providers: Silence warnings on Win64 builds

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27806)

diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
index 35ecb43598ee9796d9c33a540bc23ef99f5b0a82..1958c6fc3a91e65ead69830dc56f47851cdd72d3 100644 (file)
--- a/providers/fips/self_test_kats.c
+++ b/providers/fips/self_test_kats.c
@@ -82,13 +82,13 @@ static int cipher_init(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
         in_tag = (unsigned char *)t->tag;
 
     return EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)
-           && (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, t->iv_len, NULL) > 0)
+           && (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, (int)t->iv_len, NULL) > 0)
            && (in_tag == NULL
-               || EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, t->tag_len,
+               || EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, (int)t->tag_len,
                                       in_tag) > 0)
            && EVP_CipherInit_ex(ctx, NULL, NULL, t->key, t->iv, enc)
            && EVP_CIPHER_CTX_set_padding(ctx, pad)
-           && EVP_CipherUpdate(ctx, NULL, &tmp, t->aad, t->aad_len);
+           && EVP_CipherUpdate(ctx, NULL, &tmp, t->aad, (int)t->aad_len);
 }
 
 /* Test a single KAT for encrypt/decrypt */
@@ -114,7 +114,7 @@ static int self_test_cipher(const ST_KAT_CIPHER *t, OSSL_SELF_TEST *st,
     if ((t->mode & CIPHER_MODE_ENCRYPT) != 0) {
         if (!cipher_init(ctx, cipher, t, encrypt)
                 || !EVP_CipherUpdate(ctx, ct_buf, &len, t->base.pt,
-                                     t->base.pt_len)
+                                     (int)t->base.pt_len)
                 || !EVP_CipherFinal_ex(ctx, ct_buf + len, &ct_len))
             goto err;
 
@@ -127,7 +127,7 @@ static int self_test_cipher(const ST_KAT_CIPHER *t, OSSL_SELF_TEST *st,
         if (t->tag != NULL) {
             unsigned char tag[16] = { 0 };
 
-            if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, t->tag_len,
+            if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, (int)t->tag_len,
                                      tag) <= 0
                 || memcmp(tag, t->tag, t->tag_len) != 0)
                 goto err;
@@ -138,7 +138,7 @@ static int self_test_cipher(const ST_KAT_CIPHER *t, OSSL_SELF_TEST *st,
     if ((t->mode & CIPHER_MODE_DECRYPT) != 0) {
         if (!(cipher_init(ctx, cipher, t, !encrypt)
               && EVP_CipherUpdate(ctx, pt_buf, &len,
-                                  t->base.expected, t->base.expected_len)
+                                  t->base.expected, (int)t->base.expected_len)
               && EVP_CipherFinal_ex(ctx, pt_buf + len, &pt_len)))
             goto err;
         OSSL_SELF_TEST_oncorrupt_byte(st, pt_buf);
@@ -170,7 +170,7 @@ static int add_params(OSSL_PARAM_BLD *bld, const ST_KAT_PARAM *params,
             BIGNUM *bn = BN_CTX_get(ctx);
 
             if (bn == NULL
-                || (BN_bin2bn(p->data, p->data_len, bn) == NULL)
+                || (BN_bin2bn(p->data, (int)p->data_len, bn) == NULL)
                 || !OSSL_PARAM_BLD_push_BN(bld, p->name, bn))
                 goto err;
             break;

diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
index 6ee127caff80dc86bdfa67508e3ce29dd363aa80..4bc5953b3843521529987ac7e433b1bb97a3c5ba 100644 (file)
--- a/providers/implementations/asymciphers/rsa_enc.c
+++ b/providers/implementations/asymciphers/rsa_enc.c
@@ -195,9 +195,9 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
         }
         ret =
             ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(prsactx->libctx, tbuf,
-                                                    rsasize, in, inlen,
+                                                    rsasize, in, (int)inlen,
                                                     prsactx->oaep_label,
-                                                    prsactx->oaep_labellen,
+                                                    (int)prsactx->oaep_labellen,
                                                     prsactx->oaep_md,
                                                     prsactx->mgf1_md);
 
@@ -209,7 +209,7 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
                                  RSA_NO_PADDING);
         OPENSSL_free(tbuf);
     } else {
-        ret = RSA_public_encrypt(inlen, in, out, prsactx->rsa,
+        ret = RSA_public_encrypt((int)inlen, in, out, prsactx->rsa,
                                  prsactx->pad_mode);
     }
     /* A ret value of 0 is not an error */
@@ -261,7 +261,7 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen,
 
         if ((tbuf = OPENSSL_malloc(len)) == NULL)
             return 0;
-        ret = RSA_private_decrypt(inlen, in, tbuf, prsactx->rsa,
+        ret = RSA_private_decrypt((int)inlen, in, tbuf, prsactx->rsa,
                                   RSA_NO_PADDING);
         /*
          * With no padding then, on success ret should be len, otherwise an
@@ -281,10 +281,10 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen,
                     return 0;
                 }
             }
-            ret = RSA_padding_check_PKCS1_OAEP_mgf1(out, outsize, tbuf,
-                                                    len, len,
+            ret = RSA_padding_check_PKCS1_OAEP_mgf1(out, (int)outsize, tbuf,
+                                                    (int)len, (int)len,
                                                     prsactx->oaep_label,
-                                                    prsactx->oaep_labellen,
+                                                    (int)prsactx->oaep_labellen,
                                                     prsactx->oaep_md,
                                                     prsactx->mgf1_md);
         } else {
@@ -305,7 +305,7 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen,
             pad_mode = RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING;
         else
             pad_mode = prsactx->pad_mode;
-        ret = RSA_private_decrypt(inlen, in, out, prsactx->rsa, pad_mode);
+        ret = RSA_private_decrypt((int)inlen, in, out, prsactx->rsa, pad_mode);
     }
     *outlen = constant_time_select_s(constant_time_msb_s(ret), *outlen, ret);
     ret = constant_time_select_int(constant_time_msb(ret), 0, 1);

diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
index d6e269b217ecae13af6632af06d24933b55da195..5a4789adf961c4c0a5b8881f8e58d480f4f7f10c 100644 (file)
--- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
+++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
@@ -173,11 +173,11 @@ static int aes_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 
     p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD);
     if (p != NULL) {
-        if (p->data_type != OSSL_PARAM_OCTET_STRING) {
+        if (p->data_type != OSSL_PARAM_OCTET_STRING || p->data_size > INT_MAX) {
             ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
             return 0;
         }
-        if (hw->set_tls1_aad(ctx, p->data, p->data_size) <= 0)
+        if (hw->set_tls1_aad(ctx, p->data, (int)p->data_size) <= 0)
             return 0;
     }
 

diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
index 76674d530434aeb7cad3e9dce2e8eb4cc8e732d5..eabd143b9262a27daeab8fb404ebcd6387c65856 100644 (file)
--- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
@@ -50,9 +50,9 @@ static int aesni_cbc_hmac_sha1_init_key(PROV_CIPHER_CTX *vctx,
     PROV_AES_HMAC_SHA1_CTX *sctx = (PROV_AES_HMAC_SHA1_CTX *)vctx;
 
     if (ctx->base.enc)
-        ret = aesni_set_encrypt_key(key, keylen * 8, &ctx->ks);
+        ret = aesni_set_encrypt_key(key, (int)(keylen * 8), &ctx->ks);
     else
-        ret = aesni_set_decrypt_key(key, keylen * 8, &ctx->ks);
+        ret = aesni_set_decrypt_key(key, (int)(keylen * 8), &ctx->ks);
 
     SHA1_Init(&sctx->head);      /* handy when benchmarking */
     sctx->tail = sctx->head;
@@ -87,8 +87,8 @@ static void sha1_update(SHA_CTX *c, const void *data, size_t len)
         sha1_block_data_order(c, ptr, len / SHA_CBLOCK);
 
         ptr += len;
-        c->Nh += len >> 29;
-        c->Nl += len <<= 3;
+        c->Nh += (unsigned int)(len >> 29);
+        c->Nl += (unsigned int)(len <<= 3);
         if (c->Nl < (unsigned int)len)
             c->Nh++;
     }
@@ -405,8 +405,8 @@ static int aesni_cbc_hmac_sha1_cipher(PROV_CIPHER_CTX *vctx,
             blocks *= SHA_CBLOCK;
             aes_off += blocks;
             sha_off += blocks;
-            sctx->md.Nh += blocks >> 29;
-            sctx->md.Nl += blocks <<= 3;
+            sctx->md.Nh += (unsigned int)(blocks >> 29);
+            sctx->md.Nl += (unsigned int)(blocks <<= 3);
             if (sctx->md.Nl < (unsigned int)blocks)
                 sctx->md.Nh++;
         } else {
@@ -427,7 +427,7 @@ static int aesni_cbc_hmac_sha1_cipher(PROV_CIPHER_CTX *vctx,
 
             /* pad the payload|hmac */
             plen += SHA_DIGEST_LENGTH;
-            for (l = len - plen - 1; plen < len; plen++)
+            for (l = (unsigned int)(len - plen - 1); plen < len; plen++)
                 out[plen] = l;
             /* encrypt HMAC|padding at once */
             aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off,
@@ -473,7 +473,7 @@ static int aesni_cbc_hmac_sha1_cipher(PROV_CIPHER_CTX *vctx,
 
             /* figure out payload length */
             pad = out[len - 1];
-            maxpad = len - (SHA_DIGEST_LENGTH + 1);
+            maxpad = (unsigned int)(len - (SHA_DIGEST_LENGTH + 1));
             maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
             maxpad &= 255;
 
@@ -485,12 +485,12 @@ static int aesni_cbc_hmac_sha1_cipher(PROV_CIPHER_CTX *vctx,
              * we'll use the maxpad value instead of the supplied pad to make
              * sure we perform well defined pointer arithmetic.
              */
-            pad = constant_time_select(mask, pad, maxpad);
+            pad = constant_time_select((unsigned int)mask, pad, maxpad);
 
             inp_len = len - (SHA_DIGEST_LENGTH + pad + 1);
 
-            ctx->aux.tls_aad[plen - 2] = inp_len >> 8;
-            ctx->aux.tls_aad[plen - 1] = inp_len;
+            ctx->aux.tls_aad[plen - 2] = (unsigned char)(inp_len >> 8);
+            ctx->aux.tls_aad[plen - 1] = (unsigned char)inp_len;
 
             /* calculate HMAC */
             sctx->md = sctx->head;
@@ -508,7 +508,7 @@ static int aesni_cbc_hmac_sha1_cipher(PROV_CIPHER_CTX *vctx,
             }
 
             /* but pretend as if we hashed padded payload */
-            bitlen = sctx->md.Nl + (inp_len << 3); /* at most 18 bits */
+            bitlen = sctx->md.Nl + (unsigned int)(inp_len << 3); /* at most 18 bits */
 # ifdef BSWAP4
             bitlen = BSWAP4(bitlen);
 # else
@@ -732,7 +732,7 @@ static int aesni_cbc_hmac_sha1_tls1_multiblock_aad(
             if (inp_len >= 8192 && OPENSSL_ia32cap_P[2] & (1 << 5))
                 n4x = 2; /* AVX2 */
         } else if ((n4x = param->interleave / 4) && n4x <= 2)
-            inp_len = param->len;
+            inp_len = (unsigned int)param->len;
         else
             return -1;
 

diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
index f5b2f8b6da32e8c85ef0362935a6a5f423fee601..bc38af9302b99709965bbc463547e2d86b5d35fd 100644 (file)
--- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
@@ -52,9 +52,9 @@ static int aesni_cbc_hmac_sha256_init_key(PROV_CIPHER_CTX *vctx,
     PROV_AES_HMAC_SHA256_CTX *sctx = (PROV_AES_HMAC_SHA256_CTX *)vctx;
 
     if (ctx->base.enc)
-        ret = aesni_set_encrypt_key(key, ctx->base.keylen * 8, &ctx->ks);
+        ret = aesni_set_encrypt_key(key, (int)(ctx->base.keylen * 8), &ctx->ks);
     else
-        ret = aesni_set_decrypt_key(key, ctx->base.keylen * 8, &ctx->ks);
+        ret = aesni_set_decrypt_key(key, (int)(ctx->base.keylen * 8), &ctx->ks);
 
