From patchwork Mon Sep 22 20:40:53 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gert Doering <gert@greenie.muc.de>
X-Patchwork-Id: 4435
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:c08a:b0:72f:f16c:e055 with SMTP id
 jr10csp458874mab;
        Mon, 22 Sep 2025 13:41:17 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCVARrKiSEf723/EDgoEW8aho+1Q95cbrv1Eec6z7V++UMXLh3zOi9vfLFWzzPXh+Zt6xWXhUtvx4Dw=@openvpn.net
X-Google-Smtp-Source: 
 AGHT+IEdIn4XmQq0b2kmEMP6GgoZgRkqaxIar4nhtCsSWuoVkadhjWwhNvUwRyqKPPu6UF9UgRtf
X-Received: by 2002:a05:6808:1b22:b0:43b:91b7:cc2d with SMTP id
 5614622812f47-43f2d339130mr17697b6e.18.1758573677126;
        Mon, 22 Sep 2025 13:41:17 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1758573677; cv=none;
        d=google.com; s=arc-20240605;
        b=E348YBAkpQwFVAYFAhwdhPzrQps6DzlkNCxq3oqc5+iVH29z6NchmmPdivYHo3GuOK
         3w6gRkAc0ag4xxEJPLHrGek7YJbW0Axlro+K1FYeY9VUakE//wsNK1AXJAaAq+2QkIV9
         +ZQzIa3euMR336TDf0jJT/fgQlpKz6MggWQAp6BRByywVRk7gWBSDZUf8sTddMiDfx7h
         4L07QVcas4Wdmoqz9BRiRLVXM7ZsPg81oJ9h6KchM+y+D3EQx1DKJnspHgwb/ajISfY1
         ePW3UPs9TBeYYy6vb0ixGYTbt1VragKNGRqUXuz6f+84LyBcRyG1sJ2wXm2uyLy8Pflf
         EBuw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=errors-to:content-transfer-encoding:list-subscribe:list-help
         :list-post:list-archive:list-unsubscribe:list-id:precedence:subject
         :mime-version:references:in-reply-to:message-id:date:to:from
         :dkim-signature:dkim-signature:dkim-signature;
        bh=sCr2M8wl/9IvRqricHTemEIWuF0pFI3pHehLU6OKqEQ=;
        fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=;
        b=JUSIqyOgoMBZ/CTbAfWW37nCOfKYqr/Xifcuc41Hy+1xY2VFSJGLT0cQP7vPf7gPS1
         tO0CtrFytZtijYHmQsSEfXQdpk0R7nfxcJ/6JeN7suD1C6gii3dTqbJFwA2JBUV1vLO9
         Ayhc6nt7OIZGRG5dPEOl4HCMVy7+VyScfyDmANHpS3GWDoCE+66pr9BFPHytmwNXcRqb
         W4PoG5QL/lf72dJUenvmCr/Zs1/zUklNdxy/8VlJVk8rQbaywZRzUGb5fUgqNQf0ZF4L
         9eBTGD/zQQKxv8AImoVlHpVRolRktuld1WUjjczF7p5FiJWgV7EBEUYcFE8+0I/0VAim
         xxQA==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@lists.sourceforge.net header.s=beta
 header.b=SIAazeW3;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=My5N+SUW;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=L1L1HF7G;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
        by mx.google.com with ESMTPS id
 5614622812f47-43f26ac65f4si345441b6e.355.2025.09.22.13.41.16
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 22 Sep 2025 13:41:17 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@lists.sourceforge.net header.s=beta
 header.b=SIAazeW3;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=My5N+SUW;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=L1L1HF7G;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:
	List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:
	Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender:
	Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
	bh=sCr2M8wl/9IvRqricHTemEIWuF0pFI3pHehLU6OKqEQ=; b=SIAazeW30ANRJTpoJi37VKpZsF
	c+0KtVx5URFYb3+ZdddfwdFIp+BK39nL+Q/Rjp5aC3Xyfo+PAL1kG93YHUZYtCJCkmM/S3SX4WlYe
	laibC83jMC4Y0Bge4oTEm8Nswv6e+vmk3WGEnFg6PsXvIrXQlod9KBbdhF2bfN5IL8Ww=;
Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com)
	by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1v0nLX-0006Lo-3I;
	Mon, 22 Sep 2025 20:41:15 +0000
Received: from [172.30.29.66] (helo=mx.sourceforge.net)
 by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
 (envelope-from <gert@blue4.greenie.muc.de>) id 1v0nLU-0006Lf-TH
 for openvpn-devel@lists.sourceforge.net;
 Mon, 22 Sep 2025 20:41:12 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References:
 In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=+54JpNnXBZ5pXXPpvjTueZNf6NujUidBExUADlEHQsY=; b=My5N+SUW+6L5mE2Y7mcogQkPh5
 TeiSzkeCvr+QK8H3tUer7LiX+wwCYlm+Rd9KK9uiQRrVyM/5MO9CMngLEKflGTCIXwBnpA+pyPFXJ
 3u42qGEXqsouosvbKaAFJyHWDHXdlJ9aoPYCOPMUk4T+5fYHaG+QS1ohB/AcVUGRal1c=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:
 Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=+54JpNnXBZ5pXXPpvjTueZNf6NujUidBExUADlEHQsY=; b=L1L1HF7G+LjnZGvjwUbNLz6a3O
 K4BTfIX9eKmJBWsHsjexpjjoQj/1L293djJ1MJ7cYqfd67vaKNP0JZiGkocx1JNBM0SAnJ6ELGR/5
 7O/c4MwnQSk0cE8+ocDPD/P5U0AVSCFo7pbjfa9bp8yf52cB10Zvody+0XoHwYNLcTAg=;
Received: from [193.149.48.134] (helo=blue.greenie.muc.de)
 by sfi-mx-2.v28.lw.sourceforge.com with esmtps
 (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
 id 1v0nLT-0004Jp-PM for openvpn-devel@lists.sourceforge.net;
 Mon, 22 Sep 2025 20:41:12 +0000
Received: from blue.greenie.muc.de (localhost [127.0.0.1])
 by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 58MKexEI023244
 for <openvpn-devel@lists.sourceforge.net>; Mon, 22 Sep 2025 22:40:59 +0200
Received: (from gert@localhost)
 by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 58MKexmE023243
 for openvpn-devel@lists.sourceforge.net; Mon, 22 Sep 2025 22:40:59 +0200
From: Gert Doering <gert@greenie.muc.de>
To: openvpn-devel@lists.sourceforge.net
Date: Mon, 22 Sep 2025 22:40:53 +0200
Message-ID: <20250922204059.23226-1-gert@greenie.muc.de>
X-Mailer: git-send-email 2.49.1
In-Reply-To: 
 <gerrit.1754490554000.I22b93c807f1be99fab450708f686fce4aa6d5cef@gerrit.openvpn.net>
References: 
 <gerrit.1754490554000.I22b93c807f1be99fab450708f686fce4aa6d5cef@gerrit.openvpn.net>
MIME-Version: 1.0
X-Spam-Score: 1.3 (+)
X-Spam-Report: Spam detection software,
 running on the system "sfi-spamd-2.hosts.colo.sdot.me",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: From: Frank Lichtenheld <frank@lichtenheld.com> Return type
 is int, but we often use it in contexts where we expect size_t. So just cast
 it. Nothing else to do really. Change-Id:
 I22b93c807f1be99fab450708f686fce4aa6d5cef
 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert
 Doering
 <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/open [...]
 Content analysis details:   (1.3 points, 5.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Headers-End: 1v0nLT-0004Jp-PM
Subject: [Openvpn-devel] [PATCH v8] Handle return type of EVP_MD_size
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1843998152480301780?=
X-GMAIL-MSGID: =?utf-8?q?1843998152480301780?=

