
Signed-off-by: Frank Lichtenheld <fr...@li...>
---
M CMakeLists.txt
M configure.ac
M src/openvpn/base64.c
M src/openvpn/buffer.h
M src/openvpn/comp-lz4.c
M src/openvpn/console_builtin.c
M src/openvpn/crypto.c
M src/openvpn/crypto_epoch.c
M src/openvpn/crypto_mbedtls.c
M src/openvpn/crypto_openssl.c
M src/openvpn/cryptoapi.c
M src/openvpn/dco.c
M src/openvpn/dco_freebsd.c
M src/openvpn/dco_linux.c
M src/openvpn/dco_win.c
M src/openvpn/dhcp.c
M src/openvpn/event.c
M src/openvpn/forward.c
M src/openvpn/gremlin.c
M src/openvpn/httpdigest.c
M src/openvpn/init.c
M src/openvpn/interval.c
M src/openvpn/lzo.c
M src/openvpn/manage.c
M src/openvpn/mbuf.c
M src/openvpn/misc.c
M src/openvpn/mroute.c
M src/openvpn/mss.c
M src/openvpn/mtcp.c
M src/openvpn/mtu.c
M src/openvpn/mudp.c
M src/openvpn/multi.c
M src/openvpn/networking_sitnl.c
M src/openvpn/ntlm.c
M src/openvpn/occ.c
M src/openvpn/openssl_compat.h
M src/openvpn/options.c
M src/openvpn/options_util.c
M src/openvpn/otime.c
M src/openvpn/otime.h
M src/openvpn/packet_id.c
M src/openvpn/packet_id.h
M src/openvpn/pkcs11.c
M src/openvpn/pkcs11_openssl.c
M src/openvpn/proxy.c
M src/openvpn/ps.c
M src/openvpn/push.c
M src/openvpn/push_util.c
M src/openvpn/reliable.c
M src/openvpn/route.c
M src/openvpn/schedule.c
M src/openvpn/socket.c
M src/openvpn/socks.c
M src/openvpn/ssl.c
M src/openvpn/ssl_mbedtls.c
M src/openvpn/ssl_ncp.c
M src/openvpn/ssl_openssl.c
M src/openvpn/ssl_pkt.c
M src/openvpn/ssl_util.c
M src/openvpn/ssl_verify.c
M src/openvpn/ssl_verify_mbedtls.c
M src/openvpn/ssl_verify_openssl.c
M src/openvpn/status.c
M src/openvpn/tls_crypt.c
M src/openvpn/tun.c
M src/openvpn/vlan.c
M src/openvpn/win32.c
M src/openvpnserv/interactive.c
M tests/unit_tests/openvpn/test_crypto.c
M tests/unit_tests/openvpn/test_misc.c
70 files changed, 666 insertions(+), 4 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/68/1168/7
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 35513e9..8e93653 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -113,8 +113,7 @@
check_and_add_compiler_flag(-Wno-stringop-truncation NoStringOpTruncation)
check_and_add_compiler_flag(-Wstrict-prototypes StrictPrototypes)
check_and_add_compiler_flag(-Wold-style-definition OldStyleDefinition)
- # We are not ready for this
- #add_compile_options(-Wconversion -Wno-sign-conversion -Wsign-compare)
+ add_compile_options(-Wconversion -Wno-sign-conversion)
if (USE_WERROR)
add_compile_options(-Werror)
endif ()
diff --git a/configure.ac b/configure.ac
index 7059871..957205e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1396,6 +1396,7 @@
ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-stringop-truncation])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wstrict-prototypes])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wold-style-definition])
+ACL_CHECK_ADD_COMPILE_FLAGS([-Wconversion -Wno-sign-conversion])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wall])
if test "${enable_pedantic}" = "yes"; then
diff --git a/src/openvpn/base64.c b/src/openvpn/base64.c
index 54d5b79..2a5a46d 100644
--- a/src/openvpn/base64.c
+++ b/src/openvpn/base64.c
@@ -41,6 +41,11 @@
#include "memdbg.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static char base64_chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
/*
* base64 encode input data of length size to malloced
@@ -197,3 +202,7 @@
}
return q - (unsigned char *)data;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/buffer.h b/src/openvpn/buffer.h
index 1405667..11a91be 100644
--- a/src/openvpn/buffer.h
+++ b/src/openvpn/buffer.h
@@ -119,7 +119,6 @@
struct gc_entry_special *list_special;
};
-
#define BPTR(buf) (buf_bptr(buf))
#define BEND(buf) (buf_bend(buf))
#define BLAST(buf) (buf_blast(buf))
diff --git a/src/openvpn/comp-lz4.c b/src/openvpn/comp-lz4.c
index 6736469..a78c664 100644
--- a/src/openvpn/comp-lz4.c
+++ b/src/openvpn/comp-lz4.c
@@ -88,6 +88,11 @@
compv2_escape_data_ifneeded(buf);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
do_lz4_decompress(size_t zlen_max, struct buffer *work, struct buffer *buf,
struct compress_context *compctx)
@@ -113,6 +118,10 @@
*buf = *work;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
lz4_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx,
const struct frame *frame)
diff --git a/src/openvpn/console_builtin.c b/src/openvpn/console_builtin.c
index b0228dd..71c0025 100644
--- a/src/openvpn/console_builtin.c
+++ b/src/openvpn/console_builtin.c
@@ -45,6 +45,11 @@
#include "win32.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* Get input from a Windows console.
*
@@ -134,6 +139,10 @@
return false;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* _WIN32 */
@@ -264,6 +273,10 @@
return ret;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
/**
* @copydoc query_user_exec()
@@ -296,3 +309,7 @@
return ret;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index a63e543..804d2ad 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -186,6 +186,11 @@
return;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
openvpn_encrypt_v1(struct buffer *buf, struct buffer work, struct crypto_options *opt)
{
@@ -1532,6 +1537,10 @@
gc_free(&gc);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
write_key_file(const int nkeys, const char *filename)
{
diff --git a/src/openvpn/crypto_epoch.c b/src/openvpn/crypto_epoch.c
index b5cbc8d..7026ff8 100644
--- a/src/openvpn/crypto_epoch.c
+++ b/src/openvpn/crypto_epoch.c
@@ -72,6 +72,11 @@
hmac_ctx_free(hmac_ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
ovpn_expand_label(const uint8_t *secret, size_t secret_len, const uint8_t *label, size_t label_len,
const uint8_t *context, size_t context_len, uint8_t *out, uint16_t out_len)
@@ -163,6 +168,10 @@
key->epoch = epoch_key->epoch;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
epoch_init_send_key_ctx(struct crypto_options *co)
{
diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c
index 86317dd..40978d9 100644
--- a/src/openvpn/crypto_mbedtls.c
+++ b/src/openvpn/crypto_mbedtls.c
@@ -230,6 +230,11 @@
"available\n");
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
crypto_pem_encode(const char *name, struct buffer *dst, const struct buffer *src,
struct gc_arena *gc)
@@ -760,6 +765,9 @@
return 1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
/*
*
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index 4fb6393..f1bfd9f 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -895,6 +895,10 @@
return EVP_CIPHER_CTX_mode(ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
bool
cipher_ctx_mode_cbc(const cipher_ctx_t *ctx)
@@ -999,6 +1003,9 @@
return cipher_ctx_final(ctx, dst, dst_len);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
/*
*
@@ -1214,12 +1221,21 @@
HMAC_CTX_reset(ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
hmac_ctx_size(HMAC_CTX *ctx)
{
return HMAC_size(ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
hmac_ctx_reset(HMAC_CTX *ctx)
{
diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c
index d91d9a1..bba6ed2 100644
--- a/src/openvpn/cryptoapi.c
+++ b/src/openvpn/cryptoapi.c
@@ -62,7 +62,7 @@
return 0;
}
-#else /* HAVE_XKEY_PROVIDER */
+#else /* HAVE_XKEY_PROVIDER */
static XKEY_EXTERNAL_SIGN_fn xkey_cng_sign;
@@ -342,6 +342,11 @@
return rv;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/** Sign hash in tbs using EC key in cd and NCryptSignHash */
static int
xkey_cng_ec_sign(CAPI_DATA *cd, unsigned char *sig, size_t *siglen, const unsigned char *tbs,
@@ -438,6 +443,10 @@
return (*siglen > 0);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/** Dispatch sign op to xkey_cng_<rsa/ec>_sign */
static int
xkey_cng_sign(void *handle, unsigned char *sig, size_t *siglen, const unsigned char *tbs,
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 1abebbb..fc45e67 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -491,6 +491,11 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
dco_p2p_add_new_peer(struct context *c)
{
@@ -645,6 +650,10 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
dco_install_iroute(struct multi_context *m, struct multi_instance *mi, struct mroute_addr *addr)
{
diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c
index 931f9f6..0bdad14 100644
--- a/src/openvpn/dco_freebsd.c
+++ b/src/openvpn/dco_freebsd.c
@@ -72,6 +72,11 @@
return (nvl);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static bool
nvlist_to_sockaddr(const nvlist_t *nvl, struct sockaddr_storage *ss)
{
@@ -854,6 +859,10 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err)
{
diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c
index 40674e7..3b08f33 100644
--- a/src/openvpn/dco_linux.c
+++ b/src/openvpn/dco_linux.c
@@ -62,6 +62,11 @@
typedef int (*ovpn_nl_cb)(struct nl_msg *msg, void *arg);
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* @brief resolves the netlink ID for ovpn-dco
*
@@ -1298,4 +1303,8 @@
return "AES-128-GCM:AES-256-GCM:AES-192-GCM:CHACHA20-POLY1305";
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* defined(ENABLE_DCO) && defined(TARGET_LINUX) */
diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c
index 01ba017..1dc5cf8 100644
--- a/src/openvpn/dco_win.c
+++ b/src/openvpn/dco_win.c
@@ -525,6 +525,11 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
dco_new_key(dco_context_t *dco, unsigned int peerid, int keyid, dco_key_slot_t slot,
const uint8_t *encrypt_key, const uint8_t *encrypt_iv, const uint8_t *decrypt_key,
@@ -564,6 +569,11 @@
}
return 0;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
dco_del_key(dco_context_t *dco, unsigned int peerid, dco_key_slot_t slot)
{
diff --git a/src/openvpn/dhcp.c b/src/openvpn/dhcp.c
index 7abade5..38e8d40 100644
--- a/src/openvpn/dhcp.c
+++ b/src/openvpn/dhcp.c
@@ -72,6 +72,11 @@
return -1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static in_addr_t
do_extract(struct dhcp *dhcp, int optlen)
{
@@ -185,3 +190,7 @@
}
return 0;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/event.c b/src/openvpn/event.c
index 581bdbb..2f60b78 100644
--- a/src/openvpn/event.c
+++ b/src/openvpn/event.c
@@ -65,6 +65,11 @@
#define SELECT_MAX_FDS 256
#endif
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline int
tv_to_ms_timeout(const struct timeval *tv)
{
@@ -78,6 +83,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#ifdef _WIN32
struct we_set
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 03b6a0c..5dc244a 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -367,6 +367,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
send_control_channel_string_dowork(struct tls_session *session, const char *str, int msglevel)
{
@@ -1965,6 +1970,10 @@
perf_pop();
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
pre_select(struct context *c)
{
diff --git a/src/openvpn/gremlin.c b/src/openvpn/gremlin.c
index e6ebbef..0e5e93f 100644
--- a/src/openvpn/gremlin.c
+++ b/src/openvpn/gremlin.c
@@ -98,6 +98,11 @@
return (get_random() % n) == 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Return uniformly distributed random number between
* low and high.
@@ -229,4 +234,9 @@
}
}
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* ifdef ENABLE_DEBUG */
diff --git a/src/openvpn/httpdigest.c b/src/openvpn/httpdigest.c
index be20638..f665b17 100644
--- a/src/openvpn/httpdigest.c
+++ b/src/openvpn/httpdigest.c
@@ -61,6 +61,11 @@
Hex[HASHHEXLEN] = '\0';
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/* calculate H(A1) as per spec */
void
DigestCalcHA1(IN char *pszAlg, IN char *pszUserName, IN char *pszRealm, IN char *pszPassword,
@@ -145,4 +150,8 @@
CvtHex(RespHash, Response);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* if PROXY_DIGEST_AUTH */
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 39ea8e4..fcb3365 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -455,6 +455,11 @@
}
#endif /* ENABLE_MANAGEMENT */
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Initialize and possibly randomize the connection list.
*
@@ -3490,6 +3495,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* No encryption or authentication.
*/
diff --git a/src/openvpn/interval.c b/src/openvpn/interval.c
index 2b35314..fbefcd9 100644
--- a/src/openvpn/interval.c
+++ b/src/openvpn/interval.c
@@ -38,6 +38,11 @@
top->horizon = horizon;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
event_timeout_trigger(struct event_timeout *et, struct timeval *tv, const int et_const_retry)
{
@@ -77,3 +82,7 @@
}
return ret;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/lzo.c b/src/openvpn/lzo.c
index 3a73d5f..8daaec0 100644
--- a/src/openvpn/lzo.c
+++ b/src/openvpn/lzo.c
@@ -72,6 +72,11 @@
*header = NO_COMPRESS_BYTE;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
lzo_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx,
const struct frame *frame)
@@ -121,6 +126,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
const struct compress_alg lzo_alg = { "lzo", lzo_compress_init, lzo_compress_uninit, lzo_compress,
lzo_decompress };
#endif /* ENABLE_LZO */
diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index 5b2a7de..207247e 100644
--- a/src/openvpn/manage.c
+++ b/src/openvpn/manage.c
@@ -203,6 +203,11 @@
return man->settings.up.defined && !man->connection.password_verified;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
man_check_password(struct management *man, const char *line)
{
@@ -4172,6 +4177,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#else /* ifdef ENABLE_MANAGEMENT */
#include "win32.h"
diff --git a/src/openvpn/mbuf.c b/src/openvpn/mbuf.c
index 0750fec..448124c 100644
--- a/src/openvpn/mbuf.c
+++ b/src/openvpn/mbuf.c
@@ -34,6 +34,11 @@
#include "memdbg.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
struct mbuf_set *
mbuf_init(unsigned int size)
{
@@ -44,6 +49,10 @@
return ret;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
mbuf_free(struct mbuf_set *ms)
{
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index 59bf52b..e24d441 100644
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -72,6 +72,11 @@
#endif
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
#ifdef ENABLE_MANAGEMENT
/* Get username/password from the management interface */
static bool
@@ -461,6 +466,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
purge_user_pass(struct user_pass *up, const bool force)
{
diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c
index ab01874..88ea647 100644
--- a/src/openvpn/mroute.c
+++ b/src/openvpn/mroute.c
@@ -103,6 +103,11 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline void
mroute_get_in_addr_t(struct mroute_addr *ma, const in_addr_t src, unsigned int mask)
{
@@ -547,6 +552,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
mroute_helper_free(struct mroute_helper *mh)
{
diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c
index 32cd3f8..e7111a8 100644
--- a/src/openvpn/mss.c
+++ b/src/openvpn/mss.c
@@ -130,6 +130,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* change TCP MSS option in SYN/SYN-ACK packets, if present
* this is generic for IPv4 and IPv6, as the TCP header is the same
@@ -199,6 +204,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static inline size_t
adjust_payload_max_cbc(const struct key_type *kt, size_t target)
{
diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c
index 81310a2..83edec6 100644
--- a/src/openvpn/mtcp.c
+++ b/src/openvpn/mtcp.c
@@ -45,6 +45,11 @@
unsigned int sock;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
struct multi_instance *
multi_create_instance_tcp(struct multi_context *m, struct link_socket *sock)
{
@@ -120,6 +125,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
multi_tcp_instance_specific_free(struct multi_instance *mi)
{
diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c
index a419e32..1e021e3 100644
--- a/src/openvpn/mtu.c
+++ b/src/openvpn/mtu.c
@@ -280,6 +280,11 @@
struct timeval tv;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
const char *
format_extended_socket_error(int fd, int *mtu, struct gc_arena *gc)
{
@@ -389,6 +394,10 @@
return BSTR(&out);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
set_sock_extended_error_passing(int sd, sa_family_t proto_af)
{
diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c
index 31134be..a373a6a 100644
--- a/src/openvpn/mudp.c
+++ b/src/openvpn/mudp.c
@@ -180,6 +180,11 @@
return false;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Get a client instance based on real address. If
* the instance doesn't exist, create it while
@@ -310,6 +315,10 @@
return mi;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* Send a packet to UDP socket.
*/
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index f1abdbe..e74affa 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -262,6 +262,11 @@
#endif
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
#ifdef ENABLE_ASYNC_PUSH
static uint32_t
/*
@@ -3986,6 +3991,10 @@
return count;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
management_delete_event(void *arg, event_t event)
{
diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c
index 4210e92..168401f 100644
--- a/src/openvpn/networking_sitnl.c
+++ b/src/openvpn/networking_sitnl.c
@@ -130,6 +130,11 @@
inet_address_t gw;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* Helper function used to easily add attributes to a rtnl message
*/
@@ -1461,6 +1466,10 @@
return sitnl_send(&req.n, 0, 0, NULL, NULL);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* !ENABLE_SITNL */
#endif /* TARGET_LINUX */
diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c
index c2a93e8..521677b 100644
--- a/src/openvpn/ntlm.c
+++ b/src/openvpn/ntlm.c
@@ -74,6 +74,11 @@
hmac_ctx_free(hmac_ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
gen_timestamp(uint8_t *timestamp)
{
@@ -383,4 +388,8 @@
return ((const char *)make_base64_string2((unsigned char *)phase3, phase3_bufpos, gc));
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
#endif /* if NTLM */
diff --git a/src/openvpn/occ.c b/src/openvpn/occ.c
index 8821a06..78013ae 100644
--- a/src/openvpn/occ.c
+++ b/src/openvpn/occ.c
@@ -174,6 +174,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
void
check_send_occ_load_test_dowork(struct context *c)
{
@@ -347,6 +352,10 @@
c->c2.occ_op = -1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
process_received_occ_msg(struct context *c)
{
diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h
index 143a3cf..6607f2d 100644
--- a/src/openvpn/openssl_compat.h
+++ b/src/openvpn/openssl_compat.h
@@ -194,12 +194,21 @@
LIBRESSL_VERSION_NUMBER > 0x3050400fL) */
#if OPENSSL_VERSION_NUMBER < 0x30200000L && OPENSSL_VERSION_NUMBER >= 0x30000000L
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline const char *
SSL_get0_group_name(SSL *s)
{
int nid = SSL_get_negotiated_group(s);
return SSL_group_to_name(s, nid);
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
#endif
#endif /* OPENSSL_COMPAT_H_ */
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index a268b92..1ed5966 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -1158,6 +1158,11 @@
return get_ipv6_addr(ipv6_prefix_spec, &t_addr, &t_bits, M_WARN);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static char *
string_substitute(const char *src, int from, int to, struct gc_arena *gc)
{
@@ -9908,6 +9913,10 @@
gc_free(&gc);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
bool
has_udp_in_local_list(const struct options *options)
{
diff --git a/src/openvpn/options_util.c b/src/openvpn/options_util.c
index be1eefc..15a1c0c 100644
--- a/src/openvpn/options_util.c
+++ b/src/openvpn/options_util.c
@@ -146,6 +146,11 @@
return (int)i;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
atoi_constrained(const char *str, int *value, const char *name, int min, int max, int msglevel)
{
@@ -177,6 +182,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static const char *updatable_options[] = { "block-ipv6", "block-outside-dns",
"dhcp-option", "dns",
"ifconfig", "ifconfig-ipv6",
diff --git a/src/openvpn/otime.c b/src/openvpn/otime.c
index 717f749..d9bf157 100644
--- a/src/openvpn/otime.c
+++ b/src/openvpn/otime.c
@@ -100,6 +100,11 @@
/* format a time_t as ascii, or use current time if 0 */
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
const char *
time_string(time_t t, long usec, bool show_usec, struct gc_arena *gc)
{
@@ -130,6 +135,10 @@
return BSTR(&out);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* Limit the frequency of an event stream.
*
diff --git a/src/openvpn/otime.h b/src/openvpn/otime.h
index 5c700bb..108d0f2 100644
--- a/src/openvpn/otime.h
+++ b/src/openvpn/otime.h
@@ -59,6 +59,11 @@
extern time_t now_usec;
void update_now_usec(struct timeval *tv);
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline int
openvpn_gettimeofday(struct timeval *tv, void *tz)
{
@@ -236,6 +241,10 @@
dest->tv_usec = usec;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#define TV_WITHIN_SIGMA_MAX_SEC 600
#define TV_WITHIN_SIGMA_MAX_USEC (TV_WITHIN_SIGMA_MAX_SEC * 1000000)
diff --git a/src/openvpn/packet_id.c b/src/openvpn/packet_id.c
index 09696db..0b33c9c 100644
--- a/src/openvpn/packet_id.c
+++ b/src/openvpn/packet_id.c
@@ -71,6 +71,11 @@
#endif
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
packet_id_init_recv(struct packet_id_rec *rec, int seq_backtrack, int time_backtrack,
const char *name, int unit)
@@ -662,6 +667,10 @@
return epoch;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
bool
packet_id_write_epoch(struct packet_id_send *p, uint16_t epoch, struct buffer *buf)
{
diff --git a/src/openvpn/packet_id.h b/src/openvpn/packet_id.h
index a7eb256..e9d3647 100644
--- a/src/openvpn/packet_id.h
+++ b/src/openvpn/packet_id.h
@@ -280,6 +280,11 @@
return p->fd >= 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/* transfer packet_id -> packet_id_persist */
static inline void
packet_id_persist_save_obj(struct packet_id_persist *p, const struct packet_id *pid)
@@ -291,6 +296,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/**
* Reset the current send packet id to its initial state.
* Use very carefully (e.g. in the standalone reset packet context) to
diff --git a/src/openvpn/pkcs11.c b/src/openvpn/pkcs11.c
index dfc87f6..d9c16d9 100644
--- a/src/openvpn/pkcs11.c
+++ b/src/openvpn/pkcs11.c
@@ -53,6 +53,11 @@
}
#endif
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
__mysleep(const unsigned long usec)
{
@@ -558,6 +563,10 @@
return success;
}
+#if defined(__GNUC__) || d...
[truncated message content] |
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-09-04 13:16:18
|
Attention is currently required from: plaisthos.
Hello plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1168?usp=email
to look at the new patch set (#8).
Change subject: Enable -Wconversion -Wno-sign-conversion by default
......................................................................
Enable -Wconversion -Wno-sign-conversion by default
Grand-father all known locations of existing errors,
so that -Werror builds still pass and we do not spam
build logs.
Still, this should give us a much better roadmap to
work on these issues one by one while still enabling
the warnings for a lot of code-paths.
In general I did go for least amount of pragmas, so
usually there is only one override per file, covering
ALL of the failures in that file. While this protects
a lot of code that doesn't need it, it also cut down
the amount of pragmas by a lot.
This does cover gcc builds including mingw and clang
builds. Does not cover MSVC.
Once the amount of issues has been suitable reduced
more warnings could be enabled.
Change-Id: Iad5b00c35a1f1993b1fa99e8b945ab17b230ef59
Signed-off-by: Frank Lichtenheld <fr...@li...>
---
M CMakeLists.txt
M configure.ac
M src/openvpn/base64.c
M src/openvpn/buffer.h
M src/openvpn/comp-lz4.c
M src/openvpn/console_builtin.c
M src/openvpn/crypto.c
M src/openvpn/crypto_epoch.c
M src/openvpn/crypto_mbedtls.c
M src/openvpn/crypto_openssl.c
M src/openvpn/cryptoapi.c
M src/openvpn/dco.c
M src/openvpn/dco_freebsd.c
M src/openvpn/dco_linux.c
M src/openvpn/dco_win.c
M src/openvpn/dhcp.c
M src/openvpn/event.c
M src/openvpn/forward.c
M src/openvpn/gremlin.c
M src/openvpn/httpdigest.c
M src/openvpn/init.c
M src/openvpn/interval.c
M src/openvpn/lzo.c
M src/openvpn/manage.c
M src/openvpn/mbuf.c
M src/openvpn/misc.c
M src/openvpn/mroute.c
M src/openvpn/mss.c
M src/openvpn/mtcp.c
M src/openvpn/mtu.c
M src/openvpn/mudp.c
M src/openvpn/multi.c
M src/openvpn/networking_sitnl.c
M src/openvpn/ntlm.c
M src/openvpn/occ.c
M src/openvpn/openssl_compat.h
M src/openvpn/options.c
M src/openvpn/options_util.c
M src/openvpn/otime.c
M src/openvpn/otime.h
M src/openvpn/packet_id.c
M src/openvpn/packet_id.h
M src/openvpn/pkcs11.c
M src/openvpn/pkcs11_openssl.c
M src/openvpn/proxy.c
M src/openvpn/ps.c
M src/openvpn/push.c
M src/openvpn/push_util.c
M src/openvpn/reliable.c
M src/openvpn/route.c
M src/openvpn/schedule.c
M src/openvpn/socket.c
M src/openvpn/socks.c
M src/openvpn/ssl.c
M src/openvpn/ssl_mbedtls.c
M src/openvpn/ssl_ncp.c
M src/openvpn/ssl_openssl.c
M src/openvpn/ssl_pkt.c
M src/openvpn/ssl_util.c
M src/openvpn/ssl_verify.c
M src/openvpn/ssl_verify_mbedtls.c
M src/openvpn/ssl_verify_openssl.c
M src/openvpn/status.c
M src/openvpn/tls_crypt.c
M src/openvpn/tun.c
M src/openvpn/vlan.c
M src/openvpn/win32.c
M src/openvpnserv/interactive.c
M tests/unit_tests/openvpn/test_crypto.c
M tests/unit_tests/openvpn/test_misc.c
M tests/unit_tests/openvpn/test_ssl.c
71 files changed, 675 insertions(+), 4 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/68/1168/8
diff --git a/CMakeLists.txt b/CMakeLists.txt
index f027b01..51f4221 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -113,8 +113,7 @@
check_and_add_compiler_flag(-Wno-stringop-truncation NoStringOpTruncation)
check_and_add_compiler_flag(-Wstrict-prototypes StrictPrototypes)
check_and_add_compiler_flag(-Wold-style-definition OldStyleDefinition)
- # We are not ready for this
- #add_compile_options(-Wconversion -Wno-sign-conversion -Wsign-compare)
+ add_compile_options(-Wconversion -Wno-sign-conversion)
if (USE_WERROR)
add_compile_options(-Werror)
endif ()
diff --git a/configure.ac b/configure.ac
index 7059871..957205e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1396,6 +1396,7 @@
ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-stringop-truncation])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wstrict-prototypes])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wold-style-definition])
+ACL_CHECK_ADD_COMPILE_FLAGS([-Wconversion -Wno-sign-conversion])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wall])
if test "${enable_pedantic}" = "yes"; then
diff --git a/src/openvpn/base64.c b/src/openvpn/base64.c
index 54d5b79..2a5a46d 100644
--- a/src/openvpn/base64.c
+++ b/src/openvpn/base64.c
@@ -41,6 +41,11 @@
#include "memdbg.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static char base64_chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
/*
* base64 encode input data of length size to malloced
@@ -197,3 +202,7 @@
}
return q - (unsigned char *)data;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/buffer.h b/src/openvpn/buffer.h
index 1405667..11a91be 100644
--- a/src/openvpn/buffer.h
+++ b/src/openvpn/buffer.h
@@ -119,7 +119,6 @@
struct gc_entry_special *list_special;
};
-
#define BPTR(buf) (buf_bptr(buf))
#define BEND(buf) (buf_bend(buf))
#define BLAST(buf) (buf_blast(buf))
diff --git a/src/openvpn/comp-lz4.c b/src/openvpn/comp-lz4.c
index 6736469..a78c664 100644
--- a/src/openvpn/comp-lz4.c
+++ b/src/openvpn/comp-lz4.c
@@ -88,6 +88,11 @@
compv2_escape_data_ifneeded(buf);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
do_lz4_decompress(size_t zlen_max, struct buffer *work, struct buffer *buf,
struct compress_context *compctx)
@@ -113,6 +118,10 @@
*buf = *work;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
lz4_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx,
const struct frame *frame)
diff --git a/src/openvpn/console_builtin.c b/src/openvpn/console_builtin.c
index b0228dd..71c0025 100644
--- a/src/openvpn/console_builtin.c
+++ b/src/openvpn/console_builtin.c
@@ -45,6 +45,11 @@
#include "win32.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* Get input from a Windows console.
*
@@ -134,6 +139,10 @@
return false;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* _WIN32 */
@@ -264,6 +273,10 @@
return ret;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
/**
* @copydoc query_user_exec()
@@ -296,3 +309,7 @@
return ret;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index a63e543..804d2ad 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -186,6 +186,11 @@
return;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
openvpn_encrypt_v1(struct buffer *buf, struct buffer work, struct crypto_options *opt)
{
@@ -1532,6 +1537,10 @@
gc_free(&gc);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
write_key_file(const int nkeys, const char *filename)
{
diff --git a/src/openvpn/crypto_epoch.c b/src/openvpn/crypto_epoch.c
index b5cbc8d..7026ff8 100644
--- a/src/openvpn/crypto_epoch.c
+++ b/src/openvpn/crypto_epoch.c
@@ -72,6 +72,11 @@
hmac_ctx_free(hmac_ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
ovpn_expand_label(const uint8_t *secret, size_t secret_len, const uint8_t *label, size_t label_len,
const uint8_t *context, size_t context_len, uint8_t *out, uint16_t out_len)
@@ -163,6 +168,10 @@
key->epoch = epoch_key->epoch;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
epoch_init_send_key_ctx(struct crypto_options *co)
{
diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c
index 86317dd..40978d9 100644
--- a/src/openvpn/crypto_mbedtls.c
+++ b/src/openvpn/crypto_mbedtls.c
@@ -230,6 +230,11 @@
"available\n");
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
crypto_pem_encode(const char *name, struct buffer *dst, const struct buffer *src,
struct gc_arena *gc)
@@ -760,6 +765,9 @@
return 1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
/*
*
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index 4fb6393..f1bfd9f 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -895,6 +895,10 @@
return EVP_CIPHER_CTX_mode(ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
bool
cipher_ctx_mode_cbc(const cipher_ctx_t *ctx)
@@ -999,6 +1003,9 @@
return cipher_ctx_final(ctx, dst, dst_len);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
/*
*
@@ -1214,12 +1221,21 @@
HMAC_CTX_reset(ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
hmac_ctx_size(HMAC_CTX *ctx)
{
return HMAC_size(ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
hmac_ctx_reset(HMAC_CTX *ctx)
{
diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c
index d91d9a1..bba6ed2 100644
--- a/src/openvpn/cryptoapi.c
+++ b/src/openvpn/cryptoapi.c
@@ -62,7 +62,7 @@
return 0;
}
-#else /* HAVE_XKEY_PROVIDER */
+#else /* HAVE_XKEY_PROVIDER */
static XKEY_EXTERNAL_SIGN_fn xkey_cng_sign;
@@ -342,6 +342,11 @@
return rv;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/** Sign hash in tbs using EC key in cd and NCryptSignHash */
static int
xkey_cng_ec_sign(CAPI_DATA *cd, unsigned char *sig, size_t *siglen, const unsigned char *tbs,
@@ -438,6 +443,10 @@
return (*siglen > 0);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/** Dispatch sign op to xkey_cng_<rsa/ec>_sign */
static int
xkey_cng_sign(void *handle, unsigned char *sig, size_t *siglen, const unsigned char *tbs,
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 1abebbb..fc45e67 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -491,6 +491,11 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
dco_p2p_add_new_peer(struct context *c)
{
@@ -645,6 +650,10 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
dco_install_iroute(struct multi_context *m, struct multi_instance *mi, struct mroute_addr *addr)
{
diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c
index 931f9f6..0bdad14 100644
--- a/src/openvpn/dco_freebsd.c
+++ b/src/openvpn/dco_freebsd.c
@@ -72,6 +72,11 @@
return (nvl);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static bool
nvlist_to_sockaddr(const nvlist_t *nvl, struct sockaddr_storage *ss)
{
@@ -854,6 +859,10 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err)
{
diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c
index 40674e7..3b08f33 100644
--- a/src/openvpn/dco_linux.c
+++ b/src/openvpn/dco_linux.c
@@ -62,6 +62,11 @@
typedef int (*ovpn_nl_cb)(struct nl_msg *msg, void *arg);
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* @brief resolves the netlink ID for ovpn-dco
*
@@ -1298,4 +1303,8 @@
return "AES-128-GCM:AES-256-GCM:AES-192-GCM:CHACHA20-POLY1305";
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* defined(ENABLE_DCO) && defined(TARGET_LINUX) */
diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c
index 01ba017..1dc5cf8 100644
--- a/src/openvpn/dco_win.c
+++ b/src/openvpn/dco_win.c
@@ -525,6 +525,11 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
dco_new_key(dco_context_t *dco, unsigned int peerid, int keyid, dco_key_slot_t slot,
const uint8_t *encrypt_key, const uint8_t *encrypt_iv, const uint8_t *decrypt_key,
@@ -564,6 +569,11 @@
}
return 0;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
dco_del_key(dco_context_t *dco, unsigned int peerid, dco_key_slot_t slot)
{
diff --git a/src/openvpn/dhcp.c b/src/openvpn/dhcp.c
index 7abade5..38e8d40 100644
--- a/src/openvpn/dhcp.c
+++ b/src/openvpn/dhcp.c
@@ -72,6 +72,11 @@
return -1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static in_addr_t
do_extract(struct dhcp *dhcp, int optlen)
{
@@ -185,3 +190,7 @@
}
return 0;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/event.c b/src/openvpn/event.c
index 581bdbb..2f60b78 100644
--- a/src/openvpn/event.c
+++ b/src/openvpn/event.c
@@ -65,6 +65,11 @@
#define SELECT_MAX_FDS 256
#endif
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline int
tv_to_ms_timeout(const struct timeval *tv)
{
@@ -78,6 +83,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#ifdef _WIN32
struct we_set
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 03b6a0c..5dc244a 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -367,6 +367,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
send_control_channel_string_dowork(struct tls_session *session, const char *str, int msglevel)
{
@@ -1965,6 +1970,10 @@
perf_pop();
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
pre_select(struct context *c)
{
diff --git a/src/openvpn/gremlin.c b/src/openvpn/gremlin.c
index e6ebbef..0e5e93f 100644
--- a/src/openvpn/gremlin.c
+++ b/src/openvpn/gremlin.c
@@ -98,6 +98,11 @@
return (get_random() % n) == 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Return uniformly distributed random number between
* low and high.
@@ -229,4 +234,9 @@
}
}
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* ifdef ENABLE_DEBUG */
diff --git a/src/openvpn/httpdigest.c b/src/openvpn/httpdigest.c
index be20638..f665b17 100644
--- a/src/openvpn/httpdigest.c
+++ b/src/openvpn/httpdigest.c
@@ -61,6 +61,11 @@
Hex[HASHHEXLEN] = '\0';
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/* calculate H(A1) as per spec */
void
DigestCalcHA1(IN char *pszAlg, IN char *pszUserName, IN char *pszRealm, IN char *pszPassword,
@@ -145,4 +150,8 @@
CvtHex(RespHash, Response);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* if PROXY_DIGEST_AUTH */
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 39ea8e4..fcb3365 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -455,6 +455,11 @@
}
#endif /* ENABLE_MANAGEMENT */
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Initialize and possibly randomize the connection list.