     SHA256_Init(&sctx->head);    /* handy when benchmarking */
     sctx->tail = sctx->head;
@@ -91,8 +91,8 @@ static void sha256_update(SHA256_CTX *c, const void *data, size_t len)
         sha256_block_data_order(c, ptr, len / SHA256_CBLOCK);
 
         ptr += len;
-        c->Nh += len >> 29;
-        c->Nl += len <<= 3;
+        c->Nh += (unsigned int)(len >> 29);
+        c->Nl += (unsigned int)(len <<= 3);
         if (c->Nl < (unsigned int)len)
             c->Nh++;
     }
@@ -443,8 +443,8 @@ static int aesni_cbc_hmac_sha256_cipher(PROV_CIPHER_CTX *vctx,
             blocks *= SHA256_CBLOCK;
             aes_off += blocks;
             sha_off += blocks;
-            sctx->md.Nh += blocks >> 29;
-            sctx->md.Nl += blocks <<= 3;
+            sctx->md.Nh += (unsigned int)(blocks >> 29);
+            sctx->md.Nl += (unsigned int)(blocks <<= 3);
             if (sctx->md.Nl < (unsigned int)blocks)
                 sctx->md.Nh++;
         } else {
@@ -465,7 +465,7 @@ static int aesni_cbc_hmac_sha256_cipher(PROV_CIPHER_CTX *vctx,
 
             /* pad the payload|hmac */
             plen += SHA256_DIGEST_LENGTH;
-            for (l = len - plen - 1; plen < len; plen++)
+            for (l = (unsigned int)(len - plen - 1); plen < len; plen++)
                 out[plen] = l;
             /* encrypt HMAC|padding at once */
             aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off,
@@ -509,7 +509,7 @@ static int aesni_cbc_hmac_sha256_cipher(PROV_CIPHER_CTX *vctx,
 
             /* figure out payload length */
             pad = out[len - 1];
-            maxpad = len - (SHA256_DIGEST_LENGTH + 1);
+            maxpad = (unsigned int)(len - (SHA256_DIGEST_LENGTH + 1));
             maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
             maxpad &= 255;
 
@@ -521,12 +521,12 @@ static int aesni_cbc_hmac_sha256_cipher(PROV_CIPHER_CTX *vctx,
              * we'll use the maxpad value instead of the supplied pad to make
              * sure we perform well defined pointer arithmetic.
              */
-            pad = constant_time_select(mask, pad, maxpad);
+            pad = constant_time_select((unsigned int)mask, pad, maxpad);
 
             inp_len = len - (SHA256_DIGEST_LENGTH + pad + 1);
 
-            ctx->aux.tls_aad[plen - 2] = inp_len >> 8;
-            ctx->aux.tls_aad[plen - 1] = inp_len;
+            ctx->aux.tls_aad[plen - 2] = (unsigned char)(inp_len >> 8);
+            ctx->aux.tls_aad[plen - 1] = (unsigned char)(inp_len);
 
             /* calculate HMAC */
             sctx->md = sctx->head;
@@ -544,7 +544,7 @@ static int aesni_cbc_hmac_sha256_cipher(PROV_CIPHER_CTX *vctx,
             }
 
             /* but pretend as if we hashed padded payload */
-            bitlen = sctx->md.Nl + (inp_len << 3); /* at most 18 bits */
+            bitlen = sctx->md.Nl + (unsigned int)(inp_len << 3); /* at most 18 bits */
 # ifdef BSWAP4
             bitlen = BSWAP4(bitlen);
 # else
@@ -784,7 +784,7 @@ static int aesni_cbc_hmac_sha256_tls1_multiblock_aad(
             if (inp_len >= 8192 && OPENSSL_ia32cap_P[2] & (1 << 5))
                 n4x = 2; /* AVX2 */
         } else if ((n4x = param->interleave / 4) && n4x <= 2)
-            inp_len = param->len;
+            inp_len = (unsigned int)param->len;
         else
             return -1;
 

diff --git a/providers/implementations/ciphers/cipher_aes_ccm_hw.c b/providers/implementations/ciphers/cipher_aes_ccm_hw.c
index b050cf3edd88683ba36db3ee23d7a7d8b6499ea8..c555edb26a0b55f441bb6fd5a77b19360733f6bf 100644 (file)
--- a/providers/implementations/ciphers/cipher_aes_ccm_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_ccm_hw.c
@@ -18,8 +18,9 @@
 #include "cipher_aes_ccm.h"
 
 #define AES_HW_CCM_SET_KEY_FN(fn_set_enc_key, fn_blk, fn_ccm_enc, fn_ccm_dec)  \
-    fn_set_enc_key(key, keylen * 8, &actx->ccm.ks.ks);                         \
-    CRYPTO_ccm128_init(&ctx->ccm_ctx, ctx->m, ctx->l, &actx->ccm.ks.ks,        \
+    fn_set_enc_key(key, (int)(keylen * 8), &actx->ccm.ks.ks);                  \
+    CRYPTO_ccm128_init(&ctx->ccm_ctx, (unsigned int)ctx->m,                    \
+                       (unsigned int)ctx->l, &actx->ccm.ks.ks,                 \
                        (block128_f)fn_blk);                                    \
     ctx->str = ctx->enc ? (ccm128_f)fn_ccm_enc : (ccm128_f)fn_ccm_dec;         \
     ctx->key_set = 1;

diff --git a/providers/implementations/ciphers/cipher_aes_gcm_hw_vaes_avx512.inc b/providers/implementations/ciphers/cipher_aes_gcm_hw_vaes_avx512.inc
index c892c0754e8d52dda620ac274e3d5a6827225290..dbb30ed223746fde0fb7844a7e8f068430fef8f5 100644 (file)
--- a/providers/implementations/ciphers/cipher_aes_gcm_hw_vaes_avx512.inc
+++ b/providers/implementations/ciphers/cipher_aes_gcm_hw_vaes_avx512.inc
@@ -48,7 +48,7 @@ static int vaes_gcm_setkey(PROV_GCM_CTX *ctx, const unsigned char *key,
     PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx;
     AES_KEY *ks = &actx->ks.ks;
 
-    aesni_set_encrypt_key(key, keylen * 8, ks);
+    aesni_set_encrypt_key(key, (int)(keylen * 8), ks);
     memset(gcmctx, 0, sizeof(*gcmctx));
     gcmctx->key = ks;
     ctx->key_set = 1;
@@ -132,7 +132,7 @@ static int vaes_gcm_aadupdate(PROV_GCM_CTX *ctx,
 
     /* Add remaining AAD to the hash (note, the hash is stored reflected) */
     if (aad_len > 0) {
-        ares = aad_len;
+        ares = (unsigned int)aad_len;
         for (i = 0; i < aad_len; i++)
             gcmctx->Xi.c[15 - i] ^= aad[i];
     }

diff --git a/providers/implementations/ciphers/cipher_aes_hw.c b/providers/implementations/ciphers/cipher_aes_hw.c
index a3b72d9f728a09c2b546c2f4a43c45d30d9ae381..28484647d21c71e5efc80f679ee6dc58f5562423 100644 (file)
--- a/providers/implementations/ciphers/cipher_aes_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_hw.c
@@ -44,21 +44,21 @@ static int cipher_hw_aes_initkey(PROV_CIPHER_CTX *dat,
 #endif
 #ifdef BSAES_CAPABLE
         if (BSAES_CAPABLE && dat->mode == EVP_CIPH_CBC_MODE) {
-            ret = AES_set_decrypt_key(key, keylen * 8, ks);
+            ret = AES_set_decrypt_key(key, (int)(keylen * 8), ks);
             dat->block = (block128_f)AES_decrypt;
             dat->stream.cbc = (cbc128_f)ossl_bsaes_cbc_encrypt;
         } else
 #endif
 #ifdef VPAES_CAPABLE
         if (VPAES_CAPABLE) {
-            ret = vpaes_set_decrypt_key(key, keylen * 8, ks);
+            ret = vpaes_set_decrypt_key(key, (int)(keylen * 8), ks);
             dat->block = (block128_f)vpaes_decrypt;
             dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
                               ?(cbc128_f)vpaes_cbc_encrypt : NULL;
         } else
 #endif
         {
-            ret = AES_set_decrypt_key(key, keylen * 8, ks);
+            ret = AES_set_decrypt_key(key, (int)(keylen * 8), ks);
             dat->block = (block128_f)AES_decrypt;
             dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
                               ? (cbc128_f)AES_cbc_encrypt : NULL;
@@ -89,21 +89,21 @@ static int cipher_hw_aes_initkey(PROV_CIPHER_CTX *dat,
 #endif
 #ifdef BSAES_CAPABLE
     if (BSAES_CAPABLE && dat->mode == EVP_CIPH_CTR_MODE) {
-        ret = AES_set_encrypt_key(key, keylen * 8, ks);
+        ret = AES_set_encrypt_key(key, (int)(keylen * 8), ks);
         dat->block = (block128_f)AES_encrypt;
         dat->stream.ctr = (ctr128_f)ossl_bsaes_ctr32_encrypt_blocks;
     } else
 #endif
 #ifdef VPAES_CAPABLE
     if (VPAES_CAPABLE) {
-        ret = vpaes_set_encrypt_key(key, keylen * 8, ks);
+        ret = vpaes_set_encrypt_key(key, (int)(keylen * 8), ks);
         dat->block = (block128_f)vpaes_encrypt;
         dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
                           ? (cbc128_f)vpaes_cbc_encrypt : NULL;
     } else
 #endif
     {
-        ret = AES_set_encrypt_key(key, keylen * 8, ks);
+        ret = AES_set_encrypt_key(key, (int)(keylen * 8), ks);
         dat->block = (block128_f)AES_encrypt;
         dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
                           ? (cbc128_f)AES_cbc_encrypt : NULL;

diff --git a/providers/implementations/ciphers/cipher_aes_hw_aesni.inc b/providers/implementations/ciphers/cipher_aes_hw_aesni.inc
index 33b9046054e9d4ad6fd76f26ef239216947f9011..55083ea7b773a6634cda15357fef3cbec93d1529 100644 (file)
--- a/providers/implementations/ciphers/cipher_aes_hw_aesni.inc
+++ b/providers/implementations/ciphers/cipher_aes_hw_aesni.inc
@@ -29,12 +29,12 @@ static int cipher_hw_aesni_initkey(PROV_CIPHER_CTX *dat,
 
     if ((dat->mode == EVP_CIPH_ECB_MODE || dat->mode == EVP_CIPH_CBC_MODE)
         && !dat->enc) {
-        ret = aesni_set_decrypt_key(key, keylen * 8, ks);
+        ret = aesni_set_decrypt_key(key, (int)(keylen * 8), ks);
         dat->block = (block128_f) aesni_decrypt;
         dat->stream.cbc = dat->mode == EVP_CIPH_CBC_MODE ?
             (cbc128_f) aesni_cbc_encrypt : NULL;
     } else {
-        ret = aesni_set_encrypt_key(key, keylen * 8, ks);
+        ret = aesni_set_encrypt_key(key, (int)(keylen * 8), ks);
         dat->block = (block128_f) aesni_encrypt;
         if (dat->mode == EVP_CIPH_CBC_MODE)
             dat->stream.cbc = (cbc128_f) aesni_cbc_encrypt;

diff --git a/providers/implementations/ciphers/cipher_aes_ocb_hw.c b/providers/implementations/ciphers/cipher_aes_ocb_hw.c
index 00920408b918450a801fbffc997826f41c9f2a01..7e02ef54a3d4a9e0534fad05e677beda7cbf27d1 100644 (file)
--- a/providers/implementations/ciphers/cipher_aes_ocb_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_ocb_hw.c
@@ -19,8 +19,8 @@
                        fn_block_enc, fn_block_dec,                             \
                        fn_stream_enc, fn_stream_dec)                           \
 CRYPTO_ocb128_cleanup(&ctx->ocb);                                              \
-fn_set_enc_key(key, keylen * 8, &ctx->ksenc.ks);                               \
-fn_set_dec_key(key, keylen * 8, &ctx->ksdec.ks);                               \
+fn_set_enc_key(key, (int)(keylen * 8), &ctx->ksenc.ks);                        \
+fn_set_dec_key(key, (int)(keylen * 8), &ctx->ksdec.ks);                        \
 if (!CRYPTO_ocb128_init(&ctx->ocb, &ctx->ksenc.ks, &ctx->ksdec.ks,             \
                         (block128_f)fn_block_enc, (block128_f)fn_block_dec,    \
                         ctx->base.enc ? (ocb128_f)fn_stream_enc :              \

diff --git a/providers/implementations/ciphers/cipher_aes_siv_hw.c b/providers/implementations/ciphers/cipher_aes_siv_hw.c
index 75fd54829c4bd0845a023696676fc8ded1f666aa..fbfb8ec9070f8bf6e19ecb4db178ed2390893bce 100644 (file)
--- a/providers/implementations/ciphers/cipher_aes_siv_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_siv_hw.c
@@ -52,7 +52,7 @@ static int aes_siv_initkey(void *vctx, const unsigned char *key, size_t keylen)
      * klen is the length of the underlying cipher, not the input key,
      * which should be twice as long
      */
-    return ossl_siv128_init(sctx, key, klen, ctx->cbc, ctx->ctr, libctx,
+    return ossl_siv128_init(sctx, key, (int)klen, ctx->cbc, ctx->ctr, libctx,
                               propq);
 }
 

diff --git a/providers/implementations/ciphers/cipher_aes_wrp.c b/providers/implementations/ciphers/cipher_aes_wrp.c
index a3bac9b23d0af9db244d54c38b20a33a533a3746..ea0ac5e85fef5e4e5b6c85b883351a6c2dbf8d6f 100644 (file)
--- a/providers/implementations/ciphers/cipher_aes_wrp.c
+++ b/providers/implementations/ciphers/cipher_aes_wrp.c
@@ -138,10 +138,10 @@ static int aes_wrap_init(void *vctx, const unsigned char *key,
         else
             use_forward_transform = !ctx->enc;
         if (use_forward_transform) {
-            AES_set_encrypt_key(key, keylen * 8, &wctx->ks.ks);
+            AES_set_encrypt_key(key, (int)(keylen * 8), &wctx->ks.ks);
             ctx->block = (block128_f)AES_encrypt;
         } else {
-            AES_set_decrypt_key(key, keylen * 8, &wctx->ks.ks);
+            AES_set_decrypt_key(key, (int)(keylen * 8), &wctx->ks.ks);
             ctx->block = (block128_f)AES_decrypt;
         }
     }
@@ -175,7 +175,7 @@ static int aes_wrap_cipher_internal(void *vctx, unsigned char *out,
         return 0;
 
