libapps + libcrypto: Silence warnings on Win64 builds

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27806)

diff --git a/apps/lib/app_params.c b/apps/lib/app_params.c
index 25b1d4ed371f8c9acecd7cb58dbcdbf7b38a66c4..437392fc8b37347aa2a3917e78966f5c96028643 100644 (file)
--- a/apps/lib/app_params.c
+++ b/apps/lib/app_params.c
@@ -112,7 +112,7 @@ static void print_param_utf8(const char **s_ptr, size_t len)
     }
     BIO_puts(bio_out, "'");
     if (len > 0)
-        BIO_write(bio_out, s, len);
+        BIO_write(bio_out, s, (int)len);
     BIO_puts(bio_out, "'\n");
 }
 

diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 33047c0011272d72dfbed5df5bae7181c463b4d4..a6278f6745e232e67ae0cb7985f3912d068d294a 100644 (file)
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -1595,7 +1595,7 @@ int save_serial(const char *serialfile, const char *suffix,
     BIO *out = NULL;
     int ret = 0;
     ASN1_INTEGER *ai = NULL;
-    int j;
+    size_t j;
 
     if (suffix == NULL)
         j = strlen(serialfile);
@@ -1643,7 +1643,7 @@ int rotate_serial(const char *serialfile, const char *new_suffix,
                   const char *old_suffix)
 {
     char buf[2][BSIZE];
-    int i, j;
+    size_t i, j;
 
     i = strlen(serialfile) + strlen(old_suffix);
     j = strlen(serialfile) + strlen(new_suffix);
@@ -1807,7 +1807,7 @@ int save_index(const char *dbfile, const char *suffix, CA_DB *db)
     BIO *out;
     int j;
 
-    j = strlen(dbfile) + strlen(suffix);
+    j = (int)(strlen(dbfile) + strlen(suffix));
     if (j + 6 >= BSIZE) {
         BIO_printf(bio_err, "File name too long\n");
         goto err;
@@ -1852,7 +1852,7 @@ int rotate_index(const char *dbfile, const char *new_suffix,
                  const char *old_suffix)
 {
     char buf[5][BSIZE];
-    int i, j;
+    size_t i, j;
 
     i = strlen(dbfile) + strlen(old_suffix);
     j = strlen(dbfile) + strlen(new_suffix);
@@ -2039,7 +2039,7 @@ X509_NAME *parse_name(const char *cp, int chtype, int canmulti,
             continue;
         }
         if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
-                                        valstr, strlen((char *)valstr),
+                                        valstr, (int)strlen((char *)valstr),
                                         -1, ismulti ? -1 : 0)) {
             ERR_print_errors(bio_err);
             BIO_printf(bio_err,
@@ -2764,12 +2764,12 @@ static int WIN32_rename(const char *from, const char *to)
             goto err;
         tto = tfrom + flen;
 # if !defined(_WIN32_WCE) || _WIN32_WCE >= 101
-        if (!MultiByteToWideChar(CP_ACP, 0, from, flen, (WCHAR *)tfrom, flen))
+        if (!MultiByteToWideChar(CP_ACP, 0, from, (int)flen, (WCHAR *)tfrom, (int)flen))
 # endif
             for (i = 0; i < flen; i++)
                 tfrom[i] = (TCHAR)from[i];
 # if !defined(_WIN32_WCE) || _WIN32_WCE >= 101
-        if (!MultiByteToWideChar(CP_ACP, 0, to, tlen, (WCHAR *)tto, tlen))
+        if (!MultiByteToWideChar(CP_ACP, 0, to, (int)tlen, (WCHAR *)tto, (int)tlen))
 # endif
             for (i = 0; i < tlen; i++)
                 tto[i] = (TCHAR)to[i];
@@ -3275,7 +3275,7 @@ int mem_bio_to_file(BIO *in, const char *filename, int format, int private)
     out = bio_open_owner(filename, format, private);
     if (out == NULL)
         goto end;
-    rv = BIO_write(out, mem_buffer->data, mem_buffer->length);
+    rv = BIO_write(out, mem_buffer->data, (int)mem_buffer->length);
     if (rv < 0 || (size_t)rv != mem_buffer->length)
         BIO_printf(bio_err, "Error writing to output file: '%s'\n", filename);
     else

diff --git a/apps/lib/apps_ui.c b/apps/lib/apps_ui.c
index 00e0ba5d999693a7497dbac217c6be066a63f409..0ffc899b2bd0525f08ec42de274a267b6efbadb5 100644 (file)
--- a/apps/lib/apps_ui.c
+++ b/apps/lib/apps_ui.c
@@ -205,7 +205,7 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data)
     OPENSSL_clear_free(buff, (unsigned int)bufsiz);
 
     if (ok >= 0)
-        res = strlen(buf);
+        res = (int)strlen(buf);
     if (ok == -1) {
         BIO_printf(bio_err, "User interface error\n");
         ERR_print_errors(bio_err);

diff --git a/apps/lib/columns.c b/apps/lib/columns.c
index aa58fe1781f5f6f3e4ec5fde4ab4038d070db270..57e69d7466c12d9dffe0fbf76a76d883fa4359ee 100644 (file)
--- a/apps/lib/columns.c
+++ b/apps/lib/columns.c
@@ -18,7 +18,7 @@ void calculate_columns(FUNCTION *functions, DISPLAY_COLUMNS *dc)
 
     for (f = functions; f->name != NULL; ++f)
         if (f->type == FT_general || f->type == FT_md || f->type == FT_cipher)
-            if ((len = strlen(f->name)) > maxlen)
+            if ((len = (int)strlen(f->name)) > maxlen)
                 maxlen = len;
 
     dc->width = maxlen + 2;

diff --git a/apps/lib/opt.c b/apps/lib/opt.c
index 39276d828c875ad289f6ba7e2afc3ff0b02f3a56..978ac5280d21597cfd1853238ac3c0816ccb9c82 100644 (file)
--- a/apps/lib/opt.c
+++ b/apps/lib/opt.c
@@ -1206,7 +1206,7 @@ void opt_help(const OPTIONS *list)
 
         i = 2 + (int)strlen(o->name);
         if (o->valtype != '-')
-            i += 1 + strlen(valtype2param(o));
+            i += 1 + (int)strlen(valtype2param(o));
 
         if (i > width)
             width = i;
@@ -1243,7 +1243,7 @@ int opt_isdir(const char *name)
         return -1;
 
 #  if !defined(_WIN32_WCE) || _WIN32_WCE>=101
-    if (!MultiByteToWideChar(CP_ACP, 0, name, len_0, tempname, MAX_PATH))
+    if (!MultiByteToWideChar(CP_ACP, 0, name, (int)len_0, tempname, MAX_PATH))
 #  endif
         for (i = 0; i < len_0; i++)
             tempname[i] = (WCHAR)name[i];

diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c
index 9641e369e62194ebe38f2b615fffef839570f0cb..053f1e862da9af962400b720f063d9c047550276 100644 (file)
--- a/apps/lib/s_cb.c
+++ b/apps/lib/s_cb.c
@@ -509,7 +509,8 @@ long bio_dump_callback(BIO *bio, int cmd, const char *argp, size_t len,
                 BIO_printf(out, "read from %p [%p] (%zu bytes => %zu (0x%zX))\n",
                            (void *)bio, (void *)msg->data, msg->data_len,
                            msg->data_len, msg->data_len);
-                BIO_dump(out, msg->data, msg->data_len);
+                if (msg->data_len <= INT_MAX)
+                    BIO_dump(out, msg->data, (int)msg->data_len);
             }
         } else if (mmsgargs->num_msg > 0) {
             BIO_MSG *msg = mmsgargs->msg;
@@ -529,7 +530,8 @@ long bio_dump_callback(BIO *bio, int cmd, const char *argp, size_t len,
                 BIO_printf(out, "write to %p [%p] (%zu bytes => %zu (0x%zX))\n",
                            (void *)bio, (void *)msg->data, msg->data_len,
                            msg->data_len, msg->data_len);
-                BIO_dump(out, msg->data, msg->data_len);
+                if (msg->data_len <= INT_MAX)
+                    BIO_dump(out, msg->data, (int)msg->data_len);
             }
         } else if (mmsgargs->num_msg > 0) {
             BIO_MSG *msg = mmsgargs->msg;

diff --git a/apps/lib/win32_init.c b/apps/lib/win32_init.c
index 6d2be0c62942182831211ce1e2eb428248fddf71..35dd71cd349c1fd4af53d1343e12642ab4e7f96d 100644 (file)
--- a/apps/lib/win32_init.c
+++ b/apps/lib/win32_init.c
@@ -159,9 +159,9 @@ void win32_utf8argv(int *argc, char **argv[])
     /*
      * make a copy of the command line, since we might have to modify it...
      */
-    wlen = wcslen(wcmdline);
+    wlen = (int)wcslen(wcmdline);
     p = _alloca((wlen + 1) * sizeof(WCHAR));
-    wcscpy(p, wcmdline);
+    memcpy(p, wcmdline, (wlen + 1) * sizeof(WCHAR));
 
     while (*p != L'\0') {
         int in_quote = 0;
@@ -205,14 +205,12 @@ void win32_utf8argv(int *argc, char **argv[])
                  */
                 {
                     const WCHAR *q = p;
-                    int i;
+                    size_t i;
 
                     while (*p == L'\\')
                         p++;
 
                     if (*p == L'"') {
-                        int i;
-
                         for (i = (p - q) / 2; i > 0; i--)
                             *wend++ = L'\\';
 
@@ -248,7 +246,7 @@ void win32_utf8argv(int *argc, char **argv[])
             }
         }
 
-        wlen = wend - warg;
+        wlen = (int)(wend - warg);
 
         if (wlen == 0 || !process_glob(warg, wlen)) {
             if (!validate_argv(newargc + 1)) {

diff --git a/crypto/LPdir_win.c b/crypto/LPdir_win.c
index 83cbe1fc09071bf0012edb429682023d4b785b06..5cc23908daea507baeaf8164a0c288b563d98ad3 100644 (file)
--- a/crypto/LPdir_win.c
+++ b/crypto/LPdir_win.c
@@ -105,13 +105,13 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
             do {
 # ifdef CP_UTF8
                 if ((sz = MultiByteToWideChar((cp = CP_UTF8), 0,
-                                              directory, len_0,
+                                              directory, (int)len_0,
                                               NULL, 0)) > 0 ||
                     GetLastError() != ERROR_NO_UNICODE_TRANSLATION)
                     break;
 # endif
                 sz = MultiByteToWideChar((cp = CP_ACP), 0,
-                                         directory, len_0,
+                                         directory, (int)len_0,
                                          NULL, 0);
             } while (0);
 
@@ -121,7 +121,7 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
                  * concatenate asterisk, |sz| covers trailing '\0'!
                  */
                 wdir = _alloca((sz + 2) * sizeof(TCHAR));
-                if (!MultiByteToWideChar(cp, 0, directory, len_0,
+                if (!MultiByteToWideChar(cp, 0, directory, (int)len_0,
                                          (WCHAR *)wdir, sz)) {
                     free(*ctx);
                     *ctx = NULL;
@@ -131,7 +131,7 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
             } else
 #endif
             {
-                sz = len_0;
+                sz = (int)len_0;
                 /*
                  * allocate two additional characters in case we need to
                  * concatenate asterisk, |sz| covers trailing '\0'!
@@ -186,7 +186,7 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
         len_0++;
 
 #ifdef LP_MULTIBYTE_AVAILABLE
-        if (!WideCharToMultiByte(CP_DEFAULT, 0, (WCHAR *)wdir, len_0,
+        if (!WideCharToMultiByte(CP_DEFAULT, 0, (WCHAR *)wdir, (int)len_0,
                                  (*ctx)->entry_name,
                                  sizeof((*ctx)->entry_name), NULL, 0))
 #endif

diff --git a/crypto/aes/aes_wrap.c b/crypto/aes/aes_wrap.c
index 2187883aff917a95517dfad4f18ccae039b3e427..b57891e3aa81e75562b36548d1e701da3c2d65b8 100644 (file)
--- a/crypto/aes/aes_wrap.c
+++ b/crypto/aes/aes_wrap.c
@@ -21,13 +21,13 @@ int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
                  unsigned char *out,
                  const unsigned char *in, unsigned int inlen)
 {
-    return CRYPTO_128_wrap(key, iv, out, in, inlen, (block128_f) AES_encrypt);
+    return (int)CRYPTO_128_wrap(key, iv, out, in, inlen, (block128_f) AES_encrypt);
 }
 
 int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
                    unsigned char *out,
                    const unsigned char *in, unsigned int inlen)
 {
-    return CRYPTO_128_unwrap(key, iv, out, in, inlen,
-                             (block128_f) AES_decrypt);
+    return (int)CRYPTO_128_unwrap(key, iv, out, in, inlen,
+                                  (block128_f) AES_decrypt);
 }

diff --git a/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.c
index 4999ac1f65ba953225910595ca302bbe5eb611e7..0c7e17b2e60ce137be9cdc8c06c41f2ee5f91350 100644 (file)
--- a/crypto/asn1/a_d2i_fp.c
+++ b/crypto/asn1/a_d2i_fp.c
@@ -110,7 +110,6 @@ int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
 {
     BUF_MEM *b;
     unsigned char *p;
-    int i;
     size_t want = HEADER_SIZE;
     uint32_t eos = 0;
     size_t off = 0;
@@ -131,13 +130,15 @@ int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
     for (;;) {
         diff = len - off;
         if (want >= diff) {
+            int i;
+
             want -= diff;
 
             if (len + want < len || !BUF_MEM_grow_clean(b, len + want)) {
                 ERR_raise(ERR_LIB_ASN1, ERR_R_BUF_LIB);
                 goto err;
             }
-            i = BIO_read(in, &(b->data[len]), want);
+            i = BIO_read(in, &(b->data[len]), (int)want);
             if (i < 0 && diff == 0) {
                 ERR_raise(ERR_LIB_ASN1, ASN1_R_NOT_ENOUGH_DATA);
                 goto err;
@@ -160,7 +161,7 @@ int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
         diff = len - off;
         if (diff == 0)
             goto err;
-        inf = ASN1_get_object(&q, &slen, &tag, &xclass, diff);
+        inf = ASN1_get_object(&q, &slen, &tag, &xclass, (int)diff);
         if (inf & 0x80) {
             unsigned long e;
 
@@ -169,8 +170,7 @@ int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
                 goto err;
             ERR_pop_to_mark();
         }
-        i = q - p;            /* header length */
-        off += i;               /* end of data */
+        off += q - p;               /* end of data */
 
         if (inf & 1) {
             /* no data body so go round again */
@@ -207,6 +207,7 @@ int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
                      * in one go.
                      */
                     size_t chunk = want > chunk_max ? chunk_max : want;
+                    int i;
 
                     if (!BUF_MEM_grow_clean(b, len + chunk)) {
                         ERR_raise(ERR_LIB_ASN1, ERR_R_BUF_LIB);
@@ -214,7 +215,7 @@ int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
                     }
                     want -= chunk;
                     while (chunk > 0) {
-                        i = BIO_read(in, &(b->data[len]), chunk);
+                        i = BIO_read(in, &(b->data[len]), (int)chunk);
                         if (i <= 0) {
                             ERR_raise(ERR_LIB_ASN1, ASN1_R_NOT_ENOUGH_DATA);
                             goto err;
@@ -248,7 +249,7 @@ int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
     }
 
     *pb = b;
-    return off;
+    return (int)off;
  err:
     ERR_clear_last_mark();
     BUF_MEM_free(b);

diff --git a/crypto/asn1/a_gentm.c b/crypto/asn1/a_gentm.c
index 0c06ac3c4163c22278c248b622aece61e9369fca..ea6df5e346f230b6bbf95fb2afdc761e03af903a 100644 (file)
--- a/crypto/asn1/a_gentm.c
+++ b/crypto/asn1/a_gentm.c
@@ -38,9 +38,13 @@ int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d)
 int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str)
 {
     ASN1_GENERALIZEDTIME t;
+    size_t len;
+
+    if ((len = strlen(str)) >= INT_MAX)
+        return 0;
 
     t.type = V_ASN1_GENERALIZEDTIME;
-    t.length = strlen(str);
+    t.length = (int)len;
     t.data = (unsigned char *)str;
     t.flags = 0;
 

diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c
index 854844e7eaf1fe01230afeb876d55bf8f7293c6e..932bd0dacf0008f710659a04fb0050a0f5fa945b 100644 (file)
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@@ -206,7 +206,16 @@ static size_t c2i_ibuf(unsigned char *b, int *pneg,
 
 int ossl_i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
 {
-    return i2c_ibuf(a->data, a->length, a->type & V_ASN1_NEG, pp);
+    unsigned char *ptr = pp != NULL ? *pp : NULL;
+    size_t ret = i2c_ibuf(a->data, a->length, a->type & V_ASN1_NEG, &ptr);
+
+    if (ret > INT_MAX) {
+        ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE);
+        return 0;
+    }
+    if (pp != NULL)
+        *pp = ptr;
+    return (int)ret;
 }
 
 /* Convert big endian buffer into uint64_t, return 0 on error */
@@ -307,7 +316,7 @@ ASN1_INTEGER *ossl_c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
     } else
         ret = *a;
 
-    if (ASN1_STRING_set(ret, NULL, r) == 0) {
+    if (r > INT_MAX || ASN1_STRING_set(ret, NULL, (int)r) == 0) {
         ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB);
         goto err;
     }
@@ -362,7 +371,7 @@ static int asn1_string_set_int64(ASN1_STRING *a, int64_t r, int itype)
         off = asn1_put_uint64(tbuf, r);
         a->type &= ~V_ASN1_NEG;
     }
-    return ASN1_STRING_set(a, tbuf + off, sizeof(tbuf) - off);
+    return ASN1_STRING_set(a, tbuf + off, (int)(sizeof(tbuf) - off));
 }
 
 static int asn1_string_get_uint64(uint64_t *pr, const ASN1_STRING *a,
@@ -390,7 +399,7 @@ static int asn1_string_set_uint64(ASN1_STRING *a, uint64_t r, int itype)
 
     a->type = itype;
     off = asn1_put_uint64(tbuf, r);
-    return ASN1_STRING_set(a, tbuf + off, sizeof(tbuf) - off);
+    return ASN1_STRING_set(a, tbuf + off, (int)(sizeof(tbuf) - off));
 }
 
 /*
@@ -642,6 +651,6 @@ int ossl_i2c_uint64_int(unsigned char *p, uint64_t r, int neg)
     size_t off;
 
     off = asn1_put_uint64(buf, r);
-    return i2c_ibuf(buf + off, sizeof(buf) - off, neg, &p);
+    return (int)i2c_ibuf(buf + off, sizeof(buf) - off, neg, &p);
 }
 

diff --git a/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.c
index c8170e16267d4a1dfd967541b8802f4cefc62ce9..9e6b83cdd2bd1e6d7995307b865ac5c29df4d37b 100644 (file)
--- a/crypto/asn1/a_mbstr.c
+++ b/crypto/asn1/a_mbstr.c
@@ -51,12 +51,21 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
     unsigned char *p;
     int nchar;
     int (*cpyfunc) (unsigned long, void *) = NULL;
-    if (len == -1)
-        len = strlen((const char *)in);
+    if (len == -1) {
+        size_t len_s = strlen((const char *)in);
+
+        if (len_s >= INT_MAX) {
+            ERR_raise(ERR_LIB_ASN1, ASN1_R_STRING_TOO_LONG);
+            return -1;
+        }
+        len = (int)len_s;
+    }
     if (!mask)
         mask = DIRSTRING_TYPE;
-    if (len < 0)
+    if (len < 0) {
+        ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_INVALID_ARGUMENT);
         return -1;
+    }
 
     /* First do a string check and work out the number of characters */
     switch (inform) {

diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c
index 6eb9feb16c4ba9e573eb3020c83a93c222981d93..89e7540e2205c571ef4e6796f671162722ff0864 100644 (file)
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
@@ -57,10 +57,17 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
     unsigned long l;
     BIGNUM *bl = NULL;
 
-    if (num == 0)
+    if (num == 0) {
         return 0;
-    else if (num == -1)
-        num = strlen(buf);
+    } else if (num == -1) {
+        size_t num_s = strlen(buf);
+
+        if (num_s >= INT_MAX) {
+            ERR_raise(ERR_LIB_ASN1, ASN1_R_LENGTH_TOO_LONG);
+            goto err;
+        }
+        num = (int)num_s;
+    }
 
     p = buf;
     c = *(p++);

diff --git a/crypto/asn1/a_print.c b/crypto/asn1/a_print.c
index d2768f74bdcd2616130b92287b19982ca18f3b1e..d0f59db0456408436cfbdd29d77b9ef24ef0e159 100644 (file)
--- a/crypto/asn1/a_print.c
+++ b/crypto/asn1/a_print.c
@@ -22,7 +22,7 @@ int ASN1_PRINTABLE_type(const unsigned char *s, int len)
         return V_ASN1_PRINTABLESTRING;
 
     if (len < 0)
-        len = strlen((const char *)s);
+        len = (int)strlen((const char *)s);
 
     while (len-- > 0) {
         c = *(s++);

diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c
index 073945172bb51824c906e0ff3fe6cab1a9296ce3..596e19e152d5edf88f9d0769a33cb06dba8d85d1 100644 (file)
--- a/crypto/asn1/a_sign.c
+++ b/crypto/asn1/a_sign.c
@@ -191,7 +191,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
         if (algor1 != NULL) {
             const unsigned char *pp = aid;
 
-            if (d2i_X509_ALGOR(&algor1, &pp, aid_len) == NULL) {
+            if (d2i_X509_ALGOR(&algor1, &pp, (long)aid_len) == NULL) {
                 ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR);
                 goto err;
             }
@@ -200,7 +200,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
         if (algor2 != NULL) {
             const unsigned char *pp = aid;
 
-            if (d2i_X509_ALGOR(&algor2, &pp, aid_len) == NULL) {
+            if (d2i_X509_ALGOR(&algor2, &pp, (long)aid_len) == NULL) {
                 ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR);
                 goto err;
             }
@@ -277,7 +277,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
         ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
         goto err;
     }
-    ASN1_STRING_set0(signature, buf_out, outl);
+    ASN1_STRING_set0(signature, buf_out, (int)outl);
     buf_out = NULL;
     /*
      * In the interests of compatibility, I'll make sure that the bit string
@@ -287,5 +287,5 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
  err:
     OPENSSL_clear_free((char *)buf_in, inl);
     OPENSSL_clear_free((char *)buf_out, outll);
-    return outl;
+    return (int)outl;
 }

diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
index 4b031a73add551610978b3c99a6745af9b0d1f55..1aff6123b40f4e5f3cfbce5be595bcee5c425e79 100644 (file)
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
@@ -527,7 +527,7 @@ static int do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n,
                     objbuf = "";
                 }
             }
-            objlen = strlen(objbuf);
+            objlen = (int)strlen(objbuf);
             if (!io_ch(arg, objbuf, objlen))
                 return -1;
             if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) {

diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c
index 194504415dd1a8c031bd8d6221829063c5f91a7c..ad28f46a9ba20beb5d5dcfc9cc25747428e12fd8 100644 (file)
--- a/crypto/asn1/a_time.c
+++ b/crypto/asn1/a_time.c
@@ -266,7 +266,7 @@ ASN1_TIME *ossl_asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type)
 {
     char* p;
     ASN1_TIME *tmps = NULL;
-    const size_t len = 20;
+    const int len = 20;
 
     if (type == V_ASN1_UNDEF) {
         if (is_utc(ts->tm_year))
@@ -386,8 +386,11 @@ int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str)
     ASN1_TIME t;
     struct tm tm;
     int rv = 0;
+    size_t len;
 
-    t.length = strlen(str);
+    if ((len = strlen(str)) >= INT_MAX)
+        goto out;
+    t.length = (int)len;
     t.data = (unsigned char *)str;
     t.flags = ASN1_STRING_FLAG_X509_TIME;
 

diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c
index 323941ba97e2db9f9ee674ab7c5bf1c85e52d657..6c4598ac6ec2af21a4bbf584174052172dc193e4 100644 (file)
--- a/crypto/asn1/a_utctm.c
+++ b/crypto/asn1/a_utctm.c
@@ -34,9 +34,12 @@ int ASN1_UTCTIME_check(const ASN1_UTCTIME *d)
 int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str)
 {
     ASN1_UTCTIME t;
+    size_t len;
 
+    if ((len = strlen(str)) >= INT_MAX)
+        return 0;
     t.type = V_ASN1_UTCTIME;
-    t.length = strlen(str);
+    t.length = (int)len;
     t.data = (unsigned char *)str;
     t.flags = 0;
 

diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c
index 6ba13dd7f22e3f5d638a02ee48ccc3d5bd95b502..4abbd1e5716977fd729395938f1aaf1511c7188d 100644 (file)
--- a/crypto/asn1/ameth_lib.c
+++ b/crypto/asn1/ameth_lib.c
@@ -110,7 +110,7 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
     const EVP_PKEY_ASN1_METHOD *ameth = NULL;
 
     if (len == -1)
-        len = strlen(str);
+        len = (int)strlen(str);
     if (pe) {
 #ifndef OPENSSL_NO_ENGINE
         ENGINE *e;

diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c
index 50b4db97aa65a8b45a1b4cf0d96a0a5129f62da0..937daf0645b15ec6fbffedbbbc653301c1c5157c 100644 (file)
--- a/crypto/asn1/asn1_gen.c
+++ b/crypto/asn1/asn1_gen.c
@@ -160,7 +160,7 @@ static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth,
         if (r & 0x80)
             goto err;
         /* Update copy length */
-        cpy_len -= cpy_start - orig_der;
+        cpy_len -= (int)(cpy_start - orig_der);
         /*
          * For IMPLICIT tagging the length should match the original length
          * and constructed flag should be consistent.
@@ -255,8 +255,8 @@ static int asn1_cb(const char *elem, int len, void *bitstr)
         /* Look for the ':' in name value pairs */
         if (*p == ':') {
             vstart = p + 1;
-            vlen = len - (vstart - elem);
-            len = p - elem;
+            vlen = len - (int)(vstart - elem);
+            len = (int)(p - elem);
             break;
         }
     }
@@ -362,7 +362,7 @@ static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)
     *ptag = tag_num;
     /* If we have non numeric characters, parse them */
     if (eptr)
-        vlen -= eptr - vstart;
+        vlen -= (int)(eptr - vstart);
     else
         vlen = 0;
     if (vlen) {
@@ -562,7 +562,7 @@ static int asn1_str2tag(const char *tagstr, int len)
     };
 
     if (len == -1)
-        len = strlen(tagstr);
+        len = (int)strlen(tagstr);
 
     tntmp = tnst;
     for (i = 0; i < OSSL_NELEM(tnst); i++, tntmp++) {

diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index e3a8480eef3f10ebedeb95e69f4e84e4d7758ebd..e286a24d0ded7634e98382d726382466e11fa0d5 100644 (file)
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -318,7 +318,7 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in)
             return 0;
         }
     }
-    str->length = len;
+    str->length = (int)len;
     if (data != NULL) {
         memcpy(str->data, data, len);
 #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION

diff --git a/crypto/asn1/asn1_local.h b/crypto/asn1/asn1_local.h
index 10e9fcb7de45d1e3cd3bb66f8e19baa916e550a2..cb78e993ad78cf8d76262d4c737b82efc2fc016e 100644 (file)
--- a/crypto/asn1/asn1_local.h
+++ b/crypto/asn1/asn1_local.h
@@ -69,7 +69,7 @@ void ossl_asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it);
 void ossl_asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
 int ossl_asn1_enc_restore(int *len, unsigned char **out, const ASN1_VALUE **pval,
                           const ASN1_ITEM *it);
-int ossl_asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
+int ossl_asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, long inlen,
                        const ASN1_ITEM *it);
 
 void ossl_asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed);

diff --git a/crypto/asn1/asn1_parse.c b/crypto/asn1/asn1_parse.c
index 6a4618d253d54cc802d97fe7ca0c8e1e7306564d..9efb7c997df7f2d8505e7cdc8c8ad28ef505c1cb 100644 (file)
--- a/crypto/asn1/asn1_parse.c
+++ b/crypto/asn1/asn1_parse.c
@@ -120,7 +120,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
             BIO_puts(bp, "Error in encoding\n");
             goto end;
         }
-        hl = (p - op);
+        hl = (int)(p - op);
         length -= hl;
         /*
          * if j == 0x21 it is a constructed indefinite length object
@@ -141,12 +141,12 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
             if ((j == 0x21) && (len == 0)) {
                 for (;;) {
                     r = asn1_parse2(bp, &p, (long)(tot - p),
-                                    offset + (p - *pp), depth + 1,
+                                    offset + (int)(p - *pp), depth + 1,
                                     indent, dump);
                     if (r == 0)
                         goto end;
                     if ((r == 2) || (p >= tot)) {
-                        len = p - sp;
+                        len = (long)(p - sp);
                         break;
                     }
                 }
@@ -156,11 +156,11 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
                 while (p < ep) {
                     sp = p;
                     r = asn1_parse2(bp, &p, tmp,
-                                    offset + (p - *pp), depth + 1,
+                                    offset + (int)(p - *pp), depth + 1,
                                     indent, dump);
                     if (r == 0)
                         goto end;
-                    tmp -= p - sp;
+                    tmp -= (long)(p - sp);
                 }
             }
         } else if (xclass != 0) {

diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c
index fab66d791bddca87f1310054ae5157b67b7e58ac..430bd38eadb19da4c2aa99086e8430dac3be3ebb 100644 (file)
--- a/crypto/asn1/asn_mime.c
+++ b/crypto/asn1/asn_mime.c
@@ -647,12 +647,15 @@ static int multi_split(BIO *bio, int flags, const char *bound, STACK_OF(BIO) **r
 {
     char linebuf[MAX_SMLEN];
     int len, blen;
+    size_t blen_s = strlen(bound);
     int eol = 0, next_eol = 0;
     BIO *bpart = NULL;
     STACK_OF(BIO) *parts;
     char state, part, first;
 
-    blen = strlen(bound);
+    if (blen_s > MAX_SMLEN)
+        return 0;
+    blen = (int)blen_s;
     part = 0;
     state = 0;
     first = 1;
@@ -1028,10 +1031,8 @@ static void mime_param_free(MIME_PARAM *param)
  */
 static int mime_bound_check(char *line, int linelen, const char *bound, int blen)
 {
-    if (linelen == -1)
-        linelen = strlen(line);
-    if (blen == -1)
-        blen = strlen(bound);
+    if (linelen < 0 || blen < 0)
+        return 0;
     /* Quickly eliminate if line length too short */
     if (blen + 2 > linelen)
         return 0;

diff --git a/crypto/asn1/bio_asn1.c b/crypto/asn1/bio_asn1.c
index f1499425010d3b5c918c4c74affe71eaa4c3d440..05e71e9f06396aa41bb11dfc29c817892e2881a3 100644 (file)
--- a/crypto/asn1/bio_asn1.c
+++ b/crypto/asn1/bio_asn1.c
@@ -302,7 +302,12 @@ static int asn1_bio_read(BIO *b, char *in, int inl)
 
 static int asn1_bio_puts(BIO *b, const char *str)
 {
-    return asn1_bio_write(b, str, strlen(str));
+    size_t len = strlen(str);
+
+    if (len > INT_MAX)
+        return -1;
+
+    return asn1_bio_write(b, str, (int)len);
 }
 
 static int asn1_bio_gets(BIO *b, char *str, int size)

diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c
index 279609e603549dc939d7adc98324824f3d5b29f9..202be9fe4281cb85feb82d18a1b207993b26c4ae 100644 (file)
--- a/crypto/asn1/bio_ndef.c
+++ b/crypto/asn1/bio_ndef.c
@@ -150,7 +150,7 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
     if (*ndef_aux->boundary == NULL)
         return 0;
 
-    *plen = *ndef_aux->boundary - *pbuf;
+    *plen = (int)(*ndef_aux->boundary - *pbuf);
 
     return 1;
 }
@@ -223,7 +223,7 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
     if (*ndef_aux->boundary == NULL)
         return 0;
     *pbuf = *ndef_aux->boundary;
-    *plen = derlen - (*ndef_aux->boundary - ndef_aux->derbuf);
+    *plen = derlen - (int)(*ndef_aux->boundary - ndef_aux->derbuf);
 
     return 1;
 }

diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
index 7f68e5732800356058a3072ca73322183c9aa86b..d0c0be517bff0cfa0111c9550355c0dddb5917c6 100644 (file)
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -49,7 +49,7 @@ d2i_PrivateKey_decoder(int keytype, EVP_PKEY **a, const unsigned char **pp,
 
     /* This is just a probe. It might fail, so we ignore errors */
     ERR_set_mark();
-    p8info = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, len);
+    p8info = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, length);
     ERR_pop_to_mark();
     if (p8info != NULL) {
         int64_t v;

diff --git a/crypto/asn1/p5_scrypt.c b/crypto/asn1/p5_scrypt.c
index 4f3dcecd41ab8b4bf784592d132fa167f2539fbe..e87e6ec52437f6a4183891b4073cde9b72437813 100644 (file)
--- a/crypto/asn1/p5_scrypt.c
+++ b/crypto/asn1/p5_scrypt.c
@@ -30,7 +30,7 @@ ASN1_SEQUENCE(SCRYPT_PARAMS) = {
 
 IMPLEMENT_ASN1_FUNCTIONS(SCRYPT_PARAMS)
 
-static X509_ALGOR *pkcs5_scrypt_set(const unsigned char *salt, size_t saltlen,
+static X509_ALGOR *pkcs5_scrypt_set(const unsigned char *salt, int saltlen,
                                     size_t keylen, uint64_t N, uint64_t r,
                                     uint64_t p);
 
@@ -153,7 +153,7 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
     return NULL;
 }
 
-static X509_ALGOR *pkcs5_scrypt_set(const unsigned char *salt, size_t saltlen,
+static X509_ALGOR *pkcs5_scrypt_set(const unsigned char *salt, int saltlen,
                                     size_t keylen, uint64_t N, uint64_t r,
                                     uint64_t p)
 {

diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index c4f9d61514eba8e9645371841a1a0725c9e5b1eb..6d410606254a490330a21cddbe99a959624b34df 100644 (file)
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -351,7 +351,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
         } else if (ret == -1)
             return -1;
         if (aux && (aux->flags & ASN1_AFLG_BROKEN)) {
-            len = tmplen - (p - *in);
+            len = tmplen - (long)(p - *in);
             seq_nolen = 1;
         }
         /* If indefinite we don't do a length check */
@@ -401,7 +401,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
                     ERR_raise(ERR_LIB_ASN1, ASN1_R_UNEXPECTED_EOC);
                     goto err;
                 }
-                len -= p - q;
+                len -= (long)(p - q);
                 seq_eoc = 0;
                 break;
             }
@@ -432,7 +432,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
                 continue;
             }
             /* Update length */
-            len -= p - q;
+            len -= (long)(p - q);
         }
 