*
@@ -3490,6 +3495,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* No encryption or authentication.
*/
diff --git a/src/openvpn/interval.c b/src/openvpn/interval.c
index 2b35314..fbefcd9 100644
--- a/src/openvpn/interval.c
+++ b/src/openvpn/interval.c
@@ -38,6 +38,11 @@
top->horizon = horizon;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
event_timeout_trigger(struct event_timeout *et, struct timeval *tv, const int et_const_retry)
{
@@ -77,3 +82,7 @@
}
return ret;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/lzo.c b/src/openvpn/lzo.c
index 3a73d5f..8daaec0 100644
--- a/src/openvpn/lzo.c
+++ b/src/openvpn/lzo.c
@@ -72,6 +72,11 @@
*header = NO_COMPRESS_BYTE;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
lzo_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx,
const struct frame *frame)
@@ -121,6 +126,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
const struct compress_alg lzo_alg = { "lzo", lzo_compress_init, lzo_compress_uninit, lzo_compress,
lzo_decompress };
#endif /* ENABLE_LZO */
diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index 114e4c6..134e7da 100644
--- a/src/openvpn/manage.c
+++ b/src/openvpn/manage.c
@@ -206,6 +206,11 @@
return man->settings.up.defined && !man->connection.password_verified;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
man_check_password(struct management *man, const char *line)
{
@@ -4231,6 +4236,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#else /* ifdef ENABLE_MANAGEMENT */
#include "win32.h"
diff --git a/src/openvpn/mbuf.c b/src/openvpn/mbuf.c
index 0750fec..448124c 100644
--- a/src/openvpn/mbuf.c
+++ b/src/openvpn/mbuf.c
@@ -34,6 +34,11 @@
#include "memdbg.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
struct mbuf_set *
mbuf_init(unsigned int size)
{
@@ -44,6 +49,10 @@
return ret;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
mbuf_free(struct mbuf_set *ms)
{
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index 59bf52b..e24d441 100644
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -72,6 +72,11 @@
#endif
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
#ifdef ENABLE_MANAGEMENT
/* Get username/password from the management interface */
static bool
@@ -461,6 +466,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
purge_user_pass(struct user_pass *up, const bool force)
{
diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c
index ab01874..88ea647 100644
--- a/src/openvpn/mroute.c
+++ b/src/openvpn/mroute.c
@@ -103,6 +103,11 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline void
mroute_get_in_addr_t(struct mroute_addr *ma, const in_addr_t src, unsigned int mask)
{
@@ -547,6 +552,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
mroute_helper_free(struct mroute_helper *mh)
{
diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c
index 32cd3f8..e7111a8 100644
--- a/src/openvpn/mss.c
+++ b/src/openvpn/mss.c
@@ -130,6 +130,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* change TCP MSS option in SYN/SYN-ACK packets, if present
* this is generic for IPv4 and IPv6, as the TCP header is the same
@@ -199,6 +204,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static inline size_t
adjust_payload_max_cbc(const struct key_type *kt, size_t target)
{
diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c
index 81310a2..83edec6 100644
--- a/src/openvpn/mtcp.c
+++ b/src/openvpn/mtcp.c
@@ -45,6 +45,11 @@
unsigned int sock;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
struct multi_instance *
multi_create_instance_tcp(struct multi_context *m, struct link_socket *sock)
{
@@ -120,6 +125,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
multi_tcp_instance_specific_free(struct multi_instance *mi)
{
diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c
index a419e32..1e021e3 100644
--- a/src/openvpn/mtu.c
+++ b/src/openvpn/mtu.c
@@ -280,6 +280,11 @@
struct timeval tv;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
const char *
format_extended_socket_error(int fd, int *mtu, struct gc_arena *gc)
{
@@ -389,6 +394,10 @@
return BSTR(&out);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
set_sock_extended_error_passing(int sd, sa_family_t proto_af)
{
diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c
index 31134be..a373a6a 100644
--- a/src/openvpn/mudp.c
+++ b/src/openvpn/mudp.c
@@ -180,6 +180,11 @@
return false;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Get a client instance based on real address. If
* the instance doesn't exist, create it while
@@ -310,6 +315,10 @@
return mi;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* Send a packet to UDP socket.
*/
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index 85975ff..e3bc445 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -262,6 +262,11 @@
#endif
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
#ifdef ENABLE_ASYNC_PUSH
static uint32_t
/*
@@ -3986,6 +3991,10 @@
return count;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
management_delete_event(void *arg, event_t event)
{
diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c
index 4210e92..168401f 100644
--- a/src/openvpn/networking_sitnl.c
+++ b/src/openvpn/networking_sitnl.c
@@ -130,6 +130,11 @@
inet_address_t gw;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* Helper function used to easily add attributes to a rtnl message
*/
@@ -1461,6 +1466,10 @@
return sitnl_send(&req.n, 0, 0, NULL, NULL);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* !ENABLE_SITNL */
#endif /* TARGET_LINUX */
diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c
index c2a93e8..521677b 100644
--- a/src/openvpn/ntlm.c
+++ b/src/openvpn/ntlm.c
@@ -74,6 +74,11 @@
hmac_ctx_free(hmac_ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
gen_timestamp(uint8_t *timestamp)
{
@@ -383,4 +388,8 @@
return ((const char *)make_base64_string2((unsigned char *)phase3, phase3_bufpos, gc));
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
#endif /* if NTLM */
diff --git a/src/openvpn/occ.c b/src/openvpn/occ.c
index 8821a06..78013ae 100644
--- a/src/openvpn/occ.c
+++ b/src/openvpn/occ.c
@@ -174,6 +174,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
void
check_send_occ_load_test_dowork(struct context *c)
{
@@ -347,6 +352,10 @@
c->c2.occ_op = -1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
process_received_occ_msg(struct context *c)
{
diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h
index 143a3cf..6607f2d 100644
--- a/src/openvpn/openssl_compat.h
+++ b/src/openvpn/openssl_compat.h
@@ -194,12 +194,21 @@
LIBRESSL_VERSION_NUMBER > 0x3050400fL) */
#if OPENSSL_VERSION_NUMBER < 0x30200000L && OPENSSL_VERSION_NUMBER >= 0x30000000L
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline const char *
SSL_get0_group_name(SSL *s)
{
int nid = SSL_get_negotiated_group(s);
return SSL_group_to_name(s, nid);
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
#endif
#endif /* OPENSSL_COMPAT_H_ */
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 0616a17..e87f596 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -1158,6 +1158,11 @@
return get_ipv6_addr(ipv6_prefix_spec, &t_addr, &t_bits, M_WARN);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static char *
string_substitute(const char *src, int from, int to, struct gc_arena *gc)
{
@@ -9907,6 +9912,10 @@
gc_free(&gc);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
bool
has_udp_in_local_list(const struct options *options)
{
diff --git a/src/openvpn/options_util.c b/src/openvpn/options_util.c
index 28f1f9e..0f81435 100644
--- a/src/openvpn/options_util.c
+++ b/src/openvpn/options_util.c
@@ -146,6 +146,11 @@
return (int)i;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
atoi_constrained(const char *str, int *value, const char *name, int min, int max, int msglevel)
{
@@ -177,6 +182,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static const char *updatable_options[] = { "block-ipv6", "block-outside-dns",
"dhcp-option", "dns",
"ifconfig", "ifconfig-ipv6",
diff --git a/src/openvpn/otime.c b/src/openvpn/otime.c
index 717f749..d9bf157 100644
--- a/src/openvpn/otime.c
+++ b/src/openvpn/otime.c
@@ -100,6 +100,11 @@
/* format a time_t as ascii, or use current time if 0 */
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
const char *
time_string(time_t t, long usec, bool show_usec, struct gc_arena *gc)
{
@@ -130,6 +135,10 @@
return BSTR(&out);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* Limit the frequency of an event stream.
*
diff --git a/src/openvpn/otime.h b/src/openvpn/otime.h
index 5c700bb..108d0f2 100644
--- a/src/openvpn/otime.h
+++ b/src/openvpn/otime.h
@@ -59,6 +59,11 @@
extern time_t now_usec;
void update_now_usec(struct timeval *tv);
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline int
openvpn_gettimeofday(struct timeval *tv, void *tz)
{
@@ -236,6 +241,10 @@
dest->tv_usec = usec;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#define TV_WITHIN_SIGMA_MAX_SEC 600
#define TV_WITHIN_SIGMA_MAX_USEC (TV_WITHIN_SIGMA_MAX_SEC * 1000000)
diff --git a/src/openvpn/packet_id.c b/src/openvpn/packet_id.c
index 09696db..0b33c9c 100644
--- a/src/openvpn/packet_id.c
+++ b/src/openvpn/packet_id.c
@@ -71,6 +71,11 @@
#endif
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
packet_id_init_recv(struct packet_id_rec *rec, int seq_backtrack, int time_backtrack,
const char *name, int unit)
@@ -662,6 +667,10 @@
return epoch;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
bool
packet_id_write_epoch(struct packet_id_send *p, uint16_t epoch, struct buffer *buf)
{
diff --git a/src/openvpn/packet_id.h b/src/openvpn/packet_id.h
index a7eb256..e9d3647 100644
--- a/src/openvpn/packet_id.h
+++ b/src/openvpn/packet_id.h
@@ -280,6 +280,11 @@
return p->fd >= 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/* transfer packet_id -> packet_id_persist */
static inline void
packet_id_persist_save_obj(struct packet_id_persist *p, const struct packet_id *pid)
@@ -291,6 +296,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/**
* Reset the current send packet id to its initial state.
* Use very carefully (e.g. in the standalone reset packet context) to
diff --git a/src/openvpn/pkcs11.c b/src/openvpn/pkcs11.c
index dfc87f6..d9c16d9 100644
--- a/src/openvpn/pkcs11.c
+++ b/src/openvpn/pkcs11.c
@@ -53,6 +53,11 @@
}
#endif
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
__mysleep(const unsigned long usec)
{
@@ -558,6 +563,10 @@
return suc...
[truncated message content] |
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-09-11 14:36:07
|
Attention is currently required from: plaisthos.
Hello plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1168?usp=email
to look at the new patch set (#9).
Change subject: Enable -Wconversion -Wno-sign-conversion by default
......................................................................
Enable -Wconversion -Wno-sign-conversion by default
Grand-father all known locations of existing errors,
so that -Werror builds still pass and we do not spam
build logs.
Still, this should give us a much better roadmap to
work on these issues one by one while still enabling
the warnings for a lot of code-paths.
In general I did go for least amount of pragmas, so
usually there is only one override per file, covering
ALL of the failures in that file. While this protects
a lot of code that doesn't need it, it also cut down
the amount of pragmas by a lot.
This does cover gcc builds including mingw and clang
builds. Does not cover MSVC.
Once the amount of issues has been suitable reduced
more warnings could be enabled.
Change-Id: Iad5b00c35a1f1993b1fa99e8b945ab17b230ef59
Signed-off-by: Frank Lichtenheld <fr...@li...>
---
M CMakeLists.txt
M configure.ac
M src/openvpn/base64.c
M src/openvpn/comp-lz4.c
M src/openvpn/console_builtin.c
M src/openvpn/crypto.c
M src/openvpn/crypto_epoch.c
M src/openvpn/crypto_mbedtls.c
M src/openvpn/crypto_openssl.c
M src/openvpn/cryptoapi.c
M src/openvpn/dco.c
M src/openvpn/dco_freebsd.c
M src/openvpn/dco_linux.c
M src/openvpn/dco_win.c
M src/openvpn/dhcp.c
M src/openvpn/event.c
M src/openvpn/forward.c
M src/openvpn/gremlin.c
M src/openvpn/httpdigest.c
M src/openvpn/init.c
M src/openvpn/interval.c
M src/openvpn/lzo.c
M src/openvpn/manage.c
M src/openvpn/mbuf.c
M src/openvpn/misc.c
M src/openvpn/mroute.c
M src/openvpn/mss.c
M src/openvpn/mtcp.c
M src/openvpn/mtu.c
M src/openvpn/mudp.c
M src/openvpn/multi.c
M src/openvpn/networking_sitnl.c
M src/openvpn/ntlm.c
M src/openvpn/occ.c
M src/openvpn/openssl_compat.h
M src/openvpn/options.c
M src/openvpn/options_util.c
M src/openvpn/otime.c
M src/openvpn/otime.h
M src/openvpn/packet_id.c
M src/openvpn/packet_id.h
M src/openvpn/pkcs11.c
M src/openvpn/pkcs11_openssl.c
M src/openvpn/proxy.c
M src/openvpn/ps.c
M src/openvpn/push.c
M src/openvpn/push_util.c
M src/openvpn/reliable.c
M src/openvpn/route.c
M src/openvpn/schedule.c
M src/openvpn/socket.c
M src/openvpn/socks.c
M src/openvpn/ssl.c
M src/openvpn/ssl_mbedtls.c
M src/openvpn/ssl_ncp.c
M src/openvpn/ssl_openssl.c
M src/openvpn/ssl_pkt.c
M src/openvpn/ssl_util.c
M src/openvpn/ssl_verify.c
M src/openvpn/ssl_verify_mbedtls.c
M src/openvpn/ssl_verify_openssl.c
M src/openvpn/status.c
M src/openvpn/tls_crypt.c
M src/openvpn/tun.c
M src/openvpn/vlan.c
M src/openvpn/win32.c
M src/openvpnserv/interactive.c
M tests/unit_tests/openvpn/test_crypto.c
M tests/unit_tests/openvpn/test_misc.c
M tests/unit_tests/openvpn/test_ssl.c
70 files changed, 675 insertions(+), 3 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/68/1168/9
diff --git a/CMakeLists.txt b/CMakeLists.txt
index f027b01..51f4221 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -113,8 +113,7 @@
check_and_add_compiler_flag(-Wno-stringop-truncation NoStringOpTruncation)
check_and_add_compiler_flag(-Wstrict-prototypes StrictPrototypes)
check_and_add_compiler_flag(-Wold-style-definition OldStyleDefinition)
- # We are not ready for this
- #add_compile_options(-Wconversion -Wno-sign-conversion -Wsign-compare)
+ add_compile_options(-Wconversion -Wno-sign-conversion)
if (USE_WERROR)
add_compile_options(-Werror)
endif ()
diff --git a/configure.ac b/configure.ac
index 7059871..957205e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1396,6 +1396,7 @@
ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-stringop-truncation])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wstrict-prototypes])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wold-style-definition])
+ACL_CHECK_ADD_COMPILE_FLAGS([-Wconversion -Wno-sign-conversion])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wall])
if test "${enable_pedantic}" = "yes"; then
diff --git a/src/openvpn/base64.c b/src/openvpn/base64.c
index 54d5b79..2a5a46d 100644
--- a/src/openvpn/base64.c
+++ b/src/openvpn/base64.c
@@ -41,6 +41,11 @@
#include "memdbg.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static char base64_chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
/*
* base64 encode input data of length size to malloced
@@ -197,3 +202,7 @@
}
return q - (unsigned char *)data;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/comp-lz4.c b/src/openvpn/comp-lz4.c
index 6736469..a78c664 100644
--- a/src/openvpn/comp-lz4.c
+++ b/src/openvpn/comp-lz4.c
@@ -88,6 +88,11 @@
compv2_escape_data_ifneeded(buf);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
do_lz4_decompress(size_t zlen_max, struct buffer *work, struct buffer *buf,
struct compress_context *compctx)
@@ -113,6 +118,10 @@
*buf = *work;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
lz4_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx,
const struct frame *frame)
diff --git a/src/openvpn/console_builtin.c b/src/openvpn/console_builtin.c
index b0228dd..71c0025 100644
--- a/src/openvpn/console_builtin.c
+++ b/src/openvpn/console_builtin.c
@@ -45,6 +45,11 @@
#include "win32.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* Get input from a Windows console.
*
@@ -134,6 +139,10 @@
return false;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* _WIN32 */
@@ -264,6 +273,10 @@
return ret;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
/**
* @copydoc query_user_exec()
@@ -296,3 +309,7 @@
return ret;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index a63e543..804d2ad 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -186,6 +186,11 @@
return;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
openvpn_encrypt_v1(struct buffer *buf, struct buffer work, struct crypto_options *opt)
{
@@ -1532,6 +1537,10 @@
gc_free(&gc);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
write_key_file(const int nkeys, const char *filename)
{
diff --git a/src/openvpn/crypto_epoch.c b/src/openvpn/crypto_epoch.c
index b5cbc8d..7026ff8 100644
--- a/src/openvpn/crypto_epoch.c
+++ b/src/openvpn/crypto_epoch.c
@@ -72,6 +72,11 @@
hmac_ctx_free(hmac_ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
ovpn_expand_label(const uint8_t *secret, size_t secret_len, const uint8_t *label, size_t label_len,
const uint8_t *context, size_t context_len, uint8_t *out, uint16_t out_len)
@@ -163,6 +168,10 @@
key->epoch = epoch_key->epoch;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
epoch_init_send_key_ctx(struct crypto_options *co)
{
diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c
index 86317dd..40978d9 100644
--- a/src/openvpn/crypto_mbedtls.c
+++ b/src/openvpn/crypto_mbedtls.c
@@ -230,6 +230,11 @@
"available\n");
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
crypto_pem_encode(const char *name, struct buffer *dst, const struct buffer *src,
struct gc_arena *gc)
@@ -760,6 +765,9 @@
return 1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
/*
*
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index 4fb6393..f1bfd9f 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -895,6 +895,10 @@
return EVP_CIPHER_CTX_mode(ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
bool
cipher_ctx_mode_cbc(const cipher_ctx_t *ctx)
@@ -999,6 +1003,9 @@
return cipher_ctx_final(ctx, dst, dst_len);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
/*
*
@@ -1214,12 +1221,21 @@
HMAC_CTX_reset(ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
hmac_ctx_size(HMAC_CTX *ctx)
{
return HMAC_size(ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
hmac_ctx_reset(HMAC_CTX *ctx)
{
diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c
index d91d9a1..bba6ed2 100644
--- a/src/openvpn/cryptoapi.c
+++ b/src/openvpn/cryptoapi.c
@@ -62,7 +62,7 @@
return 0;
}
-#else /* HAVE_XKEY_PROVIDER */
+#else /* HAVE_XKEY_PROVIDER */
static XKEY_EXTERNAL_SIGN_fn xkey_cng_sign;
@@ -342,6 +342,11 @@
return rv;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/** Sign hash in tbs using EC key in cd and NCryptSignHash */
static int
xkey_cng_ec_sign(CAPI_DATA *cd, unsigned char *sig, size_t *siglen, const unsigned char *tbs,
@@ -438,6 +443,10 @@
return (*siglen > 0);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/** Dispatch sign op to xkey_cng_<rsa/ec>_sign */
static int
xkey_cng_sign(void *handle, unsigned char *sig, size_t *siglen, const unsigned char *tbs,
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 1abebbb..fc45e67 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -491,6 +491,11 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
dco_p2p_add_new_peer(struct context *c)
{
@@ -645,6 +650,10 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
dco_install_iroute(struct multi_context *m, struct multi_instance *mi, struct mroute_addr *addr)
{
diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c
index 931f9f6..0bdad14 100644
--- a/src/openvpn/dco_freebsd.c
+++ b/src/openvpn/dco_freebsd.c
@@ -72,6 +72,11 @@
return (nvl);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static bool
nvlist_to_sockaddr(const nvlist_t *nvl, struct sockaddr_storage *ss)
{
@@ -854,6 +859,10 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err)
{
diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c
index 40674e7..3b08f33 100644
--- a/src/openvpn/dco_linux.c
+++ b/src/openvpn/dco_linux.c
@@ -62,6 +62,11 @@
typedef int (*ovpn_nl_cb)(struct nl_msg *msg, void *arg);
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* @brief resolves the netlink ID for ovpn-dco
*
@@ -1298,4 +1303,8 @@
return "AES-128-GCM:AES-256-GCM:AES-192-GCM:CHACHA20-POLY1305";
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* defined(ENABLE_DCO) && defined(TARGET_LINUX) */
diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c
index 01ba017..1dc5cf8 100644
--- a/src/openvpn/dco_win.c
+++ b/src/openvpn/dco_win.c
@@ -525,6 +525,11 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
dco_new_key(dco_context_t *dco, unsigned int peerid, int keyid, dco_key_slot_t slot,
const uint8_t *encrypt_key, const uint8_t *encrypt_iv, const uint8_t *decrypt_key,
@@ -564,6 +569,11 @@
}
return 0;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
dco_del_key(dco_context_t *dco, unsigned int peerid, dco_key_slot_t slot)
{
diff --git a/src/openvpn/dhcp.c b/src/openvpn/dhcp.c
index 7abade5..38e8d40 100644
--- a/src/openvpn/dhcp.c
+++ b/src/openvpn/dhcp.c
@@ -72,6 +72,11 @@
return -1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static in_addr_t
do_extract(struct dhcp *dhcp, int optlen)
{
@@ -185,3 +190,7 @@
}
return 0;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/event.c b/src/openvpn/event.c
index 581bdbb..2f60b78 100644
--- a/src/openvpn/event.c
+++ b/src/openvpn/event.c
@@ -65,6 +65,11 @@
#define SELECT_MAX_FDS 256
#endif
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline int
tv_to_ms_timeout(const struct timeval *tv)
{
@@ -78,6 +83,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#ifdef _WIN32
struct we_set
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 03b6a0c..5dc244a 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -367,6 +367,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
send_control_channel_string_dowork(struct tls_session *session, const char *str, int msglevel)
{
@@ -1965,6 +1970,10 @@
perf_pop();
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
pre_select(struct context *c)
{
diff --git a/src/openvpn/gremlin.c b/src/openvpn/gremlin.c
index e6ebbef..0e5e93f 100644
--- a/src/openvpn/gremlin.c
+++ b/src/openvpn/gremlin.c
@@ -98,6 +98,11 @@
return (get_random() % n) == 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Return uniformly distributed random number between
* low and high.
@@ -229,4 +234,9 @@
}
}
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* ifdef ENABLE_DEBUG */
diff --git a/src/openvpn/httpdigest.c b/src/openvpn/httpdigest.c
index be20638..f665b17 100644
--- a/src/openvpn/httpdigest.c
+++ b/src/openvpn/httpdigest.c
@@ -61,6 +61,11 @@
Hex[HASHHEXLEN] = '\0';
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/* calculate H(A1) as per spec */
void
DigestCalcHA1(IN char *pszAlg, IN char *pszUserName, IN char *pszRealm, IN char *pszPassword,
@@ -145,4 +150,8 @@
CvtHex(RespHash, Response);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* if PROXY_DIGEST_AUTH */
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 39ea8e4..fcb3365 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -455,6 +455,11 @@
}
#endif /* ENABLE_MANAGEMENT */
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Initialize and possibly randomize the connection list.
*
@@ -3490,6 +3495,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* No encryption or authentication.
*/
diff --git a/src/openvpn/interval.c b/src/openvpn/interval.c
index 2b35314..fbefcd9 100644
--- a/src/openvpn/interval.c
+++ b/src/openvpn/interval.c
@@ -38,6 +38,11 @@
top->horizon = horizon;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
event_timeout_trigger(struct event_timeout *et, struct timeval *tv, const int et_const_retry)
{
@@ -77,3 +82,7 @@
}
return ret;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/lzo.c b/src/openvpn/lzo.c
index 3a73d5f..8daaec0 100644
--- a/src/openvpn/lzo.c
+++ b/src/openvpn/lzo.c
@@ -72,6 +72,11 @@
*header = NO_COMPRESS_BYTE;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
lzo_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx,
const struct frame *frame)
@@ -121,6 +126,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
const struct compress_alg lzo_alg = { "lzo", lzo_compress_init, lzo_compress_uninit, lzo_compress,
lzo_decompress };
#endif /* ENABLE_LZO */
diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index 114e4c6..134e7da 100644
--- a/src/openvpn/manage.c
+++ b/src/openvpn/manage.c
@@ -206,6 +206,11 @@
return man->settings.up.defined && !man->connection.password_verified;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
man_check_password(struct management *man, const char *line)
{
@@ -4231,6 +4236,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#else /* ifdef ENABLE_MANAGEMENT */
#include "win32.h"
diff --git a/src/openvpn/mbuf.c b/src/openvpn/mbuf.c
index 0750fec..448124c 100644
--- a/src/openvpn/mbuf.c
+++ b/src/openvpn/mbuf.c
@@ -34,6 +34,11 @@
#include "memdbg.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
struct mbuf_set *
mbuf_init(unsigned int size)
{
@@ -44,6 +49,10 @@
return ret;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
mbuf_free(struct mbuf_set *ms)
{
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index 59bf52b..e24d441 100644
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -72,6 +72,11 @@
#endif
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
#ifdef ENABLE_MANAGEMENT
/* Get username/password from the management interface */
static bool
@@ -461,6 +466,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
purge_user_pass(struct user_pass *up, const bool force)
{
diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c
index ab01874..88ea647 100644
--- a/src/openvpn/mroute.c
+++ b/src/openvpn/mroute.c
@@ -103,6 +103,11 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline void
mroute_get_in_addr_t(struct mroute_addr *ma, const in_addr_t src, unsigned int mask)
{
@@ -547,6 +552,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
mroute_helper_free(struct mroute_helper *mh)
{
diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c
index 32cd3f8..e7111a8 100644
--- a/src/openvpn/mss.c
+++ b/src/openvpn/mss.c
@@ -130,6 +130,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* change TCP MSS option in SYN/SYN-ACK packets, if present
* this is generic for IPv4 and IPv6, as the TCP header is the same
@@ -199,6 +204,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static inline size_t
adjust_payload_max_cbc(const struct key_type *kt, size_t target)
{
diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c
index 81310a2..83edec6 100644
--- a/src/openvpn/mtcp.c
+++ b/src/openvpn/mtcp.c
@@ -45,6 +45,11 @@
unsigned int sock;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
struct multi_instance *
multi_create_instance_tcp(struct multi_context *m, struct link_socket *sock)
{
@@ -120,6 +125,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
multi_tcp_instance_specific_free(struct multi_instance *mi)
{
diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c
index a419e32..1e021e3 100644
--- a/src/openvpn/mtu.c
+++ b/src/openvpn/mtu.c
@@ -280,6 +280,11 @@
struct timeval tv;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
const char *
format_extended_socket_error(int fd, int *mtu, struct gc_arena *gc)
{
@@ -389,6 +394,10 @@
return BSTR(&out);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
set_sock_extended_error_passing(int sd, sa_family_t proto_af)
{
diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c
index 31134be..a373a6a 100644
--- a/src/openvpn/mudp.c
+++ b/src/openvpn/mudp.c
@@ -180,6 +180,11 @@
return false;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Get a client instance based on real address. If
* the instance doesn't exist, create it while
@@ -310,6 +315,10 @@
return mi;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* Send a packet to UDP socket.
*/
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index 85975ff..e3bc445 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -262,6 +262,11 @@
#endif
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
#ifdef ENABLE_ASYNC_PUSH
static uint32_t
/*
@@ -3986,6 +3991,10 @@
return count;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
management_delete_event(void *arg, event_t event)
{
diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c
index 4210e92..168401f 100644
--- a/src/openvpn/networking_sitnl.c
+++ b/src/openvpn/networking_sitnl.c
@@ -130,6 +130,11 @@
inet_address_t gw;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* Helper function used to easily add attributes to a rtnl message
*/
@@ -1461,6 +1466,10 @@
return sitnl_send(&req.n, 0, 0, NULL, NULL);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* !ENABLE_SITNL */
#endif /* TARGET_LINUX */
diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c
index c2a93e8..521677b 100644
--- a/src/openvpn/ntlm.c
+++ b/src/openvpn/ntlm.c
@@ -74,6 +74,11 @@
hmac_ctx_free(hmac_ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
gen_timestamp(uint8_t *timestamp)
{
@@ -383,4 +388,8 @@
return ((const char *)make_base64_string2((unsigned char *)phase3, phase3_bufpos, gc));
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
#endif /* if NTLM */
diff --git a/src/openvpn/occ.c b/src/openvpn/occ.c
index 8821a06..78013ae 100644
--- a/src/openvpn/occ.c
+++ b/src/openvpn/occ.c
@@ -174,6 +174,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
void
check_send_occ_load_test_dowork(struct context *c)
{
@@ -347,6 +352,10 @@
c->c2.occ_op = -1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
process_received_occ_msg(struct context *c)
{
diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h
index 143a3cf..6607f2d 100644
--- a/src/openvpn/openssl_compat.h
+++ b/src/openvpn/openssl_compat.h
@@ -194,12 +194,21 @@
LIBRESSL_VERSION_NUMBER > 0x3050400fL) */
#if OPENSSL_VERSION_NUMBER < 0x30200000L && OPENSSL_VERSION_NUMBER >= 0x30000000L
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline const char *
SSL_get0_group_name(SSL *s)
{
int nid = SSL_get_negotiated_group(s);
return SSL_group_to_name(s, nid);
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
#endif
#endif /* OPENSSL_COMPAT_H_ */
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 0616a17..e87f596 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -1158,6 +1158,11 @@
return get_ipv6_addr(ipv6_prefix_spec, &t_addr, &t_bits, M_WARN);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static char *
string_substitute(const char *src, int from, int to, struct gc_arena *gc)
{
@@ -9907,6 +9912,10 @@
gc_free(&gc);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
bool
has_udp_in_local_list(const struct options *options)
{
diff --git a/src/openvpn/options_util.c b/src/openvpn/options_util.c
index 28f1f9e..0f81435 100644
--- a/src/openvpn/options_util.c
+++ b/src/openvpn/options_util.c
@@ -146,6 +146,11 @@
return (int)i;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
atoi_constrained(const char *str, int *value, const char *name, int min, int max, int msglevel)
{
@@ -177,6 +182,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static const char *updatable_options[] = { "block-ipv6", "block-outside-dns",
"dhcp-option", "dns",
"ifconfig", "ifconfig-ipv6",
diff --git a/src/openvpn/otime.c b/src/openvpn/otime.c
index 717f749..d9bf157 100644
--- a/src/openvpn/otime.c
+++ b/src/openvpn/otime.c
@@ -100,6 +100,11 @@
/* format a time_t as ascii, or use current time if 0 */
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
const char *
time_string(time_t t, long usec, bool show_usec, struct gc_arena *gc)
{
@@ -130,6 +135,10 @@
return BSTR(&out);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* Limit the frequency of an event stream.
*
diff --git a/src/openvpn/otime.h b/src/openvpn/otime.h
index 5c700bb..108d0f2 100644
--- a/src/openvpn/otime.h
+++ b/src/openvpn/otime.h
@@ -59,6 +59,11 @@
extern time_t now_usec;
void update_now_usec(struct timeval *tv);
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline int
openvpn_gettimeofday(struct timeval *tv, void *tz)
{
@@ -236,6 +241,10 @@
dest->tv_usec = usec;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#define TV_WITHIN_SIGMA_MAX_SEC 600
#define TV_WITHIN_SIGMA_MAX_USEC (TV_WITHIN_SIGMA_MAX_SEC * 1000000)
diff --git a/src/openvpn/packet_id.c b/src/openvpn/packet_id.c
index 09696db..0b33c9c 100644
--- a/src/openvpn/packet_id.c
+++ b/src/openvpn/packet_id.c
@@ -71,6 +71,11 @@
#endif
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
packet_id_init_recv(struct packet_id_rec *rec, int seq_backtrack, int time_backtrack,
const char *name, int unit)
@@ -662,6 +667,10 @@
return epoch;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
bool
packet_id_write_epoch(struct packet_id_send *p, uint16_t epoch, struct buffer *buf)
{
diff --git a/src/openvpn/packet_id.h b/src/openvpn/packet_id.h
index a7eb256..e9d3647 100644
--- a/src/openvpn/packet_id.h
+++ b/src/openvpn/packet_id.h
@@ -280,6 +280,11 @@
return p->fd >= 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/* transfer packet_id -> packet_id_persist */
static inline void
packet_id_persist_save_obj(struct packet_id_persist *p, const struct packet_id *pid)
@@ -291,6 +296,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/**
* Reset the current send packet id to its initial state.
* Use very carefully (e.g. in the standalone reset packet context) to
diff --git a/src/openvpn/pkcs11.c b/src/openvpn/pkcs11.c
index dfc87f6..d9c16d9 100644
--- a/src/openvpn/pkcs11.c
+++ b/src/openvpn/pkcs11.c
@@ -53,6 +53,11 @@
}
#endif
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
__mysleep(const unsigned long usec)
{
@@ -558,6 +563,10 @@
return success;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
tls_ctx_use_pkcs11(struct tls_root_ctx *const ssl_ctx, bool pkcs11_id_management,
const char *const pkcs11_id)
diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11_openssl.c
index a912747..70349aa 100644
--- a/src/o...
[truncated message content] |
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-09-15 13:00:34
|
Attention is currently required from: plaisthos.
Hello plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1168?usp=email
to look at the new patch set (#10).
Change subject: Enable -Wconversion -Wno-sign-conversion by default
......................................................................
Enable -Wconversion -Wno-sign-conversion by default
Grand-father all known locations of existing errors,
so that -Werror builds still pass and we do not spam
build logs.
Still, this should give us a much better roadmap to
work on these issues one by one while still enabling
the warnings for a lot of code-paths.
In general I did go for least amount of pragmas, so
usually there is only one override per file, covering
ALL of the failures in that file. While this protects
a lot of code that doesn't need it, it also cut down
the amount of pragmas by a lot.
This does cover gcc builds including mingw and clang
builds. Does not cover MSVC.
Once the amount of issues has been suitable reduced
more warnings could be enabled.