     /* Input length must always be non-zero */
-    if (inlen == 0) {
+    if (inlen == 0 || inlen > INT_MAX) {
         ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_INPUT_LENGTH);
         return -1;
     }
@@ -198,14 +198,14 @@ static int aes_wrap_cipher_internal(void *vctx, unsigned char *out,
             if (pad)
                 inlen = (inlen + 7) / 8 * 8;
             /* 8 byte prefix */
-            return inlen + 8;
+            return (int)(inlen + 8);
         } else {
             /*
              * If not padding output will be exactly 8 bytes smaller than
              * input. If padding it will be at least 8 bytes smaller but we
              * don't know how much.
              */
-            return inlen - 8;
+            return (int)(inlen - 8);
         }
     }
 

diff --git a/providers/implementations/ciphers/cipher_aes_xts_hw.c b/providers/implementations/ciphers/cipher_aes_xts_hw.c
index b6353f18456bfff783d51e8ba8ca6b53e8d0c11c..10312252e57dc2e08d45aa63bd2a4b24ae207d8e 100644 (file)
--- a/providers/implementations/ciphers/cipher_aes_xts_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_xts_hw.c
@@ -22,13 +22,13 @@
     size_t bits = bytes * 8;                                                   \
                                                                                \
     if (ctx->enc) {                                                            \
-        fn_set_enc_key(key, bits, &xctx->ks1.ks);                              \
+        fn_set_enc_key(key, (int)bits, &xctx->ks1.ks);                         \
         xctx->xts.block1 = (block128_f)fn_block_enc;                           \
     } else {                                                                   \
-        fn_set_dec_key(key, bits, &xctx->ks1.ks);                              \
+        fn_set_dec_key(key, (int)bits, &xctx->ks1.ks);                         \
         xctx->xts.block1 = (block128_f)fn_block_dec;                           \
     }                                                                          \
-    fn_set_enc_key(key + bytes, bits, &xctx->ks2.ks);                          \
+    fn_set_enc_key(key + bytes, (int)bits, &xctx->ks2.ks);                     \
     xctx->xts.block2 = (block128_f)fn_block_enc;                               \
     xctx->xts.key1 = &xctx->ks1;                                               \
     xctx->xts.key2 = &xctx->ks2;                                               \

diff --git a/providers/implementations/ciphers/cipher_aria_ccm_hw.c b/providers/implementations/ciphers/cipher_aria_ccm_hw.c
index e56ec8fb0865c86b2a658165d8d478e8c95f1239..80452295a2bb3c244c18264d68bf5a217b6e0aa8 100644 (file)
--- a/providers/implementations/ciphers/cipher_aria_ccm_hw.c
+++ b/providers/implementations/ciphers/cipher_aria_ccm_hw.c
@@ -18,8 +18,9 @@ static int ccm_aria_initkey(PROV_CCM_CTX *ctx,
 {
     PROV_ARIA_CCM_CTX *actx = (PROV_ARIA_CCM_CTX *)ctx;
 
-    ossl_aria_set_encrypt_key(key, keylen * 8, &actx->ks.ks);
-    CRYPTO_ccm128_init(&ctx->ccm_ctx, ctx->m, ctx->l, &actx->ks.ks,
+    ossl_aria_set_encrypt_key(key, (int)(keylen * 8), &actx->ks.ks);
+    CRYPTO_ccm128_init(&ctx->ccm_ctx, (unsigned int)ctx->m,
+                       (unsigned int)ctx->l, &actx->ks.ks,
                        (block128_f)ossl_aria_encrypt);
     ctx->str = NULL;
     ctx->key_set = 1;

diff --git a/providers/implementations/ciphers/cipher_aria_hw.c b/providers/implementations/ciphers/cipher_aria_hw.c
index 425d87a65eca800056ea1109d8d4b0d9f0bb9fa4..4ebdcfa03d368b654c664d37b0b9674b2f12a58a 100644 (file)
--- a/providers/implementations/ciphers/cipher_aria_hw.c
+++ b/providers/implementations/ciphers/cipher_aria_hw.c
@@ -18,9 +18,9 @@ static int cipher_hw_aria_initkey(PROV_CIPHER_CTX *dat,
     ARIA_KEY *ks = &adat->ks.ks;
 
     if (dat->enc || (mode != EVP_CIPH_ECB_MODE && mode != EVP_CIPH_CBC_MODE))
-        ret = ossl_aria_set_encrypt_key(key, keylen * 8, ks);
+        ret = ossl_aria_set_encrypt_key(key, (int)(keylen * 8), ks);
     else
-        ret = ossl_aria_set_decrypt_key(key, keylen * 8, ks);
+        ret = ossl_aria_set_decrypt_key(key, (int)(keylen * 8), ks);
     if (ret < 0) {
         ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SETUP_FAILED);
         return 0;

diff --git a/providers/implementations/ciphers/cipher_blowfish_hw.c b/providers/implementations/ciphers/cipher_blowfish_hw.c
index 4855a71f687144e6a36ee7823384a624525b8611..35ff0de366a6866e2e15a7da15d53c2c7a602053 100644 (file)
--- a/providers/implementations/ciphers/cipher_blowfish_hw.c
+++ b/providers/implementations/ciphers/cipher_blowfish_hw.c
@@ -20,7 +20,7 @@ static int cipher_hw_blowfish_initkey(PROV_CIPHER_CTX *ctx,
 {
     PROV_BLOWFISH_CTX *bctx =  (PROV_BLOWFISH_CTX *)ctx;
 
-    BF_set_key(&bctx->ks.ks, keylen, key);
+    BF_set_key(&bctx->ks.ks, (int)keylen, key);
     return 1;
 }
 

diff --git a/providers/implementations/ciphers/cipher_camellia_hw.c b/providers/implementations/ciphers/cipher_camellia_hw.c
index 3ebf5b8d461287346b214aef406b07679312b262..7e012e32e9089be7a51bad1e5d62c1464b847fae 100644 (file)
--- a/providers/implementations/ciphers/cipher_camellia_hw.c
+++ b/providers/implementations/ciphers/cipher_camellia_hw.c
@@ -25,7 +25,7 @@ static int cipher_hw_camellia_initkey(PROV_CIPHER_CTX *dat,
     CAMELLIA_KEY *ks = &adat->ks.ks;
 
     dat->ks = ks;
-    ret = Camellia_set_key(key, keylen * 8, ks);
+    ret = Camellia_set_key(key, (int)(keylen * 8), ks);
     if (ret < 0) {
         ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SETUP_FAILED);
         return 0;

diff --git a/providers/implementations/ciphers/cipher_cast5_hw.c b/providers/implementations/ciphers/cipher_cast5_hw.c
index 73f0628e578b3ac739046f1b2186ddd59cafa8f5..2f925bc21a32cb237dec9ea1793f1f4a1747e191 100644 (file)
--- a/providers/implementations/ciphers/cipher_cast5_hw.c
+++ b/providers/implementations/ciphers/cipher_cast5_hw.c
@@ -20,7 +20,7 @@ static int cipher_hw_cast5_initkey(PROV_CIPHER_CTX *ctx,
 {
     PROV_CAST_CTX *bctx =  (PROV_CAST_CTX *)ctx;
 
-    CAST_set_key(&(bctx->ks.ks), keylen, key);
+    CAST_set_key(&(bctx->ks.ks), (int)keylen, key);
     return 1;
 }
 

diff --git a/providers/implementations/ciphers/cipher_rc2.c b/providers/implementations/ciphers/cipher_rc2.c
index c535bd7e9724cb17e2889b93ef98c5c13cb147a7..23ccbb82f7c9ee58a81907188f2212b0a37c840e 100644 (file)
--- a/providers/implementations/ciphers/cipher_rc2.c
+++ b/providers/implementations/ciphers/cipher_rc2.c
@@ -137,9 +137,9 @@ static int rc2_get_ctx_params(void *vctx, OSSL_PARAM params[])
         }
 
         /* Is this the original IV or the running IV? */
-        num = rc2_keybits_to_magic(ctx->key_bits);
-        if (!ASN1_TYPE_set_int_octetstring(type, num,
-                                           ctx->base.iv, ctx->base.ivlen)) {
+        num = rc2_keybits_to_magic((int)ctx->key_bits);
+        if (!ASN1_TYPE_set_int_octetstring(type, num, ctx->base.iv,
+                                           (int)ctx->base.ivlen)) {
             ASN1_TYPE_free(type);
             ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB);
             return 0;
@@ -198,9 +198,9 @@ static int rc2_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 
         if (p->data_type != OSSL_PARAM_OCTET_STRING
             || ctx->base.ivlen > sizeof(iv)
-            || (type = d2i_ASN1_TYPE(NULL, &d, p->data_size)) == NULL
+            || (type = d2i_ASN1_TYPE(NULL, &d, (long)p->data_size)) == NULL
             || ((size_t)ASN1_TYPE_get_int_octetstring(type, &num, iv,
-                                                      ctx->base.ivlen)
+                                                      (int)ctx->base.ivlen)
                 != ctx->base.ivlen)
             || !ossl_cipher_generic_initiv(&ctx->base, iv, ctx->base.ivlen)
             || (ctx->key_bits = rc2_magic_to_keybits(num)) == 0) {

diff --git a/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c b/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c
index 8cce02b1c5afe1558f134d49e87382c972e8bd26..e225664cdbc8cae84da00b270ff314d2a1e2c99e 100644 (file)
--- a/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c
+++ b/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c
@@ -37,7 +37,7 @@ static int cipher_hw_rc4_hmac_md5_initkey(PROV_CIPHER_CTX *bctx,
 {
     PROV_RC4_HMAC_MD5_CTX *ctx = (PROV_RC4_HMAC_MD5_CTX *)bctx;
 
-    RC4_set_key(&ctx->ks.ks, keylen, key);
+    RC4_set_key(&ctx->ks.ks, (int)keylen, key);
     MD5_Init(&ctx->head);       /* handy when benchmarking */
     ctx->tail = ctx->head;
     ctx->md = ctx->head;
@@ -82,8 +82,8 @@ static int cipher_hw_rc4_hmac_md5_cipher(PROV_CIPHER_CTX *bctx,
             blocks *= MD5_CBLOCK;
             rc4_off += blocks;
             md5_off += blocks;
-            ctx->md.Nh += blocks >> 29;
-            ctx->md.Nl += blocks <<= 3;
+            ctx->md.Nh += (unsigned int)(blocks >> 29);
+            ctx->md.Nl += (unsigned int)(blocks <<= 3);
             if (ctx->md.Nl < (unsigned int)blocks)
                 ctx->md.Nh++;
         } else {
@@ -132,7 +132,7 @@ static int cipher_hw_rc4_hmac_md5_cipher(PROV_CIPHER_CTX *bctx,
             if (l < ctx->md.Nl)
                 ctx->md.Nh++;
             ctx->md.Nl = l;
-            ctx->md.Nh += blocks >> 29;
+            ctx->md.Nh += (unsigned int)(blocks >> 29);
         } else {
             md5_off = 0;
             rc4_off = 0;

diff --git a/providers/implementations/ciphers/cipher_rc4_hw.c b/providers/implementations/ciphers/cipher_rc4_hw.c
index 09192b5d5e14e3beadd426a2c30619755b315124..d435dfed2e154e3bc9a2eb0d5aed9f33856cf7d0 100644 (file)
--- a/providers/implementations/ciphers/cipher_rc4_hw.c
+++ b/providers/implementations/ciphers/cipher_rc4_hw.c
@@ -20,7 +20,7 @@ static int cipher_hw_rc4_initkey(PROV_CIPHER_CTX *ctx,
 {
     PROV_RC4_CTX *rctx =  (PROV_RC4_CTX *)ctx;
 
