From cb8155711a18e2c6b4e437ab224a9eb5961dfeda Mon Sep 17 00:00:00 2001
From: Frank Lichtenheld <frank@lichtenheld.com>
Date: Sat, 4 Oct 2025 08:15:38 +0200
Subject: [PATCH] crypto_epoch: Clean up type handling in ovpn_expand_label()

- Add explicit casts where we have checked the value and
  need to put it into a smaller type.
- Adapt some types to actual usage.

Change-Id: Iad717f0ff3c79ae199c8be5f93bc51bf258c68c3
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: MaxF <max@max-fillinger.net>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1218
Message-Id: <20251004061545.7277-1-gert@greenie.muc.de>
URL: https://sourceforge.net/p/openvpn/mailman/message/59242119/
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---
 src/openvpn/crypto_epoch.c | 22 +++++++---------------
 src/openvpn/crypto_epoch.h |  2 +-
 2 files changed, 8 insertions(+), 16 deletions(-)

diff --git a/src/openvpn/crypto_epoch.c b/src/openvpn/crypto_epoch.c
index 7026ff878..f34dc8cc6 100644
--- a/src/openvpn/crypto_epoch.c
+++ b/src/openvpn/crypto_epoch.c
@@ -72,14 +72,9 @@ ovpn_hkdf_expand(const uint8_t *secret, const uint8_t *info, int info_len, uint8
     hmac_ctx_free(hmac_ctx);
 }
 
-#if defined(__GNUC__) || defined(__clang__)
-#pragma GCC diagnostic push
-#pragma GCC diagnostic ignored "-Wconversion"
-#endif
-
 bool
 ovpn_expand_label(const uint8_t *secret, size_t secret_len, const uint8_t *label, size_t label_len,
-                  const uint8_t *context, size_t context_len, uint8_t *out, uint16_t out_len)
+                  const uint8_t *context, size_t context_len, uint8_t *out, int out_len)
 {
     if (secret_len != 32 || label_len > 250 || context_len > 255 || label_len < 1)
     {
@@ -89,22 +84,23 @@ ovpn_expand_label(const uint8_t *secret, size_t secret_len, const uint8_t *label
          * need need to be in range */
         return false;
     }
+    ASSERT(out_len >= 0 && out_len <= UINT16_MAX);
 
     struct gc_arena gc = gc_new();
     /* 2 byte for the outlen encoded as uint16, 5 bytes for "ovpn ",
      * 1 byte for context len byte and 1 byte for label len byte */
     const uint8_t *label_prefix = (const uint8_t *)("ovpn ");
-    int prefix_len = 5;
+    uint8_t prefix_len = 5;
 
-    int hkdf_label_len = 2 + prefix_len + 1 + label_len + 1 + context_len;
+    size_t hkdf_label_len = 2 + prefix_len + 1 + label_len + 1 + context_len;
     struct buffer hkdf_label = alloc_buf_gc(hkdf_label_len, &gc);
 
-    buf_write_u16(&hkdf_label, out_len);
-    buf_write_u8(&hkdf_label, prefix_len + label_len);
+    buf_write_u16(&hkdf_label, (uint16_t)out_len);
+    buf_write_u8(&hkdf_label, prefix_len + (uint8_t)label_len);
     buf_write(&hkdf_label, label_prefix, prefix_len);
     buf_write(&hkdf_label, label, label_len);
 
-    buf_write_u8(&hkdf_label, context_len);
+    buf_write_u8(&hkdf_label, (uint8_t)context_len);
     if (context_len > 0)
     {
         buf_write(&hkdf_label, context, context_len);
@@ -168,10 +164,6 @@ epoch_data_key_derive(struct key_parameters *key, const struct epoch_key *epoch_
     key->epoch = epoch_key->epoch;
 }
 
-#if defined(__GNUC__) || defined(__clang__)
-#pragma GCC diagnostic pop
-#endif
-
 static void
 epoch_init_send_key_ctx(struct crypto_options *co)
 {
diff --git a/src/openvpn/crypto_epoch.h b/src/openvpn/crypto_epoch.h
index 33ca74149..a6fa11623 100644
--- a/src/openvpn/crypto_epoch.h
+++ b/src/openvpn/crypto_epoch.h
@@ -60,7 +60,7 @@ void ovpn_hkdf_expand(const uint8_t *secret, const uint8_t *info, int info_len,
  */
 bool ovpn_expand_label(const uint8_t *secret, size_t secret_len, const uint8_t *label,
                        size_t label_len, const uint8_t *context, size_t context_len, uint8_t *out,
-                       uint16_t out_len);
+                       int out_len);
 
 /**
  * Generate a data channel key pair from the epoch key
-- 
2.47.3