Change-Id: Iad5b00c35a1f1993b1fa99e8b945ab17b230ef59
Signed-off-by: Frank Lichtenheld <fr...@li...>
---
M CMakeLists.txt
M configure.ac
M src/openvpn/base64.c
M src/openvpn/comp-lz4.c
M src/openvpn/console_builtin.c
M src/openvpn/crypto.c
M src/openvpn/crypto_epoch.c
M src/openvpn/crypto_mbedtls.c
M src/openvpn/crypto_openssl.c
M src/openvpn/cryptoapi.c
M src/openvpn/dco.c
M src/openvpn/dco_freebsd.c
M src/openvpn/dco_linux.c
M src/openvpn/dco_win.c
M src/openvpn/dhcp.c
M src/openvpn/event.c
M src/openvpn/forward.c
M src/openvpn/gremlin.c
M src/openvpn/httpdigest.c
M src/openvpn/init.c
M src/openvpn/interval.c
M src/openvpn/lzo.c
M src/openvpn/manage.c
M src/openvpn/mbuf.c
M src/openvpn/misc.c
M src/openvpn/mroute.c
M src/openvpn/mss.c
M src/openvpn/mtcp.c
M src/openvpn/mtu.c
M src/openvpn/mudp.c
M src/openvpn/multi.c
M src/openvpn/networking_sitnl.c
M src/openvpn/ntlm.c
M src/openvpn/occ.c
M src/openvpn/openssl_compat.h
M src/openvpn/options.c
M src/openvpn/options_util.c
M src/openvpn/otime.c
M src/openvpn/otime.h
M src/openvpn/packet_id.c
M src/openvpn/packet_id.h
M src/openvpn/pkcs11.c
M src/openvpn/pkcs11_openssl.c
M src/openvpn/proxy.c
M src/openvpn/ps.c
M src/openvpn/push.c
M src/openvpn/push_util.c
M src/openvpn/reliable.c
M src/openvpn/route.c
M src/openvpn/schedule.c
M src/openvpn/socket.c
M src/openvpn/socks.c
M src/openvpn/ssl.c
M src/openvpn/ssl_mbedtls.c
M src/openvpn/ssl_ncp.c
M src/openvpn/ssl_openssl.c
M src/openvpn/ssl_pkt.c
M src/openvpn/ssl_util.c
M src/openvpn/ssl_verify.c
M src/openvpn/ssl_verify_mbedtls.c
M src/openvpn/ssl_verify_openssl.c
M src/openvpn/status.c
M src/openvpn/tls_crypt.c
M src/openvpn/tun.c
M src/openvpn/vlan.c
M src/openvpn/win32.c
M src/openvpnserv/interactive.c
M tests/unit_tests/openvpn/test_crypto.c
M tests/unit_tests/openvpn/test_misc.c
M tests/unit_tests/openvpn/test_ssl.c
70 files changed, 684 insertions(+), 3 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/68/1168/10
diff --git a/CMakeLists.txt b/CMakeLists.txt
index f027b01..51f4221 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -113,8 +113,7 @@
check_and_add_compiler_flag(-Wno-stringop-truncation NoStringOpTruncation)
check_and_add_compiler_flag(-Wstrict-prototypes StrictPrototypes)
check_and_add_compiler_flag(-Wold-style-definition OldStyleDefinition)
- # We are not ready for this
- #add_compile_options(-Wconversion -Wno-sign-conversion -Wsign-compare)
+ add_compile_options(-Wconversion -Wno-sign-conversion)
if (USE_WERROR)
add_compile_options(-Werror)
endif ()
diff --git a/configure.ac b/configure.ac
index 7059871..957205e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1396,6 +1396,7 @@
ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-stringop-truncation])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wstrict-prototypes])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wold-style-definition])
+ACL_CHECK_ADD_COMPILE_FLAGS([-Wconversion -Wno-sign-conversion])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wall])
if test "${enable_pedantic}" = "yes"; then
diff --git a/src/openvpn/base64.c b/src/openvpn/base64.c
index 54d5b79..2a5a46d 100644
--- a/src/openvpn/base64.c
+++ b/src/openvpn/base64.c
@@ -41,6 +41,11 @@
#include "memdbg.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static char base64_chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
/*
* base64 encode input data of length size to malloced
@@ -197,3 +202,7 @@
}
return q - (unsigned char *)data;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/comp-lz4.c b/src/openvpn/comp-lz4.c
index 6736469..a78c664 100644
--- a/src/openvpn/comp-lz4.c
+++ b/src/openvpn/comp-lz4.c
@@ -88,6 +88,11 @@
compv2_escape_data_ifneeded(buf);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
do_lz4_decompress(size_t zlen_max, struct buffer *work, struct buffer *buf,
struct compress_context *compctx)
@@ -113,6 +118,10 @@
*buf = *work;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
lz4_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx,
const struct frame *frame)
diff --git a/src/openvpn/console_builtin.c b/src/openvpn/console_builtin.c
index b0228dd..71c0025 100644
--- a/src/openvpn/console_builtin.c
+++ b/src/openvpn/console_builtin.c
@@ -45,6 +45,11 @@
#include "win32.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* Get input from a Windows console.
*
@@ -134,6 +139,10 @@
return false;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* _WIN32 */
@@ -264,6 +273,10 @@
return ret;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
/**
* @copydoc query_user_exec()
@@ -296,3 +309,7 @@
return ret;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 4c0f684..1535c78 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -186,6 +186,11 @@
return;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
openvpn_encrypt_v1(struct buffer *buf, struct buffer work, struct crypto_options *opt)
{
@@ -1532,6 +1537,10 @@
gc_free(&gc);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
write_key_file(const int nkeys, const char *filename)
{
diff --git a/src/openvpn/crypto_epoch.c b/src/openvpn/crypto_epoch.c
index b5cbc8d..7026ff8 100644
--- a/src/openvpn/crypto_epoch.c
+++ b/src/openvpn/crypto_epoch.c
@@ -72,6 +72,11 @@
hmac_ctx_free(hmac_ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
ovpn_expand_label(const uint8_t *secret, size_t secret_len, const uint8_t *label, size_t label_len,
const uint8_t *context, size_t context_len, uint8_t *out, uint16_t out_len)
@@ -163,6 +168,10 @@
key->epoch = epoch_key->epoch;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
epoch_init_send_key_ctx(struct crypto_options *co)
{
diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c
index 2423435..0c15812 100644
--- a/src/openvpn/crypto_mbedtls.c
+++ b/src/openvpn/crypto_mbedtls.c
@@ -230,6 +230,11 @@
"available\n");
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
crypto_pem_encode(const char *name, struct buffer *dst, const struct buffer *src,
struct gc_arena *gc)
@@ -760,6 +765,9 @@
return 1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
/*
*
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index 98fe37f..19ca88c 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -895,6 +895,10 @@
return EVP_CIPHER_CTX_mode(ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
bool
cipher_ctx_mode_cbc(const cipher_ctx_t *ctx)
@@ -999,6 +1003,9 @@
return cipher_ctx_final(ctx, dst, dst_len);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
/*
*
@@ -1214,12 +1221,21 @@
HMAC_CTX_reset(ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
hmac_ctx_size(HMAC_CTX *ctx)
{
return HMAC_size(ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
hmac_ctx_reset(HMAC_CTX *ctx)
{
diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c
index d91d9a1..bba6ed2 100644
--- a/src/openvpn/cryptoapi.c
+++ b/src/openvpn/cryptoapi.c
@@ -62,7 +62,7 @@
return 0;
}
-#else /* HAVE_XKEY_PROVIDER */
+#else /* HAVE_XKEY_PROVIDER */
static XKEY_EXTERNAL_SIGN_fn xkey_cng_sign;
@@ -342,6 +342,11 @@
return rv;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/** Sign hash in tbs using EC key in cd and NCryptSignHash */
static int
xkey_cng_ec_sign(CAPI_DATA *cd, unsigned char *sig, size_t *siglen, const unsigned char *tbs,
@@ -438,6 +443,10 @@
return (*siglen > 0);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/** Dispatch sign op to xkey_cng_<rsa/ec>_sign */
static int
xkey_cng_sign(void *handle, unsigned char *sig, size_t *siglen, const unsigned char *tbs,
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 70a8c0a..823b4f9 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -491,6 +491,11 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
dco_p2p_add_new_peer(struct context *c)
{
@@ -645,6 +650,10 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
dco_install_iroute(struct multi_context *m, struct multi_instance *mi, struct mroute_addr *addr)
{
diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c
index 65303cd..56a774d 100644
--- a/src/openvpn/dco_freebsd.c
+++ b/src/openvpn/dco_freebsd.c
@@ -72,6 +72,11 @@
return (nvl);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static bool
nvlist_to_sockaddr(const nvlist_t *nvl, struct sockaddr_storage *ss)
{
@@ -854,6 +859,10 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err)
{
diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c
index 40674e7..3b08f33 100644
--- a/src/openvpn/dco_linux.c
+++ b/src/openvpn/dco_linux.c
@@ -62,6 +62,11 @@
typedef int (*ovpn_nl_cb)(struct nl_msg *msg, void *arg);
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* @brief resolves the netlink ID for ovpn-dco
*
@@ -1298,4 +1303,8 @@
return "AES-128-GCM:AES-256-GCM:AES-192-GCM:CHACHA20-POLY1305";
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* defined(ENABLE_DCO) && defined(TARGET_LINUX) */
diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c
index 01ba017..1dc5cf8 100644
--- a/src/openvpn/dco_win.c
+++ b/src/openvpn/dco_win.c
@@ -525,6 +525,11 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
dco_new_key(dco_context_t *dco, unsigned int peerid, int keyid, dco_key_slot_t slot,
const uint8_t *encrypt_key, const uint8_t *encrypt_iv, const uint8_t *decrypt_key,
@@ -564,6 +569,11 @@
}
return 0;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
dco_del_key(dco_context_t *dco, unsigned int peerid, dco_key_slot_t slot)
{
diff --git a/src/openvpn/dhcp.c b/src/openvpn/dhcp.c
index 7abade5..38e8d40 100644
--- a/src/openvpn/dhcp.c
+++ b/src/openvpn/dhcp.c
@@ -72,6 +72,11 @@
return -1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static in_addr_t
do_extract(struct dhcp *dhcp, int optlen)
{
@@ -185,3 +190,7 @@
}
return 0;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/event.c b/src/openvpn/event.c
index 581bdbb..2f60b78 100644
--- a/src/openvpn/event.c
+++ b/src/openvpn/event.c
@@ -65,6 +65,11 @@
#define SELECT_MAX_FDS 256
#endif
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline int
tv_to_ms_timeout(const struct timeval *tv)
{
@@ -78,6 +83,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#ifdef _WIN32
struct we_set
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 5d22fa3..e82b544 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -367,6 +367,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
send_control_channel_string_dowork(struct tls_session *session, const char *str, int msglevel)
{
@@ -1965,6 +1970,10 @@
perf_pop();
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
pre_select(struct context *c)
{
diff --git a/src/openvpn/gremlin.c b/src/openvpn/gremlin.c
index e6ebbef..0e5e93f 100644
--- a/src/openvpn/gremlin.c
+++ b/src/openvpn/gremlin.c
@@ -98,6 +98,11 @@
return (get_random() % n) == 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Return uniformly distributed random number between
* low and high.
@@ -229,4 +234,9 @@
}
}
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* ifdef ENABLE_DEBUG */
diff --git a/src/openvpn/httpdigest.c b/src/openvpn/httpdigest.c
index be20638..f665b17 100644
--- a/src/openvpn/httpdigest.c
+++ b/src/openvpn/httpdigest.c
@@ -61,6 +61,11 @@
Hex[HASHHEXLEN] = '\0';
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/* calculate H(A1) as per spec */
void
DigestCalcHA1(IN char *pszAlg, IN char *pszUserName, IN char *pszRealm, IN char *pszPassword,
@@ -145,4 +150,8 @@
CvtHex(RespHash, Response);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* if PROXY_DIGEST_AUTH */
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 2821cd4..24aebc0 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -455,6 +455,11 @@
}
#endif /* ENABLE_MANAGEMENT */
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Initialize and possibly randomize the connection list.
*
@@ -3490,6 +3495,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* No encryption or authentication.
*/
diff --git a/src/openvpn/interval.c b/src/openvpn/interval.c
index 2b35314..fbefcd9 100644
--- a/src/openvpn/interval.c
+++ b/src/openvpn/interval.c
@@ -38,6 +38,11 @@
top->horizon = horizon;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
event_timeout_trigger(struct event_timeout *et, struct timeval *tv, const int et_const_retry)
{
@@ -77,3 +82,7 @@
}
return ret;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/lzo.c b/src/openvpn/lzo.c
index 3a73d5f..8daaec0 100644
--- a/src/openvpn/lzo.c
+++ b/src/openvpn/lzo.c
@@ -72,6 +72,11 @@
*header = NO_COMPRESS_BYTE;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
lzo_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx,
const struct frame *frame)
@@ -121,6 +126,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
const struct compress_alg lzo_alg = { "lzo", lzo_compress_init, lzo_compress_uninit, lzo_compress,
lzo_decompress };
#endif /* ENABLE_LZO */
diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index 4decdfe..4f37bd2 100644
--- a/src/openvpn/manage.c
+++ b/src/openvpn/manage.c
@@ -206,6 +206,11 @@
return man->settings.up.defined && !man->connection.password_verified;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
man_check_password(struct management *man, const char *line)
{
@@ -236,6 +241,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
man_update_io_state(struct management *man)
{
@@ -2305,6 +2314,11 @@
#endif /* ifdef TARGET_ANDROID */
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static int
man_read(struct management *man)
{
@@ -2442,6 +2456,10 @@
return sent;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
man_connection_clear(struct man_connection *mc)
{
diff --git a/src/openvpn/mbuf.c b/src/openvpn/mbuf.c
index 0750fec..448124c 100644
--- a/src/openvpn/mbuf.c
+++ b/src/openvpn/mbuf.c
@@ -34,6 +34,11 @@
#include "memdbg.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
struct mbuf_set *
mbuf_init(unsigned int size)
{
@@ -44,6 +49,10 @@
return ret;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
mbuf_free(struct mbuf_set *ms)
{
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index 59bf52b..e24d441 100644
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -72,6 +72,11 @@
#endif
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
#ifdef ENABLE_MANAGEMENT
/* Get username/password from the management interface */
static bool
@@ -461,6 +466,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
purge_user_pass(struct user_pass *up, const bool force)
{
diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c
index ab01874..88ea647 100644
--- a/src/openvpn/mroute.c
+++ b/src/openvpn/mroute.c
@@ -103,6 +103,11 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline void
mroute_get_in_addr_t(struct mroute_addr *ma, const in_addr_t src, unsigned int mask)
{
@@ -547,6 +552,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
mroute_helper_free(struct mroute_helper *mh)
{
diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c
index 32cd3f8..e7111a8 100644
--- a/src/openvpn/mss.c
+++ b/src/openvpn/mss.c
@@ -130,6 +130,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* change TCP MSS option in SYN/SYN-ACK packets, if present
* this is generic for IPv4 and IPv6, as the TCP header is the same
@@ -199,6 +204,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static inline size_t
adjust_payload_max_cbc(const struct key_type *kt, size_t target)
{
diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c
index 81310a2..83edec6 100644
--- a/src/openvpn/mtcp.c
+++ b/src/openvpn/mtcp.c
@@ -45,6 +45,11 @@
unsigned int sock;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
struct multi_instance *
multi_create_instance_tcp(struct multi_context *m, struct link_socket *sock)
{
@@ -120,6 +125,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
multi_tcp_instance_specific_free(struct multi_instance *mi)
{
diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c
index a419e32..1e021e3 100644
--- a/src/openvpn/mtu.c
+++ b/src/openvpn/mtu.c
@@ -280,6 +280,11 @@
struct timeval tv;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
const char *
format_extended_socket_error(int fd, int *mtu, struct gc_arena *gc)
{
@@ -389,6 +394,10 @@
return BSTR(&out);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
set_sock_extended_error_passing(int sd, sa_family_t proto_af)
{
diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c
index 31134be..a373a6a 100644
--- a/src/openvpn/mudp.c
+++ b/src/openvpn/mudp.c
@@ -180,6 +180,11 @@
return false;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Get a client instance based on real address. If
* the instance doesn't exist, create it while
@@ -310,6 +315,10 @@
return mi;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* Send a packet to UDP socket.
*/
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index 6e4cc42..579eeea 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -262,6 +262,11 @@
#endif
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
#ifdef ENABLE_ASYNC_PUSH
static uint32_t
/*
@@ -3988,6 +3993,10 @@
return count;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
management_delete_event(void *arg, event_t event)
{
diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c
index 4210e92..168401f 100644
--- a/src/openvpn/networking_sitnl.c
+++ b/src/openvpn/networking_sitnl.c
@@ -130,6 +130,11 @@
inet_address_t gw;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* Helper function used to easily add attributes to a rtnl message
*/
@@ -1461,6 +1466,10 @@
return sitnl_send(&req.n, 0, 0, NULL, NULL);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* !ENABLE_SITNL */
#endif /* TARGET_LINUX */
diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c
index c2a93e8..521677b 100644
--- a/src/openvpn/ntlm.c
+++ b/src/openvpn/ntlm.c
@@ -74,6 +74,11 @@
hmac_ctx_free(hmac_ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
gen_timestamp(uint8_t *timestamp)
{
@@ -383,4 +388,8 @@
return ((const char *)make_base64_string2((unsigned char *)phase3, phase3_bufpos, gc));
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
#endif /* if NTLM */
diff --git a/src/openvpn/occ.c b/src/openvpn/occ.c
index 8821a06..78013ae 100644
--- a/src/openvpn/occ.c
+++ b/src/openvpn/occ.c
@@ -174,6 +174,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
void
check_send_occ_load_test_dowork(struct context *c)
{
@@ -347,6 +352,10 @@
c->c2.occ_op = -1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
process_received_occ_msg(struct context *c)
{
diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h
index 143a3cf..6607f2d 100644
--- a/src/openvpn/openssl_compat.h
+++ b/src/openvpn/openssl_compat.h
@@ -194,12 +194,21 @@
LIBRESSL_VERSION_NUMBER > 0x3050400fL) */
#if OPENSSL_VERSION_NUMBER < 0x30200000L && OPENSSL_VERSION_NUMBER >= 0x30000000L
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline const char *
SSL_get0_group_name(SSL *s)
{
int nid = SSL_get_negotiated_group(s);
return SSL_group_to_name(s, nid);
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
#endif
#endif /* OPENSSL_COMPAT_H_ */
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index ae285d9..e47d54c 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -1158,6 +1158,11 @@
return get_ipv6_addr(ipv6_prefix_spec, &t_addr, &t_bits, M_WARN);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static char *
string_substitute(const char *src, int from, int to, struct gc_arena *gc)
{
@@ -9896,6 +9901,10 @@
gc_free(&gc);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
bool
has_udp_in_local_list(const struct options *options)
{
diff --git a/src/openvpn/options_util.c b/src/openvpn/options_util.c
index 5740ee5..a351967 100644
--- a/src/openvpn/options_util.c
+++ b/src/openvpn/options_util.c
@@ -162,6 +162,11 @@
return (int)i;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
atoi_constrained(const char *str, int *value, const char *name, int min, int max, int msglevel)
{
@@ -193,6 +198,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static const char *updatable_options[] = { "block-ipv6", "block-outside-dns",
"dhcp-option", "dns",
"ifconfig", "ifconfig-ipv6",
diff --git a/src/openvpn/otime.c b/src/openvpn/otime.c
index 717f749..d9bf157 100644
--- a/src/openvpn/otime.c
+++ b/src/openvpn/otime.c
@@ -100,6 +100,11 @@
/* format a time_t as ascii, or use current time if 0 */
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
const char *
time_string(time_t t, long usec, bool show_usec, struct gc_arena *gc)
{
@@ -130,6 +135,10 @@
return BSTR(&out);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* Limit the frequency of an event stream.
*
diff --git a/src/openvpn/otime.h b/src/openvpn/otime.h
index 5c700bb..108d0f2 100644
--- a/src/openvpn/otime.h
+++ b/src/openvpn/otime.h
@@ -59,6 +59,11 @@
extern time_t now_usec;
void update_now_usec(struct timeval *tv);
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline int
openvpn_gettimeofday(struct timeval *tv, void *tz)
{
@@ -236,6 +241,10 @@
dest->tv_usec = usec;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#define TV_WITHIN_SIGMA_MAX_SEC 600
#define TV_WITHIN_SIGMA_MAX_USEC (TV_WITHIN_SIGMA_MAX_SEC * 1000000)
diff --git a/src/openvpn/packet_id.c b/src/openvpn/packet_id.c
index 09696db..0b33c9c 100644
--- a/src/openvpn/packet_id.c
+++ b/src/openvpn/packet_id.c
@@ -71,6 +71,11 @@
#endif
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
packet_id_init_recv(struct packet_id_rec *rec, int seq_backtrack, int time_backtrack,
const char *name, int unit)
@@ -662,6 +667,10 @@
return epoch;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
bool
packet_id_write_epoch(struct packet_id_send *p, uint16_t epoch, struct buffer *buf)
{
diff --git a/src/openvpn/packet_id.h b/src/openvpn/packet_id.h
index a7eb256..e9d3647 100644
--- a/src/openvpn/packet_id.h
+++ b/src/openvpn/packet_id.h
@@ -280,6 +280,11 @@
return p->fd >= 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/* transfer packet_id -> packet_id_persist */
static inline void
packet_id_persist_save_obj(struct packet_id_persist *p, const struct packet_id *pid)
@@ -291,6 +296,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/**
* Reset the current send packet id to its initial state.
* Use very carefully (e.g. in the standalone reset packet context) to
diff --git a/src/openvpn/pkcs11.c b/src/openvpn/pkcs11.c
index dfc87f6..d9c16d9 100644
--- a/src/openvpn/pkcs11.c
+++ b/src/openvpn/pkcs11.c
@@ -53,6 +53,11 @@
}
#endif
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endi...
[truncated message content] |
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-09-15 14:37:10
|
Attention is currently required from: plaisthos.
Hello plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1168?usp=email
to look at the new patch set (#11).
Change subject: Enable -Wconversion -Wno-sign-conversion by default
......................................................................
Enable -Wconversion -Wno-sign-conversion by default
Grand-father all known locations of existing errors,
so that -Werror builds still pass and we do not spam
build logs.
Still, this should give us a much better roadmap to
work on these issues one by one while still enabling
the warnings for a lot of code-paths.
In general I did go for least amount of pragmas, so
usually there is only one override per file, covering
ALL of the failures in that file. While this protects
a lot of code that doesn't need it, it also cut down
the amount of pragmas by a lot.
This does cover gcc builds including mingw and clang
builds. Does not cover MSVC.
Once the amount of issues has been suitable reduced
more warnings could be enabled.
Change-Id: Iad5b00c35a1f1993b1fa99e8b945ab17b230ef59
Signed-off-by: Frank Lichtenheld <fr...@li...>
---
M CMakeLists.txt
M configure.ac
M src/openvpn/base64.c
M src/openvpn/comp-lz4.c
M src/openvpn/console_builtin.c
M src/openvpn/crypto.c
M src/openvpn/crypto_epoch.c
M src/openvpn/crypto_mbedtls.c
M src/openvpn/crypto_openssl.c
M src/openvpn/cryptoapi.c
M src/openvpn/dco.c
M src/openvpn/dco_freebsd.c
M src/openvpn/dco_linux.c
M src/openvpn/dco_win.c
M src/openvpn/dhcp.c
M src/openvpn/event.c
M src/openvpn/forward.c
M src/openvpn/gremlin.c
M src/openvpn/httpdigest.c
M src/openvpn/init.c
M src/openvpn/interval.c
M src/openvpn/lzo.c
M src/openvpn/manage.c
M src/openvpn/mbuf.c
M src/openvpn/misc.c
M src/openvpn/mroute.c
M src/openvpn/mss.c
M src/openvpn/mtcp.c
M src/openvpn/mtu.c
M src/openvpn/mudp.c
M src/openvpn/multi.c
M src/openvpn/networking_sitnl.c
M src/openvpn/ntlm.c
M src/openvpn/occ.c
M src/openvpn/openssl_compat.h
M src/openvpn/options.c
M src/openvpn/options_util.c
M src/openvpn/otime.c
M src/openvpn/otime.h
M src/openvpn/packet_id.c
M src/openvpn/packet_id.h
M src/openvpn/pkcs11.c
M src/openvpn/pkcs11_openssl.c
M src/openvpn/proxy.c
M src/openvpn/ps.c
M src/openvpn/push.c
M src/openvpn/push_util.c
M src/openvpn/reliable.c
M src/openvpn/route.c
M src/openvpn/schedule.c
M src/openvpn/socket.c
M src/openvpn/socks.c
M src/openvpn/ssl.c
M src/openvpn/ssl_mbedtls.c
M src/openvpn/ssl_ncp.c
M src/openvpn/ssl_openssl.c
M src/openvpn/ssl_pkt.c
M src/openvpn/ssl_util.c
M src/openvpn/ssl_verify.c
M src/openvpn/ssl_verify_mbedtls.c
M src/openvpn/ssl_verify_openssl.c
M src/openvpn/status.c
M src/openvpn/tls_crypt.c
M src/openvpn/tun.c
M src/openvpn/vlan.c
M src/openvpn/win32.c
M src/openvpnserv/interactive.c
M tests/unit_tests/openvpn/test_crypto.c
M tests/unit_tests/openvpn/test_misc.c
M tests/unit_tests/openvpn/test_ssl.c
70 files changed, 696 insertions(+), 4 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/68/1168/11
diff --git a/CMakeLists.txt b/CMakeLists.txt
index f027b01..51f4221 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -113,8 +113,7 @@
check_and_add_compiler_flag(-Wno-stringop-truncation NoStringOpTruncation)
check_and_add_compiler_flag(-Wstrict-prototypes StrictPrototypes)
check_and_add_compiler_flag(-Wold-style-definition OldStyleDefinition)
- # We are not ready for this
- #add_compile_options(-Wconversion -Wno-sign-conversion -Wsign-compare)
+ add_compile_options(-Wconversion -Wno-sign-conversion)
if (USE_WERROR)
add_compile_options(-Werror)
endif ()
diff --git a/configure.ac b/configure.ac
index 7059871..957205e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1396,6 +1396,7 @@
ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-stringop-truncation])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wstrict-prototypes])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wold-style-definition])
+ACL_CHECK_ADD_COMPILE_FLAGS([-Wconversion -Wno-sign-conversion])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wall])
if test "${enable_pedantic}" = "yes"; then
diff --git a/src/openvpn/base64.c b/src/openvpn/base64.c
index 54d5b79..2a5a46d 100644
--- a/src/openvpn/base64.c
+++ b/src/openvpn/base64.c
@@ -41,6 +41,11 @@
#include "memdbg.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static char base64_chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
/*
* base64 encode input data of length size to malloced
@@ -197,3 +202,7 @@
}
return q - (unsigned char *)data;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/comp-lz4.c b/src/openvpn/comp-lz4.c
index 6736469..a78c664 100644
--- a/src/openvpn/comp-lz4.c
+++ b/src/openvpn/comp-lz4.c
@@ -88,6 +88,11 @@
compv2_escape_data_ifneeded(buf);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
do_lz4_decompress(size_t zlen_max, struct buffer *work, struct buffer *buf,
struct compress_context *compctx)
@@ -113,6 +118,10 @@
*buf = *work;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
lz4_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx,
const struct frame *frame)
diff --git a/src/openvpn/console_builtin.c b/src/openvpn/console_builtin.c
index b0228dd..71c0025 100644
--- a/src/openvpn/console_builtin.c
+++ b/src/openvpn/console_builtin.c
@@ -45,6 +45,11 @@
#include "win32.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* Get input from a Windows console.
*
@@ -134,6 +139,10 @@
return false;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* _WIN32 */
@@ -264,6 +273,10 @@
return ret;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
/**
* @copydoc query_user_exec()
@@ -296,3 +309,7 @@
return ret;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 4c0f684..1535c78 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -186,6 +186,11 @@
return;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
openvpn_encrypt_v1(struct buffer *buf, struct buffer work, struct crypto_options *opt)
{
@@ -1532,6 +1537,10 @@
gc_free(&gc);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
write_key_file(const int nkeys, const char *filename)
{
diff --git a/src/openvpn/crypto_epoch.c b/src/openvpn/crypto_epoch.c
index b5cbc8d..7026ff8 100644
--- a/src/openvpn/crypto_epoch.c
+++ b/src/openvpn/crypto_epoch.c
@@ -72,6 +72,11 @@
hmac_ctx_free(hmac_ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
ovpn_expand_label(const uint8_t *secret, size_t secret_len, const uint8_t *label, size_t label_len,
const uint8_t *context, size_t context_len, uint8_t *out, uint16_t out_len)
@@ -163,6 +168,10 @@
key->epoch = epoch_key->epoch;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
epoch_init_send_key_ctx(struct crypto_options *co)
{
diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c
index 2423435..150c52e 100644
--- a/src/openvpn/crypto_mbedtls.c
+++ b/src/openvpn/crypto_mbedtls.c
@@ -230,6 +230,11 @@
"available\n");
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
crypto_pem_encode(const char *name, struct buffer *dst, const struct buffer *src,
struct gc_arena *gc)
@@ -760,7 +765,6 @@
return 1;
}
-
/*
*
* Generic message digest information functions
@@ -1119,4 +1123,9 @@
return true;
}
#endif /* HAVE_MBEDTLS_SSL_TLS_PRF && defined(MBEDTLS_SSL_TLS_PRF_TLS1) */
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* ENABLE_CRYPTO_MBEDTLS */
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index 98fe37f..dd592e7 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -895,6 +895,10 @@
return EVP_CIPHER_CTX_mode(ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
bool
cipher_ctx_mode_cbc(const cipher_ctx_t *ctx)
@@ -999,6 +1003,9 @@
return cipher_ctx_final(ctx, dst, dst_len);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
/*
*
@@ -1214,12 +1221,21 @@
HMAC_CTX_reset(ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
hmac_ctx_size(HMAC_CTX *ctx)
{
return HMAC_size(ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
hmac_ctx_reset(HMAC_CTX *ctx)
{
@@ -1398,6 +1414,11 @@
CRYPTO_tls1_prf(EVP_md5_sha1(), out1, olen, sec, slen, label, label_len, NULL, 0, NULL, 0);
}
#elif !defined(LIBRESSL_VERSION_NUMBER) && !defined(ENABLE_CRYPTO_WOLFSSL)
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
ssl_tls1_PRF(const uint8_t *seed, size_t seed_len, const uint8_t *secret, size_t secret_len,
uint8_t *output, size_t output_len)
@@ -1443,6 +1464,11 @@
EVP_PKEY_CTX_free(pctx);
return ret;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#else /* if defined(LIBRESSL_VERSION_NUMBER) */
/* LibreSSL and wolfSSL do not expose a TLS 1.0/1.1 PRF via the same APIs as
* OpenSSL does. As result they will only be able to support
diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c
index d91d9a1..bba6ed2 100644
--- a/src/openvpn/cryptoapi.c
+++ b/src/openvpn/cryptoapi.c
@@ -62,7 +62,7 @@
return 0;
}
-#else /* HAVE_XKEY_PROVIDER */
+#else /* HAVE_XKEY_PROVIDER */
static XKEY_EXTERNAL_SIGN_fn xkey_cng_sign;
@@ -342,6 +342,11 @@
return rv;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/** Sign hash in tbs using EC key in cd and NCryptSignHash */
static int
xkey_cng_ec_sign(CAPI_DATA *cd, unsigned char *sig, size_t *siglen, const unsigned char *tbs,
@@ -438,6 +443,10 @@
return (*siglen > 0);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/** Dispatch sign op to xkey_cng_<rsa/ec>_sign */
static int
xkey_cng_sign(void *handle, unsigned char *sig, size_t *siglen, const unsigned char *tbs,
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 70a8c0a..823b4f9 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -491,6 +491,11 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
dco_p2p_add_new_peer(struct context *c)
{
@@ -645,6 +650,10 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
dco_install_iroute(struct multi_context *m, struct multi_instance *mi, struct mroute_addr *addr)
{
diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c
index 65303cd..56a774d 100644
--- a/src/openvpn/dco_freebsd.c
+++ b/src/openvpn/dco_freebsd.c
@@ -72,6 +72,11 @@
return (nvl);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static bool
nvlist_to_sockaddr(const nvlist_t *nvl, struct sockaddr_storage *ss)
{
@@ -854,6 +859,10 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err)
{
diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c
index 40674e7..3b08f33 100644
--- a/src/openvpn/dco_linux.c
+++ b/src/openvpn/dco_linux.c
@@ -62,6 +62,11 @@
typedef int (*ovpn_nl_cb)(struct nl_msg *msg, void *arg);
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* @brief resolves the netlink ID for ovpn-dco
*
@@ -1298,4 +1303,8 @@
return "AES-128-GCM:AES-256-GCM:AES-192-GCM:CHACHA20-POLY1305";
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* defined(ENABLE_DCO) && defined(TARGET_LINUX) */
diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c
index 01ba017..1dc5cf8 100644
--- a/src/openvpn/dco_win.c
+++ b/src/openvpn/dco_win.c
@@ -525,6 +525,11 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
dco_new_key(dco_context_t *dco, unsigned int peerid, int keyid, dco_key_slot_t slot,
const uint8_t *encrypt_key, const uint8_t *encrypt_iv, const uint8_t *decrypt_key,
@@ -564,6 +569,11 @@
}
return 0;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
dco_del_key(dco_context_t *dco, unsigned int peerid, dco_key_slot_t slot)
{
diff --git a/src/openvpn/dhcp.c b/src/openvpn/dhcp.c
index 7abade5..38e8d40 100644
--- a/src/openvpn/dhcp.c
+++ b/src/openvpn/dhcp.c
@@ -72,6 +72,11 @@
return -1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static in_addr_t
do_extract(struct dhcp *dhcp, int optlen)
{
@@ -185,3 +190,7 @@
}
return 0;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/event.c b/src/openvpn/event.c
index 581bdbb..2f60b78 100644
--- a/src/openvpn/event.c
+++ b/src/openvpn/event.c
@@ -65,6 +65,11 @@
#define SELECT_MAX_FDS 256
#endif
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline int
tv_to_ms_timeout(const struct timeval *tv)
{
@@ -78,6 +83,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#ifdef _WIN32
struct we_set
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 5d22fa3..e82b544 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -367,6 +367,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
send_control_channel_string_dowork(struct tls_session *session, const char *str, int msglevel)
{
@@ -1965,6 +1970,10 @@
perf_pop();
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
pre_select(struct context *c)
{
diff --git a/src/openvpn/gremlin.c b/src/openvpn/gremlin.c
index e6ebbef..0e5e93f 100644
--- a/src/openvpn/gremlin.c
+++ b/src/openvpn/gremlin.c
@@ -98,6 +98,11 @@
return (get_random() % n) == 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Return uniformly distributed random number between
* low and high.
@@ -229,4 +234,9 @@
}
}
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* ifdef ENABLE_DEBUG */
diff --git a/src/openvpn/httpdigest.c b/src/openvpn/httpdigest.c
index be20638..f665b17 100644
--- a/src/openvpn/httpdigest.c
+++ b/src/openvpn/httpdigest.c
@@ -61,6 +61,11 @@
Hex[HASHHEXLEN] = '\0';
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/* calculate H(A1) as per spec */
void
DigestCalcHA1(IN char *pszAlg, IN char *pszUserName, IN char *pszRealm, IN char *pszPassword,
@@ -145,4 +150,8 @@
CvtHex(RespHash, Response);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* if PROXY_DIGEST_AUTH */
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 2821cd4..24aebc0 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -455,6 +455,11 @@
}
#endif /* ENABLE_MANAGEMENT */
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Initialize and possibly randomize the connection list.
*
@@ -3490,6 +3495,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* No encryption or authentication.