         /* Check for EOC if expecting one */
@@ -467,7 +467,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
             }
         }
         /* Save encoding */
-        if (!ossl_asn1_enc_save(pval, *in, p - *in, it))
+        if (!ossl_asn1_enc_save(pval, *in, (long)(p - *in), it))
             goto auxerr;
         if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
             goto auxerr;
@@ -538,7 +538,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
             return 0;
         }
         /* We read the field in OK so update length */
-        len -= p - q;
+        len -= (long)(p - q);
         if (exp_eoc) {
             /* If NDEF we must have an EOC here */
             if (!asn1_check_eoc(&p, len)) {
@@ -643,7 +643,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
                     ERR_raise(ERR_LIB_ASN1, ASN1_R_UNEXPECTED_EOC);
                     goto err;
                 }
-                len -= p - q;
+                len -= (long)(p - q);
                 sk_eoc = 0;
                 break;
             }
@@ -656,7 +656,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
                 ASN1_item_free(skfield, ASN1_ITEM_ptr(tt->item));
                 goto err;
             }
-            len -= p - q;
+            len -= (long)(p - q);
             if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val, skfield)) {
                 ERR_raise(ERR_LIB_ASN1, ERR_R_CRYPTO_LIB);
                 ASN1_item_free(skfield, ASN1_ITEM_ptr(tt->item));
@@ -775,9 +775,9 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
         if (inf) {
             if (!asn1_find_end(&p, plen, inf))
                 goto err;
-            len = p - cont;
+            len = (long)(p - cont);
         } else {
-            len = p - cont + plen;
+            len = (long)(p - cont) + plen;
             p += plen;
         }
     } else if (cst) {
@@ -799,7 +799,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
         if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0)) {
             goto err;
         }
-        len = buf.length;
+        len = (long)buf.length;
         /* Append a final null to string */
         if (!BUF_MEM_grow_clean(&buf, len + 1)) {
             ERR_raise(ERR_LIB_ASN1, ERR_R_BUF_LIB);
@@ -1017,7 +1017,7 @@ static int asn1_find_end(const unsigned char **in, long len, char inf)
         } else {
             p += plen;
         }
-        len -= p - q;
+        len -= (long)(p - q);
     }
     if (expected_eoc) {
         ERR_raise(ERR_LIB_ASN1, ASN1_R_MISSING_EOC);
@@ -1090,7 +1090,7 @@ static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
                 return 0;
         } else if (plen && !collect_data(buf, &p, plen))
             return 0;
-        len -= p - q;
+        len -= (long)(p - q);
     }
     if (inf) {
         ERR_raise(ERR_LIB_ASN1, ASN1_R_MISSING_EOC);
@@ -1102,9 +1102,14 @@ static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
 
 static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen)
 {
-    int len;
+    long len;
     if (buf) {
-        len = buf->length;
+        len = (long)buf->length;
+        if (len + plen < 0) {
+            /* resulting buffer length will not fit into long */
+            ERR_raise(ERR_LIB_ASN1, ASN1_R_LENGTH_TOO_LONG);
+            return 0;
+        }
         if (!BUF_MEM_grow_clean(buf, len + plen)) {
             ERR_raise(ERR_LIB_ASN1, ERR_R_BUF_LIB);
             return 0;
@@ -1167,7 +1172,7 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
             ctx->plen = plen;
             ctx->pclass = pclass;
             ctx->ptag = ptag;
-            ctx->hdrlen = p - q;
+            ctx->hdrlen = (int)(p - q);
             ctx->valid = 1;
             /*
              * If definite length, and no error, length + header can't exceed
@@ -1202,7 +1207,7 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
     }
 
     if ((i & 1) != 0)
-        plen = len - (p - q);
+        plen = len - (long)(p - q);
 
     if (inf != NULL)
         *inf = i & 1;

diff --git a/crypto/asn1/tasn_utl.c b/crypto/asn1/tasn_utl.c
index 67a9ccde62db4aba0fa310c891f6c13980eac3af..b9196397b4e7c47319b6f4d4749c9c7aa04bddf7 100644 (file)
--- a/crypto/asn1/tasn_utl.c
+++ b/crypto/asn1/tasn_utl.c
@@ -161,7 +161,7 @@ void ossl_asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
     }
 }
 
-int ossl_asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
+int ossl_asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, long inlen,
                        const ASN1_ITEM *it)
 {
     ASN1_ENCODING *enc = asn1_get_enc_ptr(pval, it);
@@ -170,8 +170,10 @@ int ossl_asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
         return 1;
 
     OPENSSL_free(enc->enc);
-    if (inlen <= 0)
+    if (inlen <= 0) {
+        enc->enc = NULL;
         return 0;
+    }
     if ((enc->enc = OPENSSL_malloc(inlen)) == NULL)
         return 0;
     memcpy(enc->enc, in, inlen);

diff --git a/crypto/async/async.c b/crypto/async/async.c
index 447c7976109c05b9ae5d249e6f3d47fac4fcbbb2..65beb8fa843ec74a38c8398b9dfee25364e1e045 100644 (file)
--- a/crypto/async/async.c
+++ b/crypto/async/async.c
@@ -344,7 +344,7 @@ int ASYNC_init_thread(size_t max_size, size_t init_size)
     async_pool *pool;
     size_t curr_size = 0;
 
-    if (init_size > max_size) {
+    if (init_size > max_size || max_size > INT_MAX) {
         ERR_raise(ERR_LIB_ASYNC, ASYNC_R_INVALID_POOL_SIZE);
         return 0;
     }
@@ -359,7 +359,7 @@ int ASYNC_init_thread(size_t max_size, size_t init_size)
     if (pool == NULL)
         return 0;
 
-    pool->jobs = sk_ASYNC_JOB_new_reserve(NULL, init_size);
+    pool->jobs = sk_ASYNC_JOB_new_reserve(NULL, (int)init_size);
     if (pool->jobs == NULL) {
         ERR_raise(ERR_LIB_ASYNC, ERR_R_CRYPTO_LIB);
         OPENSSL_free(pool);

diff --git a/crypto/bio/bf_buff.c b/crypto/bio/bf_buff.c
index 737910cc7514bd58c752e305bbe082ce891178a9..47f3d1cd6c6522799404f08c2b228b42ea7253ed 100644 (file)
--- a/crypto/bio/bf_buff.c
+++ b/crypto/bio/bf_buff.c
@@ -465,5 +465,9 @@ static int buffer_gets(BIO *b, char *buf, int size)
 
 static int buffer_puts(BIO *b, const char *str)
 {
-    return buffer_write(b, str, strlen(str));
+    size_t len = strlen(str);
+
+    if (len > INT_MAX)
+        return -1;
+    return buffer_write(b, str, (int)len);
 }

diff --git a/crypto/bio/bf_lbuf.c b/crypto/bio/bf_lbuf.c
index eed3dc4633e05aeec32705773d1dcc51a37628f6..a3b65e889268229dc83ddb902a5686b41bdd9102 100644 (file)
--- a/crypto/bio/bf_lbuf.c
+++ b/crypto/bio/bf_lbuf.c
@@ -133,14 +133,15 @@ static int linebuffer_write(BIO *b, const char *in, int inl)
         while ((foundnl || p - in > ctx->obuf_size - ctx->obuf_len)
                && ctx->obuf_len > 0) {
             int orig_olen = ctx->obuf_len;
+            int llen = (int)(p - in);
 
             i = ctx->obuf_size - ctx->obuf_len;
-            if (p - in > 0) {
-                if (i >= p - in) {
-                    memcpy(&(ctx->obuf[ctx->obuf_len]), in, p - in);
-                    ctx->obuf_len += p - in;
-                    inl -= p - in;
-                    num += p - in;
+            if (llen > 0) {
+                if (i >= llen) {
+                    memcpy(&(ctx->obuf[ctx->obuf_len]), in, llen);
+                    ctx->obuf_len += llen;
+                    inl -= llen;
+                    num += llen;
                     in = p;
                 } else {
                     memcpy(&(ctx->obuf[ctx->obuf_len]), in, i);
@@ -170,7 +171,7 @@ static int linebuffer_write(BIO *b, const char *in, int inl)
          * if a NL was found and there is anything to write.
          */
         if ((foundnl || p - in > ctx->obuf_size) && p - in > 0) {
-            i = BIO_write(b->next_bio, in, p - in);
+            i = BIO_write(b->next_bio, in, (int)(p - in));
             if (i <= 0) {
                 BIO_copy_next_retry(b);
                 if (i < 0)
@@ -311,5 +312,9 @@ static int linebuffer_gets(BIO *b, char *buf, int size)
 
 static int linebuffer_puts(BIO *b, const char *str)
 {
-    return linebuffer_write(b, str, strlen(str));
+    size_t len = strlen(str);
+
+    if (len > INT_MAX)
+        return -1;
+    return linebuffer_write(b, str, (int)len);
 }

diff --git a/crypto/bio/bf_prefix.c b/crypto/bio/bf_prefix.c
index 872efa13b5593daa72962f7c61facf7a8e101000..e13173fde10e28f778f64fb0ec1caa139eb91fc5 100644 (file)
--- a/crypto/bio/bf_prefix.c
+++ b/crypto/bio/bf_prefix.c
@@ -203,5 +203,9 @@ static int prefix_gets(BIO *b, char *buf, int size)
 
 static int prefix_puts(BIO *b, const char *str)
 {
-    return BIO_write(b, str, strlen(str));
+    size_t len = strlen(str);
+
+    if (len > INT_MAX)
+        return -1;
+    return BIO_write(b, str, (int)len);
 }

diff --git a/crypto/bio/bio_addr.c b/crypto/bio/bio_addr.c
index 4bdce0bbe84f541f4313179dff9e7b71e5bcec1f..7301165a7e37c309f85b43153ed0cf922b5135d8 100644 (file)
--- a/crypto/bio/bio_addr.c
+++ b/crypto/bio/bio_addr.c
@@ -427,7 +427,7 @@ int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai)
 socklen_t BIO_ADDRINFO_sockaddr_size(const BIO_ADDRINFO *bai)
 {
     if (bai != NULL)
-        return bai->bai_addrlen;
+        return (socklen_t)bai->bai_addrlen;
     return 0;
 }
 

diff --git a/crypto/bio/bio_cb.c b/crypto/bio/bio_cb.c
index 8e4f79ea3cd7a854839280466d7b8fd612a0801a..86d42a2b354c55bf6f74a911a3cbcc06ec0ee5f3 100644 (file)
--- a/crypto/bio/bio_cb.c
+++ b/crypto/bio/bio_cb.c
@@ -111,7 +111,7 @@ long BIO_debug_callback_ex(BIO *bio, int cmd, const char *argp, size_t len,
 
     b = (BIO *)bio->cb_arg;
     if (b != NULL)
-        BIO_write(b, buf, strlen(buf));
+        BIO_write(b, buf, (int)strlen(buf));
 #if !defined(OPENSSL_NO_STDIO)
     else
         fputs(buf, stderr);

diff --git a/crypto/bio/bio_dump.c b/crypto/bio/bio_dump.c
index a566a9efe48f7c2c5b102fa0041d3dd90d5f968c..88adb09de77752890278ef6fc39cd2fa20888c81 100644 (file)
--- a/crypto/bio/bio_dump.c
+++ b/crypto/bio/bio_dump.c
@@ -99,7 +99,7 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),
 #ifndef OPENSSL_NO_STDIO
 static int write_fp(const void *data, size_t len, void *fp)
 {
-    return UP_fwrite(data, len, 1, fp);
+    return (int)UP_fwrite(data, len, 1, fp);
 }
 
 int BIO_dump_fp(FILE *fp, const void *s, int len)
@@ -115,7 +115,9 @@ int BIO_dump_indent_fp(FILE *fp, const void *s, int len, int indent)
 
 static int write_bio(const void *data, size_t len, void *bp)
 {
-    return BIO_write((BIO *)bp, (const char *)data, len);
+    if (len > INT_MAX)
+        return -1;
+    return BIO_write((BIO *)bp, (const char *)data, (int)len);
 }
 
 int BIO_dump(BIO *bp, const void *s, int len)

diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c
index 66e575a837c9787336da9386cbc89bce8c3a31c3..0250524e47908417e7654f9f15d8487d9046ce9e 100644 (file)
--- a/crypto/bio/bio_lib.c
+++ b/crypto/bio/bio_lib.c
@@ -65,7 +65,7 @@ static long bio_call_callback(BIO *b, int oper, const char *argp, size_t len,
     if (inret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
         if (*processed > INT_MAX)
             return -1;
-        inret = *processed;
+        inret = (long)*processed;
     }
 
     ret = b->callback(b, oper, argp, argi, argl, inret);
@@ -433,9 +433,9 @@ int BIO_sendmmsg(BIO *b, BIO_MSG *msg,
 
     if (HAS_CALLBACK(b))
         ret = (size_t)bio_call_callback(b, BIO_CB_SENDMMSG | BIO_CB_RETURN,
-                                        (void *)&args, ret, 0, 0, ret, NULL);
+                                        (void *)&args, ret, 0, 0, (long)ret, NULL);
 
-    return ret;
+    return ret > 0;
 }
 
 int BIO_recvmmsg(BIO *b, BIO_MSG *msg,
@@ -480,9 +480,9 @@ int BIO_recvmmsg(BIO *b, BIO_MSG *msg,
 
     if (HAS_CALLBACK(b))
         ret = (size_t)bio_call_callback(b, BIO_CB_RECVMMSG | BIO_CB_RETURN,
-                                        (void *)&args, ret, 0, 0, ret, NULL);
+                                        (void *)&args, ret, 0, 0, (long)ret, NULL);
 
-    return ret;
+    return ret > 0;
 }
 
 int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc)
@@ -624,7 +624,7 @@ int BIO_get_line(BIO *bio, char *buf, int size)
         if (*ptr++ == '\n')
             break;
     *ptr = '\0';
-    return ret > 0 || BIO_eof(bio) ? ptr - buf : ret;
+    return ret > 0 || BIO_eof(bio) ? (int)(ptr - buf) : ret;
 }
 
 int BIO_indent(BIO *b, int indent, int max)

diff --git a/crypto/bio/bio_print.c b/crypto/bio/bio_print.c
index 887f3e194121b24f7fc42f562182728f0b630b7e..b987ecd750f65ea7118492e1bb2ae3022e3c7e92 100644 (file)
--- a/crypto/bio/bio_print.c
+++ b/crypto/bio/bio_print.c
@@ -103,7 +103,8 @@ _dopr(char **sbuffer,
     size_t currlen;
 
     state = DP_S_DEFAULT;
-    flags = currlen = cflags = min = 0;
+    currlen = 0;
+    flags = cflags = min = 0;
     max = -1;
     ch = *format++;
 
@@ -316,10 +317,10 @@ _dopr(char **sbuffer,
             case 's':
                 strvalue = va_arg(args, char *);
                 if (max < 0) {
-                    if (buffer)
+                    if (buffer || *maxlen > INT_MAX)
                         max = INT_MAX;
                     else
-                        max = *maxlen;
+                        max = (int)*maxlen;
                 }
                 if (!fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
                             flags, min, max))
@@ -334,8 +335,9 @@ _dopr(char **sbuffer,
             case 'n':
                 {
                     int *num;
+
                     num = va_arg(args, int *);
-                    *num = currlen;
+                    *num = (int)currlen;
                 }
                 break;
             case '%':
@@ -391,7 +393,7 @@ fmtstr(char **sbuffer,
 
     strln = OPENSSL_strnlen(value, max < 0 ? SIZE_MAX : (size_t)max);
 
-    padlen = min - strln;
+    padlen = (int)(min - strln);
     if (min < 0 || padlen < 0)
         padlen = 0;
     if (max >= 0) {
@@ -474,7 +476,7 @@ fmtint(char **sbuffer,
 
     zpadlen = max - place;
     spadlen =
-        min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - strlen(prefix);
+        min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - (int)strlen(prefix);
     if (zpadlen < 0)
         zpadlen = 0;
     if (spadlen < 0)

diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c
index b9c19402318775ca113845a1f3f1afde1d4bc7f6..1a131cc2a30f2f01b0750213ea0807cbefde47dc 100644 (file)
--- a/crypto/bio/bss_acpt.c
+++ b/crypto/bio/bss_acpt.c
@@ -554,10 +554,12 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
 
 static int acpt_puts(BIO *bp, const char *str)
 {
-    int n, ret;
+    int ret;
+    size_t n = strlen(str);
 
-    n = strlen(str);
-    ret = acpt_write(bp, str, n);
+    if (n > INT_MAX)
+        return -1;
+    ret = acpt_write(bp, str, (int)n);
     return ret;
 }
 

diff --git a/crypto/bio/bss_bio.c b/crypto/bio/bss_bio.c
index 3af3b27ea5ab492dacee711b830191ba5fd1fa39..81d08e91f2b5756b9342b21fc20b9d88e9d2a794 100644 (file)
--- a/crypto/bio/bss_bio.c
+++ b/crypto/bio/bss_bio.c
@@ -183,7 +183,7 @@ static int bio_read(BIO *bio, char *buf, int size_)
     }
     while (rest);
 
-    return size;
+    return (int)size;
 }
 
 /*-
@@ -332,7 +332,7 @@ static int bio_write(BIO *bio, const char *buf, int num_)
     }
     while (rest);
 
-    return num;
+    return (int)num;
 }
 
 /*-
@@ -474,7 +474,7 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
         if (b->peer == NULL || b->closed)
             ret = 0;
         else
-            ret = (long)b->size - b->len;
+            ret = (long)(b->size - b->len);
         break;
 
     case BIO_C_GET_READ_REQUEST:
@@ -600,7 +600,11 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
 
 static int bio_puts(BIO *bio, const char *str)
 {
-    return bio_write(bio, str, strlen(str));
+    size_t len = strlen(str);
+
+    if (len > INT_MAX)
+        return -1;
+    return bio_write(bio, str, (int)len);
 }
 
 static int bio_make_pair(BIO *bio1, BIO *bio2)
@@ -683,6 +687,9 @@ int BIO_new_bio_pair(BIO **bio1_p, size_t writebuf1,
     long r;
     int ret = 0;
 
+    if (writebuf1 > LONG_MAX || writebuf2 > LONG_MAX)
+        goto err;
+
     bio1 = BIO_new(BIO_s_bio());
     if (bio1 == NULL)
         goto err;
@@ -691,12 +698,12 @@ int BIO_new_bio_pair(BIO **bio1_p, size_t writebuf1,
         goto err;
 
     if (writebuf1) {
-        r = BIO_set_write_buf_size(bio1, writebuf1);
+        r = BIO_set_write_buf_size(bio1, (long)writebuf1);
         if (!r)
             goto err;
     }
     if (writebuf2) {
-        r = BIO_set_write_buf_size(bio2, writebuf2);
+        r = BIO_set_write_buf_size(bio2, (long)writebuf2);
         if (!r)
             goto err;
     }

diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c
index 9d00f18297ffc584947419735f086bf2fee19cf4..70b60b31273f64d840672f59eac7deffc3bd281a 100644 (file)
--- a/crypto/bio/bss_conn.c
+++ b/crypto/bio/bss_conn.c
@@ -751,10 +751,12 @@ static long conn_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
 
 static int conn_puts(BIO *bp, const char *str)
 {
-    int n, ret;
+    int ret;
+    size_t n = strlen(str);
 
-    n = strlen(str);
-    ret = conn_write(bp, str, n);
+    if (n > INT_MAX)
+        return -1;
+    ret = conn_write(bp, str, (int)n);
     return ret;
 }
 
@@ -810,7 +812,7 @@ int conn_gets(BIO *bio, char *buf, int size)
             break;
     }
     *ptr = '\0';
-    return ret > 0 || (bio->flags & BIO_FLAGS_IN_EOF) != 0 ? ptr - buf : ret;
+    return ret > 0 || (bio->flags & BIO_FLAGS_IN_EOF) != 0 ? (int)(ptr - buf) : ret;
 }
 
 static int conn_sendmmsg(BIO *bio, BIO_MSG *msg, size_t stride, size_t num_msgs,

diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c
index ea2550859ccdabf3ac7d2a76dc324318655912aa..70c1c01e10f5f2bebc39cadd4bb91eb811d9d085 100644 (file)
--- a/crypto/bio/bss_dgram.c
+++ b/crypto/bio/bss_dgram.c
@@ -1028,10 +1028,12 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 
 static int dgram_puts(BIO *bp, const char *str)
 {
-    int n, ret;
+    int ret;
+    size_t n = strlen(str);
 
-    n = strlen(str);
-    ret = dgram_write(bp, str, n);
+    if (n > INT_MAX)
+        return -1;
+    ret = dgram_write(bp, str, (int)n);
     return ret;
 }
 

diff --git a/crypto/bio/bss_dgram_pair.c b/crypto/bio/bss_dgram_pair.c
index 540f061ff59a91755522a62c712990daf7c9651b..e061208ad63bdf1bbb2d5f3d5db74d8c4175e29b 100644 (file)
--- a/crypto/bio/bss_dgram_pair.c
+++ b/crypto/bio/bss_dgram_pair.c
@@ -620,7 +620,7 @@ static int dgram_pair_ctrl_get_mtu(BIO *bio)
 {
     struct bio_dgram_pair_st *b = bio->ptr;
 
-    return b->mtu;
+    return (int)b->mtu;
 }
 
 /* BIO_dgram_set_mtu (BIO_CTRL_DGRAM_SET_MTU) */
@@ -807,6 +807,9 @@ int BIO_new_bio_dgram_pair(BIO **pbio1, size_t writebuf1,
     long r;
     BIO *bio1 = NULL, *bio2 = NULL;
 
+    if (writebuf1 > LONG_MAX || writebuf2 > LONG_MAX)
+        goto err;
+
     bio1 = BIO_new(BIO_s_dgram_pair());
     if (bio1 == NULL)
         goto err;
@@ -816,13 +819,13 @@ int BIO_new_bio_dgram_pair(BIO **pbio1, size_t writebuf1,
         goto err;
 
     if (writebuf1 > 0) {
-        r = BIO_set_write_buf_size(bio1, writebuf1);
+        r = BIO_set_write_buf_size(bio1, (long)writebuf1);
         if (r == 0)
             goto err;
     }
 
     if (writebuf2 > 0) {
-        r = BIO_set_write_buf_size(bio2, writebuf2);
+        r = BIO_set_write_buf_size(bio2, (long)writebuf2);
         if (r == 0)
             goto err;
     }
@@ -1037,7 +1040,7 @@ static int dgram_pair_read(BIO *bio, char *buf, int sz_)
     l = dgram_pair_read_actual(bio, buf, (size_t)sz_, NULL, NULL, 0);
     if (l < 0) {
         if (l != -BIO_R_NON_FATAL)
-            ERR_raise(ERR_LIB_BIO, -l);
+            ERR_raise(ERR_LIB_BIO, (int)-l);
         ret = -1;
     } else {
         ret = (int)l;
@@ -1090,7 +1093,7 @@ static int dgram_pair_recvmmsg(BIO *bio, BIO_MSG *msg,
             if (i > 0) {
                 ret = 1;
             } else {
-                ERR_raise(ERR_LIB_BIO, -l);
+                ERR_raise(ERR_LIB_BIO, (int)-l);
                 ret = 0;
             }
             goto out;
@@ -1127,7 +1130,7 @@ static int dgram_mem_read(BIO *bio, char *buf, int sz_)
     l = dgram_pair_read_actual(bio, buf, (size_t)sz_, NULL, NULL, 0);
     if (l < 0) {
         if (l != -BIO_R_NON_FATAL)
-            ERR_raise(ERR_LIB_BIO, -l);
+            ERR_raise(ERR_LIB_BIO, (int)-l);
         ret = -1;
     } else {
         ret = (int)l;
@@ -1289,7 +1292,7 @@ static int dgram_pair_write(BIO *bio, const char *buf, int sz_)
 
     l = dgram_pair_write_actual(bio, buf, (size_t)sz_, NULL, NULL, 0);
     if (l < 0) {
-        ERR_raise(ERR_LIB_BIO, -l);
+        ERR_raise(ERR_LIB_BIO, (int)-l);
         ret = -1;
     } else {
         ret = (int)l;
@@ -1304,10 +1307,11 @@ static int dgram_pair_sendmmsg(BIO *bio, BIO_MSG *msg,
                                size_t stride, size_t num_msg,
                                uint64_t flags, size_t *num_processed)
 {
-    ossl_ssize_t ret, l;
+    ossl_ssize_t l;
     BIO_MSG *m;
     size_t i;
     struct bio_dgram_pair_st *b = bio->ptr;
+    int ret = 0;
 
     if (num_msg == 0) {
         *num_processed = 0;
@@ -1329,8 +1333,7 @@ static int dgram_pair_sendmmsg(BIO *bio, BIO_MSG *msg,
             if (i > 0) {
                 ret = 1;
             } else {
-                ERR_raise(ERR_LIB_BIO, -l);
-                ret = 0;
+                ERR_raise(ERR_LIB_BIO, (int)-l);
             }
             goto out;
         }

diff --git a/crypto/bio/bss_fd.c b/crypto/bio/bss_fd.c
index 41514589a5dda1a6d9b6d00066edaaedb13bcae2..863ea6d6a3a3c4f35345c51a203ee3073e233ab6 100644 (file)
--- a/crypto/bio/bss_fd.c
+++ b/crypto/bio/bss_fd.c
@@ -116,7 +116,7 @@ static int fd_read(BIO *b, char *out, int outl)
 
     if (out != NULL) {
         clear_sys_error();
-        ret = UP_read(b->num, out, outl);
+        ret = (int)UP_read(b->num, out, outl);
         BIO_clear_retry_flags(b);
         if (ret <= 0) {
             if (BIO_fd_should_retry(ret))
@@ -132,7 +132,7 @@ static int fd_write(BIO *b, const char *in, int inl)
 {
     int ret;
     clear_sys_error();
-    ret = UP_write(b->num, in, inl);
+    ret = (int)UP_write(b->num, in, inl);
     BIO_clear_retry_flags(b);
     if (ret <= 0) {
         if (BIO_fd_should_retry(ret))
@@ -198,10 +198,12 @@ static long fd_ctrl(BIO *b, int cmd, long num, void *ptr)
 
 static int fd_puts(BIO *bp, const char *str)
 {
-    int n, ret;
+    int ret;
+    size_t n = strlen(str);
 
-    n = strlen(str);
-    ret = fd_write(bp, str, n);
+    if (n > INT_MAX)
+        return -1;
+    ret = fd_write(bp, str, (int)n);
     return ret;
 }
 
@@ -219,7 +221,7 @@ static int fd_gets(BIO *bp, char *buf, int size)
     ptr[0] = '\0';
 
     if (buf[0] != '\0')
-        ret = strlen(buf);
+        ret = (int)strlen(buf);
     return ret;
 }
 

diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c
index 2743a14417cf0642e3d9dba61318f22bb5490b1d..26b63f5c55d90a650645e8d8c62e38a4bf2e4f42 100644 (file)
--- a/crypto/bio/bss_file.c
+++ b/crypto/bio/bss_file.c
@@ -139,9 +139,9 @@ static int file_read(BIO *b, char *out, int outl)
 
     if (b->init && (out != NULL)) {
         if (b->flags & BIO_FLAGS_UPLINK_INTERNAL)
-            ret = UP_fread(out, 1, (int)outl, b->ptr);
+            ret = (int)UP_fread(out, 1, outl, b->ptr);
         else
-            ret = fread(out, 1, (int)outl, (FILE *)b->ptr);
+            ret = (int)fread(out, 1, outl, (FILE *)b->ptr);
         if (ret == 0
             && (b->flags & BIO_FLAGS_UPLINK_INTERNAL
                 ? UP_ferror((FILE *)b->ptr) : ferror((FILE *)b->ptr))) {
@@ -160,9 +160,9 @@ static int file_write(BIO *b, const char *in, int inl)
 
     if (b->init && (in != NULL)) {
         if (b->flags & BIO_FLAGS_UPLINK_INTERNAL)
-            ret = UP_fwrite(in, (int)inl, 1, b->ptr);
+            ret = (int)UP_fwrite(in, inl, 1, b->ptr);
         else
-            ret = fwrite(in, (int)inl, 1, (FILE *)b->ptr);
+            ret = (int)fwrite(in, inl, 1, (FILE *)b->ptr);
         if (ret)
             ret = inl;
         /* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */
@@ -348,17 +348,19 @@ static int file_gets(BIO *bp, char *buf, int size)
             goto err;
     }
     if (buf[0] != '\0')
-        ret = strlen(buf);
+        ret = (int)strlen(buf);
  err:
     return ret;
 }
 
 static int file_puts(BIO *bp, const char *str)
 {
-    int n, ret;
+    int ret;
+    size_t n = strlen(str);
 
-    n = strlen(str);
-    ret = file_write(bp, str, n);
+    if (n > INT_MAX)
+        return -1;
+    ret = file_write(bp, str, (int)n);
     return ret;
 }
 

diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c
index 8cbea38a9021a3ab09d73f617ee20f51872f17ad..02bd76544276f572198c86b625a8c24e76fba572 100644 (file)
--- a/crypto/bio/bss_mem.c
+++ b/crypto/bio/bss_mem.c
@@ -214,7 +214,7 @@ static int mem_read(BIO *b, char *out, int outl)
 static int mem_write(BIO *b, const char *in, int inl)
 {
     int ret = -1;
-    int blen;
+    size_t blen;
     BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr;
 
     if (b->flags & BIO_FLAGS_MEM_RDONLY) {
@@ -245,7 +245,7 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)
     char **pptr;
     BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr;
     BUF_MEM *bm, *bo;            /* bio_mem, bio_other */
-    long off, remain;
+    ossl_ssize_t off, remain;
 
     if (b->flags & BIO_FLAGS_MEM_RDONLY) {
         bm = bbm->buf;
@@ -280,10 +280,12 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)
         bm->data = (num != 0) ? bo->data + num : bo->data;
         bm->length = bo->length - num;
         bm->max = bo->max - num;
-        off = num;
+        off = (ossl_ssize_t)num;
         /* FALLTHRU */
     case BIO_C_FILE_TELL:
-        ret = off;
+        ret = (long)off;
+        if (off > LONG_MAX)
+            ret = -1;
         break;
     case BIO_CTRL_EOF:
         ret = (long)(bm->length == 0);
@@ -349,7 +351,7 @@ static int mem_gets(BIO *bp, char *buf, int size)
     if (bp->flags & BIO_FLAGS_MEM_RDONLY)
         bm = bbm->buf;
     BIO_clear_retry_flags(bp);
-    j = bm->length;
+    j = bm->length < INT_MAX ? (int)bm->length: INT_MAX;
     if ((size - 1) < j)
         j = size - 1;
     if (j <= 0) {
@@ -378,10 +380,12 @@ static int mem_gets(BIO *bp, char *buf, int size)
 
 static int mem_puts(BIO *bp, const char *str)
 {
-    int n, ret;
+    int ret;
+    size_t n = strlen(str);
 
-    n = strlen(str);
-    ret = mem_write(bp, str, n);
+    if (n > INT_MAX)
+        return -1;
+    ret = mem_write(bp, str, (int)n);
     /* memory semantics is that it will always work */
     return ret;
 }

diff --git a/crypto/bio/bss_null.c b/crypto/bio/bss_null.c
index ba266f186c2180824e6ea49bcaaa5bd2b707d58b..7d76db6b1b4b92c3f3dd1dd64d62cae1f946560d 100644 (file)
--- a/crypto/bio/bss_null.c
+++ b/crypto/bio/bss_null.c
@@ -79,7 +79,12 @@ static int null_gets(BIO *bp, char *buf, int size)
 
 static int null_puts(BIO *bp, const char *str)
 {
+    size_t n;
+
     if (str == NULL)
         return 0;
-    return strlen(str);
+    n = strlen(str);
+    if (n > INT_MAX)
+        return -1;
+    return (int)n;
 }

diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c
index 82f7be85ae0c305acb19694d07065f9c8029594e..fcce9f863f23f3c44e7d996628541cb4769344f9 100644 (file)
--- a/crypto/bio/bss_sock.c
+++ b/crypto/bio/bss_sock.c
@@ -286,10 +286,12 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
 
 static int sock_puts(BIO *bp, const char *str)
 {
-    int n, ret;
+    int ret;
+    size_t n = strlen(str);
 
-    n = strlen(str);
-    ret = sock_write(bp, str, n);
+    if (n > INT_MAX)
+        return -1;
+    ret = sock_write(bp, str, (int)n);
     return ret;
 }
 

diff --git a/crypto/bn/bn_add.c b/crypto/bn/bn_add.c
index ae3e549e44307f0ef1883f5fdc4dae0dbc48f38f..39ef1bc18317c0c9b688b911d84ddb69f92dd7a3 100644 (file)
--- a/crypto/bn/bn_add.c
+++ b/crypto/bn/bn_add.c
@@ -114,7 +114,7 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
         carry &= (t2 == 0);
     }
     *rp = carry;
-    r->top += carry;
+    r->top += (int)carry;
 
     r->neg = 0;
     bn_check_top(r);

diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c
index 6c6de1a30f54569376177bec0cf0039beb7020e9..29bf84537c4d3da89eaafe2c981a410578795692 100644 (file)
--- a/crypto/bn/bn_blind.c
+++ b/crypto/bn/bn_blind.c
@@ -186,7 +186,7 @@ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
             }
             mask = (BN_ULONG)0 - ((rtop - ntop) >> (8 * sizeof(ntop) - 1));
             /* always true, if (rtop >= ntop) n->top = r->top; */
-            n->top = (int)(rtop & ~mask) | (ntop & mask);
+            n->top = (int)((rtop & ~mask) | (ntop & mask));
             n->flags |= (BN_FLG_FIXED_TOP & ~mask);
         }
         ret = bn_mul_mont_fixed_top(n, n, r, b->m_ctx, ctx);

diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c
index 13de70eb0d50e2b4fd92114f4e966f6a6e2e7659..edaafca3c058095a9df90eaf9c79f5acb405e163 100644 (file)
--- a/crypto/bn/bn_gcd.c
+++ b/crypto/bn/bn_gcd.c
@@ -619,7 +619,7 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
         pow2_numbits_temp = r->d[i] | g->d[i];
         pow2_condition_mask = constant_time_is_zero_bn(pow2_flag);
         pow2_flag &= constant_time_is_zero_bn(pow2_numbits_temp);
-        pow2_shifts += pow2_flag;
+        pow2_shifts += (int)pow2_flag;
         pow2_numbits = constant_time_select_bn(pow2_condition_mask,
                                                pow2_numbits, pow2_numbits_temp);
     }
@@ -628,7 +628,7 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
     pow2_flag = 1;
     for (j = 0; j < BN_BITS2; j++) {
         pow2_flag &= pow2_numbits;
-        pow2_shifts += pow2_flag;
+        pow2_shifts += (int)pow2_flag;
         pow2_numbits >>= 1;
     }
 

diff --git a/crypto/bn/bn_intern.c b/crypto/bn/bn_intern.c
index 505a9dfcc391786b1545cadd00c9dadf8b213151..41066e8f5878611201f41ac04bb9cb86662cae3e 100644 (file)
--- a/crypto/bn/bn_intern.c
+++ b/crypto/bn/bn_intern.c
@@ -114,7 +114,7 @@ signed char *bn_compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len)
         r[j++] = sign * digit;
 
         window_val >>= 1;
-        window_val += bit * BN_is_bit_set(scalar, j + w);
+        window_val += bit * BN_is_bit_set(scalar, (int)(j + w));
 
         if (window_val > next_bit) {
             ERR_raise(ERR_LIB_BN, ERR_R_INTERNAL_ERROR);

diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index 470592731fa8fbbfeb758df8a59e9360b45c1e58..7981a3bdf1595f10fa3b44397dd419e12a725afe 100644 (file)
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -718,9 +718,9 @@ int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
         int res = 0;
 
         for (i = 0; i < b->top; i++) {
-            res = constant_time_select_int(constant_time_lt_bn(ap[i], bp[i]),
+            res = constant_time_select_int((int)constant_time_lt_bn(ap[i], bp[i]),
                                            -1, res);
-            res = constant_time_select_int(constant_time_lt_bn(bp[i], ap[i]),
+            res = constant_time_select_int((int)constant_time_lt_bn(bp[i], ap[i]),
                                            1, res);
         }
         return res;
@@ -1057,10 +1057,10 @@ int ossl_bn_is_word_fixed_top(const BIGNUM *a, const BN_ULONG w)
     if (a->neg || a->top == 0)
         return 0;
 
