@@ -347,6 +347,4 @@
gitref: v1.70.0
libconfigure: cmake -B build -GNinja -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX="$LIBPREFIX" -DBUILD_SHARED_LIBS=1
libmake: cmake --build build
- libinstall: sudo cmake --install build
- # not ready for --enable-werror
- ovpnconfigureflags:
+ libinstall: sudo cmake --install build
\ No newline at end of file
@@ -425,7 +425,7 @@
print_digest(EVP_MD *digest, void *unused)
{
printf("%s %d bit digest size\n", md_kt_name(EVP_MD_get0_name(digest)),
- EVP_MD_size(digest) * 8);
+ (int)EVP_MD_size(digest) * 8);
}
void
@@ -1025,7 +1025,7 @@
"Message hash algorithm '%s' uses a default hash "
"size (%d bytes) which is larger than " PACKAGE_NAME "'s current "
"maximum hash size (%d bytes)",
- digest, EVP_MD_size(md), MAX_HMAC_KEY_LENGTH);
+ digest, (int)EVP_MD_size(md), MAX_HMAC_KEY_LENGTH);
}
return md;
}
@@ -1144,7 +1144,7 @@
int
md_ctx_size(const EVP_MD_CTX *ctx)
{
- return EVP_MD_CTX_size(ctx);
+ return (int)EVP_MD_CTX_size(ctx);
}
void
@@ -1188,7 +1188,7 @@
evp_md_type *kt = md_get(mdname);
ASSERT(NULL != kt && NULL != ctx);
- int key_len = EVP_MD_size(kt);
+ int key_len = (int)EVP_MD_size(kt);
HMAC_CTX_reset(ctx);
if (!HMAC_Init_ex(ctx, key, key_len, kt, NULL))
{
@@ -51,10 +51,14 @@
typedef uint32_t openssl_err_t;
typedef size_t openssl_stack_size_t;
#define PRI_OPENSSL_STACK "zu"
+typedef uint32_t openssl_opt_t;
#else
typedef unsigned long openssl_err_t;
typedef int openssl_stack_size_t;
#define PRI_OPENSSL_STACK "d"
+/* OpenSSL 4.0 actually uses bits in the upper half of the uint64_t (e.g.
+ * SSL_OP_PREFER_NO_DHE_KEX), so we really should use an uint64_t here */
+typedef uint64_t openssl_opt_t;
#endif
@@ -328,7 +328,7 @@
ASSERT(NULL != ctx);
/* process SSL options */
- uint64_t sslopt = SSL_OP_SINGLE_DH_USE | SSL_OP_NO_TICKET;
+ openssl_opt_t sslopt = SSL_OP_SINGLE_DH_USE | SSL_OP_NO_TICKET;
#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
sslopt |= SSL_OP_CIPHER_SERVER_PREFERENCE;
#endif
@@ -1656,7 +1656,7 @@
ecdsa_sign(int type, const unsigned char *dgst, int dgstlen, unsigned char *sig,
unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *ec)
{
- int capacity = ECDSA_size(ec);
+ int capacity = (int)ECDSA_size(ec);
/*
* ECDSA does not seem to have proper constants for paddings since
* there are only signatures without padding at the moment, use
@@ -1672,12 +1672,14 @@
return 0;
}
+#ifndef OPENSSL_IS_AWSLC
/* EC_KEY_METHOD callback: sign_setup(). We do no precomputations */
static int
ecdsa_sign_setup(EC_KEY *ec, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
{
return 1;
}
+#endif
/* EC_KEY_METHOD callback: sign_sig().
* Sign the hash and return the result as a newly allocated ECDS_SIG
@@ -1688,7 +1690,7 @@
EC_KEY *ec)
{
ECDSA_SIG *ecsig = NULL;
- unsigned int len = ECDSA_size(ec);
+ unsigned int len = (unsigned int)ECDSA_size(ec);
struct gc_arena gc = gc_new();
unsigned char *buf = gc_malloc(len, false, &gc);
@@ -357,7 +357,7 @@
const EVP_MD *sha1 = EVP_sha1();
struct buffer hash = alloc_buf_gc((size_t)EVP_MD_size(sha1), gc);
X509_digest(cert, EVP_sha1(), BPTR(&hash), NULL);
- ASSERT(buf_inc_len(&hash, EVP_MD_size(sha1)));
+ ASSERT(buf_inc_len(&hash, (int)EVP_MD_size(sha1)));
return hash;
}
@@ -367,7 +367,7 @@
const EVP_MD *sha256 = EVP_sha256();
struct buffer hash = alloc_buf_gc((size_t)EVP_MD_size(sha256), gc);
X509_digest(cert, EVP_sha256(), BPTR(&hash), NULL);
- ASSERT(buf_inc_len(&hash, EVP_MD_size(sha256)));
+ ASSERT(buf_inc_len(&hash, (int)EVP_MD_size(sha256)));
return hash;
}