From patchwork Tue Nov 11 17:25:23 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gert Doering <gert@greenie.muc.de>
X-Patchwork-Id: 4583
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:33c4:b0:7b1:439f:bdf with SMTP id u4csp2039406maf;
        Tue, 11 Nov 2025 09:25:48 -0800 (PST)
X-Forwarded-Encrypted: i=2;
 AJvYcCX4HpwrCLbq/qw2PLrLRX/vPtSv1d+bm1r+/YBRPFJHL1omjzK232BkMGV6XGN48j5rVuz2oTb2Ahg=@openvpn.net
X-Google-Smtp-Source: 
 AGHT+IEqEsbgDwsVgT1DKYONvo1Z765hiOrRXvggmq35gh5Zw5+tC9pcdjGO7sCRkxFXkm3H6StA
X-Received: by 2002:a05:6871:69a9:b0:3d2:2f2d:711a with SMTP id
 586e51a60fabf-3e7c29567e7mr6635620fac.29.1762881948601;
        Tue, 11 Nov 2025 09:25:48 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1762881948; cv=none;
        d=google.com; s=arc-20240605;
        b=QAxLLDjVGvOfpsrcIZR1hTRi+/rdL9LUtDf2qTGFH44JHyXwYUPYjXC6rN8Uv3U0Gb
         ULXJcI83OFkc3KnGZktIpcByiLyiRA3jtQ+WcXu+9N7Es5bzArBu0sjCiVZ8uJc9ghnm
         sAQ7Jf+a665UHhHtGc5N/QPxMVsaoID3TOnLzN2SvwDuM3CqR1H75HdsiIv2Pwrz65pI
         VBUG+uNJ3W/7Tm7CW0RP+T+5VyxSuTCc16+LjiSj9MP+KT7VCzd2M4cz1xMdU8tTDOVt
         xvApULN09UOJSlYUC2zUaq+Yt3m4BPTDHoikbqSabfYQGKrtqQaaW+O9mr7ytda9Phu4
         zhnQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=errors-to:content-transfer-encoding:list-subscribe:list-help
         :list-post:list-archive:list-unsubscribe:list-id:precedence:subject
         :mime-version:references:in-reply-to:message-id:date:to:from
         :dkim-signature:dkim-signature:dkim-signature;
        bh=uxSl2DpwDc+NbJCxL4NtOQW4z1Osxt7gTi4y/vdy9ns=;
        fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=;
        b=ZMjzs5Iw8tiejIh/QZwEkJcJRGpCgCSlMMM0zuJki9N2p5s0p8f2Kl0qFOHGIWWq3A
         VP8TqXe/WnsOgm+M42Xy6TkPDwFxkFzQdW9ehdg1bU5bLSAqp3EqTz8L0nTlgp7CMhCA
         hRoKMhZtkSVGGKh1iTGYE5Z8r4cpWfIXNUraFbpXSvTqaWSkkCBLyS//WzVCsjh2pZYu
         DJ7LJvGiO+K1DH7ybrUYUMonBJr48l2VnXGmZS+tzvfBJ9wJgLCQToBGjZnxPmvIWcOS
         JZTRR7hocVbq7KhbqqHFJY1QVZ4QYslGe1QCFt8PhO4MukrMIZXJKOhwYLDxHog9iuLt
         SWlA==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@lists.sourceforge.net header.s=beta
 header.b=D155FxoX;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b="bFf/59fP";
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=meTy4i98;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
        by mx.google.com with ESMTPS id
 46e09a7af769-7c6f10d07f1si5973582a34.143.2025.11.11.09.25.48
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 11 Nov 2025 09:25:48 -0800 (PST)
Received-SPF: pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@lists.sourceforge.net header.s=beta
 header.b=D155FxoX;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b="bFf/59fP";
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=meTy4i98;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:
	List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:
	Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender:
	Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
	bh=uxSl2DpwDc+NbJCxL4NtOQW4z1Osxt7gTi4y/vdy9ns=; b=D155FxoXLPuB10ZHguSElHjeTh
	3zfDiYZifwSq0iCEwlJsH5wNehM/JXc/R8VW9ozJkIdRgrHzzsxm/w9hYaWDHf4Yes6tMcViILUes
	X2fApGjg3burXgDZ7Pe1IFanF1ef97SASG+Ed9Tlaz6Bup0955Yl7GnbJp0y4OCc0gAM=;
Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com)
	by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1vIs7l-0004JW-Qf;
	Tue, 11 Nov 2025 17:25:45 +0000
Received: from [172.30.29.66] (helo=mx.sourceforge.net)
 by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
 (envelope-from <gert@blue4.greenie.muc.de>) id 1vIs7k-0004JN-4A
 for openvpn-devel@lists.sourceforge.net;
 Tue, 11 Nov 2025 17:25:44 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References:
 In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=McKsz/6kghDtKfIbZzLlxlnTU3iADKqsHusJ4g8bg5Q=; b=bFf/59fP/BiM7DthEmYFZrwDfw
 dl7ieLEQnkkgiISzxwFxuFxlYU6V7JRmdrstIH+1ZmS7fzXJoIRFqJfo5ZpkChj2hJfQKG1LaeyXH
 ym25Ecm/jZV6UzlITqJkNZ6UZlSzvIljc97fUagO1IDkRblOCF8ToYXORuJl5TSF/z5o=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:
 Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=McKsz/6kghDtKfIbZzLlxlnTU3iADKqsHusJ4g8bg5Q=; b=meTy4i98XsKDZggfZx8fkEaH08
 8HmFUkXP1WbnHN9ESKdkRUgWAkV9ocU/LAnV7kqGePr+ArcqWXipaPUOfCwEI3aLscrMoszERrJ7c
 NddhpvwILD2N2PscXgs6SqN1BqOBf5y/SApKVh8TxBLbWMy5/Ean4TUdmEKmpVNJ1yzE=;
Received: from [193.149.48.134] (helo=blue.greenie.muc.de)
 by sfi-mx-2.v28.lw.sourceforge.com with esmtps
 (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
 id 1vIs7j-0002lc-B0 for openvpn-devel@lists.sourceforge.net;
 Tue, 11 Nov 2025 17:25:44 +0000
Received: from blue.greenie.muc.de (localhost [127.0.0.1])
 by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 5ABHPVPl007770
 for <openvpn-devel@lists.sourceforge.net>; Tue, 11 Nov 2025 18:25:31 +0100
Received: (from gert@localhost)
 by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 5ABHPV5G007769
 for openvpn-devel@lists.sourceforge.net; Tue, 11 Nov 2025 18:25:31 +0100
From: Gert Doering <gert@greenie.muc.de>
To: openvpn-devel@lists.sourceforge.net
Date: Tue, 11 Nov 2025 18:25:23 +0100
Message-ID: <20251111172531.7754-1-gert@greenie.muc.de>
X-Mailer: git-send-email 2.49.1
In-Reply-To: 
 <gerrit.1761324750000.If3331a2d0477634af077b4c29963dbec6d04e17b@gerrit.openvpn.net>
References: 
 <gerrit.1761324750000.If3331a2d0477634af077b4c29963dbec6d04e17b@gerrit.openvpn.net>
MIME-Version: 1.0
X-Spam-Score: 1.3 (+)
X-Spam-Report: Spam detection software,
 running on the system "sfi-spamd-2.hosts.colo.sdot.me",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: From: Frank Lichtenheld <frank@lichtenheld.com> Since we
 translate
 between different APIs casts are unavoidable. Make sure they are safe.
 Change-Id:
 If3331a2d0477634af077b4c29963dbec6d04e17b Signed-off-by: Frank Lichtenheld
 <frank@lichtenheld.com> Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
 Gerrit URL: https://gerrit.openvpn.net/c [...]
 Content analysis details:   (1.3 points, 5.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Headers-End: 1vIs7j-0002lc-B0
Subject: [Openvpn-devel] [PATCH v3] pkcs11: Avoid some conversion warnings
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1848515702106975316?=
X-GMAIL-MSGID: =?utf-8?q?1848515702106975316?=