-    res = constant_time_select_int(constant_time_eq_bn(ap[0], w), 1, 0);
+    res = constant_time_select_int((int)constant_time_eq_bn(ap[0], w), 1, 0);
 
     for (i = 1; i < a->top; i++)
-        res = constant_time_select_int(constant_time_is_zero_bn(ap[i]),
+        res = constant_time_select_int((int)constant_time_is_zero_bn(ap[i]),
                                        res, 0);
     return res;
 }

diff --git a/crypto/bn/bn_mod.c b/crypto/bn/bn_mod.c
index 5f08bfa4a534248ffeed706bbb0c8d24cbdc2bbb..c3aa090046961a0c61d977164d3783bd1f2eaa8a 100644 (file)
--- a/crypto/bn/bn_mod.c
+++ b/crypto/bn/bn_mod.c
@@ -59,7 +59,7 @@ int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
     BN_ULONG carry, temp, mask, *rp, *tp = storage;
     const BN_ULONG *ap, *bp;
 
-    if (bn_wexpand(r, mtop) == NULL)
+    if (bn_wexpand(r, (int)mtop) == NULL)
         return 0;
 
     if (mtop > OSSL_NELEM(storage)) {
@@ -85,12 +85,12 @@ int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
         bi += (i - b->dmax) >> (8 * sizeof(i) - 1);
     }
     rp = r->d;
-    carry -= bn_sub_words(rp, tp, m->d, mtop);
+    carry -= bn_sub_words(rp, tp, m->d, (int)mtop);
     for (i = 0; i < mtop; i++) {
         rp[i] = (carry & tp[i]) | (~carry & rp[i]);
         ((volatile BN_ULONG *)tp)[i] = 0;
     }
-    r->top = mtop;
+    r->top = (int)mtop;
     r->flags |= BN_FLG_FIXED_TOP;
     r->neg = 0;
 
@@ -140,7 +140,7 @@ int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
     BN_ULONG borrow, carry, ta, tb, mask, *rp;
     const BN_ULONG *ap, *bp;
 
-    if (bn_wexpand(r, mtop) == NULL)
+    if (bn_wexpand(r, (int)mtop) == NULL)
         return 0;
 
     rp = r->d;
@@ -176,7 +176,7 @@ int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
         carry += (rp[i] < ta);
     }
 
-    r->top = mtop;
+    r->top = (int)mtop;
     r->flags |= BN_FLG_FIXED_TOP;
     r->neg = 0;
 

diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
index 4f08394d7f0a1dda2137b37c75599909559770e6..3cce2f7c1905fe04b5ea5e737d2b03e314ff649c 100644 (file)
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -467,7 +467,7 @@ BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock,
 }
 
 int ossl_bn_mont_ctx_set(BN_MONT_CTX *ctx, const BIGNUM *modulus, int ri, const unsigned char *rr,
-                         size_t rrlen, uint32_t nlo, uint32_t nhi)
+                         int rrlen, uint32_t nlo, uint32_t nhi)
 {
     if (BN_copy(&ctx->N, modulus) == NULL)
         return 0;

diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c
index d67331f1f634cd46b190783cdac909605f1e5d8d..57bc60daff1c9d18eed8633c3cf10852ac8932ca 100644 (file)
--- a/crypto/bn/bn_shift.c
+++ b/crypto/bn/bn_shift.c
@@ -37,7 +37,7 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a)
         c = t >> (BN_BITS2 - 1);
     }
     *rp = c;
-    r->top += c;
+    r->top += (int)c;
     bn_check_top(r);
     return 1;
 }

diff --git a/crypto/bn/rsaz_exp.h b/crypto/bn/rsaz_exp.h
index 49a0bf3bf19908b98a065ee2c630ecb79f13e46e..e5a741a52ba7a860ca1a6cee61cb92ec80545779 100644 (file)
--- a/crypto/bn/rsaz_exp.h
+++ b/crypto/bn/rsaz_exp.h
@@ -72,7 +72,7 @@ static ossl_inline BN_ULONG bn_reduce_once_in_place(BN_ULONG *r,
                                                     const BN_ULONG *m,
                                                     BN_ULONG *tmp, size_t num)
 {
-    carry -= bn_sub_words(tmp, r, m, num);
+    carry -= bn_sub_words(tmp, r, m, (int)num);
     bn_select_words(r, carry, r /* tmp < 0 */, tmp /* tmp >= 0 */, num);
     return carry;
 }

diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c
index 16f4b904ad853477ae420ab5d5e90f053953f056..83f303a956f831597c2761783d59cac4b989584e 100644 (file)
--- a/crypto/cmac/cmac.c
+++ b/crypto/cmac/cmac.c
@@ -149,7 +149,8 @@ int ossl_cmac_init(CMAC_CTX *ctx, const void *key, size_t keylen,
         ctx->nlast_block = -1;
         if (EVP_CIPHER_CTX_get0_cipher(ctx->cctx) == NULL)
             return 0;
-        if (EVP_CIPHER_CTX_set_key_length(ctx->cctx, keylen) <= 0)
+        if (keylen > INT_MAX
+            || EVP_CIPHER_CTX_set_key_length(ctx->cctx, (int)keylen) <= 0)
             return 0;
         if (!EVP_EncryptInit_ex2(ctx->cctx, NULL, key, zero_iv, param))
             return 0;
@@ -198,7 +199,7 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
             nleft = dlen;
         memcpy(ctx->last_block + ctx->nlast_block, data, nleft);
         dlen -= nleft;
-        ctx->nlast_block += nleft;
+        ctx->nlast_block += (int)nleft;
         /* If no more to process return */
         if (dlen == 0)
             return 1;
@@ -224,14 +225,14 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
         }
     } else {
         while (cipher_blocks > max_burst_blocks) {
-            if (EVP_Cipher(ctx->cctx, buf, data, max_burst_blocks * bl) <= 0)
+            if (EVP_Cipher(ctx->cctx, buf, data, (int)(max_burst_blocks * bl)) <= 0)
                 return 0;
             dlen -= max_burst_blocks * bl;
             data += max_burst_blocks * bl;
             cipher_blocks -= max_burst_blocks;
         }
         if (cipher_blocks > 0) {
-            if (EVP_Cipher(ctx->cctx, buf, data, cipher_blocks * bl) <= 0)
+            if (EVP_Cipher(ctx->cctx, buf, data, (int)(cipher_blocks * bl)) <= 0)
                 return 0;
             dlen -= cipher_blocks * bl;
             data += cipher_blocks * bl;
@@ -240,7 +241,7 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
     }
     /* Copy any data left to last block buffer */
     memcpy(ctx->last_block, data, dlen);
-    ctx->nlast_block = dlen;
+    ctx->nlast_block = (int)dlen;
     return 1;
 
 }

diff --git a/crypto/cmp/cmp_genm.c b/crypto/cmp/cmp_genm.c
index 6afe3e720ea22366eaa4ad0e0ba320e3b62a9df6..138592167d58f365ed5afa1ab0dc07247f107cfa 100644 (file)
--- a/crypto/cmp/cmp_genm.c
+++ b/crypto/cmp/cmp_genm.c
@@ -124,7 +124,7 @@ static OSSL_CMP_ITAV *get_genm_itav(OSSL_CMP_CTX *ctx,
             return itav;
         }
 
-        if (OBJ_obj2txt(name + offset, sizeof(name) - offset, obj, 0) < 0)
+        if (OBJ_obj2txt(name + offset, (int)(sizeof(name) - offset), obj, 0) < 0)
             strcat(name, "<unknown>");
         ossl_cmp_log2(WARN, ctx, "%s' while expecting 'id-it-%s'", name, desc);
         OSSL_CMP_ITAV_free(itav);

diff --git a/crypto/cmp/cmp_hdr.c b/crypto/cmp/cmp_hdr.c
index d00c9f76bb42b5db08b0755d595467e4ac75a798..74e97afe0f20678c00f71f85ca81684a1058edb4 100644 (file)
--- a/crypto/cmp/cmp_hdr.c
+++ b/crypto/cmp/cmp_hdr.c
@@ -119,7 +119,7 @@ int ossl_cmp_hdr_update_messageTime(OSSL_CMP_PKIHEADER *hdr)
 }
 
 /* assign to *tgt a random byte array of given length */
-static int set_random(ASN1_OCTET_STRING **tgt, OSSL_CMP_CTX *ctx, size_t len)
+static int set_random(ASN1_OCTET_STRING **tgt, OSSL_CMP_CTX *ctx, int len)
 {
     unsigned char *bytes = OPENSSL_malloc(len);
     int res = 0;

diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c
index e4f3bffed720ff92115a4c5db95107ff5d381582..f325c4505f543b3e2c4e25eefdce7e63fa9a81ee 100644 (file)
--- a/crypto/cmp/cmp_protect.c
+++ b/crypto/cmp/cmp_protect.c
@@ -92,11 +92,11 @@ ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_CTX *ctx,
                                &protection, &sig_len))
             goto end;
 
-        if ((prot = ASN1_BIT_STRING_new()) == NULL)
+        if (sig_len > INT_MAX || (prot = ASN1_BIT_STRING_new()) == NULL)
             goto end;
         /* OpenSSL by default encodes all bit strings as ASN.1 NamedBitList */
         ossl_asn1_string_set_bits_left(prot, 0);
-        if (!ASN1_BIT_STRING_set(prot, protection, sig_len)) {
+        if (!ASN1_BIT_STRING_set(prot, protection, (int)sig_len)) {
             ASN1_BIT_STRING_free(prot);
             prot = NULL;
         }

diff --git a/crypto/cmp/cmp_util.c b/crypto/cmp/cmp_util.c
index f3c21c5d914cdc88629797009168cd8e170cc232..95859cbfb092a13f85f5e33476ac3f9e6bd3cb8c 100644 (file)
--- a/crypto/cmp/cmp_util.c
+++ b/crypto/cmp/cmp_util.c
@@ -55,7 +55,7 @@ static OSSL_CMP_severity parse_level(const char *level)
 
     if (HAS_PREFIX(level, OSSL_CMP_LOG_PREFIX))
         level += strlen(OSSL_CMP_LOG_PREFIX);
-    len = end_level - level;
+    len = (int)(end_level - level);
     if (len > max_level_len)
         return -1;
     OPENSSL_strlcpy(level_copy, level, len + 1);

diff --git a/crypto/cms/cms_dh.c b/crypto/cms/cms_dh.c
index b49e5f7f5366e81c255c32b58350bfa1c235d077..531339cd5dfe0ba51419fb0a036477b395b0a1a8 100644 (file)
--- a/crypto/cms/cms_dh.c
+++ b/crypto/cms/cms_dh.c
@@ -85,7 +85,7 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
     ASN1_OCTET_STRING *ukm;
     const unsigned char *p;
     unsigned char *dukm = NULL;
-    size_t dukmlen = 0;
+    int dukmlen = 0;
     int keylen, plen;
     EVP_CIPHER *kekcipher = NULL;
     EVP_CIPHER_CTX *kekctx;
@@ -201,7 +201,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri)
     ASN1_OCTET_STRING *ukm;
     unsigned char *penc = NULL, *dukm = NULL;
     int penclen;
-    size_t dukmlen = 0;
+    int dukmlen = 0;
     int rv = 0;
     int kdf_type, wrap_nid;
     const EVP_MD *kdf_md;

diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c
index ea8f07e1affc655a4ead339a08145b1e6bc5fabf..276545155005e2bab168197117ce95c8226edef5 100644 (file)
--- a/crypto/cms/cms_enc.c
+++ b/crypto/cms/cms_enc.c
@@ -107,7 +107,7 @@ BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec,
             piv = aparams.iv;
             if (ec->taglen > 0
                     && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
-                                           ec->taglen, ec->tag) <= 0) {
+                                           (int)ec->taglen, ec->tag) <= 0) {
                 ERR_raise(ERR_LIB_CMS, CMS_R_CIPHER_AEAD_SET_TAG_ERROR);
                 goto err;
             }
@@ -140,7 +140,7 @@ BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec,
 
     if (ec->keylen != tkeylen) {
         /* If necessary set key length */
-        if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0) {
+        if (EVP_CIPHER_CTX_set_key_length(ctx, (int)ec->keylen) <= 0) {
             /*
              * Only reveal failure if debugging so we don't leak information
              * which may be useful in MMA.

diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
index 375239c78db398eadb04d271da3bf7deeffe0e49..5c0872069379ecc9c03f2c980951b7b6c1f27301 100644 (file)
--- a/crypto/cms/cms_env.c
+++ b/crypto/cms/cms_env.c
@@ -552,7 +552,7 @@ static int cms_RecipientInfo_ktri_encrypt(const CMS_ContentInfo *cms,
     if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0)
         goto err;
 
-    ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
+    ASN1_STRING_set0(ktri->encryptedKey, ek, (int)eklen);
     ek = NULL;
 
     ret = 1;
@@ -700,7 +700,7 @@ CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
     CMS_KEKRecipientInfo *kekri;
     STACK_OF(CMS_RecipientInfo) *ris = CMS_get0_RecipientInfos(cms);
 
-    if (ris == NULL)
+    if (ris == NULL || idlen > INT_MAX)
         goto err;
 
     if (nid == NID_undef) {
@@ -774,7 +774,7 @@ CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
     kekri->key = key;
     kekri->keylen = keylen;
 
-    ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen);
+    ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, (int)idlen);
 
     kekri->kekid->date = date;
 
@@ -909,7 +909,7 @@ static int cms_RecipientInfo_kekri_encrypt(const CMS_ContentInfo *cms,
 
     EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
     if (!EVP_EncryptInit_ex(ctx, cipher, NULL, kekri->key, NULL)
-            || !EVP_EncryptUpdate(ctx, wkey, &wkeylen, ec->key, ec->keylen)
+            || !EVP_EncryptUpdate(ctx, wkey, &wkeylen, ec->key, (int)ec->keylen)
             || !EVP_EncryptFinal_ex(ctx, wkey + wkeylen, &outlen)) {
         ERR_raise(ERR_LIB_CMS, CMS_R_WRAP_ERROR);
         goto err;

diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c
index ba7579f9f23088168fbda48f33bde7e50c3d5c26..8f799dc1804c72bb8b66b9f2f0e2b698104bb8a4 100644 (file)
--- a/crypto/cms/cms_kari.c
+++ b/crypto/cms/cms_kari.c
@@ -219,7 +219,7 @@ static int cms_kek_cipher(unsigned char **pout, size_t *poutlen,
     int outlen;
 
     keklen = EVP_CIPHER_CTX_get_key_length(kari->ctx);
-    if (keklen > EVP_MAX_KEY_LENGTH)
+    if (keklen > EVP_MAX_KEY_LENGTH || inlen > INT_MAX)
         return 0;
     /* Derive KEK */
     if (EVP_PKEY_derive(kari->pctx, kek, &keklen) <= 0)
@@ -228,12 +228,12 @@ static int cms_kek_cipher(unsigned char **pout, size_t *poutlen,
     if (!EVP_CipherInit_ex(kari->ctx, NULL, NULL, kek, NULL, enc))
         goto err;
     /* obtain output length of ciphered key */
-    if (!EVP_CipherUpdate(kari->ctx, NULL, &outlen, in, inlen))
+    if (!EVP_CipherUpdate(kari->ctx, NULL, &outlen, in, (int)inlen))
         goto err;
     out = OPENSSL_malloc(outlen);
     if (out == NULL)
         goto err;
-    if (!EVP_CipherUpdate(kari->ctx, out, &outlen, in, inlen))
+    if (!EVP_CipherUpdate(kari->ctx, out, &outlen, in, (int)inlen))
         goto err;
     *pout = out;
     *poutlen = (size_t)outlen;
@@ -525,7 +525,7 @@ int ossl_cms_RecipientInfo_kari_encrypt(const CMS_ContentInfo *cms,
         if (!cms_kek_cipher(&enckey, &enckeylen, ec->key, ec->keylen,
                             kari, 1))
             return 0;
-        ASN1_STRING_set0(rek->encryptedKey, enckey, enckeylen);
+        ASN1_STRING_set0(rek->encryptedKey, enckey, (int)enckeylen);
     }
 
     return 1;

diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
index efed89a017a99b8f5a1e8bf724a4851d02857574..5f68ad4b36c03c1aa655f5d5bceadf77996de45f 100644 (file)
--- a/crypto/cms/cms_pwri.c
+++ b/crypto/cms/cms_pwri.c
@@ -203,18 +203,18 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
                           const unsigned char *in, size_t inlen,
                           EVP_CIPHER_CTX *ctx)
 {
-    size_t blocklen = EVP_CIPHER_CTX_get_block_size(ctx);
+    int blocklen = EVP_CIPHER_CTX_get_block_size(ctx);
     unsigned char *tmp;
     int outl, rv = 0;
 
-    if (blocklen == 0)
+    if (blocklen <= 0)
         return 0;
 
-    if (inlen < 2 * blocklen) {
+    if (inlen < 2 * (size_t)blocklen) {
         /* too small */
         return 0;
     }
-    if (inlen % blocklen) {
+    if (inlen > INT_MAX || inlen % blocklen) {
         /* Invalid size */
         return 0;
     }
@@ -231,12 +231,12 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
         || !EVP_DecryptUpdate(ctx, tmp, &outl,
                               tmp + inlen - blocklen, blocklen)
         /* Can now decrypt first n - 1 blocks */
-        || !EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen)
+        || !EVP_DecryptUpdate(ctx, tmp, &outl, in, (int)(inlen - blocklen))
 
         /* Reset IV to original value */
         || !EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL)
         /* Decrypt again */
-        || !EVP_DecryptUpdate(ctx, tmp, &outl, tmp, inlen))
+        || !EVP_DecryptUpdate(ctx, tmp, &outl, tmp, (int)inlen))
         goto err;
     /* Check check bytes */
     if (((tmp[1] ^ tmp[4]) & (tmp[2] ^ tmp[5]) & (tmp[3] ^ tmp[6])) != 0xff) {
@@ -294,8 +294,8 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen,
                              olen - 4 - inlen, 0) <= 0)
             return 0;
         /* Encrypt twice */
-        if (!EVP_EncryptUpdate(ctx, out, &dummy, out, olen)
-            || !EVP_EncryptUpdate(ctx, out, &dummy, out, olen))
+        if (!EVP_EncryptUpdate(ctx, out, &dummy, out, (int)olen)
+            || !EVP_EncryptUpdate(ctx, out, &dummy, out, (int)olen))
             return 0;
     }
 
@@ -371,7 +371,7 @@ int ossl_cms_RecipientInfo_pwri_crypt(const CMS_ContentInfo *cms,
     /* Finish password based key derivation to setup key in "ctx" */
 
     if (EVP_PBE_CipherInit_ex(algtmp->algorithm,
-                              (char *)pwri->pass, pwri->passlen,
+                              (char *)pwri->pass, (int)pwri->passlen,
                               algtmp->parameter, kekctx, en_de,
                               cms_ctx->libctx, cms_ctx->propq) < 0) {
         ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB);
@@ -393,7 +393,7 @@ int ossl_cms_RecipientInfo_pwri_crypt(const CMS_ContentInfo *cms,
         if (!kek_wrap_key(key, &keylen, ec->key, ec->keylen, kekctx, cms_ctx))
             goto err;
         pwri->encryptedKey->data = key;
-        pwri->encryptedKey->length = keylen;
+        pwri->encryptedKey->length = (int)keylen;
     } else {
         key = OPENSSL_malloc(pwri->encryptedKey->length);
         if (key == NULL)

diff --git a/crypto/cms/cms_rsa.c b/crypto/cms/cms_rsa.c
index f132df5c8a0f97351472bacb55b67515e0bb4266..bb65a34ded5b21d7cdcc7c6fafbcd371090f2a65 100644 (file)
--- a/crypto/cms/cms_rsa.c
+++ b/crypto/cms/cms_rsa.c
@@ -236,7 +236,7 @@ static int rsa_cms_sign(CMS_SignerInfo *si)
         return 0;
     if ((aid_len = params[0].return_size) == 0)
         return 0;
-    if (d2i_X509_ALGOR(&alg, &pp, aid_len) == NULL)
+    if (d2i_X509_ALGOR(&alg, &pp, (long)aid_len) == NULL)
         return 0;
     return 1;
 }

diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index 9d5b8607de0e2659661e9dedd08ec155fcb6112d..80f7d73d6dd09b30e25b0f17201089c6b54fb37e 100644 (file)
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -799,7 +799,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
             OPENSSL_free(sig);
             goto err;
         }
-        ASN1_STRING_set0(si->signature, sig, siglen);
+        ASN1_STRING_set0(si->signature, sig, (int)siglen);
     } else {
         unsigned char *sig;
         unsigned int siglen;
@@ -910,7 +910,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
 
     EVP_MD_CTX_reset(mctx);
 
-    ASN1_STRING_set0(si->signature, abuf, siglen);
+    ASN1_STRING_set0(si->signature, abuf, (int)siglen);
 
     return 1;
 

diff --git a/crypto/comp/c_brotli.c b/crypto/comp/c_brotli.c
index 07e1e76471c5d199c30b200dc22f2d7688498cb9..43ae36f5065f512df8592e826fa91871deee7dd2 100644 (file)
--- a/crypto/comp/c_brotli.c
+++ b/crypto/comp/c_brotli.c
@@ -553,10 +553,10 @@ static int bio_brotli_read(BIO *b, char *out, int outl)
          * No data in input buffer try to read some in, if an error then
          * return the total data read.
          */
-        ret = BIO_read(next, ctx->decode.buf, ctx->decode.bufsize);
+        ret = BIO_read(next, ctx->decode.buf, (int)ctx->decode.bufsize);
         if (ret <= 0) {
             /* Total data read */
-            int tot = outl - ctx->decode.avail_out;
+            int tot = outl - (int)ctx->decode.avail_out;
 
             BIO_copy_next_retry(b);
             if (ret < 0)
@@ -608,10 +608,10 @@ static int bio_brotli_write(BIO *b, const char *in, int inl)
     for (;;) {
         /* If data in output buffer write it first */
         while (ctx->encode.count > 0) {
-            ret = BIO_write(next, ctx->encode.ptr, ctx->encode.count);
+            ret = BIO_write(next, ctx->encode.ptr, (int)ctx->encode.count);
             if (ret <= 0) {
                 /* Total data written */
-                int tot = inl - ctx->encode.avail_in;
+                int tot = inl - (int)ctx->encode.avail_in;
 
                 BIO_copy_next_retry(b);
                 if (ret < 0)
@@ -664,7 +664,7 @@ static int bio_brotli_flush(BIO *b)
     for (;;) {
         /* If data in output buffer write it first */
         while (ctx->encode.count > 0) {
-            ret = BIO_write(next, ctx->encode.ptr, ctx->encode.count);
+            ret = BIO_write(next, ctx->encode.ptr, (int)ctx->encode.count);
             if (ret <= 0) {
                 BIO_copy_next_retry(b);
                 return ret;

diff --git a/crypto/comp/c_zstd.c b/crypto/comp/c_zstd.c
index b4667649f3ce0ce1a425d673b0b22ff4e1bd0c99..a1c83279fa0fb2e73e0c7cb9d28e0368c01e6ef6 100644 (file)
--- a/crypto/comp/c_zstd.c
+++ b/crypto/comp/c_zstd.c
@@ -613,19 +613,19 @@ static int bio_zstd_read(BIO *b, char *out, int outl)
             }
             /* No more output space */
             if (outBuf.pos == outBuf.size)
-                return outBuf.pos;
+                return (int)outBuf.pos;
         } while (ctx->decompress.inbuf.pos < ctx->decompress.inbuf.size);
 
         /*
          * No data in input buffer try to read some in, if an error then
          * return the total data read.
          */
-        ret = BIO_read(next, ctx->decompress.buffer, ctx->decompress.bufsize);
+        ret = BIO_read(next, ctx->decompress.buffer, (int)ctx->decompress.bufsize);
         if (ret <= 0) {
             BIO_copy_next_retry(b);
             if (ret < 0 && outBuf.pos == 0)
                 return ret;
-            return outBuf.pos;
+            return (int)outBuf.pos;
         }
         ctx->decompress.inbuf.size = ret;
         ctx->decompress.inbuf.pos = 0;
@@ -665,19 +665,19 @@ static int bio_zstd_write(BIO *b, const char *in, int inl)
         /* If data in output buffer write it first */
         while (ctx->compress.write_pos < ctx->compress.outbuf.pos) {
             ret = BIO_write(next, (unsigned char*)ctx->compress.outbuf.dst + ctx->compress.write_pos,
-                            ctx->compress.outbuf.pos - ctx->compress.write_pos);
+                            (int)(ctx->compress.outbuf.pos - ctx->compress.write_pos));
             if (ret <= 0) {
                 BIO_copy_next_retry(b);
                 if (ret < 0 && inBuf.pos == 0)
                     return ret;
-                return inBuf.pos;
+                return (int)inBuf.pos;
             }
             ctx->compress.write_pos += ret;
         }
 
         /* Have we consumed all supplied data? */
         if (done)
-            return inBuf.pos;
+            return (int)inBuf.pos;
 
         /* Reset buffer */
         ctx->compress.outbuf.pos = 0;
@@ -717,7 +717,7 @@ static int bio_zstd_flush(BIO *b)
         /* If data in output buffer write it first */
         while (ctx->compress.write_pos < ctx->compress.outbuf.pos) {
             ret = BIO_write(next, (unsigned char*)ctx->compress.outbuf.dst + ctx->compress.write_pos,
-                            ctx->compress.outbuf.pos - ctx->compress.write_pos);
+                            (int)(ctx->compress.outbuf.pos - ctx->compress.write_pos));
             if (ret <= 0) {
                 BIO_copy_next_retry(b);
                 return ret;

diff --git a/crypto/comp/comp_lib.c b/crypto/comp/comp_lib.c
index 56ca17a7a54a1222c1774920754446b372f4ac36..817b5cd3632f4641c0220887be0590a6d652167f 100644 (file)
--- a/crypto/comp/comp_lib.c
+++ b/crypto/comp/comp_lib.c
@@ -68,7 +68,7 @@ int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
     if (ctx->meth->compress == NULL) {
         return -1;
     }
-    ret = ctx->meth->compress(ctx, out, olen, in, ilen);
+    ret = (int)ctx->meth->compress(ctx, out, olen, in, ilen);
     if (ret > 0) {
         ctx->compress_in += ilen;
         ctx->compress_out += ret;
@@ -84,7 +84,7 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
     if (ctx->meth->expand == NULL) {
         return -1;
     }
-    ret = ctx->meth->expand(ctx, out, olen, in, ilen);
+    ret = (int)ctx->meth->expand(ctx, out, olen, in, ilen);
     if (ret > 0) {
         ctx->expand_in += ilen;
         ctx->expand_out += ret;

diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c
index 5b1bf0e78f394d68a4244949c5e8e6c1d4d60ee5..2989259d50a27ae67fab9bcb8b100d1d41d1a618 100644 (file)
--- a/crypto/conf/conf_api.c
+++ b/crypto/conf/conf_api.c
@@ -192,7 +192,7 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section)
         goto err;
     if ((v = OPENSSL_malloc(sizeof(*v))) == NULL)
         goto err;
-    i = strlen(section) + 1;
+    i = (int)strlen(section) + 1;
     if ((v->section = OPENSSL_malloc(i)) == NULL)
         goto err;
 

diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
index 399aefb1996318515c51051872e33e17682acbd9..be3bafe0b45c0900a0626cd9c72d82aaf06f55d1 100644 (file)
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -263,7 +263,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
         if (in != NULL && BIO_gets(in, p, CONFBUFSIZE - 1) < 0)
             goto err;
         p[CONFBUFSIZE - 1] = '\0';
-        ii = i = strlen(p);
+        ii = i = (int)strlen(p);
         if (first_call) {
             /* Other BOMs imply unsupported multibyte encoding,
              * so don't strip them and let the error raise */
@@ -641,15 +641,14 @@ static void clear_comments(CONF *conf, char *p)
 
 static int str_copy(CONF *conf, char *section, char **pto, char *from)
 {
-    int q, r, rr = 0, to = 0, len = 0;
+    int q, r, rr = 0, to = 0;
     char *s, *e, *rp, *p, *rrp, *np, *cp, v;
     BUF_MEM *buf;
 
     if ((buf = BUF_MEM_new()) == NULL)
         return 0;
 
-    len = strlen(from) + 1;
-    if (!BUF_MEM_grow(buf, len))
+    if (!BUF_MEM_grow(buf, strlen(from) + 1))
         goto err;
 
     for (;;) {
@@ -771,11 +770,6 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from)
             while (*p)
                 buf->data[to++] = *(p++);
 
-            /*
-             * Since we change the pointer 'from', we also have to change the
-             * perceived length of the string it points at.  /RL
-             */
-            len -= e - from;
             from = e;
 
             /*

diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
index 9d49a5f69d109ad4420dfde16b15bfdd46031b2f..ce8ff4da3062d6082db59f27b290f65a75b527a3 100644 (file)
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -396,7 +396,8 @@ static CONF_MODULE *module_add(DSO *dso, const char *name,
 static CONF_MODULE *module_find(const char *name)
 {
     CONF_MODULE *tmod;
-    int i, nchar;
+    int i;
+    size_t nchar;
     char *p;
     STACK_OF(CONF_MODULE) *mods;
 
@@ -754,7 +755,7 @@ int CONF_parse_list(const char *list_, int sep, int nospc,
                 while (isspace((unsigned char)*tmpend))
                     tmpend--;
             }
-            ret = list_cb(lstart, tmpend - lstart + 1, arg);
+            ret = list_cb(lstart, (int)(tmpend - lstart + 1), arg);
         }
         if (ret <= 0)
             return ret;

diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c
index 4b1380a6f2dc11d4add356ef6e8275bae3b6082e..c8ac441231c99b03a45ffc272592c52cac817363 100644 (file)
--- a/crypto/core_namemap.c
+++ b/crypto/core_namemap.c
@@ -179,7 +179,7 @@ int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap,
         return 0;
 
     HT_INIT_KEY(&key);
-    HT_SET_KEY_STRING_CASE_N(&key, name, name, name_len);
+    HT_SET_KEY_STRING_CASE_N(&key, name, name, (int)name_len);
 
     val = ossl_ht_get(namemap->namenum_ht, TO_HT_KEY(&key));
 
@@ -191,7 +191,7 @@ int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap,
 }
 
 const char *ossl_namemap_num2name(const OSSL_NAMEMAP *namemap, int number,
-                                  size_t idx)
+                                  int idx)
 {
     NAMES *names;
     const char *ret = NULL;

diff --git a/crypto/crmf/crmf_pbm.c b/crypto/crmf/crmf_pbm.c
index d4c7af38cb0fcc5c664ec5c5e0d2e883b3fd82b9..e65a3886f7232c90bf788b90e3f9ba081cf833c0 100644 (file)
--- a/crypto/crmf/crmf_pbm.c
+++ b/crypto/crmf/crmf_pbm.c
@@ -89,7 +89,7 @@ OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(OSSL_LIB_CTX *libctx, size_t slen,
         goto err;
     }
 
-    if (!ASN1_INTEGER_set(pbm->iterationCount, itercnt)) {
+    if (!ASN1_INTEGER_set(pbm->iterationCount, (long)itercnt)) {
         ERR_raise(ERR_LIB_CRMF, CRMF_R_CRMFERROR);
         goto err;
     }

diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
index 6c1947943879d7eaa6f3b6f4915ec12f7ff84483..933e11e721a761ba38e060e07dc6d6a62529ebb9 100644 (file)
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -60,7 +60,7 @@ int OPENSSL_isservice(void)
     }
 
     if (_OPENSSL_isservice.p != (void *)-1)
-        return (*_OPENSSL_isservice.f) ();
+        return (int)((*_OPENSSL_isservice.f)());
 
     h = GetProcessWindowStation();
     if (h == NULL)
@@ -144,7 +144,7 @@ void OPENSSL_showfatal(const char *fmta, ...)
                 fmt = (const TCHAR *)L"no stack?";
                 break;
             }
-            if (!MultiByteToWideChar(CP_ACP, 0, fmta, len_0, fmtw, len_0))
+            if (!MultiByteToWideChar(CP_ACP, 0, fmta, (int)len_0, fmtw, (int)len_0))
                 for (i = 0; i < len_0; i++)
                     fmtw[i] = (WCHAR)fmta[i];
             for (i = 0; i < len_0; i++) {

diff --git a/crypto/ct/ct_b64.c b/crypto/ct/ct_b64.c
index 2535442063b5310c9e2dea8748319fcc2d80039c..3fd62ba352933c7757f72915a26db129a0bd5ff3 100644 (file)
--- a/crypto/ct/ct_b64.c
+++ b/crypto/ct/ct_b64.c
@@ -27,17 +27,17 @@ static int ct_base64_decode(const char *in, unsigned char **out)
     int outlen, i;
     unsigned char *outbuf = NULL;
 
-    if (inlen == 0) {
+    if (inlen == 0 || inlen > INT_MAX) {
         *out = NULL;
         return 0;
     }
 