-    RC4_set_key(&rctx->ks.ks, keylen, key);
+    RC4_set_key(&rctx->ks.ks, (int)keylen, key);
     return 1;
 }
 

diff --git a/providers/implementations/ciphers/cipher_rc5_hw.c b/providers/implementations/ciphers/cipher_rc5_hw.c
index 898bd383f95a87c89832de2ff169196082afd4b6..810211c08479f67d1be9152a853112c0835c0a4b 100644 (file)
--- a/providers/implementations/ciphers/cipher_rc5_hw.c
+++ b/providers/implementations/ciphers/cipher_rc5_hw.c
@@ -20,7 +20,7 @@ static int cipher_hw_rc5_initkey(PROV_CIPHER_CTX *ctx,
 {
     PROV_RC5_CTX *rctx = (PROV_RC5_CTX *)ctx;
 
-    return RC5_32_set_key(&rctx->ks.ks, keylen, key, rctx->rounds);
+    return RC5_32_set_key(&rctx->ks.ks, (int)keylen, key, rctx->rounds);
 }
 
 # define PROV_CIPHER_HW_rc5_mode(mode, UCMODE)                                 \

diff --git a/providers/implementations/ciphers/cipher_sm4_ccm_hw.c b/providers/implementations/ciphers/cipher_sm4_ccm_hw.c
index c228276fe0cb900aa4c2f3b7d04671d8bd2b428a..f49670c48ff83137e3d822cadc2930cbef08360a 100644 (file)
--- a/providers/implementations/ciphers/cipher_sm4_ccm_hw.c
+++ b/providers/implementations/ciphers/cipher_sm4_ccm_hw.c
@@ -16,7 +16,8 @@
 
 #define SM4_HW_CCM_SET_KEY_FN(fn_set_enc_key, fn_blk, fn_ccm_enc, fn_ccm_dec)  \
     fn_set_enc_key(key, &actx->ks.ks);                                         \
-    CRYPTO_ccm128_init(&ctx->ccm_ctx, ctx->m, ctx->l, &actx->ks.ks,            \
+    CRYPTO_ccm128_init(&ctx->ccm_ctx, (unsigned int)ctx->m,                    \
+                       (unsigned int)ctx->l, &actx->ks.ks,                     \
                        (block128_f)fn_blk);                                    \
     ctx->str = ctx->enc ? (ccm128_f)fn_ccm_enc : (ccm128_f)fn_ccm_dec;         \
     ctx->key_set = 1;

diff --git a/providers/implementations/ciphers/cipher_tdes_wrap.c b/providers/implementations/ciphers/cipher_tdes_wrap.c
index b48c02ae2581742b1a14c40a453c8483e5f6001c..8dbe31dd1b1520b4d8f42ed2919b142926e3b21d 100644 (file)
--- a/providers/implementations/ciphers/cipher_tdes_wrap.c
+++ b/providers/implementations/ciphers/cipher_tdes_wrap.c
@@ -40,7 +40,7 @@ static int des_ede3_unwrap(PROV_CIPHER_CTX *ctx, unsigned char *out,
     if (inl < 24)
         return -1;
     if (out == NULL)
-        return inl - 16;
+        return (int)(inl - 16);
 
     memcpy(ctx->iv, wrap_iv, 8);
     /* Decrypt first block which will end up as icv */
@@ -66,7 +66,7 @@ static int des_ede3_unwrap(PROV_CIPHER_CTX *ctx, unsigned char *out,
     ctx->hw->cipher(ctx, icv, icv, 8);
     if (ossl_sha1(out, inl - 16, sha1tmp) /* Work out hash of first portion */
             && CRYPTO_memcmp(sha1tmp, icv, 8) == 0)
-        rv = inl - 16;
+        rv = (int)(inl - 16);
     OPENSSL_cleanse(icv, 8);
     OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
     OPENSSL_cleanse(iv, 8);
@@ -85,8 +85,10 @@ static int des_ede3_wrap(PROV_CIPHER_CTX *ctx, unsigned char *out,
     size_t icvlen = TDES_IVLEN;
     size_t len = inl + ivlen + icvlen;
 
+    if (len > INT_MAX)
+        return 0;
     if (out == NULL)
-        return len;
+        return (int)len;
 
     /* Copy input to output buffer + 8 so we have space for IV */
     memmove(out + ivlen, in, inl);
@@ -104,7 +106,7 @@ static int des_ede3_wrap(PROV_CIPHER_CTX *ctx, unsigned char *out,
     BUF_reverse(out, NULL, len);
     memcpy(ctx->iv, wrap_iv, ivlen);
     ctx->hw->cipher(ctx, out, out, len);
-    return len;
+    return (int)len;
 }
 
 static int tdes_wrap_cipher_internal(PROV_CIPHER_CTX *ctx, unsigned char *out,

diff --git a/providers/implementations/ciphers/ciphercommon_ccm.c.in b/providers/implementations/ciphers/ciphercommon_ccm.c.in
index 2303ae949c7e6c5553a4c21b6c5fa98752a28380..28de06389c8dd50c642eb74938c3b1b63612233a 100644 (file)
--- a/providers/implementations/ciphers/ciphercommon_ccm.c.in
+++ b/providers/implementations/ciphers/ciphercommon_ccm.c.in
@@ -50,7 +50,7 @@ static int ccm_tls_init(PROV_CCM_CTX *ctx, unsigned char *aad, size_t alen)
     ctx->buf[alen - 1] = (unsigned char)(len & 0xff);
 
     /* Extra padding: tag appended to record. */
-    return ctx->m;
+    return (int)ctx->m;
 }
 
 static int ccm_tls_iv_set_fixed(PROV_CCM_CTX *ctx, unsigned char *fixed,

diff --git a/providers/implementations/ciphers/ciphercommon_gcm.c.in b/providers/implementations/ciphers/ciphercommon_gcm.c.in
index 43490719561baccf8d9d06b311b0a08a4c177120..f55be80ce18475c8885c6c29fc54c48dc5371d0b 100644 (file)
--- a/providers/implementations/ciphers/ciphercommon_gcm.c.in
+++ b/providers/implementations/ciphers/ciphercommon_gcm.c.in
@@ -409,7 +409,7 @@ int ossl_gcm_cipher(void *vctx,
  */
 static int gcm_iv_generate(PROV_GCM_CTX *ctx, int offset)
 {
-    int sz = ctx->ivlen - offset;
+    int sz = (int)(ctx->ivlen - offset);
 
     /* Must be at least 96 bits */
     if (sz <= 0 || ctx->ivlen < GCM_IV_DEFAULT_SIZE)

diff --git a/providers/implementations/digests/blake2b_prov.c b/providers/implementations/digests/blake2b_prov.c
index 6ef7fac008cc592ef516c20cd3288c3bb89d8259..7b32d798fada6061fecf4a3acbc24d54ebfe7dc3 100644 (file)
--- a/providers/implementations/digests/blake2b_prov.c
+++ b/providers/implementations/digests/blake2b_prov.c
@@ -308,7 +308,7 @@ int ossl_blake2b_final(unsigned char *md, BLAKE2B_CTX *c)
 {
     uint8_t outbuffer[BLAKE2B_OUTBYTES] = {0};
     uint8_t *target = outbuffer;
-    int iter = (c->outlen + 7) / 8;
+    int iter = (int)((c->outlen + 7) / 8);
     int i;
 
     /* Avoid writing to the temporary buffer if possible */

diff --git a/providers/implementations/digests/blake2s_prov.c b/providers/implementations/digests/blake2s_prov.c
index a9251d8996d967bebe1c2ce6f6011ec66b16552a..bec6ea081beb724381435a17dc3f7b992e28d71e 100644 (file)
--- a/providers/implementations/digests/blake2s_prov.c
+++ b/providers/implementations/digests/blake2s_prov.c
@@ -149,7 +149,7 @@ static void blake2s_compress(BLAKE2S_CTX *S,
     uint32_t m[16];
     uint32_t v[16];
     size_t i;
-    size_t increment;
+    uint32_t increment;
 
     /*
      * There are two distinct usage vectors for this function:
@@ -170,7 +170,7 @@ static void blake2s_compress(BLAKE2S_CTX *S,
      * including even zero), which is why following assignment doesn't
      * have to reside inside the main loop below.
      */
-    increment = len < BLAKE2S_BLOCKBYTES ? len : BLAKE2S_BLOCKBYTES;
+    increment = len < BLAKE2S_BLOCKBYTES ? (uint32_t)len : BLAKE2S_BLOCKBYTES;
 
     for (i = 0; i < 8; ++i) {
         v[i] = S->h[i];
@@ -296,7 +296,7 @@ int ossl_blake2s_final(unsigned char *md, BLAKE2S_CTX *c)
 {
     uint8_t outbuffer[BLAKE2S_OUTBYTES] = {0};
     uint8_t *target = outbuffer;
-    int iter = (c->outlen + 3) / 4;
+    int iter = (int)((c->outlen + 3) / 4);
     int i;
 
     /* Avoid writing to the temporary buffer if possible */

diff --git a/providers/implementations/digests/md5_sha1_prov.c b/providers/implementations/digests/md5_sha1_prov.c
index 9735c3f7e40f80f63b9f5157ffcd754cff9903f1..ef15944c8ce185d367780b3e7a0865d75f0de12a 100644 (file)
--- a/providers/implementations/digests/md5_sha1_prov.c
+++ b/providers/implementations/digests/md5_sha1_prov.c
@@ -50,7 +50,7 @@ static int md5_sha1_set_ctx_params(void *vctx, const OSSL_PARAM params[])
     p = OSSL_PARAM_locate_const(params, OSSL_DIGEST_PARAM_SSL3_MS);
     if (p != NULL && p->data_type == OSSL_PARAM_OCTET_STRING)
         return ossl_md5_sha1_ctrl(ctx, EVP_CTRL_SSL3_MASTER_SECRET,
-                                  p->data_size, p->data);
+                                  (int)p->data_size, p->data);
     return 1;
 }
 

diff --git a/providers/implementations/digests/sha2_prov.c b/providers/implementations/digests/sha2_prov.c
index 4c35586b00edb23337fa22d682fcf820d3a9455e..afe4851a40881884a53ed2576b77514b56599ab6 100644 (file)
--- a/providers/implementations/digests/sha2_prov.c
+++ b/providers/implementations/digests/sha2_prov.c
@@ -52,7 +52,7 @@ static int sha1_set_ctx_params(void *vctx, const OSSL_PARAM params[])
     p = OSSL_PARAM_locate_const(params, OSSL_DIGEST_PARAM_SSL3_MS);
     if (p != NULL && p->data_type == OSSL_PARAM_OCTET_STRING)
         return ossl_sha1_ctrl(ctx, EVP_CTRL_SSL3_MASTER_SECRET,
-                              p->data_size, p->data);
+                              (int)p->data_size, p->data);
     return 1;
 }
 

diff --git a/providers/implementations/encode_decode/decode_epki2pki.c b/providers/implementations/encode_decode/decode_epki2pki.c
index aecf2eb4f2b44a2d4072e3a0c94708b2c9b2d145..2154d9e3d3da18b11f65ae9bda383ee91f357ae4 100644 (file)
--- a/providers/implementations/encode_decode/decode_epki2pki.c
+++ b/providers/implementations/encode_decode/decode_epki2pki.c
@@ -140,7 +140,7 @@ int ossl_epki2pki_der_decode(unsigned char *der, long der_len, int selection,
             int new_der_len = 0;
 
