From: Arne Schwabe <[email protected]> Change-Id: I88254e985d67234d827b92908079795df23daf20 Signed-off-by: Arne Schwabe <[email protected]> Acked-by: Frank Lichtenheld <[email protected]> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1637 ---
This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1637 This mail reflects revision 1 of this Change. Signed-off-by line for the author was added as per our policy. Acked-by according to Gerrit (reflected above): Frank Lichtenheld <[email protected]> diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index e4cb799..5cc1a7d 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -347,6 +347,4 @@ gitref: v1.70.0 libconfigure: cmake -B build -GNinja -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX="$LIBPREFIX" -DBUILD_SHARED_LIBS=1 libmake: cmake --build build - libinstall: sudo cmake --install build - # not ready for --enable-werror - ovpnconfigureflags: + libinstall: sudo cmake --install build \ No newline at end of file diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index c11cfd8..fa9eb67 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -425,7 +425,7 @@ print_digest(EVP_MD *digest, void *unused) { printf("%s %d bit digest size\n", md_kt_name(EVP_MD_get0_name(digest)), - EVP_MD_size(digest) * 8); + (int)EVP_MD_size(digest) * 8); } void @@ -1025,7 +1025,7 @@ "Message hash algorithm '%s' uses a default hash " "size (%d bytes) which is larger than " PACKAGE_NAME "'s current " "maximum hash size (%d bytes)", - digest, EVP_MD_size(md), MAX_HMAC_KEY_LENGTH); + digest, (int)EVP_MD_size(md), MAX_HMAC_KEY_LENGTH); } return md; } @@ -1144,7 +1144,7 @@ int md_ctx_size(const EVP_MD_CTX *ctx) { - return EVP_MD_CTX_size(ctx); + return (int)EVP_MD_CTX_size(ctx); } void @@ -1188,7 +1188,7 @@ evp_md_type *kt = md_get(mdname); ASSERT(NULL != kt && NULL != ctx); - int key_len = EVP_MD_size(kt); + int key_len = (int)EVP_MD_size(kt); HMAC_CTX_reset(ctx); if (!HMAC_Init_ex(ctx, key, key_len, kt, NULL)) { diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h index ec059ac..b61bcbf 100644 --- a/src/openvpn/openssl_compat.h +++ b/src/openvpn/openssl_compat.h @@ -51,10 +51,14 @@ typedef uint32_t openssl_err_t; typedef size_t openssl_stack_size_t; #define PRI_OPENSSL_STACK "zu" +typedef uint32_t openssl_opt_t; #else typedef unsigned long openssl_err_t; typedef int openssl_stack_size_t; #define PRI_OPENSSL_STACK "d" +/* OpenSSL 4.0 actually uses bits in the upper half of the uint64_t (e.g. + * SSL_OP_PREFER_NO_DHE_KEX), so we really should use an uint64_t here */ +typedef uint64_t openssl_opt_t; #endif diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 6ce5f3f..ef99b22 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -328,7 +328,7 @@ ASSERT(NULL != ctx); /* process SSL options */ - uint64_t sslopt = SSL_OP_SINGLE_DH_USE | SSL_OP_NO_TICKET; + openssl_opt_t sslopt = SSL_OP_SINGLE_DH_USE | SSL_OP_NO_TICKET; #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE sslopt |= SSL_OP_CIPHER_SERVER_PREFERENCE; #endif @@ -1656,7 +1656,7 @@ ecdsa_sign(int type, const unsigned char *dgst, int dgstlen, unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *ec) { - int capacity = ECDSA_size(ec); + int capacity = (int)ECDSA_size(ec); /* * ECDSA does not seem to have proper constants for paddings since * there are only signatures without padding at the moment, use @@ -1672,12 +1672,14 @@ return 0; } +#ifndef OPENSSL_IS_AWSLC /* EC_KEY_METHOD callback: sign_setup(). We do no precomputations */ static int ecdsa_sign_setup(EC_KEY *ec, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) { return 1; } +#endif /* EC_KEY_METHOD callback: sign_sig(). * Sign the hash and return the result as a newly allocated ECDS_SIG @@ -1688,7 +1690,7 @@ EC_KEY *ec) { ECDSA_SIG *ecsig = NULL; - unsigned int len = ECDSA_size(ec); + unsigned int len = (unsigned int)ECDSA_size(ec); struct gc_arena gc = gc_new(); unsigned char *buf = gc_malloc(len, false, &gc); diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c index 6bb61b6..b8648fd 100644 --- a/src/openvpn/ssl_verify_openssl.c +++ b/src/openvpn/ssl_verify_openssl.c @@ -357,7 +357,7 @@ const EVP_MD *sha1 = EVP_sha1(); struct buffer hash = alloc_buf_gc((size_t)EVP_MD_size(sha1), gc); X509_digest(cert, EVP_sha1(), BPTR(&hash), NULL); - ASSERT(buf_inc_len(&hash, EVP_MD_size(sha1))); + ASSERT(buf_inc_len(&hash, (int)EVP_MD_size(sha1))); return hash; } @@ -367,7 +367,7 @@ const EVP_MD *sha256 = EVP_sha256(); struct buffer hash = alloc_buf_gc((size_t)EVP_MD_size(sha256), gc); X509_digest(cert, EVP_sha256(), BPTR(&hash), NULL); - ASSERT(buf_inc_len(&hash, EVP_MD_size(sha256))); + ASSERT(buf_inc_len(&hash, (int)EVP_MD_size(sha256))); return hash; } _______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
