diff mbox series

[Openvpn-devel,v4] crypto: Make some casts to int explicit

Message ID 20251008092859.875-1-gert@greenie.muc.de
State New
Headers show
Series [Openvpn-devel,v4] crypto: Make some casts to int explicit | expand

Commit Message

Gert Doering Oct. 8, 2025, 9:28 a.m. UTC 
From: Frank Lichtenheld <frank@lichtenheld.com>

In all of these cases the cast is safe to do
since we have limits imposed in other ways.

And we want those values as int, so no
alternative to casting.

Change-Id: I3b8dd8d5671e31dba2a23a0a78f36d9dda034b88
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1217
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1217
This mail reflects revision 4 of this Change.

Acked-by according to Gerrit (reflected above):
Gert Doering <gert@greenie.muc.de>

Comments

Gert Doering Oct. 8, 2025, 9:44 a.m. UTC | #1 
What it says on the lid, with the extra length check (for the somewhat
unlikely case that someone feeds us a config file with an inline key
longer than INT_MAX :-) ).  MaxF did an early review and this part
was missing.

BBs say it's good, stare-at-code also makes sense, plus #1252 squashed.

Your patch has been applied to the master branch.

commit e0b5ea5db92f450eba60ed5eab632ba2239b1e56
Author: Frank Lichtenheld
Date:   Wed Oct 8 11:28:54 2025 +0200

     crypto: Make some casts to int explicit

     Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
     Acked-by: Gert Doering <gert@greenie.muc.de>
     Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1217
     Message-Id: <20251008092859.875-1-gert@greenie.muc.de>
     URL: https://sourceforge.net/p/openvpn/mailman/message/59243794/
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering
diff mbox series

Patch

diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 6376c11..307d1ee 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -186,11 +186,6 @@ 
     return;
 }
 
-#if defined(__GNUC__) || defined(__clang__)
-#pragma GCC diagnostic push
-#pragma GCC diagnostic ignored "-Wconversion"
-#endif
-
 static void
 openvpn_encrypt_v1(struct buffer *buf, struct buffer work, struct crypto_options *opt)
 {
@@ -302,7 +297,7 @@ 
         if (ctx->hmac)
         {
             hmac_ctx_reset(ctx->hmac);
-            hmac_ctx_update(ctx->hmac, hmac_start, BEND(&work) - hmac_start);
+            hmac_ctx_update(ctx->hmac, hmac_start, (int)(BEND(&work) - hmac_start));
             hmac_ctx_final(ctx->hmac, mac_out);
             dmsg(D_PACKET_CONTENT, "ENCRYPT HMAC: %s",
                  format_hex(mac_out, hmac_ctx_size(ctx->hmac), 80, &gc));
@@ -533,7 +528,7 @@ 
         }
     }
 
-    const int ad_size = BPTR(buf) - ad_start;
+    const int ad_size = (int)(BPTR(buf) - ad_start);
 
     uint8_t *tag_ptr = NULL;
     int data_len = 0;
@@ -1366,8 +1361,8 @@ 
     int state = PARSE_INITIAL;
 
     /* constants */
-    const int hlen = strlen(static_key_head);
-    const int flen = strlen(static_key_foot);
+    const int hlen = (int)strlen(static_key_head);
+    const int flen = (int)strlen(static_key_foot);
     const int onekeylen = sizeof(key2->keys[0]);
 
     CLEAR(*key2);
@@ -1378,7 +1373,9 @@ 
      */
     if (flags & RKF_INLINE) /* 'file' is a string containing ascii representation of key */
     {
-        size = strlen(file) + 1;
+        size_t buf_size = strlen(file) + 1;
+        ASSERT(buf_size <= INT_MAX);
+        size = (int)buf_size;
         buf_set_read(&in, (const uint8_t *)file, size);
     }
     else /* 'file' is a filename which refers to a file containing the ascii key */
@@ -1537,10 +1534,6 @@ 
     gc_free(&gc);
 }
 
-#if defined(__GNUC__) || defined(__clang__)
-#pragma GCC diagnostic pop
-#endif
-
 int
 write_key_file(const int nkeys, const char *filename)
 {