*/
diff --git a/src/openvpn/interval.c b/src/openvpn/interval.c
index 2b35314..fbefcd9 100644
--- a/src/openvpn/interval.c
+++ b/src/openvpn/interval.c
@@ -38,6 +38,11 @@
top->horizon = horizon;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
event_timeout_trigger(struct event_timeout *et, struct timeval *tv, const int et_const_retry)
{
@@ -77,3 +82,7 @@
}
return ret;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/lzo.c b/src/openvpn/lzo.c
index 3a73d5f..8daaec0 100644
--- a/src/openvpn/lzo.c
+++ b/src/openvpn/lzo.c
@@ -72,6 +72,11 @@
*header = NO_COMPRESS_BYTE;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
lzo_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx,
const struct frame *frame)
@@ -121,6 +126,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
const struct compress_alg lzo_alg = { "lzo", lzo_compress_init, lzo_compress_uninit, lzo_compress,
lzo_decompress };
#endif /* ENABLE_LZO */
diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index 4decdfe..4f37bd2 100644
--- a/src/openvpn/manage.c
+++ b/src/openvpn/manage.c
@@ -206,6 +206,11 @@
return man->settings.up.defined && !man->connection.password_verified;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
man_check_password(struct management *man, const char *line)
{
@@ -236,6 +241,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
man_update_io_state(struct management *man)
{
@@ -2305,6 +2314,11 @@
#endif /* ifdef TARGET_ANDROID */
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static int
man_read(struct management *man)
{
@@ -2442,6 +2456,10 @@
return sent;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
man_connection_clear(struct man_connection *mc)
{
diff --git a/src/openvpn/mbuf.c b/src/openvpn/mbuf.c
index 0750fec..448124c 100644
--- a/src/openvpn/mbuf.c
+++ b/src/openvpn/mbuf.c
@@ -34,6 +34,11 @@
#include "memdbg.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
struct mbuf_set *
mbuf_init(unsigned int size)
{
@@ -44,6 +49,10 @@
return ret;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
mbuf_free(struct mbuf_set *ms)
{
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index 59bf52b..e24d441 100644
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -72,6 +72,11 @@
#endif
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
#ifdef ENABLE_MANAGEMENT
/* Get username/password from the management interface */
static bool
@@ -461,6 +466,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
purge_user_pass(struct user_pass *up, const bool force)
{
diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c
index ab01874..88ea647 100644
--- a/src/openvpn/mroute.c
+++ b/src/openvpn/mroute.c
@@ -103,6 +103,11 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline void
mroute_get_in_addr_t(struct mroute_addr *ma, const in_addr_t src, unsigned int mask)
{
@@ -547,6 +552,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
mroute_helper_free(struct mroute_helper *mh)
{
diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c
index 32cd3f8..e7111a8 100644
--- a/src/openvpn/mss.c
+++ b/src/openvpn/mss.c
@@ -130,6 +130,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* change TCP MSS option in SYN/SYN-ACK packets, if present
* this is generic for IPv4 and IPv6, as the TCP header is the same
@@ -199,6 +204,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static inline size_t
adjust_payload_max_cbc(const struct key_type *kt, size_t target)
{
diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c
index 81310a2..83edec6 100644
--- a/src/openvpn/mtcp.c
+++ b/src/openvpn/mtcp.c
@@ -45,6 +45,11 @@
unsigned int sock;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
struct multi_instance *
multi_create_instance_tcp(struct multi_context *m, struct link_socket *sock)
{
@@ -120,6 +125,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
multi_tcp_instance_specific_free(struct multi_instance *mi)
{
diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c
index a419e32..1e021e3 100644
--- a/src/openvpn/mtu.c
+++ b/src/openvpn/mtu.c
@@ -280,6 +280,11 @@
struct timeval tv;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
const char *
format_extended_socket_error(int fd, int *mtu, struct gc_arena *gc)
{
@@ -389,6 +394,10 @@
return BSTR(&out);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
set_sock_extended_error_passing(int sd, sa_family_t proto_af)
{
diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c
index 31134be..a373a6a 100644
--- a/src/openvpn/mudp.c
+++ b/src/openvpn/mudp.c
@@ -180,6 +180,11 @@
return false;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Get a client instance based on real address. If
* the instance doesn't exist, create it while
@@ -310,6 +315,10 @@
return mi;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* Send a packet to UDP socket.
*/
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index 6e4cc42..579eeea 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -262,6 +262,11 @@
#endif
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
#ifdef ENABLE_ASYNC_PUSH
static uint32_t
/*
@@ -3988,6 +3993,10 @@
return count;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
management_delete_event(void *arg, event_t event)
{
diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c
index 4210e92..168401f 100644
--- a/src/openvpn/networking_sitnl.c
+++ b/src/openvpn/networking_sitnl.c
@@ -130,6 +130,11 @@
inet_address_t gw;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* Helper function used to easily add attributes to a rtnl message
*/
@@ -1461,6 +1466,10 @@
return sitnl_send(&req.n, 0, 0, NULL, NULL);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* !ENABLE_SITNL */
#endif /* TARGET_LINUX */
diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c
index c2a93e8..521677b 100644
--- a/src/openvpn/ntlm.c
+++ b/src/openvpn/ntlm.c
@@ -74,6 +74,11 @@
hmac_ctx_free(hmac_ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
gen_timestamp(uint8_t *timestamp)
{
@@ -383,4 +388,8 @@
return ((const char *)make_base64_string2((unsigned char *)phase3, phase3_bufpos, gc));
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
#endif /* if NTLM */
diff --git a/src/openvpn/occ.c b/src/openvpn/occ.c
index 8821a06..78013ae 100644
--- a/src/openvpn/occ.c
+++ b/src/openvpn/occ.c
@@ -174,6 +174,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
void
check_send_occ_load_test_dowork(struct context *c)
{
@@ -347,6 +352,10 @@
c->c2.occ_op = -1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
process_received_occ_msg(struct context *c)
{
diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h
index 143a3cf..6607f2d 100644
--- a/src/openvpn/openssl_compat.h
+++ b/src/openvpn/openssl_compat.h
@@ -194,12 +194,21 @@
LIBRESSL_VERSION_NUMBER > 0x3050400fL) */
#if OPENSSL_VERSION_NUMBER < 0x30200000L && OPENSSL_VERSION_NUMBER >= 0x30000000L
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline const char *
SSL_get0_group_name(SSL *s)
{
int nid = SSL_get_negotiated_group(s);
return SSL_group_to_name(s, nid);
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
#endif
#endif /* OPENSSL_COMPAT_H_ */
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index ae285d9..e47d54c 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -1158,6 +1158,11 @@
return get_ipv6_addr(ipv6_prefix_spec, &t_addr, &t_bits, M_WARN);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static char *
string_substitute(const char *src, int from, int to, struct gc_arena *gc)
{
@@ -9896,6 +9901,10 @@
gc_free(&gc);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
bool
has_udp_in_local_list(const struct options *options)
{
diff --git a/src/openvpn/options_util.c b/src/openvpn/options_util.c
index 5740ee5..a351967 100644
--- a/src/openvpn/options_util.c
+++ b/src/openvpn/options_util.c
@@ -162,6 +162,11 @@
return (int)i;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
atoi_constrained(const char *str, int *value, const char *name, int min, int max, int msglevel)
{
@@ -193,6 +198,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static const char *updatable_options[] = { "block-ipv6", "block-outside-dns",
"dhcp-option", "dns",
"ifconfig", "ifconfig-ipv6",
diff --git a/src/openvpn/otime.c b/src/openvpn/otime.c
index 717f749..d9bf157 100644
--- a/src/openvpn/otime.c
+++ b/src/openvpn/otime.c
@@ -100,6 +100,11 @@
/* format a time_t as ascii, or use current time if 0 */
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
const char *
time_string(time_t t, long usec, bool show_usec, struct gc_arena *gc)
{
@@ -130,6 +135,10 @@
return BSTR(&out);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* Limit the frequency of an event stream.
*
diff --git a/src/openvpn/otime.h b/src/openvpn/otime.h
index 5c700bb..108d0f2 100644
--- a/src/openvpn/otime.h
+++ b/src/openvpn/otime.h
@@ -59,6 +59,11 @@
extern time_t now_usec;
void update_now_usec(struct timeval *tv);
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline int
openvpn_gettimeofday(struct timeval *tv, void *tz)
{
@@ -236,6 +241,10 @@
dest->tv_usec = usec;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#define TV_WITHIN_SIGMA_MAX_SEC 600
#define TV_WITHIN_SIGMA_MAX_USEC (TV_WITHIN_SIGMA_MAX_SEC * 1000000)
diff --git a/src/openvpn/packet_id.c b/src/openvpn/packet_id.c
index 09696db..0b33c9c 100644
--- a/src/openvpn/packet_id.c
+++ b/src/openvpn/packet_id.c
@@ -71,6 +71,11 @@
#endif
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
packet_id_init_recv(struct packet_id_rec *rec, int seq_backtrack, int time_backtrack,
const char *name, int unit)
@@ -662,6 +667,10 @@
return epoch;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
bool
packet_id_write_epoch(struct packet_id_send *p, uint16_t epoch, struct buffer *buf)
{
dif...
[truncated message content] |
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-09-22 15:58:28
|
Attention is currently required from: plaisthos.
Hello plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1168?usp=email
to look at the new patch set (#12).
Change subject: Enable -Wconversion -Wno-sign-conversion by default
......................................................................
Enable -Wconversion -Wno-sign-conversion by default
Grand-father all known locations of existing errors,
so that -Werror builds still pass and we do not spam
build logs.
Still, this should give us a much better roadmap to
work on these issues one by one while still enabling
the warnings for a lot of code-paths.
In general I did go for least amount of pragmas, so
usually there is only one override per file, covering
ALL of the failures in that file. While this protects
a lot of code that doesn't need it, it also cut down
the amount of pragmas by a lot.
This does cover gcc builds including mingw and clang
builds. Does not cover MSVC.
Once the amount of issues has been suitable reduced
more warnings could be enabled.
Change-Id: Iad5b00c35a1f1993b1fa99e8b945ab17b230ef59
Signed-off-by: Frank Lichtenheld <fr...@li...>
---
M CMakeLists.txt
M configure.ac
M src/openvpn/base64.c
M src/openvpn/comp-lz4.c
M src/openvpn/console_builtin.c
M src/openvpn/crypto.c
M src/openvpn/crypto_epoch.c
M src/openvpn/crypto_mbedtls.c
M src/openvpn/crypto_openssl.c
M src/openvpn/cryptoapi.c
M src/openvpn/dco.c
M src/openvpn/dco_freebsd.c
M src/openvpn/dco_linux.c
M src/openvpn/dco_win.c
M src/openvpn/dhcp.c
M src/openvpn/event.c
M src/openvpn/forward.c
M src/openvpn/gremlin.c
M src/openvpn/httpdigest.c
M src/openvpn/init.c
M src/openvpn/interval.c
M src/openvpn/lzo.c
M src/openvpn/manage.c
M src/openvpn/mbuf.c
M src/openvpn/misc.c
M src/openvpn/mroute.c
M src/openvpn/mss.c
M src/openvpn/mtcp.c
M src/openvpn/mtu.c
M src/openvpn/mudp.c
M src/openvpn/multi.c
M src/openvpn/networking_sitnl.c
M src/openvpn/ntlm.c
M src/openvpn/occ.c
M src/openvpn/openssl_compat.h
M src/openvpn/options.c
M src/openvpn/options_util.c
M src/openvpn/otime.c
M src/openvpn/otime.h
M src/openvpn/packet_id.c
M src/openvpn/packet_id.h
M src/openvpn/pkcs11.c
M src/openvpn/pkcs11_openssl.c
M src/openvpn/proxy.c
M src/openvpn/ps.c
M src/openvpn/push.c
M src/openvpn/push_util.c
M src/openvpn/reliable.c
M src/openvpn/route.c
M src/openvpn/schedule.c
M src/openvpn/socket.c
M src/openvpn/socks.c
M src/openvpn/ssl.c
M src/openvpn/ssl_mbedtls.c
M src/openvpn/ssl_ncp.c
M src/openvpn/ssl_openssl.c
M src/openvpn/ssl_pkt.c
M src/openvpn/ssl_util.c
M src/openvpn/ssl_verify.c
M src/openvpn/ssl_verify_mbedtls.c
M src/openvpn/ssl_verify_openssl.c
M src/openvpn/status.c
M src/openvpn/tls_crypt.c
M src/openvpn/tun.c
M src/openvpn/vlan.c
M src/openvpn/win32.c
M src/openvpnserv/interactive.c
M tests/unit_tests/openvpn/test_crypto.c
M tests/unit_tests/openvpn/test_ssl.c
69 files changed, 687 insertions(+), 4 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/68/1168/12
diff --git a/CMakeLists.txt b/CMakeLists.txt
index f027b01..51f4221 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -113,8 +113,7 @@
check_and_add_compiler_flag(-Wno-stringop-truncation NoStringOpTruncation)
check_and_add_compiler_flag(-Wstrict-prototypes StrictPrototypes)
check_and_add_compiler_flag(-Wold-style-definition OldStyleDefinition)
- # We are not ready for this
- #add_compile_options(-Wconversion -Wno-sign-conversion -Wsign-compare)
+ add_compile_options(-Wconversion -Wno-sign-conversion)
if (USE_WERROR)
add_compile_options(-Werror)
endif ()
diff --git a/configure.ac b/configure.ac
index 38b14a1..d3f6c5e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1397,6 +1397,7 @@
ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-stringop-truncation])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wstrict-prototypes])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wold-style-definition])
+ACL_CHECK_ADD_COMPILE_FLAGS([-Wconversion -Wno-sign-conversion])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wall])
if test "${enable_pedantic}" = "yes"; then
diff --git a/src/openvpn/base64.c b/src/openvpn/base64.c
index 54d5b79..2a5a46d 100644
--- a/src/openvpn/base64.c
+++ b/src/openvpn/base64.c
@@ -41,6 +41,11 @@
#include "memdbg.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static char base64_chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
/*
* base64 encode input data of length size to malloced
@@ -197,3 +202,7 @@
}
return q - (unsigned char *)data;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/comp-lz4.c b/src/openvpn/comp-lz4.c
index 6736469..a78c664 100644
--- a/src/openvpn/comp-lz4.c
+++ b/src/openvpn/comp-lz4.c
@@ -88,6 +88,11 @@
compv2_escape_data_ifneeded(buf);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
do_lz4_decompress(size_t zlen_max, struct buffer *work, struct buffer *buf,
struct compress_context *compctx)
@@ -113,6 +118,10 @@
*buf = *work;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
lz4_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx,
const struct frame *frame)
diff --git a/src/openvpn/console_builtin.c b/src/openvpn/console_builtin.c
index b0228dd..71c0025 100644
--- a/src/openvpn/console_builtin.c
+++ b/src/openvpn/console_builtin.c
@@ -45,6 +45,11 @@
#include "win32.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* Get input from a Windows console.
*
@@ -134,6 +139,10 @@
return false;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* _WIN32 */
@@ -264,6 +273,10 @@
return ret;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
/**
* @copydoc query_user_exec()
@@ -296,3 +309,7 @@
return ret;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index ec7da43..6376c11 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -186,6 +186,11 @@
return;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
openvpn_encrypt_v1(struct buffer *buf, struct buffer work, struct crypto_options *opt)
{
@@ -1532,6 +1537,10 @@
gc_free(&gc);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
write_key_file(const int nkeys, const char *filename)
{
diff --git a/src/openvpn/crypto_epoch.c b/src/openvpn/crypto_epoch.c
index b5cbc8d..7026ff8 100644
--- a/src/openvpn/crypto_epoch.c
+++ b/src/openvpn/crypto_epoch.c
@@ -72,6 +72,11 @@
hmac_ctx_free(hmac_ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
ovpn_expand_label(const uint8_t *secret, size_t secret_len, const uint8_t *label, size_t label_len,
const uint8_t *context, size_t context_len, uint8_t *out, uint16_t out_len)
@@ -163,6 +168,10 @@
key->epoch = epoch_key->epoch;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
epoch_init_send_key_ctx(struct crypto_options *co)
{
diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c
index 2bab312..076d4ee 100644
--- a/src/openvpn/crypto_mbedtls.c
+++ b/src/openvpn/crypto_mbedtls.c
@@ -230,6 +230,11 @@
"available\n");
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
crypto_pem_encode(const char *name, struct buffer *dst, const struct buffer *src,
struct gc_arena *gc)
@@ -760,7 +765,6 @@
return 1;
}
-
/*
*
* Generic message digest information functions
@@ -1119,4 +1123,9 @@
return true;
}
#endif /* HAVE_MBEDTLS_SSL_TLS_PRF && defined(MBEDTLS_SSL_TLS_PRF_TLS1) */
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* ENABLE_CRYPTO_MBEDTLS */
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index 1f95fba..ca57de8 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -895,6 +895,10 @@
return EVP_CIPHER_CTX_mode(ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
bool
cipher_ctx_mode_cbc(const cipher_ctx_t *ctx)
@@ -999,6 +1003,9 @@
return cipher_ctx_final(ctx, dst, dst_len);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
/*
*
@@ -1214,12 +1221,21 @@
HMAC_CTX_reset(ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
hmac_ctx_size(HMAC_CTX *ctx)
{
return HMAC_size(ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
hmac_ctx_reset(HMAC_CTX *ctx)
{
@@ -1398,6 +1414,11 @@
CRYPTO_tls1_prf(EVP_md5_sha1(), out1, olen, sec, slen, label, label_len, NULL, 0, NULL, 0);
}
#elif !defined(LIBRESSL_VERSION_NUMBER) && !defined(ENABLE_CRYPTO_WOLFSSL)
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
ssl_tls1_PRF(const uint8_t *seed, size_t seed_len, const uint8_t *secret, size_t secret_len,
uint8_t *output, size_t output_len)
@@ -1443,6 +1464,11 @@
EVP_PKEY_CTX_free(pctx);
return ret;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#else /* if defined(LIBRESSL_VERSION_NUMBER) */
/* LibreSSL and wolfSSL do not expose a TLS 1.0/1.1 PRF via the same APIs as
* OpenSSL does. As result they will only be able to support
diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c
index d91d9a1..bba6ed2 100644
--- a/src/openvpn/cryptoapi.c
+++ b/src/openvpn/cryptoapi.c
@@ -62,7 +62,7 @@
return 0;
}
-#else /* HAVE_XKEY_PROVIDER */
+#else /* HAVE_XKEY_PROVIDER */
static XKEY_EXTERNAL_SIGN_fn xkey_cng_sign;
@@ -342,6 +342,11 @@
return rv;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/** Sign hash in tbs using EC key in cd and NCryptSignHash */
static int
xkey_cng_ec_sign(CAPI_DATA *cd, unsigned char *sig, size_t *siglen, const unsigned char *tbs,
@@ -438,6 +443,10 @@
return (*siglen > 0);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/** Dispatch sign op to xkey_cng_<rsa/ec>_sign */
static int
xkey_cng_sign(void *handle, unsigned char *sig, size_t *siglen, const unsigned char *tbs,
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 881459c..2cf90af 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -491,6 +491,11 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
dco_p2p_add_new_peer(struct context *c)
{
@@ -645,6 +650,10 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
dco_install_iroute(struct multi_context *m, struct multi_instance *mi, struct mroute_addr *addr)
{
diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c
index d5ca277..b9f6bc7 100644
--- a/src/openvpn/dco_freebsd.c
+++ b/src/openvpn/dco_freebsd.c
@@ -72,6 +72,11 @@
return (nvl);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static bool
nvlist_to_sockaddr(const nvlist_t *nvl, struct sockaddr_storage *ss)
{
@@ -854,6 +859,10 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err)
{
diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c
index d8357ca..395a38f 100644
--- a/src/openvpn/dco_linux.c
+++ b/src/openvpn/dco_linux.c
@@ -62,6 +62,11 @@
typedef int (*ovpn_nl_cb)(struct nl_msg *msg, void *arg);
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* @brief resolves the netlink ID for ovpn-dco
*
@@ -1298,4 +1303,8 @@
return "AES-128-GCM:AES-256-GCM:AES-192-GCM:CHACHA20-POLY1305";
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* defined(ENABLE_DCO) && defined(TARGET_LINUX) */
diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c
index 2d08ed8..9e52859 100644
--- a/src/openvpn/dco_win.c
+++ b/src/openvpn/dco_win.c
@@ -525,6 +525,11 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
dco_new_key(dco_context_t *dco, unsigned int peerid, int keyid, dco_key_slot_t slot,
const uint8_t *encrypt_key, const uint8_t *encrypt_iv, const uint8_t *decrypt_key,
@@ -564,6 +569,11 @@
}
return 0;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
dco_del_key(dco_context_t *dco, unsigned int peerid, dco_key_slot_t slot)
{
diff --git a/src/openvpn/dhcp.c b/src/openvpn/dhcp.c
index 7abade5..38e8d40 100644
--- a/src/openvpn/dhcp.c
+++ b/src/openvpn/dhcp.c
@@ -72,6 +72,11 @@
return -1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static in_addr_t
do_extract(struct dhcp *dhcp, int optlen)
{
@@ -185,3 +190,7 @@
}
return 0;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/event.c b/src/openvpn/event.c
index 581bdbb..2f60b78 100644
--- a/src/openvpn/event.c
+++ b/src/openvpn/event.c
@@ -65,6 +65,11 @@
#define SELECT_MAX_FDS 256
#endif
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline int
tv_to_ms_timeout(const struct timeval *tv)
{
@@ -78,6 +83,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#ifdef _WIN32
struct we_set
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 12dd6a7..f342958 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -367,6 +367,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
send_control_channel_string_dowork(struct tls_session *session, const char *str,
msglvl_t msglevel)
@@ -1966,6 +1971,10 @@
perf_pop();
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
pre_select(struct context *c)
{
diff --git a/src/openvpn/gremlin.c b/src/openvpn/gremlin.c
index e6ebbef..0e5e93f 100644
--- a/src/openvpn/gremlin.c
+++ b/src/openvpn/gremlin.c
@@ -98,6 +98,11 @@
return (get_random() % n) == 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Return uniformly distributed random number between
* low and high.
@@ -229,4 +234,9 @@
}
}
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* ifdef ENABLE_DEBUG */
diff --git a/src/openvpn/httpdigest.c b/src/openvpn/httpdigest.c
index be20638..f665b17 100644
--- a/src/openvpn/httpdigest.c
+++ b/src/openvpn/httpdigest.c
@@ -61,6 +61,11 @@
Hex[HASHHEXLEN] = '\0';
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/* calculate H(A1) as per spec */
void
DigestCalcHA1(IN char *pszAlg, IN char *pszUserName, IN char *pszRealm, IN char *pszPassword,
@@ -145,4 +150,8 @@
CvtHex(RespHash, Response);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* if PROXY_DIGEST_AUTH */
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 0d7a2ec..f8a0fee 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -455,6 +455,11 @@
}
#endif /* ENABLE_MANAGEMENT */
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Initialize and possibly randomize the connection list.
*
@@ -3490,6 +3495,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* No encryption or authentication.
*/
diff --git a/src/openvpn/interval.c b/src/openvpn/interval.c
index 2b35314..fbefcd9 100644
--- a/src/openvpn/interval.c
+++ b/src/openvpn/interval.c
@@ -38,6 +38,11 @@
top->horizon = horizon;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
event_timeout_trigger(struct event_timeout *et, struct timeval *tv, const int et_const_retry)
{
@@ -77,3 +82,7 @@
}
return ret;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/lzo.c b/src/openvpn/lzo.c
index 3a73d5f..8daaec0 100644
--- a/src/openvpn/lzo.c
+++ b/src/openvpn/lzo.c
@@ -72,6 +72,11 @@
*header = NO_COMPRESS_BYTE;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
lzo_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx,
const struct frame *frame)
@@ -121,6 +126,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
const struct compress_alg lzo_alg = { "lzo", lzo_compress_init, lzo_compress_uninit, lzo_compress,
lzo_decompress };
#endif /* ENABLE_LZO */
diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index c675e95..5a41a0f 100644
--- a/src/openvpn/manage.c
+++ b/src/openvpn/manage.c
@@ -206,6 +206,11 @@
return man->settings.up.defined && !man->connection.password_verified;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
man_check_password(struct management *man, const char *line)
{
@@ -236,6 +241,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
man_update_io_state(struct management *man)
{
@@ -2305,6 +2314,11 @@
#endif /* ifdef TARGET_ANDROID */
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static int
man_read(struct management *man)
{
@@ -2442,6 +2456,10 @@
return sent;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
man_connection_clear(struct man_connection *mc)
{
diff --git a/src/openvpn/mbuf.c b/src/openvpn/mbuf.c
index 0750fec..448124c 100644
--- a/src/openvpn/mbuf.c
+++ b/src/openvpn/mbuf.c
@@ -34,6 +34,11 @@
#include "memdbg.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
struct mbuf_set *
mbuf_init(unsigned int size)
{
@@ -44,6 +49,10 @@
return ret;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
mbuf_free(struct mbuf_set *ms)
{
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index 59bf52b..e24d441 100644
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -72,6 +72,11 @@
#endif
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
#ifdef ENABLE_MANAGEMENT
/* Get username/password from the management interface */
static bool
@@ -461,6 +466,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
purge_user_pass(struct user_pass *up, const bool force)
{
diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c
index ab01874..88ea647 100644
--- a/src/openvpn/mroute.c
+++ b/src/openvpn/mroute.c
@@ -103,6 +103,11 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline void
mroute_get_in_addr_t(struct mroute_addr *ma, const in_addr_t src, unsigned int mask)
{
@@ -547,6 +552,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
mroute_helper_free(struct mroute_helper *mh)
{
diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c
index 32cd3f8..e7111a8 100644
--- a/src/openvpn/mss.c
+++ b/src/openvpn/mss.c
@@ -130,6 +130,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* change TCP MSS option in SYN/SYN-ACK packets, if present
* this is generic for IPv4 and IPv6, as the TCP header is the same
@@ -199,6 +204,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static inline size_t
adjust_payload_max_cbc(const struct key_type *kt, size_t target)
{
diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c
index 81310a2..83edec6 100644
--- a/src/openvpn/mtcp.c
+++ b/src/openvpn/mtcp.c
@@ -45,6 +45,11 @@
unsigned int sock;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
struct multi_instance *
multi_create_instance_tcp(struct multi_context *m, struct link_socket *sock)
{
@@ -120,6 +125,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
multi_tcp_instance_specific_free(struct multi_instance *mi)
{
diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c
index 9c1a772..66f81a6 100644
--- a/src/openvpn/mtu.c
+++ b/src/openvpn/mtu.c
@@ -280,6 +280,11 @@
struct timeval tv;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
const char *
format_extended_socket_error(int fd, int *mtu, struct gc_arena *gc)
{
@@ -389,6 +394,10 @@
return BSTR(&out);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
set_sock_extended_error_passing(int sd, sa_family_t proto_af)
{
diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c
index 31134be..a373a6a 100644
--- a/src/openvpn/mudp.c
+++ b/src/openvpn/mudp.c
@@ -180,6 +180,11 @@
return false;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Get a client instance based on real address. If
* the instance doesn't exist, create it while
@@ -310,6 +315,10 @@
return mi;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* Send a packet to UDP socket.
*/
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index 9256127..777c62e 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -256,6 +256,11 @@
#endif
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
#ifdef ENABLE_ASYNC_PUSH
static uint32_t
/*
@@ -3982,6 +3987,10 @@
return count;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
management_delete_event(void *arg, event_t event)
{
diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c
index 00d6106..1815faf 100644
--- a/src/openvpn/networking_sitnl.c
+++ b/src/openvpn/networking_sitnl.c
@@ -131,6 +131,11 @@
inet_address_t gw;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* Helper function used to easily add attributes to a rtnl message
*/
@@ -1469,6 +1474,10 @@
return sitnl_send(&req.n, 0, 0, NULL, NULL);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* !ENABLE_SITNL */
#endif /* TARGET_LINUX */
diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c
index c2a93e8..521677b 100644
--- a/src/openvpn/ntlm.c
+++ b/src/openvpn/ntlm.c
@@ -74,6 +74,11 @@
hmac_ctx_free(hmac_ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
gen_timestamp(uint8_t *timestamp)
{
@@ -383,4 +388,8 @@
return ((const char *)make_base64_string2((unsigned char *)phase3, phase3_bufpos, gc));
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
#endif /* if NTLM */
diff --git a/src/openvpn/occ.c b/src/openvpn/occ.c
index 8821a06..78013ae 100644
--- a/src/openvpn/occ.c
+++ b/src/openvpn/occ.c
@@ -174,6 +174,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
void
check_send_occ_load_test_dowork(struct context *c)
{
@@ -347,6 +352,10 @@
c->c2.occ_op = -1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
process_received_occ_msg(struct context *c)
{
diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h
index 6fd7390..e3e7cf8 100644
--- a/src/openvpn/openssl_compat.h
+++ b/src/openvpn/openssl_compat.h
@@ -194,12 +194,21 @@
LIBRESSL_VERSION_NUMBER > 0x3050400fL) */
#if OPENSSL_VERSION_NUMBER < 0x30200000L && OPENSSL_VERSION_NUMBER >= 0x30000000L
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline const char *
SSL_get0_group_name(SSL *s)
{
int nid = SSL_get_negotiated_group(s);
return SSL_group_to_name(s, nid);
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
#endif
#endif /* OPENSSL_COMPAT_H_ */
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 151a016..f801743 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -1158,6 +1158,11 @@
return get_ipv6_addr(ipv6_prefix_spec, &t_addr, &t_bits, M_WARN);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static char *
string_substitute(const char *src, int from, int to, struct gc_arena *gc)
{
@@ -9900,6 +9905,10 @@
gc_free(&gc);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
bool
has_udp_in_local_list(const struct options *options)
{
diff --git a/src/openvpn/options_util.c b/src/openvpn/options_util.c
index fdc0c55..8a1c083 100644
--- a/src/openvpn/options_util.c
+++ b/src/openvpn/options_util.c
@@ -162,6 +162,11 @@
return (int)i;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
atoi_constrained(const char *str, int *value, const char *name, int min, int max, msglvl_t msglevel)
{
@@ -193,6 +198,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static const char *updatable_options[] = { "block-ipv6", "block-outside-dns",
"dhcp-option", "dns",
"ifconfig", "ifconfig-ipv6",
diff --git a/src/openvpn/otime.c b/src/openvpn/otime.c
index 717f749..d9bf157 100644
--- a/src/openvpn/otime.c
+++ b/src/openvpn/otime.c
@@ -100,6 +100,11 @@
/* format a time_t as ascii, or use current time if 0 */
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
const char *
time_string(time_t t, long usec, bool show_usec, struct gc_arena *gc)
{
@@ -130,6 +135,10 @@
return BSTR(&out);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* Limit the frequency of an event stream.
*
diff --git a/src/openvpn/otime.h b/src/openvpn/otime.h
index 5c700bb..108d0f2 100644
--- a/src/openvpn/otime.h
+++ b/src/openvpn/otime.h
@@ -59,6 +59,11 @@
extern time_t now_usec;
void update_now_usec(struct timeval *tv);
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline int
openvpn_gettimeofday(struct timeval *tv, void *tz)
{
@@ -236,6 +241,10 @@
dest->tv_usec = usec;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#define TV_WITHIN_SIGMA_MAX_SEC 600
#define TV_WITHIN_SIGMA_MAX_USEC (TV_WITHIN_SIGMA_MAX_SEC * 1000000)
diff --git a/src/openvpn/packet_id.c b/src/openvpn/packet_id.c
index ca318eb..880eee1 100644
--- a/src/openvpn/packet_id.c
+++ b/src/openvpn/packet_id.c
@@ -71,6 +71,11 @@
#endif
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
packet_id_init_recv(struct packet_id_rec *rec, int seq_backtrack, int time_backtrack,
const char *name, int unit)
@@ -663,6 +668,10 @@
return epoch;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
bool
packet_id_write_epoch(struct packet_id_send *p, uint16_t epoch, struct buffer *buf)
{...
[truncated message content] |
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-09-23 16:16:15
|
Attention is currently required from: plaisthos.
Hello plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1168?usp=email
to look at the new patch set (#13).
Change subject: Enable -Wconversion -Wno-sign-conversion by default
......................................................................
Enable -Wconversion -Wno-sign-conversion by default
Grand-father all known locations of existing errors,
so that -Werror builds still pass and we do not spam
build logs.
Still, this should give us a much better roadmap to
work on these issues one by one while still enabling
the warnings for a lot of code-paths.
In general I did go for least amount of pragmas, so
usually there is only one override per file, covering
ALL of the failures in that file. While this protects
a lot of code that doesn't need it, it also cut down
the amount of pragmas by a lot.
This does cover gcc builds including mingw and clang
builds. Does not cover MSVC.
Once the amount of issues has been suitable reduced
more warnings could be enabled.
Change-Id: Iad5b00c35a1f1993b1fa99e8b945ab17b230ef59
Signed-off-by: Frank Lichtenheld <fr...@li...>
---
M CMakeLists.txt
M configure.ac
M src/openvpn/comp-lz4.c
M src/openvpn/console_builtin.c
M src/openvpn/crypto.c
M src/openvpn/crypto_epoch.c
M src/openvpn/crypto_mbedtls.c
M src/openvpn/crypto_openssl.c
M src/openvpn/cryptoapi.c
M src/openvpn/dco.c
M src/openvpn/dco_freebsd.c
M src/openvpn/dco_linux.c
M src/openvpn/dco_win.c
M src/openvpn/dhcp.c
M src/openvpn/event.c
M src/openvpn/forward.c
M src/openvpn/gremlin.c
M src/openvpn/httpdigest.c
M src/openvpn/init.c
M src/openvpn/interval.c
M src/openvpn/lzo.c
M src/openvpn/manage.c
M src/openvpn/mbuf.c
M src/openvpn/misc.c
M src/openvpn/mroute.c
M src/openvpn/mss.c
M src/openvpn/mtcp.c
M src/openvpn/mtu.c
M src/openvpn/mudp.c
M src/openvpn/multi.c
M src/openvpn/networking_sitnl.c
M src/openvpn/ntlm.c
M src/openvpn/occ.c
M src/openvpn/openssl_compat.h
M src/openvpn/options.c
M src/openvpn/options_util.c
M src/openvpn/otime.c
M src/openvpn/otime.h
M src/openvpn/packet_id.c
M src/openvpn/packet_id.h
M src/openvpn/pkcs11.c
M src/openvpn/pkcs11_openssl.c
M src/openvpn/proxy.c
M src/openvpn/ps.c
M src/openvpn/push.c
M src/openvpn/push_util.c
M src/openvpn/reliable.c
M src/openvpn/route.c
M src/openvpn/schedule.c
M src/openvpn/socket.c
M src/openvpn/socks.c
M src/openvpn/ssl.c
M src/openvpn/ssl_mbedtls.c
M src/openvpn/ssl_ncp.c
M src/openvpn/ssl_openssl.c
M src/openvpn/ssl_pkt.c
M src/openvpn/ssl_util.c
M src/openvpn/ssl_verify.c
M src/openvpn/ssl_verify_mbedtls.c
M src/openvpn/ssl_verify_openssl.c
M src/openvpn/status.c
M src/openvpn/tls_crypt.c
M src/openvpn/tun.c
M src/openvpn/vlan.c
M src/openvpn/win32.c
M src/openvpnserv/interactive.c
M tests/unit_tests/openvpn/test_crypto.c
M tests/unit_tests/openvpn/test_ssl.c
68 files changed, 687 insertions(+), 4 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/68/1168/13
diff --git a/CMakeLists.txt b/CMakeLists.txt
index fdc0162..3f6196f 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -113,8 +113,7 @@
check_and_add_compiler_flag(-Wno-stringop-truncation NoStringOpTruncation)
check_and_add_compiler_flag(-Wstrict-prototypes StrictPrototypes)
check_and_add_compiler_flag(-Wold-style-definition OldStyleDefinition)
- # We are not ready for this
- #add_compile_options(-Wconversion -Wno-sign-conversion)
+ add_compile_options(-Wconversion -Wno-sign-conversion)
add_compile_options(-Wextra -Wno-sign-compare -Wno-type-limits -Wno-unused-parameter)
# clang doesn't have the different levels but also doesn't include it in -Wextra
check_and_add_compiler_flag(-Wimplicit-fallthrough=2 GCCImplicitFallthrough)
diff --git a/configure.ac b/configure.ac
index c2feeea..8f3c01d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1397,6 +1397,7 @@
ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-stringop-truncation])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wstrict-prototypes])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wold-style-definition])
+ACL_CHECK_ADD_COMPILE_FLAGS([-Wconversion -Wno-sign-conversion])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wall])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wextra -Wno-sign-compare -Wno-type-limits -Wno-unused-parameter])
# clang doesn't have the different levels but also doesn't include it in -Wextra
diff --git a/src/openvpn/comp-lz4.c b/src/openvpn/comp-lz4.c
index 6736469..a78c664 100644
--- a/src/openvpn/comp-lz4.c
+++ b/src/openvpn/comp-lz4.c
@@ -88,6 +88,11 @@
compv2_escape_data_ifneeded(buf);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
do_lz4_decompress(size_t zlen_max, struct buffer *work, struct buffer *buf,
struct compress_context *compctx)
@@ -113,6 +118,10 @@
*buf = *work;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
lz4_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx,
const struct frame *frame)
diff --git a/src/openvpn/console_builtin.c b/src/openvpn/console_builtin.c
index b0228dd..71c0025 100644
--- a/src/openvpn/console_builtin.c
+++ b/src/openvpn/console_builtin.c
@@ -45,6 +45,11 @@
#include "win32.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* Get input from a Windows console.
