From: Frank Lichtenheld <frank@lichtenheld.com>
Date: Sun, 16 Nov 2025 18:36:15 +0000 (+0100)
Subject: ssl: Change update argument of compute_earliest_wakeup to time_t
X-Git-Tag: v2.7_rc2~7
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0e2fc09d4336bd3e87dfb37123ba4df208b1c048;p=thirdparty%2Fopenvpn.git

ssl: Change update argument of compute_earliest_wakeup to time_t

Since we usually input a diff of two time_t values here
the input value will be officially time_t. So avoid
conversion warnings at almost every caller site.

We can safely cast it to interval_t here because we
checked that it is smaller than the interval_t value
earliest. And all negative values are treated equal,
so exact value doesn't matter.

Change-Id: I6bc3147d10ca50291110335cd9fc3be961280c1b
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1299
Message-Id: <20251116183622.11727-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg34482.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 2d24f5e2e..92a68d04d 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -1107,11 +1107,11 @@ reset_session(struct tls_multi *multi, struct tls_session *session)
  * called again.
  */
 static inline void
-compute_earliest_wakeup(interval_t *earliest, interval_t seconds_from_now)
+compute_earliest_wakeup(interval_t *earliest, time_t seconds_from_now)
 {
     if (seconds_from_now < *earliest)
     {
-        *earliest = seconds_from_now;
+        *earliest = (interval_t)seconds_from_now;
     }
     if (*earliest < 0)
     {
@@ -1119,11 +1119,6 @@ compute_earliest_wakeup(interval_t *earliest, interval_t seconds_from_now)
     }
 }
 
-#if defined(__GNUC__) || defined(__clang__)
-#pragma GCC diagnostic push
-#pragma GCC diagnostic ignored "-Wconversion"
-#endif
-
 /*
  * Return true if "lame duck" or retiring key has expired and can
  * no longer be used.
@@ -1338,7 +1333,7 @@ init_epoch_keys(struct key_state *ks, struct tls_multi *multi, const struct key_
     /* For now we hardcode this to be 16 for the software based data channel
      * DCO based implementations/HW implementation might adjust this number
      * based on their expected speed */
-    const int future_key_count = 16;
+    const uint8_t future_key_count = 16;
 
     int key_direction = server ? KEY_DIRECTION_INVERSE : KEY_DIRECTION_NORMAL;
     struct key_direction_state kds;
@@ -1785,6 +1780,11 @@ write_empty_string(struct buffer *buf)
     return true;
 }
 
+#if defined(__GNUC__) || defined(__clang__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+
 static bool
 write_string(struct buffer *buf, const char *str, const int maxlen)
 {