-    outlen = (inlen / 4) * 3;
+    outlen = (int)((inlen / 4) * 3);
     outbuf = OPENSSL_malloc(outlen);
     if (outbuf == NULL)
         goto err;
 
-    outlen = EVP_DecodeBlock(outbuf, (unsigned char *)in, inlen);
+    outlen = EVP_DecodeBlock(outbuf, (unsigned char *)in, (int)inlen);
     if (outlen < 0) {
         ERR_raise(ERR_LIB_CT, CT_R_BASE64_DECODE_ERROR);
         goto err;

diff --git a/crypto/ct/ct_oct.c b/crypto/ct/ct_oct.c
index 145b277109ef93c73a487a064a078cb6a3438060..0f35ab0d1a8def2d652a83e53dccdb077cd8eaf1 100644 (file)
--- a/crypto/ct/ct_oct.c
+++ b/crypto/ct/ct_oct.c
@@ -64,7 +64,7 @@ int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len)
     len_remaining -= siglen;
     *in = p + siglen;
 
-    return len - len_remaining;
+    return (int)(len - len_remaining);
 }
 
 SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len)
@@ -189,7 +189,7 @@ int i2o_SCT_signature(const SCT *sct, unsigned char **out)
         memcpy(p, sct->sig, sct->sig_len);
     }
 
-    return len;
+    return (int)len;
 err:
     OPENSSL_free(pstart);
     return -1;
@@ -215,8 +215,10 @@ int i2o_SCT(const SCT *sct, unsigned char **out)
     else
         len = sct->sct_len;
 
+    if (len > INT_MAX)
+        return -1;
     if (out == NULL)
-        return len;
+        return (int)len;
 
     if (*out != NULL) {
         p = *out;
@@ -244,7 +246,7 @@ int i2o_SCT(const SCT *sct, unsigned char **out)
         memcpy(p, sct->sct, len);
     }
 
-    return len;
+    return (int)len;
 err:
     OPENSSL_free(pstart);
     return -1;
@@ -357,7 +359,7 @@ int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp)
         if (!is_pp_new)
             *pp += len2;
     }
-    return len2;
+    return (int)len2;
 
  err:
     if (is_pp_new) {

diff --git a/crypto/ct/ct_prn.c b/crypto/ct/ct_prn.c
index 374235b7ec57eb7ba872228e6e9d7fe920d0c1b4..6c81a54364cf4736d704d0a2dbfcfd25ebc729dc 100644 (file)
--- a/crypto/ct/ct_prn.c
+++ b/crypto/ct/ct_prn.c
@@ -82,7 +82,7 @@ void SCT_print(const SCT *sct, BIO *out, int indent,
 
     if (sct->version != SCT_VERSION_V1) {
         BIO_printf(out, "unknown\n%*s", indent + 16, "");
-        BIO_hex_string(out, indent + 16, 16, sct->sct, sct->sct_len);
+        BIO_hex_string(out, indent + 16, 16, sct->sct, (int)sct->sct_len);
         return;
     }
 
@@ -94,7 +94,7 @@ void SCT_print(const SCT *sct, BIO *out, int indent,
     }
 
     BIO_printf(out, "\n%*sLog ID    : ", indent + 4, "");
-    BIO_hex_string(out, indent + 16, 16, sct->log_id, sct->log_id_len);
+    BIO_hex_string(out, indent + 16, 16, sct->log_id, (int)sct->log_id_len);
 
     BIO_printf(out, "\n%*sTimestamp : ", indent + 4, "");
     timestamp_print(sct->timestamp, out);
@@ -103,12 +103,12 @@ void SCT_print(const SCT *sct, BIO *out, int indent,
     if (sct->ext_len == 0)
         BIO_printf(out, "none");
     else
-        BIO_hex_string(out, indent + 16, 16, sct->ext, sct->ext_len);
+        BIO_hex_string(out, indent + 16, 16, sct->ext, (int)sct->ext_len);
 
     BIO_printf(out, "\n%*sSignature : ", indent + 4, "");
     SCT_signature_algorithms_print(sct, out);
     BIO_printf(out, "\n%*s            ", indent + 4, "");
-    BIO_hex_string(out, indent + 16, 16, sct->sig, sct->sig_len);
+    BIO_hex_string(out, indent + 16, 16, sct->sig, (int)sct->sig_len);
 }
 
 void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent,

diff --git a/crypto/des/str2key.c b/crypto/des/str2key.c
index f6687fe524f00c527eb97c5f0ed4e05acc30b34b..1595cd351883f51eef14b92c0c7e81a76c3f8b68 100644 (file)
--- a/crypto/des/str2key.c
+++ b/crypto/des/str2key.c
@@ -19,11 +19,14 @@
 void DES_string_to_key(const char *str, DES_cblock *key)
 {
     DES_key_schedule ks;
-    int i, length;
+    int i;
+    size_t length;
 
     memset(key, 0, 8);
     length = strlen(str);
-    for (i = 0; i < length; i++) {
+    if (length > INT_MAX)
+        length = INT_MAX;
+    for (i = 0; i < (int)length; i++) {
         register unsigned char j = str[i];
 
         if ((i % 16) < 8)
@@ -38,7 +41,7 @@ void DES_string_to_key(const char *str, DES_cblock *key)
     }
     DES_set_odd_parity(key);
     DES_set_key_unchecked(key, &ks);
-    DES_cbc_cksum((const unsigned char *)str, key, length, &ks, key);
+    DES_cbc_cksum((const unsigned char *)str, key, (int)length, &ks, key);
     OPENSSL_cleanse(&ks, sizeof(ks));
     DES_set_odd_parity(key);
 }
@@ -46,12 +49,15 @@ void DES_string_to_key(const char *str, DES_cblock *key)
 void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
 {
     DES_key_schedule ks;
-    int i, length;
+    int i;
+    size_t length;
 
     memset(key1, 0, 8);
     memset(key2, 0, 8);
     length = strlen(str);
-    for (i = 0; i < length; i++) {
+    if (length > INT_MAX)
+        length = INT_MAX;
+    for (i = 0; i < (int)length; i++) {
         register unsigned char j = str[i];
 
         if ((i % 32) < 16) {
@@ -74,9 +80,9 @@ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
     DES_set_odd_parity(key1);
     DES_set_odd_parity(key2);
     DES_set_key_unchecked(key1, &ks);
-    DES_cbc_cksum((const unsigned char *)str, key1, length, &ks, key1);
+    DES_cbc_cksum((const unsigned char *)str, key1, (int)length, &ks, key1);
     DES_set_key_unchecked(key2, &ks);
-    DES_cbc_cksum((const unsigned char *)str, key2, length, &ks, key2);
+    DES_cbc_cksum((const unsigned char *)str, key2, (int)length, &ks, key2);
     OPENSSL_cleanse(&ks, sizeof(ks));
     DES_set_odd_parity(key1);
     DES_set_odd_parity(key2);

diff --git a/crypto/deterministic_nonce.c b/crypto/deterministic_nonce.c
index 3da9ba420f2d2bd60b96a333e922b12407bb10c6..98ef226f41d20ee3062daf281f8a7e04b8dce009 100644 (file)
--- a/crypto/deterministic_nonce.c
+++ b/crypto/deterministic_nonce.c
@@ -28,7 +28,7 @@
 static int bits2int(BIGNUM *out, int qlen_bits,
                     const unsigned char *in, size_t inlen)
 {
-    int blen_bits = inlen * 8;
+    int blen_bits = (int)(inlen * 8);
     int shift;
 
     if (BN_bin2bn(in, (int)inlen, out) == NULL)
@@ -55,7 +55,7 @@ static int bits2int(BIGNUM *out, int qlen_bits,
 static int bits2int_consttime(BIGNUM *out, int qlen_bits,
                               const unsigned char *in, size_t inlen)
 {
-    int blen_bits = (inlen - sizeof(BN_ULONG)) * 8;
+    int blen_bits = (int)((inlen - sizeof(BN_ULONG)) * 8);
     int shift;
 
     if (BN_bin2bn(in, (int)inlen, out) == NULL)

diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index 80e1612256be21525aa5072020e9c59f8317c874..e181fc295d889dc834a452ba16f24c3ee0b44237 100644 (file)
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -410,7 +410,7 @@ static int dh_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
         dh = (DH *) EVP_PKEY_get0_DH(pkey);
         if (dh == NULL)
             return 0;
-        return ossl_dh_key2buf(dh, arg2, 0, 1);
+        return (int)ossl_dh_key2buf(dh, arg2, 0, 1);
     default:
         return -2;
     }

diff --git a/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c
index 5fa91a8ec7dcd048a6ffaf9a4c794a8e96766332..928df3a6db7e5bfc741520b1d4ce99b37f2a54bc 100644 (file)
--- a/crypto/dh/dh_asn1.c
+++ b/crypto/dh/dh_asn1.c
@@ -116,7 +116,7 @@ DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length)
 
     if (dhx->vparams != NULL) {
         /* The counter has a maximum value of 4 * numbits(p) - 1 */
-        size_t counter = (size_t)BN_get_word(dhx->vparams->counter);
+        int counter = (int)BN_get_word(dhx->vparams->counter);
         ossl_ffc_params_set_validate_params(params, dhx->vparams->seed->data,
                                             dhx->vparams->seed->length,
                                             counter);

diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 7132b9b68e5372dd2ad6fe7e5336f2dda8594040..fab29ff265ed18a7e783b436f9054d78e9bc845b 100644 (file)
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -114,7 +114,7 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
 int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
 {
     int ret = 0, i;
-    volatile size_t npad = 0, mask = 1;
+    volatile int npad = 0, mask = 1;
 
     /* compute the key; ret is constant unless compute_key is external */
 #ifdef FIPS_MODULE
@@ -392,7 +392,7 @@ int ossl_dh_buf2key(DH *dh, const unsigned char *buf, size_t len)
     const BIGNUM *p;
     int ret;
 
-    if ((pubkey = BN_bin2bn(buf, len, NULL)) == NULL)
+    if (len > INT_MAX || (pubkey = BN_bin2bn(buf, (int)len, NULL)) == NULL)
         goto err;
     DH_get0_pqg(dh, &p, NULL, NULL);
     if (p == NULL || BN_num_bytes(p) == 0) {

diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
index 5095d8c2d678c7526ae510d94ae65558516b4ed2..0d9bb0dcb9ad1e384b3d0b0059e8bebc7f65dd5b 100644 (file)
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@@ -188,7 +188,7 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
         return 1;
 
     case EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN:
-        *(int *)p2 = dctx->kdf_outlen;
+        *(int *)p2 = (int)dctx->kdf_outlen;
         return 1;
 
     case EVP_PKEY_CTRL_DH_KDF_UKM:
@@ -202,7 +202,7 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 
     case EVP_PKEY_CTRL_GET_DH_KDF_UKM:
         *(unsigned char **)p2 = dctx->kdf_ukm;
-        return dctx->kdf_ukmlen;
+        return (int)dctx->kdf_ukmlen;
 
     case EVP_PKEY_CTRL_DH_KDF_OID:
         ASN1_OBJECT_free(dctx->kdf_oid);

diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c
index 00ac18fdffea8a9d56175ff490d2503d394720e0..737d62479623799318f8cc0aea18af865b4c6c9d 100644 (file)
--- a/crypto/dsa/dsa_pmeth.c
+++ b/crypto/dsa/dsa_pmeth.c
@@ -96,7 +96,7 @@ static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
             return 0;
     }
 
-    ret = DSA_sign(0, tbs, tbslen, sig, &sltmp, dsa);
+    ret = DSA_sign(0, tbs, (int)tbslen, sig, &sltmp, dsa);
 
     if (ret <= 0)
         return ret;
@@ -125,7 +125,7 @@ static int pkey_dsa_verify(EVP_PKEY_CTX *ctx,
             return 0;
     }
 
-    ret = DSA_verify(0, tbs, tbslen, sig, siglen, dsa);
+    ret = DSA_verify(0, tbs, (int)tbslen, sig, (int)siglen, dsa);
 
     return ret;
 }

diff --git a/crypto/dso/dso_win32.c b/crypto/dso/dso_win32.c
index 085ddef9695be88225dacef52f7dea9d6f9b9000..21163d2c5f2694f935b70da2c26f5e94b7e1b00c 100644 (file)
--- a/crypto/dso/dso_win32.c
+++ b/crypto/dso/dso_win32.c
@@ -449,9 +449,9 @@ static char *win32_name_converter(DSO *dso, const char *filename)
                  (strstr(filename, ":") == NULL));
     /* If transform != 0, then we convert to %s.dll, else just dupe filename */
 
-    len = strlen(filename) + 1;
+    len = (int)strlen(filename) + 1;
     if (transform)
-        len += strlen(".dll");
+        len += (int)strlen(".dll");
     translated = OPENSSL_malloc(len);
     if (translated == NULL) {
         ERR_raise(ERR_LIB_DSO, DSO_R_NAME_TRANSLATION_FAILED);

diff --git a/crypto/ec/ec2_oct.c b/crypto/ec/ec2_oct.c
index 4ed6287562a7aecfc4ca7c83cda97429abb214da..eca6d750d5ee92e714043e0b9246f8d6842a8229 100644 (file)
--- a/crypto/ec/ec2_oct.c
+++ b/crypto/ec/ec2_oct.c
@@ -260,7 +260,7 @@ int ossl_ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
     point_conversion_form_t form;
     int y_bit, m;
     BIGNUM *x, *y, *yxi;
-    size_t field_len, enc_len;
+    int field_len, enc_len;
     int ret = 0;
 #ifndef FIPS_MODULE
     BN_CTX *new_ctx = NULL;
@@ -312,7 +312,7 @@ int ossl_ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
         (form ==
          POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len;
 
-    if (len != enc_len) {
+    if (len != (size_t)enc_len) {
         ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING);
         return 0;
     }

diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index ad28ba6827d4ec853bcc1e98489ef849de8f8cd2..ae1c982152c83e62580470b58e2aab205217b8e0 100644 (file)
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -412,8 +412,8 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
         return EC_KEY_oct2key(evp_pkey_get0_EC_KEY_int(pkey), arg2, arg1, NULL);
 
     case ASN1_PKEY_CTRL_GET1_TLS_ENCPT:
-        return EC_KEY_key2buf(EVP_PKEY_get0_EC_KEY(pkey),
-                              POINT_CONVERSION_UNCOMPRESSED, arg2, NULL);
+        return (int)EC_KEY_key2buf(EVP_PKEY_get0_EC_KEY(pkey),
+                                   POINT_CONVERSION_UNCOMPRESSED, arg2, NULL);
 
     default:
         return -2;

diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index 643d2d8d7b824bf9d0453be3c09d894c80bf8355..62bf672974ca7030a908d3c28e175bbcc3eba089 100644 (file)
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -312,7 +312,7 @@ static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve)
     int ok = 0;
     BIGNUM *tmp_1 = NULL, *tmp_2 = NULL;
     unsigned char *a_buf = NULL, *b_buf = NULL;
-    size_t len;
+    int len;
 
     if (!group || !curve || !curve->a || !curve->b)
         return 0;
@@ -333,7 +333,7 @@ static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve)
      * definition of Curve, C.1's definition of FieldElement, and 2.3.5's
      * definition of how to encode the field elements.
      */
-    len = ((size_t)EC_GROUP_get_degree(group) + 7) / 8;
+    len = (EC_GROUP_get_degree(group) + 7) / 8;
     if ((a_buf = OPENSSL_malloc(len)) == NULL
         || (b_buf = OPENSSL_malloc(len)) == NULL)
         goto err;
@@ -421,7 +421,7 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,
     form = EC_GROUP_get_point_conversion_form(group);
 
     len = EC_POINT_point2buf(group, point, form, &buffer, NULL);
-    if (len == 0) {
+    if (len == 0 || len > INT_MAX) {
         ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
         goto err;
     }
@@ -430,7 +430,7 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,
         ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB);
         goto err;
     }
-    ASN1_STRING_set0(ret->base, buffer, len);
+    ASN1_STRING_set0(ret->base, buffer, (int)len);
 
     /* set the order */
     tmp = EC_GROUP_get0_order(group);
@@ -1037,12 +1037,12 @@ int i2d_ECPrivateKey(const EC_KEY *a, unsigned char **out)
 
     privlen = EC_KEY_priv2buf(a, &priv);
 
-    if (privlen == 0) {
+    if (privlen == 0 || privlen > INT_MAX) {
         ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
         goto err;
     }
 
-    ASN1_STRING_set0(priv_key->privateKey, priv, privlen);
+    ASN1_STRING_set0(priv_key->privateKey, priv, (int)privlen);
     priv = NULL;
 
     if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS)) {
@@ -1063,13 +1063,13 @@ int i2d_ECPrivateKey(const EC_KEY *a, unsigned char **out)
 
         publen = EC_KEY_key2buf(a, a->conv_form, &pub, NULL);
 
-        if (publen == 0) {
+        if (publen == 0 || publen > INT_MAX) {
             ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
             goto err;
         }
 
         ossl_asn1_string_set_bits_left(priv_key->publicKey, 0);
-        ASN1_STRING_set0(priv_key->publicKey, pub, publen);
+        ASN1_STRING_set0(priv_key->publicKey, pub, (int)publen);
         pub = NULL;
     }
 
@@ -1164,9 +1164,13 @@ int i2o_ECPublicKey(const EC_KEY *a, unsigned char **out)
     buf_len = EC_POINT_point2oct(a->group, a->pub_key,
                                  a->conv_form, NULL, 0, NULL);
 
+    if (buf_len > INT_MAX) {
+        ERR_raise(ERR_LIB_EC, ERR_R_PASSED_INVALID_ARGUMENT);
+        return 0;
+    }
     if (out == NULL || buf_len == 0)
         /* out == NULL => just return the length of the octet string */
-        return buf_len;
+        return (int)buf_len;
 
     if (*out == NULL) {
         if ((*out = OPENSSL_malloc(buf_len)) == NULL)
@@ -1184,7 +1188,7 @@ int i2o_ECPublicKey(const EC_KEY *a, unsigned char **out)
     }
     if (!new_buffer)
         *out += buf_len;
-    return buf_len;
+    return (int)buf_len;
 }
 
 DECLARE_ASN1_FUNCTIONS(ECDSA_SIG)

diff --git a/crypto/ec/ec_deprecated.c b/crypto/ec/ec_deprecated.c
index 905b560638350e01523f2c13fafd78a260d65de7..20765c0b6f2104d8902a9fcc8474554eae43f691 100644 (file)
--- a/crypto/ec/ec_deprecated.c
+++ b/crypto/ec/ec_deprecated.c
@@ -28,10 +28,10 @@ BIGNUM *EC_POINT_point2bn(const EC_GROUP *group,
 
     buf_len = EC_POINT_point2buf(group, point, form, &buf, ctx);
 
-    if (buf_len == 0)
+    if (buf_len == 0 || buf_len > INT_MAX)
         return NULL;
 
-    ret = BN_bin2bn(buf, buf_len, ret);
+    ret = BN_bin2bn(buf, (int)buf_len, ret);
 
     OPENSSL_free(buf);
 
@@ -41,7 +41,7 @@ BIGNUM *EC_POINT_point2bn(const EC_GROUP *group,
 EC_POINT *EC_POINT_bn2point(const EC_GROUP *group,
                             const BIGNUM *bn, EC_POINT *point, BN_CTX *ctx)
 {
-    size_t buf_len = 0;
+    int buf_len = 0;
     unsigned char *buf;
     EC_POINT *ret;
 

diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index a3907ca5994dcf45065ba7832a45dcfa39fbbd00..8adc6e899611bf736fabab743659f7a07b91e2be 100644 (file)
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -1007,14 +1007,14 @@ size_t EC_KEY_priv2oct(const EC_KEY *eckey,
 size_t ossl_ec_key_simple_priv2oct(const EC_KEY *eckey,
                                    unsigned char *buf, size_t len)
 {
-    size_t buf_len;
+    int buf_len;
 
     buf_len = (EC_GROUP_order_bits(eckey->group) + 7) / 8;
     if (eckey->priv_key == NULL)
         return 0;
     if (buf == NULL)
         return buf_len;
-    else if (len < buf_len)
+    else if (len < (size_t)buf_len)
         return 0;
 
     /* Octetstring may need leading zeros if BN is to short */
@@ -1046,13 +1046,17 @@ int EC_KEY_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len)
 int ossl_ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf,
                                 size_t len)
 {
+    if (len > INT_MAX) {
+        ERR_raise(ERR_LIB_EC, ERR_R_PASSED_INVALID_ARGUMENT);
+        return 0;
+    }
     if (eckey->priv_key == NULL)
         eckey->priv_key = BN_secure_new();
     if (eckey->priv_key == NULL) {
         ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB);
         return 0;
     }
-    if (BN_bin2bn(buf, len, eckey->priv_key) == NULL) {
+    if (BN_bin2bn(buf, (int)len, eckey->priv_key) == NULL) {
         ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB);
         return 0;
     }

diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c
index 054a3333a78f163d2a43994748f91efbbd31f58b..b034a11ef451868c3d4450584f51e47dcdfb3c7f 100644 (file)
--- a/crypto/ec/ec_kmeth.c
+++ b/crypto/ec/ec_kmeth.c
@@ -171,7 +171,7 @@ int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
         memcpy(out, sec, outlen);
     }
     OPENSSL_clear_free(sec, seclen);
-    return outlen;
+    return (int)outlen;
 }
 
 EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth)

diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c
index e9092a6c9db433dd81bf0880fbf935a8bb52efff..c9ff0afe09e63b4e73e076180b15bb9fdb29664b 100644 (file)
--- a/crypto/ec/ec_mult.c
+++ b/crypto/ec/ec_mult.c
@@ -530,7 +530,7 @@ int ossl_ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
         num_val += (size_t)1 << (wsize[i] - 1);
         wNAF[i + 1] = NULL;     /* make sure we always have a pivot */
         wNAF[i] =
-            bn_compute_wNAF((i < num ? scalars[i] : scalar), wsize[i],
+            bn_compute_wNAF((i < num ? scalars[i] : scalar), (int)wsize[i],
                             &wNAF_len[i]);
         if (wNAF[i] == NULL)
             goto err;
@@ -560,7 +560,7 @@ int ossl_ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
              * use the window size for which we have precomputation
              */
             wsize[num] = pre_comp->w;
-            tmp_wNAF = bn_compute_wNAF(scalar, wsize[num], &tmp_len);
+            tmp_wNAF = bn_compute_wNAF(scalar, (int)wsize[num], &tmp_len);
             if (!tmp_wNAF)
                 goto err;
 
@@ -708,7 +708,9 @@ int ossl_ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
 
     r_is_at_infinity = 1;
 
-    for (k = max_len - 1; k >= 0; k--) {
+    if (max_len > INT_MAX)
+        goto err;
+    for (k = (int)(max_len - 1); k >= 0; k--) {
         if (!r_is_at_infinity) {
             if (!EC_POINT_dbl(group, r, r, ctx))
                 goto err;

diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c
index 716b1860bbf4cc57af8affc1280f5bea86397fd9..ab93009c741343220a6da436be1b08fce601ae9e 100644 (file)
--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
@@ -131,7 +131,7 @@ static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
 
     type = (dctx->md != NULL) ? EVP_MD_get_type(dctx->md) : NID_sha1;
 
-    ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec);
+    ret = ECDSA_sign(type, tbs, (int)tbslen, sig, &sltmp, ec);
 
     if (ret <= 0)
         return ret;
@@ -157,7 +157,7 @@ static int pkey_ec_verify(EVP_PKEY_CTX *ctx,
     else
         type = NID_sha1;
 
-    ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec);
+    ret = ECDSA_verify(type, tbs, (int)tbslen, sig, (int)siglen, ec);
 
     return ret;
 }
@@ -334,7 +334,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
         return 1;
 
     case EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN:
-        *(int *)p2 = dctx->kdf_outlen;
+        *(int *)p2 = (int)dctx->kdf_outlen;
         return 1;
 
     case EVP_PKEY_CTRL_EC_KDF_UKM:
@@ -348,7 +348,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 
     case EVP_PKEY_CTRL_GET_EC_KDF_UKM:
         *(unsigned char **)p2 = dctx->kdf_ukm;
-        return dctx->kdf_ukmlen;
+        return (int)dctx->kdf_ukmlen;
 
     case EVP_PKEY_CTRL_MD:
         if (EVP_MD_get_type((const EVP_MD *)p2) != NID_sha1 &&

diff --git a/crypto/ec/ecp_oct.c b/crypto/ec/ecp_oct.c
index 68943e521e8a808e6e04bf45e5e70b9c365145dd..18f4386caee0a4a321ff1196d2365d0efea4253d 100644 (file)
--- a/crypto/ec/ecp_oct.c
+++ b/crypto/ec/ecp_oct.c
@@ -279,7 +279,7 @@ int ossl_ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
     int y_bit;
     BN_CTX *new_ctx = NULL;
     BIGNUM *x, *y;
-    size_t field_len, enc_len;
+    int field_len, enc_len;
     int ret = 0;
 
     if (len == 0) {
@@ -314,7 +314,7 @@ int ossl_ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
         (form ==
          POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len;
 
-    if (len != enc_len) {
+    if (len != (size_t)enc_len) {
         ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING);
         return 0;
     }

diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c
index 6c445f9121b6fbaec35bbf501a213e01268ed2cc..531ff1c3df4be7599cbfd128790c2de1b0218481 100644 (file)
--- a/crypto/ec/ecx_meth.c
+++ b/crypto/ec/ecx_meth.c
@@ -265,7 +265,7 @@ static int ecx_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv,
     if (pkey->keymgmt != NULL)
         libctx = ossl_provider_libctx(EVP_KEYMGMT_get0_provider(pkey->keymgmt));
 
-    ecx = ossl_ecx_key_op(NULL, priv, len, pkey->ameth->pkey_id,
+    ecx = ossl_ecx_key_op(NULL, priv, (int)len, pkey->ameth->pkey_id,
                           KEY_OP_PRIVATE, libctx, NULL);
 
     if (ecx != NULL) {
@@ -283,7 +283,7 @@ static int ecx_set_pub_key(EVP_PKEY *pkey, const unsigned char *pub, size_t len)
     if (pkey->keymgmt != NULL)
         libctx = ossl_provider_libctx(EVP_KEYMGMT_get0_provider(pkey->keymgmt));
 
-    ecx = ossl_ecx_key_op(NULL, pub, len, pkey->ameth->pkey_id,
+    ecx = ossl_ecx_key_op(NULL, pub, (int)len, pkey->ameth->pkey_id,
                           KEY_OP_PUBLIC, libctx, NULL);
 
     if (ecx != NULL) {

diff --git a/crypto/encode_decode/decoder_lib.c b/crypto/encode_decode/decoder_lib.c
index dedfb24e569e2f1e8194411567372b322721a6dc..f0e29c1608e3715e62bdbc1c134c93d1f0003896 100644 (file)
--- a/crypto/encode_decode/decoder_lib.c
+++ b/crypto/encode_decode/decoder_lib.c
@@ -30,9 +30,9 @@ struct decoder_process_data_st {
     BIO *bio;
 
     /* Index of the current decoder instance to be processed */
-    size_t current_decoder_inst_index;
+    int current_decoder_inst_index;
     /* For tracing, count recursion level */
-    size_t recursion;
+    int recursion;
 
     /*-
      * Flags
@@ -419,8 +419,8 @@ struct collect_extra_decoder_data_st {
      * 1 to check that the decoder's input type differs from the decoder name
      */
     enum { IS_SAME = 0, IS_DIFFERENT = 1 } type_check;
-    size_t w_prev_start, w_prev_end; /* "previous" decoders */
-    size_t w_new_start, w_new_end;   /* "new" decoders */
+    int w_prev_start, w_prev_end; /* "previous" decoders */
+    int w_new_start, w_new_end;   /* "new" decoders */
 };
 
 DEFINE_STACK_OF(OSSL_DECODER)
@@ -437,7 +437,7 @@ static void collect_all_decoders(OSSL_DECODER *decoder, void *arg)
 static void collect_extra_decoder(OSSL_DECODER *decoder, void *arg)
 {
     struct collect_extra_decoder_data_st *data = arg;
-    size_t j;
+    int j;
     const OSSL_PROVIDER *prov = OSSL_DECODER_get0_provider(decoder);
     void *provctx = OSSL_PROVIDER_get0_provider_ctx(prov);
 
@@ -574,7 +574,7 @@ int OSSL_DECODER_CTX_add_extra(OSSL_DECODER_CTX *ctx,
     struct collect_extra_decoder_data_st data;
     size_t depth = 0; /* Counts the number of iterations */
     size_t count; /* Calculates how many were added in each iteration */
-    size_t numdecoders;
+    int numdecoders;
     STACK_OF(OSSL_DECODER) *skdecoders;
 
     if (!ossl_assert(ctx != NULL)) {
@@ -628,7 +628,7 @@ int OSSL_DECODER_CTX_add_extra(OSSL_DECODER_CTX *ctx,
     data.w_prev_start = 0;
     data.w_prev_end = sk_OSSL_DECODER_INSTANCE_num(ctx->decoder_insts);
     do {
-        size_t i, j;
+        int i, j;
 
         data.w_new_start = data.w_new_end = data.w_prev_end;
 
@@ -797,7 +797,7 @@ static int decoder_process(const OSSL_PARAM params[], void *arg)
     OSSL_CORE_BIO *cbio = NULL;
     BIO *bio = data->bio;
     long loc;
-    size_t i;
+    int i;
     int ok = 0;
     /* For recursions */
     struct decoder_process_data_st new_data;
@@ -817,7 +817,7 @@ static int decoder_process(const OSSL_PARAM params[], void *arg)
     new_data.recursion = data->recursion + 1;
 
 #define LEVEL_STR ">>>>>>>>>>>>>>>>"
-#define LEVEL (new_data.recursion < sizeof(LEVEL_STR)                   \
+#define LEVEL ((size_t)new_data.recursion < sizeof(LEVEL_STR)           \
                ? &LEVEL_STR[sizeof(LEVEL_STR) - new_data.recursion - 1] \
                : LEVEL_STR "...")
 

diff --git a/crypto/encode_decode/decoder_meth.c b/crypto/encode_decode/decoder_meth.c
index 85ab3b528673826e4a0ad514b63515f0f8299049..8043d7a0741a1f24eaf9e179ae8f3de3a376e862 100644 (file)
--- a/crypto/encode_decode/decoder_meth.c
+++ b/crypto/encode_decode/decoder_meth.c
@@ -641,8 +641,8 @@ int OSSL_DECODER_CTX_set_params(OSSL_DECODER_CTX *ctx,
                                 const OSSL_PARAM params[])
 {
     int ok = 1;
-    size_t i;
-    size_t l;
+    int i;
+    int l;
 
     if (!ossl_assert(ctx != NULL)) {
         ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);

diff --git a/crypto/encode_decode/encoder_meth.c b/crypto/encode_decode/encoder_meth.c
index e99eaecbfb393424f6c0fbdd7009c5a96e235b38..88b85611887abc12d18711d4cffcff25d5d6e505 100644 (file)
--- a/crypto/encode_decode/encoder_meth.c
+++ b/crypto/encode_decode/encoder_meth.c
@@ -625,8 +625,8 @@ int OSSL_ENCODER_CTX_set_params(OSSL_ENCODER_CTX *ctx,
                                 const OSSL_PARAM params[])
 {
     int ok = 1;
-    size_t i;
-    size_t l;
+    int i;
+    int l;
 
     if (!ossl_assert(ctx != NULL)) {
         ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER);

diff --git a/crypto/engine/eng_ctrl.c b/crypto/engine/eng_ctrl.c
index f1da9b23bb58ad0a16f12e42863aa9c25102d5db..cfc90c8ec43175c37af4f6b64759d90591683e50 100644 (file)
--- a/crypto/engine/eng_ctrl.c
+++ b/crypto/engine/eng_ctrl.c
@@ -108,15 +108,15 @@ static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p,
         cdp++;
         return int_ctrl_cmd_is_null(cdp) ? 0 : cdp->cmd_num;
     case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
-        return strlen(cdp->cmd_name);
+        return (int)strlen(cdp->cmd_name);
     case ENGINE_CTRL_GET_NAME_FROM_CMD:
-        return strlen(strcpy(s, cdp->cmd_name));
+        return (int)strlen(strcpy(s, cdp->cmd_name));
     case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
-        return strlen(cdp->cmd_desc == NULL ? int_no_description
-                                            : cdp->cmd_desc);
+        return (int)strlen(cdp->cmd_desc == NULL ? int_no_description
+                                                 : cdp->cmd_desc);
     case ENGINE_CTRL_GET_DESC_FROM_CMD:
-        return strlen(strcpy(s, cdp->cmd_desc == NULL ? int_no_description
-                                                      : cdp->cmd_desc));
+        return (int)strlen(strcpy(s, cdp->cmd_desc == NULL ? int_no_description
+                                                           : cdp->cmd_desc));
     case ENGINE_CTRL_GET_CMD_FLAGS:
         return cdp->cmd_flags;
     }

diff --git a/crypto/engine/tb_asnmth.c b/crypto/engine/tb_asnmth.c
index c74fc4700b4fba1a7a18a43ca79310d3b4587498..e9d21317f25c2faaf0ff896fa0fe71630f81a294 100644 (file)
--- a/crypto/engine/tb_asnmth.c
+++ b/crypto/engine/tb_asnmth.c
@@ -146,7 +146,7 @@ const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e,
     if (!e->pkey_asn1_meths)
         return NULL;
     if (len == -1)
-        len = strlen(str);
+        len = (int)strlen(str);
     nidcount = e->pkey_asn1_meths(e, NULL, &nids, 0);
     for (i = 0; i < nidcount; i++) {
         e->pkey_asn1_meths(e, &ameth, NULL, nids[i]);

diff --git a/crypto/err/err.c b/crypto/err/err.c
index 485e802f96a4479dc96f0d905ee52e27668a5424..167b66ed6bf99d9945375c80cc7e573004f24fec 100644 (file)
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -813,7 +813,8 @@ void ERR_add_error_data(int num, ...)
 