             X509_SIG_get0(p8, &alg, &oct);
-            if (!PKCS12_pbe_crypt_ex(alg, pbuf, plen,
+            if (!PKCS12_pbe_crypt_ex(alg, pbuf, (int)plen,
                                      oct->data, oct->length,
                                      &new_der, &new_der_len, 0,
                                      libctx, propq)) {

diff --git a/providers/implementations/encode_decode/encode_key2any.c b/providers/implementations/encode_decode/encode_key2any.c
index 67a11590034aa62caae739b5d5c2f44c4adf7e87..10b1d10ee172acc023bf81e62401e1dfe9edd1b5 100644 (file)
--- a/providers/implementations/encode_decode/encode_key2any.c
+++ b/providers/implementations/encode_decode/encode_key2any.c
@@ -124,7 +124,8 @@ static X509_SIG *p8info_to_encp8(PKCS8_PRIV_KEY_INFO *p8info,
         return NULL;
     }
     /* First argument == -1 means "standard" */
-    p8 = PKCS8_encrypt_ex(-1, ctx->cipher, kstr, klen, NULL, 0, 0, p8info, libctx, NULL);
+    p8 = PKCS8_encrypt_ex(-1, ctx->cipher, kstr, (int)klen, NULL, 0, 0, p8info,
+                          libctx, NULL);
     OPENSSL_cleanse(kstr, klen);
     return p8;
 }
@@ -803,7 +804,7 @@ static int ecx_spki_pub_to_der(const void *vecxkey, unsigned char **pder,
         return 0;
 
     *pder = keyblob;
-    return ecxkey->keylen;
+    return (int)ecxkey->keylen;
 }
 
 static int ecx_pki_priv_to_der(const void *vecxkey, unsigned char **pder,
@@ -819,7 +820,7 @@ static int ecx_pki_priv_to_der(const void *vecxkey, unsigned char **pder,
     }
 
     oct.data = ecxkey->privkey;
-    oct.length = ecxkey->keylen;
+    oct.length = (int)ecxkey->keylen;
     oct.flags = 0;
 
     keybloblen = i2d_ASN1_OCTET_STRING(&oct, pder);
@@ -1043,7 +1044,7 @@ static int slh_dsa_spki_pub_to_der(const void *vkey, unsigned char **pder,
         return 0;
 
     *pder = key_blob;
-    return key_len;
+    return (int)key_len;
 }
 
 static int slh_dsa_pki_priv_to_der(const void *vkey, unsigned char **pder,
@@ -1062,7 +1063,7 @@ static int slh_dsa_pki_priv_to_der(const void *vkey, unsigned char **pder,
             && ((*pder = OPENSSL_memdup(ossl_slh_dsa_key_get_priv(key), len)) == NULL))
         return 0;
 
-    return len;
+    return (int)len;
 }
 # define slh_dsa_epki_priv_to_der slh_dsa_pki_priv_to_der
 

diff --git a/providers/implementations/encode_decode/ml_dsa_codecs.c b/providers/implementations/encode_decode/ml_dsa_codecs.c
index dd54137fe5005e037876eb2085a8cfd1815468ec..9f94a789d91cb91c90ac8772e1d8e3260273618d 100644 (file)
--- a/providers/implementations/encode_decode/ml_dsa_codecs.c
+++ b/providers/implementations/encode_decode/ml_dsa_codecs.c
@@ -328,14 +328,14 @@ int ossl_ml_dsa_i2d_prvkey(const ML_DSA_KEY *key, uint8_t **out,
                        params->alg);
         goto end;
     }
-    len = p8fmt->p8_bytes;
+    len = (int)p8fmt->p8_bytes;
 
     if (out == NULL) {
         ret = len;
         goto end;
     }
 
-    if ((pos = buf = OPENSSL_malloc((size_t) len)) == NULL)
+    if ((pos = buf = OPENSSL_malloc((size_t)len)) == NULL)
         goto end;
 
     switch (p8fmt->p8_shift) {

diff --git a/providers/implementations/encode_decode/ml_kem_codecs.c b/providers/implementations/encode_decode/ml_kem_codecs.c
index fe0c8acc7e6385a85c8d26ff2fe0c45a96b566ac..f2ade8790969c30bf593794c0d272f830143f1a4 100644 (file)
--- a/providers/implementations/encode_decode/ml_kem_codecs.c
+++ b/providers/implementations/encode_decode/ml_kem_codecs.c
@@ -345,14 +345,14 @@ int ossl_ml_kem_i2d_prvkey(const ML_KEM_KEY *key, uint8_t **out,
                        v->algorithm_name);
         goto end;
     }
-    len = p8fmt->p8_bytes;
+    len = (int)p8fmt->p8_bytes;
 
     if (out == NULL) {
         ret = len;
         goto end;
     }
 
-    if ((pos = buf = OPENSSL_malloc((size_t) len)) == NULL)
+    if ((pos = buf = OPENSSL_malloc((size_t)len)) == NULL)
         goto end;
 
     switch (p8fmt->p8_shift) {

diff --git a/providers/implementations/include/prov/ciphercommon_gcm.h b/providers/implementations/include/prov/ciphercommon_gcm.h
index e447b892374ddde0da34d3c492e848c49a5b142e..d740da4b85ec55a9d175fc4ec1fbd31bd830a1ee 100644 (file)
--- a/providers/implementations/include/prov/ciphercommon_gcm.h
+++ b/providers/implementations/include/prov/ciphercommon_gcm.h
@@ -127,8 +127,8 @@ int ossl_gcm_one_shot(PROV_GCM_CTX *ctx, unsigned char *aad, size_t aad_len,
 int ossl_gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in,
                            size_t len, unsigned char *out);
 
-# define GCM_HW_SET_KEY_CTR_FN(ks, fn_set_enc_key, fn_block, fn_ctr)            \
-    fn_set_enc_key(key, keylen * 8, ks);                                       \
+# define GCM_HW_SET_KEY_CTR_FN(ks, fn_set_enc_key, fn_block, fn_ctr)           \
+    fn_set_enc_key(key, (int)(keylen * 8), ks);                                \
     CRYPTO_gcm128_init(&ctx->gcm, ks, (block128_f)fn_block);                   \
     ctx->ctr = (ctr128_f)fn_ctr;                                               \
     ctx->key_set = 1;

diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c
index f1d4a44f67fee4a258ca2992f3d20fe2ae652e97..f5306d606823f9a2a041954dfdeb307daaccfeee 100644 (file)
--- a/providers/implementations/kdfs/hkdf.c
+++ b/providers/implementations/kdfs/hkdf.c
@@ -638,7 +638,7 @@ static int HKDF_Expand(const EVP_MD *evp_md,
     if ((hmac = HMAC_CTX_new()) == NULL)
         return 0;
 
-    if (!HMAC_Init_ex(hmac, prk, prk_len, evp_md, NULL))
+    if (!HMAC_Init_ex(hmac, prk, (int)prk_len, evp_md, NULL))
         goto err;
 
     for (i = 1; i <= n; i++) {

diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c
index 9ba834ac36d666b66ed7cb740c5fea5e50cd7aec..dc386db7399639b8b5db1e7599966818c0cc0e1e 100644 (file)
--- a/providers/implementations/kdfs/kbkdf.c
+++ b/providers/implementations/kdfs/kbkdf.c
@@ -347,7 +347,7 @@ static int kbkdf_derive(void *vctx, unsigned char *key, size_t keylen,
     }
 
     if (ctx->use_l != 0)
-        l = be32(keylen * 8);
+        l = be32((uint32_t)(keylen * 8));
 
     k_i = OPENSSL_zalloc(h);
     if (k_i == NULL)

diff --git a/providers/implementations/kdfs/krb5kdf.c b/providers/implementations/kdfs/krb5kdf.c
index 566afa74fece268e1e4f57c31a790de47cb50697..9022da6d770c82ff56a51668da2eba65d64175f6 100644 (file)
--- a/providers/implementations/kdfs/krb5kdf.c
+++ b/providers/implementations/kdfs/krb5kdf.c
@@ -284,7 +284,7 @@ static int fixup_des3_key(unsigned char *key)
  * finally add carry if any
  */
 static void n_fold(unsigned char *block, unsigned int blocksize,
-                   const unsigned char *constant, size_t constant_len)
+                   const unsigned char *constant, unsigned int constant_len)
 {
     unsigned int tmp, gcd, remainder, lcm, carry;
     int b, l;
@@ -356,7 +356,7 @@ static int cipher_init(EVP_CIPHER_CTX *ctx,
     /* set the key len for the odd variable key len cipher */
     klen = EVP_CIPHER_CTX_get_key_length(ctx);
     if (key_len != (size_t)klen) {
-        ret = EVP_CIPHER_CTX_set_key_length(ctx, key_len);
+        ret = EVP_CIPHER_CTX_set_key_length(ctx, (int)key_len);
         if (ret <= 0) {
             ret = 0;
             goto out;
@@ -428,7 +428,7 @@ static int KRB5KDF(const EVP_CIPHER *cipher, ENGINE *engine,
         goto out;
     }
 
-    n_fold(block, blocksize, constant, constant_len);
+    n_fold(block, (unsigned int)blocksize, constant, (unsigned int)constant_len);
     plainblock = block;
     cipherblock = block + EVP_MAX_BLOCK_LENGTH;
 
@@ -436,7 +436,7 @@ static int KRB5KDF(const EVP_CIPHER *cipher, ENGINE *engine,
         int olen;
 
         ret = EVP_EncryptUpdate(ctx, cipherblock, &olen,
-                                plainblock, blocksize);
+                                plainblock, (int)blocksize);
         if (!ret)
             goto out;
         cipherlen = olen;

diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c
index 6ec8e2f7656ce9948f50272c8004712a5b9402b3..e612323d6329b910330f922a0bd128fac5fa6020 100644 (file)
--- a/providers/implementations/kdfs/pbkdf2.c
+++ b/providers/implementations/kdfs/pbkdf2.c
@@ -272,7 +272,7 @@ static int kdf_pbkdf2_derive(void *vctx, unsigned char *key, size_t keylen,
 
     md = ossl_prov_digest_md(&ctx->digest);
     return pbkdf2_derive(ctx, (char *)ctx->pass, ctx->pass_len,
-                         ctx->salt, ctx->salt_len, ctx->iter,
+                         ctx->salt, (int)ctx->salt_len, ctx->iter,
                          md, key, keylen, ctx->lower_bound_checks);
 }
 
@@ -314,7 +314,7 @@ static int kdf_pbkdf2_set_ctx_params(void *vctx, const OSSL_PARAM params[])
             return 0;
 
     if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SALT)) != NULL) {
-        if (!lower_bound_check_passed(ctx, p->data_size, UINT64_MAX, SIZE_MAX,
+        if (!lower_bound_check_passed(ctx, (int)p->data_size, UINT64_MAX, SIZE_MAX,
                                       ctx->lower_bound_checks))
             return 0;
         if (!pbkdf2_set_membuf(&ctx->salt, &ctx->salt_len, p))
@@ -428,8 +428,8 @@ static int pbkdf2_derive(KDF_PBKDF2 *ctx, const char *pass, size_t passlen,
     if (hctx_tpl == NULL)
         return 0;
     p = key;
-    tkeylen = keylen;
-    if (!HMAC_Init_ex(hctx_tpl, pass, passlen, digest, NULL))
+    tkeylen = (int)keylen;
+    if (!HMAC_Init_ex(hctx_tpl, pass, (int)passlen, digest, NULL))
         goto err;
     hctx = HMAC_CTX_new();
     if (hctx == NULL)

diff --git a/providers/implementations/kdfs/scrypt.c b/providers/implementations/kdfs/scrypt.c
index e27b09eb99a4873846fd38f9dfce5105e48699fe..2e94538cc0cff3f374c0c0244dc3bfda0d94b1df 100644 (file)
--- a/providers/implementations/kdfs/scrypt.c
+++ b/providers/implementations/kdfs/scrypt.c
@@ -527,15 +527,15 @@ static int scrypt_alg(const char *pass, size_t passlen,
     X = (uint32_t *)(B + Blen);
     T = X + 32 * r;
     V = T + 32 * r;
-    if (ossl_pkcs5_pbkdf2_hmac_ex(pass, passlen, salt, saltlen, 1, sha256,
-                                  (int)Blen, B, libctx, propq) == 0)
+    if (ossl_pkcs5_pbkdf2_hmac_ex(pass, (int)passlen, salt, (int)saltlen, 1,
+                                  sha256, (int)Blen, B, libctx, propq) == 0)
         goto err;
 
     for (i = 0; i < p; i++)
         scryptROMix(B + 128 * r * i, r, N, X, T, V);
 