*
@@ -134,6 +139,10 @@
return false;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* _WIN32 */
@@ -264,6 +273,10 @@
return ret;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
/**
* @copydoc query_user_exec()
@@ -296,3 +309,7 @@
return ret;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index ec7da43..6376c11 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -186,6 +186,11 @@
return;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
openvpn_encrypt_v1(struct buffer *buf, struct buffer work, struct crypto_options *opt)
{
@@ -1532,6 +1537,10 @@
gc_free(&gc);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
write_key_file(const int nkeys, const char *filename)
{
diff --git a/src/openvpn/crypto_epoch.c b/src/openvpn/crypto_epoch.c
index b5cbc8d..7026ff8 100644
--- a/src/openvpn/crypto_epoch.c
+++ b/src/openvpn/crypto_epoch.c
@@ -72,6 +72,11 @@
hmac_ctx_free(hmac_ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
ovpn_expand_label(const uint8_t *secret, size_t secret_len, const uint8_t *label, size_t label_len,
const uint8_t *context, size_t context_len, uint8_t *out, uint16_t out_len)
@@ -163,6 +168,10 @@
key->epoch = epoch_key->epoch;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
epoch_init_send_key_ctx(struct crypto_options *co)
{
diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c
index 2bab312..076d4ee 100644
--- a/src/openvpn/crypto_mbedtls.c
+++ b/src/openvpn/crypto_mbedtls.c
@@ -230,6 +230,11 @@
"available\n");
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
crypto_pem_encode(const char *name, struct buffer *dst, const struct buffer *src,
struct gc_arena *gc)
@@ -760,7 +765,6 @@
return 1;
}
-
/*
*
* Generic message digest information functions
@@ -1119,4 +1123,9 @@
return true;
}
#endif /* HAVE_MBEDTLS_SSL_TLS_PRF && defined(MBEDTLS_SSL_TLS_PRF_TLS1) */
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* ENABLE_CRYPTO_MBEDTLS */
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index 2d0265a..7688add 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -895,6 +895,10 @@
return EVP_CIPHER_CTX_mode(ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
bool
cipher_ctx_mode_cbc(const cipher_ctx_t *ctx)
@@ -999,6 +1003,9 @@
return cipher_ctx_final(ctx, dst, dst_len);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
/*
*
@@ -1214,12 +1221,21 @@
HMAC_CTX_reset(ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
hmac_ctx_size(HMAC_CTX *ctx)
{
return HMAC_size(ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
hmac_ctx_reset(HMAC_CTX *ctx)
{
@@ -1398,6 +1414,11 @@
CRYPTO_tls1_prf(EVP_md5_sha1(), out1, olen, sec, slen, label, label_len, NULL, 0, NULL, 0);
}
#elif !defined(LIBRESSL_VERSION_NUMBER) && !defined(ENABLE_CRYPTO_WOLFSSL)
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
ssl_tls1_PRF(const uint8_t *seed, size_t seed_len, const uint8_t *secret, size_t secret_len,
uint8_t *output, size_t output_len)
@@ -1443,6 +1464,11 @@
EVP_PKEY_CTX_free(pctx);
return ret;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#else /* if defined(LIBRESSL_VERSION_NUMBER) */
/* LibreSSL and wolfSSL do not expose a TLS 1.0/1.1 PRF via the same APIs as
* OpenSSL does. As result they will only be able to support
diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c
index d91d9a1..bba6ed2 100644
--- a/src/openvpn/cryptoapi.c
+++ b/src/openvpn/cryptoapi.c
@@ -62,7 +62,7 @@
return 0;
}
-#else /* HAVE_XKEY_PROVIDER */
+#else /* HAVE_XKEY_PROVIDER */
static XKEY_EXTERNAL_SIGN_fn xkey_cng_sign;
@@ -342,6 +342,11 @@
return rv;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/** Sign hash in tbs using EC key in cd and NCryptSignHash */
static int
xkey_cng_ec_sign(CAPI_DATA *cd, unsigned char *sig, size_t *siglen, const unsigned char *tbs,
@@ -438,6 +443,10 @@
return (*siglen > 0);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/** Dispatch sign op to xkey_cng_<rsa/ec>_sign */
static int
xkey_cng_sign(void *handle, unsigned char *sig, size_t *siglen, const unsigned char *tbs,
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 881459c..2cf90af 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -491,6 +491,11 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
dco_p2p_add_new_peer(struct context *c)
{
@@ -645,6 +650,10 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
dco_install_iroute(struct multi_context *m, struct multi_instance *mi, struct mroute_addr *addr)
{
diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c
index d5ca277..b9f6bc7 100644
--- a/src/openvpn/dco_freebsd.c
+++ b/src/openvpn/dco_freebsd.c
@@ -72,6 +72,11 @@
return (nvl);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static bool
nvlist_to_sockaddr(const nvlist_t *nvl, struct sockaddr_storage *ss)
{
@@ -854,6 +859,10 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err)
{
diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c
index d8357ca..395a38f 100644
--- a/src/openvpn/dco_linux.c
+++ b/src/openvpn/dco_linux.c
@@ -62,6 +62,11 @@
typedef int (*ovpn_nl_cb)(struct nl_msg *msg, void *arg);
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* @brief resolves the netlink ID for ovpn-dco
*
@@ -1298,4 +1303,8 @@
return "AES-128-GCM:AES-256-GCM:AES-192-GCM:CHACHA20-POLY1305";
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* defined(ENABLE_DCO) && defined(TARGET_LINUX) */
diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c
index 2d08ed8..9e52859 100644
--- a/src/openvpn/dco_win.c
+++ b/src/openvpn/dco_win.c
@@ -525,6 +525,11 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
dco_new_key(dco_context_t *dco, unsigned int peerid, int keyid, dco_key_slot_t slot,
const uint8_t *encrypt_key, const uint8_t *encrypt_iv, const uint8_t *decrypt_key,
@@ -564,6 +569,11 @@
}
return 0;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
dco_del_key(dco_context_t *dco, unsigned int peerid, dco_key_slot_t slot)
{
diff --git a/src/openvpn/dhcp.c b/src/openvpn/dhcp.c
index 7abade5..38e8d40 100644
--- a/src/openvpn/dhcp.c
+++ b/src/openvpn/dhcp.c
@@ -72,6 +72,11 @@
return -1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static in_addr_t
do_extract(struct dhcp *dhcp, int optlen)
{
@@ -185,3 +190,7 @@
}
return 0;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/event.c b/src/openvpn/event.c
index 581bdbb..2f60b78 100644
--- a/src/openvpn/event.c
+++ b/src/openvpn/event.c
@@ -65,6 +65,11 @@
#define SELECT_MAX_FDS 256
#endif
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline int
tv_to_ms_timeout(const struct timeval *tv)
{
@@ -78,6 +83,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#ifdef _WIN32
struct we_set
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 12dd6a7..f342958 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -367,6 +367,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
send_control_channel_string_dowork(struct tls_session *session, const char *str,
msglvl_t msglevel)
@@ -1966,6 +1971,10 @@
perf_pop();
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
pre_select(struct context *c)
{
diff --git a/src/openvpn/gremlin.c b/src/openvpn/gremlin.c
index e6ebbef..0e5e93f 100644
--- a/src/openvpn/gremlin.c
+++ b/src/openvpn/gremlin.c
@@ -98,6 +98,11 @@
return (get_random() % n) == 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Return uniformly distributed random number between
* low and high.
@@ -229,4 +234,9 @@
}
}
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* ifdef ENABLE_DEBUG */
diff --git a/src/openvpn/httpdigest.c b/src/openvpn/httpdigest.c
index be20638..f665b17 100644
--- a/src/openvpn/httpdigest.c
+++ b/src/openvpn/httpdigest.c
@@ -61,6 +61,11 @@
Hex[HASHHEXLEN] = '\0';
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/* calculate H(A1) as per spec */
void
DigestCalcHA1(IN char *pszAlg, IN char *pszUserName, IN char *pszRealm, IN char *pszPassword,
@@ -145,4 +150,8 @@
CvtHex(RespHash, Response);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* if PROXY_DIGEST_AUTH */
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 0d7a2ec..f8a0fee 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -455,6 +455,11 @@
}
#endif /* ENABLE_MANAGEMENT */
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Initialize and possibly randomize the connection list.
*
@@ -3490,6 +3495,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* No encryption or authentication.
*/
diff --git a/src/openvpn/interval.c b/src/openvpn/interval.c
index 2b35314..fbefcd9 100644
--- a/src/openvpn/interval.c
+++ b/src/openvpn/interval.c
@@ -38,6 +38,11 @@
top->horizon = horizon;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
event_timeout_trigger(struct event_timeout *et, struct timeval *tv, const int et_const_retry)
{
@@ -77,3 +82,7 @@
}
return ret;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/lzo.c b/src/openvpn/lzo.c
index 3a73d5f..8daaec0 100644
--- a/src/openvpn/lzo.c
+++ b/src/openvpn/lzo.c
@@ -72,6 +72,11 @@
*header = NO_COMPRESS_BYTE;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
lzo_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx,
const struct frame *frame)
@@ -121,6 +126,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
const struct compress_alg lzo_alg = { "lzo", lzo_compress_init, lzo_compress_uninit, lzo_compress,
lzo_decompress };
#endif /* ENABLE_LZO */
diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index c675e95..5a41a0f 100644
--- a/src/openvpn/manage.c
+++ b/src/openvpn/manage.c
@@ -206,6 +206,11 @@
return man->settings.up.defined && !man->connection.password_verified;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
man_check_password(struct management *man, const char *line)
{
@@ -236,6 +241,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
man_update_io_state(struct management *man)
{
@@ -2305,6 +2314,11 @@
#endif /* ifdef TARGET_ANDROID */
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static int
man_read(struct management *man)
{
@@ -2442,6 +2456,10 @@
return sent;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
man_connection_clear(struct man_connection *mc)
{
diff --git a/src/openvpn/mbuf.c b/src/openvpn/mbuf.c
index 0750fec..448124c 100644
--- a/src/openvpn/mbuf.c
+++ b/src/openvpn/mbuf.c
@@ -34,6 +34,11 @@
#include "memdbg.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
struct mbuf_set *
mbuf_init(unsigned int size)
{
@@ -44,6 +49,10 @@
return ret;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
mbuf_free(struct mbuf_set *ms)
{
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index d3d316d..caf4725 100644
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -72,6 +72,11 @@
#endif
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
#ifdef ENABLE_MANAGEMENT
/* Get username/password from the management interface */
static bool
@@ -184,6 +189,10 @@
#endif /* ifdef ENABLE_MANAGEMENT */
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* Get and store a username/password
*/
diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c
index ab01874..88ea647 100644
--- a/src/openvpn/mroute.c
+++ b/src/openvpn/mroute.c
@@ -103,6 +103,11 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline void
mroute_get_in_addr_t(struct mroute_addr *ma, const in_addr_t src, unsigned int mask)
{
@@ -547,6 +552,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
mroute_helper_free(struct mroute_helper *mh)
{
diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c
index 32cd3f8..e7111a8 100644
--- a/src/openvpn/mss.c
+++ b/src/openvpn/mss.c
@@ -130,6 +130,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* change TCP MSS option in SYN/SYN-ACK packets, if present
* this is generic for IPv4 and IPv6, as the TCP header is the same
@@ -199,6 +204,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static inline size_t
adjust_payload_max_cbc(const struct key_type *kt, size_t target)
{
diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c
index 81310a2..83edec6 100644
--- a/src/openvpn/mtcp.c
+++ b/src/openvpn/mtcp.c
@@ -45,6 +45,11 @@
unsigned int sock;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
struct multi_instance *
multi_create_instance_tcp(struct multi_context *m, struct link_socket *sock)
{
@@ -120,6 +125,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
multi_tcp_instance_specific_free(struct multi_instance *mi)
{
diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c
index 9c1a772..66f81a6 100644
--- a/src/openvpn/mtu.c
+++ b/src/openvpn/mtu.c
@@ -280,6 +280,11 @@
struct timeval tv;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
const char *
format_extended_socket_error(int fd, int *mtu, struct gc_arena *gc)
{
@@ -389,6 +394,10 @@
return BSTR(&out);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
set_sock_extended_error_passing(int sd, sa_family_t proto_af)
{
diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c
index 31134be..a373a6a 100644
--- a/src/openvpn/mudp.c
+++ b/src/openvpn/mudp.c
@@ -180,6 +180,11 @@
return false;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Get a client instance based on real address. If
* the instance doesn't exist, create it while
@@ -310,6 +315,10 @@
return mi;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* Send a packet to UDP socket.
*/
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index 9256127..777c62e 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -256,6 +256,11 @@
#endif
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
#ifdef ENABLE_ASYNC_PUSH
static uint32_t
/*
@@ -3982,6 +3987,10 @@
return count;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
management_delete_event(void *arg, event_t event)
{
diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c
index 00d6106..1815faf 100644
--- a/src/openvpn/networking_sitnl.c
+++ b/src/openvpn/networking_sitnl.c
@@ -131,6 +131,11 @@
inet_address_t gw;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* Helper function used to easily add attributes to a rtnl message
*/
@@ -1469,6 +1474,10 @@
return sitnl_send(&req.n, 0, 0, NULL, NULL);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* !ENABLE_SITNL */
#endif /* TARGET_LINUX */
diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c
index c2a93e8..521677b 100644
--- a/src/openvpn/ntlm.c
+++ b/src/openvpn/ntlm.c
@@ -74,6 +74,11 @@
hmac_ctx_free(hmac_ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
gen_timestamp(uint8_t *timestamp)
{
@@ -383,4 +388,8 @@
return ((const char *)make_base64_string2((unsigned char *)phase3, phase3_bufpos, gc));
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
#endif /* if NTLM */
diff --git a/src/openvpn/occ.c b/src/openvpn/occ.c
index 8821a06..78013ae 100644
--- a/src/openvpn/occ.c
+++ b/src/openvpn/occ.c
@@ -174,6 +174,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
void
check_send_occ_load_test_dowork(struct context *c)
{
@@ -347,6 +352,10 @@
c->c2.occ_op = -1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
process_received_occ_msg(struct context *c)
{
diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h
index 6fd7390..e3e7cf8 100644
--- a/src/openvpn/openssl_compat.h
+++ b/src/openvpn/openssl_compat.h
@@ -194,12 +194,21 @@
LIBRESSL_VERSION_NUMBER > 0x3050400fL) */
#if OPENSSL_VERSION_NUMBER < 0x30200000L && OPENSSL_VERSION_NUMBER >= 0x30000000L
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline const char *
SSL_get0_group_name(SSL *s)
{
int nid = SSL_get_negotiated_group(s);
return SSL_group_to_name(s, nid);
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
#endif
#endif /* OPENSSL_COMPAT_H_ */
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 151a016..f801743 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -1158,6 +1158,11 @@
return get_ipv6_addr(ipv6_prefix_spec, &t_addr, &t_bits, M_WARN);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static char *
string_substitute(const char *src, int from, int to, struct gc_arena *gc)
{
@@ -9900,6 +9905,10 @@
gc_free(&gc);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
bool
has_udp_in_local_list(const struct options *options)
{
diff --git a/src/openvpn/options_util.c b/src/openvpn/options_util.c
index fdc0c55..8a1c083 100644
--- a/src/openvpn/options_util.c
+++ b/src/openvpn/options_util.c
@@ -162,6 +162,11 @@
return (int)i;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
atoi_constrained(const char *str, int *value, const char *name, int min, int max, msglvl_t msglevel)
{
@@ -193,6 +198,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static const char *updatable_options[] = { "block-ipv6", "block-outside-dns",
"dhcp-option", "dns",
"ifconfig", "ifconfig-ipv6",
diff --git a/src/openvpn/otime.c b/src/openvpn/otime.c
index 717f749..d9bf157 100644
--- a/src/openvpn/otime.c
+++ b/src/openvpn/otime.c
@@ -100,6 +100,11 @@
/* format a time_t as ascii, or use current time if 0 */
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
const char *
time_string(time_t t, long usec, bool show_usec, struct gc_arena *gc)
{
@@ -130,6 +135,10 @@
return BSTR(&out);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* Limit the frequency of an event stream.
*
diff --git a/src/openvpn/otime.h b/src/openvpn/otime.h
index 5c700bb..108d0f2 100644
--- a/src/openvpn/otime.h
+++ b/src/openvpn/otime.h
@@ -59,6 +59,11 @@
extern time_t now_usec;
void update_now_usec(struct timeval *tv);
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline int
openvpn_gettimeofday(struct timeval *tv, void *tz)
{
@@ -236,6 +241,10 @@
dest->tv_usec = usec;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#define TV_WITHIN_SIGMA_MAX_SEC 600
#define TV_WITHIN_SIGMA_MAX_USEC (TV_WITHIN_SIGMA_MAX_SEC * 1000000)
diff --git a/src/openvpn/packet_id.c b/src/openvpn/packet_id.c
index ca318eb..880eee1 100644
--- a/src/openvpn/packet_id.c
+++ b/src/openvpn/packet_id.c
@@ -71,6 +71,11 @@
#endif
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
packet_id_init_recv(struct packet_id_rec *rec, int seq_backtrack, int time_backtrack,
const char *name, int unit)
@@ -663,6 +668,10 @@
return epoch;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
bool
packet_id_write_epoch(struct packet_id_send *p, uint16_t epoch, struct buffer *buf)
{
diff --git a/src/openvpn/packet_id.h b/src/openvpn/packet_id.h
index a7eb256..e9d3647 100644
--- a/src/openvpn/packet_id.h
+++ b/src/openvpn/packet_id.h
@@ -280,6 +280,11 @@
return p->fd >= 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/* transf...
[truncated message content] |
|
From: cron2 (C. Review) <ge...@op...> - 2025-09-24 08:18:11
|
Attention is currently required from: flichtenheld, plaisthos. cron2 has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1168?usp=email ) Change subject: Enable -Wconversion -Wno-sign-conversion by default ...................................................................... Patch Set 13: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1168?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Iad5b00c35a1f1993b1fa99e8b945ab17b230ef59 Gerrit-Change-Number: 1168 Gerrit-PatchSet: 13 Gerrit-Owner: flichtenheld <fr...@li...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Comment-Date: Wed, 24 Sep 2025 08:17:54 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment |
|
From: Gert D. <ge...@gr...> - 2025-09-24 08:18:26
|
From: Frank Lichtenheld <fr...@li...> Grand-father all known locations of existing errors, so that -Werror builds still pass and we do not spam build logs. Still, this should give us a much better roadmap to work on these issues one by one while still enabling the warnings for a lot of code-paths. In general I did go for least amount of pragmas, so usually there is only one override per file, covering ALL of the failures in that file. While this protects a lot of code that doesn't need it, it also cut down the amount of pragmas by a lot. This does cover gcc builds including mingw and clang builds. Does not cover MSVC. Once the amount of issues has been suitable reduced more warnings could be enabled. Change-Id: Iad5b00c35a1f1993b1fa99e8b945ab17b230ef59 Signed-off-by: Frank Lichtenheld <fr...@li...> Acked-by: Gert Doering <ge...@gr...> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1168 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1168 This mail reflects revision 13 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering <ge...@gr...> diff --git a/CMakeLists.txt b/CMakeLists.txt index fdc0162..3f6196f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -113,8 +113,7 @@ check_and_add_compiler_flag(-Wno-stringop-truncation NoStringOpTruncation) check_and_add_compiler_flag(-Wstrict-prototypes StrictPrototypes) check_and_add_compiler_flag(-Wold-style-definition OldStyleDefinition) - # We are not ready for this - #add_compile_options(-Wconversion -Wno-sign-conversion) + add_compile_options(-Wconversion -Wno-sign-conversion) add_compile_options(-Wextra -Wno-sign-compare -Wno-type-limits -Wno-unused-parameter) # clang doesn't have the different levels but also doesn't include it in -Wextra check_and_add_compiler_flag(-Wimplicit-fallthrough=2 GCCImplicitFallthrough) diff --git a/configure.ac b/configure.ac index c2feeea..8f3c01d 100644 --- a/configure.ac +++ b/configure.ac @@ -1397,6 +1397,7 @@ ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-stringop-truncation]) ACL_CHECK_ADD_COMPILE_FLAGS([-Wstrict-prototypes]) ACL_CHECK_ADD_COMPILE_FLAGS([-Wold-style-definition]) +ACL_CHECK_ADD_COMPILE_FLAGS([-Wconversion -Wno-sign-conversion]) ACL_CHECK_ADD_COMPILE_FLAGS([-Wall]) ACL_CHECK_ADD_COMPILE_FLAGS([-Wextra -Wno-sign-compare -Wno-type-limits -Wno-unused-parameter]) # clang doesn't have the different levels but also doesn't include it in -Wextra diff --git a/src/openvpn/comp-lz4.c b/src/openvpn/comp-lz4.c index 6736469..a78c664 100644 --- a/src/openvpn/comp-lz4.c +++ b/src/openvpn/comp-lz4.c @@ -88,6 +88,11 @@ compv2_escape_data_ifneeded(buf); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static void do_lz4_decompress(size_t zlen_max, struct buffer *work, struct buffer *buf, struct compress_context *compctx) @@ -113,6 +118,10 @@ *buf = *work; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static void lz4_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx, const struct frame *frame) diff --git a/src/openvpn/console_builtin.c b/src/openvpn/console_builtin.c index b0228dd..71c0025 100644 --- a/src/openvpn/console_builtin.c +++ b/src/openvpn/console_builtin.c @@ -45,6 +45,11 @@ #include "win32.h" +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /** * Get input from a Windows console. * @@ -134,6 +139,10 @@ return false; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #endif /* _WIN32 */ @@ -264,6 +273,10 @@ return ret; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif /** * @copydoc query_user_exec() @@ -296,3 +309,7 @@ return ret; } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index ec7da43..6376c11 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -186,6 +186,11 @@ return; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static void openvpn_encrypt_v1(struct buffer *buf, struct buffer work, struct crypto_options *opt) { @@ -1532,6 +1537,10 @@ gc_free(&gc); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + int write_key_file(const int nkeys, const char *filename) { diff --git a/src/openvpn/crypto_epoch.c b/src/openvpn/crypto_epoch.c index b5cbc8d..7026ff8 100644 --- a/src/openvpn/crypto_epoch.c +++ b/src/openvpn/crypto_epoch.c @@ -72,6 +72,11 @@ hmac_ctx_free(hmac_ctx); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + bool ovpn_expand_label(const uint8_t *secret, size_t secret_len, const uint8_t *label, size_t label_len, const uint8_t *context, size_t context_len, uint8_t *out, uint16_t out_len) @@ -163,6 +168,10 @@ key->epoch = epoch_key->epoch; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static void epoch_init_send_key_ctx(struct crypto_options *co) { diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c index 2bab312..076d4ee 100644 --- a/src/openvpn/crypto_mbedtls.c +++ b/src/openvpn/crypto_mbedtls.c @@ -230,6 +230,11 @@ "available\n"); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + bool crypto_pem_encode(const char *name, struct buffer *dst, const struct buffer *src, struct gc_arena *gc) @@ -760,7 +765,6 @@ return 1; } - /* * * Generic message digest information functions @@ -1119,4 +1123,9 @@ return true; } #endif /* HAVE_MBEDTLS_SSL_TLS_PRF && defined(MBEDTLS_SSL_TLS_PRF_TLS1) */ + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #endif /* ENABLE_CRYPTO_MBEDTLS */ diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index 2d0265a..7688add 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -895,6 +895,10 @@ return EVP_CIPHER_CTX_mode(ctx); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif bool cipher_ctx_mode_cbc(const cipher_ctx_t *ctx) @@ -999,6 +1003,9 @@ return cipher_ctx_final(ctx, dst, dst_len); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif /* * @@ -1214,12 +1221,21 @@ HMAC_CTX_reset(ctx); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + int hmac_ctx_size(HMAC_CTX *ctx) { return HMAC_size(ctx); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void hmac_ctx_reset(HMAC_CTX *ctx) { @@ -1398,6 +1414,11 @@ CRYPTO_tls1_prf(EVP_md5_sha1(), out1, olen, sec, slen, label, label_len, NULL, 0, NULL, 0); } #elif !defined(LIBRESSL_VERSION_NUMBER) && !defined(ENABLE_CRYPTO_WOLFSSL) +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + bool ssl_tls1_PRF(const uint8_t *seed, size_t seed_len, const uint8_t *secret, size_t secret_len, uint8_t *output, size_t output_len) @@ -1443,6 +1464,11 @@ EVP_PKEY_CTX_free(pctx); return ret; } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #else /* if defined(LIBRESSL_VERSION_NUMBER) */ /* LibreSSL and wolfSSL do not expose a TLS 1.0/1.1 PRF via the same APIs as * OpenSSL does. As result they will only be able to support diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c index d91d9a1..bba6ed2 100644 --- a/src/openvpn/cryptoapi.c +++ b/src/openvpn/cryptoapi.c @@ -62,7 +62,7 @@ return 0; } -#else /* HAVE_XKEY_PROVIDER */ +#else /* HAVE_XKEY_PROVIDER */ static XKEY_EXTERNAL_SIGN_fn xkey_cng_sign; @@ -342,6 +342,11 @@ return rv; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /** Sign hash in tbs using EC key in cd and NCryptSignHash */ static int xkey_cng_ec_sign(CAPI_DATA *cd, unsigned char *sig, size_t *siglen, const unsigned char *tbs, @@ -438,6 +443,10 @@ return (*siglen > 0); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /** Dispatch sign op to xkey_cng_<rsa/ec>_sign */ static int xkey_cng_sign(void *handle, unsigned char *sig, size_t *siglen, const unsigned char *tbs, diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c index 881459c..2cf90af 100644 --- a/src/openvpn/dco.c +++ b/src/openvpn/dco.c @@ -491,6 +491,11 @@ return true; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + int dco_p2p_add_new_peer(struct context *c) { @@ -645,6 +650,10 @@ return 0; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void dco_install_iroute(struct multi_context *m, struct multi_instance *mi, struct mroute_addr *addr) { diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c index d5ca277..b9f6bc7 100644 --- a/src/openvpn/dco_freebsd.c +++ b/src/openvpn/dco_freebsd.c @@ -72,6 +72,11 @@ return (nvl); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static bool nvlist_to_sockaddr(const nvlist_t *nvl, struct sockaddr_storage *ss) { @@ -854,6 +859,10 @@ return 0; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + int dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err) { diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c index d8357ca..395a38f 100644 --- a/src/openvpn/dco_linux.c +++ b/src/openvpn/dco_linux.c @@ -62,6 +62,11 @@ typedef int (*ovpn_nl_cb)(struct nl_msg *msg, void *arg); +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /** * @brief resolves the netlink ID for ovpn-dco * @@ -1298,4 +1303,8 @@ return "AES-128-GCM:AES-256-GCM:AES-192-GCM:CHACHA20-POLY1305"; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #endif /* defined(ENABLE_DCO) && defined(TARGET_LINUX) */ diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c index 2d08ed8..9e52859 100644 --- a/src/openvpn/dco_win.c +++ b/src/openvpn/dco_win.c @@ -525,6 +525,11 @@ return 0; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + int dco_new_key(dco_context_t *dco, unsigned int peerid, int keyid, dco_key_slot_t slot, const uint8_t *encrypt_key, const uint8_t *encrypt_iv, const uint8_t *decrypt_key, @@ -564,6 +569,11 @@ } return 0; } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + int dco_del_key(dco_context_t *dco, unsigned int peerid, dco_key_slot_t slot) { diff --git a/src/openvpn/dhcp.c b/src/openvpn/dhcp.c index 7abade5..38e8d40 100644 --- a/src/openvpn/dhcp.c +++ b/src/openvpn/dhcp.c @@ -72,6 +72,11 @@ return -1; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static in_addr_t do_extract(struct dhcp *dhcp, int optlen) { @@ -185,3 +190,7 @@ } return 0; } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif diff --git a/src/openvpn/event.c b/src/openvpn/event.c index 581bdbb..2f60b78 100644 --- a/src/openvpn/event.c +++ b/src/openvpn/event.c @@ -65,6 +65,11 @@ #define SELECT_MAX_FDS 256 #endif +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static inline int tv_to_ms_timeout(const struct timeval *tv) { @@ -78,6 +83,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #ifdef _WIN32 struct we_set diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 12dd6a7..f342958 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -367,6 +367,11 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + bool send_control_channel_string_dowork(struct tls_session *session, const char *str, msglvl_t msglevel) @@ -1966,6 +1971,10 @@ perf_pop(); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void pre_select(struct context *c) { diff --git a/src/openvpn/gremlin.c b/src/openvpn/gremlin.c index e6ebbef..0e5e93f 100644 --- a/src/openvpn/gremlin.c +++ b/src/openvpn/gremlin.c @@ -98,6 +98,11 @@ return (get_random() % n) == 0; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /* * Return uniformly distributed random number between * low and high. @@ -229,4 +234,9 @@ } } } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #endif /* ifdef ENABLE_DEBUG */ diff --git a/src/openvpn/httpdigest.c b/src/openvpn/httpdigest.c index be20638..f665b17 100644 --- a/src/openvpn/httpdigest.c +++ b/src/openvpn/httpdigest.c @@ -61,6 +61,11 @@ Hex[HASHHEXLEN] = '\0'; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /* calculate H(A1) as per spec */ void DigestCalcHA1(IN char *pszAlg, IN char *pszUserName, IN char *pszRealm, IN char *pszPassword, @@ -145,4 +150,8 @@ CvtHex(RespHash, Response); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #endif /* if PROXY_DIGEST_AUTH */ diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 0d7a2ec..f8a0fee 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -455,6 +455,11 @@ } #endif /* ENABLE_MANAGEMENT */ +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /* * Initialize and possibly randomize the connection list. * @@ -3490,6 +3495,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /* * No encryption or authentication. */ diff --git a/src/openvpn/interval.c b/src/openvpn/interval.c index 2b35314..fbefcd9 100644 --- a/src/openvpn/interval.c +++ b/src/openvpn/interval.c @@ -38,6 +38,11 @@ top->horizon = horizon; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + bool event_timeout_trigger(struct event_timeout *et, struct timeval *tv, const int et_const_retry) { @@ -77,3 +82,7 @@ } return ret; } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif diff --git a/src/openvpn/lzo.c b/src/openvpn/lzo.c index 3a73d5f..8daaec0 100644 --- a/src/openvpn/lzo.c +++ b/src/openvpn/lzo.c @@ -72,6 +72,11 @@ *header = NO_COMPRESS_BYTE; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static void lzo_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx, const struct frame *frame) @@ -121,6 +126,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + const struct compress_alg lzo_alg = { "lzo", lzo_compress_init, lzo_compress_uninit, lzo_compress, lzo_decompress }; #endif /* ENABLE_LZO */ diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c index c675e95..5a41a0f 100644 --- a/src/openvpn/manage.c +++ b/src/openvpn/manage.c @@ -206,6 +206,11 @@ return man->settings.up.defined && !man->connection.password_verified; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static void man_check_password(struct management *man, const char *line) { @@ -236,6 +241,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static void man_update_io_state(struct management *man) { @@ -2305,6 +2314,11 @@ #endif /* ifdef TARGET_ANDROID */ +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static int man_read(struct management *man) { @@ -2442,6 +2456,10 @@ return sent; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static void man_connection_clear(struct man_connection *mc) { diff --git a/src/openvpn/mbuf.c b/src/openvpn/mbuf.c index 0750fec..448124c 100644 --- a/src/openvpn/mbuf.c +++ b/src/openvpn/mbuf.c @@ -34,6 +34,11 @@ #include "memdbg.h" +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + struct mbuf_set * mbuf_init(unsigned int size) { @@ -44,6 +49,10 @@ return ret; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void mbuf_free(struct mbuf_set *ms) { diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index d3d316d..caf4725 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -72,6 +72,11 @@ #endif } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + #ifdef ENABLE_MANAGEMENT /* Get username/password from the management interface */ static bool @@ -184,6 +189,10 @@ #endif /* ifdef ENABLE_MANAGEMENT */ +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /* * Get and store a username/password */ diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c index ab01874..88ea647 100644 --- a/src/openvpn/mroute.c +++ b/src/openvpn/mroute.c @@ -103,6 +103,11 @@ return true; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static inline void mroute_get_in_addr_t(struct mroute_addr *ma, const in_addr_t src, unsigned int mask) { @@ -547,6 +552,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void mroute_helper_free(struct mroute_helper *mh) { diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c index 32cd3f8..e7111a8 100644 --- a/src/openvpn/mss.c +++ b/src/openvpn/mss.c @@ -130,6 +130,11 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /* * change TCP MSS option in SYN/SYN-ACK packets, if present * this is generic for IPv4 and IPv6, as the TCP header is the same @@ -199,6 +204,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static inline size_t adjust_payload_max_cbc(const struct key_type *kt, size_t target) { diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c index 81310a2..83edec6 100644 --- a/src/openvpn/mtcp.c +++ b/src/openvpn/mtcp.c @@ -45,6 +45,11 @@ unsigned int sock; }; +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + struct multi_instance * multi_create_instance_tcp(struct multi_context *m, struct link_socket *sock) { @@ -120,6 +125,10 @@ return true; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void multi_tcp_instance_specific_free(struct multi_instance *mi) { diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c index 9c1a772..66f81a6 100644 --- a/src/openvpn/mtu.c +++ b/src/openvpn/mtu.c @@ -280,6 +280,11 @@ struct timeval tv; }; +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + const char * format_extended_socket_error(int fd, int *mtu, struct gc_arena *gc) { @@ -389,6 +394,10 @@ return BSTR(&out); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void set_sock_extended_error_passing(int sd, sa_family_t proto_af) { diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c index 31134be..a373a6a 100644 --- a/src/openvpn/mudp.c +++ b/src/openvpn/mudp.c @@ -180,6 +180,11 @@ return false; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /* * Get a client instance based on real address. If * the instance doesn't exist, create it while @@ -310,6 +315,10 @@ return mi; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /* * Send a packet to UDP socket. */ diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 9256127..777c62e 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -256,6 +256,11 @@ #endif +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + #ifdef ENABLE_ASYNC_PUSH static uint32_t /* @@ -3982,6 +3987,10 @@ return count; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static void management_delete_event(void *arg, event_t event) { diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c index 00d6106..1815faf 100644 --- a/src/openvpn/networking_sitnl.c +++ b/src/openvpn/networking_sitnl.c @@ -131,6 +131,11 @@ inet_address_t gw; }; +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /** * Helper function used to easily add attributes to a rtnl message */ @@ -1469,6 +1474,10 @@ return sitnl_send(&req.n, 0, 0, NULL, NULL); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #endif /* !ENABLE_SITNL */ #endif /* TARGET_LINUX */ diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c index c2a93e8..521677b 100644 --- a/src/openvpn/ntlm.c +++ b/src/openvpn/ntlm.c @@ -74,6 +74,11 @@ hmac_ctx_free(hmac_ctx); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static void gen_timestamp(uint8_t *timestamp) { @@ -383,4 +388,8 @@ return ((const char *)make_base64_string2((unsigned char *)phase3, phase3_bufpos, gc)); } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif #endif /* if NTLM */ diff --git a/src/openvpn/occ.c b/src/openvpn/occ.c index 8821a06..78013ae 100644 --- a/src/openvpn/occ.c +++ b/src/openvpn/occ.c @@ -174,6 +174,11 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + void check_send_occ_load_test_dowork(struct context *c) { @@ -347,6 +352,10 @@ c->c2.occ_op = -1; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void process_received_occ_msg(struct context *c) { diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h index 6fd7390..e3e7cf8 100644 --- a/src/openvpn/openssl_compat.h +++ b/src/openvpn/openssl_compat.h @@ -194,12 +194,21 @@ LIBRESSL_VERSION_NUMBER > 0x3050400fL) */ #if OPENSSL_VERSION_NUMBER < 0x30200000L && OPENSSL_VERSION_NUMBER >= 0x30000000L +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static inline const char * SSL_get0_group_name(SSL *s) { int nid = SSL_get_negotiated_group(s); return SSL_group_to_name(s, nid); } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif #endif #endif /* OPENSSL_COMPAT_H_ */ diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 151a016..f801743 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -1158,6 +1158,11 @@ return get_ipv6_addr(ipv6_prefix_spec, &t_addr, &t_bits, M_WARN); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static char * string_substitute(const char *src, int from, int to, struct gc_arena *gc) { @@ -9900,6 +9905,10 @@ gc_free(&gc); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + bool has_udp_in_local_list(const struct options *options) { diff --git a/src/openvpn/options_util.c b/src/openvpn/options_util.c index fdc0c55..8a1c083 100644 --- a/src/openvpn/options_util.c +++ b/src/openvpn/options_util.c @@ -162,6 +162,11 @@ return (int)i; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + bool atoi_constrained(const char *str, int *value, const char *name, int min, int max, msglvl_t msglevel) { @@ -193,6 +198,10 @@ return true; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static const char *updatable_options[] = { "block-ipv6", "block-outside-dns", "dhcp-option", "dns", "ifconfig", "ifconfig-ipv6", diff --git a/src/openvpn/otime.c b/src/openvpn/otime.c index 717f749..d9bf157 100644 --- a/src/openvpn/otime.c +++ b/src/openvpn/otime.c @@ -100,6 +100,11 @@ /* format a time_t as ascii, or use current time if 0 */ +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + const char * time_string(time_t t, long usec, bool show_usec, struct gc_arena *gc) { @@ -130,6 +135,10 @@ return BSTR(&out); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /* * Limit the frequency of an event stream. * diff --git a/src/openvpn/otime.h b/src/openvpn/otime.h index 5c700bb..108d0f2 100644 --- a/src/openvpn/otime.h +++ b/src/openvpn/otime.h @@ -59,6 +59,11 @@ extern time_t now_usec; void update_now_usec(struct timeval *tv); +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static inline int openvpn_gettimeofday(struct timeval *tv, void *tz) { @@ -236,6 +241,10 @@ dest->tv_usec = usec; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #define TV_WITHIN_SIGMA_MAX_SEC 600 #define TV_WITHIN_SIGMA_MAX_USEC (TV_WITHIN_SIGMA_MAX_SEC * 1000000) diff --git a/src/openvpn/packet_id.c b/src/openvpn/packet_id.c index ca318eb..880eee1 100644 --- a/src/openvpn/packet_id.c +++ b/src/openvpn/packet_id.c @@ -71,6 +71,11 @@ #endif } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static void packet_id_init_recv(struct packet_id_rec *rec, int seq_backtrack, int time_backtrack, const char *name, int unit) @@ -663,6 +668,10 @@ return epoch; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + bool packet_id_write_epoch(struct packet_id_send *p, uint16_t epoch, struct buffer *buf) { diff --git a/src/openvpn/packet_id.h b/src/openvpn/packet_id.h index a7eb256..e9d3647 100644 --- a/src/openvpn/packet_id.h +++ b/src/openvpn/packet_id.h @@ -280,6 +280,11 @@ return p->fd >= 0; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /* transfer packet_id -> packet_id_persist */ static inline void packet_id_persist_save_obj(struct packet_id_persist *p, const struct packet_id *pid) @@ -291,6 +296,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /** * Reset the current send packet id to its initial state. * Use very carefully (e.g. in the standalone reset packet context) to diff --git a/src/openvpn/pkcs11.c b/src/openvpn/pkcs11.c index 8a7a320..16149ca 100644 --- a/src/openvpn/pkcs11.c +++ b/src/openvpn/pkcs11.c @@ -53,6 +53,11 @@ } #endif +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static void __mysleep(const unsigned long usec) { @@ -558,6 +563,10 @@ return success; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + int tls_ctx_use_pkcs11(struct tls_root_ctx *const ssl_ctx, bool pkcs11_id_management, const char *const pkcs11_id) diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11_openssl.c index 23c01ab..f619b95 100644 --- a/src/openvpn/pkcs11_openssl.c +++ b/src/openvpn/pkcs11_openssl.c @@ -428,6 +428,11 @@ return dn; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + int pkcs11_certificate_serial(pkcs11h_certificate_t certificate, char *serial, size_t serial_len) { @@ -468,4 +473,9 @@ return ret; } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #endif /* defined(ENABLE_PKCS11) && defined(ENABLE_OPENSSL) */ diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c index 9d8fe75..02554ba 100644 --- a/src/openvpn/pro... [truncated message content] |
|
From: Gert D. <ge...@gr...> - 2025-09-24 12:39:49
|
This patch does not change any code - it just turns on extra -Warnings,
and then turns them off again on a section-by-section basis with pragmas.
