pkcs11_openssl: Silence a conversion warning

The only caller of this function uses a constant
for this parameter, so this is all quite safe. Add
an ASSERT for good measure anyway to make the assumption
explicit.

Change-Id: I6079bf9e7f6b37cb2e2d7f28851a77d0b08be995
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1352
Message-Id: <20251106133936.30264-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg34209.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11_openssl.c
index f619b9531eefd8b0d23df51570fa409af9864962..1d527dbdded51c472b508e8b9ec63d1cda6a719d 100644 (file)
--- a/src/openvpn/pkcs11_openssl.c
+++ b/src/openvpn/pkcs11_openssl.c
@@ -428,18 +428,12 @@ cleanup:
     return dn;
 }
 
-#if defined(__GNUC__) || defined(__clang__)
-#pragma GCC diagnostic push
-#pragma GCC diagnostic ignored "-Wconversion"
-#endif
-
 int
 pkcs11_certificate_serial(pkcs11h_certificate_t certificate, char *serial, size_t serial_len)
 {
     X509 *x509 = NULL;
     BIO *bio = NULL;
     int ret = 1;
-    int n;
 
     if ((x509 = pkcs11h_openssl_getX509(certificate)) == NULL)
     {
@@ -454,7 +448,8 @@ pkcs11_certificate_serial(pkcs11h_certificate_t certificate, char *serial, size_
     }
 
     i2a_ASN1_INTEGER(bio, X509_get_serialNumber(x509));
-    n = BIO_read(bio, serial, serial_len - 1);
+    ASSERT(serial_len <= INT_MAX);
+    int n = BIO_read(bio, serial, (int)serial_len - 1);
 
     if (n < 0)
     {
@@ -474,8 +469,4 @@ cleanup:
     return ret;
 }
 
-#if defined(__GNUC__) || defined(__clang__)
-#pragma GCC diagnostic pop
-#endif
-
 #endif /* defined(ENABLE_PKCS11) && defined(ENABLE_OPENSSL) */