-    if (ossl_pkcs5_pbkdf2_hmac_ex(pass, passlen, B, (int)Blen, 1, sha256,
-                                  keylen, key, libctx, propq) == 0)
+    if (ossl_pkcs5_pbkdf2_hmac_ex(pass, (int)passlen, B, (int)Blen, 1, sha256,
+                                  (int)keylen, key, libctx, propq) == 0)
         goto err;
     rv = 1;
  err:

diff --git a/providers/implementations/kdfs/x942kdf.c b/providers/implementations/kdfs/x942kdf.c
index 63164d8b8fbe8b26c7c9fd2348260bc1e0ea48d9..996d5a9e0e91c8cd484d73f7e59d215f9c9e575d 100644 (file)
--- a/providers/implementations/kdfs/x942kdf.c
+++ b/providers/implementations/kdfs/x942kdf.c
@@ -217,7 +217,7 @@ x942_encode_otherinfo(size_t keylen,
     /* keylenbits must fit into 4 bytes */
     if (keylen > 0xFFFFFF)
         return 0;
-    keylen_bits = 8 * keylen;
+    keylen_bits = (uint32_t)(8 * keylen);
 
     /* Calculate the size of the buffer */
     if (!der_encode_sharedinfo(&pkt, NULL, 0, cek_oid, cek_oid_len,

diff --git a/providers/implementations/kem/ec_kem.c b/providers/implementations/kem/ec_kem.c
index 975f41144ad00c875e17f23fab3d66f305a88367..a48cbcaa34bc72cc0ef897ac47545300574a2365 100644 (file)
--- a/providers/implementations/kem/ec_kem.c
+++ b/providers/implementations/kem/ec_kem.c
@@ -430,7 +430,7 @@ int ossl_ec_dhkem_derive_private(EC_KEY *ec, BIGNUM *priv,
                                       &counter, 1))
             goto err;
         privbuf[0] &= info->bitmask;
-        if (BN_bin2bn(privbuf, info->Nsk, priv) == NULL)
+        if (BN_bin2bn(privbuf, (int)info->Nsk, priv) == NULL)
             goto err;
         if (counter == 0xFF) {
             ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GENERATE_KEY);
@@ -576,7 +576,8 @@ static int derive_secret(PROV_EC_CTX *ctx, unsigned char *secret,
     size_t encodedprivlen = info->Nsk;
     int auth = ctx->sender_authkey != NULL;
 
-    if (!generate_ecdhkm(privkey1, peerkey1, dhkm, sizeof(dhkm), encodedprivlen))
+    if (!generate_ecdhkm(privkey1, peerkey1, dhkm, sizeof(dhkm),
+                         (unsigned int)encodedprivlen))
         goto err;
     dhkmlen = encodedprivlen;
     kemctxlen = 2 * encodedpublen;
@@ -594,7 +595,7 @@ static int derive_secret(PROV_EC_CTX *ctx, unsigned char *secret,
         }
         if (!generate_ecdhkm(privkey2, peerkey2,
                              dhkm + dhkmlen, sizeof(dhkm) - dhkmlen,
-                             encodedprivlen))
+                             (unsigned int)encodedprivlen))
             goto err;
         dhkmlen += encodedprivlen;
         kemctxlen += encodedpublen;

diff --git a/providers/implementations/kem/ecx_kem.c b/providers/implementations/kem/ecx_kem.c
index 823662dd37c32b84c2d762b75a055963d63a9c1c..b158fbce422b231aa025d12a0eb476c5f759b679 100644 (file)
--- a/providers/implementations/kem/ecx_kem.c
+++ b/providers/implementations/kem/ecx_kem.c
@@ -485,7 +485,8 @@ static int derive_secret(PROV_ECX_CTX *ctx, unsigned char *secret,
     int auth = ctx->sender_authkey != NULL;
     size_t encodedkeylen = info->Npk;
 
-    if (!generate_ecxdhkm(privkey1, peerkey1, dhkm, sizeof(dhkm), encodedkeylen))
+    if (!generate_ecxdhkm(privkey1, peerkey1, dhkm, sizeof(dhkm),
+                          (unsigned int)encodedkeylen))
         goto err;
     dhkmlen = encodedkeylen;
 
@@ -493,7 +494,7 @@ static int derive_secret(PROV_ECX_CTX *ctx, unsigned char *secret,
     if (auth) {
         if (!generate_ecxdhkm(privkey2, peerkey2,
                               dhkm + dhkmlen, sizeof(dhkm) - dhkmlen,
-                              encodedkeylen))
+                              (unsigned int)encodedkeylen))
             goto err;
         /* Get the public key of the auth sender in encoded form */
         sender_authpub = ecx_pubkey(ctx->sender_authkey);

diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c
index 7494dcc0107fae467fd9c31ca3bbc769f130d7d6..d7654883bbf149179caa9396d2ff4ba645096a19 100644 (file)
--- a/providers/implementations/kem/rsa_kem.c
+++ b/providers/implementations/kem/rsa_kem.c
@@ -312,11 +312,12 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx,
      * Step (2): Generate a random byte string z of nlen bytes where
      *            1 < z < n - 1
      */
-    if (!rsasve_gen_rand_bytes(prsactx->rsa, secret, nlen))
+    if (!rsasve_gen_rand_bytes(prsactx->rsa, secret, (int)nlen))
         return 0;
 
     /* Step(3): out = RSAEP((n,e), z) */
-    ret = RSA_public_encrypt(nlen, secret, out, prsactx->rsa, RSA_NO_PADDING);
+    ret = RSA_public_encrypt((int)nlen, secret, out, prsactx->rsa,
+                             RSA_NO_PADDING);
     if (ret) {
         ret = 1;
         if (outlen != NULL)
@@ -389,7 +390,7 @@ static int rsasve_recover(PROV_RSA_CTX *prsactx,
     }
 
     /* Step (3): out = RSADP((n,d), in) */
-    ret = RSA_private_decrypt(inlen, in, out, prsactx->rsa, RSA_NO_PADDING);
+    ret = RSA_private_decrypt((int)inlen, in, out, prsactx->rsa, RSA_NO_PADDING);
     if (ret > 0 && outlen != NULL)
         *outlen = ret;
     return ret > 0;

diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
index b2823cbab08bade30bb685d848fe28b5614df2f4..a8c552c8a5527c60b2c3e19ecd0e62d6c339eba1 100644 (file)
--- a/providers/implementations/keymgmt/dh_kmgmt.c
+++ b/providers/implementations/keymgmt/dh_kmgmt.c
@@ -734,7 +734,7 @@ static void *dh_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
             && gctx->ffc_params == NULL) {
         /* Select a named group if there is not one already */
         if (gctx->group_nid == NID_undef)
-            gctx->group_nid = ossl_dh_get_named_group_uid_from_size(gctx->pbits);
+            gctx->group_nid = ossl_dh_get_named_group_uid_from_size((int)gctx->pbits);
         if (gctx->group_nid == NID_undef)
             return NULL;
         dh = ossl_dh_new_by_nid_ex(gctx->libctx, gctx->group_nid);
@@ -776,12 +776,12 @@ static void *dh_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
              * group based on pbits.
              */
             if (gctx->gen_type == DH_PARAMGEN_TYPE_GENERATOR)
-                ret = DH_generate_parameters_ex(dh, gctx->pbits,
+                ret = DH_generate_parameters_ex(dh, (int)gctx->pbits,
                                                 gctx->generator, gencb);
             else
                 ret = ossl_dh_generate_ffc_parameters(dh, gctx->gen_type,
-                                                      gctx->pbits, gctx->qbits,
-                                                      gencb);
+                                                      (int)gctx->pbits,
+                                                      (int)gctx->qbits, gencb);
             if (ret <= 0)
                 goto end;
         }

diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c
index 3c5649d7e7d171d985c2585365cbdbff9f7cd40e..f506b04830f5599e3a4b624cc927d6828a9bca67 100644 (file)
--- a/providers/implementations/keymgmt/dsa_kmgmt.c
+++ b/providers/implementations/keymgmt/dsa_kmgmt.c
@@ -666,8 +666,8 @@ static void *dsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
     if ((gctx->selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
 
          if (ossl_dsa_generate_ffc_parameters(dsa, gctx->gen_type,
-                                              gctx->pbits, gctx->qbits,
-                                              gencb) <= 0)
+                                              (int)gctx->pbits,
+                                              (int)gctx->qbits, gencb) <= 0)
              goto end;
     }
     ossl_ffc_params_enable_flags(ffc, FFC_PARAM_FLAG_VALIDATE_LEGACY,

diff --git a/providers/implementations/keymgmt/ml_dsa_kmgmt.c.in b/providers/implementations/keymgmt/ml_dsa_kmgmt.c.in
index 841def9c49c9b7b7011cf20c97d1f563424ff04d..875abdbf38b8dd13d524991c5098bb92d719f363 100644 (file)
--- a/providers/implementations/keymgmt/ml_dsa_kmgmt.c.in
+++ b/providers/implementations/keymgmt/ml_dsa_kmgmt.c.in
@@ -320,15 +320,15 @@ static int ml_dsa_get_params(void *keydata, OSSL_PARAM params[])
     struct ml_dsa_get_params_st p = ml_dsa_get_params_decoder(params);
 
     if (p.bits != NULL
-            && !OSSL_PARAM_set_int(p.bits, 8 * ossl_ml_dsa_key_get_pub_len(key)))
+            && !OSSL_PARAM_set_size_t(p.bits, 8 * ossl_ml_dsa_key_get_pub_len(key)))
         return 0;
 
     if (p.secbits != NULL
-            && !OSSL_PARAM_set_int(p.secbits, ossl_ml_dsa_key_get_collision_strength_bits(key)))
+            && !OSSL_PARAM_set_size_t(p.secbits, ossl_ml_dsa_key_get_collision_strength_bits(key)))
         return 0;
 
     if (p.maxsize != NULL
-            && !OSSL_PARAM_set_int(p.maxsize, ossl_ml_dsa_key_get_sig_len(key)))
+            && !OSSL_PARAM_set_size_t(p.maxsize, ossl_ml_dsa_key_get_sig_len(key)))
         return 0;
 
     if (p.seccat != NULL

diff --git a/providers/implementations/keymgmt/ml_kem_kmgmt.c.in b/providers/implementations/keymgmt/ml_kem_kmgmt.c.in
index 775a66c364784f65d8c0e94f76eb8c0be764e3f4..12d9baa2c1df554ae63a8ea4e1105aac5e9b8c43 100644 (file)
--- a/providers/implementations/keymgmt/ml_kem_kmgmt.c.in
+++ b/providers/implementations/keymgmt/ml_kem_kmgmt.c.in
@@ -572,13 +572,13 @@ static int ml_kem_get_params(void *vkey, OSSL_PARAM params[])
     const ML_KEM_VINFO *v = ossl_ml_kem_key_vinfo(key);
     struct ml_kem_get_params_st p = ml_kem_get_params_decoder(params);
 
-    if (p.bits != NULL && !OSSL_PARAM_set_int(p.bits, v->bits))
+    if (p.bits != NULL && !OSSL_PARAM_set_size_t(p.bits, v->bits))
         return 0;
 
-    if (p.secbits != NULL && !OSSL_PARAM_set_int(p.secbits, v->secbits))
+    if (p.secbits != NULL && !OSSL_PARAM_set_size_t(p.secbits, v->secbits))
         return 0;
 
-    if (p.maxsize != NULL && !OSSL_PARAM_set_int(p.maxsize, v->ctext_bytes))
+    if (p.maxsize != NULL && !OSSL_PARAM_set_size_t(p.maxsize, v->ctext_bytes))
         return 0;
 
     if (p.seccat != NULL && !OSSL_PARAM_set_int(p.seccat, v->security_category))

diff --git a/providers/implementations/keymgmt/mlx_kmgmt.c.in b/providers/implementations/keymgmt/mlx_kmgmt.c.in
index 6d497910ba360ededc89b6dd03de65ed10048776..9ea8eaf72398256bef5719c4ff6cdfa145994c8a 100644 (file)
--- a/providers/implementations/keymgmt/mlx_kmgmt.c.in
+++ b/providers/implementations/keymgmt/mlx_kmgmt.c.in
@@ -387,13 +387,15 @@ load_keys(MLX_KEY *key,
             /* Ignore public keys when private provided */
             if (!load_slot(key->libctx, key->propq, OSSL_PKEY_PARAM_PRIV_KEY,
                            minimal_selection, key, slot, prvenc,
-                           key->minfo->prvkey_bytes, key->xinfo->prvkey_bytes))
+                           (int)key->minfo->prvkey_bytes,
+                           (int)key->xinfo->prvkey_bytes))
                 goto err;
         } else if (publen) {
             /* Absent private key data, import public keys */
             if (!load_slot(key->libctx, key->propq, OSSL_PKEY_PARAM_PUB_KEY,
                            minimal_selection, key, slot, pubenc,
-                           key->minfo->pubkey_bytes, key->xinfo->pubkey_bytes))
+                           (int)key->minfo->pubkey_bytes,
+                           (int)key->xinfo->pubkey_bytes))
                 goto err;
         }
     }
@@ -518,7 +520,7 @@ static int mlx_kem_get_params(void *vkey, OSSL_PARAM params[])
 
