Fix warnings about casts in ECH code

author Tomas Mraz <tomas@openssl.org>

Thu, 18 Sep 2025 15:13:28 +0000 (17:13 +0200)

committer Tomas Mraz <tomas@openssl.org>

Wed, 1 Oct 2025 15:41:57 +0000 (17:41 +0200)
author Tomas Mraz <tomas@openssl.org>
Thu, 18 Sep 2025 15:13:28 +0000 (17:13 +0200)
committer Tomas Mraz <tomas@openssl.org>
Wed, 1 Oct 2025 15:41:57 +0000 (17:41 +0200)
diff --git a/apps/s_client.c b/apps/s_client.c

index bf67469fe0c35da9fbacd365e9eb00d615c628ac..095b25f7d24b8c57d798ecceff6fae4aa5b9f25b 100644 (file)
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -3441,8 +3441,9 @@ static void print_ech_retry_configs(BIO *bio, SSL *s)
       * print nicely, note that any non-supported versions
       * sent by server will have been filtered out by now
       */
-    if ((biom = BIO_new(BIO_s_mem())) == NULL
-        || BIO_write(biom, rtval, rtlen) <= 0
+    if (rtlen > INT_MAX
+        || (biom = BIO_new(BIO_s_mem())) == NULL
+        || BIO_write(biom, rtval, (int)rtlen) <= 0
          || (es = OSSL_ECHSTORE_new(NULL, NULL)) == NULL
          || OSSL_ECHSTORE_read_echconfiglist(es, biom) != 1) {
          BIO_printf(bio, "ECH: Error loading retry-configs\n");
diff --git a/ssl/ech/ech_internal.c b/ssl/ech/ech_internal.c

index 7fdcf3c5c75b52d9743ebe5fe3aac10affcbe516..89fc63d19b0835edcb1ee9478724c44935726576 100644 (file)
--- a/ssl/ech/ech_internal.c
+++ b/ssl/ech/ech_internal.c
@@ -40,7 +40,7 @@ void ossl_ech_pbuf(const char *msg, const unsigned char *buf, const size_t blen)
              BIO_printf(trc_out, "%s: blen is %lu\n", msg, (unsigned long)blen);
          } else {
              BIO_printf(trc_out, "%s (%lu)\n", msg, (unsigned long)blen);
-            BIO_dump_indent(trc_out, buf, blen, 4);
+            BIO_dump_indent(trc_out, buf, (int)blen, 4);
          }
      } OSSL_TRACE_END(TLS);
      return;
@@ -373,7 +373,8 @@ int ossl_ech_pick_matching_cfg(SSL_CONNECTION *s, OSSL_ECHSTORE_ENTRY **ee,
                                 OSSL_HPKE_SUITE *suite)
  {
      int namematch = 0, nameoverride = 0, suitematch = 0, num, cind = 0;
-    unsigned int csuite = 0, tsuite = 0, hnlen = 0;
+    unsigned int csuite = 0, tsuite = 0;
+    size_t hnlen = 0;
      OSSL_ECHSTORE_ENTRY *lee = NULL, *tee = NULL;
      OSSL_ECHSTORE *es = NULL;
      char *hn = NULL;
@@ -620,8 +621,8 @@ int ossl_ech_reset_hs_buffer(SSL_CONNECTION *s, const unsigned char *buf,
  size_t ossl_ech_calc_padding(SSL_CONNECTION *s, OSSL_ECHSTORE_ENTRY *ee,
                               size_t encoded_len)
  {
-    int length_of_padding = 0, length_with_snipadding = 0;
-    int innersnipadding = 0, length_with_padding = 0;
+    size_t length_of_padding = 0, length_with_snipadding = 0;
+    size_t innersnipadding = 0, length_with_padding = 0;
      size_t mnl = 0, isnilen = 0;
  
      if (s == NULL || ee == NULL)
@@ -653,12 +654,12 @@ size_t ossl_ech_calc_padding(SSL_CONNECTION *s, OSSL_ECHSTORE_ENTRY *ee,
      while (length_with_padding < OSSL_ECH_PADDING_TARGET)
          length_with_padding += OSSL_ECH_PADDING_INCREMENT;
      OSSL_TRACE_BEGIN(TLS) {
-        BIO_printf(trc_out, "EAAE: padding: mnl: %zu, lws: %d "
-                   "lop: %d, clear_len (len with padding): %d, orig: %zu\n",
+        BIO_printf(trc_out, "EAAE: padding: mnl: %zu, lws: %zu "
+                   "lop: %zu, clear_len (len with padding): %zu, orig: %zu\n",
                     mnl, length_with_snipadding, length_of_padding,
                     length_with_padding, encoded_len);
      } OSSL_TRACE_END(TLS);
-    return (size_t)length_with_padding;
+    return length_with_padding;
  }
  