 void ERR_add_error_vdata(int num, va_list args)
 {
-    int i, len, size;
+    int i;
+    size_t len, size;
     int flags = ERR_TXT_MALLOCED | ERR_TXT_STRING;
     char *str, *arg;
     ERR_STATE *es;
@@ -865,7 +866,7 @@ void ERR_add_error_vdata(int num, va_list args)
             }
             str = p;
         }
-        OPENSSL_strlcat(str, arg, (size_t)size);
+        OPENSSL_strlcat(str, arg, size);
     }
     if (!err_set_error_data_int(str, size, flags, 0))
         OPENSSL_free(str);

diff --git a/crypto/err/err_prn.c b/crypto/err/err_prn.c
index 028811eedeee398918ee6fccf5d56d3ccc898e42..5efb033e1bb610bfe3841d47259d63be475ca0c8 100644 (file)
--- a/crypto/err/err_prn.c
+++ b/crypto/err/err_prn.c
@@ -35,9 +35,9 @@ void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u),
 
         hex = ossl_buf2hexstr_sep((const unsigned char *)&tid, sizeof(tid), '\0');
         BIO_snprintf(buf, sizeof(buf), "%s:", hex == NULL ? "<null>" : hex);
-        offset = strlen(buf);
+        offset = (int)strlen(buf);
         ossl_err_string_int(l, func, buf + offset, sizeof(buf) - offset);
-        offset += strlen(buf + offset);
+        offset += (int)strlen(buf + offset);
         BIO_snprintf(buf + offset, sizeof(buf) - offset, ":%s:%d:%s\n",
                      file, line, data);
         OPENSSL_free(hex);
@@ -165,7 +165,7 @@ void ERR_add_error_mem_bio(const char *separator, BIO *bio)
 
 static int print_bio(const char *str, size_t len, void *bp)
 {
-    return BIO_write((BIO *)bp, str, len);
+    return BIO_write((BIO *)bp, str, (int)len);
 }
 
 void ERR_print_errors(BIO *bp)

diff --git a/crypto/err/err_save.c b/crypto/err/err_save.c
index 1994c26ceef0c15cee128b3a63e09be55fb3fbce..b983b8334b373ebe8b38dcbeeed46a45b8b0f761 100644 (file)
--- a/crypto/err/err_save.c
+++ b/crypto/err/err_save.c
@@ -25,7 +25,7 @@ ERR_STATE *OSSL_ERR_STATE_new(void)
 
 void OSSL_ERR_STATE_save(ERR_STATE *es)
 {
-    size_t i;
+    int i;
     ERR_STATE *thread_es;
 
     if (es == NULL)
@@ -45,7 +45,7 @@ void OSSL_ERR_STATE_save(ERR_STATE *es)
 
 void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es)
 {
-    size_t i, j, count;
+    int i, j, count;
     int top;
     ERR_STATE *thread_es;
 
@@ -112,7 +112,7 @@ void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es)
 
 void OSSL_ERR_STATE_restore(const ERR_STATE *es)
 {
-    size_t i;
+    int i;
     ERR_STATE *thread_es;
 
     if (es == NULL || es->bottom == es->top)
@@ -122,8 +122,8 @@ void OSSL_ERR_STATE_restore(const ERR_STATE *es)
     if (thread_es == NULL)
         return;
 
-    for (i = (size_t)es->bottom; i != (size_t)es->top;) {
-        size_t top;
+    for (i = es->bottom; i != es->top;) {
+        int top;
 
         i = (i + 1) % ERR_NUM_ERRORS;
         if ((es->err_flags[i] & ERR_FLAG_CLEAR) != 0)

diff --git a/crypto/evp/bio_b64.c b/crypto/evp/bio_b64.c
index 7f15e21b52c4d7b54368571b1f261403d23cc79c..e4c0f54c7f68c6057cea82370543f5fd986b21eb 100644 (file)
--- a/crypto/evp/bio_b64.c
+++ b/crypto/evp/bio_b64.c
@@ -224,7 +224,7 @@ static int b64_read(BIO *b, char *out, int outl)
                     continue;
                 }
 
-                k = EVP_DecodeUpdate(ctx->base64, ctx->buf, &num, p, q - p);
+                k = EVP_DecodeUpdate(ctx->base64, ctx->buf, &num, p, (int)(q - p));
                 EVP_DecodeInit(ctx->base64);
                 if (k <= 0 && num == 0) {
                     p = q;
@@ -233,7 +233,7 @@ static int b64_read(BIO *b, char *out, int outl)
 
                 ctx->start = 0;
                 if (p != ctx->tmp) {
-                    i -= p - ctx->tmp;
+                    i -= (int)(p - ctx->tmp);
                     for (x = 0; x < i; x++)
                         ctx->tmp[x] = p[x];
                 }
@@ -254,7 +254,7 @@ static int b64_read(BIO *b, char *out, int outl)
                     }
                 } else if (p != q) {
                     /* Retain partial line at end of buffer */
-                    n = q - p;
+                    n = (int)(q - p);
                     for (ii = 0; ii < n; ii++)
                         ctx->tmp[ii] = p[ii];
                     ctx->tmp_len = n;
@@ -580,5 +580,9 @@ static long b64_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
 
 static int b64_puts(BIO *b, const char *str)
 {
-    return b64_write(b, str, strlen(str));
+    size_t len = strlen(str);
+
+    if (len > INT_MAX)
+        return -1;
+    return b64_write(b, str, (int)len);
 }

diff --git a/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c
index b0889fe0bb1c5a0a9cb49eb8c8e7483ac2159048..77a38d9e94dc97ffac1468fd068aba00f22a25bb 100644 (file)
--- a/crypto/evp/bio_enc.c
+++ b/crypto/evp/bio_enc.c
@@ -154,7 +154,7 @@ static int enc_read(BIO *b, char *out, int outl)
             if (i > 0)
                 ctx->read_end += i;
         } else {
-            i = ctx->read_end - ctx->read_start;
+            i = (int)(ctx->read_end - ctx->read_start);
         }
 
         if (i <= 0) {

diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c
index 20811ffded6f522b6c438ae8028b1a696dc6269c..864ebad6b71d15386a913541bce978776998a585 100644 (file)
--- a/crypto/evp/bio_ok.c
+++ b/crypto/evp/bio_ok.c
@@ -184,7 +184,7 @@ static int ok_read(BIO *b, char *out, int outl)
 
         /* copy clean bytes to output buffer */
         if (ctx->blockout) {
-            i = ctx->buf_len - ctx->buf_off;
+            i = (int)(ctx->buf_len - ctx->buf_off);
             if (i > outl)
                 i = outl;
             memcpy(out, &(ctx->buf[ctx->buf_off]), i);
@@ -216,7 +216,7 @@ static int ok_read(BIO *b, char *out, int outl)
             break;
 
         /* no clean bytes in buffer -- fill it */
-        n = IOBS - ctx->buf_len;
+        n = (int)(IOBS - ctx->buf_len);
         i = BIO_read(next, &(ctx->buf[ctx->buf_len]), n);
 
         if (i <= 0)
@@ -272,7 +272,7 @@ static int ok_write(BIO *b, const char *in, int inl)
 
     do {
         BIO_clear_retry_flags(b);
-        n = ctx->buf_len - ctx->buf_off;
+        n = (int)(ctx->buf_len - ctx->buf_off);
         while (ctx->blockout && n > 0) {
             i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n);
             if (i <= 0) {
@@ -348,7 +348,7 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
         break;
     case BIO_CTRL_PENDING:     /* More to read in buffer */
     case BIO_CTRL_WPENDING:    /* More to read in buffer */
-        ret = ctx->blockout ? ctx->buf_len - ctx->buf_off : 0;
+        ret = ctx->blockout ? (long)(ctx->buf_len - ctx->buf_off) : 0;
         if (ret <= 0)
             ret = BIO_ctrl(next, cmd, num, ptr);
         break;
@@ -538,7 +538,7 @@ static int block_out(BIO *b)
     if (md_size <= 0)
         goto berr;
 
-    tl = ctx->buf_len - OK_BLOCK_BLOCK;
+    tl = (unsigned long)(ctx->buf_len - OK_BLOCK_BLOCK);
     ctx->buf[0] = (unsigned char)(tl >> 24);
     ctx->buf[1] = (unsigned char)(tl >> 16);
     ctx->buf[2] = (unsigned char)(tl >> 8);

diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c
index 1d1f571d35c8bbfb53a04da76eb327dd6189a007..015fab1f4380da057ed24be8f4312e65b8c6e1a2 100644 (file)
--- a/crypto/evp/ctrl_params_translate.c
+++ b/crypto/evp/ctrl_params_translate.c
@@ -465,7 +465,8 @@ static int default_fixup_args(enum state state,
                          = OPENSSL_malloc(ctx->buflen)) == NULL)
                         return 0;
                     if (BN_bn2nativepad(ctx->p2,
-                                         ctx->allocated_buf, ctx->buflen) < 0) {
+                                        ctx->allocated_buf,
+                                        (int)ctx->buflen) < 0) {
                         OPENSSL_free(ctx->allocated_buf);
                         ctx->allocated_buf = NULL;
                         return 0;
@@ -774,10 +775,10 @@ static int fix_cipher_md(enum state state,
         ctx->p2 = (char *)(ctx->p2 == NULL
                            ? OBJ_nid2sn(ctx->p1)
                            : get_name(ctx->p2));
-        ctx->p1 = strlen(ctx->p2);
+        ctx->p1 = (int)strlen(ctx->p2);
     } else if (state == POST_PARAMS_TO_CTRL && ctx->action_type == OSSL_ACTION_GET) {
         ctx->p2 = (ctx->p2 == NULL ? "" : (char *)get_name(ctx->p2));
-        ctx->p1 = strlen(ctx->p2);
+        ctx->p1 = (int)strlen(ctx->p2);
     }
 
     if ((ret = default_fixup_args(state, translation, ctx)) <= 0)
@@ -895,7 +896,7 @@ static int fix_kdf_type(enum state state,
             }
         if (ret <= 0)
             goto end;
-        ctx->p1 = strlen(ctx->p2);
+        ctx->p1 = (int)strlen(ctx->p2);
     }
 
     if ((ret = default_fixup_args(state, translation, ctx)) <= 0)
@@ -1081,7 +1082,7 @@ static int fix_dh_paramgen_type(enum state state,
             ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE);
             return 0;
         }
-        ctx->p1 = strlen(ctx->p2);
+        ctx->p1 = (int)strlen(ctx->p2);
     }
 
     return default_fixup_args(state, translation, ctx);
@@ -1338,7 +1339,7 @@ static int fix_rsa_padding_mode(enum state state,
             return -2;
         }
         ctx->p2 = str_value_map[i].ptr;
-        ctx->p1 = strlen(ctx->p2);
+        ctx->p1 = (int)strlen(ctx->p2);
     }
 
     if ((ret = default_fixup_args(state, translation, ctx)) <= 0)
@@ -1417,7 +1418,7 @@ static int fix_rsa_pss_saltlen(enum state state,
             ctx->name_buf[sizeof(ctx->name_buf) - 1] = '\0';
         }
         ctx->p2 = ctx->name_buf;
-        ctx->p1 = strlen(ctx->p2);
+        ctx->p1 = (int)strlen(ctx->p2);
     }
 
     if ((ret = default_fixup_args(state, translation, ctx)) <= 0)
@@ -1476,7 +1477,7 @@ static int fix_hkdf_mode(enum state state,
         if (i == OSSL_NELEM(str_value_map))
             return 0;
         ctx->p2 = str_value_map[i].ptr;
-        ctx->p1 = strlen(ctx->p2);
+        ctx->p1 = (int)strlen(ctx->p2);
     }
 
     if ((ret = default_fixup_args(state, translation, ctx)) <= 0)
@@ -1561,7 +1562,7 @@ static int get_payload_group_name(enum state state,
     if (ctx->p2 == NULL)
         return 1;
 
-    ctx->p1 = strlen(ctx->p2);
+    ctx->p1 = (int)strlen(ctx->p2);
     return default_fixup_args(state, translation, ctx);
 }
 

diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index 6fc201bcfe25be9f214186b40bb9b5abf50f1924..20311a610c2e0da56cdd2876650bfa8cc6057f5b 100644 (file)
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -485,7 +485,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *isize)
     OPENSSL_assert(mdsize <= EVP_MAX_MD_SIZE);
     ret = ctx->digest->final(ctx, md);
     if (isize != NULL)
-        *isize = mdsize;
+        *isize = (unsigned int)mdsize;
     if (ctx->digest->cleanup) {
         ctx->digest->cleanup(ctx);
         EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);

diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 10abb7d52cfad15f5debd809005ee64a13688b90..fa9504dad96ef4bdfc680819e0ea15c76f84586e 100644 (file)
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -2951,7 +2951,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         out += len;
         /* Finally write tag */
         CRYPTO_gcm128_tag(&gctx->gcm, out, EVP_GCM_TLS_TAG_LEN);
-        rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+        rv = (int)(len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN);
     } else {
         /* Decrypt */
         if (gctx->ctr) {
@@ -2998,7 +2998,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
             OPENSSL_cleanse(out, len);
             goto err;
         }
-        rv = len;
+        rv = (int)len;
     }
 
  err:
@@ -3155,7 +3155,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                     return -1;
             }
         }
-        return len;
+        return (int)len;
     } else {
         if (!EVP_CIPHER_CTX_is_encrypting(ctx)) {
             if (gctx->taglen < 0)
@@ -3559,7 +3559,7 @@ static int aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
             return -1;
         if (!CRYPTO_ccm128_tag(ccm, out + len, cctx->M))
             return -1;
-        return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M;
+        return (int)(len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M);
     } else {
         if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len,
                                                      cctx->str) :
@@ -3567,7 +3567,7 @@ static int aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
             unsigned char tag[16];
             if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
                 if (!CRYPTO_memcmp(tag, in + len, cctx->M))
-                    return len;
+                    return (int)len;
             }
         }
         OPENSSL_cleanse(out, len);
@@ -3600,13 +3600,13 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                     15 - cctx->L, len))
                 return -1;
             cctx->len_set = 1;
-            return len;
+            return (int)len;
         }
         /* If have AAD need message length */
         if (!cctx->len_set && len)
             return -1;
         CRYPTO_ccm128_aad(ccm, in, len);
-        return len;
+        return (int)len;
     }
 
     /* The tag must be set before actually decrypting data */
@@ -3625,7 +3625,7 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
             CRYPTO_ccm128_encrypt(ccm, in, out, len))
             return -1;
         cctx->tag_set = 1;
-        return len;
+        return (int)len;
     } else {
         int rv = -1;
         if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len,
@@ -3635,7 +3635,7 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
             if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
                 if (!CRYPTO_memcmp(tag, EVP_CIPHER_CTX_buf_noconst(ctx),
                                    cctx->M))
-                    rv = len;
+                    rv = (int)len;
             }
         }
         if (rv == -1)
@@ -3715,7 +3715,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     /* If not padding input must be multiple of 8 */
     if (!pad && inlen & 0x7)
         return -1;
-    if (ossl_is_partially_overlapping(out, in, inlen)) {
+    if (ossl_is_partially_overlapping(out, in, (int)inlen)) {
         ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING);
         return 0;
     }
@@ -3725,14 +3725,14 @@ static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
             if (pad)
                 inlen = (inlen + 7) / 8 * 8;
             /* 8 byte prefix */
-            return inlen + 8;
+            return (int)(inlen + 8);
         } else {
             /*
              * If not padding output will be exactly 8 bytes smaller than
              * input. If padding it will be at least 8 bytes smaller but we
              * don't know how much.
              */
-            return inlen - 8;
+            return (int)(inlen - 8);
         }
     }
     if (pad) {
@@ -4021,7 +4021,7 @@ static int aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
             buf = octx->data_buf;
             buf_len = &(octx->data_buf_len);
 
-            if (ossl_is_partially_overlapping(out + *buf_len, in, len)) {
+            if (ossl_is_partially_overlapping(out + *buf_len, in, (int)len)) {
                 ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING);
                 return 0;
             }
@@ -4037,7 +4037,7 @@ static int aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
             remaining = AES_BLOCK_SIZE - (*buf_len);
             if (remaining > len) {
                 memcpy(buf + (*buf_len), in, len);
-                *(buf_len) += len;
+                *(buf_len) += (int)len;
                 return 0;
             }
             memcpy(buf + (*buf_len), in, remaining);
@@ -4084,14 +4084,14 @@ static int aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                     (&octx->ocb, in, out, len - trailing_len))
                     return -1;
             }
-            written_len += len - trailing_len;
+            written_len += (int)(len - trailing_len);
             in += len - trailing_len;
         }
 
         /* Handle any trailing partial block */
         if (trailing_len > 0) {
             memcpy(buf, in, trailing_len);
-            *buf_len = trailing_len;
+            *buf_len = (int)trailing_len;
         }
 
         return written_len;

diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
index 8843c8ae119f52720daad88e614a294dec3610d2..3b8c5fb4797baa0ddce828e097080810e30a45a4 100644 (file)
--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -122,8 +122,8 @@ static void sha1_update(SHA_CTX *c, const void *data, size_t len)
         sha1_block_data_order(c, ptr, len / SHA_CBLOCK);
 
         ptr += len;
-        c->Nh += len >> 29;
-        c->Nl += len <<= 3;
+        c->Nh += (unsigned int)(len >> 29);
+        c->Nl += (unsigned int)(len <<= 3);
         if (c->Nl < (unsigned int)len)
             c->Nh++;
     }
@@ -445,8 +445,8 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
             blocks *= SHA_CBLOCK;
             aes_off += blocks;
             sha_off += blocks;
-            key->md.Nh += blocks >> 29;
-            key->md.Nl += blocks <<= 3;
+            key->md.Nh += (unsigned int)(blocks >> 29);
+            key->md.Nl += (unsigned int)(blocks <<= 3);
             if (key->md.Nl < (unsigned int)blocks)
                 key->md.Nh++;
         } else {
@@ -468,7 +468,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
             /* pad the payload|hmac */
             plen += SHA_DIGEST_LENGTH;
-            for (l = len - plen - 1; plen < len; plen++)
+            for (l = (unsigned int)(len - plen - 1); plen < len; plen++)
                 out[plen] = l;
             /* encrypt HMAC|padding at once */
             aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off,
@@ -536,7 +536,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
             /* figure out payload length */
             pad = out[len - 1];
-            maxpad = len - (SHA_DIGEST_LENGTH + 1);
+            maxpad = (unsigned int)(len - (SHA_DIGEST_LENGTH + 1));
             maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
             maxpad &= 255;
 
@@ -548,12 +548,12 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
              * we'll use the maxpad value instead of the supplied pad to make
              * sure we perform well defined pointer arithmetic.
              */
-            pad = constant_time_select(mask, pad, maxpad);
+            pad = constant_time_select((unsigned int)mask, pad, maxpad);
 
             inp_len = len - (SHA_DIGEST_LENGTH + pad + 1);
 
-            key->aux.tls_aad[plen - 2] = inp_len >> 8;
-            key->aux.tls_aad[plen - 1] = inp_len;
+            key->aux.tls_aad[plen - 2] = (unsigned char)(inp_len >> 8);
+            key->aux.tls_aad[plen - 1] = (unsigned char)inp_len;
 
             /* calculate HMAC */
             key->md = key->head;
@@ -594,7 +594,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
             }
 
             /* but pretend as if we hashed padded payload */
-            bitlen = key->md.Nl + (inp_len << 3); /* at most 18 bits */
+            bitlen = key->md.Nl + (unsigned int)(inp_len << 3); /* at most 18 bits */
 #  ifdef BSWAP4
             bitlen = BSWAP4(bitlen);
 #  else
@@ -869,7 +869,7 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
                     if (inp_len >= 8192 && OPENSSL_ia32cap_P[2] & (1 << 5))
                         n4x = 2; /* AVX2 */
                 } else if ((n4x = param->interleave / 4) && n4x <= 2)
-                    inp_len = param->len;
+                    inp_len = (unsigned int)param->len;
                 else
                     return -1;
 

diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c
index 3a5f757dbff372d0361a3d70eb761a321f2f8ff0..8edcbf799a6edb386f99c3b319f7e2a452afed35 100644 (file)
--- a/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -116,8 +116,8 @@ static void sha256_update(SHA256_CTX *c, const void *data, size_t len)
         sha256_block_data_order(c, ptr, len / SHA256_CBLOCK);
 
         ptr += len;
-        c->Nh += len >> 29;
-        c->Nl += len <<= 3;
+        c->Nh += (unsigned int)(len >> 29);
+        c->Nl += (unsigned int)(len <<= 3);
         if (c->Nl < (unsigned int)len)
             c->Nh++;
     }
@@ -473,8 +473,8 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
             blocks *= SHA256_CBLOCK;
             aes_off += blocks;
             sha_off += blocks;
-            key->md.Nh += blocks >> 29;
-            key->md.Nl += blocks <<= 3;
+            key->md.Nh += (unsigned int)(blocks >> 29);
+            key->md.Nl += (unsigned int)(blocks <<= 3);
             if (key->md.Nl < (unsigned int)blocks)
                 key->md.Nh++;
         } else {
@@ -496,7 +496,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
 
             /* pad the payload|hmac */
             plen += SHA256_DIGEST_LENGTH;
-            for (l = len - plen - 1; plen < len; plen++)
+            for (l = (unsigned int)(len - plen - 1); plen < len; plen++)
                 out[plen] = l;
             /* encrypt HMAC|padding at once */
             aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off,
@@ -540,7 +540,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
 
             /* figure out payload length */
             pad = out[len - 1];
-            maxpad = len - (SHA256_DIGEST_LENGTH + 1);
+            maxpad = (unsigned int)(len - (SHA256_DIGEST_LENGTH + 1));
             maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
             maxpad &= 255;
 
@@ -552,12 +552,12 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
              * we'll use the maxpad value instead of the supplied pad to make
              * sure we perform well defined pointer arithmetic.
              */
-            pad = constant_time_select(mask, pad, maxpad);
+            pad = constant_time_select((unsigned int)mask, pad, maxpad);
 
             inp_len = len - (SHA256_DIGEST_LENGTH + pad + 1);
 
-            key->aux.tls_aad[plen - 2] = inp_len >> 8;
-            key->aux.tls_aad[plen - 1] = inp_len;
+            key->aux.tls_aad[plen - 2] = (unsigned char)(inp_len >> 8);
+            key->aux.tls_aad[plen - 1] = (unsigned char)inp_len;
 
             /* calculate HMAC */
             key->md = key->head;
@@ -575,7 +575,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
             }
 
             /* but pretend as if we hashed padded payload */
-            bitlen = key->md.Nl + (inp_len << 3); /* at most 18 bits */
+            bitlen = key->md.Nl + (unsigned int)(inp_len << 3); /* at most 18 bits */
 #  ifdef BSWAP4
             bitlen = BSWAP4(bitlen);
 #  else
@@ -846,7 +846,7 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
                     if (inp_len >= 8192 && OPENSSL_ia32cap_P[2] & (1 << 5))
                         n4x = 2; /* AVX2 */
                 } else if ((n4x = param->interleave / 4) && n4x <= 2)
-                    inp_len = param->len;
+                    inp_len = (unsigned int)param->len;
                 else
                     return -1;
 

diff --git a/crypto/evp/e_aria.c b/crypto/evp/e_aria.c
index 5a894fbb9be2cd8abc9b4abbc4e847c0006748ba..317808cf736b092f621ee203158f210e1a6067ef 100644 (file)
--- a/crypto/evp/e_aria.c
+++ b/crypto/evp/e_aria.c
@@ -428,7 +428,7 @@ static int aria_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         out += len;
         /* Finally write tag */
         CRYPTO_gcm128_tag(&gctx->gcm, out, EVP_GCM_TLS_TAG_LEN);
-        rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+        rv = (int)(len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN);
     } else {
         /* Decrypt */
         if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len))
@@ -442,7 +442,7 @@ static int aria_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
             OPENSSL_cleanse(out, len);
             goto err;
         }
-        rv = len;
+        rv = (int)len;
     }
 
  err:
@@ -476,7 +476,7 @@ static int aria_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
             if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len))
                 return -1;
         }
-        return len;
+        return (int)len;
     }
     if (!EVP_CIPHER_CTX_is_encrypting(ctx)) {
         if (gctx->taglen < 0)
@@ -667,14 +667,14 @@ static int aria_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
             return -1;
         if (!CRYPTO_ccm128_tag(ccm, out + len, cctx->M))
             return -1;
-        return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M;
+        return (int)(len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M);
     } else {
         if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, cctx->str)
                       : !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
             unsigned char tag[16];
             if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
                 if (!CRYPTO_memcmp(tag, in + len, cctx->M))
-                    return len;
+                    return (int)len;
             }
         }
         OPENSSL_cleanse(out, len);
@@ -707,13 +707,13 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
             if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len))
                 return -1;
             cctx->len_set = 1;
-            return len;
+            return (int)len;
         }
         /* If have AAD need message length */
         if (!cctx->len_set && len)
             return -1;
         CRYPTO_ccm128_aad(ccm, in, len);
-        return len;
+        return (int)len;
     }
 
     /* The tag must be set before actually decrypting data */
@@ -731,7 +731,7 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                       : CRYPTO_ccm128_encrypt(ccm, in, out, len))
             return -1;
         cctx->tag_set = 1;
-        return len;
+        return (int)len;
     } else {
         int rv = -1;
         if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len,
@@ -741,7 +741,7 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
             if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
                 if (!CRYPTO_memcmp(tag, EVP_CIPHER_CTX_buf_noconst(ctx),
                                    cctx->M))
-                    rv = len;
+                    rv = (int)len;
             }
         }
         if (rv == -1)

diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c
index 731c1a1dc70c8f1ab362c38913e780089060c39b..fd012e4cee6c4070f46889fa1778b56f48296037 100644 (file)
--- a/crypto/evp/e_chacha20_poly1305.c
+++ b/crypto/evp/e_chacha20_poly1305.c
@@ -355,7 +355,7 @@ static int chacha20_poly1305_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         }
     }
 
-    return len;
+    return (int)len;
 }
 #  else
 static const unsigned char zero[CHACHA_BLK_SIZE] = { 0 };
@@ -393,7 +393,7 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
             Poly1305_Update(POLY1305_ctx(actx), in, len);
             actx->len.aad += len;
             actx->aad = 1;
-            return len;
+            return (int)len;
         } else {                                /* plain- or ciphertext */
             if (actx->aad) {                    /* wrap up aad */
                 if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE))
@@ -482,7 +482,7 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                 return -1;
         }
     }
-    return len;
+    return (int)len;
 }
 
 static int chacha20_poly1305_cleanup(EVP_CIPHER_CTX *ctx)

diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
index 8fdf17cdc0d1b35f956d4dcb9dfea523d78fc6b2..cb8050c23bc4844e45a2d958a6f489525bbe1240 100644 (file)
--- a/crypto/evp/e_des3.c
+++ b/crypto/evp/e_des3.c
@@ -321,10 +321,11 @@ static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
 {
     unsigned char icv[8], iv[8], sha1tmp[SHA_DIGEST_LENGTH];
     int rv = -1;
+
     if (inl < 24)
         return -1;
     if (out == NULL)
-        return inl - 16;
+        return (int)(inl - 16);
     memcpy(ctx->iv, wrap_iv, 8);
     /* Decrypt first block which will end up as icv */
     des_ede_cbc_cipher(ctx, icv, in, 8);
@@ -349,7 +350,7 @@ static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
     des_ede_cbc_cipher(ctx, icv, icv, 8);
     if (ossl_sha1(out, inl - 16, sha1tmp)  /* Work out hash of first portion */
             && CRYPTO_memcmp(sha1tmp, icv, 8) == 0)
-        rv = inl - 16;
+        rv = (int)(inl - 16);
     OPENSSL_cleanse(icv, 8);
     OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
     OPENSSL_cleanse(iv, 8);
@@ -365,7 +366,7 @@ static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
 {
     unsigned char sha1tmp[SHA_DIGEST_LENGTH];
     if (out == NULL)
-        return inl + 16;
+        return (int)(inl + 16);
     /* Copy input to output buffer + 8 so we have space for IV */
     memmove(out + 8, in, inl);
     /* Work out ICV */
@@ -382,7 +383,7 @@ static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
     BUF_reverse(out, NULL, inl + 16);
     memcpy(ctx->iv, wrap_iv, 8);
     des_ede_cbc_cipher(ctx, out, out, inl + 16);
-    return inl + 16;
+    return (int)(inl + 16);
 }
 
 static int des_ede3_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
@@ -396,7 +397,7 @@ static int des_ede3_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     if (inl >= EVP_MAXCHUNK || inl % 8)
         return -1;
 
-    if (ossl_is_partially_overlapping(out, in, inl)) {
+    if (ossl_is_partially_overlapping(out, in, (int)inl)) {
         ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING);
         return 0;
     }

diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c
index 183ecefcec6522dff58abb2f6db439d5879614bb..d64ba8ead260748b056d8de82644b56cfc1a6269 100644 (file)
--- a/crypto/evp/e_rc4_hmac_md5.c
+++ b/crypto/evp/e_rc4_hmac_md5.c
@@ -106,8 +106,8 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
             blocks *= MD5_CBLOCK;
             rc4_off += blocks;
             md5_off += blocks;
-            key->md.Nh += blocks >> 29;
-            key->md.Nl += blocks <<= 3;
+            key->md.Nh += (unsigned int)(blocks >> 29);
+            key->md.Nl += (unsigned int)(blocks <<= 3);
             if (key->md.Nl < (unsigned int)blocks)
                 key->md.Nh++;
         } else {
@@ -154,7 +154,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
             if (l < key->md.Nl)
                 key->md.Nh++;
             key->md.Nl = l;
-            key->md.Nh += blocks >> 29;
+            key->md.Nh += (unsigned int)(blocks >> 29);
         } else {
             md5_off = 0;
             rc4_off = 0;

diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c
index 9bbb9b43aa4203de07b018f524d8763d0dd87051..7b2680db34abf9171075d62ff9f53b764c9474c8 100644 (file)
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@@ -209,7 +209,7 @@ int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
     if (inl != 0)
         memcpy(&(ctx->enc_data[0]), in, inl);
     ctx->num = inl;
-    *outl = total;
+    *outl = (int)total;
 
     return 1;
 }

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index eee00a07800d5845c4af37222c318701d445dd35..bcc507edfdc812200c0f8a0dbdb76dcd5044be2f 100644 (file)
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -1014,11 +1014,11 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
                                in, inl_);
 
     if (ossl_likely(ret)) {
-        if (soutl > INT_MAX) {
+        if (ossl_unlikely(soutl > INT_MAX)) {
             ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
             return 0;
         }
-        *outl = soutl;
+        *outl = (int)soutl;
     }
 
     return ret;
@@ -1078,7 +1078,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
             ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
             return 0;
         }
-        *outl = soutl;
+        *outl = (int)soutl;
     }
 
     return ret;
@@ -1161,11 +1161,11 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
                                in, inl_);
 
     if (ossl_likely(ret)) {
-        if (soutl > INT_MAX) {
+        if (ossl_unlikely(soutl > INT_MAX)) {
             ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
             return 0;
         }
-        *outl = soutl;
+        *outl = (int)soutl;
     }
 
     return ret;
@@ -1300,7 +1300,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
             ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
             return 0;
         }
-        *outl = soutl;
+        *outl = (int)soutl;
     }
 
     return ret;
@@ -1534,7 +1534,9 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
         ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
         if (ret <= 0)
             goto end;
-        return sz;
+        if (sz > INT_MAX)
+            return 0;
+        return (int)sz;
 #ifndef OPENSSL_NO_RC2
     case EVP_CTRL_GET_RC2_KEY_BITS:
         set_params = 0; /* Fall thru */
@@ -1554,9 +1556,9 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
                 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE, &sz);
         params[1] = OSSL_PARAM_construct_end();
         ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
-        if (ret <= 0)
+        if (ret <= 0 || sz > INT_MAX)
             return 0;
-        return sz;
+        return (int)sz;
     case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD: {
         EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *p =
             (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *)ptr;
@@ -1578,9 +1580,9 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
                 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, &p->interleave);
         params[2] = OSSL_PARAM_construct_end();
         ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
-        if (ret <= 0)
+        if (ret <= 0 || sz > INT_MAX)
             return 0;
-        return sz;
+        return (int)sz;
     }
     case EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT: {
         EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *p =
@@ -1601,9 +1603,9 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
                         OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN, &sz);
         params[1] = OSSL_PARAM_construct_end();
         ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
-        if (ret <= 0)
+        if (ret <= 0 || sz > INT_MAX)
             return 0;
-        return sz;
+        return (int)sz;
     }
 #endif /* OPENSSL_NO_MULTIBLOCK */
     case EVP_CTRL_AEAD_SET_MAC_KEY:

diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index 6c44b845c99637d276814ce3a4dcefd39cf8d0e0..c99d847974f1a121e1ef9dbf9d34a6583bb3757a 100644 (file)
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -344,9 +344,9 @@ int evp_cipher_cache_constants(EVP_CIPHER *cipher)
     params[10] = OSSL_PARAM_construct_end();
     ok = evp_do_ciph_getparams(cipher, params) > 0;
     if (ok) {
-        cipher->block_size = blksz;
-        cipher->iv_len = ivlen;
-        cipher->key_len = keylen;
+        cipher->block_size = (int)blksz;
+        cipher->iv_len = (int)ivlen;
+        cipher->key_len = (int)keylen;
         cipher->flags = mode;
         if (aead)
             cipher->flags |= EVP_CIPH_FLAG_AEAD_CIPHER;
@@ -1057,10 +1057,10 @@ int EVP_MD_CTX_get_size_ex(const EVP_MD_CTX *ctx)
          */
         params[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_SIZE, &sz);
         if (EVP_MD_CTX_get_params(c, params) != 1
-                || sz == SIZE_MAX
+                || sz > INT_MAX
                 || sz == 0)
             return -1;
-        return sz;
+        return (int)sz;
     }
     /* Normal digests have a constant fixed size output */
     return EVP_MD_get_size(EVP_MD_CTX_get0_md(ctx));
@@ -1361,7 +1361,7 @@ int EVP_CIPHER_CTX_get_algor(EVP_CIPHER_CTX *ctx, X509_ALGOR **alg)
         ret = -2;
         goto err;
     }
-    if (alg != NULL) {
+    if (alg != NULL && aid_len <= LONG_MAX) {
         unsigned char *aid = NULL;
         const unsigned char *pp = NULL;
 
@@ -1370,7 +1370,7 @@ int EVP_CIPHER_CTX_get_algor(EVP_CIPHER_CTX *ctx, X509_ALGOR **alg)
             pp = aid;
             if (EVP_CIPHER_CTX_get_params(ctx, params)
                 && OSSL_PARAM_modified(&params[0])
-                && d2i_X509_ALGOR(alg, &pp, aid_len) != NULL)
+                && d2i_X509_ALGOR(alg, &pp, (long)aid_len) != NULL)
                 ret = 1;
         }
         OPENSSL_free(aid);
@@ -1436,6 +1436,7 @@ int EVP_PKEY_CTX_get_algor_params(EVP_PKEY_CTX *ctx, X509_ALGOR *alg)
     if (OSSL_PARAM_modified(&params[0])
         /* ... but, we should get a return size too! */
         && derl != 0
+        && derl <= LONG_MAX
         && (der = OPENSSL_malloc(derl)) != NULL) {
         unsigned char *derp = der;
 