     /* The ciphertext sizes are additive */
     if (p.maxsize != NULL)
-        if (!OSSL_PARAM_set_int(p.maxsize, key->minfo->ctext_bytes + key->xinfo->pubkey_bytes))
+        if (!OSSL_PARAM_set_size_t(p.maxsize, key->minfo->ctext_bytes + key->xinfo->pubkey_bytes))
             return 0;
 
     if (!mlx_kem_have_pubkey(key))

diff --git a/providers/implementations/keymgmt/slh_dsa_kmgmt.c b/providers/implementations/keymgmt/slh_dsa_kmgmt.c
index b7f8f351b1fd863473a1f83db0041afac41682de..4da667bb36f2e163962287552665ea86c8e82a3d 100644 (file)
--- a/providers/implementations/keymgmt/slh_dsa_kmgmt.c
+++ b/providers/implementations/keymgmt/slh_dsa_kmgmt.c
@@ -176,13 +176,13 @@ static int slh_dsa_get_params(void *keydata, OSSL_PARAM params[])
     const uint8_t *pub, *priv;
 
     if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL
-            && !OSSL_PARAM_set_int(p, 8 * ossl_slh_dsa_key_get_pub_len(key)))
+            && !OSSL_PARAM_set_size_t(p, 8 * ossl_slh_dsa_key_get_pub_len(key)))
         return 0;
     if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL
-            && !OSSL_PARAM_set_int(p, 8 * ossl_slh_dsa_key_get_n(key)))
+            && !OSSL_PARAM_set_size_t(p, 8 * ossl_slh_dsa_key_get_n(key)))
         return 0;
     if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL
-            && !OSSL_PARAM_set_int(p, ossl_slh_dsa_key_get_sig_len(key)))
+            && !OSSL_PARAM_set_size_t(p, ossl_slh_dsa_key_get_sig_len(key)))
         return 0;
     if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_CATEGORY)) != NULL
             && !OSSL_PARAM_set_int(p, ossl_slh_dsa_key_get_security_category(key)))

diff --git a/providers/implementations/macs/gmac_prov.c b/providers/implementations/macs/gmac_prov.c
index ca9382b0a82f83973c43b54c48cc1cca0a9a970e..c56045e804598e7d4d6ba018341512b3f54b80f6 100644 (file)
--- a/providers/implementations/macs/gmac_prov.c
+++ b/providers/implementations/macs/gmac_prov.c
@@ -139,7 +139,7 @@ static int gmac_update(void *vmacctx, const unsigned char *data,
         data += INT_MAX;
         datalen -= INT_MAX;
     }
-    return EVP_EncryptUpdate(ctx, NULL, &outlen, data, datalen);
+    return EVP_EncryptUpdate(ctx, NULL, &outlen, data, (int)datalen);
 }
 
 static int gmac_final(void *vmacctx, unsigned char *out, size_t *outl,
@@ -155,7 +155,7 @@ static int gmac_final(void *vmacctx, unsigned char *out, size_t *outl,
     if (!EVP_EncryptFinal_ex(macctx->ctx, out, &hlen))
         return 0;
 
-    hlen = gmac_size();
+    hlen = (int)gmac_size();
     params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
                                                   out, (size_t)hlen);
     if (!EVP_CIPHER_CTX_get_params(macctx->ctx, params))
@@ -236,7 +236,7 @@ static int gmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[])
             return 0;
 
         if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
-                                 p->data_size, NULL) <= 0
+                                 (int)p->data_size, NULL) <= 0
             || !EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, p->data))
             return 0;
     }

diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c
index e9c3087027c6b07990a36b0e5125dd6e0ab25f17..2e9ecd0ed5f7e421870ab584330e6dd70cb80f6a 100644 (file)
--- a/providers/implementations/macs/hmac_prov.c
+++ b/providers/implementations/macs/hmac_prov.c
@@ -190,7 +190,7 @@ static int hmac_setkey(struct hmac_data_st *macctx,
     digest = ossl_prov_digest_md(&macctx->digest);
     /* HMAC_Init_ex doesn't tolerate all zero params, so we must be careful */
     if (key != NULL || (macctx->tls_data_size == 0 && digest != NULL))
-        return HMAC_Init_ex(macctx->ctx, key, keylen, digest,
+        return HMAC_Init_ex(macctx->ctx, key, (int)keylen, digest,
                             ossl_prov_digest_engine(&macctx->digest));
     return 1;
 }

diff --git a/providers/implementations/macs/kmac_prov.c b/providers/implementations/macs/kmac_prov.c
index 8e583ed8f323ca4bb8ebf9abedf1dd28b650cbb4..2a0a96c6260164d80276621be966d891e38012bd 100644 (file)
--- a/providers/implementations/macs/kmac_prov.c
+++ b/providers/implementations/macs/kmac_prov.c
@@ -599,9 +599,9 @@ static int bytepad(unsigned char *out, size_t *out_len,
                    const unsigned char *in1, size_t in1_len,
                    const unsigned char *in2, size_t in2_len, size_t w)
 {
-    int len;
+    size_t len;
     unsigned char *p = out;
-    int sz = w;
+    size_t sz = w;
 
     if (out == NULL) {
         if (out_len == NULL) {

diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c
index 4925a3b400ed3ded7fc948d54eb24753a715ec0d..aa7f2afd90d8288cda67b02a187323a4394784b0 100644 (file)
--- a/providers/implementations/rands/drbg.c
+++ b/providers/implementations/rands/drbg.c
@@ -352,7 +352,8 @@ int ossl_prov_drbg_instantiate(PROV_DRBG *drbg, unsigned int strength,
 {
     unsigned char *nonce = NULL, *entropy = NULL;
     size_t noncelen = 0, entropylen = 0;
-    size_t min_entropy, min_entropylen, max_entropylen;
+    unsigned int min_entropy;
+    size_t min_entropylen, max_entropylen;
 
     if (strength > drbg->strength) {
         ERR_raise(ERR_LIB_PROV, PROV_R_INSUFFICIENT_DRBG_STRENGTH);

diff --git a/providers/implementations/rands/drbg_ctr.c b/providers/implementations/rands/drbg_ctr.c
index a5c929a2cadcbd4f08a19be4540fa3c987cc8563..986eb7ed57b3e5f57d6c59d523b05f95225801d2 100644 (file)
--- a/providers/implementations/rands/drbg_ctr.c
+++ b/providers/implementations/rands/drbg_ctr.c
@@ -437,7 +437,7 @@ static int drbg_ctr_generate(PROV_DRBG *drbg,
          * requests in 2^30 byte chunks, which is the greatest multiple
          * of AES block size lower than or equal to 2^31-1.
          */
-        buflen = outlen > (1U << 30) ? (1U << 30) : outlen;
+        buflen = outlen > (1U << 30) ? (1 << 30) : (int)outlen;
         blocks = (buflen + 15) / 16;
 
         ctr32 = GETU32(ctr->V + 12) + blocks;
@@ -587,7 +587,7 @@ static int drbg_ctr_init(PROV_DRBG *drbg)
         goto err;
     }
 
-    drbg->strength = keylen * 8;
+    drbg->strength = (unsigned int)(keylen * 8);
     drbg->seedlen = keylen + 16;
 
     if (ctr->use_df) {

diff --git a/providers/implementations/rands/drbg_hash.c b/providers/implementations/rands/drbg_hash.c
index 8bb831ae35721d5e5d6016f1ed37f148e60815a7..22d19807e610cf709f425c5707f4e3a3b40a0d88 100644 (file)
--- a/providers/implementations/rands/drbg_hash.c
+++ b/providers/implementations/rands/drbg_hash.c
@@ -585,7 +585,7 @@ static int drbg_hash_set_ctx_params_locked(void *vctx, const OSSL_PARAM params[]
             return 0;
         hash->blocklen = md_size;
         /* See SP800-57 Part1 Rev4 5.6.1 Table 3 */
-        ctx->strength = 64 * (hash->blocklen >> 3);
+        ctx->strength = (unsigned int)(64 * (hash->blocklen >> 3));
         if (ctx->strength > 256)
             ctx->strength = 256;
         if (hash->blocklen > MAX_BLOCKLEN_USING_SMALL_SEEDLEN)

diff --git a/providers/implementations/rands/fips_crng_test.c b/providers/implementations/rands/fips_crng_test.c
index 209a1adb27850b30229e0d51cc9ef43bf65de6af..2a2b996fe5bc59e0e1618a8d88c8de7171424d8c 100644 (file)
--- a/providers/implementations/rands/fips_crng_test.c
+++ b/providers/implementations/rands/fips_crng_test.c
@@ -288,7 +288,7 @@ static size_t crng_test_get_seed(void *vcrngt, unsigned char **pout,
 {
     CRNG_TEST *crngt = (CRNG_TEST *)vcrngt;
     size_t n;
-    int r = 0;
+    size_t r = 0;
 
     /* Without a parent, we rely on the up calls */
     if (crngt->parent == NULL

diff --git a/providers/implementations/rands/seeding/rand_win.c b/providers/implementations/rands/seeding/rand_win.c
index ee2d3e4d7f610f98c7f52450a3431e7bb927e1be..2cf8fe24d3f1ca2c62abaae3c40acec69c4fb883 100644 (file)
--- a/providers/implementations/rands/seeding/rand_win.c
+++ b/providers/implementations/rands/seeding/rand_win.c
@@ -88,8 +88,8 @@ size_t ossl_pool_acquire_entropy(RAND_POOL *pool)
         /* poll the CryptoAPI PRNG */
         if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL,
                                  CRYPT_VERIFYCONTEXT | CRYPT_SILENT) != 0) {
-            if (CryptGenRandom(hProvider, bytes_needed, buffer) != 0)
-                bytes = bytes_needed;
+            if (CryptGenRandom(hProvider, (DWORD)bytes_needed, buffer) != 0)
+                bytes = (DWORD)bytes_needed;
 
             CryptReleaseContext(hProvider, 0);
         }
@@ -108,8 +108,8 @@ size_t ossl_pool_acquire_entropy(RAND_POOL *pool)
         if (CryptAcquireContextW(&hProvider, NULL,
                                  INTEL_DEF_PROV, PROV_INTEL_SEC,
                                  CRYPT_VERIFYCONTEXT | CRYPT_SILENT) != 0) {
-            if (CryptGenRandom(hProvider, bytes_needed, buffer) != 0)
-                bytes = bytes_needed;
+            if (CryptGenRandom(hProvider, (DWORD)bytes_needed, buffer) != 0)
+                bytes = (DWORD)bytes_needed;
 
             CryptReleaseContext(hProvider, 0);
         }

diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c
index 13b38f62e2a49279e0d830660dc4ec12b50fc8db..c10df19eee4bebfb830d6a4b85072389b3d4d55a 100644 (file)
--- a/providers/implementations/signature/dsa_sig.c
+++ b/providers/implementations/signature/dsa_sig.c
@@ -356,7 +356,7 @@ static int dsa_sign_directly(void *vpdsactx,
     if (mdsize != 0 && tbslen != mdsize)
         return 0;
 
-    ret = ossl_dsa_sign_int(0, tbs, tbslen, sig, &sltmp, pdsactx->dsa,
+    ret = ossl_dsa_sign_int(0, tbs, (int)tbslen, sig, &sltmp, pdsactx->dsa,
                             pdsactx->nonce_type, pdsactx->mdname,
                             pdsactx->libctx, pdsactx->propq);
     if (ret <= 0)
@@ -446,7 +446,7 @@ static int dsa_verify_directly(void *vpdsactx,
     if (!ossl_prov_is_running() || (mdsize != 0 && tbslen != mdsize))
         return 0;
 