From: Frank Lichtenheld <frank@lichtenheld.com>

Since we translate between different APIs
casts are unavoidable. Make sure they are safe.

Change-Id: If3331a2d0477634af077b4c29963dbec6d04e17b
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1296
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1296
This mail reflects revision 3 of this Change.

Acked-by according to Gerrit (reflected above):
Arne Schwabe <arne-openvpn@rfc2549.org>

diff --git a/src/openvpn/pkcs11.c b/src/openvpn/pkcs11.c
index 9afb181..14118a9 100644
--- a/src/openvpn/pkcs11.c
+++ b/src/openvpn/pkcs11.c
@@ -53,18 +53,17 @@
 }
 #endif
 
-#if defined(__GNUC__) || defined(__clang__)
-#pragma GCC diagnostic push
-#pragma GCC diagnostic ignored "-Wconversion"
-#endif
-
 static void
-__mysleep(const unsigned long usec)
+__mysleep(unsigned long usec)
 {
 #if defined(_WIN32)
     Sleep(usec / 1000);
 #else
-    usleep(usec);
+    if (usec > UINT_MAX)
+    {
+        usec = UINT_MAX;
+    }
+    usleep((useconds_t)usec);
 #endif
 }
 
@@ -528,7 +527,13 @@
         goto cleanup;
     }
 
-    if (openvpn_base64_encode(certificate_blob, certificate_blob_size, &internal_base64) == -1)
+    if (certificate_blob_size > INT_MAX)
+    {
+        msg(M_WARN, "PKCS#11: Invalid certificate size %zu", certificate_blob_size);
+        goto cleanup;
+    }
+
+    if (openvpn_base64_encode(certificate_blob, (int)certificate_blob_size, &internal_base64) == -1)
     {
         msg(M_WARN, "PKCS#11: Cannot encode certificate");
         goto cleanup;
@@ -563,10 +568,6 @@
     return success;
 }
 
-#if defined(__GNUC__) || defined(__clang__)
-#pragma GCC diagnostic pop
-#endif
-
 int
 tls_ctx_use_pkcs11(struct tls_root_ctx *const ssl_ctx, bool pkcs11_id_management,
                    const char *const pkcs11_id)