@@ -1443,7 +1444,7 @@ int EVP_PKEY_CTX_get_algor_params(EVP_PKEY_CTX *ctx, X509_ALGOR *alg)
         if (EVP_PKEY_CTX_get_params(ctx, params)
             && OSSL_PARAM_modified(&params[0])
             && d2i_ASN1_TYPE(&type, (const unsigned char **)&derp,
-                             derl) != NULL) {
+                             (long)derl) != NULL) {
             /*
              * Don't free alg->parameter, see comment further up.
              * Worst case, alg->parameter gets assigned its own value.
@@ -1477,7 +1478,7 @@ int EVP_PKEY_CTX_get_algor(EVP_PKEY_CTX *ctx, X509_ALGOR **alg)
         ret = -2;
         goto err;
     }
-    if (alg != NULL) {
+    if (alg != NULL && aid_len <= LONG_MAX) {
         unsigned char *aid = NULL;
         const unsigned char *pp = NULL;
 
@@ -1486,7 +1487,7 @@ int EVP_PKEY_CTX_get_algor(EVP_PKEY_CTX *ctx, X509_ALGOR **alg)
             pp = aid;
             if (EVP_PKEY_CTX_get_params(ctx, params)
                 && OSSL_PARAM_modified(&params[0])
-                && d2i_X509_ALGOR(alg, &pp, aid_len) != NULL)
+                && d2i_X509_ALGOR(alg, &pp, (long)aid_len) != NULL)
                 ret = 1;
         }
         OPENSSL_free(aid);

diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c
index 5478dfcd3b6dbfc09ed264741f22939f06b76e28..101b32a771198e5c1d50661a80073f399774f018 100644 (file)
--- a/crypto/evp/evp_pbe.c
+++ b/crypto/evp/evp_pbe.c
@@ -122,7 +122,7 @@ int EVP_PBE_CipherInit_ex(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
     if (pass == NULL)
         passlen = 0;
     else if (passlen == -1)
-        passlen = strlen(pass);
+        passlen = (int)strlen(pass);
 
     if (cipher_nid != -1) {
         (void)ERR_set_mark();

diff --git a/crypto/evp/evp_rand.c b/crypto/evp/evp_rand.c
index 37c519592f00b50c0f294d13d5b0869257b15ba1..45d46db7341422eb1342e7c6f4de0a1cb172f19b 100644 (file)
--- a/crypto/evp/evp_rand.c
+++ b/crypto/evp/evp_rand.c
@@ -723,7 +723,7 @@ size_t evp_rand_get_seed(EVP_RAND_CTX *ctx,
                          int prediction_resistance,
                          const unsigned char *adin, size_t adin_len)
 {
-    int res;
+    size_t res;
 
     if (!evp_rand_lock(ctx))
         return 0;

diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index d5df497da77014ef9f676413e57709f07ac602ad..b24a7451df4c4adee646ba0ad9be83bff67fd6f1 100644 (file)
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -717,7 +717,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
         vctx = 0;
     if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) {
         if (vctx) {
-            r = pctx->pmeth->verifyctx(pctx, sig, siglen, ctx);
+            r = pctx->pmeth->verifyctx(pctx, sig, (int)siglen, ctx);
             ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
         } else
             r = EVP_DigestFinal_ex(ctx, md, &mdlen);
@@ -731,7 +731,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
         }
         if (vctx)
             r = tmp_ctx->pctx->pmeth->verifyctx(tmp_ctx->pctx,
-                                                sig, siglen, tmp_ctx);
+                                                sig, (int)siglen, tmp_ctx);
         else
             r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen);
         EVP_MD_CTX_free(tmp_ctx);

diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c
index eb8fbc09fb2b5ce0bebbb51d2b6926c32d59cef8..f7045407e70dc05fe7c5f5c870c30e8fb801fce2 100644 (file)
--- a/crypto/evp/p5_crpt.c
+++ b/crypto/evp/p5_crpt.c
@@ -75,7 +75,7 @@ int PKCS5_PBE_keyivgen_ex(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
     if (pass == NULL)
         passlen = 0;
     else if (passlen == -1)
-        passlen = strlen(pass);
+        passlen = (int)strlen(pass);
 
     mdsize = EVP_MD_get_size(md);
     if (mdsize <= 0)

diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c
index 35617390233429073387beb1bc5fa6b6621e0f3f..42a8e684cd9ae3e1d6135d55e7d832f9c18b6de6 100644 (file)
--- a/crypto/evp/p5_crpt2.c
+++ b/crypto/evp/p5_crpt2.c
@@ -36,7 +36,7 @@ int ossl_pkcs5_pbkdf2_hmac_ex(const char *pass, int passlen,
         pass = empty;
         passlen = 0;
     } else if (passlen == -1) {
-        passlen = strlen(pass);
+        passlen = (int)strlen(pass);
     }
     if (salt == NULL && saltlen == 0)
         salt = (unsigned char *)empty;

diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 09c36b944db0b0518d9270cb358ec97cd7dcf6c9..2d741b2378e72c50c65059485331b9e3f1f255fa 100644 (file)
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -1450,7 +1450,7 @@ int EVP_PKEY_set1_encoded_public_key(EVP_PKEY *pkey, const unsigned char *pub,
     if (publen > INT_MAX)
         return 0;
     /* Historically this function was EVP_PKEY_set1_tls_encodedpoint */
-    if (evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_SET1_TLS_ENCPT, publen,
+    if (evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_SET1_TLS_ENCPT, (int)publen,
                            (void *)pub) <= 0)
         return 0;
     return 1;
@@ -1679,7 +1679,7 @@ static void find_ameth(const char *name, void *data)
      */
     ERR_set_mark();
 
-    if (pkey_set_type(NULL, NULL, EVP_PKEY_NONE, name, strlen(name),
+    if (pkey_set_type(NULL, NULL, EVP_PKEY_NONE, name, (int)strlen(name),
                       NULL)) {
         if (str[0] == NULL)
             str[0] = name;

diff --git a/crypto/evp/p_open.c b/crypto/evp/p_open.c
index 8630553e7963c25f6fb31a1f3bd622244ce73d72..fa3966a95d40ae20b6d238de13311d94ca829c28 100644 (file)
--- a/crypto/evp/p_open.c
+++ b/crypto/evp/p_open.c
@@ -48,7 +48,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
     if (EVP_PKEY_decrypt(pctx, key, &keylen, ek, ekl) <= 0)
         goto err;
 
-    if (EVP_CIPHER_CTX_set_key_length(ctx, keylen) <= 0
+    if (EVP_CIPHER_CTX_set_key_length(ctx, (int)keylen) <= 0
         || !EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv))
         goto err;
 

diff --git a/crypto/evp/p_sign.c b/crypto/evp/p_sign.c
index e5555281a6b0911decac68c3ff93eea97ce793f8..cc26e7cf5566ebefcce14a9ea71f6d5e6becd89d 100644 (file)
--- a/crypto/evp/p_sign.c
+++ b/crypto/evp/p_sign.c
@@ -57,7 +57,7 @@ int EVP_SignFinal_ex(EVP_MD_CTX *ctx, unsigned char *sigret,
         goto err;
     if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0)
         goto err;
-    *siglen = sltmp;
+    *siglen = (unsigned int)sltmp;
     i = 1;
  err:
     EVP_PKEY_CTX_free(pkctx);

diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 08c0d6a7b2b7d0152d5995069ea8a4ad2ff30d70..e2819bf82699136bd4577655d2832c1b5f0887a3 100644 (file)
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -662,7 +662,7 @@ const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx)
     idx -= OSSL_NELEM(standard_methods);
     if (idx >= (size_t)sk_EVP_PKEY_METHOD_num(app_pkey_methods))
         return NULL;
-    return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx);
+    return sk_EVP_PKEY_METHOD_value(app_pkey_methods, (int)idx);
 }
 #endif
 
@@ -1604,7 +1604,7 @@ int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str)
     len = strlen(str);
     if (len > INT_MAX)
         return -1;
-    return ctx->pmeth->ctrl(ctx, cmd, len, (void *)str);
+    return ctx->pmeth->ctrl(ctx, cmd, (int)len, (void *)str);
 }
 
 int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex)

diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c
index f6dc57fc998046647afa88cf65a119d318cf9b42..41ccda4645607ee567ec95d1693afc8867600dfc 100644 (file)
--- a/crypto/ffc/ffc_params_generate.c
+++ b/crypto/ffc/ffc_params_generate.c
@@ -556,7 +556,7 @@ int ossl_ffc_params_FIPS186_4_gen_verify(OSSL_LIB_CTX *libctx,
 
     if (N == 0)
         N = mdsize * 8;
-    qsize = N >> 3;
+    qsize = (int)(N >> 3);
 
     /*
      * A.1.1.2 Step (1) AND
@@ -660,7 +660,7 @@ int ossl_ffc_params_FIPS186_4_gen_verify(OSSL_LIB_CTX *libctx,
     }
 
     /* A.1.1.2 Step (11): max loop count = 4L - 1 */
-    counter = 4 * L - 1;
+    counter = (int)(4 * L - 1);
     /* Validation requires the counter to be supplied */
     if (verify) {
         /* A.1.1.3 Step (4) : if (counter > (4L -1)) return INVALID */
@@ -676,10 +676,10 @@ int ossl_ffc_params_FIPS186_4_gen_verify(OSSL_LIB_CTX *libctx,
      * A.1.1.3 Step (10)
      * n = floor(L / hash_outlen) - 1
      */
-    n = (L - 1) / (mdsize << 3);
+    n = (int)((L - 1) / (mdsize << 3));
 
     /* Calculate 2^(L-1): Used in step A.1.1.2 Step (11.3) */
-    if (!BN_lshift(test, BN_value_one(), L - 1))
+    if (!BN_lshift(test, BN_value_one(), (int)(L - 1)))
         goto err;
 
     for (;;) {
@@ -697,7 +697,7 @@ int ossl_ffc_params_FIPS186_4_gen_verify(OSSL_LIB_CTX *libctx,
             goto err;
 
         memcpy(seed_tmp, seed, seedlen);
-        r = generate_p(ctx, md, counter, n, seed_tmp, seedlen, q, p, L,
+        r = generate_p(ctx, md, counter, n, seed_tmp, seedlen, q, p, (int)L,
                        cb, &pcounter, res);
         if (r > 0)
             break; /* found p */
@@ -898,7 +898,7 @@ int ossl_ffc_params_FIPS186_2_gen_verify(OSSL_LIB_CTX *libctx,
     if (test == NULL)
         goto err;
 
-    if (!BN_lshift(test, BN_value_one(), L - 1))
+    if (!BN_lshift(test, BN_value_one(), (int)(L - 1)))
         goto err;
 
     if (!verify) {
@@ -944,8 +944,8 @@ int ossl_ffc_params_FIPS186_2_gen_verify(OSSL_LIB_CTX *libctx,
             goto err;
 
         /* step 6 */
-        n = (L - 1) / 160;
-        counter = 4 * L - 1; /* Was 4096 */
+        n = (int)((L - 1) / 160);
+        counter = (int)(4 * L - 1); /* Was 4096 */
         /* Validation requires the counter to be supplied */
         if (verify) {
             if (params->pcounter > counter) {
@@ -955,7 +955,7 @@ int ossl_ffc_params_FIPS186_2_gen_verify(OSSL_LIB_CTX *libctx,
             counter = params->pcounter;
         }
 
-        rv = generate_p(ctx, md, counter, n, buf, qsize, q, p, L, cb,
+        rv = generate_p(ctx, md, counter, n, buf, qsize, q, p, (int)L, cb,
                         &pcounter, res);
         if (rv > 0)
             break; /* found it */

diff --git a/crypto/hpke/hpke.c b/crypto/hpke/hpke.c
index 8dca5584cbc782a7fe5bd5ff1daa174efcd44d54..cdf903b3a96e4d0fec4cd3422b959835f6c37339 100644 (file)
--- a/crypto/hpke/hpke.c
+++ b/crypto/hpke/hpke.c
@@ -149,7 +149,8 @@ static int hpke_aead_dec(OSSL_HPKE_CTX *hctx, const unsigned char *iv,
     size_t taglen;
 
     taglen = hctx->aead_info->taglen;
-    if (ctlen <= taglen || *ptlen < ctlen - taglen) {
+    if (ctlen <= taglen || *ptlen < ctlen - taglen
+        || aadlen > INT_MAX || ctlen > INT_MAX) {
         ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_INVALID_ARGUMENT);
         return 0;
     }
@@ -162,7 +163,7 @@ static int hpke_aead_dec(OSSL_HPKE_CTX *hctx, const unsigned char *iv,
         goto err;
     }
     if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
-                            hctx->noncelen, NULL) != 1) {
+                            (int)hctx->noncelen, NULL) != 1) {
         ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
         goto err;
     }
@@ -173,18 +174,18 @@ static int hpke_aead_dec(OSSL_HPKE_CTX *hctx, const unsigned char *iv,
     }
     /* Provide AAD. */
     if (aadlen != 0 && aad != NULL) {
-        if (EVP_DecryptUpdate(ctx, NULL, &len, aad, aadlen) != 1) {
+        if (EVP_DecryptUpdate(ctx, NULL, &len, aad, (int)aadlen) != 1) {
             ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
             goto err;
         }
     }
-    if (EVP_DecryptUpdate(ctx, pt, &len, ct, ctlen - taglen) != 1) {
+    if (EVP_DecryptUpdate(ctx, pt, &len, ct, (int)(ctlen - taglen)) != 1) {
         ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
         goto err;
     }
     *ptlen = len;
     if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
-                             taglen, (void *)(ct + ctlen - taglen))) {
+                             (int)taglen, (void *)(ct + ctlen - taglen))) {
         ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
         goto err;
     }
@@ -226,7 +227,8 @@ static int hpke_aead_enc(OSSL_HPKE_CTX *hctx, const unsigned char *iv,
     unsigned char tag[EVP_MAX_AEAD_TAG_LENGTH];
 
     taglen = hctx->aead_info->taglen;
-    if (*ctlen <= taglen || ptlen > *ctlen - taglen) {
+    if (*ctlen <= taglen || ptlen > *ctlen - taglen
+        || aadlen > INT_MAX || ptlen > INT_MAX) {
         ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_INVALID_ARGUMENT);
         return 0;
     }
@@ -243,7 +245,7 @@ static int hpke_aead_enc(OSSL_HPKE_CTX *hctx, const unsigned char *iv,
         goto err;
     }
     if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
-                            hctx->noncelen, NULL) != 1) {
+                            (int)hctx->noncelen, NULL) != 1) {
         ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
         goto err;
     }
@@ -254,12 +256,12 @@ static int hpke_aead_enc(OSSL_HPKE_CTX *hctx, const unsigned char *iv,
     }
     /* Provide any AAD data. */
     if (aadlen != 0 && aad != NULL) {
-        if (EVP_EncryptUpdate(ctx, NULL, &len, aad, aadlen) != 1) {
+        if (EVP_EncryptUpdate(ctx, NULL, &len, aad, (int)aadlen) != 1) {
             ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
             goto err;
         }
     }
-    if (EVP_EncryptUpdate(ctx, ct, &len, pt, ptlen) != 1) {
+    if (EVP_EncryptUpdate(ctx, ct, &len, pt, (int)ptlen) != 1) {
         ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
         goto err;
     }
@@ -271,7 +273,7 @@ static int hpke_aead_enc(OSSL_HPKE_CTX *hctx, const unsigned char *iv,
     }
     *ctlen += len;
     /* Get tag. Not a duplicate so needs to be added to the ciphertext */
-    if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag) != 1) {
+    if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, (int)taglen, tag) != 1) {
         ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
         goto err;
     }

diff --git a/crypto/hpke/hpke_util.c b/crypto/hpke/hpke_util.c
index a9d86a935595ad0dd247a18aa66392014320d68d..2857b096a3129e6f443251f6159452e72fa16589 100644 (file)
--- a/crypto/hpke/hpke_util.c
+++ b/crypto/hpke/hpke_util.c
@@ -193,7 +193,7 @@ const OSSL_HPKE_KEM_INFO *ossl_HPKE_KEM_INFO_find_random(OSSL_LIB_CTX *ctx)
 {
     uint32_t rval = 0;
     int err = 0;
-    size_t sz = OSSL_NELEM(hpke_kem_tab);
+    uint32_t sz = OSSL_NELEM(hpke_kem_tab);
 
     rval = ossl_rand_uniform_uint32(ctx, sz, &err);
     return (err == 1 ? NULL : &hpke_kem_tab[rval]);
@@ -215,7 +215,7 @@ const OSSL_HPKE_KDF_INFO *ossl_HPKE_KDF_INFO_find_random(OSSL_LIB_CTX *ctx)
 {
     uint32_t rval = 0;
     int err = 0;
-    size_t sz = OSSL_NELEM(hpke_kdf_tab);
+    uint32_t sz = OSSL_NELEM(hpke_kdf_tab);
 
     rval = ossl_rand_uniform_uint32(ctx, sz, &err);
     return (err == 1 ? NULL : &hpke_kdf_tab[rval]);
@@ -238,7 +238,7 @@ const OSSL_HPKE_AEAD_INFO *ossl_HPKE_AEAD_INFO_find_random(OSSL_LIB_CTX *ctx)
     uint32_t rval = 0;
     int err = 0;
     /* the minus 1 below is so we don't pick the EXPORTONLY codepoint */
-    size_t sz = OSSL_NELEM(hpke_aead_tab) - 1;
+    uint32_t sz = OSSL_NELEM(hpke_aead_tab) - 1;
 
     rval = ossl_rand_uniform_uint32(ctx, sz, &err);
     return (err == 1 ? NULL : &hpke_aead_tab[rval]);

diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c
index dea69ffc64d4462ef6bbab599883aa808a160358..463c595b0237d70a46e9a2314edf2b2b676cf6d1 100644 (file)
--- a/crypto/http/http_client.c
+++ b/crypto/http/http_client.c
@@ -647,7 +647,7 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
             if (rctx->state == OHS_WRITE_HDR1)
                 rctx->state = OHS_WRITE_HDR;
             rctx->pos += sz;
-            rctx->len_to_send -= sz;
+            rctx->len_to_send -= (long)sz;
             goto next_io;
         }
         if (rctx->state == OHS_WRITE_HDR) {
@@ -1402,6 +1402,8 @@ static char *base64encode(const void *buf, size_t len)
     size_t outl;
     char *out;
 
+    if (len > INT_MAX)
+        return 0;
     /* Calculate size of encoded data */
     outl = (len / 3);
     if (len % 3 > 0)
@@ -1411,7 +1413,7 @@ static char *base64encode(const void *buf, size_t len)
     if (out == NULL)
         return 0;
 
-    i = EVP_EncodeBlock((unsigned char *)out, buf, len);
+    i = EVP_EncodeBlock((unsigned char *)out, buf, (int)len);
     if (!ossl_assert(0 <= i && (size_t)i <= outl)) {
         OPENSSL_free(out);
         return NULL;

diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c
index e8700ebaa42b1c5d0bad59ec98014894e2630c1f..b8489607ffaca0c40134d2b12aa5ec8f586cdca4 100644 (file)
--- a/crypto/mem_sec.c
+++ b/crypto/mem_sec.c
@@ -656,8 +656,8 @@ static void *sh_malloc(size_t size)
         char *temp = sh.freelist[slist];
 
         /* remove from bigger list */
-        OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
-        sh_clearbit(temp, slist, sh.bittable);
+        OPENSSL_assert(!sh_testbit(temp, (int)slist, sh.bitmalloc));
+        sh_clearbit(temp, (int)slist, sh.bittable);
         sh_remove_from_list(temp);
         OPENSSL_assert(temp != sh.freelist[slist]);
 
@@ -665,25 +665,25 @@ static void *sh_malloc(size_t size)
         slist++;
 
         /* add to smaller list */
-        OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
-        sh_setbit(temp, slist, sh.bittable);
+        OPENSSL_assert(!sh_testbit(temp, (int)slist, sh.bitmalloc));
+        sh_setbit(temp, (int)slist, sh.bittable);
         sh_add_to_list(&sh.freelist[slist], temp);
         OPENSSL_assert(sh.freelist[slist] == temp);
 
         /* split in 2 */
         temp += sh.arena_size >> slist;
-        OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
-        sh_setbit(temp, slist, sh.bittable);
+        OPENSSL_assert(!sh_testbit(temp, (int)slist, sh.bitmalloc));
+        sh_setbit(temp, (int)slist, sh.bittable);
         sh_add_to_list(&sh.freelist[slist], temp);
         OPENSSL_assert(sh.freelist[slist] == temp);
 
-        OPENSSL_assert(temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist));
+        OPENSSL_assert(temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, (int)slist));
     }
 
     /* peel off memory to hand back */
     chunk = sh.freelist[list];
-    OPENSSL_assert(sh_testbit(chunk, list, sh.bittable));
-    sh_setbit(chunk, list, sh.bitmalloc);
+    OPENSSL_assert(sh_testbit(chunk, (int)list, sh.bittable));
+    sh_setbit(chunk, (int)list, sh.bitmalloc);
     sh_remove_from_list(chunk);
 
     OPENSSL_assert(WITHIN_ARENA(chunk));
@@ -706,19 +706,19 @@ static void sh_free(void *ptr)
         return;
 
     list = sh_getlist(ptr);
-    OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
-    sh_clearbit(ptr, list, sh.bitmalloc);
+    OPENSSL_assert(sh_testbit(ptr, (int)list, sh.bittable));
+    sh_clearbit(ptr, (int)list, sh.bitmalloc);
     sh_add_to_list(&sh.freelist[list], ptr);
 
     /* Try to coalesce two adjacent free areas. */
-    while ((buddy = sh_find_my_buddy(ptr, list)) != NULL) {
-        OPENSSL_assert(ptr == sh_find_my_buddy(buddy, list));
+    while ((buddy = sh_find_my_buddy(ptr, (int)list)) != NULL) {
+        OPENSSL_assert(ptr == sh_find_my_buddy(buddy, (int)list));
         OPENSSL_assert(ptr != NULL);
-        OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
-        sh_clearbit(ptr, list, sh.bittable);
+        OPENSSL_assert(!sh_testbit(ptr, (int)list, sh.bitmalloc));
+        sh_clearbit(ptr, (int)list, sh.bittable);
         sh_remove_from_list(ptr);
-        OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
-        sh_clearbit(buddy, list, sh.bittable);
+        OPENSSL_assert(!sh_testbit(ptr, (int)list, sh.bitmalloc));
+        sh_clearbit(buddy, (int)list, sh.bittable);
         sh_remove_from_list(buddy);
 
         list--;
@@ -728,8 +728,8 @@ static void sh_free(void *ptr)
         if (ptr > buddy)
             ptr = buddy;
 
-        OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
-        sh_setbit(ptr, list, sh.bittable);
+        OPENSSL_assert(!sh_testbit(ptr, (int)list, sh.bitmalloc));
+        sh_setbit(ptr, (int)list, sh.bittable);
         sh_add_to_list(&sh.freelist[list], ptr);
         OPENSSL_assert(sh.freelist[list] == ptr);
     }
@@ -742,7 +742,7 @@ static size_t sh_actual_size(char *ptr)
     OPENSSL_assert(WITHIN_ARENA(ptr));
     if (!WITHIN_ARENA(ptr))
         return 0;
-    list = sh_getlist(ptr);
+    list = (int)sh_getlist(ptr);
     OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
     return sh.arena_size / (ONE << list);
 }

diff --git a/crypto/ml_dsa/ml_dsa_encoders.c b/crypto/ml_dsa/ml_dsa_encoders.c
index 7d8012efcaf4f5b2df0279c49de2502c2a634a62..2dca3ae060ab2b968712c22e9c6f9b737c29919b 100644 (file)
--- a/crypto/ml_dsa/ml_dsa_encoders.c
+++ b/crypto/ml_dsa/ml_dsa_encoders.c
@@ -836,7 +836,7 @@ int ossl_ml_dsa_sk_decode(ML_DSA_KEY *key, const uint8_t *in, size_t in_len)
  */
 static int hint_bits_encode(const VECTOR *hint, WPACKET *pkt, uint32_t omega)
 {
-    int i, j, k = hint->num_poly;
+    int i, j, k = (int)hint->num_poly;
     size_t coeff_index = 0;
     POLY *p = hint->poly;
     uint8_t *data;

diff --git a/crypto/ml_dsa/ml_dsa_key.c b/crypto/ml_dsa/ml_dsa_key.c
index d1b07570f38c6068c689eadbbe6f2e795d2363cf..0deeb7f6bb2e854ccf7afd4713ccd81d109bef72 100644 (file)
--- a/crypto/ml_dsa/ml_dsa_key.c
+++ b/crypto/ml_dsa/ml_dsa_key.c
@@ -312,7 +312,7 @@ static int public_from_private(const ML_DSA_KEY *key, EVP_MD_CTX *md_ctx,
                                VECTOR *t1, VECTOR *t0)
 {
     const ML_DSA_PARAMS *params = key->params;
-    uint32_t k = params->k, l = params->l;
+    uint32_t k = (uint32_t)params->k, l = (uint32_t)params->l;
     POLY *polys;
     MATRIX a_ntt;
     VECTOR s1_ntt;
@@ -374,7 +374,7 @@ int ossl_ml_dsa_key_pairwise_check(const ML_DSA_KEY *key)
     int ret = 0;
     VECTOR t1, t0;
     POLY *polys = NULL;
-    uint32_t k = key->params->k;
+    uint32_t k = (uint32_t)key->params->k;
     EVP_MD_CTX *md_ctx = NULL;
 
     if (key->pub_encoding == NULL || key->priv_encoding == 0)

diff --git a/crypto/ml_dsa/ml_dsa_sign.c b/crypto/ml_dsa/ml_dsa_sign.c
index cb375f698c33838e80f44ec8ebf645f0608a10a8..dd67ef5cc3bf1869e27cf4df45a18d381c2e808c 100644 (file)
--- a/crypto/ml_dsa/ml_dsa_sign.c
+++ b/crypto/ml_dsa/ml_dsa_sign.c
@@ -160,7 +160,7 @@ static int ml_dsa_sign_internal(const ML_DSA_KEY *priv,
     int ret = 0;
     const ML_DSA_PARAMS *params = priv->params;
     EVP_MD_CTX *md_ctx = NULL;
-    uint32_t k = params->k, l = params->l;
+    uint32_t k = (uint32_t)params->k, l = (uint32_t)params->l;
     uint32_t gamma1 = params->gamma1, gamma2 = params->gamma2;
     uint8_t *alloc = NULL, *w1_encoded;
     size_t alloc_len, w1_encoded_len;
@@ -241,7 +241,7 @@ static int ml_dsa_sign_internal(const ML_DSA_KEY *priv,
         VECTOR *ct0 = &w1;
         uint32_t z_max, r0_max, ct0_max, h_ones;
 
-        vector_expand_mask(&y, rho_prime, sizeof(rho_prime), kappa,
+        vector_expand_mask(&y, rho_prime, sizeof(rho_prime), (uint32_t)kappa,
                            gamma1, md_ctx, priv->shake256_md);
         vector_copy(y_ntt, &y);
         vector_ntt(y_ntt);
@@ -256,7 +256,7 @@ static int ml_dsa_sign_internal(const ML_DSA_KEY *priv,
                          w1_encoded, w1_encoded_len, c_tilde, c_tilde_len))
             break;
 
-        if (!poly_sample_in_ball_ntt(c_ntt, c_tilde, c_tilde_len,
+        if (!poly_sample_in_ball_ntt(c_ntt, c_tilde, (int)c_tilde_len,
                                      md_ctx, priv->shake256_md, params->tau))
             break;
 
@@ -286,7 +286,7 @@ static int ml_dsa_sign_internal(const ML_DSA_KEY *priv,
         vector_make_hint(ct0, &cs2, &w, gamma2, &sig.hint);
 
         ct0_max = vector_max(ct0);
-        h_ones = vector_count_ones(&sig.hint);
+        h_ones = (uint32_t)vector_count_ones(&sig.hint);
         /* Same reasoning applies to the leak as above */
         if (value_barrier_32(constant_time_ge(ct0_max, gamma2)
                              | constant_time_lt(params->omega, h_ones)))
@@ -326,8 +326,8 @@ static int ml_dsa_verify_internal(const ML_DSA_KEY *pub,
     VECTOR az_ntt, ct1_ntt, *z_ntt, *w1, *w_approx;
     ML_DSA_SIG sig;
     const ML_DSA_PARAMS *params = pub->params;
-    uint32_t k = pub->params->k;
-    uint32_t l = pub->params->l;
+    uint32_t k = (uint32_t)pub->params->k;
+    uint32_t l = (uint32_t)pub->params->l;
     uint32_t gamma2 = params->gamma2;
     size_t w1_encoded_len;
     size_t num_polys_sig = k + l;
@@ -375,7 +375,7 @@ static int ml_dsa_verify_internal(const ML_DSA_KEY *pub,
         goto err;
 
     /* Compute verifiers challenge c_ntt = NTT(SampleInBall(c_tilde)) */
-    if (!poly_sample_in_ball_ntt(c_ntt, c_tilde_sig, c_tilde_len,
+    if (!poly_sample_in_ball_ntt(c_ntt, c_tilde_sig, (int)c_tilde_len,
                                  md_ctx, pub->shake256_md, params->tau))
         goto err;
 

diff --git a/crypto/modes/wrap128.c b/crypto/modes/wrap128.c
index a9622c16bd7627eaabacaa92833887b76e7e24e5..98d2f10e3126539d35d217606c5c683f1ab8785b 100644 (file)
--- a/crypto/modes/wrap128.c
+++ b/crypto/modes/wrap128.c
@@ -196,7 +196,7 @@ size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv,
     const size_t padding_len = padded_len - inlen;
     /* RFC 5649 section 3: Alternative Initial Value */
     unsigned char aiv[8];
-    int ret;
+    size_t ret;
 
     /* Section 1: use 32-bit fixed field for plaintext octet length */
     if (inlen == 0 || inlen >= CRYPTO128_WRAP_MAX)

diff --git a/crypto/o_fopen.c b/crypto/o_fopen.c
index cee4eee8a9e257f9a6c7abe5d5957ea73bea49f9..f253df42913fc9986cd0bc0fc66d1a693448e182 100644 (file)
--- a/crypto/o_fopen.c
+++ b/crypto/o_fopen.c
@@ -71,7 +71,7 @@ FILE *openssl_fopen(const char *filename, const char *mode)
 
         if (MultiByteToWideChar(CP_UTF8, flags,
                                 filename, len_0, wfilename, sz) &&
-            MultiByteToWideChar(CP_UTF8, 0, mode, strlen(mode) + 1,
+            MultiByteToWideChar(CP_UTF8, 0, mode, (int)(strlen(mode) + 1),
                                 wmode, OSSL_NELEM(wmode)) &&
             (file = _wfopen(wfilename, wmode)) == NULL &&
             (errno == ENOENT || errno == EBADF)

diff --git a/crypto/o_str.c b/crypto/o_str.c
index 93af73561f97916f44e66dc8d6d0f8529d4d5cc7..c8333cc4a92d1c9a0333fac84d1f27ce26a361b4 100644 (file)
--- a/crypto/o_str.c
+++ b/crypto/o_str.c
@@ -22,12 +22,15 @@
 char *CRYPTO_strdup(const char *str, const char* file, int line)
 {
     char *ret;
+    size_t len;
 
     if (str == NULL)
         return NULL;
-    ret = CRYPTO_malloc(strlen(str) + 1, file, line);
+
+    len = strlen(str) + 1;
+    ret = CRYPTO_malloc(len, file, line);
     if (ret != NULL)
-        strcpy(ret, str);
+        memcpy(ret, str, len);
     return ret;
 }
 

diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
index 8bc4fa8ec2d530fcfd02e8f274882b31d48f7a0a..380e47c8c86345f31e2ac31f1f4a72fa3e6978e6 100644 (file)
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -576,7 +576,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
             bndec = BN_bn2dec(bl);
             if (!bndec)
                 goto err;
-            i = strlen(bndec);
+            i = (int)strlen(bndec);
             if (buf != NULL) {
                 if (buf_len > 1) {
                     *buf++ = '.';
@@ -597,7 +597,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
             OPENSSL_free(bndec);
         } else {
             BIO_snprintf(tbuf, sizeof(tbuf), ".%lu", l);
-            i = strlen(tbuf);
+            i = (int)strlen(tbuf);
             if (buf && buf_len > 0) {
                 OPENSSL_strlcpy(buf, tbuf, buf_len);
                 if (i > buf_len) {

diff --git a/crypto/packet.c b/crypto/packet.c
index 6a43b35655fb43e6c34559ab15ea0e866270dc7c..85c05173c2cf40ddcd6654e1b0eba2552a2e7281 100644 (file)
--- a/crypto/packet.c
+++ b/crypto/packet.c
@@ -236,7 +236,7 @@ static int put_quic_value(unsigned char *data, size_t value, size_t len)
     if (ossl_quic_vlint_encode_len(value) > len)
         return 0;
 
-    ossl_quic_vlint_encode_n(data, value, len);
+    ossl_quic_vlint_encode_n(data, value, (int)len);
     return 1;
 }
 #endif

diff --git a/crypto/param_build.c b/crypto/param_build.c
index 3294045156fa9ac7b304cb643ab801f2b3a46756..6d4e818f8f75502f85d8509077ba7052535f8f39 100644 (file)
--- a/crypto/param_build.c
+++ b/crypto/param_build.c
@@ -331,9 +331,9 @@ static OSSL_PARAM *param_bld_convert(OSSL_PARAM_BLD *bld, OSSL_PARAM *param,
         if (pd->bn != NULL) {
             /* BIGNUM */
             if (pd->type == OSSL_PARAM_UNSIGNED_INTEGER)
-                BN_bn2nativepad(pd->bn, (unsigned char *)p, pd->size);
+                BN_bn2nativepad(pd->bn, (unsigned char *)p, (int)pd->size);
             else
-                BN_signed_bn2native(pd->bn, (unsigned char *)p, pd->size);
+                BN_signed_bn2native(pd->bn, (unsigned char *)p, (int)pd->size);
         } else if (pd->type == OSSL_PARAM_OCTET_PTR
                    || pd->type == OSSL_PARAM_UTF8_PTR) {
             /* PTR */

diff --git a/crypto/params.c b/crypto/params.c
index 01aff0739b1a1fad74449bf7d553903e77119609..f3d86ca6da74526aa8ad9ae72cdac4bac3db78c5 100644 (file)
--- a/crypto/params.c
+++ b/crypto/params.c
@@ -1143,13 +1143,13 @@ int OSSL_PARAM_set_BN(OSSL_PARAM *p, const BIGNUM *val)
 
         switch (p->data_type) {
         case OSSL_PARAM_UNSIGNED_INTEGER:
-            if (BN_bn2nativepad(val, p->data, p->data_size) < 0) {
+            if (BN_bn2nativepad(val, p->data, (int)p->data_size) < 0) {
                 ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_INTEGER_OVERFLOW);
                 return 0;
             }
             break;
         case OSSL_PARAM_INTEGER:
-            if (BN_signed_bn2native(val, p->data, p->data_size) < 0) {
+            if (BN_signed_bn2native(val, p->data, (int)p->data_size) < 0) {
                 ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_INTEGER_OVERFLOW);
                 return 0;
             }

diff --git a/crypto/params_from_text.c b/crypto/params_from_text.c
index fb25400dc123a034d98bfd392fa99ebc2b3defbc..ff3b1c86debcb4011c140a42db46a4c6bd153030 100644 (file)
--- a/crypto/params_from_text.c
+++ b/crypto/params_from_text.c
@@ -151,7 +151,7 @@ static int construct_from_text(OSSL_PARAM *to, const OSSL_PARAM *paramdef,
                 }
             */
 
