From: Frank Lichtenheld <frank@lichtenheld.com>
Date: Tue, 11 Nov 2025 17:25:23 +0000 (+0100)
Subject: pkcs11: Avoid some conversion warnings
X-Git-Tag: v2.7_rc2~20
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=de82ad64735ac230a8ae7ae31a83164bc60b1fcb;p=thirdparty%2Fopenvpn.git

pkcs11: Avoid some conversion warnings

Since we translate between different APIs
casts are unavoidable. Make sure they are safe.

Change-Id: If3331a2d0477634af077b4c29963dbec6d04e17b
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1296
Message-Id: <20251111172531.7754-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg34328.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpn/pkcs11.c b/src/openvpn/pkcs11.c
index 9afb18164..14118a95d 100644
--- a/src/openvpn/pkcs11.c
+++ b/src/openvpn/pkcs11.c
@@ -53,18 +53,17 @@ __mygettimeofday(struct timeval *tv)
 }
 #endif
 
-#if defined(__GNUC__) || defined(__clang__)
-#pragma GCC diagnostic push
-#pragma GCC diagnostic ignored "-Wconversion"
-#endif
-
 static void
-__mysleep(const unsigned long usec)
+__mysleep(unsigned long usec)
 {
 #if defined(_WIN32)
     Sleep(usec / 1000);
 #else
-    usleep(usec);
+    if (usec > UINT_MAX)
+    {
+        usec = UINT_MAX;
+    }
+    usleep((useconds_t)usec);
 #endif
 }
 
@@ -528,7 +527,13 @@ pkcs11_management_id_get(const int index, char **id, char **base64)
         goto cleanup;
     }
 
-    if (openvpn_base64_encode(certificate_blob, certificate_blob_size, &internal_base64) == -1)
+    if (certificate_blob_size > INT_MAX)
+    {
+        msg(M_WARN, "PKCS#11: Invalid certificate size %zu", certificate_blob_size);
+        goto cleanup;
+    }
+
+    if (openvpn_base64_encode(certificate_blob, (int)certificate_blob_size, &internal_base64) == -1)
     {
         msg(M_WARN, "PKCS#11: Cannot encode certificate");
         goto cleanup;
@@ -563,10 +568,6 @@ cleanup:
     return success;
 }
 
-#if defined(__GNUC__) || defined(__clang__)
-#pragma GCC diagnostic pop
-#endif
-
 int
 tls_ctx_use_pkcs11(struct tls_root_ctx *const ssl_ctx, bool pkcs11_id_management,
                    const char *const pkcs11_id)