We discussed this in the community meeting, and the intent is
- we can turn on -Werror with these warnings enabled
- all *new* code that gets written and violates -Wconversion can be
fixed on day 1
if we just turn on the warnings today, without -Werror, it's "500 lines"
that nobody looks at - so a new warning won't be noticed. If we do not
turn on the warnings, nobody will see...
And yes, this is quite a bit future work to get rid of the pragmas again,
by fixing one source file after the other, or one group of warnings
(less-than-well defined API calls, like the "msglevel" thing).
I have stared at the patch, it is long, but does not do anything more
than push/pop "ignore -Wconversion warnings" (magic), and then enable
them globally. BB and GHA say that this does not break any of our
testbeds either.
Your patch has been applied to the master branch.
commit 13a156a694573c9edb342b4af36976bceeb4aca2 (master)
Author: Frank Lichtenheld
Date: Wed Sep 24 10:18:05 2025 +0200
Enable -Wconversion -Wno-sign-conversion by default
Signed-off-by: Frank Lichtenheld <fr...@li...>
Acked-by: Gert Doering <ge...@gr...>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1168
Message-Id: <202...@gr...>
URL: https://sourceforge.net/p/openvpn/mailman/message/59237916/
Signed-off-by: Gert Doering <ge...@gr...>
--
kind regards,
Gert Doering
|
|
From: cron2 (C. Review) <ge...@op...> - 2025-09-24 10:08:05
|
Attention is currently required from: flichtenheld, plaisthos. cron2 has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1168?usp=email ) The change is no longer submittable: Code-Review is unsatisfied now. Change subject: Enable -Wconversion -Wno-sign-conversion by default ...................................................................... Patch Set 13: Code-Review-2 (1 comment) Patchset: PS13: This fails building GHA, I guess because something-pkcs11 is not yet guarded https://github.com/cron2/openvpn/actions/runs/17972875656/job/51119449471 ``` CC pkcs11_testdriver-mock_get_random.o 284 test_pkcs11.c: In function ‘test_pkcs11_ids’: 285 test_pkcs11.c:381:57: error: conversion from ‘size_t’ {aka ‘long unsigned int’} to ‘int’ may change value [-Werror=conversion] 286 381 | int derlen = openvpn_base64_decode(base64, der, strlen(base64)); 287 | ^~~~~~~~~~~~~~ 288 CC ../../../src/openvpn/pkcs11_testdriver-xkey_helper.o 289 CC ../../../src/openvpn/pkcs11_testdriver-xkey_provider.o`` ``` -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1168?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Iad5b00c35a1f1993b1fa99e8b945ab17b230ef59 Gerrit-Change-Number: 1168 Gerrit-PatchSet: 13 Gerrit-Owner: flichtenheld <fr...@li...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Comment-Date: Wed, 24 Sep 2025 10:07:53 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment |
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-09-24 11:42:32
|
Attention is currently required from: flichtenheld, plaisthos.
Hello cron2, plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1168?usp=email
to look at the new patch set (#14).
Change subject: Enable -Wconversion -Wno-sign-conversion by default
......................................................................
Enable -Wconversion -Wno-sign-conversion by default
Grand-father all known locations of existing errors,
so that -Werror builds still pass and we do not spam
build logs.
Still, this should give us a much better roadmap to
work on these issues one by one while still enabling
the warnings for a lot of code-paths.
In general I did go for least amount of pragmas, so
usually there is only one override per file, covering
ALL of the failures in that file. While this protects
a lot of code that doesn't need it, it also cut down
the amount of pragmas by a lot.
This does cover gcc builds including mingw and clang
builds. Does not cover MSVC.
Once the amount of issues has been suitable reduced
more warnings could be enabled.
Change-Id: Iad5b00c35a1f1993b1fa99e8b945ab17b230ef59
Signed-off-by: Frank Lichtenheld <fr...@li...>
---
M CMakeLists.txt
M configure.ac
M src/openvpn/comp-lz4.c
M src/openvpn/console_builtin.c
M src/openvpn/crypto.c
M src/openvpn/crypto_epoch.c
M src/openvpn/crypto_mbedtls.c
M src/openvpn/crypto_openssl.c
M src/openvpn/cryptoapi.c
M src/openvpn/dco.c
M src/openvpn/dco_freebsd.c
M src/openvpn/dco_linux.c
M src/openvpn/dco_win.c
M src/openvpn/dhcp.c
M src/openvpn/event.c
M src/openvpn/forward.c
M src/openvpn/gremlin.c
M src/openvpn/httpdigest.c
M src/openvpn/init.c
M src/openvpn/interval.c
M src/openvpn/lzo.c
M src/openvpn/manage.c
M src/openvpn/mbuf.c
M src/openvpn/misc.c
M src/openvpn/mroute.c
M src/openvpn/mss.c
M src/openvpn/mtcp.c
M src/openvpn/mtu.c
M src/openvpn/mudp.c
M src/openvpn/multi.c
M src/openvpn/networking_sitnl.c
M src/openvpn/ntlm.c
M src/openvpn/occ.c
M src/openvpn/openssl_compat.h
M src/openvpn/options.c
M src/openvpn/options_util.c
M src/openvpn/otime.c
M src/openvpn/otime.h
M src/openvpn/packet_id.c
M src/openvpn/packet_id.h
M src/openvpn/pkcs11.c
M src/openvpn/pkcs11_openssl.c
M src/openvpn/proxy.c
M src/openvpn/ps.c
M src/openvpn/push.c
M src/openvpn/push_util.c
M src/openvpn/reliable.c
M src/openvpn/route.c
M src/openvpn/schedule.c
M src/openvpn/socket.c
M src/openvpn/socks.c
M src/openvpn/ssl.c
M src/openvpn/ssl_mbedtls.c
M src/openvpn/ssl_ncp.c
M src/openvpn/ssl_openssl.c
M src/openvpn/ssl_pkt.c
M src/openvpn/ssl_util.c
M src/openvpn/ssl_verify.c
M src/openvpn/ssl_verify_mbedtls.c
M src/openvpn/ssl_verify_openssl.c
M src/openvpn/status.c
M src/openvpn/tls_crypt.c
M src/openvpn/tun.c
M src/openvpn/vlan.c
M src/openvpn/win32.c
M src/openvpnserv/interactive.c
M tests/unit_tests/openvpn/test_crypto.c
M tests/unit_tests/openvpn/test_pkcs11.c
M tests/unit_tests/openvpn/test_ssl.c
69 files changed, 697 insertions(+), 5 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/68/1168/14
diff --git a/CMakeLists.txt b/CMakeLists.txt
index fdc0162..3f6196f 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -113,8 +113,7 @@
check_and_add_compiler_flag(-Wno-stringop-truncation NoStringOpTruncation)
check_and_add_compiler_flag(-Wstrict-prototypes StrictPrototypes)
check_and_add_compiler_flag(-Wold-style-definition OldStyleDefinition)
- # We are not ready for this
- #add_compile_options(-Wconversion -Wno-sign-conversion)
+ add_compile_options(-Wconversion -Wno-sign-conversion)
add_compile_options(-Wextra -Wno-sign-compare -Wno-type-limits -Wno-unused-parameter)
# clang doesn't have the different levels but also doesn't include it in -Wextra
check_and_add_compiler_flag(-Wimplicit-fallthrough=2 GCCImplicitFallthrough)
diff --git a/configure.ac b/configure.ac
index c2feeea..8f3c01d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1397,6 +1397,7 @@
ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-stringop-truncation])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wstrict-prototypes])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wold-style-definition])
+ACL_CHECK_ADD_COMPILE_FLAGS([-Wconversion -Wno-sign-conversion])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wall])
ACL_CHECK_ADD_COMPILE_FLAGS([-Wextra -Wno-sign-compare -Wno-type-limits -Wno-unused-parameter])
# clang doesn't have the different levels but also doesn't include it in -Wextra
diff --git a/src/openvpn/comp-lz4.c b/src/openvpn/comp-lz4.c
index 6736469..a78c664 100644
--- a/src/openvpn/comp-lz4.c
+++ b/src/openvpn/comp-lz4.c
@@ -88,6 +88,11 @@
compv2_escape_data_ifneeded(buf);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
do_lz4_decompress(size_t zlen_max, struct buffer *work, struct buffer *buf,
struct compress_context *compctx)
@@ -113,6 +118,10 @@
*buf = *work;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
lz4_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx,
const struct frame *frame)
diff --git a/src/openvpn/console_builtin.c b/src/openvpn/console_builtin.c
index b0228dd..71c0025 100644
--- a/src/openvpn/console_builtin.c
+++ b/src/openvpn/console_builtin.c
@@ -45,6 +45,11 @@
#include "win32.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* Get input from a Windows console.
*
@@ -134,6 +139,10 @@
return false;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* _WIN32 */
@@ -264,6 +273,10 @@
return ret;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
/**
* @copydoc query_user_exec()
@@ -296,3 +309,7 @@
return ret;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index ec7da43..6376c11 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -186,6 +186,11 @@
return;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
openvpn_encrypt_v1(struct buffer *buf, struct buffer work, struct crypto_options *opt)
{
@@ -1532,6 +1537,10 @@
gc_free(&gc);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
write_key_file(const int nkeys, const char *filename)
{
diff --git a/src/openvpn/crypto_epoch.c b/src/openvpn/crypto_epoch.c
index b5cbc8d..7026ff8 100644
--- a/src/openvpn/crypto_epoch.c
+++ b/src/openvpn/crypto_epoch.c
@@ -72,6 +72,11 @@
hmac_ctx_free(hmac_ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
ovpn_expand_label(const uint8_t *secret, size_t secret_len, const uint8_t *label, size_t label_len,
const uint8_t *context, size_t context_len, uint8_t *out, uint16_t out_len)
@@ -163,6 +168,10 @@
key->epoch = epoch_key->epoch;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
epoch_init_send_key_ctx(struct crypto_options *co)
{
diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c
index 2bab312..076d4ee 100644
--- a/src/openvpn/crypto_mbedtls.c
+++ b/src/openvpn/crypto_mbedtls.c
@@ -230,6 +230,11 @@
"available\n");
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
crypto_pem_encode(const char *name, struct buffer *dst, const struct buffer *src,
struct gc_arena *gc)
@@ -760,7 +765,6 @@
return 1;
}
-
/*
*
* Generic message digest information functions
@@ -1119,4 +1123,9 @@
return true;
}
#endif /* HAVE_MBEDTLS_SSL_TLS_PRF && defined(MBEDTLS_SSL_TLS_PRF_TLS1) */
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* ENABLE_CRYPTO_MBEDTLS */
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index 2d0265a..7688add 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -895,6 +895,10 @@
return EVP_CIPHER_CTX_mode(ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
bool
cipher_ctx_mode_cbc(const cipher_ctx_t *ctx)
@@ -999,6 +1003,9 @@
return cipher_ctx_final(ctx, dst, dst_len);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
/*
*
@@ -1214,12 +1221,21 @@
HMAC_CTX_reset(ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
hmac_ctx_size(HMAC_CTX *ctx)
{
return HMAC_size(ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
hmac_ctx_reset(HMAC_CTX *ctx)
{
@@ -1398,6 +1414,11 @@
CRYPTO_tls1_prf(EVP_md5_sha1(), out1, olen, sec, slen, label, label_len, NULL, 0, NULL, 0);
}
#elif !defined(LIBRESSL_VERSION_NUMBER) && !defined(ENABLE_CRYPTO_WOLFSSL)
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
ssl_tls1_PRF(const uint8_t *seed, size_t seed_len, const uint8_t *secret, size_t secret_len,
uint8_t *output, size_t output_len)
@@ -1443,6 +1464,11 @@
EVP_PKEY_CTX_free(pctx);
return ret;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#else /* if defined(LIBRESSL_VERSION_NUMBER) */
/* LibreSSL and wolfSSL do not expose a TLS 1.0/1.1 PRF via the same APIs as
* OpenSSL does. As result they will only be able to support
diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c
index d91d9a1..bba6ed2 100644
--- a/src/openvpn/cryptoapi.c
+++ b/src/openvpn/cryptoapi.c
@@ -62,7 +62,7 @@
return 0;
}
-#else /* HAVE_XKEY_PROVIDER */
+#else /* HAVE_XKEY_PROVIDER */
static XKEY_EXTERNAL_SIGN_fn xkey_cng_sign;
@@ -342,6 +342,11 @@
return rv;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/** Sign hash in tbs using EC key in cd and NCryptSignHash */
static int
xkey_cng_ec_sign(CAPI_DATA *cd, unsigned char *sig, size_t *siglen, const unsigned char *tbs,
@@ -438,6 +443,10 @@
return (*siglen > 0);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/** Dispatch sign op to xkey_cng_<rsa/ec>_sign */
static int
xkey_cng_sign(void *handle, unsigned char *sig, size_t *siglen, const unsigned char *tbs,
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 881459c..2cf90af 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -491,6 +491,11 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
dco_p2p_add_new_peer(struct context *c)
{
@@ -645,6 +650,10 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
dco_install_iroute(struct multi_context *m, struct multi_instance *mi, struct mroute_addr *addr)
{
diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c
index d5ca277..b9f6bc7 100644
--- a/src/openvpn/dco_freebsd.c
+++ b/src/openvpn/dco_freebsd.c
@@ -72,6 +72,11 @@
return (nvl);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static bool
nvlist_to_sockaddr(const nvlist_t *nvl, struct sockaddr_storage *ss)
{
@@ -854,6 +859,10 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err)
{
diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c
index d8357ca..395a38f 100644
--- a/src/openvpn/dco_linux.c
+++ b/src/openvpn/dco_linux.c
@@ -62,6 +62,11 @@
typedef int (*ovpn_nl_cb)(struct nl_msg *msg, void *arg);
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* @brief resolves the netlink ID for ovpn-dco
*
@@ -1298,4 +1303,8 @@
return "AES-128-GCM:AES-256-GCM:AES-192-GCM:CHACHA20-POLY1305";
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* defined(ENABLE_DCO) && defined(TARGET_LINUX) */
diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c
index 2d08ed8..9e52859 100644
--- a/src/openvpn/dco_win.c
+++ b/src/openvpn/dco_win.c
@@ -525,6 +525,11 @@
return 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
int
dco_new_key(dco_context_t *dco, unsigned int peerid, int keyid, dco_key_slot_t slot,
const uint8_t *encrypt_key, const uint8_t *encrypt_iv, const uint8_t *decrypt_key,
@@ -564,6 +569,11 @@
}
return 0;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
int
dco_del_key(dco_context_t *dco, unsigned int peerid, dco_key_slot_t slot)
{
diff --git a/src/openvpn/dhcp.c b/src/openvpn/dhcp.c
index 7abade5..38e8d40 100644
--- a/src/openvpn/dhcp.c
+++ b/src/openvpn/dhcp.c
@@ -72,6 +72,11 @@
return -1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static in_addr_t
do_extract(struct dhcp *dhcp, int optlen)
{
@@ -185,3 +190,7 @@
}
return 0;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/event.c b/src/openvpn/event.c
index 581bdbb..2f60b78 100644
--- a/src/openvpn/event.c
+++ b/src/openvpn/event.c
@@ -65,6 +65,11 @@
#define SELECT_MAX_FDS 256
#endif
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline int
tv_to_ms_timeout(const struct timeval *tv)
{
@@ -78,6 +83,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#ifdef _WIN32
struct we_set
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 12dd6a7..f342958 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -367,6 +367,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
send_control_channel_string_dowork(struct tls_session *session, const char *str,
msglvl_t msglevel)
@@ -1966,6 +1971,10 @@
perf_pop();
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
pre_select(struct context *c)
{
diff --git a/src/openvpn/gremlin.c b/src/openvpn/gremlin.c
index e6ebbef..0e5e93f 100644
--- a/src/openvpn/gremlin.c
+++ b/src/openvpn/gremlin.c
@@ -98,6 +98,11 @@
return (get_random() % n) == 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Return uniformly distributed random number between
* low and high.
@@ -229,4 +234,9 @@
}
}
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* ifdef ENABLE_DEBUG */
diff --git a/src/openvpn/httpdigest.c b/src/openvpn/httpdigest.c
index be20638..f665b17 100644
--- a/src/openvpn/httpdigest.c
+++ b/src/openvpn/httpdigest.c
@@ -61,6 +61,11 @@
Hex[HASHHEXLEN] = '\0';
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/* calculate H(A1) as per spec */
void
DigestCalcHA1(IN char *pszAlg, IN char *pszUserName, IN char *pszRealm, IN char *pszPassword,
@@ -145,4 +150,8 @@
CvtHex(RespHash, Response);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* if PROXY_DIGEST_AUTH */
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 0d7a2ec..f8a0fee 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -455,6 +455,11 @@
}
#endif /* ENABLE_MANAGEMENT */
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Initialize and possibly randomize the connection list.
*
@@ -3490,6 +3495,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* No encryption or authentication.
*/
diff --git a/src/openvpn/interval.c b/src/openvpn/interval.c
index 2b35314..fbefcd9 100644
--- a/src/openvpn/interval.c
+++ b/src/openvpn/interval.c
@@ -38,6 +38,11 @@
top->horizon = horizon;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
event_timeout_trigger(struct event_timeout *et, struct timeval *tv, const int et_const_retry)
{
@@ -77,3 +82,7 @@
}
return ret;
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/openvpn/lzo.c b/src/openvpn/lzo.c
index 3a73d5f..8daaec0 100644
--- a/src/openvpn/lzo.c
+++ b/src/openvpn/lzo.c
@@ -72,6 +72,11 @@
*header = NO_COMPRESS_BYTE;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
lzo_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx,
const struct frame *frame)
@@ -121,6 +126,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
const struct compress_alg lzo_alg = { "lzo", lzo_compress_init, lzo_compress_uninit, lzo_compress,
lzo_decompress };
#endif /* ENABLE_LZO */
diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index c675e95..5a41a0f 100644
--- a/src/openvpn/manage.c
+++ b/src/openvpn/manage.c
@@ -206,6 +206,11 @@
return man->settings.up.defined && !man->connection.password_verified;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
man_check_password(struct management *man, const char *line)
{
@@ -236,6 +241,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
man_update_io_state(struct management *man)
{
@@ -2305,6 +2314,11 @@
#endif /* ifdef TARGET_ANDROID */
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static int
man_read(struct management *man)
{
@@ -2442,6 +2456,10 @@
return sent;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
man_connection_clear(struct man_connection *mc)
{
diff --git a/src/openvpn/mbuf.c b/src/openvpn/mbuf.c
index 0750fec..448124c 100644
--- a/src/openvpn/mbuf.c
+++ b/src/openvpn/mbuf.c
@@ -34,6 +34,11 @@
#include "memdbg.h"
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
struct mbuf_set *
mbuf_init(unsigned int size)
{
@@ -44,6 +49,10 @@
return ret;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
mbuf_free(struct mbuf_set *ms)
{
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index d3d316d..caf4725 100644
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -72,6 +72,11 @@
#endif
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
#ifdef ENABLE_MANAGEMENT
/* Get username/password from the management interface */
static bool
@@ -184,6 +189,10 @@
#endif /* ifdef ENABLE_MANAGEMENT */
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* Get and store a username/password
*/
diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c
index ab01874..88ea647 100644
--- a/src/openvpn/mroute.c
+++ b/src/openvpn/mroute.c
@@ -103,6 +103,11 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline void
mroute_get_in_addr_t(struct mroute_addr *ma, const in_addr_t src, unsigned int mask)
{
@@ -547,6 +552,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
mroute_helper_free(struct mroute_helper *mh)
{
diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c
index 32cd3f8..e7111a8 100644
--- a/src/openvpn/mss.c
+++ b/src/openvpn/mss.c
@@ -130,6 +130,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* change TCP MSS option in SYN/SYN-ACK packets, if present
* this is generic for IPv4 and IPv6, as the TCP header is the same
@@ -199,6 +204,10 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static inline size_t
adjust_payload_max_cbc(const struct key_type *kt, size_t target)
{
diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c
index 81310a2..83edec6 100644
--- a/src/openvpn/mtcp.c
+++ b/src/openvpn/mtcp.c
@@ -45,6 +45,11 @@
unsigned int sock;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
struct multi_instance *
multi_create_instance_tcp(struct multi_context *m, struct link_socket *sock)
{
@@ -120,6 +125,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
multi_tcp_instance_specific_free(struct multi_instance *mi)
{
diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c
index 9c1a772..66f81a6 100644
--- a/src/openvpn/mtu.c
+++ b/src/openvpn/mtu.c
@@ -280,6 +280,11 @@
struct timeval tv;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
const char *
format_extended_socket_error(int fd, int *mtu, struct gc_arena *gc)
{
@@ -389,6 +394,10 @@
return BSTR(&out);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
set_sock_extended_error_passing(int sd, sa_family_t proto_af)
{
diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c
index 31134be..a373a6a 100644
--- a/src/openvpn/mudp.c
+++ b/src/openvpn/mudp.c
@@ -180,6 +180,11 @@
return false;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/*
* Get a client instance based on real address. If
* the instance doesn't exist, create it while
@@ -310,6 +315,10 @@
return mi;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* Send a packet to UDP socket.
*/
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index 1d2ee53..2863ff1 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -256,6 +256,11 @@
#endif
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
#ifdef ENABLE_ASYNC_PUSH
static uint32_t
/*
@@ -3982,6 +3987,10 @@
return count;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static void
management_delete_event(void *arg, event_t event)
{
diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c
index 00d6106..1815faf 100644
--- a/src/openvpn/networking_sitnl.c
+++ b/src/openvpn/networking_sitnl.c
@@ -131,6 +131,11 @@
inet_address_t gw;
};
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
/**
* Helper function used to easily add attributes to a rtnl message
*/
@@ -1469,6 +1474,10 @@
return sitnl_send(&req.n, 0, 0, NULL, NULL);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#endif /* !ENABLE_SITNL */
#endif /* TARGET_LINUX */
diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c
index c2a93e8..521677b 100644
--- a/src/openvpn/ntlm.c
+++ b/src/openvpn/ntlm.c
@@ -74,6 +74,11 @@
hmac_ctx_free(hmac_ctx);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
gen_timestamp(uint8_t *timestamp)
{
@@ -383,4 +388,8 @@
return ((const char *)make_base64_string2((unsigned char *)phase3, phase3_bufpos, gc));
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
#endif /* if NTLM */
diff --git a/src/openvpn/occ.c b/src/openvpn/occ.c
index 8821a06..78013ae 100644
--- a/src/openvpn/occ.c
+++ b/src/openvpn/occ.c
@@ -174,6 +174,11 @@
}
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
void
check_send_occ_load_test_dowork(struct context *c)
{
@@ -347,6 +352,10 @@
c->c2.occ_op = -1;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
void
process_received_occ_msg(struct context *c)
{
diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h
index 6fd7390..e3e7cf8 100644
--- a/src/openvpn/openssl_compat.h
+++ b/src/openvpn/openssl_compat.h
@@ -194,12 +194,21 @@
LIBRESSL_VERSION_NUMBER > 0x3050400fL) */
#if OPENSSL_VERSION_NUMBER < 0x30200000L && OPENSSL_VERSION_NUMBER >= 0x30000000L
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline const char *
SSL_get0_group_name(SSL *s)
{
int nid = SSL_get_negotiated_group(s);
return SSL_group_to_name(s, nid);
}
+
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
#endif
#endif /* OPENSSL_COMPAT_H_ */
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 151a016..f801743 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -1158,6 +1158,11 @@
return get_ipv6_addr(ipv6_prefix_spec, &t_addr, &t_bits, M_WARN);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static char *
string_substitute(const char *src, int from, int to, struct gc_arena *gc)
{
@@ -9900,6 +9905,10 @@
gc_free(&gc);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
bool
has_udp_in_local_list(const struct options *options)
{
diff --git a/src/openvpn/options_util.c b/src/openvpn/options_util.c
index fdc0c55..8a1c083 100644
--- a/src/openvpn/options_util.c
+++ b/src/openvpn/options_util.c
@@ -162,6 +162,11 @@
return (int)i;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
bool
atoi_constrained(const char *str, int *value, const char *name, int min, int max, msglvl_t msglevel)
{
@@ -193,6 +198,10 @@
return true;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
static const char *updatable_options[] = { "block-ipv6", "block-outside-dns",
"dhcp-option", "dns",
"ifconfig", "ifconfig-ipv6",
diff --git a/src/openvpn/otime.c b/src/openvpn/otime.c
index 717f749..d9bf157 100644
--- a/src/openvpn/otime.c
+++ b/src/openvpn/otime.c
@@ -100,6 +100,11 @@
/* format a time_t as ascii, or use current time if 0 */
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
const char *
time_string(time_t t, long usec, bool show_usec, struct gc_arena *gc)
{
@@ -130,6 +135,10 @@
return BSTR(&out);
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
/*
* Limit the frequency of an event stream.
*
diff --git a/src/openvpn/otime.h b/src/openvpn/otime.h
index 5c700bb..108d0f2 100644
--- a/src/openvpn/otime.h
+++ b/src/openvpn/otime.h
@@ -59,6 +59,11 @@
extern time_t now_usec;
void update_now_usec(struct timeval *tv);
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static inline int
openvpn_gettimeofday(struct timeval *tv, void *tz)
{
@@ -236,6 +241,10 @@
dest->tv_usec = usec;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
#define TV_WITHIN_SIGMA_MAX_SEC 600
#define TV_WITHIN_SIGMA_MAX_USEC (TV_WITHIN_SIGMA_MAX_SEC * 1000000)
diff --git a/src/openvpn/packet_id.c b/src/openvpn/packet_id.c
index ca318eb..880eee1 100644
--- a/src/openvpn/packet_id.c
+++ b/src/openvpn/packet_id.c
@@ -71,6 +71,11 @@
#endif
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
static void
packet_id_init_recv(struct packet_id_rec *rec, int seq_backtrack, int time_backtrack,
const char *name, int unit)
@@ -663,6 +668,10 @@
return epoch;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic pop
+#endif
+
bool
packet_id_write_epoch(struct packet_id_send *p, uint16_t epoch, struct buffer *buf)
{
diff --git a/src/openvpn/packet_id.h b/src/openvpn/packet_id.h
index a7eb256..e9d3647 100644
--- a/src/openvpn/packet_id.h
+++ b/src/openvpn/packet_id.h
@@ -280,6 +280,11 @@
return p->fd >= 0;
}
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pra...