-            BN_bn2nativepad(tmpbn, buf, buf_n);
+            BN_bn2nativepad(tmpbn, buf, (int)buf_n);
 
             /*
              * 2's complement negation, part two.
@@ -271,14 +271,14 @@ int OSSL_PARAM_print_to_bio(const OSSL_PARAM *p, BIO *bio, int print_values)
             }
             break;
         case OSSL_PARAM_UTF8_PTR:
-            ok = BIO_dump(bio, p->data, p->data_size);
+            ok = BIO_dump(bio, p->data, (int)p->data_size);
             break;
         case OSSL_PARAM_UTF8_STRING:
-            ok = BIO_dump(bio, (char *)p->data, p->data_size);
+            ok = BIO_dump(bio, (char *)p->data, (int)p->data_size);
             break;
         case OSSL_PARAM_OCTET_PTR:
         case OSSL_PARAM_OCTET_STRING:
-            ok = BIO_dump(bio, (char *)p->data, p->data_size);
+            ok = BIO_dump(bio, (char *)p->data, (int)p->data_size);
             break;
 #ifndef OPENSSL_SYS_UEFI
         case OSSL_PARAM_REAL:

diff --git a/crypto/passphrase.c b/crypto/passphrase.c
index 563c5acd1e54d19e3d07c1ee6ce147dc6cf47a3d..fa84b6d664fcdefb9defa817ebc3cdb2175b2cf4 100644 (file)
--- a/crypto/passphrase.c
+++ b/crypto/passphrase.c
@@ -152,7 +152,7 @@ static int do_ui_passphrase(char *pass, size_t pass_size, size_t *pass_len,
 
     prompt_idx = UI_add_input_string(ui, prompt,
                                      UI_INPUT_FLAG_DEFAULT_PWD,
-                                     ipass, 0, pass_size) - 1;
+                                     ipass, 0, (int)pass_size) - 1;
     if (prompt_idx < 0) {
         ERR_raise(ERR_LIB_CRYPTO, ERR_R_UI_LIB);
         goto end;
@@ -165,7 +165,7 @@ static int do_ui_passphrase(char *pass, size_t pass_size, size_t *pass_len,
             goto end;
         verify_idx = UI_add_verify_string(ui, prompt,
                                           UI_INPUT_FLAG_DEFAULT_PWD,
-                                          vpass, 0, pass_size,
+                                          vpass, 0, (int)pass_size,
                                           ipass) - 1;
         if (verify_idx < 0) {
             ERR_raise(ERR_LIB_CRYPTO, ERR_R_UI_LIB);

diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 4f0a0049a48440b32bd1df6e52e577a74cdb1665..52da6991de3139999053f7f7917402f8c09f5832 100644 (file)
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -38,7 +38,7 @@ int PEM_def_callback(char *buf, int num, int rwflag, void *userdata)
 
     /* We assume that the user passes a default password as userdata */
     if (userdata) {
-        i = strlen(userdata);
+        i = (int)strlen(userdata);
         i = (i > num) ? num : i;
         memcpy(buf, userdata, i);
         return i;
@@ -63,7 +63,7 @@ int PEM_def_callback(char *buf, int num, int rwflag, void *userdata)
         memset(buf, 0, (unsigned int)num);
         return -1;
     }
-    return strlen(buf);
+    return (int)strlen(buf);
 }
 
 void PEM_proc_type(char *buf, int type)
@@ -87,7 +87,7 @@ void PEM_dek_info(char *buf, const char *type, int len, const char *str)
 {
     long i;
     char *p = buf + strlen(buf);
-    int j = PEM_BUFSIZE - (size_t)(p - buf), n;
+    int j = PEM_BUFSIZE - (int)(p - buf), n;
 
     n = BIO_snprintf(p, j, "DEK-Info: %s,", type);
     if (n > 0) {
@@ -646,7 +646,7 @@ int PEM_write_bio(BIO *bp, const char *name, const char *header,
     }
 
     EVP_EncodeInit(ctx);
-    nlen = strlen(name);
+    nlen = (int)strlen(name);
 
     if ((BIO_write(bp, "-----BEGIN ", 11) != 11) ||
         (BIO_write(bp, name, nlen) != nlen) ||
@@ -655,7 +655,7 @@ int PEM_write_bio(BIO *bp, const char *name, const char *header,
         goto err;
     }
 
-    i = header != NULL ? strlen(header) : 0;
+    i = header != NULL ? (int)strlen(header) : 0;
     if (i > 0) {
         if ((BIO_write(bp, header, i) != i) || (BIO_write(bp, "\n", 1) != 1)) {
             reason = ERR_R_BIO_LIB;
@@ -978,7 +978,11 @@ int PEM_read_bio_ex(BIO *bp, char **name_out, char **header,
         goto end;
 
     BIO_get_mem_ptr(dataB, &buf_mem);
-    len = buf_mem->length;
+    if (buf_mem->length > INT_MAX) {
+        ERR_raise(ERR_LIB_PEM, PEM_R_BAD_BASE64_DECODE);
+        goto end;
+    }
+    len = (int)buf_mem->length;
 
     /* There was no data in the PEM file */
     if (len == 0)
@@ -1044,9 +1048,10 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
 
 int ossl_pem_check_suffix(const char *pem_str, const char *suffix)
 {
-    int pem_len = strlen(pem_str);
-    int suffix_len = strlen(suffix);
+    int pem_len = (int)strlen(pem_str);
+    int suffix_len = (int)strlen(suffix);
     const char *p;
+
     if (suffix_len + 1 >= pem_len)
         return 0;
     p = pem_str + pem_len - suffix_len;
@@ -1055,5 +1060,5 @@ int ossl_pem_check_suffix(const char *pem_str, const char *suffix)
     p--;
     if (*p != ' ')
         return 0;
-    return p - pem_str;
+    return (int)(p - pem_str);
 }

diff --git a/crypto/pem/pem_local.h b/crypto/pem/pem_local.h
index 5cc1c76fdbf7e46beb975939814e54e36546c3b6..0e6d70c1430c0f6d5d3a6da079437a67f9ca84a4 100644 (file)
--- a/crypto/pem/pem_local.h
+++ b/crypto/pem/pem_local.h
@@ -55,7 +55,7 @@
     if (kstr == NULL && cb == NULL) {                                   \
         if (u != NULL) {                                                \
             kstr = u;                                                   \
-            klen = strlen(u);                                           \
+            klen = (int)strlen(u);                                      \
         } else {                                                        \
             cb = PEM_def_callback;                                      \
         }                                                               \

diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c
index 6e84f0afd05d0318538b025c46f0a0bed87bab9c..1ec77afb3de9031fa0974deb0ac3732291d87faa 100644 (file)
--- a/crypto/pem/pem_pk8.c
+++ b/crypto/pem/pem_pk8.c
@@ -87,7 +87,7 @@ static int do_pk8pkey(BIO *bp, const EVP_PKEY *x, int isder, int nid,
     if (kstr == NULL && cb == NULL) {
         if (u != NULL) {
             kstr = u;
-            klen = strlen(u);
+            klen = (int)strlen(u);
         } else {
             cb = PEM_def_callback;
         }

diff --git a/crypto/pkcs12/p12_utl.c b/crypto/pkcs12/p12_utl.c
index a96623f19fbadeaff5724dc51021e0c1860c7290..ebeb59b9d8f56947cc337f8b2517b4cc17cac7a0 100644 (file)
--- a/crypto/pkcs12/p12_utl.c
+++ b/crypto/pkcs12/p12_utl.c
@@ -22,7 +22,7 @@ unsigned char *OPENSSL_asc2uni(const char *asc, int asclen,
     unsigned char *unitmp;
 
     if (asclen == -1)
-        asclen = strlen(asc);
+        asclen = (int)strlen(asc);
     if (asclen < 0)
         return NULL;
     ulen = asclen * 2 + 2;
@@ -82,7 +82,7 @@ unsigned char *OPENSSL_utf82uni(const char *asc, int asclen,
     unsigned long utf32chr = 0;
 
     if (asclen == -1)
-        asclen = strlen(asc);
+        asclen = (int)strlen(asc);
 
     for (ulen = 0, i = 0; i < asclen; i += j) {
         j = UTF8_getc((const unsigned char *)asc+i, asclen-i, &utf32chr);

diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 9fa215a62846f37db4cf991bd185a5bba69fc6b8..0a6eb3674b55e2b64baf7896c38985468508314b 100644 (file)
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -175,7 +175,7 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
     if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0)
         goto err;
 
-    ASN1_STRING_set0(ri->enc_key, ek, eklen);
+    ASN1_STRING_set0(ri->enc_key, ek, (int)eklen);
     ek = NULL;
 
     ret = 1;
@@ -221,7 +221,7 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
 
     OPENSSL_clear_free(*pek, *peklen);
     *pek = ek;
-    *peklen = eklen;
+    *peklen = (int)eklen;
 
  err:
     EVP_PKEY_CTX_free(pctx);
@@ -987,7 +987,7 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
 
     EVP_MD_CTX_free(mctx);
 
-    ASN1_STRING_set0(si->enc_digest, abuf, siglen);
+    ASN1_STRING_set0(si->enc_digest, abuf, (int)siglen);
 
     return 1;
 

diff --git a/crypto/property/property.c b/crypto/property/property.c
index 4141c1760300b2d23fe30f1009e3912ff2fadd85..a104e57740182fa0b3df20e2cacf71b9fbaab41d 100644 (file)
--- a/crypto/property/property.c
+++ b/crypto/property/property.c
@@ -574,9 +574,9 @@ void ossl_method_store_do_all(OSSL_METHOD_STORE *store,
 
         if (!ossl_property_read_lock(store))
             return;
-       
+
         tmpalgs = sk_ALGORITHM_new_reserve(NULL,
-                                           ossl_sa_ALGORITHM_num(store->algs));
+                                           (int)ossl_sa_ALGORITHM_num(store->algs));
         if (tmpalgs == NULL) {
             ossl_property_unlock(store);
             return;
@@ -726,7 +726,7 @@ fin:
 #ifndef FIPS_MODULE
     OSSL_TRACE_BEGIN(QUERY) {
         char buf[512];
-        int size;
+        size_t size;
 
         size = ossl_property_list_to_string(NULL, pq, buf, 512);
         BIO_printf(trc_out, "method store query with properties %s "

diff --git a/crypto/punycode.c b/crypto/punycode.c
index 68fc586e68157529e22235987960fdcda17a4e1a..7f6542fd0ea48098b489b83375c1a4ac7be044ec 100644 (file)
--- a/crypto/punycode.c
+++ b/crypto/punycode.c
@@ -122,12 +122,15 @@ int ossl_punycode_decode(const char *pEncoded, const size_t enc_len,
     unsigned int n = initial_n;
     unsigned int i = 0;
     unsigned int bias = initial_bias;
-    size_t processed_in = 0, written_out = 0;
+    unsigned int processed_in = 0;
+    unsigned int written_out = 0;
     unsigned int max_out = *pout_length;
     unsigned int basic_count = 0;
     unsigned int loop;
 
-    for (loop = 0; loop < enc_len; loop++) {
+    if (enc_len >= UINT_MAX)
+        return 0;
+    for (loop = 0; loop < (unsigned int)enc_len; loop++) {
         if (pEncoded[loop] == delimiter)
             basic_count = loop;
     }
@@ -146,7 +149,7 @@ int ossl_punycode_decode(const char *pEncoded, const size_t enc_len,
         processed_in = basic_count + 1;
     }
 
-    for (loop = processed_in; loop < enc_len;) {
+    for (loop = processed_in; loop < (unsigned int)enc_len;) {
         unsigned int oldi = i;
         unsigned int w = 1;
         unsigned int k, t;

diff --git a/crypto/quic_vlint.c b/crypto/quic_vlint.c
index 0238985963195184f311c23e853b4b95f5a16af4..af81739ff7aeb93f3f6a0d79c5c962dacb0efc69 100644 (file)
--- a/crypto/quic_vlint.c
+++ b/crypto/quic_vlint.c
@@ -29,7 +29,7 @@ void ossl_quic_vlint_encode_n(uint8_t *buf, uint64_t v, int n)
 
 void ossl_quic_vlint_encode(uint8_t *buf, uint64_t v)
 {
-    ossl_quic_vlint_encode_n(buf, v, ossl_quic_vlint_encode_len(v));
+    ossl_quic_vlint_encode_n(buf, v, (int)ossl_quic_vlint_encode_len(v));
 }
 
 uint64_t ossl_quic_vlint_decode_unchecked(const unsigned char *buf)
@@ -75,7 +75,7 @@ int ossl_quic_vlint_decode(const unsigned char *buf, size_t buf_len, uint64_t *v
     x = ossl_quic_vlint_decode_unchecked(buf);
 
     *v = x;
-    return dec_len;
+    return (int)dec_len;
 }
 
 #endif

diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index 7cc434c71cb720bb893d242cbc13e7e2c2f63c45..fedb6ed92ae3b85bc7efd1573ac0debe0c235894 100644 (file)
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -225,7 +225,7 @@ int RAND_poll(void)
 
         if (meth->add == NULL
             || meth->add(ossl_rand_pool_buffer(pool),
-                         ossl_rand_pool_length(pool),
+                         (int)ossl_rand_pool_length(pool),
                          (ossl_rand_pool_entropy(pool) / 8.0)) == 0)
             goto err;
 
@@ -423,8 +423,12 @@ int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num,
     const RAND_METHOD *meth = RAND_get_rand_method();
 
     if (meth != NULL && meth != RAND_OpenSSL()) {
+        if (num > INT_MAX) {
+            ERR_raise(ERR_LIB_RAND, RAND_R_ARGUMENT_OUT_OF_RANGE);
+            return -1;
+        }
         if (meth->bytes != NULL)
-            return meth->bytes(buf, num);
+            return meth->bytes(buf, (int)num);
         ERR_raise(ERR_LIB_RAND, RAND_R_FUNC_NOT_IMPLEMENTED);
         return -1;
     }
@@ -462,8 +466,12 @@ int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num,
     const RAND_METHOD *meth = RAND_get_rand_method();
 
     if (meth != NULL && meth != RAND_OpenSSL()) {
+        if (num > INT_MAX) {
+            ERR_raise(ERR_LIB_RAND, RAND_R_ARGUMENT_OUT_OF_RANGE);
+            return -1;
+        }
         if (meth->bytes != NULL)
-            return meth->bytes(buf, num);
+            return meth->bytes(buf, (int)num);
         ERR_raise(ERR_LIB_RAND, RAND_R_FUNC_NOT_IMPLEMENTED);
         return -1;
     }

diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
index 9337b36dc8b9f8760899982774039e6f4392512f..b6488e43da5fb65deca2d61e7b26f96ffeeba9a4 100644 (file)
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@@ -150,7 +150,7 @@ int RAND_load_file(const char *file, long bytes)
             n = (bytes <= RAND_LOAD_BUF_SIZE) ? (int)bytes : RAND_BUF_SIZE;
         else
             n = RAND_LOAD_BUF_SIZE;
-        i = fread(buf, 1, n, in);
+        i = (int)fread(buf, 1, n, in);
 #ifdef EINTR
         if (ferror(in) && errno == EINTR) {
             clearerr(in);
@@ -258,7 +258,7 @@ int RAND_write_file(const char *file)
     chmod(file, 0600);
 #endif
 
-    ret = fwrite(buf, 1, RAND_BUF_SIZE, out);
+    ret = (int)fwrite(buf, 1, RAND_BUF_SIZE, out);
     fclose(out);
     OPENSSL_cleanse(buf, RAND_BUF_SIZE);
     return ret;

diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index 42b03fb2fd62dc364c7c3bb738657a5245a64f59..c2023528615f87c3956b23d764d06a26fb3d1413 100644 (file)
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -704,13 +704,13 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, const void *asn,
         if (alg1 != NULL) {
             const unsigned char *pp = aid;
 
-            if (d2i_X509_ALGOR(&alg1, &pp, aid_len) == NULL)
+            if (d2i_X509_ALGOR(&alg1, &pp, (long)aid_len) == NULL)
                 return 0;
         }
         if (alg2 != NULL) {
             const unsigned char *pp = aid;
 
-            if (d2i_X509_ALGOR(&alg2, &pp, aid_len) == NULL)
+            if (d2i_X509_ALGOR(&alg2, &pp, (long)aid_len) == NULL)
                 return 0;
         }
 

diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
index 8f89f748e7aadc7452daf0c02a459a2daa793844..da864f4c3bd9be45f18e0b67ed1b12e8c1cb56e7 100644 (file)
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -162,7 +162,7 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
             unsigned int sltmp;
             if (rctx->pad_mode != RSA_PKCS1_PADDING)
                 return -1;
-            ret = RSA_sign_ASN1_OCTET_STRING(0, tbs, tbslen, sig, &sltmp, rsa);
+            ret = RSA_sign_ASN1_OCTET_STRING(0, tbs, (int)tbslen, sig, &sltmp, rsa);
 
             if (ret <= 0)
                 return ret;
@@ -178,12 +178,12 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
             }
             memcpy(rctx->tbuf, tbs, tbslen);
             rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_get_type(rctx->md));
-            ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf,
+            ret = RSA_private_encrypt((int)(tbslen + 1), rctx->tbuf,
                                       sig, rsa, RSA_X931_PADDING);
         } else if (rctx->pad_mode == RSA_PKCS1_PADDING) {
             unsigned int sltmp;
             ret = RSA_sign(EVP_MD_get_type(rctx->md),
-                           tbs, tbslen, sig, &sltmp, rsa);
+                           tbs, (unsigned int)tbslen, sig, &sltmp, rsa);
             if (ret <= 0)
                 return ret;
             ret = sltmp;
@@ -201,7 +201,7 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
             return -1;
         }
     } else {
-        ret = RSA_private_encrypt(tbslen, tbs, sig, rsa, rctx->pad_mode);
+        ret = RSA_private_encrypt((int)tbslen, tbs, sig, rsa, rctx->pad_mode);
     }
     if (ret < 0)
         return ret;
@@ -226,7 +226,7 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
         if (rctx->pad_mode == RSA_X931_PADDING) {
             if (!setup_tbuf(rctx, ctx))
                 return -1;
-            ret = RSA_public_decrypt(siglen, sig, rctx->tbuf, rsa,
+            ret = RSA_public_decrypt((int)siglen, sig, rctx->tbuf, rsa,
                                      RSA_X931_PADDING);
             if (ret < 1)
                 return 0;
@@ -248,12 +248,12 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
                                   sig, siglen, rsa);
             if (ret <= 0)
                 return 0;
-            ret = sltmp;
+            ret = (int)sltmp;
         } else {
             return -1;
         }
     } else {
-        ret = RSA_public_decrypt(siglen, sig, rout, rsa, rctx->pad_mode);
+        ret = RSA_public_decrypt((int)siglen, sig, rout, rsa, rctx->pad_mode);
     }
     if (ret < 0)
         return ret;
@@ -277,8 +277,8 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
 
     if (rctx->md) {
         if (rctx->pad_mode == RSA_PKCS1_PADDING)
-            return RSA_verify(EVP_MD_get_type(rctx->md), tbs, tbslen,
-                              sig, siglen, rsa);
+            return RSA_verify(EVP_MD_get_type(rctx->md), tbs, (unsigned int)tbslen,
+                              sig, (unsigned int)siglen, rsa);
         md_size = EVP_MD_get_size(rctx->md);
         if (md_size <= 0) {
             ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_DIGEST_LENGTH);
@@ -295,7 +295,7 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
             int ret;
             if (!setup_tbuf(rctx, ctx))
                 return -1;
-            ret = RSA_public_decrypt(siglen, sig, rctx->tbuf,
+            ret = RSA_public_decrypt((int)siglen, sig, rctx->tbuf,
                                      rsa, RSA_NO_PADDING);
             if (ret <= 0)
                 return 0;
@@ -311,7 +311,7 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
     } else {
         if (!setup_tbuf(rctx, ctx))
             return -1;
-        rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf,
+        rslen = RSA_public_decrypt((int)siglen, sig, rctx->tbuf,
                                    rsa, rctx->pad_mode);
         if (rslen == 0)
             return 0;
@@ -342,14 +342,14 @@ static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx,
         if (!setup_tbuf(rctx, ctx))
             return -1;
         if (!RSA_padding_add_PKCS1_OAEP_mgf1(rctx->tbuf, klen,
-                                             in, inlen,
+                                             in, (int)inlen,
                                              rctx->oaep_label,
-                                             rctx->oaep_labellen,
+                                             (int)rctx->oaep_labellen,
                                              rctx->md, rctx->mgf1md))
             return -1;
         ret = RSA_public_encrypt(klen, rctx->tbuf, out, rsa, RSA_NO_PADDING);
     } else {
-        ret = RSA_public_encrypt(inlen, in, out, rsa, rctx->pad_mode);
+        ret = RSA_public_encrypt((int)inlen, in, out, rsa, rctx->pad_mode);
     }
     if (ret < 0)
         return ret;
@@ -374,13 +374,13 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx,
     if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING) {
         if (!setup_tbuf(rctx, ctx))
             return -1;
-        ret = RSA_private_decrypt(inlen, in, rctx->tbuf, rsa, RSA_NO_PADDING);
+        ret = RSA_private_decrypt((int)inlen, in, rctx->tbuf, rsa, RSA_NO_PADDING);
         if (ret <= 0)
             return ret;
         ret = RSA_padding_check_PKCS1_OAEP_mgf1(out, ret, rctx->tbuf,
                                                 ret, ret,
                                                 rctx->oaep_label,
-                                                rctx->oaep_labellen,
+                                                (int)rctx->oaep_labellen,
                                                 rctx->md, rctx->mgf1md);
     } else {
         if (rctx->pad_mode == RSA_PKCS1_PADDING &&
@@ -388,7 +388,7 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx,
             pad_mode = RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING;
         else
             pad_mode = rctx->pad_mode;
-        ret = RSA_private_decrypt(inlen, in, out, rsa, pad_mode);
+        ret = RSA_private_decrypt((int)inlen, in, out, rsa, pad_mode);
     }
     *outlen = constant_time_select_s(constant_time_msb_s(ret), *outlen, ret);
     ret = constant_time_select_int(constant_time_msb(ret), ret, 1);
@@ -616,7 +616,7 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
             return 0;
         }
         *(unsigned char **)p2 = rctx->oaep_label;
-        return rctx->oaep_labellen;
+        return (int)rctx->oaep_labellen;
 
     case EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION:
         if (rctx->pad_mode != RSA_PKCS1_PADDING) {

diff --git a/crypto/siphash/siphash.c b/crypto/siphash/siphash.c
index e2be3ca597fb79eff042ed8bc93aa2777c71f4ad..0f2f42a9d75ed9a2926567016f71d05178726173 100644 (file)
--- a/crypto/siphash/siphash.c
+++ b/crypto/siphash/siphash.c
@@ -95,12 +95,12 @@ int SipHash_set_hash_size(SIPHASH *ctx, size_t hash_size)
      */
 
     /* Start by adjusting the stored size, to make things easier */
-    ctx->hash_size = siphash_adjust_hash_size(ctx->hash_size);
+    ctx->hash_size = (unsigned int)siphash_adjust_hash_size(ctx->hash_size);
 
     /* Now, adjust ctx->v1 if the old and the new size differ */
     if ((size_t)ctx->hash_size != hash_size) {
         ctx->v1 ^= 0xee;
-        ctx->hash_size = hash_size;
+        ctx->hash_size = (unsigned int)hash_size;
     }
     return 1;
 }
@@ -112,7 +112,7 @@ int SipHash_Init(SIPHASH *ctx, const unsigned char *k, int crounds, int drounds)
     uint64_t k1 = U8TO64_LE(k + 8);
 
     /* If the hash size wasn't set, i.e. is zero */
-    ctx->hash_size = siphash_adjust_hash_size(ctx->hash_size);
+    ctx->hash_size = (unsigned int)siphash_adjust_hash_size(ctx->hash_size);
 
     if (drounds == 0)
         drounds = SIPHASH_D_ROUNDS;
@@ -156,7 +156,7 @@ void SipHash_Update(SIPHASH *ctx, const unsigned char *in, size_t inlen)
         /* not enough to fill leavings */
         if (inlen < available) {
             memcpy(&ctx->leavings[ctx->len], in, inlen);
-            ctx->len += inlen;
+            ctx->len += (unsigned int)inlen;
             return;
         }
 

diff --git a/crypto/slh_dsa/slh_hash.c b/crypto/slh_dsa/slh_hash.c
index 6a8d6bab03c136cf2f9198bf5014b3ab9108f4a5..9f41f1cf207a84b26a153d3c1e7eb2a67cdbaff2 100644 (file)
--- a/crypto/slh_dsa/slh_hash.c
+++ b/crypto/slh_dsa/slh_hash.c
@@ -162,7 +162,7 @@ slh_hmsg_sha2(SLH_DSA_HASH_CTX *hctx, const uint8_t *r, const uint8_t *pk_seed,
     memcpy(seed + n, pk_seed, n);
     return digest_4(hctx->md_big_ctx, r, n, pk_seed, n, pk_root, n, msg, msg_len,
                     seed + 2 * n)
-        && (PKCS1_MGF1(out, m, seed, seed_len, hctx->key->md_big) == 0);
+        && (PKCS1_MGF1(out, (long)m, seed, (long)seed_len, hctx->key->md_big) == 0);
 }
 
 static int

diff --git a/crypto/slh_dsa/slh_wots.c b/crypto/slh_dsa/slh_wots.c
index 2776cc07c419a65367b5ccdc3edea2604684f346..35288912b6383c5c6f230ff0c6ca0621c6c6f31d 100644 (file)
--- a/crypto/slh_dsa/slh_wots.c
+++ b/crypto/slh_dsa/slh_wots.c
@@ -109,13 +109,13 @@ static int slh_wots_chain(SLH_DSA_HASH_CTX *ctx, const uint8_t *in,
     if (!WPACKET_allocate_bytes(wpkt, tmp_len, &tmp))
         return 0;
 
-    set_hash_address(adrs, j++);
+    set_hash_address(adrs, (uint32_t)(j++));
     if (!F(ctx, pk_seed, adrs, in, n, tmp, tmp_len))
         return 0;
 
     end_index = start_index + steps;
     for (; j < end_index; ++j) {
-        set_hash_address(adrs, j);
+        set_hash_address(adrs, (uint32_t)j);
         if (!F(ctx, pk_seed, adrs, tmp, n, tmp, tmp_len))
             return 0;
     }
@@ -162,11 +162,11 @@ int ossl_slh_wots_pk_gen(SLH_DSA_HASH_CTX *ctx,
     adrsf->copy_keypair_address(sk_adrs, adrs);
 
     for (i = 0; i < len; ++i) { /* len = 2n + 3 */
-        set_chain_address(sk_adrs, i);
+        set_chain_address(sk_adrs, (uint32_t)i);
         if (!PRF(ctx, pk_seed, sk_seed, sk_adrs, sk, sizeof(sk)))
             goto end;
 
-        set_chain_address(adrs, i);
+        set_chain_address(adrs, (uint32_t)i);
         if (!slh_wots_chain(ctx, sk, 0, NIBBLE_MASK, pk_seed, adrs, tmp_wpkt))
             goto end;
     }
@@ -232,11 +232,11 @@ int ossl_slh_wots_sign(SLH_DSA_HASH_CTX *ctx, const uint8_t *msg,
     adrsf->copy_keypair_address(sk_adrs, adrs);
 
     for (i = 0; i < len; ++i) {
-        set_chain_address(sk_adrs, i);
+        set_chain_address(sk_adrs, (uint32_t)i);
         /* compute chain i secret */
         if (!PRF(ctx, pk_seed, sk_seed, sk_adrs, sk, sizeof(sk)))
             goto err;
-        set_chain_address(adrs, i);
+        set_chain_address(adrs, (uint32_t)i);
         /* compute chain i signature */
         if (!slh_wots_chain(ctx, sk, 0, msg_and_csum_nibbles[i],
                             pk_seed, adrs, sig_wpkt))
@@ -293,7 +293,7 @@ int ossl_slh_wots_pk_from_sig(SLH_DSA_HASH_CTX *ctx,
 
     /* Compute the end nodes for each of the chains */
     for (i = 0; i < len; ++i) {
-        set_chain_address(adrs, i);
+        set_chain_address(adrs, (uint32_t)i);
         if (!PACKET_get_bytes(sig_rpkt, &sig_i, n)
                 || !slh_wots_chain(ctx, sig_i, msg_and_csum_nibbles[i],
                                    NIBBLE_MASK - msg_and_csum_nibbles[i],

diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c
index 0e5017cff608d991e0dc446555a1e8a0b97ca9fe..92f09f3f7f58dea7b523ae9951b6bfefea82d7ce 100644 (file)
--- a/crypto/sm2/sm2_crypt.c
+++ b/crypto/sm2/sm2_crypt.c
@@ -44,7 +44,7 @@ ASN1_SEQUENCE(SM2_Ciphertext) = {
 
 IMPLEMENT_ASN1_FUNCTIONS(SM2_Ciphertext)
 
-static size_t ec_field_size(const EC_GROUP *group)
+static int ec_field_size(const EC_GROUP *group)
 {
     const BIGNUM *p = EC_GROUP_get0_field(group);
 
@@ -71,7 +71,7 @@ int ossl_sm2_plaintext_size(const unsigned char *ct, size_t ct_size,
 {
     struct SM2_Ciphertext_st *sm2_ctext = NULL;
 
-    sm2_ctext = d2i_SM2_Ciphertext(NULL, &ct, ct_size);
+    sm2_ctext = d2i_SM2_Ciphertext(NULL, &ct, (long)ct_size);
 
     if (sm2_ctext == NULL) {
         ERR_raise(ERR_LIB_SM2, SM2_R_INVALID_ENCODING);
@@ -87,19 +87,19 @@ int ossl_sm2_plaintext_size(const unsigned char *ct, size_t ct_size,
 int ossl_sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest,
                              size_t msg_len, size_t *ct_size)
 {
-    const size_t field_size = ec_field_size(EC_KEY_get0_group(key));
+    const int field_size = ec_field_size(EC_KEY_get0_group(key));
     const int md_size = EVP_MD_get_size(digest);
-    size_t sz;
+    int sz;
 
-    if (field_size == 0 || md_size <= 0)
+    if (field_size == 0 || md_size <= 0 || msg_len > INT_MAX/2)
         return 0;
 
     /* Integer and string are simple type; set constructed = 0, means primitive and definite length encoding. */
     sz = 2 * ASN1_object_size(0, field_size + 1, V_ASN1_INTEGER)
          + ASN1_object_size(0, md_size, V_ASN1_OCTET_STRING)
-         + ASN1_object_size(0, msg_len, V_ASN1_OCTET_STRING);
+         + ASN1_object_size(0, (int)msg_len, V_ASN1_OCTET_STRING);
     /* Sequence is structured type; set constructed = 1, means constructed and definite length encoding. */
-    *ct_size = ASN1_object_size(1, sz, V_ASN1_SEQUENCE);
+    *ct_size = (size_t)ASN1_object_size(1, sz, V_ASN1_SEQUENCE);
 
     return 1;
 }
@@ -127,7 +127,7 @@ int ossl_sm2_encrypt(const EC_KEY *key,
     uint8_t *msg_mask = NULL;
     uint8_t *x2y2 = NULL;
     uint8_t *C3 = NULL;
-    size_t field_size;
+    int field_size;
     const int C3_size = EVP_MD_get_size(digest);
     EVP_MD *fetched_digest = NULL;
     OSSL_LIB_CTX *libctx = ossl_ec_key_get_libctx(key);
@@ -137,6 +137,11 @@ int ossl_sm2_encrypt(const EC_KEY *key,
     ctext_struct.C2 = NULL;
     ctext_struct.C3 = NULL;
 
+    if (msg_len > INT_MAX/2) {
+        ERR_raise(ERR_LIB_SM2, ERR_R_PASSED_INVALID_ARGUMENT);
+        goto done;
+    }
+
     if (hash == NULL || C3_size <= 0) {
         ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR);
         goto done;
@@ -243,7 +248,7 @@ again:
        goto done;
     }
     if (!ASN1_OCTET_STRING_set(ctext_struct.C3, C3, C3_size)
-            || !ASN1_OCTET_STRING_set(ctext_struct.C2, msg_mask, msg_len)) {
+            || !ASN1_OCTET_STRING_set(ctext_struct.C2, msg_mask, (int)msg_len)) {
         ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR);
         goto done;
     }
@@ -287,7 +292,7 @@ int ossl_sm2_decrypt(const EC_KEY *key,
     BIGNUM *y2 = NULL;
     uint8_t *x2y2 = NULL;
     uint8_t *computed_C3 = NULL;
-    const size_t field_size = ec_field_size(group);
+    const int field_size = ec_field_size(group);
     const int hash_size = EVP_MD_get_size(digest);
     uint8_t *msg_mask = NULL;
     const uint8_t *C2 = NULL;
@@ -297,12 +302,12 @@ int ossl_sm2_decrypt(const EC_KEY *key,
     OSSL_LIB_CTX *libctx = ossl_ec_key_get_libctx(key);
     const char *propq = ossl_ec_key_get0_propq(key);
 
-    if (field_size == 0 || hash_size <= 0)
+    if (field_size == 0 || hash_size <= 0 || ciphertext_len > LONG_MAX)
        goto done;
 
     memset(ptext_buf, 0xFF, *ptext_len);
 
-    sm2_ctext = d2i_SM2_Ciphertext(NULL, &ciphertext, ciphertext_len);
+    sm2_ctext = d2i_SM2_Ciphertext(NULL, &ciphertext, (long)ciphertext_len);
 
     if (sm2_ctext == NULL) {
         ERR_raise(ERR_LIB_SM2, SM2_R_ASN1_ERROR);

diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
index 5f626d70555cab94d90fa60fc95fa74128867f69..c53fbe73d8d36d2af2396190ab8e9fe74fc5ae57 100644 (file)
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -84,11 +84,11 @@ static int t_fromb64(unsigned char *a, size_t alen, const char *src)
 