From: Frank Lichtenheld <frank@lichtenheld.com>

Return type is int, but we often use it in contexts
where we expect size_t. So just cast it. Nothing else
to do really.

Change-Id: I22b93c807f1be99fab450708f686fce4aa6d5cef
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1133
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1133
This mail reflects revision 8 of this Change.

Acked-by according to Gerrit (reflected above):
Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index 98fe37f..75af4f5 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -1273,7 +1273,7 @@
 
     /* We need to make a copy of the key since the OSSL parameters
      * only reference it */
-    memcpy(ctx->key, key, EVP_MD_size(kt));
+    memcpy(ctx->key, key, (size_t)EVP_MD_size(kt));
 
     /* Lookup/setting of parameters in OpenSSL 3.0 are string based
      *
@@ -1282,7 +1282,7 @@
      * the constness away here.
      */
     ctx->params[0] = OSSL_PARAM_construct_utf8_string("digest", (char *)EVP_MD_get0_name(kt), 0);
-    ctx->params[1] = OSSL_PARAM_construct_octet_string("key", ctx->key, EVP_MD_size(kt));
+    ctx->params[1] = OSSL_PARAM_construct_octet_string("key", ctx->key, (size_t)EVP_MD_size(kt));
     ctx->params[2] = OSSL_PARAM_construct_end();
 
     if (!EVP_MAC_init(ctx->ctx, NULL, 0, ctx->params))
diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c
index 6de7e2a..b79b09b 100644
--- a/src/openvpn/ssl_verify_openssl.c
+++ b/src/openvpn/ssl_verify_openssl.c
@@ -341,7 +341,7 @@
 x509_get_sha1_fingerprint(X509 *cert, struct gc_arena *gc)
 {
     const EVP_MD *sha1 = EVP_sha1();
-    struct buffer hash = alloc_buf_gc(EVP_MD_size(sha1), gc);
+    struct buffer hash = alloc_buf_gc((size_t)EVP_MD_size(sha1), gc);
     X509_digest(cert, EVP_sha1(), BPTR(&hash), NULL);
     ASSERT(buf_inc_len(&hash, EVP_MD_size(sha1)));
     return hash;
@@ -351,7 +351,7 @@
 x509_get_sha256_fingerprint(X509 *cert, struct gc_arena *gc)
 {
     const EVP_MD *sha256 = EVP_sha256();
-    struct buffer hash = alloc_buf_gc(EVP_MD_size(sha256), gc);
+    struct buffer hash = alloc_buf_gc((size_t)EVP_MD_size(sha256), gc);
     X509_digest(cert, EVP_sha256(), BPTR(&hash), NULL);
     ASSERT(buf_inc_len(&hash, EVP_MD_size(sha256)));
     return hash;
diff --git a/src/openvpn/xkey_helper.c b/src/openvpn/xkey_helper.c
index 3820808..9541a7c 100644
--- a/src/openvpn/xkey_helper.c
+++ b/src/openvpn/xkey_helper.c
@@ -351,7 +351,7 @@
         }
     }
 
-    if (tbslen != EVP_MD_size(EVP_get_digestbyname(mdname)))
+    if (tbslen != (size_t)EVP_MD_size(EVP_get_digestbyname(mdname)))
     {
         msg(M_WARN, "Error: encode_pkcs11: invalid input length <%zu>", tbslen);
         goto done;