From: Tomas Mraz Date: Wed, 11 Jun 2025 11:47:38 +0000 (+0200) Subject: providers: Silence warnings on Win64 builds X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6f9683d651905816f0ecf73e0a0045ddf25c4d3a;p=thirdparty%2Fopenssl.git providers: Silence warnings on Win64 builds Reviewed-by: Saša Nedvědický Reviewed-by: Neil Horman (Merged from https://github.com/openssl/openssl/pull/27806) --- diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c index 35ecb43598e..1958c6fc3a9 100644 --- a/providers/fips/self_test_kats.c +++ b/providers/fips/self_test_kats.c @@ -82,13 +82,13 @@ static int cipher_init(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, in_tag = (unsigned char *)t->tag; return EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc) - && (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, t->iv_len, NULL) > 0) + && (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, (int)t->iv_len, NULL) > 0) && (in_tag == NULL - || EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, t->tag_len, + || EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, (int)t->tag_len, in_tag) > 0) && EVP_CipherInit_ex(ctx, NULL, NULL, t->key, t->iv, enc) && EVP_CIPHER_CTX_set_padding(ctx, pad) - && EVP_CipherUpdate(ctx, NULL, &tmp, t->aad, t->aad_len); + && EVP_CipherUpdate(ctx, NULL, &tmp, t->aad, (int)t->aad_len); } /* Test a single KAT for encrypt/decrypt */ @@ -114,7 +114,7 @@ static int self_test_cipher(const ST_KAT_CIPHER *t, OSSL_SELF_TEST *st, if ((t->mode & CIPHER_MODE_ENCRYPT) != 0) { if (!cipher_init(ctx, cipher, t, encrypt) || !EVP_CipherUpdate(ctx, ct_buf, &len, t->base.pt, - t->base.pt_len) + (int)t->base.pt_len) || !EVP_CipherFinal_ex(ctx, ct_buf + len, &ct_len)) goto err; @@ -127,7 +127,7 @@ static int self_test_cipher(const ST_KAT_CIPHER *t, OSSL_SELF_TEST *st, if (t->tag != NULL) { unsigned char tag[16] = { 0 }; - if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, t->tag_len, + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, (int)t->tag_len, tag) <= 0 || memcmp(tag, t->tag, t->tag_len) != 0) goto err; @@ -138,7 +138,7 @@ static int self_test_cipher(const ST_KAT_CIPHER *t, OSSL_SELF_TEST *st, if ((t->mode & CIPHER_MODE_DECRYPT) != 0) { if (!(cipher_init(ctx, cipher, t, !encrypt) && EVP_CipherUpdate(ctx, pt_buf, &len, - t->base.expected, t->base.expected_len) + t->base.expected, (int)t->base.expected_len) && EVP_CipherFinal_ex(ctx, pt_buf + len, &pt_len))) goto err; OSSL_SELF_TEST_oncorrupt_byte(st, pt_buf); @@ -170,7 +170,7 @@ static int add_params(OSSL_PARAM_BLD *bld, const ST_KAT_PARAM *params, BIGNUM *bn = BN_CTX_get(ctx); if (bn == NULL - || (BN_bin2bn(p->data, p->data_len, bn) == NULL) + || (BN_bin2bn(p->data, (int)p->data_len, bn) == NULL) || !OSSL_PARAM_BLD_push_BN(bld, p->name, bn)) goto err; break; diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c index 6ee127caff8..4bc5953b384 100644 --- a/providers/implementations/asymciphers/rsa_enc.c +++ b/providers/implementations/asymciphers/rsa_enc.c @@ -195,9 +195,9 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, } ret = ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(prsactx->libctx, tbuf, - rsasize, in, inlen, + rsasize, in, (int)inlen, prsactx->oaep_label, - prsactx->oaep_labellen, + (int)prsactx->oaep_labellen, prsactx->oaep_md, prsactx->mgf1_md); @@ -209,7 +209,7 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, RSA_NO_PADDING); OPENSSL_free(tbuf); } else { - ret = RSA_public_encrypt(inlen, in, out, prsactx->rsa, + ret = RSA_public_encrypt((int)inlen, in, out, prsactx->rsa, prsactx->pad_mode); } /* A ret value of 0 is not an error */ @@ -261,7 +261,7 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen, if ((tbuf = OPENSSL_malloc(len)) == NULL) return 0; - ret = RSA_private_decrypt(inlen, in, tbuf, prsactx->rsa, + ret = RSA_private_decrypt((int)inlen, in, tbuf, prsactx->rsa, RSA_NO_PADDING); /* * With no padding then, on success ret should be len, otherwise an @@ -281,10 +281,10 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen, return 0; } } - ret = RSA_padding_check_PKCS1_OAEP_mgf1(out, outsize, tbuf, - len, len, + ret = RSA_padding_check_PKCS1_OAEP_mgf1(out, (int)outsize, tbuf, + (int)len, (int)len, prsactx->oaep_label, - prsactx->oaep_labellen, + (int)prsactx->oaep_labellen, prsactx->oaep_md, prsactx->mgf1_md); } else { @@ -305,7 +305,7 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen, pad_mode = RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING; else pad_mode = prsactx->pad_mode; - ret = RSA_private_decrypt(inlen, in, out, prsactx->rsa, pad_mode); + ret = RSA_private_decrypt((int)inlen, in, out, prsactx->rsa, pad_mode); } *outlen = constant_time_select_s(constant_time_msb_s(ret), *outlen, ret); ret = constant_time_select_int(constant_time_msb(ret), 0, 1); diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c index d6e269b217e..5a4789adf96 100644 --- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c +++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c @@ -173,11 +173,11 @@ static int aes_set_ctx_params(void *vctx, const OSSL_PARAM params[]) p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD); if (p != NULL) { - if (p->data_type != OSSL_PARAM_OCTET_STRING) { + if (p->data_type != OSSL_PARAM_OCTET_STRING || p->data_size > INT_MAX) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return 0; } - if (hw->set_tls1_aad(ctx, p->data, p->data_size) <= 0) + if (hw->set_tls1_aad(ctx, p->data, (int)p->data_size) <= 0) return 0; } diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c index 76674d53043..eabd143b926 100644 --- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c +++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c @@ -50,9 +50,9 @@ static int aesni_cbc_hmac_sha1_init_key(PROV_CIPHER_CTX *vctx, PROV_AES_HMAC_SHA1_CTX *sctx = (PROV_AES_HMAC_SHA1_CTX *)vctx; if (ctx->base.enc) - ret = aesni_set_encrypt_key(key, keylen * 8, &ctx->ks); + ret = aesni_set_encrypt_key(key, (int)(keylen * 8), &ctx->ks); else - ret = aesni_set_decrypt_key(key, keylen * 8, &ctx->ks); + ret = aesni_set_decrypt_key(key, (int)(keylen * 8), &ctx->ks); SHA1_Init(&sctx->head); /* handy when benchmarking */ sctx->tail = sctx->head; @@ -87,8 +87,8 @@ static void sha1_update(SHA_CTX *c, const void *data, size_t len) sha1_block_data_order(c, ptr, len / SHA_CBLOCK); ptr += len; - c->Nh += len >> 29; - c->Nl += len <<= 3; + c->Nh += (unsigned int)(len >> 29); + c->Nl += (unsigned int)(len <<= 3); if (c->Nl < (unsigned int)len) c->Nh++; } @@ -405,8 +405,8 @@ static int aesni_cbc_hmac_sha1_cipher(PROV_CIPHER_CTX *vctx, blocks *= SHA_CBLOCK; aes_off += blocks; sha_off += blocks; - sctx->md.Nh += blocks >> 29; - sctx->md.Nl += blocks <<= 3; + sctx->md.Nh += (unsigned int)(blocks >> 29); + sctx->md.Nl += (unsigned int)(blocks <<= 3); if (sctx->md.Nl < (unsigned int)blocks) sctx->md.Nh++; } else { @@ -427,7 +427,7 @@ static int aesni_cbc_hmac_sha1_cipher(PROV_CIPHER_CTX *vctx, /* pad the payload|hmac */ plen += SHA_DIGEST_LENGTH; - for (l = len - plen - 1; plen < len; plen++) + for (l = (unsigned int)(len - plen - 1); plen < len; plen++) out[plen] = l; /* encrypt HMAC|padding at once */ aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off, @@ -473,7 +473,7 @@ static int aesni_cbc_hmac_sha1_cipher(PROV_CIPHER_CTX *vctx, /* figure out payload length */ pad = out[len - 1]; - maxpad = len - (SHA_DIGEST_LENGTH + 1); + maxpad = (unsigned int)(len - (SHA_DIGEST_LENGTH + 1)); maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8); maxpad &= 255; @@ -485,12 +485,12 @@ static int aesni_cbc_hmac_sha1_cipher(PROV_CIPHER_CTX *vctx, * we'll use the maxpad value instead of the supplied pad to make * sure we perform well defined pointer arithmetic. */ - pad = constant_time_select(mask, pad, maxpad); + pad = constant_time_select((unsigned int)mask, pad, maxpad); inp_len = len - (SHA_DIGEST_LENGTH + pad + 1); - ctx->aux.tls_aad[plen - 2] = inp_len >> 8; - ctx->aux.tls_aad[plen - 1] = inp_len; + ctx->aux.tls_aad[plen - 2] = (unsigned char)(inp_len >> 8); + ctx->aux.tls_aad[plen - 1] = (unsigned char)inp_len; /* calculate HMAC */ sctx->md = sctx->head; @@ -508,7 +508,7 @@ static int aesni_cbc_hmac_sha1_cipher(PROV_CIPHER_CTX *vctx, } /* but pretend as if we hashed padded payload */ - bitlen = sctx->md.Nl + (inp_len << 3); /* at most 18 bits */ + bitlen = sctx->md.Nl + (unsigned int)(inp_len << 3); /* at most 