     /* Add any encoded padding that is required */
     if (padsize != 0
-            && EVP_DecodeUpdate(ctx, a, &outl, pad, padsize) < 0) {
+            && EVP_DecodeUpdate(ctx, a, &outl, pad, (int)padsize) < 0) {
         outl = -1;
         goto err;
     }
-    if (EVP_DecodeUpdate(ctx, a, &outl2, (const unsigned char *)src, size) < 0) {
+    if (EVP_DecodeUpdate(ctx, a, &outl2, (const unsigned char *)src, (int)size) < 0) {
         outl = -1;
         goto err;
     }
@@ -117,7 +117,7 @@ static int t_fromb64(unsigned char *a, size_t alen, const char *src)
          * from the encoded data as we added to the pre-encoded data.
          */
         memmove(a, a + padsize, outl - padsize);
-        outl -= padsize;
+        outl -= (int)padsize;
     }
 
  err:
@@ -135,7 +135,7 @@ static int t_tob64(char *dst, const unsigned char *src, int size)
     EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new();
     int outl = 0, outl2 = 0;
     unsigned char pad[2] = {0, 0};
-    size_t leadz = 0;
+    int leadz = 0;
 
     if (ctx == NULL)
         return 0;

diff --git a/crypto/store/store_result.c b/crypto/store/store_result.c
index 9944d353dc601028711fea557825fbb3d97a9630..70e67ad5028bce2da67f175cb9960afe7da8ae82 100644 (file)
--- a/crypto/store/store_result.c
+++ b/crypto/store/store_result.c
@@ -370,7 +370,7 @@ static EVP_PKEY *try_key_value_legacy(struct extracted_param_data_st *data,
                  * No need to check the returned value, |new_der|
                  * will be NULL on error anyway.
                  */
-                PKCS12_pbe_crypt(alg, pbuf, plen,
+                PKCS12_pbe_crypt(alg, pbuf, (int)plen,
                                  oct->data, oct->length,
                                  &new_der, &len, 0);
                 der_len = len;
@@ -500,10 +500,10 @@ static int try_cert(struct extracted_param_data_st *data, OSSL_STORE_INFO **v,
             ignore_trusted = 0;
 
         if (d2i_X509_AUX(&cert, (const unsigned char **)&data->octet_data,
-                         data->octet_data_size) == NULL
+                         (long)data->octet_data_size) == NULL
             && (!ignore_trusted
                 || d2i_X509(&cert, (const unsigned char **)&data->octet_data,
-                            data->octet_data_size) == NULL)) {
+                            (long)data->octet_data_size) == NULL)) {
             X509_free(cert);
             cert = NULL;
         }
@@ -528,7 +528,7 @@ static int try_crl(struct extracted_param_data_st *data, OSSL_STORE_INFO **v,
         X509_CRL *crl;
 
         crl = d2i_X509_CRL(NULL, (const unsigned char **)&data->octet_data,
-                           data->octet_data_size);
+                           (long)data->octet_data_size);
 
         if (crl != NULL)
             /* We determined the object type */
@@ -560,7 +560,7 @@ static int try_pkcs12(struct extracted_param_data_st *data, OSSL_STORE_INFO **v,
         PKCS12 *p12;
 
         p12 = d2i_PKCS12(NULL, (const unsigned char **)&data->octet_data,
-                         data->octet_data_size);
+                         (long)data->octet_data_size);
 
         if (p12 != NULL) {
             char *pass = NULL;
@@ -601,7 +601,7 @@ static int try_pkcs12(struct extracted_param_data_st *data, OSSL_STORE_INFO **v,
                  * we must do it for PKCS12_parse()
                  */
                 pass[tpass_len] = '\0';
-                if (!PKCS12_verify_mac(p12, pass, tpass_len)) {
+                if (!PKCS12_verify_mac(p12, pass, (int)tpass_len)) {
                     ERR_raise_data(ERR_LIB_OSSL_STORE,
                                    OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC,
                                    tpass_len == 0 ? "empty password" :

diff --git a/crypto/thread/arch/thread_win.c b/crypto/thread/arch/thread_win.c
index fc0c2147701e7bc2100e3c407df6f571badc608b..dbf52790ac7d2dae9c8d06f83abe62d4c030fdf5 100644 (file)
--- a/crypto/thread/arch/thread_win.c
+++ b/crypto/thread/arch/thread_win.c
@@ -504,7 +504,7 @@ void ossl_crypto_condvar_broadcast(CRYPTO_CONDVAR *cv_)
     cv->closed     = 1;
 
     ossl_crypto_mutex_unlock(cv->int_m);
-    ReleaseSemaphore(cv->sema, num_wake, NULL);
+    ReleaseSemaphore(cv->sema, (LONG)num_wake, NULL);
 }
 
 void ossl_crypto_condvar_signal(CRYPTO_CONDVAR *cv_)

diff --git a/crypto/trace.c b/crypto/trace.c
index fbd4bf2914018e1a74a1420be7b485355ef591e3..384a98740c043aeede4af24f00bbe54cb14fd209 100644 (file)
--- a/crypto/trace.c
+++ b/crypto/trace.c
@@ -496,7 +496,7 @@ BIO *OSSL_trace_begin(int category)
             break;
         case CALLBACK_CHANNEL:
             (void)BIO_ctrl(channel, OSSL_TRACE_CTRL_BEGIN,
-                           prefix == NULL ? 0 : strlen(prefix), prefix);
+                           prefix == NULL ? 0 : (int)strlen(prefix), prefix);
             break;
         }
     }
@@ -525,7 +525,7 @@ void OSSL_trace_end(int category, BIO *channel)
             break;
         case CALLBACK_CHANNEL:
             (void)BIO_ctrl(channel, OSSL_TRACE_CTRL_END,
-                           suffix == NULL ? 0 : strlen(suffix), suffix);
+                           suffix == NULL ? 0 : (int)strlen(suffix), suffix);
             break;
         }
         current_channel = NULL;

diff --git a/crypto/ts/ts_lib.c b/crypto/ts/ts_lib.c
index 5a99c9df17594e987298f73dbf9b7c85bee3fc76..a7788e8a99f1424a5e1af59859fc8e8b6a53da5f 100644 (file)
--- a/crypto/ts/ts_lib.c
+++ b/crypto/ts/ts_lib.c
@@ -27,7 +27,7 @@ int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num)
         return -1;
     if ((hex = BN_bn2hex(num_bn))) {
         result = BIO_write(bio, "0x", 2) > 0;
-        result = result && BIO_write(bio, hex, strlen(hex)) > 0;
+        result = result && BIO_write(bio, hex, (int)strlen(hex)) > 0;
         OPENSSL_free(hex);
     }
     BN_free(num_bn);

diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c
index 0547736aa04fca4f4ba8dc0a11d9398b7fbbb5b1..db208a15a60a0dcee2090202a71ccfec58dab4c7 100644 (file)
--- a/crypto/ts/ts_rsp_sign.c
+++ b/crypto/ts/ts_rsp_sign.c
@@ -299,7 +299,7 @@ int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx,
     }
     if (text) {
         if ((utf8_text = ASN1_UTF8STRING_new()) == NULL
-            || !ASN1_STRING_set(utf8_text, text, strlen(text))) {
+            || !ASN1_STRING_set(utf8_text, text, (int)strlen(text))) {
             ERR_raise(ERR_LIB_TS, ERR_R_ASN1_LIB);
             goto err;
         }

diff --git a/crypto/txt_db/txt_db.c b/crypto/txt_db/txt_db.c
index 25fe9bf64bf7b93291dadfbcf6772b3955a52207..8da5027f1ff5909d10968c06ecd8ae76fb81544b 100644 (file)
--- a/crypto/txt_db/txt_db.c
+++ b/crypto/txt_db/txt_db.c
@@ -64,7 +64,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num)
             break;
         if ((offset == 0) && (buf->data[0] == '#'))
             continue;
-        i = strlen(&(buf->data[offset]));
+        i = (int)strlen(&(buf->data[offset]));
         offset += i;
         if (buf->data[offset - 1] != '\n')
             continue;
@@ -201,7 +201,7 @@ long TXT_DB_write(BIO *out, TXT_DB *db)
         l = 0;
         for (j = 0; j < nn; j++) {
             if (pp[j] != NULL)
-                l += strlen(pp[j]);
+                l += (long)strlen(pp[j]);
         }
         if (!BUF_MEM_grow_clean(buf, (int)(l * 2 + nn)))
             goto err;
@@ -220,7 +220,7 @@ long TXT_DB_write(BIO *out, TXT_DB *db)
             *(p++) = '\t';
         }
         p[-1] = '\n';
-        j = p - buf->data;
+        j = (long)(p - buf->data);
         if (BIO_write(out, buf->data, (int)j) != j)
             goto err;
         tot += j;

diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c
index 0741303badffada776f2eaf2966199ebecd3fb0e..087d53d2d59b4f3b745ab829f6b491f341b3002a 100644 (file)
--- a/crypto/ui/ui_lib.c
+++ b/crypto/ui/ui_lib.c
@@ -374,9 +374,9 @@ char *UI_construct_prompt(UI *ui, const char *phrase_desc,
 
         if (phrase_desc == NULL)
             return NULL;
-        len = sizeof(prompt1) - 1 + strlen(phrase_desc);
+        len = sizeof(prompt1) - 1 + (int)strlen(phrase_desc);
         if (object_name != NULL)
-            len += sizeof(prompt2) - 1 + strlen(object_name);
+            len += sizeof(prompt2) - 1 + (int)strlen(object_name);
         len += sizeof(prompt3) - 1;
 
         if ((prompt = OPENSSL_malloc(len + 1)) == NULL)
@@ -827,7 +827,7 @@ int UI_get_result_string_length(UI_STRING *uis)
     switch (uis->type) {
     case UIT_PROMPT:
     case UIT_VERIFY:
-        return uis->result_len;
+        return (int)uis->result_len;
     case UIT_NONE:
     case UIT_BOOLEAN:
     case UIT_INFO:
@@ -884,7 +884,7 @@ int UI_get_result_maxsize(UI_STRING *uis)
 
 int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
 {
-    return UI_set_result_ex(ui, uis, result, strlen(result));
+    return UI_set_result_ex(ui, uis, result, (int)strlen(result));
 }
 
 int UI_set_result_ex(UI *ui, UI_STRING *uis, const char *result, int len)

diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
index bdcdc4555bdcfb58a38242089f87b969ccd3b708..bce97e170c604f967464f1c5ac0ee7673ae7be76 100644 (file)
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -266,7 +266,7 @@ static int get_cert_by_subject_ex(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
         BY_DIR_HASH htmp, *hent;
 
         ent = sk_BY_DIR_ENTRY_value(ctx->dirs, i);
-        j = strlen(ent->dir) + 1 + 8 + 6 + 1 + 1;
+        j = (int)strlen(ent->dir) + 1 + 8 + 6 + 1 + 1;
         if (!BUF_MEM_grow(b, j)) {
             ERR_raise(ERR_LIB_X509, ERR_R_BUF_LIB);
             goto finish;

diff --git a/crypto/x509/v3_addr.c b/crypto/x509/v3_addr.c
index ac0e1e66d9586b774e924ac92ef64ff39a2b768c..463d8f18b5d6b1de578034461b3e2725173ed8d7 100644 (file)
--- a/crypto/x509/v3_addr.c
+++ b/crypto/x509/v3_addr.c
@@ -1027,8 +1027,8 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method,
             continue;
         }
 
-        i1 = strspn(s, addr_chars);
-        i2 = i1 + strspn(s + i1, " \t");
+        i1 = (int)strspn(s, addr_chars);
+        i2 = i1 + (int)strspn(s + i1, " \t");
         delim = s[i2++];
         s[i1] = '\0';
 
@@ -1055,8 +1055,8 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method,
             }
             break;
         case '-':
-            i1 = i2 + strspn(s + i2, " \t");
-            i2 = i1 + strspn(s + i1, addr_chars);
+            i1 = i2 + (int)strspn(s + i2, " \t");
+            i2 = i1 + (int)strspn(s + i1, addr_chars);
             if (i1 == i2 || s[i2] != '\0') {
                 ERR_raise(ERR_LIB_X509V3, X509V3_R_EXTENSION_VALUE_ERROR);
                 X509V3_conf_add_error_name_value(val);

diff --git a/crypto/x509/v3_asid.c b/crypto/x509/v3_asid.c
index e08e11d587eb43ca5cce1b3f4ef44de70c2c0c4a..c099b876acb59705981ba84b9d0984a283197684 100644 (file)
--- a/crypto/x509/v3_asid.c
+++ b/crypto/x509/v3_asid.c
@@ -564,20 +564,20 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method,
         /*
          * Number, range, or mistake, pick it apart and figure out which.
          */
-        i1 = strspn(val->value, "0123456789");
+        i1 = (int)strspn(val->value, "0123456789");
         if (val->value[i1] == '\0') {
             is_range = 0;
         } else {
             is_range = 1;
-            i2 = i1 + strspn(val->value + i1, " \t");
+            i2 = i1 + (int)strspn(val->value + i1, " \t");
             if (val->value[i2] != '-') {
                 ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_ASNUMBER);
                 X509V3_conf_add_error_name_value(val);
                 goto err;
             }
             i2++;
-            i2 = i2 + strspn(val->value + i2, " \t");
-            i3 = i2 + strspn(val->value + i2, "0123456789");
+            i2 = i2 + (int)strspn(val->value + i2, " \t");
+            i3 = i2 + (int)strspn(val->value + i2, "0123456789");
             if (val->value[i3] != '\0') {
                 ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_ASRANGE);
                 X509V3_conf_add_error_name_value(val);

diff --git a/crypto/x509/v3_cpols.c b/crypto/x509/v3_cpols.c
index fcf8728937db46661940e571460d167cdec5621b..5dcbf8888d1299995565998c73db6b19b33fead6 100644 (file)
--- a/crypto/x509/v3_cpols.c
+++ b/crypto/x509/v3_cpols.c
@@ -208,7 +208,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
                 goto err;
             }
             if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
-                                 strlen(cnf->value))) {
+                                 (int)strlen(cnf->value))) {
                 ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
                 goto err;
             }
@@ -259,7 +259,7 @@ static int displaytext_get_tag_len(const char *tagstr)
 {
     char *colon = strchr(tagstr, ':');
 
-    return (colon == NULL) ? -1 : colon - tagstr;
+    return (colon == NULL) ? -1 : (int)(colon - tagstr);
 }
 
 static int displaytext_str2tag(const char *tagstr, unsigned int *tag_len)
@@ -323,7 +323,7 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
             }
             if (tag_len != 0)
                 value += tag_len + 1;
-            len = strlen(value);
+            len = (int)strlen(value);
             if (!ASN1_STRING_set(not->exptext, value, len)) {
                 ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
                 goto err;
@@ -344,7 +344,7 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
             else
                 nref->organization->type = V_ASN1_VISIBLESTRING;
             if (!ASN1_STRING_set(nref->organization, cnf->value,
-                                 strlen(cnf->value))) {
+                                 (int)strlen(cnf->value))) {
                 ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
                 goto err;
             }

diff --git a/crypto/x509/v3_ia5.c b/crypto/x509/v3_ia5.c
index 7b799358727e0cee5949208687ef31be6d4a8943..7686d9dd1b093e69c5ba7d325a3d2c62f02633ed 100644 (file)
--- a/crypto/x509/v3_ia5.c
+++ b/crypto/x509/v3_ia5.c
@@ -50,7 +50,7 @@ ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
         ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
         return NULL;
     }
-    if (!ASN1_STRING_set((ASN1_STRING *)ia5, str, strlen(str))) {
+    if (!ASN1_STRING_set((ASN1_STRING *)ia5, str, (int)strlen(str))) {
         ASN1_IA5STRING_free(ia5);
         return NULL;
     }

diff --git a/crypto/x509/v3_info.c b/crypto/x509/v3_info.c
index 7e4d9313d829040440bf52b9809b85f61c6c8795..1a1590392c3e7818f58e14f0b9106085dca9efa5 100644 (file)
--- a/crypto/x509/v3_info.c
+++ b/crypto/x509/v3_info.c
@@ -63,7 +63,8 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(
     STACK_OF(CONF_VALUE) *ret)
 {
     ACCESS_DESCRIPTION *desc;
-    int i, nlen;
+    int i;
+    size_t nlen;
     char objtmp[80], *ntmp;
     CONF_VALUE *vtmp;
     STACK_OF(CONF_VALUE) *tret = ret;

diff --git a/crypto/x509/v3_ist.c b/crypto/x509/v3_ist.c
index b7ce4bb919155ecf248d5a73d16087bea30b745e..482e99e6e76c41b512460c7b3e59978a938f580c 100644 (file)
--- a/crypto/x509/v3_ist.c
+++ b/crypto/x509/v3_ist.c
@@ -52,7 +52,7 @@ static ISSUER_SIGN_TOOL *v2i_issuer_sign_tool(X509V3_EXT_METHOD *method, X509V3_
             ist->signTool = ASN1_UTF8STRING_new();
             if (ist->signTool == NULL
                 || cnf->value == NULL
-                || !ASN1_STRING_set(ist->signTool, cnf->value, strlen(cnf->value))) {
+                || !ASN1_STRING_set(ist->signTool, cnf->value, (int)strlen(cnf->value))) {
                 ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
                 goto err;
             }
@@ -60,7 +60,7 @@ static ISSUER_SIGN_TOOL *v2i_issuer_sign_tool(X509V3_EXT_METHOD *method, X509V3_
             ist->cATool = ASN1_UTF8STRING_new();
             if (ist->cATool == NULL
                 || cnf->value == NULL
-                || !ASN1_STRING_set(ist->cATool, cnf->value, strlen(cnf->value))) {
+                || !ASN1_STRING_set(ist->cATool, cnf->value, (int)strlen(cnf->value))) {
                 ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
                 goto err;
             }
@@ -68,7 +68,7 @@ static ISSUER_SIGN_TOOL *v2i_issuer_sign_tool(X509V3_EXT_METHOD *method, X509V3_
             ist->signToolCert = ASN1_UTF8STRING_new();
             if (ist->signToolCert == NULL
                 || cnf->value == NULL
-                || !ASN1_STRING_set(ist->signToolCert, cnf->value, strlen(cnf->value))) {
+                || !ASN1_STRING_set(ist->signToolCert, cnf->value, (int)strlen(cnf->value))) {
                 ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
                 goto err;
             }
@@ -76,7 +76,7 @@ static ISSUER_SIGN_TOOL *v2i_issuer_sign_tool(X509V3_EXT_METHOD *method, X509V3_
             ist->cAToolCert = ASN1_UTF8STRING_new();
             if (ist->cAToolCert == NULL
                 || cnf->value == NULL
-                || !ASN1_STRING_set(ist->cAToolCert, cnf->value, strlen(cnf->value))) {
+                || !ASN1_STRING_set(ist->cAToolCert, cnf->value, (int)strlen(cnf->value))) {
                 ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
                 goto err;
             }

diff --git a/crypto/x509/v3_ncons.c b/crypto/x509/v3_ncons.c
index 51208ce789196b281e5e3e45cc32a6d623eebe22..73e1dbc0c82e710e06b06d19eb8bcc5b523548b2 100644 (file)
--- a/crypto/x509/v3_ncons.c
+++ b/crypto/x509/v3_ncons.c
@@ -468,7 +468,7 @@ int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc)
         if (idlen == 0)
             continue;
 
-        stmp.length = idlen;
+        stmp.length = (int)idlen;
         stmp.data = idval;
         r = nc_match(&gntmp, nc);
         OPENSSL_free(idval);
@@ -810,7 +810,7 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
     OPENSSL_free(scheme);
     OPENSSL_free(uri_copy);
 
-    hostlen = strlen(host);
+    hostlen = (int)strlen(host);
 
     /* Special case: initial '.' is RHS match */
     if (base->length > 0 && *baseptr == '.') {

diff --git a/crypto/x509/v3_pci.c b/crypto/x509/v3_pci.c
index 1549a244ac8775054e3255aba94bcfadc319f992..5bba359b4564badc899676b0828bd68b828aede3 100644 (file)
--- a/crypto/x509/v3_pci.c
+++ b/crypto/x509/v3_pci.c
@@ -194,7 +194,7 @@ static int process_pci_value(CONF_VALUE *val,
                 goto err;
             }
         } else if (CHECK_AND_SKIP_PREFIX(valp, "text:")) {
-            val_len = strlen(valp);
+            val_len = (int)strlen(valp);
             tmp_data = OPENSSL_realloc((*policy)->data,
                                        (*policy)->length + val_len + 1);
             if (tmp_data) {

diff --git a/crypto/x509/v3_san.c b/crypto/x509/v3_san.c
index bc13c088d549b822a221357679373e8df40f7246..b91bbcefc06826c601ef84448e3473ad354e9ae8 100644 (file)
--- a/crypto/x509/v3_san.c
+++ b/crypto/x509/v3_san.c
@@ -578,7 +578,7 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
     if (is_string) {
         if ((gen->d.ia5 = ASN1_IA5STRING_new()) == NULL ||
             !ASN1_STRING_set(gen->d.ia5, (unsigned char *)value,
-                             strlen(value))) {
+                             (int)strlen(value))) {
             ASN1_IA5STRING_free(gen->d.ia5);
             gen->d.ia5 = NULL;
             ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
@@ -639,7 +639,7 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
 static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx)
 {
     char *objtmp = NULL, *p;
-    int objlen;
+    size_t objlen;
 
     if ((p = strchr(value, ';')) == NULL)
         return 0;

diff --git a/crypto/x509/v3_sxnet.c b/crypto/x509/v3_sxnet.c
index 507945f82955103a572e524d40894ad357884126..d5c1f65ac767824bc4058fe06fabc55214c37e98 100644 (file)
--- a/crypto/x509/v3_sxnet.c
+++ b/crypto/x509/v3_sxnet.c
@@ -168,7 +168,7 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user,
         return 0;
     }
     if (userlen == -1)
-        userlen = strlen(user);
+        userlen = (int)strlen(user);
     if (userlen > 64) {
         ERR_raise(ERR_LIB_X509V3, X509V3_R_USER_TOO_LONG);
         return 0;

diff --git a/crypto/x509/v3_utf8.c b/crypto/x509/v3_utf8.c
index 22345c3a65eb6af5c83f5fc7040c465db740d0b7..5306f3418adae31cc04b617a6758b3315b32e9fb 100644 (file)
--- a/crypto/x509/v3_utf8.c
+++ b/crypto/x509/v3_utf8.c
@@ -54,7 +54,7 @@ ASN1_UTF8STRING *s2i_ASN1_UTF8STRING(X509V3_EXT_METHOD *method,
         ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
         return NULL;
     }
-    if (!ASN1_STRING_set((ASN1_STRING *)utf8, str, strlen(str))) {
+    if (!ASN1_STRING_set((ASN1_STRING *)utf8, str, (int)strlen(str))) {
         ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
         ASN1_UTF8STRING_free(utf8);
         return NULL;

diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.c
index 60aa31a7c7587c0e30c42ee331746405607b1579..2cbce26f5e8668a46dbf18da7f985613b62ef200 100644 (file)
--- a/crypto/x509/v3_utl.c
+++ b/crypto/x509/v3_utl.c
@@ -431,7 +431,8 @@ static char *strip_spaces(char *name)
 
 int ossl_v3_name_cmp(const char *name, const char *cmp)
 {
-    int len, ret;
+    size_t len;
+    int ret;
     char c;
 
     len = strlen(cmp);

diff --git a/crypto/x509/x509_acert.c b/crypto/x509/x509_acert.c
index d97648ca0c4ac4b0d0ecb5d6a7d92d15bc5085fa..26ff0164f2220a195057e7b8c0befec1fb4c792a 100644 (file)
--- a/crypto/x509/x509_acert.c
+++ b/crypto/x509/x509_acert.c
@@ -301,7 +301,7 @@ int X509_ACERT_add_attr_nconf(CONF *conf, const char *section,
             ret = X509_ACERT_add1_attr_by_txt(acert, v->name,
                                               V_ASN1_OCTET_STRING,
                                               (unsigned char *)value,
-                                              strlen(value));
+                                              (int)strlen(value));
             if (!ret)
                 goto err;
         }

diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c
index a55ee1a73e231c30b896a63b59caaa7dd90da202..76aabc9f3c563a05a3db1e93c57f7548a4016d51 100644 (file)
--- a/crypto/x509/x509_obj.c
+++ b/crypto/x509/x509_obj.c
@@ -67,7 +67,7 @@ char *X509_NAME_oneline(const X509_NAME *a, char *buf, int len)
             i2t_ASN1_OBJECT(tmp_buf, sizeof(tmp_buf), ne->object);
             s = tmp_buf;
         }
-        l1 = strlen(s);
+        l1 = (int)strlen(s);
 
         type = ne->value->type;
         num = ne->value->length;

diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index 6f1cfd9320ee95486d258b4cae515944e7dc535d..ed5e8ee76de193dda1bc1faf62c68c1026d4cfdb 100644 (file)
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -462,7 +462,7 @@ char *X509_VERIFY_PARAM_get1_ip_asc(X509_VERIFY_PARAM *param)
     size_t iplen;
     unsigned char *ip = int_X509_VERIFY_PARAM_get0_ip(param, &iplen);
 
-    return ip == NULL ? NULL : ossl_ipaddr_to_asc(ip, iplen);
+    return ip == NULL ? NULL : ossl_ipaddr_to_asc(ip, (int)iplen);
 }
 
 int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,

diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c
index 75ff07d899da3dc78894bd4ea6ac0424d35ac4a5..a255067d10bd7e13bdb1e7174a790febfc9b75d2 100644 (file)
--- a/crypto/x509/x509name.c
+++ b/crypto/x509/x509name.c
@@ -326,7 +326,7 @@ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
                                       len, type,
                                       OBJ_obj2nid(ne->object)) ? 1 : 0;
     if (len < 0)
-        len = strlen((const char *)bytes);
+        len = (int)strlen((const char *)bytes);
     i = ASN1_STRING_set(ne->value, bytes, len);
     if (!i)
         return 0;

diff --git a/crypto/x509/x509spki.c b/crypto/x509/x509spki.c
index 142eeb79bd5d945841200ded5ceaff67f23c5bb1..d8f1e95a6c79d18ad3799d4371c18cf2d4e12cfa 100644 (file)
--- a/crypto/x509/x509spki.c
+++ b/crypto/x509/x509spki.c
@@ -34,7 +34,7 @@ NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len)
     int spki_len;
     NETSCAPE_SPKI *spki;
     if (len <= 0)
-        len = strlen(str);
+        len = (int)strlen(str);
     if ((spki_der = OPENSSL_malloc(len + 1)) == NULL)
         return NULL;
     spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len);

diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c
index bcb480f58fd9d02d012f74815dce6508446587c4..87dd7430069c93801ce5739c97ffe75c8d6fee2e 100644 (file)
--- a/crypto/x509/x_name.c
+++ b/crypto/x509/x_name.c
@@ -225,7 +225,7 @@ static int x509_name_ex_i2d(const ASN1_VALUE **val, unsigned char **out,
         if (!ret)
             return -1;
     }
-    ret = a->bytes->length;
+    ret = (int)a->bytes->length;
     if (out != NULL) {
         memcpy(*out, a->bytes->data, ret);
         *out += ret;
@@ -462,7 +462,7 @@ static int asn1_string_canon(ASN1_STRING *out, const ASN1_STRING *in)
         }
     }
 
-    out->length = to - out->data;
+    out->length = (int)(to - out->data);
 
     return 1;
 
@@ -521,7 +521,7 @@ int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase)
                                 (ossl_isupper(s[2]) && (s[3] == '='))
               ))) || (*s == '\0'))
         {
-            i = s - c;
+            i = (int)(s - c);
             if (BIO_write(bp, c, i) != i)
                 goto err;
             c = s + 1;          /* skip following slash */

diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c
index 53639b2bfabac9764ba5a16a5a81d00919e4fca4..0c71129ade4af75bdbf58a2f41493cc5f83df5eb 100644 (file)
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@@ -579,7 +579,7 @@ int i2d_PUBKEY(const EVP_PKEY *a, unsigned char **pp)
             && out != NULL
             && OSSL_ENCODER_to_bio(ctx, out)
             && BIO_get_mem_ptr(out, &buf) > 0) {
-            ret = buf->length;
+            ret = (int)buf->length;
 
             if (pp != NULL) {
                 if (*pp == NULL) {

diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c
index 75c5c9223acce8127bcb90230dd7da9565ffae6b..1850c3d51f0c55b20f679dc529e1e1fe5e6a9d83 100644 (file)
--- a/crypto/x509/x_x509.c
+++ b/crypto/x509/x_x509.c
@@ -203,7 +203,7 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
     if (ret == NULL)
         return NULL;
     /* update length */
-    length -= q - *pp;
+    length -= (long)(q - *pp);
     if (length > 0 && !d2i_X509_CERT_AUX(&ret->aux, &q, length))
         goto err;
     *pp = q;

diff --git a/include/crypto/bn.h b/include/crypto/bn.h
index 7377963900374db7937c1251797909248a7316a5..2acdeacfe899e5d2843f4c2cb5b161dd21e8f76b 100644 (file)
--- a/include/crypto/bn.h
+++ b/include/crypto/bn.h
@@ -140,7 +140,7 @@ int s390x_crt(BIGNUM *r, const BIGNUM *i, const BIGNUM *p, const BIGNUM *q,
 #endif
 
 int ossl_bn_mont_ctx_set(BN_MONT_CTX *ctx, const BIGNUM *modulus, int ri,
-                         const unsigned char *rr, size_t rrlen,
+                         const unsigned char *rr, int rrlen,
                          uint32_t nlo, uint32_t nhi);
 
 int ossl_bn_mont_ctx_eq(const BN_MONT_CTX *m1, const BN_MONT_CTX *m2);

diff --git a/include/internal/hashtable.h b/include/internal/hashtable.h
index ccbc470db7228034b2da812971dc162e5983e57b..9c0214eeb0c655b238533991fdcad3a901dc859c 100644 (file)
--- a/include/internal/hashtable.h
+++ b/include/internal/hashtable.h
@@ -153,7 +153,7 @@ memset((key), 0, sizeof(*(key))); \
 
 /* Same as HT_SET_KEY_STRING_CASE but also takes length of the string. */
 #define HT_SET_KEY_STRING_CASE_N(key, member, value, len) do { \
-    if (len < sizeof((key)->keyfields.member)) \
+    if ((size_t)len < sizeof((key)->keyfields.member)) \
         ossl_ht_strcase((key)->keyfields.member, value, len); \
     else \
         ossl_ht_strcase((key)->keyfields.member, value, sizeof((key)->keyfields.member) - 1); \

diff --git a/include/internal/namemap.h b/include/internal/namemap.h
index a3a3414869ae464fc4464e30f7cfbba1b9e55149..eb0c0aa8299fd9346a6eac029f596a551fd84acf 100644 (file)
--- a/include/internal/namemap.h
+++ b/include/internal/namemap.h
@@ -28,7 +28,7 @@ int ossl_namemap_name2num(const OSSL_NAMEMAP *namemap, const char *name);
 int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap,
                             const char *name, size_t name_len);
 const char *ossl_namemap_num2name(const OSSL_NAMEMAP *namemap, int number,
-                                  size_t idx);
+                                  int idx);
 int ossl_namemap_doall_names(const OSSL_NAMEMAP *namemap, int number,
                              void (*fn)(const char *name, void *data),
                              void *data);

diff --git a/include/internal/quic_vlint.h b/include/internal/quic_vlint.h
index d4b70b229c32303f3a0ba569b10ef6c48f1e9ce0..5b6d21a4d11f9a1218a6d3cd1d626404c93fcc9e 100644 (file)
--- a/include/internal/quic_vlint.h
+++ b/include/internal/quic_vlint.h
@@ -96,7 +96,7 @@ void ossl_quic_vlint_encode_n(unsigned char *buf, uint64_t v, int n);
  */
 static ossl_unused ossl_inline size_t ossl_quic_vlint_decode_len(uint8_t first_byte)
 {
-    return 1U << ((first_byte & 0xC0) >> 6);
+    return (size_t)(1U << ((first_byte & 0xC0) >> 6));
 }
 
 /*

diff --git a/include/internal/tsan_assist.h b/include/internal/tsan_assist.h
index a840df0b24ceb30acb46840a960e56658376bc1b..3b0fab909c6cee7050fb8bb3f95d1c884e04eed2 100644 (file)
--- a/include/internal/tsan_assist.h
+++ b/include/internal/tsan_assist.h
@@ -100,10 +100,10 @@
 #    define _InterlockedExchangeAdd64 _InterlockedExchangeAdd64_nf
 #    pragma intrinsic(_InterlockedExchangeAdd64_nf)
 #    pragma intrinsic(__iso_volatile_load64, __iso_volatile_store64)
-#    define tsan_load(ptr) (sizeof(*(ptr)) == 8 ? __iso_volatile_load64(ptr) \
-                                               : __iso_volatile_load32(ptr))
-#    define tsan_store(ptr, val) (sizeof(*(ptr)) == 8 ? __iso_volatile_store64((ptr), (val)) \
-                                                     : __iso_volatile_store32((ptr), (val)))
+#    define tsan_load(ptr) (sizeof(*(ptr)) == 8 ? __iso_volatile_load64((void *)(ptr)) \
+                                               : __iso_volatile_load32((void *)(ptr)))
+#    define tsan_store(ptr, val) (sizeof(*(ptr)) == 8 ? __iso_volatile_store64(((void *)(ptr)), (val)) \
+                                                     : __iso_volatile_store32((void *)(ptr), (val)))
 #   else
 #    define tsan_load(ptr) __iso_volatile_load32(ptr)
 #    define tsan_store(ptr, val) __iso_volatile_store32((ptr), (val))
@@ -115,8 +115,8 @@
 #  pragma intrinsic(_InterlockedExchangeAdd)
 #  ifdef _WIN64
 #   pragma intrinsic(_InterlockedExchangeAdd64)
-#   define tsan_add(ptr, n) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), (n)) \
-                                                : _InterlockedExchangeAdd((ptr), (n)))
+#   define tsan_add(ptr, n) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((void *)(ptr), (n)) \
+                                                : _InterlockedExchangeAdd((void *)(ptr), (n)))
 #  else
 #   define tsan_add(ptr, n) _InterlockedExchangeAdd((ptr), (n))
 #  endif

diff --git a/ms/uplink.c b/ms/uplink.c
index 48f31838fc78f33fd319404f933ce17729fd5cf5..caf1f71f5827bd12ff7580745d52e4795cbb93f6 100644 (file)
--- a/ms/uplink.c
+++ b/ms/uplink.c
@@ -20,6 +20,7 @@
 #include <windows.h>
 #include <tchar.h>
 #include <stdio.h>
+#include <stddef.h>
 #include "uplink.h"
 void OPENSSL_showfatal(const char *, ...);
 
@@ -89,7 +90,7 @@ void OPENSSL_Uplink(volatile void **table, int index)
         } else
             p = applinktable;
 
-        if (index > (int)p[0])
+        if (index > (intptr_t)p[0])
             break;
 
         if (p[index])