Fix signedness of character buffers in HKDF/HPKE-related functions

GCC warned of inconsistent signedness in function arguments.

Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
Signed-off-by: Daniel Lenski <dlenski@gmail.com>

diff --git a/gnutls.c b/gnutls.c
index 784fdbb01205b33e8fa0a001680da71ac2e2ce78..1b24b267055462f7c81ecdcc72d353de60d1856c 100644 (file)
--- a/gnutls.c
+++ b/gnutls.c
@@ -3048,7 +3048,7 @@ int ecdh_compute_secp256r1(struct openconnect_info *vpninfo, const unsigned char
 }
 
 int hkdf_sha256_extract_expand(struct openconnect_info *vpninfo, unsigned char *buf,
-                              const char *info, int infolen)
+                              const unsigned char *info, int infolen)
 {
        gnutls_datum_t d;
        d.data = buf;
@@ -3063,7 +3063,7 @@ int hkdf_sha256_extract_expand(struct openconnect_info *vpninfo, unsigned char *
        }
 
        gnutls_datum_t info_d;
-       info_d.data = (void *)info;
+       info_d.data = info;
        info_d.size = infolen;
 
        err = gnutls_hkdf_expand(GNUTLS_MAC_SHA256, &d, &info_d, d.data, d.size);

diff --git a/hpke.c b/hpke.c
index 2258c2cc421e173b490f4f6c036f1847eaf21aaa..bf07e44dec8b0198395a72e7df552970616ba9ae 100644 (file)
--- a/hpke.c
+++ b/hpke.c
@@ -302,7 +302,8 @@ int handle_external_browser(struct openconnect_info *vpninfo)
        if (ret)
                goto out_b64;
 
-       ret = hkdf_sha256_extract_expand(vpninfo, secret, "AC_ECIES", 8);
+       const unsigned char info[] = "AC_ECIES";
+       ret = hkdf_sha256_extract_expand(vpninfo, secret, info, 8);
        if (ret)
                goto out_b64;
 

diff --git a/openconnect-internal.h b/openconnect-internal.h
index 7a565d214557c60c461f986363aecee16c232a4d..c247777fca2f5af4998cc04d36028b38e5d8abab 100644 (file)
--- a/openconnect-internal.h
+++ b/openconnect-internal.h
@@ -1483,7 +1483,7 @@ int generate_strap_keys(struct openconnect_info *vpninfo);
 int ecdh_compute_secp256r1(struct openconnect_info *vpninfo, const unsigned char *pubkey,
                           int pubkey_len, unsigned char *secret);
 int hkdf_sha256_extract_expand(struct openconnect_info *vpninfo, unsigned char *buf,
-                              const char *info, int infolen);
+                              const unsigned char *info, int infolen);
 int aes_256_gcm_decrypt(struct openconnect_info *vpninfo, unsigned char *key,
                        unsigned char *data, int len,
                        unsigned char *iv, unsigned char *tag);

diff --git a/openssl.c b/openssl.c
index c55bd3ba61d6cd376c76f542647c9855727dd169..5e89504676d0db8cc5d46555444ce3514129e65a 100644 (file)
--- a/openssl.c
+++ b/openssl.c
@@ -2427,7 +2427,7 @@ int ecdh_compute_secp256r1(struct openconnect_info *vpninfo, const unsigned char
 }
 
 int hkdf_sha256_extract_expand(struct openconnect_info *vpninfo, unsigned char *buf,
-                              const char *info, int infolen)
+                              const unsigned char *info, int infolen)
 {
        size_t buflen = 32;
        int ret = 0;