From: Frank Lichtenheld <frank@lichtenheld.com>
Date: Tue, 11 Nov 2025 17:24:31 +0000 (+0100)
Subject: ssl: change return type of calc_control_channel_frame_overhead to size_t
X-Git-Tag: v2.7_rc2~19
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8b0554d988f6bfdefd30620290ec8ff690a37ce2;p=thirdparty%2Fopenvpn.git

ssl: change return type of calc_control_channel_frame_overhead to size_t

This avoids dealing with conversion warnings inside
the function. Since we only add values that are
supposed to be positive this should be safe.

Note that we now cast the return value to int at
the caller side. There we actually substract it and
want to catch the case where the result gets negative.
Since all the involved values are quite small compared
to INT_MAX I decided to just cast it without further
checks.

Change-Id: I71e9d4a61d37483685723c16e98f59755694cadf
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1297
Message-Id: <20251111172437.7634-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg34326.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index e21ac7861..d7f55dd82 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -179,21 +179,16 @@ tls_init_control_channel_frame_parameters(struct frame *frame, int tls_mtu)
     frame->tun_mtu = max_int(frame->tun_mtu, TLS_CHANNEL_MTU_MIN);
 }
 
-#if defined(__GNUC__) || defined(__clang__)
-#pragma GCC diagnostic push
-#pragma GCC diagnostic ignored "-Wconversion"
-#endif
-
 /**
  * calculate the maximum overhead that control channel frames have
  * This includes header, op code and everything apart from the
  * payload itself. This method is a bit pessimistic and might give higher
  * overhead than we actually have */
-static int
+static size_t
 calc_control_channel_frame_overhead(const struct tls_session *session)
 {
     const struct key_state *ks = &session->key[KS_PRIMARY];
-    int overhead = 0;
+    size_t overhead = 0;
 
     /* opcode */
     overhead += 1;
@@ -226,10 +221,6 @@ calc_control_channel_frame_overhead(const struct tls_session *session)
     return overhead;
 }
 
-#if defined(__GNUC__) || defined(__clang__)
-#pragma GCC diagnostic pop
-#endif
-
 void
 init_ssl_lib(void)
 {
@@ -2650,7 +2641,7 @@ write_outgoing_tls_ciphertext(struct tls_session *session, bool *continue_tls_pr
     int max_pkt_len = min_int(TLS_CHANNEL_BUF_SIZE, session->opt->frame.tun_mtu);
 
     /* Subtract overhead */
-    max_pkt_len -= calc_control_channel_frame_overhead(session);
+    max_pkt_len -= (int)calc_control_channel_frame_overhead(session);
 
     /* calculate total available length for outgoing tls ciphertext */
     int maxlen = max_pkt_len * rel_avail;