[truncated message content] |
|
From: cron2 (C. Review) <ge...@op...> - 2025-09-24 12:27:49
|
Attention is currently required from: flichtenheld, plaisthos. cron2 has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1168?usp=email ) Change subject: Enable -Wconversion -Wno-sign-conversion by default ...................................................................... Patch Set 14: Code-Review+2 (1 comment) Patchset: PS14: https://github.com/cron2/openvpn/actions/runs/17976138258/job/51130059895 says "v14 is good now", as discussed on IRC. I expect a TLS1.3 followup patch as well, then ;-) -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1168?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Iad5b00c35a1f1993b1fa99e8b945ab17b230ef59 Gerrit-Change-Number: 1168 Gerrit-PatchSet: 14 Gerrit-Owner: flichtenheld <fr...@li...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Comment-Date: Wed, 24 Sep 2025 12:27:37 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment |
|
From: Gert D. <ge...@gr...> - 2025-09-24 12:28:10
|
From: Frank Lichtenheld <fr...@li...> Grand-father all known locations of existing errors, so that -Werror builds still pass and we do not spam build logs. Still, this should give us a much better roadmap to work on these issues one by one while still enabling the warnings for a lot of code-paths. In general I did go for least amount of pragmas, so usually there is only one override per file, covering ALL of the failures in that file. While this protects a lot of code that doesn't need it, it also cut down the amount of pragmas by a lot. This does cover gcc builds including mingw and clang builds. Does not cover MSVC. Once the amount of issues has been suitable reduced more warnings could be enabled. Change-Id: Iad5b00c35a1f1993b1fa99e8b945ab17b230ef59 Signed-off-by: Frank Lichtenheld <fr...@li...> Acked-by: Gert Doering <ge...@gr...> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1168 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1168 This mail reflects revision 14 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering <ge...@gr...> diff --git a/CMakeLists.txt b/CMakeLists.txt index fdc0162..3f6196f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -113,8 +113,7 @@ check_and_add_compiler_flag(-Wno-stringop-truncation NoStringOpTruncation) check_and_add_compiler_flag(-Wstrict-prototypes StrictPrototypes) check_and_add_compiler_flag(-Wold-style-definition OldStyleDefinition) - # We are not ready for this - #add_compile_options(-Wconversion -Wno-sign-conversion) + add_compile_options(-Wconversion -Wno-sign-conversion) add_compile_options(-Wextra -Wno-sign-compare -Wno-type-limits -Wno-unused-parameter) # clang doesn't have the different levels but also doesn't include it in -Wextra check_and_add_compiler_flag(-Wimplicit-fallthrough=2 GCCImplicitFallthrough) diff --git a/configure.ac b/configure.ac index c2feeea..8f3c01d 100644 --- a/configure.ac +++ b/configure.ac @@ -1397,6 +1397,7 @@ ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-stringop-truncation]) ACL_CHECK_ADD_COMPILE_FLAGS([-Wstrict-prototypes]) ACL_CHECK_ADD_COMPILE_FLAGS([-Wold-style-definition]) +ACL_CHECK_ADD_COMPILE_FLAGS([-Wconversion -Wno-sign-conversion]) ACL_CHECK_ADD_COMPILE_FLAGS([-Wall]) ACL_CHECK_ADD_COMPILE_FLAGS([-Wextra -Wno-sign-compare -Wno-type-limits -Wno-unused-parameter]) # clang doesn't have the different levels but also doesn't include it in -Wextra diff --git a/src/openvpn/comp-lz4.c b/src/openvpn/comp-lz4.c index 6736469..a78c664 100644 --- a/src/openvpn/comp-lz4.c +++ b/src/openvpn/comp-lz4.c @@ -88,6 +88,11 @@ compv2_escape_data_ifneeded(buf); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static void do_lz4_decompress(size_t zlen_max, struct buffer *work, struct buffer *buf, struct compress_context *compctx) @@ -113,6 +118,10 @@ *buf = *work; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static void lz4_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx, const struct frame *frame) diff --git a/src/openvpn/console_builtin.c b/src/openvpn/console_builtin.c index b0228dd..71c0025 100644 --- a/src/openvpn/console_builtin.c +++ b/src/openvpn/console_builtin.c @@ -45,6 +45,11 @@ #include "win32.h" +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /** * Get input from a Windows console. * @@ -134,6 +139,10 @@ return false; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #endif /* _WIN32 */ @@ -264,6 +273,10 @@ return ret; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif /** * @copydoc query_user_exec() @@ -296,3 +309,7 @@ return ret; } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index ec7da43..6376c11 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -186,6 +186,11 @@ return; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static void openvpn_encrypt_v1(struct buffer *buf, struct buffer work, struct crypto_options *opt) { @@ -1532,6 +1537,10 @@ gc_free(&gc); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + int write_key_file(const int nkeys, const char *filename) { diff --git a/src/openvpn/crypto_epoch.c b/src/openvpn/crypto_epoch.c index b5cbc8d..7026ff8 100644 --- a/src/openvpn/crypto_epoch.c +++ b/src/openvpn/crypto_epoch.c @@ -72,6 +72,11 @@ hmac_ctx_free(hmac_ctx); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + bool ovpn_expand_label(const uint8_t *secret, size_t secret_len, const uint8_t *label, size_t label_len, const uint8_t *context, size_t context_len, uint8_t *out, uint16_t out_len) @@ -163,6 +168,10 @@ key->epoch = epoch_key->epoch; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static void epoch_init_send_key_ctx(struct crypto_options *co) { diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c index 2bab312..076d4ee 100644 --- a/src/openvpn/crypto_mbedtls.c +++ b/src/openvpn/crypto_mbedtls.c @@ -230,6 +230,11 @@ "available\n"); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + bool crypto_pem_encode(const char *name, struct buffer *dst, const struct buffer *src, struct gc_arena *gc) @@ -760,7 +765,6 @@ return 1; } - /* * * Generic message digest information functions @@ -1119,4 +1123,9 @@ return true; } #endif /* HAVE_MBEDTLS_SSL_TLS_PRF && defined(MBEDTLS_SSL_TLS_PRF_TLS1) */ + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #endif /* ENABLE_CRYPTO_MBEDTLS */ diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index 2d0265a..7688add 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -895,6 +895,10 @@ return EVP_CIPHER_CTX_mode(ctx); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif bool cipher_ctx_mode_cbc(const cipher_ctx_t *ctx) @@ -999,6 +1003,9 @@ return cipher_ctx_final(ctx, dst, dst_len); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif /* * @@ -1214,12 +1221,21 @@ HMAC_CTX_reset(ctx); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + int hmac_ctx_size(HMAC_CTX *ctx) { return HMAC_size(ctx); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void hmac_ctx_reset(HMAC_CTX *ctx) { @@ -1398,6 +1414,11 @@ CRYPTO_tls1_prf(EVP_md5_sha1(), out1, olen, sec, slen, label, label_len, NULL, 0, NULL, 0); } #elif !defined(LIBRESSL_VERSION_NUMBER) && !defined(ENABLE_CRYPTO_WOLFSSL) +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + bool ssl_tls1_PRF(const uint8_t *seed, size_t seed_len, const uint8_t *secret, size_t secret_len, uint8_t *output, size_t output_len) @@ -1443,6 +1464,11 @@ EVP_PKEY_CTX_free(pctx); return ret; } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #else /* if defined(LIBRESSL_VERSION_NUMBER) */ /* LibreSSL and wolfSSL do not expose a TLS 1.0/1.1 PRF via the same APIs as * OpenSSL does. As result they will only be able to support diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c index d91d9a1..bba6ed2 100644 --- a/src/openvpn/cryptoapi.c +++ b/src/openvpn/cryptoapi.c @@ -62,7 +62,7 @@ return 0; } -#else /* HAVE_XKEY_PROVIDER */ +#else /* HAVE_XKEY_PROVIDER */ static XKEY_EXTERNAL_SIGN_fn xkey_cng_sign; @@ -342,6 +342,11 @@ return rv; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /** Sign hash in tbs using EC key in cd and NCryptSignHash */ static int xkey_cng_ec_sign(CAPI_DATA *cd, unsigned char *sig, size_t *siglen, const unsigned char *tbs, @@ -438,6 +443,10 @@ return (*siglen > 0); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /** Dispatch sign op to xkey_cng_<rsa/ec>_sign */ static int xkey_cng_sign(void *handle, unsigned char *sig, size_t *siglen, const unsigned char *tbs, diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c index 881459c..2cf90af 100644 --- a/src/openvpn/dco.c +++ b/src/openvpn/dco.c @@ -491,6 +491,11 @@ return true; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + int dco_p2p_add_new_peer(struct context *c) { @@ -645,6 +650,10 @@ return 0; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void dco_install_iroute(struct multi_context *m, struct multi_instance *mi, struct mroute_addr *addr) { diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c index d5ca277..b9f6bc7 100644 --- a/src/openvpn/dco_freebsd.c +++ b/src/openvpn/dco_freebsd.c @@ -72,6 +72,11 @@ return (nvl); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static bool nvlist_to_sockaddr(const nvlist_t *nvl, struct sockaddr_storage *ss) { @@ -854,6 +859,10 @@ return 0; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + int dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err) { diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c index d8357ca..395a38f 100644 --- a/src/openvpn/dco_linux.c +++ b/src/openvpn/dco_linux.c @@ -62,6 +62,11 @@ typedef int (*ovpn_nl_cb)(struct nl_msg *msg, void *arg); +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /** * @brief resolves the netlink ID for ovpn-dco * @@ -1298,4 +1303,8 @@ return "AES-128-GCM:AES-256-GCM:AES-192-GCM:CHACHA20-POLY1305"; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #endif /* defined(ENABLE_DCO) && defined(TARGET_LINUX) */ diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c index 2d08ed8..9e52859 100644 --- a/src/openvpn/dco_win.c +++ b/src/openvpn/dco_win.c @@ -525,6 +525,11 @@ return 0; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + int dco_new_key(dco_context_t *dco, unsigned int peerid, int keyid, dco_key_slot_t slot, const uint8_t *encrypt_key, const uint8_t *encrypt_iv, const uint8_t *decrypt_key, @@ -564,6 +569,11 @@ } return 0; } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + int dco_del_key(dco_context_t *dco, unsigned int peerid, dco_key_slot_t slot) { diff --git a/src/openvpn/dhcp.c b/src/openvpn/dhcp.c index 7abade5..38e8d40 100644 --- a/src/openvpn/dhcp.c +++ b/src/openvpn/dhcp.c @@ -72,6 +72,11 @@ return -1; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static in_addr_t do_extract(struct dhcp *dhcp, int optlen) { @@ -185,3 +190,7 @@ } return 0; } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif diff --git a/src/openvpn/event.c b/src/openvpn/event.c index 581bdbb..2f60b78 100644 --- a/src/openvpn/event.c +++ b/src/openvpn/event.c @@ -65,6 +65,11 @@ #define SELECT_MAX_FDS 256 #endif +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static inline int tv_to_ms_timeout(const struct timeval *tv) { @@ -78,6 +83,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #ifdef _WIN32 struct we_set diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 12dd6a7..f342958 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -367,6 +367,11 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + bool send_control_channel_string_dowork(struct tls_session *session, const char *str, msglvl_t msglevel) @@ -1966,6 +1971,10 @@ perf_pop(); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void pre_select(struct context *c) { diff --git a/src/openvpn/gremlin.c b/src/openvpn/gremlin.c index e6ebbef..0e5e93f 100644 --- a/src/openvpn/gremlin.c +++ b/src/openvpn/gremlin.c @@ -98,6 +98,11 @@ return (get_random() % n) == 0; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /* * Return uniformly distributed random number between * low and high. @@ -229,4 +234,9 @@ } } } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #endif /* ifdef ENABLE_DEBUG */ diff --git a/src/openvpn/httpdigest.c b/src/openvpn/httpdigest.c index be20638..f665b17 100644 --- a/src/openvpn/httpdigest.c +++ b/src/openvpn/httpdigest.c @@ -61,6 +61,11 @@ Hex[HASHHEXLEN] = '\0'; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /* calculate H(A1) as per spec */ void DigestCalcHA1(IN char *pszAlg, IN char *pszUserName, IN char *pszRealm, IN char *pszPassword, @@ -145,4 +150,8 @@ CvtHex(RespHash, Response); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #endif /* if PROXY_DIGEST_AUTH */ diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 0d7a2ec..f8a0fee 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -455,6 +455,11 @@ } #endif /* ENABLE_MANAGEMENT */ +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /* * Initialize and possibly randomize the connection list. * @@ -3490,6 +3495,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /* * No encryption or authentication. */ diff --git a/src/openvpn/interval.c b/src/openvpn/interval.c index 2b35314..fbefcd9 100644 --- a/src/openvpn/interval.c +++ b/src/openvpn/interval.c @@ -38,6 +38,11 @@ top->horizon = horizon; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + bool event_timeout_trigger(struct event_timeout *et, struct timeval *tv, const int et_const_retry) { @@ -77,3 +82,7 @@ } return ret; } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif diff --git a/src/openvpn/lzo.c b/src/openvpn/lzo.c index 3a73d5f..8daaec0 100644 --- a/src/openvpn/lzo.c +++ b/src/openvpn/lzo.c @@ -72,6 +72,11 @@ *header = NO_COMPRESS_BYTE; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static void lzo_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx, const struct frame *frame) @@ -121,6 +126,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + const struct compress_alg lzo_alg = { "lzo", lzo_compress_init, lzo_compress_uninit, lzo_compress, lzo_decompress }; #endif /* ENABLE_LZO */ diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c index c675e95..5a41a0f 100644 --- a/src/openvpn/manage.c +++ b/src/openvpn/manage.c @@ -206,6 +206,11 @@ return man->settings.up.defined && !man->connection.password_verified; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static void man_check_password(struct management *man, const char *line) { @@ -236,6 +241,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static void man_update_io_state(struct management *man) { @@ -2305,6 +2314,11 @@ #endif /* ifdef TARGET_ANDROID */ +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static int man_read(struct management *man) { @@ -2442,6 +2456,10 @@ return sent; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static void man_connection_clear(struct man_connection *mc) { diff --git a/src/openvpn/mbuf.c b/src/openvpn/mbuf.c index 0750fec..448124c 100644 --- a/src/openvpn/mbuf.c +++ b/src/openvpn/mbuf.c @@ -34,6 +34,11 @@ #include "memdbg.h" +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + struct mbuf_set * mbuf_init(unsigned int size) { @@ -44,6 +49,10 @@ return ret; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void mbuf_free(struct mbuf_set *ms) { diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index d3d316d..caf4725 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -72,6 +72,11 @@ #endif } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + #ifdef ENABLE_MANAGEMENT /* Get username/password from the management interface */ static bool @@ -184,6 +189,10 @@ #endif /* ifdef ENABLE_MANAGEMENT */ +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /* * Get and store a username/password */ diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c index ab01874..88ea647 100644 --- a/src/openvpn/mroute.c +++ b/src/openvpn/mroute.c @@ -103,6 +103,11 @@ return true; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static inline void mroute_get_in_addr_t(struct mroute_addr *ma, const in_addr_t src, unsigned int mask) { @@ -547,6 +552,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void mroute_helper_free(struct mroute_helper *mh) { diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c index 32cd3f8..e7111a8 100644 --- a/src/openvpn/mss.c +++ b/src/openvpn/mss.c @@ -130,6 +130,11 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /* * change TCP MSS option in SYN/SYN-ACK packets, if present * this is generic for IPv4 and IPv6, as the TCP header is the same @@ -199,6 +204,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static inline size_t adjust_payload_max_cbc(const struct key_type *kt, size_t target) { diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c index 81310a2..83edec6 100644 --- a/src/openvpn/mtcp.c +++ b/src/openvpn/mtcp.c @@ -45,6 +45,11 @@ unsigned int sock; }; +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + struct multi_instance * multi_create_instance_tcp(struct multi_context *m, struct link_socket *sock) { @@ -120,6 +125,10 @@ return true; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void multi_tcp_instance_specific_free(struct multi_instance *mi) { diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c index 9c1a772..66f81a6 100644 --- a/src/openvpn/mtu.c +++ b/src/openvpn/mtu.c @@ -280,6 +280,11 @@ struct timeval tv; }; +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + const char * format_extended_socket_error(int fd, int *mtu, struct gc_arena *gc) { @@ -389,6 +394,10 @@ return BSTR(&out); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void set_sock_extended_error_passing(int sd, sa_family_t proto_af) { diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c index 31134be..a373a6a 100644 --- a/src/openvpn/mudp.c +++ b/src/openvpn/mudp.c @@ -180,6 +180,11 @@ return false; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /* * Get a client instance based on real address. If * the instance doesn't exist, create it while @@ -310,6 +315,10 @@ return mi; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /* * Send a packet to UDP socket. */ diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 1d2ee53..2863ff1 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -256,6 +256,11 @@ #endif +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + #ifdef ENABLE_ASYNC_PUSH static uint32_t /* @@ -3982,6 +3987,10 @@ return count; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static void management_delete_event(void *arg, event_t event) { diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c index 00d6106..1815faf 100644 --- a/src/openvpn/networking_sitnl.c +++ b/src/openvpn/networking_sitnl.c @@ -131,6 +131,11 @@ inet_address_t gw; }; +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /** * Helper function used to easily add attributes to a rtnl message */ @@ -1469,6 +1474,10 @@ return sitnl_send(&req.n, 0, 0, NULL, NULL); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #endif /* !ENABLE_SITNL */ #endif /* TARGET_LINUX */ diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c index c2a93e8..521677b 100644 --- a/src/openvpn/ntlm.c +++ b/src/openvpn/ntlm.c @@ -74,6 +74,11 @@ hmac_ctx_free(hmac_ctx); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static void gen_timestamp(uint8_t *timestamp) { @@ -383,4 +388,8 @@ return ((const char *)make_base64_string2((unsigned char *)phase3, phase3_bufpos, gc)); } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif #endif /* if NTLM */ diff --git a/src/openvpn/occ.c b/src/openvpn/occ.c index 8821a06..78013ae 100644 --- a/src/openvpn/occ.c +++ b/src/openvpn/occ.c @@ -174,6 +174,11 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + void check_send_occ_load_test_dowork(struct context *c) { @@ -347,6 +352,10 @@ c->c2.occ_op = -1; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void process_received_occ_msg(struct context *c) { diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h index 6fd7390..e3e7cf8 100644 --- a/src/openvpn/openssl_compat.h +++ b/src/openvpn/openssl_compat.h @@ -194,12 +194,21 @@ LIBRESSL_VERSION_NUMBER > 0x3050400fL) */ #if OPENSSL_VERSION_NUMBER < 0x30200000L && OPENSSL_VERSION_NUMBER >= 0x30000000L +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static inline const char * SSL_get0_group_name(SSL *s) { int nid = SSL_get_negotiated_group(s); return SSL_group_to_name(s, nid); } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif #endif #endif /* OPENSSL_COMPAT_H_ */ diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 151a016..f801743 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -1158,6 +1158,11 @@ return get_ipv6_addr(ipv6_prefix_spec, &t_addr, &t_bits, M_WARN); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static char * string_substitute(const char *src, int from, int to, struct gc_arena *gc) { @@ -9900,6 +9905,10 @@ gc_free(&gc); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + bool has_udp_in_local_list(const struct options *options) { diff --git a/src/openvpn/options_util.c b/src/openvpn/options_util.c index fdc0c55..8a1c083 100644 --- a/src/openvpn/options_util.c +++ b/src/openvpn/options_util.c @@ -162,6 +162,11 @@ return (int)i; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + bool atoi_constrained(const char *str, int *value, const char *name, int min, int max, msglvl_t msglevel) { @@ -193,6 +198,10 @@ return true; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static const char *updatable_options[] = { "block-ipv6", "block-outside-dns", "dhcp-option", "dns", "ifconfig", "ifconfig-ipv6", diff --git a/src/openvpn/otime.c b/src/openvpn/otime.c index 717f749..d9bf157 100644 --- a/src/openvpn/otime.c +++ b/src/openvpn/otime.c @@ -100,6 +100,11 @@ /* format a time_t as ascii, or use current time if 0 */ +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + const char * time_string(time_t t, long usec, bool show_usec, struct gc_arena *gc) { @@ -130,6 +135,10 @@ return BSTR(&out); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /* * Limit the frequency of an event stream. * diff --git a/src/openvpn/otime.h b/src/openvpn/otime.h index 5c700bb..108d0f2 100644 --- a/src/openvpn/otime.h +++ b/src/openvpn/otime.h @@ -59,6 +59,11 @@ extern time_t now_usec; void update_now_usec(struct timeval *tv); +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static inline int openvpn_gettimeofday(struct timeval *tv, void *tz) { @@ -236,6 +241,10 @@ dest->tv_usec = usec; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #define TV_WITHIN_SIGMA_MAX_SEC 600 #define TV_WITHIN_SIGMA_MAX_USEC (TV_WITHIN_SIGMA_MAX_SEC * 1000000) diff --git a/src/openvpn/packet_id.c b/src/openvpn/packet_id.c index ca318eb..880eee1 100644 --- a/src/openvpn/packet_id.c +++ b/src/openvpn/packet_id.c @@ -71,6 +71,11 @@ #endif } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static void packet_id_init_recv(struct packet_id_rec *rec, int seq_backtrack, int time_backtrack, const char *name, int unit) @@ -663,6 +668,10 @@ return epoch; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + bool packet_id_write_epoch(struct packet_id_send *p, uint16_t epoch, struct buffer *buf) { diff --git a/src/openvpn/packet_id.h b/src/openvpn/packet_id.h index a7eb256..e9d3647 100644 --- a/src/openvpn/packet_id.h +++ b/src/openvpn/packet_id.h @@ -280,6 +280,11 @@ return p->fd >= 0; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /* transfer packet_id -> packet_id_persist */ static inline void packet_id_persist_save_obj(struct packet_id_persist *p, const struct packet_id *pid) @@ -291,6 +296,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /** * Reset the current send packet id to its initial state. * Use very carefully (e.g. in the standalone reset packet context) to diff --git a/src/openvpn/pkcs11.c b/src/openvpn/pkcs11.c index 8a7a320..16149ca 100644 --- a/src/openvpn/pkcs11.c +++ b/src/openvpn/pkcs11.c @@ -53,6 +53,11 @@ } #endif +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static void __mysleep(const unsigned long usec) { @@ -558,6 +563,10 @@ return success; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + int tls_ctx_use_pkcs11(struct tls_root_ctx *const ssl_ctx, bool pkcs11_id_management, const char *const pkcs11_id) diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11_openssl.c index 23c01ab..f619b95 100644 --- a/src/openvpn/pkcs11_openssl.c +++ b/src/openvpn/pkcs11_openssl.c @@ -428,6 +428,11 @@ return dn; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + int pkcs11_certificate_serial(pkcs11h_certificate_t certificate, char *serial, size_t serial_len) { @@ -468,4 +473,9 @@ return ret; } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #endif /* defined(ENABLE_PKCS11) && defined(ENABLE_OPENSSL) */ diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c index 9d8fe75..02554ba 100644 --- a/src/openvpn/pro... [truncated message content] |
|
From: Gert D. <ge...@gr...> - 2025-09-24 12:39:59
|
This patch does not change any code - it just turns on extra -Warnings,
and then turns them off again on a section-by-section basis with pragmas.
We discussed this in the community meeting, and the intent is
- we can turn on -Werror with these warnings enabled
- all *new* code that gets written and violates -Wconversion can be
fixed on day 1
if we just turn on the warnings today, without -Werror, it's "500 lines"
that nobody looks at - so a new warning won't be noticed. If we do not
turn on the warnings, nobody will see...
And yes, this is quite a bit future work to get rid of the pragmas again,
by fixing one source file after the other, or one group of warnings
(less-than-well defined API calls, like the "msglevel" thing).
I have stared at the patch, it is long, but does not do anything more
than push/pop "ignore -Wconversion warnings" (magic), and then enable
them globally. BB and GHA say that this does not break any of our
testbeds either (v13 *did* break two special cases, namely LibreSSL
builds on macOS and pkcs11-helper builds - the former has been postponed
and a #pragma added, the second one has been fixed as it's only in
the unit test code).
Your patch has been applied to the master branch.
commit 3ac840942b54b7159d993c86842efa16a9abbd98
Author: Frank Lichtenheld
Date: Wed Sep 24 14:27:47 2025 +0200
Enable -Wconversion -Wno-sign-conversion by default
Signed-off-by: Frank Lichtenheld <fr...@li...>
Acked-by: Gert Doering <ge...@gr...>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1168
Message-Id: <202...@gr...>
URL: https://www.mail-archive.com/ope...@li.../msg33181.html
Signed-off-by: Gert Doering <ge...@gr...>
--
kind regards,
Gert Doering
|
|
From: cron2 (C. Review) <ge...@op...> - 2025-09-24 12:41:05
|
cron2 has uploaded a new patch set (#15) to the change originally created by flichtenheld. ( http://gerrit.openvpn.net/c/openvpn/+/1168?usp=email ) The following approvals got outdated and were removed: Code-Review+2 by cron2 Change subject: Enable -Wconversion -Wno-sign-conversion by default ...................................................................... Enable -Wconversion -Wno-sign-conversion by default Grand-father all known locations of existing errors, so that -Werror builds still pass and we do not spam build logs. Still, this should give us a much better roadmap to work on these issues one by one while still enabling the warnings for a lot of code-paths. In general I did go for least amount of pragmas, so usually there is only one override per file, covering ALL of the failures in that file. While this protects a lot of code that doesn't need it, it also cut down the amount of pragmas by a lot. This does cover gcc builds including mingw and clang builds. Does not cover MSVC. Once the amount of issues has been suitable reduced more warnings could be enabled. Change-Id: Iad5b00c35a1f1993b1fa99e8b945ab17b230ef59 Signed-off-by: Frank Lichtenheld <fr...@li...> Acked-by: Gert Doering <ge...@gr...> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1168 Message-Id: <202...@gr...> URL: https://www.mail-archive.com/ope...@li.../msg33181.html Signed-off-by: Gert Doering <ge...@gr...> --- M CMakeLists.txt M configure.ac M src/openvpn/comp-lz4.c M src/openvpn/console_builtin.c M src/openvpn/crypto.c M src/openvpn/crypto_epoch.c M src/openvpn/crypto_mbedtls.c M src/openvpn/crypto_openssl.c M src/openvpn/cryptoapi.c M src/openvpn/dco.c M src/openvpn/dco_freebsd.c M src/openvpn/dco_linux.c M src/openvpn/dco_win.c M src/openvpn/dhcp.c M src/openvpn/event.c M src/openvpn/forward.c M src/openvpn/gremlin.c M src/openvpn/httpdigest.c M src/openvpn/init.c M src/openvpn/interval.c M src/openvpn/lzo.c M src/openvpn/manage.c M src/openvpn/mbuf.c M src/openvpn/misc.c M src/openvpn/mroute.c M src/openvpn/mss.c M src/openvpn/mtcp.c M src/openvpn/mtu.c M src/openvpn/mudp.c M src/openvpn/multi.c M src/openvpn/networking_sitnl.c M src/openvpn/ntlm.c M src/openvpn/occ.c M src/openvpn/openssl_compat.h M src/openvpn/options.c M src/openvpn/options_util.c M src/openvpn/otime.c M src/openvpn/otime.h M src/openvpn/packet_id.c M src/openvpn/packet_id.h M src/openvpn/pkcs11.c M src/openvpn/pkcs11_openssl.c M src/openvpn/proxy.c M src/openvpn/ps.c M src/openvpn/push.c M src/openvpn/push_util.c M src/openvpn/reliable.c M src/openvpn/route.c M src/openvpn/schedule.c M src/openvpn/socket.c M src/openvpn/socks.c M src/openvpn/ssl.c M src/openvpn/ssl_mbedtls.c M src/openvpn/ssl_ncp.c M src/openvpn/ssl_openssl.c M src/openvpn/ssl_pkt.c M src/openvpn/ssl_util.c M src/openvpn/ssl_verify.c M src/openvpn/ssl_verify_mbedtls.c M src/openvpn/ssl_verify_openssl.c M src/openvpn/status.c M src/openvpn/tls_crypt.c M src/openvpn/tun.c M src/openvpn/vlan.c M src/openvpn/win32.c M src/openvpnserv/interactive.c M tests/unit_tests/openvpn/test_crypto.c M tests/unit_tests/openvpn/test_pkcs11.c M tests/unit_tests/openvpn/test_ssl.c 69 files changed, 697 insertions(+), 5 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/68/1168/15 diff --git a/CMakeLists.txt b/CMakeLists.txt index fdc0162..3f6196f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -113,8 +113,7 @@ check_and_add_compiler_flag(-Wno-stringop-truncation NoStringOpTruncation) check_and_add_compiler_flag(-Wstrict-prototypes StrictPrototypes) check_and_add_compiler_flag(-Wold-style-definition OldStyleDefinition) - # We are not ready for this - #add_compile_options(-Wconversion -Wno-sign-conversion) + add_compile_options(-Wconversion -Wno-sign-conversion) add_compile_options(-Wextra -Wno-sign-compare -Wno-type-limits -Wno-unused-parameter) # clang doesn't have the different levels but also doesn't include it in -Wextra check_and_add_compiler_flag(-Wimplicit-fallthrough=2 GCCImplicitFallthrough) diff --git a/configure.ac b/configure.ac index c2feeea..8f3c01d 100644 --- a/configure.ac +++ b/configure.ac @@ -1397,6 +1397,7 @@ ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-stringop-truncation]) ACL_CHECK_ADD_COMPILE_FLAGS([-Wstrict-prototypes]) ACL_CHECK_ADD_COMPILE_FLAGS([-Wold-style-definition]) +ACL_CHECK_ADD_COMPILE_FLAGS([-Wconversion -Wno-sign-conversion]) ACL_CHECK_ADD_COMPILE_FLAGS([-Wall]) ACL_CHECK_ADD_COMPILE_FLAGS([-Wextra -Wno-sign-compare -Wno-type-limits -Wno-unused-parameter]) # clang doesn't have the different levels but also doesn't include it in -Wextra diff --git a/src/openvpn/comp-lz4.c b/src/openvpn/comp-lz4.c index 6736469..a78c664 100644 --- a/src/openvpn/comp-lz4.c +++ b/src/openvpn/comp-lz4.c @@ -88,6 +88,11 @@ compv2_escape_data_ifneeded(buf); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static void do_lz4_decompress(size_t zlen_max, struct buffer *work, struct buffer *buf, struct compress_context *compctx) @@ -113,6 +118,10 @@ *buf = *work; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static void lz4_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx, const struct frame *frame) diff --git a/src/openvpn/console_builtin.c b/src/openvpn/console_builtin.c index b0228dd..71c0025 100644 --- a/src/openvpn/console_builtin.c +++ b/src/openvpn/console_builtin.c @@ -45,6 +45,11 @@ #include "win32.h" +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /** * Get input from a Windows console. * @@ -134,6 +139,10 @@ return false; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #endif /* _WIN32 */ @@ -264,6 +273,10 @@ return ret; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif /** * @copydoc query_user_exec() @@ -296,3 +309,7 @@ return ret; } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index ec7da43..6376c11 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -186,6 +186,11 @@ return; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static void openvpn_encrypt_v1(struct buffer *buf, struct buffer work, struct crypto_options *opt) { @@ -1532,6 +1537,10 @@ gc_free(&gc); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + int write_key_file(const int nkeys, const char *filename) { diff --git a/src/openvpn/crypto_epoch.c b/src/openvpn/crypto_epoch.c index b5cbc8d..7026ff8 100644 --- a/src/openvpn/crypto_epoch.c +++ b/src/openvpn/crypto_epoch.c @@ -72,6 +72,11 @@ hmac_ctx_free(hmac_ctx); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + bool ovpn_expand_label(const uint8_t *secret, size_t secret_len, const uint8_t *label, size_t label_len, const uint8_t *context, size_t context_len, uint8_t *out, uint16_t out_len) @@ -163,6 +168,10 @@ key->epoch = epoch_key->epoch; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static void epoch_init_send_key_ctx(struct crypto_options *co) { diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c index 2bab312..076d4ee 100644 --- a/src/openvpn/crypto_mbedtls.c +++ b/src/openvpn/crypto_mbedtls.c @@ -230,6 +230,11 @@ "available\n"); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + bool crypto_pem_encode(const char *name, struct buffer *dst, const struct buffer *src, struct gc_arena *gc) @@ -760,7 +765,6 @@ return 1; } - /* * * Generic message digest information functions @@ -1119,4 +1123,9 @@ return true; } #endif /* HAVE_MBEDTLS_SSL_TLS_PRF && defined(MBEDTLS_SSL_TLS_PRF_TLS1) */ + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #endif /* ENABLE_CRYPTO_MBEDTLS */ diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index 2d0265a..7688add 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -895,6 +895,10 @@ return EVP_CIPHER_CTX_mode(ctx); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif bool cipher_ctx_mode_cbc(const cipher_ctx_t *ctx) @@ -999,6 +1003,9 @@ return cipher_ctx_final(ctx, dst, dst_len); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif /* * @@ -1214,12 +1221,21 @@ HMAC_CTX_reset(ctx); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + int hmac_ctx_size(HMAC_CTX *ctx) { return HMAC_size(ctx); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void hmac_ctx_reset(HMAC_CTX *ctx) { @@ -1398,6 +1414,11 @@ CRYPTO_tls1_prf(EVP_md5_sha1(), out1, olen, sec, slen, label, label_len, NULL, 0, NULL, 0); } #elif !defined(LIBRESSL_VERSION_NUMBER) && !defined(ENABLE_CRYPTO_WOLFSSL) +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + bool ssl_tls1_PRF(const uint8_t *seed, size_t seed_len, const uint8_t *secret, size_t secret_len, uint8_t *output, size_t output_len) @@ -1443,6 +1464,11 @@ EVP_PKEY_CTX_free(pctx); return ret; } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #else /* if defined(LIBRESSL_VERSION_NUMBER) */ /* LibreSSL and wolfSSL do not expose a TLS 1.0/1.1 PRF via the same APIs as * OpenSSL does. As result they will only be able to support diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c index d91d9a1..bba6ed2 100644 --- a/src/openvpn/cryptoapi.c +++ b/src/openvpn/cryptoapi.c @@ -62,7 +62,7 @@ return 0; } -#else /* HAVE_XKEY_PROVIDER */ +#else /* HAVE_XKEY_PROVIDER */ static XKEY_EXTERNAL_SIGN_fn xkey_cng_sign; @@ -342,6 +342,11 @@ return rv; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /** Sign hash in tbs using EC key in cd and NCryptSignHash */ static int xkey_cng_ec_sign(CAPI_DATA *cd, unsigned char *sig, size_t *siglen, const unsigned char *tbs, @@ -438,6 +443,10 @@ return (*siglen > 0); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /** Dispatch sign op to xkey_cng_<rsa/ec>_sign */ static int xkey_cng_sign(void *handle, unsigned char *sig, size_t *siglen, const unsigned char *tbs, diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c index 881459c..2cf90af 100644 --- a/src/openvpn/dco.c +++ b/src/openvpn/dco.c @@ -491,6 +491,11 @@ return true; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + int dco_p2p_add_new_peer(struct context *c) { @@ -645,6 +650,10 @@ return 0; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void dco_install_iroute(struct multi_context *m, struct multi_instance *mi, struct mroute_addr *addr) { diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c index d5ca277..b9f6bc7 100644 --- a/src/openvpn/dco_freebsd.c +++ b/src/openvpn/dco_freebsd.c @@ -72,6 +72,11 @@ return (nvl); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static bool nvlist_to_sockaddr(const nvlist_t *nvl, struct sockaddr_storage *ss) { @@ -854,6 +859,10 @@ return 0; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + int dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err) { diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c index d8357ca..395a38f 100644 --- a/src/openvpn/dco_linux.c +++ b/src/openvpn/dco_linux.c @@ -62,6 +62,11 @@ typedef int (*ovpn_nl_cb)(struct nl_msg *msg, void *arg); +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /** * @brief resolves the netlink ID for ovpn-dco * @@ -1298,4 +1303,8 @@ return "AES-128-GCM:AES-256-GCM:AES-192-GCM:CHACHA20-POLY1305"; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #endif /* defined(ENABLE_DCO) && defined(TARGET_LINUX) */ diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c index 2d08ed8..9e52859 100644 --- a/src/openvpn/dco_win.c +++ b/src/openvpn/dco_win.c @@ -525,6 +525,11 @@ return 0; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + int dco_new_key(dco_context_t *dco, unsigned int peerid, int keyid, dco_key_slot_t slot, const uint8_t *encrypt_key, const uint8_t *encrypt_iv, const uint8_t *decrypt_key, @@ -564,6 +569,11 @@ } return 0; } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + int dco_del_key(dco_context_t *dco, unsigned int peerid, dco_key_slot_t slot) { diff --git a/src/openvpn/dhcp.c b/src/openvpn/dhcp.c index 7abade5..38e8d40 100644 --- a/src/openvpn/dhcp.c +++ b/src/openvpn/dhcp.c @@ -72,6 +72,11 @@ return -1; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static in_addr_t do_extract(struct dhcp *dhcp, int optlen) { @@ -185,3 +190,7 @@ } return 0; } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif diff --git a/src/openvpn/event.c b/src/openvpn/event.c index 581bdbb..2f60b78 100644 --- a/src/openvpn/event.c +++ b/src/openvpn/event.c @@ -65,6 +65,11 @@ #define SELECT_MAX_FDS 256 #endif +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static inline int tv_to_ms_timeout(const struct timeval *tv) { @@ -78,6 +83,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #ifdef _WIN32 struct we_set diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 12dd6a7..f342958 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -367,6 +367,11 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + bool send_control_channel_string_dowork(struct tls_session *session, const char *str, msglvl_t msglevel) @@ -1966,6 +1971,10 @@ perf_pop(); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void pre_select(struct context *c) { diff --git a/src/openvpn/gremlin.c b/src/openvpn/gremlin.c index e6ebbef..0e5e93f 100644 --- a/src/openvpn/gremlin.c +++ b/src/openvpn/gremlin.c @@ -98,6 +98,11 @@ return (get_random() % n) == 0; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /* * Return uniformly distributed random number between * low and high. @@ -229,4 +234,9 @@ } } } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #endif /* ifdef ENABLE_DEBUG */ diff --git a/src/openvpn/httpdigest.c b/src/openvpn/httpdigest.c index be20638..f665b17 100644 --- a/src/openvpn/httpdigest.c +++ b/src/openvpn/httpdigest.c @@ -61,6 +61,11 @@ Hex[HASHHEXLEN] = '\0'; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /* calculate H(A1) as per spec */ void DigestCalcHA1(IN char *pszAlg, IN char *pszUserName, IN char *pszRealm, IN char *pszPassword, @@ -145,4 +150,8 @@ CvtHex(RespHash, Response); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #endif /* if PROXY_DIGEST_AUTH */ diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 0d7a2ec..f8a0fee 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -455,6 +455,11 @@ } #endif /* ENABLE_MANAGEMENT */ +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /* * Initialize and possibly randomize the connection list. * @@ -3490,6 +3495,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /* * No encryption or authentication. */ diff --git a/src/openvpn/interval.c b/src/openvpn/interval.c index 2b35314..fbefcd9 100644 --- a/src/openvpn/interval.c +++ b/src/openvpn/interval.c @@ -38,6 +38,11 @@ top->horizon = horizon; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + bool event_timeout_trigger(struct event_timeout *et, struct timeval *tv, const int et_const_retry) { @@ -77,3 +82,7 @@ } return ret; } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif diff --git a/src/openvpn/lzo.c b/src/openvpn/lzo.c index 3a73d5f..8daaec0 100644 --- a/src/openvpn/lzo.c +++ b/src/openvpn/lzo.c @@ -72,6 +72,11 @@ *header = NO_COMPRESS_BYTE; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static void lzo_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx, const struct frame *frame) @@ -121,6 +126,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + const struct compress_alg lzo_alg = { "lzo", lzo_compress_init, lzo_compress_uninit, lzo_compress, lzo_decompress }; #endif /* ENABLE_LZO */ diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c index c675e95..5a41a0f 100644 --- a/src/openvpn/manage.c +++ b/src/openvpn/manage.c @@ -206,6 +206,11 @@ return man->settings.up.defined && !man->connection.password_verified; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static void man_check_password(struct management *man, const char *line) { @@ -236,6 +241,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static void man_update_io_state(struct management *man) { @@ -2305,6 +2314,11 @@ #endif /* ifdef TARGET_ANDROID */ +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static int man_read(struct management *man) { @@ -2442,6 +2456,10 @@ return sent; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static void man_connection_clear(struct man_connection *mc) { diff --git a/src/openvpn/mbuf.c b/src/openvpn/mbuf.c index 0750fec..448124c 100644 --- a/src/openvpn/mbuf.c +++ b/src/openvpn/mbuf.c @@ -34,6 +34,11 @@ #include "memdbg.h" +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + struct mbuf_set * mbuf_init(unsigned int size) { @@ -44,6 +49,10 @@ return ret; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void mbuf_free(struct mbuf_set *ms) { diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index d3d316d..caf4725 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -72,6 +72,11 @@ #endif } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + #ifdef ENABLE_MANAGEMENT /* Get username/password from the management interface */ static bool @@ -184,6 +189,10 @@ #endif /* ifdef ENABLE_MANAGEMENT */ +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /* * Get and store a username/password */ diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c index ab01874..88ea647 100644 --- a/src/openvpn/mroute.c +++ b/src/openvpn/mroute.c @@ -103,6 +103,11 @@ return true; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static inline void mroute_get_in_addr_t(struct mroute_addr *ma, const in_addr_t src, unsigned int mask) { @@ -547,6 +552,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void mroute_helper_free(struct mroute_helper *mh) { diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c index 32cd3f8..e7111a8 100644 --- a/src/openvpn/mss.c +++ b/src/openvpn/mss.c @@ -130,6 +130,11 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /* * change TCP MSS option in SYN/SYN-ACK packets, if present * this is generic for IPv4 and IPv6, as the TCP header is the same @@ -199,6 +204,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static inline size_t adjust_payload_max_cbc(const struct key_type *kt, size_t target) { diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c index 81310a2..83edec6 100644 --- a/src/openvpn/mtcp.c +++ b/src/openvpn/mtcp.c @@ -45,6 +45,11 @@ unsigned int sock; }; +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + struct multi_instance * multi_create_instance_tcp(struct multi_context *m, struct link_socket *sock) { @@ -120,6 +125,10 @@ return true; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void multi_tcp_instance_specific_free(struct multi_instance *mi) { diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c index 9c1a772..66f81a6 100644 --- a/src/openvpn/mtu.c +++ b/src/openvpn/mtu.c @@ -280,6 +280,11 @@ struct timeval tv; }; +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + const char * format_extended_socket_error(int fd, int *mtu, struct gc_arena *gc) { @@ -389,6 +394,10 @@ return BSTR(&out); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void set_sock_extended_error_passing(int sd, sa_family_t proto_af) { diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c index 31134be..a373a6a 100644 --- a/src/openvpn/mudp.c +++ b/src/openvpn/mudp.c @@ -180,6 +180,11 @@ return false; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /* * Get a client instance based on real address. If * the instance doesn't exist, create it while @@ -310,6 +315,10 @@ return mi; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /* * Send a packet to UDP socket. */ diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 1d2ee53..2863ff1 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -256,6 +256,11 @@ #endif +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + #ifdef ENABLE_ASYNC_PUSH static uint32_t /* @@ -3982,6 +3987,10 @@ return count; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static void management_delete_event(void *arg, event_t event) { diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c index 00d6106..1815faf 100644 --- a/src/openvpn/networking_sitnl.c +++ b/src/openvpn/networking_sitnl.c @@ -131,6 +131,11 @@ inet_address_t gw; }; +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /** * Helper function used to easily add attributes to a rtnl message */ @@ -1469,6 +1474,10 @@ return sitnl_send(&req.n, 0, 0, NULL, NULL); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #endif /* !ENABLE_SITNL */ #endif /* TARGET_LINUX */ diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c index c2a93e8..521677b 100644 --- a/src/openvpn/ntlm.c +++ b/src/openvpn/ntlm.c @@ -74,6 +74,11 @@ hmac_ctx_free(hmac_ctx); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static void gen_timestamp(uint8_t *timestamp) { @@ -383,4 +388,8 @@ return ((const char *)make_base64_string2((unsigned char *)phase3, phase3_bufpos, gc)); } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif #endif /* if NTLM */ diff --git a/src/openvpn/occ.c b/src/openvpn/occ.c index 8821a06..78013ae 100644 --- a/src/openvpn/occ.c +++ b/src/openvpn/occ.c @@ -174,6 +174,11 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + void check_send_occ_load_test_dowork(struct context *c) { @@ -347,6 +352,10 @@ c->c2.occ_op = -1; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void process_received_occ_msg(struct context *c) { diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h index 6fd7390..e3e7cf8 100644 --- a/src/openvpn/openssl_compat.h +++ b/src/openvpn/openssl_compat.h @@ -194,12 +194,21 @@ LIBRESSL_VERSION_NUMBER > 0x3050400fL) */ #if OPENSSL_VERSION_NUMBER < 0x30200000L && OPENSSL_VERSION_NUMBER >= 0x30000000L +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static inline const char * SSL_get0_group_name(SSL *s) { int nid = SSL_get_negotiated_group(s); return SSL_group_to_name(s, nid); } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif #endif #endif /* OPENSSL_COMPAT_H_ */ diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 151a016..f801743 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -1158,6 +1158,11 @@ return get_ipv6_addr(ipv6_prefix_spec, &t_addr, &t_bits, M_WARN); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static char * string_substitute(const char *src, int from, int to, struct gc_arena *gc) { @@ -9900,6 +9905,10 @@ gc_free(&gc); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + bool has_udp_in_local_list(const struct options *options) { diff --git a/src/openvpn/options_util.c b/src/openvpn/options_util.c index fdc0c55..8a1c083 100644 --- a/src/openvpn/options_util.c +++ b/src/openvpn/options_util.c @@ -162,6 +162,11 @@ return (int)i; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + bool atoi_constrained(const char *str, int *value, const char *name, int min, int max, msglvl_t msglevel) { @@ -193,6 +198,10 @@ return true; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static const char *updatable_options[] = { "block-ipv6", "block-outside-dns", "dhcp-option", "dns", "ifconfig", "ifconfig-ipv6", diff --git a/src/openvpn/otime.c b/src/openvpn/otime.c index 717f749..d9bf157 100644 --- a/src/openvpn/otime.c +++ b/src/openvpn/otime.c @@ -100,6 +100,11 @@ /* format a time_t as ascii, or use current time if 0 */ +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + const char * time_string(time_t t, long usec, bool show_usec, struct gc_arena *gc) { @@ -130,6 +135,10 @@ return BSTR(&out); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /* * Limit the frequency of an event stream. * diff --git a/src/openvpn/otime.h b/src/openvpn/otime.h index 5c700bb..108d0f2 100644 --- a/src/openvpn/otime.h +++ b/src/openvpn/otime.h @@ -59,6 +59,11 @@ extern time_t now_usec; void update_now_usec(struct timeval *tv); +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static inline int openvpn_gettimeofday(struct timeval *tv, void *tz) { @@ -236,6 +241,10 @@ dest->tv_usec = usec; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #define TV_WITHIN_SIGMA_MAX_SEC 600 #define TV_WITHIN_SIGMA_MAX_USEC (TV_WITHIN_SIGMA_MAX_SEC * 1000000) diff --git a/src/openvpn/packet_id.c b/src/openvpn/packet_id.c index ca318eb..880eee1 100644 --- a/src/openvpn/packet_id.c +++ b/src/openvpn/packet_id.c @@ -71,6 +71,11 @@ #endif } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static void packet_id_init_recv(struct packet_id_rec *rec, int seq_backtrack, int time_backtrack, const char *name, int unit) @@ -663,6 +668,10 @@ return epoch; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + bool packet_id_write_epoch(struct packet_id_send *p, uint16_t epoch, struct buffer *buf) ... [truncated message content] |
|
From: cron2 (C. Review) <ge...@op...> - 2025-09-24 12:41:05
|
cron2 has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/1168?usp=email ) Change subject: Enable -Wconversion -Wno-sign-conversion by default ...................................................................... Enable -Wconversion -Wno-sign-conversion by default Grand-father all known locations of existing errors, so that -Werror builds still pass and we do not spam build logs. Still, this should give us a much better roadmap to work on these issues one by one while still enabling the warnings for a lot of code-paths. In general I did go for least amount of pragmas, so usually there is only one override per file, covering ALL of the failures in that file. While this protects a lot of code that doesn't need it, it also cut down the amount of pragmas by a lot. This does cover gcc builds including mingw and clang builds. Does not cover MSVC. Once the amount of issues has been suitable reduced more warnings could be enabled. Change-Id: Iad5b00c35a1f1993b1fa99e8b945ab17b230ef59 Signed-off-by: Frank Lichtenheld <fr...@li...> Acked-by: Gert Doering <ge...@gr...> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1168 Message-Id: <202...@gr...> URL: https://www.mail-archive.com/ope...@li.../msg33181.html Signed-off-by: Gert Doering <ge...@gr...> --- M CMakeLists.txt M configure.ac M src/openvpn/comp-lz4.c M src/openvpn/console_builtin.c M src/openvpn/crypto.c M src/openvpn/crypto_epoch.c M src/openvpn/crypto_mbedtls.c M src/openvpn/crypto_openssl.c M src/openvpn/cryptoapi.c M src/openvpn/dco.c M src/openvpn/dco_freebsd.c M src/openvpn/dco_linux.c M src/openvpn/dco_win.c M src/openvpn/dhcp.c M src/openvpn/event.c M src/openvpn/forward.c M src/openvpn/gremlin.c M src/openvpn/httpdigest.c M src/openvpn/init.c M src/openvpn/interval.c M src/openvpn/lzo.c M src/openvpn/manage.c M src/openvpn/mbuf.c M src/openvpn/misc.c M src/openvpn/mroute.c M src/openvpn/mss.c M src/openvpn/mtcp.c M src/openvpn/mtu.c M src/openvpn/mudp.c M src/openvpn/multi.c M src/openvpn/networking_sitnl.c M src/openvpn/ntlm.c M src/openvpn/occ.c M src/openvpn/openssl_compat.h M src/openvpn/options.c M src/openvpn/options_util.c M src/openvpn/otime.c M src/openvpn/otime.h M src/openvpn/packet_id.c M src/openvpn/packet_id.h M src/openvpn/pkcs11.c M src/openvpn/pkcs11_openssl.c M src/openvpn/proxy.c M src/openvpn/ps.c M src/openvpn/push.c M src/openvpn/push_util.c M src/openvpn/reliable.c M src/openvpn/route.c M src/openvpn/schedule.c M src/openvpn/socket.c M src/openvpn/socks.c M src/openvpn/ssl.c M src/openvpn/ssl_mbedtls.c M src/openvpn/ssl_ncp.c M src/openvpn/ssl_openssl.c M src/openvpn/ssl_pkt.c M src/openvpn/ssl_util.c M src/openvpn/ssl_verify.c M src/openvpn/ssl_verify_mbedtls.c M src/openvpn/ssl_verify_openssl.c M src/openvpn/status.c M src/openvpn/tls_crypt.c M src/openvpn/tun.c M src/openvpn/vlan.c M src/openvpn/win32.c M src/openvpnserv/interactive.c M tests/unit_tests/openvpn/test_crypto.c M tests/unit_tests/openvpn/test_pkcs11.c M tests/unit_tests/openvpn/test_ssl.c 69 files changed, 697 insertions(+), 5 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index fdc0162..3f6196f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -113,8 +113,7 @@ check_and_add_compiler_flag(-Wno-stringop-truncation NoStringOpTruncation) check_and_add_compiler_flag(-Wstrict-prototypes StrictPrototypes) check_and_add_compiler_flag(-Wold-style-definition OldStyleDefinition) - # We are not ready for this - #add_compile_options(-Wconversion -Wno-sign-conversion) + add_compile_options(-Wconversion -Wno-sign-conversion) add_compile_options(-Wextra -Wno-sign-compare -Wno-type-limits -Wno-unused-parameter) # clang doesn't have the different levels but also doesn't include it in -Wextra check_and_add_compiler_flag(-Wimplicit-fallthrough=2 GCCImplicitFallthrough) diff --git a/configure.ac b/configure.ac index c2feeea..8f3c01d 100644 --- a/configure.ac +++ b/configure.ac @@ -1397,6 +1397,7 @@ ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-stringop-truncation]) ACL_CHECK_ADD_COMPILE_FLAGS([-Wstrict-prototypes]) ACL_CHECK_ADD_COMPILE_FLAGS([-Wold-style-definition]) +ACL_CHECK_ADD_COMPILE_FLAGS([-Wconversion -Wno-sign-conversion]) ACL_CHECK_ADD_COMPILE_FLAGS([-Wall]) ACL_CHECK_ADD_COMPILE_FLAGS([-Wextra -Wno-sign-compare -Wno-type-limits -Wno-unused-parameter]) # clang doesn't have the different levels but also doesn't include it in -Wextra diff --git a/src/openvpn/comp-lz4.c b/src/openvpn/comp-lz4.c index 6736469..a78c664 100644 --- a/src/openvpn/comp-lz4.c +++ b/src/openvpn/comp-lz4.c @@ -88,6 +88,11 @@ compv2_escape_data_ifneeded(buf); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static void do_lz4_decompress(size_t zlen_max, struct buffer *work, struct buffer *buf, struct compress_context *compctx) @@ -113,6 +118,10 @@ *buf = *work; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static void lz4_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx, const struct frame *frame) diff --git a/src/openvpn/console_builtin.c b/src/openvpn/console_builtin.c index b0228dd..71c0025 100644 --- a/src/openvpn/console_builtin.c +++ b/src/openvpn/console_builtin.c @@ -45,6 +45,11 @@ #include "win32.h" +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /** * Get input from a Windows console. * @@ -134,6 +139,10 @@ return false; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #endif /* _WIN32 */ @@ -264,6 +273,10 @@ return ret; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif /** * @copydoc query_user_exec() @@ -296,3 +309,7 @@ return ret; } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index ec7da43..6376c11 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -186,6 +186,11 @@ return; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static void openvpn_encrypt_v1(struct buffer *buf, struct buffer work, struct crypto_options *opt) { @@ -1532,6 +1537,10 @@ gc_free(&gc); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + int write_key_file(const int nkeys, const char *filename) { diff --git a/src/openvpn/crypto_epoch.c b/src/openvpn/crypto_epoch.c index b5cbc8d..7026ff8 100644 --- a/src/openvpn/crypto_epoch.c +++ b/src/openvpn/crypto_epoch.c @@ -72,6 +72,11 @@ hmac_ctx_free(hmac_ctx); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + bool ovpn_expand_label(const uint8_t *secret, size_t secret_len, const uint8_t *label, size_t label_len, const uint8_t *context, size_t context_len, uint8_t *out, uint16_t out_len) @@ -163,6 +168,10 @@ key->epoch = epoch_key->epoch; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static void epoch_init_send_key_ctx(struct crypto_options *co) { diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c index 2bab312..076d4ee 100644 --- a/src/openvpn/crypto_mbedtls.c +++ b/src/openvpn/crypto_mbedtls.c @@ -230,6 +230,11 @@ "available\n"); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + bool crypto_pem_encode(const char *name, struct buffer *dst, const struct buffer *src, struct gc_arena *gc) @@ -760,7 +765,6 @@ return 1; } - /* * * Generic message digest information functions @@ -1119,4 +1123,9 @@ return true; } #endif /* HAVE_MBEDTLS_SSL_TLS_PRF && defined(MBEDTLS_SSL_TLS_PRF_TLS1) */ + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #endif /* ENABLE_CRYPTO_MBEDTLS */ diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index 2d0265a..7688add 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -895,6 +895,10 @@ return EVP_CIPHER_CTX_mode(ctx); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif bool cipher_ctx_mode_cbc(const cipher_ctx_t *ctx) @@ -999,6 +1003,9 @@ return cipher_ctx_final(ctx, dst, dst_len); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif /* * @@ -1214,12 +1221,21 @@ HMAC_CTX_reset(ctx); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + int hmac_ctx_size(HMAC_CTX *ctx) { return HMAC_size(ctx); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void hmac_ctx_reset(HMAC_CTX *ctx) { @@ -1398,6 +1414,11 @@ CRYPTO_tls1_prf(EVP_md5_sha1(), out1, olen, sec, slen, label, label_len, NULL, 0, NULL, 0); } #elif !defined(LIBRESSL_VERSION_NUMBER) && !defined(ENABLE_CRYPTO_WOLFSSL) +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + bool ssl_tls1_PRF(const uint8_t *seed, size_t seed_len, const uint8_t *secret, size_t secret_len, uint8_t *output, size_t output_len) @@ -1443,6 +1464,11 @@ EVP_PKEY_CTX_free(pctx); return ret; } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #else /* if defined(LIBRESSL_VERSION_NUMBER) */ /* LibreSSL and wolfSSL do not expose a TLS 1.0/1.1 PRF via the same APIs as * OpenSSL does. As result they will only be able to support diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c index d91d9a1..bba6ed2 100644 --- a/src/openvpn/cryptoapi.c +++ b/src/openvpn/cryptoapi.c @@ -62,7 +62,7 @@ return 0; } -#else /* HAVE_XKEY_PROVIDER */ +#else /* HAVE_XKEY_PROVIDER */ static XKEY_EXTERNAL_SIGN_fn xkey_cng_sign; @@ -342,6 +342,11 @@ return rv; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /** Sign hash in tbs using EC key in cd and NCryptSignHash */ static int xkey_cng_ec_sign(CAPI_DATA *cd, unsigned char *sig, size_t *siglen, const unsigned char *tbs, @@ -438,6 +443,10 @@ return (*siglen > 0); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /** Dispatch sign op to xkey_cng_<rsa/ec>_sign */ static int xkey_cng_sign(void *handle, unsigned char *sig, size_t *siglen, const unsigned char *tbs, diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c index 881459c..2cf90af 100644 --- a/src/openvpn/dco.c +++ b/src/openvpn/dco.c @@ -491,6 +491,11 @@ return true; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + int dco_p2p_add_new_peer(struct context *c) { @@ -645,6 +650,10 @@ return 0; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void dco_install_iroute(struct multi_context *m, struct multi_instance *mi, struct mroute_addr *addr) { diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c index d5ca277..b9f6bc7 100644 --- a/src/openvpn/dco_freebsd.c +++ b/src/openvpn/dco_freebsd.c @@ -72,6 +72,11 @@ return (nvl); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static bool nvlist_to_sockaddr(const nvlist_t *nvl, struct sockaddr_storage *ss) { @@ -854,6 +859,10 @@ return 0; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + int dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err) { diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c index d8357ca..395a38f 100644 --- a/src/openvpn/dco_linux.c +++ b/src/openvpn/dco_linux.c @@ -62,6 +62,11 @@ typedef int (*ovpn_nl_cb)(struct nl_msg *msg, void *arg); +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /** * @brief resolves the netlink ID for ovpn-dco * @@ -1298,4 +1303,8 @@ return "AES-128-GCM:AES-256-GCM:AES-192-GCM:CHACHA20-POLY1305"; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #endif /* defined(ENABLE_DCO) && defined(TARGET_LINUX) */ diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c index 2d08ed8..9e52859 100644 --- a/src/openvpn/dco_win.c +++ b/src/openvpn/dco_win.c @@ -525,6 +525,11 @@ return 0; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + int dco_new_key(dco_context_t *dco, unsigned int peerid, int keyid, dco_key_slot_t slot, const uint8_t *encrypt_key, const uint8_t *encrypt_iv, const uint8_t *decrypt_key, @@ -564,6 +569,11 @@ } return 0; } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + int dco_del_key(dco_context_t *dco, unsigned int peerid, dco_key_slot_t slot) { diff --git a/src/openvpn/dhcp.c b/src/openvpn/dhcp.c index 7abade5..38e8d40 100644 --- a/src/openvpn/dhcp.c +++ b/src/openvpn/dhcp.c @@ -72,6 +72,11 @@ return -1; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static in_addr_t do_extract(struct dhcp *dhcp, int optlen) { @@ -185,3 +190,7 @@ } return 0; } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif diff --git a/src/openvpn/event.c b/src/openvpn/event.c index 581bdbb..2f60b78 100644 --- a/src/openvpn/event.c +++ b/src/openvpn/event.c @@ -65,6 +65,11 @@ #define SELECT_MAX_FDS 256 #endif +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static inline int tv_to_ms_timeout(const struct timeval *tv) { @@ -78,6 +83,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #ifdef _WIN32 struct we_set diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 12dd6a7..f342958 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -367,6 +367,11 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + bool send_control_channel_string_dowork(struct tls_session *session, const char *str, msglvl_t msglevel) @@ -1966,6 +1971,10 @@ perf_pop(); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void pre_select(struct context *c) { diff --git a/src/openvpn/gremlin.c b/src/openvpn/gremlin.c index e6ebbef..0e5e93f 100644 --- a/src/openvpn/gremlin.c +++ b/src/openvpn/gremlin.c @@ -98,6 +98,11 @@ return (get_random() % n) == 0; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /* * Return uniformly distributed random number between * low and high. @@ -229,4 +234,9 @@ } } } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #endif /* ifdef ENABLE_DEBUG */ diff --git a/src/openvpn/httpdigest.c b/src/openvpn/httpdigest.c index be20638..f665b17 100644 --- a/src/openvpn/httpdigest.c +++ b/src/openvpn/httpdigest.c @@ -61,6 +61,11 @@ Hex[HASHHEXLEN] = '\0'; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /* calculate H(A1) as per spec */ void DigestCalcHA1(IN char *pszAlg, IN char *pszUserName, IN char *pszRealm, IN char *pszPassword, @@ -145,4 +150,8 @@ CvtHex(RespHash, Response); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #endif /* if PROXY_DIGEST_AUTH */ diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 0d7a2ec..f8a0fee 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -455,6 +455,11 @@ } #endif /* ENABLE_MANAGEMENT */ +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /* * Initialize and possibly randomize the connection list. * @@ -3490,6 +3495,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /* * No encryption or authentication. */ diff --git a/src/openvpn/interval.c b/src/openvpn/interval.c index 2b35314..fbefcd9 100644 --- a/src/openvpn/interval.c +++ b/src/openvpn/interval.c @@ -38,6 +38,11 @@ top->horizon = horizon; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + bool event_timeout_trigger(struct event_timeout *et, struct timeval *tv, const int et_const_retry) { @@ -77,3 +82,7 @@ } return ret; } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif diff --git a/src/openvpn/lzo.c b/src/openvpn/lzo.c index 3a73d5f..8daaec0 100644 --- a/src/openvpn/lzo.c +++ b/src/openvpn/lzo.c @@ -72,6 +72,11 @@ *header = NO_COMPRESS_BYTE; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static void lzo_decompress(struct buffer *buf, struct buffer work, struct compress_context *compctx, const struct frame *frame) @@ -121,6 +126,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + const struct compress_alg lzo_alg = { "lzo", lzo_compress_init, lzo_compress_uninit, lzo_compress, lzo_decompress }; #endif /* ENABLE_LZO */ diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c index c675e95..5a41a0f 100644 --- a/src/openvpn/manage.c +++ b/src/openvpn/manage.c @@ -206,6 +206,11 @@ return man->settings.up.defined && !man->connection.password_verified; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static void man_check_password(struct management *man, const char *line) { @@ -236,6 +241,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static void man_update_io_state(struct management *man) { @@ -2305,6 +2314,11 @@ #endif /* ifdef TARGET_ANDROID */ +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static int man_read(struct management *man) { @@ -2442,6 +2456,10 @@ return sent; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static void man_connection_clear(struct man_connection *mc) { diff --git a/src/openvpn/mbuf.c b/src/openvpn/mbuf.c index 0750fec..448124c 100644 --- a/src/openvpn/mbuf.c +++ b/src/openvpn/mbuf.c @@ -34,6 +34,11 @@ #include "memdbg.h" +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + struct mbuf_set * mbuf_init(unsigned int size) { @@ -44,6 +49,10 @@ return ret; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void mbuf_free(struct mbuf_set *ms) { diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index d3d316d..caf4725 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -72,6 +72,11 @@ #endif } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + #ifdef ENABLE_MANAGEMENT /* Get username/password from the management interface */ static bool @@ -184,6 +189,10 @@ #endif /* ifdef ENABLE_MANAGEMENT */ +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /* * Get and store a username/password */ diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c index ab01874..88ea647 100644 --- a/src/openvpn/mroute.c +++ b/src/openvpn/mroute.c @@ -103,6 +103,11 @@ return true; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static inline void mroute_get_in_addr_t(struct mroute_addr *ma, const in_addr_t src, unsigned int mask) { @@ -547,6 +552,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void mroute_helper_free(struct mroute_helper *mh) { diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c index 32cd3f8..e7111a8 100644 --- a/src/openvpn/mss.c +++ b/src/openvpn/mss.c @@ -130,6 +130,11 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /* * change TCP MSS option in SYN/SYN-ACK packets, if present * this is generic for IPv4 and IPv6, as the TCP header is the same @@ -199,6 +204,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static inline size_t adjust_payload_max_cbc(const struct key_type *kt, size_t target) { diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c index 81310a2..83edec6 100644 --- a/src/openvpn/mtcp.c +++ b/src/openvpn/mtcp.c @@ -45,6 +45,11 @@ unsigned int sock; }; +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + struct multi_instance * multi_create_instance_tcp(struct multi_context *m, struct link_socket *sock) { @@ -120,6 +125,10 @@ return true; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void multi_tcp_instance_specific_free(struct multi_instance *mi) { diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c index 9c1a772..66f81a6 100644 --- a/src/openvpn/mtu.c +++ b/src/openvpn/mtu.c @@ -280,6 +280,11 @@ struct timeval tv; }; +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + const char * format_extended_socket_error(int fd, int *mtu, struct gc_arena *gc) { @@ -389,6 +394,10 @@ return BSTR(&out); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void set_sock_extended_error_passing(int sd, sa_family_t proto_af) { diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c index 31134be..a373a6a 100644 --- a/src/openvpn/mudp.c +++ b/src/openvpn/mudp.c @@ -180,6 +180,11 @@ return false; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /* * Get a client instance based on real address. If * the instance doesn't exist, create it while @@ -310,6 +315,10 @@ return mi; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /* * Send a packet to UDP socket. */ diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 1d2ee53..2863ff1 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -256,6 +256,11 @@ #endif +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + #ifdef ENABLE_ASYNC_PUSH static uint32_t /* @@ -3982,6 +3987,10 @@ return count; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static void management_delete_event(void *arg, event_t event) { diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c index 00d6106..1815faf 100644 --- a/src/openvpn/networking_sitnl.c +++ b/src/openvpn/networking_sitnl.c @@ -131,6 +131,11 @@ inet_address_t gw; }; +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + /** * Helper function used to easily add attributes to a rtnl message */ @@ -1469,6 +1474,10 @@ return sitnl_send(&req.n, 0, 0, NULL, NULL); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #endif /* !ENABLE_SITNL */ #endif /* TARGET_LINUX */ diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c index c2a93e8..521677b 100644 --- a/src/openvpn/ntlm.c +++ b/src/openvpn/ntlm.c @@ -74,6 +74,11 @@ hmac_ctx_free(hmac_ctx); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static void gen_timestamp(uint8_t *timestamp) { @@ -383,4 +388,8 @@ return ((const char *)make_base64_string2((unsigned char *)phase3, phase3_bufpos, gc)); } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif #endif /* if NTLM */ diff --git a/src/openvpn/occ.c b/src/openvpn/occ.c index 8821a06..78013ae 100644 --- a/src/openvpn/occ.c +++ b/src/openvpn/occ.c @@ -174,6 +174,11 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + void check_send_occ_load_test_dowork(struct context *c) { @@ -347,6 +352,10 @@ c->c2.occ_op = -1; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void process_received_occ_msg(struct context *c) { diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h index 6fd7390..e3e7cf8 100644 --- a/src/openvpn/openssl_compat.h +++ b/src/openvpn/openssl_compat.h @@ -194,12 +194,21 @@ LIBRESSL_VERSION_NUMBER > 0x3050400fL) */ #if OPENSSL_VERSION_NUMBER < 0x30200000L && OPENSSL_VERSION_NUMBER >= 0x30000000L +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static inline const char * SSL_get0_group_name(SSL *s) { int nid = SSL_get_negotiated_group(s); return SSL_group_to_name(s, nid); } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif #endif #endif /* OPENSSL_COMPAT_H_ */ diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 151a016..f801743 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -1158,6 +1158,11 @@ return get_ipv6_addr(ipv6_prefix_spec, &t_addr, &t_bits, M_WARN); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static char * string_substitute(const char *src, int from, int to, struct gc_arena *gc) { @@ -9900,6 +9905,10 @@ gc_free(&gc); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + bool has_udp_in_local_list(const struct options *options) { diff --git a/src/openvpn/options_util.c b/src/openvpn/options_util.c index fdc0c55..8a1c083 100644 --- a/src/openvpn/options_util.c +++ b/src/openvpn/options_util.c @@ -162,6 +162,11 @@ return (int)i; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + bool atoi_constrained(const char *str, int *value, const char *name, int min, int max, msglvl_t msglevel) { @@ -193,6 +198,10 @@ return true; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static const char *updatable_options[] = { "block-ipv6", "block-outside-dns", "dhcp-option", "dns", "ifconfig", "ifconfig-ipv6", diff --git a/src/openvpn/otime.c b/src/openvpn/otime.c index 717f749..d9bf157 100644 --- a/src/openvpn/otime.c +++ b/src/openvpn/otime.c @@ -100,6 +100,11 @@ /* format a time_t as ascii, or use current time if 0 */ +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + const char * time_string(time_t t, long usec, bool show_usec, struct gc_arena *gc) { @@ -130,6 +135,10 @@ return BSTR(&out); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /* * Limit the frequency of an event stream. * diff --git a/src/openvpn/otime.h b/src/openvpn/otime.h index 5c700bb..108d0f2 100644 --- a/src/openvpn/otime.h +++ b/src/openvpn/otime.h @@ -59,6 +59,11 @@ extern time_t now_usec; void update_now_usec(struct timeval *tv); +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static inline int openvpn_gettimeofday(struct timeval *tv, void *tz) { @@ -236,6 +241,10 @@ dest->tv_usec = usec; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #define TV_WITHIN_SIGMA_MAX_SEC 600 #define TV_WITHIN_SIGMA_MAX_USEC (TV_WITHIN_SIGMA_MAX_SEC * 1000000) diff --git a/src/openvpn/packet_id.c b/src/openvpn/packet_id.c index ca318eb..880eee1 100644 --- a/src/openvpn/packet_id.c +++ b/src/openvpn/packet_id.c @@ -71,6 +71,11 @@ #endif } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#endif + static void packet_id_init_recv(struct packet_id_rec *rec, int seq_backtrack, int time_backtrack, const char *name, int unit) @@ -663,6 +668,10 @@ return epoch; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + bool packet_id_write_epoch(struct packet_id_send *p, uint16_t epoch, struct buffer *buf) { diff --git a/src/openvpn/packet_id.h b/src/openvpn/packet_id.h index a7eb256..e9d3647 100644 --- a/src/openvpn/packet_id.h +++ b/src/openvpn/packet_id.h @@ -280,6 +280,11 @@ return p->fd >= 0; } +#if ... [truncated message content] |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X