From: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
Date: Sat, 14 May 2022 10:50:13 +0000 (+0200)
Subject: Fix signedness of character buffers in HKDF/HPKE-related functions
X-Git-Tag: v9.10~126
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=e59812c7ac30a7916f391bbd48a1b54d40bf2b2c;p=users%2Fdwmw2%2Fopenconnect.git

Fix signedness of character buffers in HKDF/HPKE-related functions

GCC warned of inconsistent signedness in function arguments.

Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
Signed-off-by: Daniel Lenski <dlenski@gmail.com>
---

diff --git a/gnutls.c b/gnutls.c
index 784fdbb0..1b24b267 100644
--- a/gnutls.c
+++ b/gnutls.c
@@ -3048,7 +3048,7 @@ int ecdh_compute_secp256r1(struct openconnect_info *vpninfo, const unsigned char
 }
 
 int hkdf_sha256_extract_expand(struct openconnect_info *vpninfo, unsigned char *buf,
-			       const char *info, int infolen)
+			       const unsigned char *info, int infolen)
 {
 	gnutls_datum_t d;
 	d.data = buf;
@@ -3063,7 +3063,7 @@ int hkdf_sha256_extract_expand(struct openconnect_info *vpninfo, unsigned char *
 	}
 
 	gnutls_datum_t info_d;
-	info_d.data = (void *)info;
+	info_d.data = info;
 	info_d.size = infolen;
 
 	err = gnutls_hkdf_expand(GNUTLS_MAC_SHA256, &d, &info_d, d.data, d.size);
diff --git a/hpke.c b/hpke.c
index 2258c2cc..bf07e44d 100644
--- a/hpke.c
+++ b/hpke.c
@@ -302,7 +302,8 @@ int handle_external_browser(struct openconnect_info *vpninfo)
 	if (ret)
 		goto out_b64;
 
-	ret = hkdf_sha256_extract_expand(vpninfo, secret, "AC_ECIES", 8);
+	const unsigned char info[] = "AC_ECIES";
+	ret = hkdf_sha256_extract_expand(vpninfo, secret, info, 8);
 	if (ret)
 		goto out_b64;
 
diff --git a/openconnect-internal.h b/openconnect-internal.h
index 7a565d21..c247777f 100644
--- a/openconnect-internal.h
+++ b/openconnect-internal.h
@@ -1483,7 +1483,7 @@ int generate_strap_keys(struct openconnect_info *vpninfo);
 int ecdh_compute_secp256r1(struct openconnect_info *vpninfo, const unsigned char *pubkey,
 			   int pubkey_len, unsigned char *secret);
 int hkdf_sha256_extract_expand(struct openconnect_info *vpninfo, unsigned char *buf,
-			       const char *info, int infolen);
+			       const unsigned char *info, int infolen);
 int aes_256_gcm_decrypt(struct openconnect_info *vpninfo, unsigned char *key,
 			unsigned char *data, int len,
 			unsigned char *iv, unsigned char *tag);
diff --git a/openssl.c b/openssl.c
index c55bd3ba..5e895046 100644
--- a/openssl.c
+++ b/openssl.c
@@ -2427,7 +2427,7 @@ int ecdh_compute_secp256r1(struct openconnect_info *vpninfo, const unsigned char
 }
 
 int hkdf_sha256_extract_expand(struct openconnect_info *vpninfo, unsigned char *buf,
-			       const char *info, int infolen)
+			       const unsigned char *info, int infolen)
 {
 	size_t buflen = 32;
 	int ret = 0;