18 bits */ # ifdef BSWAP4 bitlen = BSWAP4(bitlen); # else @@ -732,7 +732,7 @@ static int aesni_cbc_hmac_sha1_tls1_multiblock_aad( if (inp_len >= 8192 && OPENSSL_ia32cap_P[2] & (1 << 5)) n4x = 2; /* AVX2 */ } else if ((n4x = param->interleave / 4) && n4x <= 2) - inp_len = param->len; + inp_len = (unsigned int)param->len; else return -1; diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c index f5b2f8b6da3..bc38af9302b 100644 --- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c +++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c @@ -52,9 +52,9 @@ static int aesni_cbc_hmac_sha256_init_key(PROV_CIPHER_CTX *vctx, PROV_AES_HMAC_SHA256_CTX *sctx = (PROV_AES_HMAC_SHA256_CTX *)vctx; if (ctx->base.enc) - ret = aesni_set_encrypt_key(key, ctx->base.keylen * 8, &ctx->ks); + ret = aesni_set_encrypt_key(key, (int)(ctx->base.keylen * 8), &ctx->ks); else - ret = aesni_set_decrypt_key(key, ctx->base.keylen * 8, &ctx->ks); + ret = aesni_set_decrypt_key(key, (int)(ctx->base.keylen * 8), &ctx->ks); SHA256_Init(&sctx->head); /* handy when benchmarking */ sctx->tail = sctx->head; @@ -91,8 +91,8 @@ static void sha256_update(SHA256_CTX *c, const void *data, size_t len) sha256_block_data_order(c, ptr, len / SHA256_CBLOCK); ptr += len; - c->Nh += len >> 29; - c->Nl += len <<= 3; + c->Nh += (unsigned int)(len >> 29); + c->Nl += (unsigned int)(len <<= 3); if (c->Nl < (unsigned int)len) c->Nh++; } @@ -443,8 +443,8 @@ static int aesni_cbc_hmac_sha256_cipher(PROV_CIPHER_CTX *vctx, blocks *= SHA256_CBLOCK; aes_off += blocks; sha_off += blocks; - sctx->md.Nh += blocks >> 29; - sctx->md.Nl += blocks <<= 3; + sctx->md.Nh += (unsigned int)(blocks >> 29); + sctx->md.Nl += (unsigned int)(blocks <<= 3); if (sctx->md.Nl < (unsigned int)blocks) sctx->md.Nh++; } else { @@ -465,7 +465,7 @@ static int aesni_cbc_hmac_sha256_cipher(PROV_CIPHER_CTX *vctx, /* pad the payload|hmac */ plen += SHA256_DIGEST_LENGTH; - for (l = len - plen - 1; plen < len; plen++) + for (l = (unsigned int)(len - plen - 1); plen < len; plen++) out[plen] = l; /* encrypt HMAC|padding at once */ aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off, @@ -509,7 +509,7 @@ static int aesni_cbc_hmac_sha256_cipher(PROV_CIPHER_CTX *vctx, /* figure out payload length */ pad = out[len - 1]; - maxpad = len - (SHA256_DIGEST_LENGTH + 1); + maxpad = (unsigned int)(len - (SHA256_DIGEST_LENGTH + 1)); maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8); maxpad &= 255; @@ -521,12 +521,12 @@ static int aesni_cbc_hmac_sha256_cipher(PROV_CIPHER_CTX *vctx, * we'll use the maxpad value instead of the supplied pad to make * sure we perform well defined pointer arithmetic. */ - pad = constant_time_select(mask, pad, maxpad); + pad = constant_time_select((unsigned int)mask, pad, maxpad); inp_len = len - (SHA256_DIGEST_LENGTH + pad + 1); - ctx->aux.tls_aad[plen - 2] = inp_len >> 8; - ctx->aux.tls_aad[plen - 1] = inp_len; + ctx->aux.tls_aad[plen - 2] = (unsigned char)(inp_len >> 8); + ctx->aux.tls_aad[plen - 1] = (unsigned char)(inp_len); /* calculate HMAC */ sctx->md = sctx->head; @@ -544,7 +544,7 @@ static int aesni_cbc_hmac_sha256_cipher(PROV_CIPHER_CTX *vctx, } /* but pretend as if we hashed padded payload */ - bitlen = sctx->md.Nl + (inp_len << 3); /* at most 18 bits */ + bitlen = sctx->md.Nl + (unsigned int)(inp_len << 3); /* at most 18 bits */ # ifdef BSWAP4 bitlen = BSWAP4(bitlen); # else @@ -784,7 +784,7 @@ static int aesni_cbc_hmac_sha256_tls1_multiblock_aad( if (inp_len >= 8192 && OPENSSL_ia32cap_P[2] & (1 << 5)) n4x = 2; /* AVX2 */ } else if ((n4x = param->interleave / 4) && n4x <= 2) - inp_len = param->len; + inp_len = (unsigned int)param->len; else return -1; diff --git a/providers/implementations/ciphers/cipher_aes_ccm_hw.c b/providers/implementations/ciphers/cipher_aes_ccm_hw.c index b050cf3edd8..c555edb26a0 100644 --- a/providers/implementations/ciphers/cipher_aes_ccm_hw.c +++ b/providers/implementations/ciphers/cipher_aes_ccm_hw.c @@ -18,8 +18,9 @@ #include "cipher_aes_ccm.h" #define AES_HW_CCM_SET_KEY_FN(fn_set_enc_key, fn_blk, fn_ccm_enc, fn_ccm_dec) \ - fn_set_enc_key(key, keylen * 8, &actx->ccm.ks.ks); \ - CRYPTO_ccm128_init(&ctx->ccm_ctx, ctx->m, ctx->l, &actx->ccm.ks.ks, \ + fn_set_enc_key(key, (int)(keylen * 8), &actx->ccm.ks.ks); \ + CRYPTO_ccm128_init(&ctx->ccm_ctx, (unsigned int)ctx->m, \ + (unsigned int)ctx->l, &actx->ccm.ks.ks, \ (block128_f)fn_blk); \ ctx->str = ctx->enc ? (ccm128_f)fn_ccm_enc : (ccm128_f)fn_ccm_dec; \ ctx->key_set = 1; diff --git a/providers/implementations/ciphers/cipher_aes_gcm_hw_vaes_avx512.inc b/providers/implementations/ciphers/cipher_aes_gcm_hw_vaes_avx512.inc index c892c0754e8..dbb30ed2237 100644 --- a/providers/implementations/ciphers/cipher_aes_gcm_hw_vaes_avx512.inc +++ b/providers/implementations/ciphers/cipher_aes_gcm_hw_vaes_avx512.inc @@ -48,7 +48,7 @@ static int vaes_gcm_setkey(PROV_GCM_CTX *ctx, const unsigned char *key, PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx; AES_KEY *ks = &actx->ks.ks; - aesni_set_encrypt_key(key, keylen * 8, ks); + aesni_set_encrypt_key(key, (int)(keylen * 8), ks); memset(gcmctx, 0, sizeof(*gcmctx)); gcmctx->key = ks; ctx->key_set = 1; @@ -132,7 +132,7 @@ static int vaes_gcm_aadupdate(PROV_GCM_CTX *ctx, /* Add remaining AAD to the hash (note, the hash is stored reflected) */ if (aad_len > 0) { - ares = aad_len; + ares = (unsigned int)aad_len; for (i = 0; i < aad_len; i++) gcmctx->Xi.c[15 - i] ^= aad[i]; } diff --git a/providers/implementations/ciphers/cipher_aes_hw.c b/providers/implementations/ciphers/cipher_aes_hw.c index a3b72d9f728..28484647d21 100644 --- a/providers/implementations/ciphers/cipher_aes_hw.c +++ b/providers/implementations/ciphers/cipher_aes_hw.c @@ -44,21 +44,21 @@ static int cipher_hw_aes_initkey(PROV_CIPHER_CTX *dat, #endif #ifdef BSAES_CAPABLE if (BSAES_CAPABLE && dat->mode == EVP_CIPH_CBC_MODE) { - ret = AES_set_decrypt_key(key, keylen * 8, ks); + ret = AES_set_decrypt_key(key, (int)(keylen * 8), ks); dat->block = (block128_f)AES_decrypt; dat->stream.cbc = (cbc128_f)ossl_bsaes_cbc_encrypt; } else #endif #ifdef VPAES_CAPABLE if (VPAES_CAPABLE) { - ret = vpaes_set_decrypt_key(key, keylen * 8, ks); + ret = vpaes_set_decrypt_key(key, (int)(keylen * 8), ks); dat->block = (block128_f)vpaes_decrypt; dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE) ?(cbc128_f)vpaes_cbc_encrypt : NULL; } else #endif { - ret = AES_set_decrypt_key(key, keylen * 8, ks); + ret = AES_set_decrypt_key(key, (int)(keylen * 8), ks); dat->block = (block128_f)AES_decrypt; dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE) ? (cbc128_f)AES_cbc_encrypt : NULL; @@ -89,21 +89,21 @@ static int cipher_hw_aes_initkey(PROV_CIPHER_CTX *dat, #endif #ifdef BSAES_CAPABLE if (BSAES_CAPABLE && dat->mode == EVP_CIPH_CTR_MODE) { - ret = AES_set_encrypt_key(key, keylen * 8, ks); + ret = AES_set_encrypt_key(key, (int)(keylen * 8), ks); dat->block = (block128_f)AES_encrypt; dat->stream.ctr = (ctr128_f)ossl_bsaes_ctr32_encrypt_blocks; } else #endif #ifdef VPAES_CAPABLE if (VPAES_CAPABLE) { - ret = vpaes_set_encrypt_key(key, keylen * 8, ks); + ret = vpaes_set_encrypt_key(key, (int)(keylen * 8), ks); dat->block = (block128_f)vpaes_encrypt; dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE) ? (cbc128_f)vpaes_cbc_encrypt : NULL; } else #endif { - ret = AES_set_encrypt_key(key, keylen * 8, ks); + ret = AES_set_encrypt_key(key, (int)(keylen * 8), ks); dat->block = (block128_f)AES_encrypt; dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE) ? (cbc128_f)AES_cbc_encrypt : NULL; diff --git a/providers/implementations/ciphers/cipher_aes_hw_aesni.inc b/providers/implementations/ciphers/cipher_aes_hw_aesni.inc index 33b9046054e..55083ea7b77 100644 --- a/providers/implementations/ciphers/cipher_aes_hw_aesni.inc +++ b/providers/implementations/ciphers/cipher_aes_hw_aesni.inc @@ -29,12 +29,12 @@ static int cipher_hw_aesni_initkey(PROV_CIPHER_CTX *dat, if ((dat->mode == EVP_CIPH_ECB_MODE || dat->mode == EVP_CIPH_CBC_MODE) && !dat->enc) { - ret = aesni_set_decrypt_key(key, keylen * 8, ks); + ret = aesni_set_decrypt_key(key, (int)(keylen * 8), ks); dat->block = (block128_f) aesni_decrypt; dat->stream.cbc = dat->mode == EVP_CIPH_CBC_MODE ? (cbc128_f) aesni_cbc_encrypt : NULL; } else { - ret = aesni_set_encrypt_key(key, keylen * 8, ks); + ret = aesni_set_encrypt_key(key, (int)(keylen * 8), ks); dat->block = (block128_f) aesni_encrypt; if (dat->mode == EVP_CIPH_CBC_MODE) dat->stream.cbc = (cbc128_f) aesni_cbc_encrypt; diff --git a/providers/implementations/ciphers/cipher_aes_ocb_hw.c b/providers/implementations/ciphers/cipher_aes_ocb_hw.c index 00920408b91..7e02ef54a3d 100644 --- a/providers/implementations/ciphers/cipher_aes_ocb_hw.c +++ b/providers/implementations/ciphers/cipher_aes_ocb_hw.c @@ -19,8 +19,8 @@ fn_block_enc, fn_block_dec, \ fn_stream_enc, fn_stream_dec) \ CRYPTO_ocb128_cleanup(&ctx->ocb); \ -fn_set_enc_key(key, keylen * 8, &ctx->ksenc.ks); \ -fn_set_dec_key(key, keylen * 8, &ctx->ksdec.ks); \ +fn_set_enc_key(key, (int)(keylen * 8), &ctx->ksenc.ks); \ +fn_set_dec_key(key, (int)(keylen * 8), &ctx->ksdec.ks); \ if (!CRYPTO_ocb128_init(&ctx->ocb, &ctx->ksenc.ks, &ctx->ksdec.ks, \ (block128_f)fn_block_enc, (block128_f)fn_block_dec, \ ctx->base.enc ? (ocb128_f)fn_stream_enc : \ diff --git a/providers/implementations/ciphers/cipher_aes_siv_hw.c b/providers/implementations/ciphers/cipher_aes_siv_hw.c index 75fd54829c4..fbfb8ec9070 100644 --- a/providers/implementations/ciphers/cipher_aes_siv_hw.c +++ b/providers/implementations/ciphers/cipher_aes_siv_hw.c @@ -52,7 +52,7 @@ static int aes_siv_initkey(void *vctx, const unsigned char *key, size_t keylen) * klen is the length of the underlying cipher, not the input key, * which should be twice as long */ - return ossl_siv128_init(sctx, key, klen, ctx->cbc, ctx->ctr, libctx, + return ossl_siv128_init(sctx, key, (int)klen, ctx->cbc, ctx->ctr, libctx, propq); } diff --git a/providers/implementations/ciphers/cipher_aes_wrp.c b/providers/implementations/ciphers/cipher_aes_wrp.c index a3bac9b23d0..ea0ac5e85fe 100644 --- a/providers/implementations/ciphers/cipher_aes_wrp.c +++ b/providers/implementations/ciphers/cipher_aes_wrp.c @@ -138,10 +138,10 @@ static int aes_wrap_init(void *vctx, const unsigned char *key, else use_forward_transform = !ctx->enc; if (use_forward_transform) { - AES_set_encrypt_key(key, keylen * 8, &wctx->ks.ks); + AES_set_encrypt_key(key, (int)(keylen * 8), &wctx->ks.ks); ctx->block = (block128_f)AES_encrypt; } else { - AES_set_decrypt_key(key, keylen * 8, &wctx->ks.ks); + AES_set_decrypt_key(key, (int)(keylen * 8), &wctx->ks.ks); ctx->block = (block128_f)AES_decrypt; } } @@ -175,7 +175,7 @@ static int aes_wrap_cipher_internal(void *vctx, unsigned char *out, return 0; /* Input length must always be non-zero */ - if (inlen == 0) { + if (inlen == 0 || inlen > INT_MAX) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_INPUT_LENGTH); return -1; } @@ -198,14 +198,14 @@ static int aes_wrap_cipher_internal(void *vctx, unsigned char *out, if (pad) inlen = (inlen + 7) / 8 * 8; /* 8 byte prefix */ - return inlen + 8; + return (int)(inlen + 8); } else { /* * If not padding output will be exactly 8 bytes smaller than * input. If padding it will be at least 8 bytes smaller but we * don't know how much. */ - return inlen - 8; + return (int)(inlen - 8); } } diff --git a/providers/implementations/ciphers/cipher_aes_xts_hw.c b/providers/implementations/ciphers/cipher_aes_xts_hw.c index b6353f18456..10312252e57 100644 --- a/providers/implementations/ciphers/cipher_aes_xts_hw.c +++ b/providers/implementations/ciphers/cipher_aes_xts_hw.c @@ -22,13 +22,13 @@ size_t bits = bytes * 8; \ \ if (ctx->enc) { \ - fn_set_enc_key(key, bits, &xctx->ks1.ks); \ + fn_set_enc_key(key, (int)bits, &xctx->ks1.ks); \ xctx->xts.block1 = (block128_f)fn_block_enc; \ } else { \ - fn_set_dec_key(key, bits, &xctx->ks1.ks); \ + fn_set_dec_key(key, (int)bits, &xctx->ks1.ks); \ xctx->xts.block1 = (block128_f)fn_block_dec; \ } \ - fn_set_enc_key(key + bytes, bits, &xctx->ks2.ks); \ + fn_set_enc_key(key + bytes, (int)bits, &xctx->ks2.ks); \ xctx->xts.block2 = (block128_f)fn_block_enc; \ xctx->xts.key1 = &xctx->ks1; \ xctx->xts.key2 = &xctx->ks2; \ diff --git a/providers/implementations/ciphers/cipher_aria_ccm_hw.c b/providers/implementations/ciphers/cipher_aria_ccm_hw.c index e56ec8fb086..80452295a2b 100644 --- a/providers/implementations/ciphers/cipher_aria_ccm_hw.c +++ b/providers/implementations/ciphers/cipher_aria_ccm_hw.c @@ -18,8 +18,9 @@ static int ccm_aria_initkey(PROV_CCM_CTX *ctx, { PROV_ARIA_CCM_CTX *actx = (PROV_ARIA_CCM_CTX *)ctx; - ossl_aria_set_encrypt_key(key, keylen * 8, &actx->ks.ks); - CRYPTO_ccm128_init(&ctx->ccm_ctx, ctx->m, ctx->l, &actx->ks.ks, + ossl_aria_set_encrypt_key(key, (int)(keylen * 8), &actx->ks.ks); + CRYPTO_ccm128_init(&ctx->ccm_ctx, (unsigned int)ctx->m, + (unsigned int)ctx->l, &actx->ks.ks, (block128_f)ossl_aria_encrypt); ctx->str = NULL; ctx->key_set = 1; diff --git a/providers/implementations/ciphers/cipher_aria_hw.c b/providers/implementations/ciphers/cipher_aria_hw.c index 425d87a65ec..4ebdcfa03d3 100644 --- a/providers/implementations/ciphers/cipher_aria_hw.c +++ b/providers/implementations/ciphers/cipher_aria_hw.c @@ -18,9 +18,9 @@ static int cipher_hw_aria_initkey(PROV_CIPHER_CTX *dat, ARIA_KEY *ks = &adat->ks.ks; if (dat->enc || (mode != EVP_CIPH_ECB_MODE && mode != EVP_CIPH_CBC_MODE)) - ret = ossl_aria_set_encrypt_key(key, keylen * 8, ks); + ret = ossl_aria_set_encrypt_key(key, (int)(keylen * 8), ks); else - ret = ossl_aria_set_decrypt_key(key, keylen * 8, ks); + ret = ossl_aria_set_decrypt_key(key, (int)(keylen * 8), ks); if (ret < 0) { ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SETUP_FAILED); return 0; diff --git a/providers/implementations/ciphers/cipher_blowfish_hw.c b/providers/implementations/ciphers/cipher_blowfish_hw.c index 4855a71f687..35ff0de366a 100644 --- a/providers/implementations/ciphers/cipher_blowfish_hw.c +++ b/providers/implementations/ciphers/cipher_blowfish_hw.c @@ -20,7 +20,7 @@ static int cipher_hw_blowfish_initkey(PROV_CIPHER_CTX *ctx, { PROV_BLOWFISH_CTX *bctx = (PROV_BLOWFISH_CTX *)ctx; - BF_set_key(&bctx->ks.ks, keylen, key); + BF_set_key(&bctx->ks.ks, (int)keylen, key); return 1; } diff --git a/providers/implementations/ciphers/cipher_camellia_hw.c b/providers/implementations/ciphers/cipher_camellia_hw.c index 3ebf5b8d461..7e012e32e90 100644 --- a/providers/implementations/ciphers/cipher_camellia_hw.c +++ b/providers/implementations/ciphers/cipher_camellia_hw.c @@ -25,7 +25,7 @@ static int cipher_hw_camellia_initkey(PROV_CIPHER_CTX *dat, CAMELLIA_KEY *ks = &adat->ks.ks; dat->ks = ks; - ret = Camellia_set_key(key, keylen * 8, ks); + ret = Camellia_set_key(key, (int)(keylen * 8), ks); if (ret < 0) { ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SETUP_FAILED); return 0; diff --git a/providers/implementations/ciphers/cipher_cast5_hw.c b/providers/implementations/ciphers/cipher_cast5_hw.c index 73f0628e578..2f925bc21a3 100644 --- a/providers/implementations/ciphers/cipher_cast5_hw.c +++ b/providers/implementations/ciphers/cipher_cast5_hw.c @@ -20,7 +20,7 @@ static int cipher_hw_cast5_initkey(PROV_CIPHER_CTX *ctx, { PROV_CAST_CTX *bctx = (PROV_CAST_CTX *)ctx; - CAST_set_key(&(bctx->ks.ks), keylen, key); + CAST_set_key(&(bctx->ks.ks), (int)keylen, key); return 1; } diff --git a/providers/implementations/ciphers/cipher_rc2.c b/providers/implementations/ciphers/cipher_rc2.c index c535bd7e972..23ccbb82f7c 100644 --- a/providers/implementations/ciphers/cipher_rc2.c +++ b/providers/implementations/ciphers/cipher_rc2.c @@ -137,9 +137,9 @@ static int rc2_get_ctx_params(void *vctx, OSSL_PARAM params[]) } /* Is this the original IV or the running IV? */ - num = rc2_keybits_to_magic(ctx->key_bits); - if (!ASN1_TYPE_set_int_octetstring(type, num, - ctx->base.iv, ctx->base.ivlen)) { + num = rc2_keybits_to_magic((int)ctx->key_bits); + if (!ASN1_TYPE_set_int_octetstring(type, num, ctx->base.iv, + (int)ctx->base.ivlen)) { ASN1_TYPE_free(type); ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB); return 0; @@ -198,9 +198,9 @@ static int rc2_set_ctx_params(void *vctx, const OSSL_PARAM params[]) if (p->data_type != OSSL_PARAM_OCTET_STRING || ctx->base.ivlen > sizeof(iv) - || (type = d2i_ASN1_TYPE(NULL, &d, p->data_size)) == NULL + || (type = d2i_ASN1_TYPE(NULL, &d, (long)p->data_size)) == NULL || ((size_t)ASN1_TYPE_get_int_octetstring(type, &num, iv, - ctx->base.ivlen) + (int)ctx->base.ivlen) != ctx->base.ivlen) || !ossl_cipher_generic_initiv(&ctx->base, iv, ctx->base.ivlen) || (ctx->key_bits = rc2_magic_to_keybits(num)) == 0) { diff --git a/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c b/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c index 