-    return DSA_verify(0, tbs, tbslen, sig, siglen, pdsactx->dsa);
+    return DSA_verify(0, tbs, (int)tbslen, sig, (int)siglen, pdsactx->dsa);
 }
 
 static int dsa_verify_set_sig(void *vpdsactx,

diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
index 7bb182bcb5d81a242046112a1831d5a7ed818d88..a1d78d439fa991d6e05ab31b7883cafbd63a3c73 100644 (file)
--- a/providers/implementations/signature/ecdsa_sig.c
+++ b/providers/implementations/signature/ecdsa_sig.c
@@ -353,13 +353,13 @@ static int ecdsa_sign_directly(void *vctx,
 
         if (ctx->mdname[0] != '\0')
             mdname = ctx->mdname;
-        ret = ossl_ecdsa_deterministic_sign(tbs, tbslen, sig, &sltmp,
+        ret = ossl_ecdsa_deterministic_sign(tbs, (int)tbslen, sig, &sltmp,
                                             ctx->ec, ctx->nonce_type,
                                             mdname,
                                             ctx->libctx, ctx->propq);
     } else {
-        ret = ECDSA_sign_ex(0, tbs, tbslen, sig, &sltmp, ctx->kinv, ctx->r,
-                            ctx->ec);
+        ret = ECDSA_sign_ex(0, tbs, (int)tbslen, sig, &sltmp,
+                            ctx->kinv, ctx->r, ctx->ec);
     }
     if (ret <= 0)
         return 0;
@@ -445,7 +445,7 @@ static int ecdsa_verify_directly(void *vctx,
     if (!ossl_prov_is_running() || (ctx->mdsize != 0 && tbslen != ctx->mdsize))
         return 0;
 
-    return ECDSA_verify(0, tbs, tbslen, sig, siglen, ctx->ec);
+    return ECDSA_verify(0, tbs, (int)tbslen, sig, (int)siglen, ctx->ec);
 }
 
 static int ecdsa_verify_set_sig(void *vctx,

diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
index 23823a21cb27ab5f5ce86072d68893069f9f3612..79bda6739596b28e5ff349fe26422de60a5bf01c 100644 (file)
--- a/providers/implementations/signature/rsa_sig.c
+++ b/providers/implementations/signature/rsa_sig.c
@@ -160,7 +160,7 @@ typedef struct {
 /* True if PSS parameters are restricted */
 #define rsa_pss_restricted(prsactx) (prsactx->min_saltlen != -1)
 
-static size_t rsa_get_md_size(const PROV_RSA_CTX *prsactx)
+static int rsa_get_md_size(const PROV_RSA_CTX *prsactx)
 {
     int md_size;
 
@@ -710,8 +710,8 @@ static int rsa_sign_directly(PROV_RSA_CTX *prsactx,
                                "only PKCS#1 padding supported with MDC2");
                 return 0;
             }
-            ret = RSA_sign_ASN1_OCTET_STRING(0, tbs, tbslen, sig, &sltmp,
-                                             prsactx->rsa);
+            ret = RSA_sign_ASN1_OCTET_STRING(0, tbs, (unsigned int)tbslen, sig,
+                                             &sltmp, prsactx->rsa);
 
             if (ret <= 0) {
                 ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB);
@@ -735,7 +735,7 @@ static int rsa_sign_directly(PROV_RSA_CTX *prsactx,
             }
             memcpy(prsactx->tbuf, tbs, tbslen);
             prsactx->tbuf[tbslen] = RSA_X931_hash_id(prsactx->mdnid);
-            ret = RSA_private_encrypt(tbslen + 1, prsactx->tbuf,
+            ret = RSA_private_encrypt((int)(tbslen + 1), prsactx->tbuf,
                                       sig, prsactx->rsa, RSA_X931_PADDING);
             clean_tbuf(prsactx);
             break;
@@ -743,8 +743,8 @@ static int rsa_sign_directly(PROV_RSA_CTX *prsactx,
             {
                 unsigned int sltmp;
 
-                ret = RSA_sign(prsactx->mdnid, tbs, tbslen, sig, &sltmp,
-                               prsactx->rsa);
+                ret = RSA_sign(prsactx->mdnid, tbs, (unsigned int)tbslen,
+                               sig, &sltmp, prsactx->rsa);
                 if (ret <= 0) {
                     ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB);
                     return 0;
@@ -811,7 +811,7 @@ static int rsa_sign_directly(PROV_RSA_CTX *prsactx,
             return 0;
         }
     } else {
-        ret = RSA_private_encrypt(tbslen, tbs, sig, prsactx->rsa,
+        ret = RSA_private_encrypt((int)tbslen, tbs, sig, prsactx->rsa,
                                   prsactx->pad_mode);
     }
 
@@ -950,7 +950,7 @@ static int rsa_verify_recover(void *vprsactx,
         case RSA_X931_PADDING:
             if (!setup_tbuf(prsactx))
                 return 0;
-            ret = RSA_public_decrypt(siglen, sig, prsactx->tbuf, prsactx->rsa,
+            ret = RSA_public_decrypt((int)siglen, sig, prsactx->tbuf, prsactx->rsa,
                                      RSA_X931_PADDING);
             if (ret < 1) {
                 ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB);
@@ -990,7 +990,7 @@ static int rsa_verify_recover(void *vprsactx,
                     ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB);
                     return 0;
                 }
-                ret = sltmp;
+                ret = (int)sltmp;
             }
             break;
 
@@ -1000,7 +1000,7 @@ static int rsa_verify_recover(void *vprsactx,
             return 0;
         }
     } else {
-        ret = RSA_public_decrypt(siglen, sig, rout, prsactx->rsa,
+        ret = RSA_public_decrypt((int)siglen, sig, rout, prsactx->rsa,
                                  prsactx->pad_mode);
         if (ret < 0) {
             ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB);
@@ -1036,8 +1036,8 @@ static int rsa_verify_directly(PROV_RSA_CTX *prsactx,
     if (prsactx->md != NULL) {
         switch (prsactx->pad_mode) {
         case RSA_PKCS1_PADDING:
-            if (!RSA_verify(prsactx->mdnid, tbs, tbslen, sig, siglen,
-                            prsactx->rsa)) {
+            if (!RSA_verify(prsactx->mdnid, tbs, (unsigned int)tbslen,
+                            sig, (unsigned int)siglen, prsactx->rsa)) {
                 ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB);
                 return 0;
             }
@@ -1069,7 +1069,7 @@ static int rsa_verify_directly(PROV_RSA_CTX *prsactx,
 
                 if (!setup_tbuf(prsactx))
                     return 0;
-                ret = RSA_public_decrypt(siglen, sig, prsactx->tbuf,
+                ret = RSA_public_decrypt((int)siglen, sig, prsactx->tbuf,
                                          prsactx->rsa, RSA_NO_PADDING);
                 if (ret <= 0) {
                     ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB);
@@ -1100,7 +1100,7 @@ static int rsa_verify_directly(PROV_RSA_CTX *prsactx,
 
         if (!setup_tbuf(prsactx))
             return 0;
-        ret = RSA_public_decrypt(siglen, sig, prsactx->tbuf, prsactx->rsa,
+        ret = RSA_public_decrypt((int)siglen, sig, prsactx->tbuf, prsactx->rsa,
                                  prsactx->pad_mode);
         if (ret <= 0) {
             ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB);

diff --git a/providers/implementations/signature/sm2_sig.c b/providers/implementations/signature/sm2_sig.c
index bcbbd1e2450349c7418cfd42820b48a08cacc8ad..4da392dad1e6a6e48295057b0d9470f360f2877d 100644 (file)
--- a/providers/implementations/signature/sm2_sig.c
+++ b/providers/implementations/signature/sm2_sig.c
@@ -178,7 +178,7 @@ static int sm2sig_sign(void *vpsm2ctx, unsigned char *sig, size_t *siglen,
     if (ctx->mdsize != 0 && tbslen != ctx->mdsize)
         return 0;
 
-    ret = ossl_sm2_internal_sign(tbs, tbslen, sig, &sltmp, ctx->ec);
+    ret = ossl_sm2_internal_sign(tbs, (int)tbslen, sig, &sltmp, ctx->ec);
     if (ret <= 0)
         return 0;
 
@@ -194,7 +194,7 @@ static int sm2sig_verify(void *vpsm2ctx, const unsigned char *sig, size_t siglen
     if (ctx->mdsize != 0 && tbslen != ctx->mdsize)
         return 0;
 
-    return ossl_sm2_internal_verify(tbs, tbslen, sig, siglen, ctx->ec);
+    return ossl_sm2_internal_verify(tbs, (int)tbslen, sig, (int)siglen, ctx->ec);
 }
 
 static void free_md(PROV_SM2_CTX *ctx)

diff --git a/providers/implementations/storemgmt/file_store.c b/providers/implementations/storemgmt/file_store.c
index 70e811fbe7d766d1abf8d2c8f29ff7032905767e..ef9f9bb0465069413c3310de7a04a6e82bd68058 100644 (file)
--- a/providers/implementations/storemgmt/file_store.c
+++ b/providers/implementations/storemgmt/file_store.c
@@ -339,7 +339,8 @@ static int file_set_ctx_params(void *loaderctx, const OSSL_PARAM params[])
         int ok = 0;
 
         if (!OSSL_PARAM_get_octet_string_ptr(p, (const void **)&der, &der_len)
-            || (x509_name = d2i_X509_NAME(NULL, &der, der_len)) == NULL)
+            || der_len > LONG_MAX
+            || (x509_name = d2i_X509_NAME(NULL, &der, (long)der_len)) == NULL)
             return 0;
         if (ctx->type != IS_DIR) {
             char *str = X509_NAME_oneline(x509_name, NULL, 0);
@@ -587,7 +588,7 @@ static char *file_name_to_uri(struct file_ctx_st *ctx, const char *name)
     assert(name != NULL);
     {
         const char *pathsep = ossl_ends_with_dirsep(ctx->uri) ? "" : "/";
-        long calculated_length = strlen(ctx->uri) + strlen(pathsep)
+        size_t calculated_length = strlen(ctx->uri) + strlen(pathsep)
             + strlen(name) + 1 /* \0 */;
 
         data = OPENSSL_zalloc(calculated_length);

diff --git a/providers/implementations/storemgmt/file_store_any2obj.c b/providers/implementations/storemgmt/file_store_any2obj.c
index bec6091608a99ae412c339534ed12bbfbdd9f727..0d5f875032da306728501535ecf809d0981bdb2c 100644 (file)
--- a/providers/implementations/storemgmt/file_store_any2obj.c
+++ b/providers/implementations/storemgmt/file_store_any2obj.c
@@ -176,7 +176,7 @@ static int msblob2obj_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
     }
 
     ERR_set_mark();
-    ok = BIO_read(in, &mem->data[0], mem_want) == (int)mem_want;
+    ok = BIO_read(in, &mem->data[0], (int)mem_want) == (int)mem_want;
     mem_len += mem_want;
     ERR_pop_to_mark();
     if (!ok)
@@ -198,7 +198,7 @@ static int msblob2obj_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
     }
 
     ERR_set_mark();
-    ok = BIO_read(in, &mem->data[mem_len], mem_want) == (int)mem_want;
+    ok = BIO_read(in, &mem->data[mem_len], (int)mem_want) == (int)mem_want;
     mem_len += mem_want;
     ERR_pop_to_mark();
 
@@ -245,7 +245,7 @@ static int pvk2obj_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
     }
 
     ERR_set_mark();
-    ok = BIO_read(in, &mem->data[0], mem_want) == (int)mem_want;
+    ok = BIO_read(in, &mem->data[0], (int)mem_want) == (int)mem_want;
     mem_len += mem_want;
     ERR_pop_to_mark();
     if (!ok)
@@ -267,7 +267,7 @@ static int pvk2obj_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
     }
 
     ERR_set_mark();
-    ok = BIO_read(in, &mem->data[mem_len], mem_want) == (int)mem_want;
+    ok = BIO_read(in, &mem->data[mem_len], (int)mem_want) == (int)mem_want;
     mem_len += mem_want;
     ERR_pop_to_mark();
 

diff --git a/providers/implementations/storemgmt/winstore_store.c b/providers/implementations/storemgmt/winstore_store.c
index 57316c578171844a8fae1e1930dccc1f9f815a3e..fb28b04738d67e41b189116e70eadcdbca43f93e 100644 (file)
--- a/providers/implementations/storemgmt/winstore_store.c
+++ b/providers/implementations/storemgmt/winstore_store.c
@@ -65,7 +65,7 @@ static void winstore_win_advance(struct winstore_ctx_st *ctx)
     if (ctx->state == STATE_EOF)
         return;
 
-    name.cbData = ctx->subject_len;
+    name.cbData = (DWORD)ctx->subject_len;
     name.pbData = ctx->subject;
 
     ctx->win_ctx = (name.cbData == 0 ? NULL :