  /*
@@ -955,7 +956,7 @@ static int ech_hkdf_extract_wrap(SSL_CONNECTION *s, EVP_MD *md, int for_hrr,
      ossl_ech_pbuf("cc: client_random", p, SSL3_RANDOM_SIZE);
  # endif
      if (EVP_PKEY_CTX_set1_hkdf_key(pctx, p, SSL3_RANDOM_SIZE) != 1
-        || EVP_PKEY_CTX_set1_hkdf_salt(pctx, zeros, hashlen) != 1
+        || EVP_PKEY_CTX_set1_hkdf_salt(pctx, zeros, (int)hashlen) != 1
          || EVP_PKEY_derive(pctx, NULL, &retlen) != 1
          || hashlen != retlen
          || EVP_PKEY_derive(pctx, notsecret, &retlen) != 1) {
diff --git a/ssl/ech/ech_local.h b/ssl/ech/ech_local.h

index 7dcd553de983c29fa4e6d2369ade8d2b576cc51e..9928d1a2844d410814315da664247b1c38bb8f01 100644 (file)
--- a/ssl/ech/ech_local.h
+++ b/ssl/ech/ech_local.h
@@ -335,7 +335,7 @@ int ossl_ech_calc_confirm(SSL_CONNECTION *s, int for_hrr,
  /* these are internal but located in ssl/statem/extensions.c */
  int ossl_ech_same_ext(SSL_CONNECTION *s, WPACKET *pkt);
  int ossl_ech_same_key_share(void);
-int ossl_ech_2bcompressed(int ind);
+int ossl_ech_2bcompressed(size_t ind);
  int ossl_ech_copy_inner2outer(SSL_CONNECTION *s, uint16_t ext_type, int ind,
                                WPACKET *pkt);
  
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c

index bb225decd3774eca3ca56801cdb3897cb9c7150a..6bdc1e1a8d58abbc019d43e2982530fac94678c0 100644 (file)
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -602,9 +602,9 @@ int ossl_ech_same_key_share(void)
   * say if extension at index |ind| in ext_defs is to be ECH compressed
   * return 1 if this one is to be compressed, 0 if not, -1 for error
   */
-int ossl_ech_2bcompressed(int ind)
+int ossl_ech_2bcompressed(size_t ind)
  {
-    const int nexts = OSSL_NELEM(ext_defs);
+    const size_t nexts = OSSL_NELEM(ext_defs);
  
  # ifdef DUPEMALL
      return 0;
@@ -1146,7 +1146,7 @@ int tls_construct_extensions(SSL_CONNECTION *s, WPACKET *pkt,
              if (ossl_ech_2bcompressed(i) == pass)
                  continue;
              /* stash index - needed for COMPRESS ECH handling */
-            s->ext.ech.ext_ind = i;
+            s->ext.ech.ext_ind = (int)i;
  #endif
              /* Skip if not relevant for our context */
              if (!should_add_extension(s, thisexd->context, context, max_version))
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c

index 461463efa2a5ea71ee85aaa6e3ef021513109bac..98fa3e4b59b2e5ce6e1ff0f7fa11fdf2f5a42a27 100644 (file)
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -2701,7 +2701,7 @@ err:
  int tls_parse_stoc_ech(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
                         X509 *x, size_t chainidx)
  {
-    unsigned int rlen = 0;
+    size_t rlen = 0;
      const unsigned char *rval = NULL;
      unsigned char *srval = NULL;
      PACKET rcfgs_pkt;
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c

index 6ad2056e128c69f353f8fa4eb47231120f0ee123..9e4f212a37e4061b60c0befb2f48a902e799767a 100644 (file)
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -533,7 +533,7 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which)
                      SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
                      goto err;
                  }
-                handlen = s->ext.ech.innerch_len;
+                handlen = (long)s->ext.ech.innerch_len;
                  hdata = s->ext.ech.innerch;
              } else
  #endif
diff --git a/test/ech_test.c b/test/ech_test.c

index 2f3cddc27b1a7fc7f220d816bb51a8ed00e9c1a8..07fd9bddf495b1ccd229244ba28e390b354bbd17 100644 (file)
--- a/test/ech_test.c
+++ b/test/ech_test.c
@@ -833,7 +833,7 @@ static int ech_ingest_test(int run)
      char *pn = NULL, *ec = NULL;
  
      if ((in = BIO_new(BIO_s_mem())) == NULL
-        || BIO_write(in, tv->tv, tv->len) <= 0
+        || BIO_write(in, tv->tv, (int)tv->len) <= 0
          || (out = BIO_new(BIO_s_mem())) == NULL
          || (es = OSSL_ECHSTORE_new(NULL, NULL)) == NULL)
          goto end;
author	Tomas Mraz <tomas@openssl.org>
	Thu, 18 Sep 2025 15:13:28 +0000 (17:13 +0200)
committer	Tomas Mraz <tomas@openssl.org>
	Wed, 1 Oct 2025 15:41:57 +0000 (17:41 +0200)
apps/s_client.c		patch \| blob \| blame \| history
ssl/ech/ech_internal.c		patch \| blob \| blame \| history
ssl/ech/ech_local.h		patch \| blob \| blame \| history
ssl/statem/extensions.c		patch \| blob \| blame \| history
ssl/statem/extensions_clnt.c		patch \| blob \| blame \| history
ssl/tls13_enc.c		patch \| blob \| blame \| history
test/ech_test.c		patch \| blob \| blame \| history