Handle return type of EVP_MD_size

author Frank Lichtenheld <frank@lichtenheld.com>

Mon, 22 Sep 2025 20:40:53 +0000 (22:40 +0200)

committer Gert Doering <gert@greenie.muc.de>

Tue, 23 Sep 2025 10:02:16 +0000 (12:02 +0200)
author Frank Lichtenheld <frank@lichtenheld.com>
Mon, 22 Sep 2025 20:40:53 +0000 (22:40 +0200)
committer Gert Doering <gert@greenie.muc.de>
Tue, 23 Sep 2025 10:02:16 +0000 (12:02 +0200)
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c

index 1f95fba1e529b08c3c5727a0d7df365cac9d6cec..2d0265abf4a538d16688de323209eece5da9e955 100644 (file)
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -1273,7 +1273,7 @@ hmac_ctx_init(hmac_ctx_t *ctx, const uint8_t *key, const char *mdname)
  
      /* We need to make a copy of the key since the OSSL parameters
       * only reference it */
-    memcpy(ctx->key, key, EVP_MD_size(kt));
+    memcpy(ctx->key, key, (size_t)EVP_MD_size(kt));
  
      /* Lookup/setting of parameters in OpenSSL 3.0 are string based
       *
@@ -1282,7 +1282,7 @@ hmac_ctx_init(hmac_ctx_t *ctx, const uint8_t *key, const char *mdname)
       * the constness away here.
       */
      ctx->params[0] = OSSL_PARAM_construct_utf8_string("digest", (char *)EVP_MD_get0_name(kt), 0);
-    ctx->params[1] = OSSL_PARAM_construct_octet_string("key", ctx->key, EVP_MD_size(kt));
+    ctx->params[1] = OSSL_PARAM_construct_octet_string("key", ctx->key, (size_t)EVP_MD_size(kt));
      ctx->params[2] = OSSL_PARAM_construct_end();
  
      if (!EVP_MAC_init(ctx->ctx, NULL, 0, ctx->params))
diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c

index 7a7b21ec970becc68a194c337dfacf269609db0a..f1b890297d4ee07df460ed9bb076f4143831103f 100644 (file)
--- a/src/openvpn/ssl_verify_openssl.c
+++ b/src/openvpn/ssl_verify_openssl.c
@@ -341,7 +341,7 @@ struct buffer
  x509_get_sha1_fingerprint(X509 *cert, struct gc_arena *gc)
  {
      const EVP_MD *sha1 = EVP_sha1();
-    struct buffer hash = alloc_buf_gc(EVP_MD_size(sha1), gc);
+    struct buffer hash = alloc_buf_gc((size_t)EVP_MD_size(sha1), gc);
      X509_digest(cert, EVP_sha1(), BPTR(&hash), NULL);
      ASSERT(buf_inc_len(&hash, EVP_MD_size(sha1)));
      return hash;
@@ -351,7 +351,7 @@ struct buffer
  x509_get_sha256_fingerprint(X509 *cert, struct gc_arena *gc)
  {
      const EVP_MD *sha256 = EVP_sha256();
-    struct buffer hash = alloc_buf_gc(EVP_MD_size(sha256), gc);
+    struct buffer hash = alloc_buf_gc((size_t)EVP_MD_size(sha256), gc);
      X509_digest(cert, EVP_sha256(), BPTR(&hash), NULL);
      ASSERT(buf_inc_len(&hash, EVP_MD_size(sha256)));
      return hash;
diff --git a/src/openvpn/xkey_helper.c b/src/openvpn/xkey_helper.c

index 72a24b5340abd66f47b2614f1fd1fd57e078aa1a..29208a09020310ffef8a13bb6ab8305fa13922b0 100644 (file)
--- a/src/openvpn/xkey_helper.c
+++ b/src/openvpn/xkey_helper.c
@@ -351,7 +351,7 @@ encode_pkcs1(unsigned char *enc, size_t *enc_len, const char *mdname, const unsi
          }
      }
  
-    if (tbslen != EVP_MD_size(EVP_get_digestbyname(mdname)))
+    if (tbslen != (size_t)EVP_MD_size(EVP_get_digestbyname(mdname)))
      {
          msg(M_WARN, "Error: encode_pkcs11: invalid input length <%zu>", tbslen);
          goto done;
author	Frank Lichtenheld <frank@lichtenheld.com>
	Mon, 22 Sep 2025 20:40:53 +0000 (22:40 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Tue, 23 Sep 2025 10:02:16 +0000 (12:02 +0200)
src/openvpn/crypto_openssl.c		patch \| blob \| blame \| history
src/openvpn/ssl_verify_openssl.c		patch \| blob \| blame \| history
src/openvpn/xkey_helper.c		patch \| blob \| blame \| history