From: Frank Lichtenheld <frank@lichtenheld.com>
Date: Wed, 8 Oct 2025 09:28:54 +0000 (+0200)
Subject: crypto: Make some casts to int explicit
X-Git-Tag: v2.7_beta3~24
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e0b5ea5db92f450eba60ed5eab632ba2239b1e56;p=thirdparty%2Fopenvpn.git

crypto: Make some casts to int explicit

In all of these cases the cast is safe to do
since we have limits imposed in other ways.

And we want those values as int, so no
alternative to casting.

Change-Id: I3b8dd8d5671e31dba2a23a0a78f36d9dda034b88
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1217
Message-Id: <20251008092859.875-1-gert@greenie.muc.de>
URL: https://sourceforge.net/p/openvpn/mailman/message/59243794/
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 6376c11ab..307d1ee6c 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -186,11 +186,6 @@ err:
     return;
 }
 
-#if defined(__GNUC__) || defined(__clang__)
-#pragma GCC diagnostic push
-#pragma GCC diagnostic ignored "-Wconversion"
-#endif
-
 static void
 openvpn_encrypt_v1(struct buffer *buf, struct buffer work, struct crypto_options *opt)
 {
@@ -302,7 +297,7 @@ openvpn_encrypt_v1(struct buffer *buf, struct buffer work, struct crypto_options
         if (ctx->hmac)
         {
             hmac_ctx_reset(ctx->hmac);
-            hmac_ctx_update(ctx->hmac, hmac_start, BEND(&work) - hmac_start);
+            hmac_ctx_update(ctx->hmac, hmac_start, (int)(BEND(&work) - hmac_start));
             hmac_ctx_final(ctx->hmac, mac_out);
             dmsg(D_PACKET_CONTENT, "ENCRYPT HMAC: %s",
                  format_hex(mac_out, hmac_ctx_size(ctx->hmac), 80, &gc));
@@ -533,7 +528,7 @@ openvpn_decrypt_aead(struct buffer *buf, struct buffer work, struct crypto_optio
         }
     }
 
-    const int ad_size = BPTR(buf) - ad_start;
+    const int ad_size = (int)(BPTR(buf) - ad_start);
 
     uint8_t *tag_ptr = NULL;
     int data_len = 0;
@@ -1366,8 +1361,8 @@ read_key_file(struct key2 *key2, const char *file, const unsigned int flags)
     int state = PARSE_INITIAL;
 
     /* constants */
-    const int hlen = strlen(static_key_head);
-    const int flen = strlen(static_key_foot);
+    const int hlen = (int)strlen(static_key_head);
+    const int flen = (int)strlen(static_key_foot);
     const int onekeylen = sizeof(key2->keys[0]);
 
     CLEAR(*key2);
@@ -1378,7 +1373,9 @@ read_key_file(struct key2 *key2, const char *file, const unsigned int flags)
      */
     if (flags & RKF_INLINE) /* 'file' is a string containing ascii representation of key */
     {
-        size = strlen(file) + 1;
+        size_t buf_size = strlen(file) + 1;
+        ASSERT(buf_size <= INT_MAX);
+        size = (int)buf_size;
         buf_set_read(&in, (const uint8_t *)file, size);
     }
     else /* 'file' is a filename which refers to a file containing the ascii key */
@@ -1537,10 +1534,6 @@ read_key_file(struct key2 *key2, const char *file, const unsigned int flags)
     gc_free(&gc);
 }
 
-#if defined(__GNUC__) || defined(__clang__)
-#pragma GCC diagnostic pop
-#endif
-
 int
 write_key_file(const int nkeys, const char *filename)
 {