8cce02b1c5a..e225664cdbc 100644 --- a/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c +++ b/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c @@ -37,7 +37,7 @@ static int cipher_hw_rc4_hmac_md5_initkey(PROV_CIPHER_CTX *bctx, { PROV_RC4_HMAC_MD5_CTX *ctx = (PROV_RC4_HMAC_MD5_CTX *)bctx; - RC4_set_key(&ctx->ks.ks, keylen, key); + RC4_set_key(&ctx->ks.ks, (int)keylen, key); MD5_Init(&ctx->head); /* handy when benchmarking */ ctx->tail = ctx->head; ctx->md = ctx->head; @@ -82,8 +82,8 @@ static int cipher_hw_rc4_hmac_md5_cipher(PROV_CIPHER_CTX *bctx, blocks *= MD5_CBLOCK; rc4_off += blocks; md5_off += blocks; - ctx->md.Nh += blocks >> 29; - ctx->md.Nl += blocks <<= 3; + ctx->md.Nh += (unsigned int)(blocks >> 29); + ctx->md.Nl += (unsigned int)(blocks <<= 3); if (ctx->md.Nl < (unsigned int)blocks) ctx->md.Nh++; } else { @@ -132,7 +132,7 @@ static int cipher_hw_rc4_hmac_md5_cipher(PROV_CIPHER_CTX *bctx, if (l < ctx->md.Nl) ctx->md.Nh++; ctx->md.Nl = l; - ctx->md.Nh += blocks >> 29; + ctx->md.Nh += (unsigned int)(blocks >> 29); } else { md5_off = 0; rc4_off = 0; diff --git a/providers/implementations/ciphers/cipher_rc4_hw.c b/providers/implementations/ciphers/cipher_rc4_hw.c index 09192b5d5e1..d435dfed2e1 100644 --- a/providers/implementations/ciphers/cipher_rc4_hw.c +++ b/providers/implementations/ciphers/cipher_rc4_hw.c @@ -20,7 +20,7 @@ static int cipher_hw_rc4_initkey(PROV_CIPHER_CTX *ctx, { PROV_RC4_CTX *rctx = (PROV_RC4_CTX *)ctx; - RC4_set_key(&rctx->ks.ks, keylen, key); + RC4_set_key(&rctx->ks.ks, (int)keylen, key); return 1; } diff --git a/providers/implementations/ciphers/cipher_rc5_hw.c b/providers/implementations/ciphers/cipher_rc5_hw.c index 898bd383f95..810211c0847 100644 --- a/providers/implementations/ciphers/cipher_rc5_hw.c +++ b/providers/implementations/ciphers/cipher_rc5_hw.c @@ -20,7 +20,7 @@ static int cipher_hw_rc5_initkey(PROV_CIPHER_CTX *ctx, { PROV_RC5_CTX *rctx = (PROV_RC5_CTX *)ctx; - return RC5_32_set_key(&rctx->ks.ks, keylen, key, rctx->rounds); + return RC5_32_set_key(&rctx->ks.ks, (int)keylen, key, rctx->rounds); } # define PROV_CIPHER_HW_rc5_mode(mode, UCMODE) \ diff --git a/providers/implementations/ciphers/cipher_sm4_ccm_hw.c b/providers/implementations/ciphers/cipher_sm4_ccm_hw.c index c228276fe0c..f49670c48ff 100644 --- a/providers/implementations/ciphers/cipher_sm4_ccm_hw.c +++ b/providers/implementations/ciphers/cipher_sm4_ccm_hw.c @@ -16,7 +16,8 @@ #define SM4_HW_CCM_SET_KEY_FN(fn_set_enc_key, fn_blk, fn_ccm_enc, fn_ccm_dec) \ fn_set_enc_key(key, &actx->ks.ks); \ - CRYPTO_ccm128_init(&ctx->ccm_ctx, ctx->m, ctx->l, &actx->ks.ks, \ + CRYPTO_ccm128_init(&ctx->ccm_ctx, (unsigned int)ctx->m, \ + (unsigned int)ctx->l, &actx->ks.ks, \ (block128_f)fn_blk); \ ctx->str = ctx->enc ? (ccm128_f)fn_ccm_enc : (ccm128_f)fn_ccm_dec; \ ctx->key_set = 1; diff --git a/providers/implementations/ciphers/cipher_tdes_wrap.c b/providers/implementations/ciphers/cipher_tdes_wrap.c index b48c02ae258..8dbe31dd1b1 100644 --- a/providers/implementations/ciphers/cipher_tdes_wrap.c +++ b/providers/implementations/ciphers/cipher_tdes_wrap.c @@ -40,7 +40,7 @@ static int des_ede3_unwrap(PROV_CIPHER_CTX *ctx, unsigned char *out, if (inl < 24) return -1; if (out == NULL) - return inl - 16; + return (int)(inl - 16); memcpy(ctx->iv, wrap_iv, 8); /* Decrypt first block which will end up as icv */ @@ -66,7 +66,7 @@ static int des_ede3_unwrap(PROV_CIPHER_CTX *ctx, unsigned char *out, ctx->hw->cipher(ctx, icv, icv, 8); if (ossl_sha1(out, inl - 16, sha1tmp) /* Work out hash of first portion */ && CRYPTO_memcmp(sha1tmp, icv, 8) == 0) - rv = inl - 16; + rv = (int)(inl - 16); OPENSSL_cleanse(icv, 8); OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH); OPENSSL_cleanse(iv, 8); @@ -85,8 +85,10 @@ static int des_ede3_wrap(PROV_CIPHER_CTX *ctx, unsigned char *out, size_t icvlen = TDES_IVLEN; size_t len = inl + ivlen + icvlen; + if (len > INT_MAX) + return 0; if (out == NULL) - return len; + return (int)len; /* Copy input to output buffer + 8 so we have space for IV */ memmove(out + ivlen, in, inl); @@ -104,7 +106,7 @@ static int des_ede3_wrap(PROV_CIPHER_CTX *ctx, unsigned char *out, BUF_reverse(out, NULL, len); memcpy(ctx->iv, wrap_iv, ivlen); ctx->hw->cipher(ctx, out, out, len); - return len; + return (int)len; } static int tdes_wrap_cipher_internal(PROV_CIPHER_CTX *ctx, unsigned char *out, diff --git a/providers/implementations/ciphers/ciphercommon_ccm.c.in b/providers/implementations/ciphers/ciphercommon_ccm.c.in index 2303ae949c7..28de06389c8 100644 --- a/providers/implementations/ciphers/ciphercommon_ccm.c.in +++ b/providers/implementations/ciphers/ciphercommon_ccm.c.in @@ -50,7 +50,7 @@ static int ccm_tls_init(PROV_CCM_CTX *ctx, unsigned char *aad, size_t alen) ctx->buf[alen - 1] = (unsigned char)(len & 0xff); /* Extra padding: tag appended to record. */ - return ctx->m; + return (int)ctx->m; } static int ccm_tls_iv_set_fixed(PROV_CCM_CTX *ctx, unsigned char *fixed, diff --git a/providers/implementations/ciphers/ciphercommon_gcm.c.in b/providers/implementations/ciphers/ciphercommon_gcm.c.in index 43490719561..f55be80ce18 100644 --- a/providers/implementations/ciphers/ciphercommon_gcm.c.in +++ b/providers/implementations/ciphers/ciphercommon_gcm.c.in @@ -409,7 +409,7 @@ int ossl_gcm_cipher(void *vctx, */ static int gcm_iv_generate(PROV_GCM_CTX *ctx, int offset) { - int sz = ctx->ivlen - offset; + int sz = (int)(ctx->ivlen - offset); /* Must be at least 96 bits */ if (sz <= 0 || ctx->ivlen < GCM_IV_DEFAULT_SIZE) diff --git a/providers/implementations/digests/blake2b_prov.c b/providers/implementations/digests/blake2b_prov.c index 6ef7fac008c..7b32d798fad 100644 --- a/providers/implementations/digests/blake2b_prov.c +++ b/providers/implementations/digests/blake2b_prov.c @@ -308,7 +308,7 @@ int ossl_blake2b_final(unsigned char *md, BLAKE2B_CTX *c) { uint8_t outbuffer[BLAKE2B_OUTBYTES] = {0}; uint8_t *target = outbuffer; - int iter = (c->outlen + 7) / 8; + int iter = (int)((c->outlen + 7) / 8); int i; /* Avoid writing to the temporary buffer if possible */ diff --git a/providers/implementations/digests/blake2s_prov.c b/providers/implementations/digests/blake2s_prov.c index a9251d8996d..bec6ea081be 100644 --- a/providers/implementations/digests/blake2s_prov.c +++ b/providers/implementations/digests/blake2s_prov.c @@ -149,7 +149,7 @@ static void blake2s_compress(BLAKE2S_CTX *S, uint32_t m[16]; uint32_t v[16]; size_t i; - size_t increment; + uint32_t increment; /* * There are two distinct usage vectors for this function: @@ -170,7 +170,7 @@ static void blake2s_compress(BLAKE2S_CTX *S, * including even zero), which is why following assignment doesn't * have to reside inside the main loop below. */ - increment = len < BLAKE2S_BLOCKBYTES ? len : BLAKE2S_BLOCKBYTES; + increment = len < BLAKE2S_BLOCKBYTES ? (uint32_t)len : BLAKE2S_BLOCKBYTES; for (i = 0; i < 8; ++i) { v[i] = S->h[i]; @@ -296,7 +296,7 @@ int ossl_blake2s_final(unsigned char *md, BLAKE2S_CTX *c) { uint8_t outbuffer[BLAKE2S_OUTBYTES] = {0}; uint8_t *target = outbuffer; - int iter = (c->outlen + 3) / 4; + int iter = (int)((c->outlen + 3) / 4); int i; /* Avoid writing to the temporary buffer if possible */ diff --git a/providers/implementations/digests/md5_sha1_prov.c b/providers/implementations/digests/md5_sha1_prov.c index 9735c3f7e40..ef15944c8ce 100644 --- a/providers/implementations/digests/md5_sha1_prov.c +++ b/providers/implementations/digests/md5_sha1_prov.c @@ -50,7 +50,7 @@ static int md5_sha1_set_ctx_params(void *vctx, const OSSL_PARAM params[]) p = OSSL_PARAM_locate_const(params, OSSL_DIGEST_PARAM_SSL3_MS); if (p != NULL && p->data_type == OSSL_PARAM_OCTET_STRING) return ossl_md5_sha1_ctrl(ctx, EVP_CTRL_SSL3_MASTER_SECRET, - p->data_size, p->data); + (int)p->data_size, p->data); return 1; } diff --git a/providers/implementations/digests/sha2_prov.c b/providers/implementations/digests/sha2_prov.c index 4c35586b00e..afe4851a408 100644 --- a/providers/implementations/digests/sha2_prov.c +++ b/providers/implementations/digests/sha2_prov.c @@ -52,7 +52,7 @@ static int sha1_set_ctx_params(void *vctx, const OSSL_PARAM params[]) p = OSSL_PARAM_locate_const(params, OSSL_DIGEST_PARAM_SSL3_MS); if (p != NULL && p->data_type == OSSL_PARAM_OCTET_STRING) return ossl_sha1_ctrl(ctx, EVP_CTRL_SSL3_MASTER_SECRET, - p->data_size, p->data); + (int)p->data_size, p->data); return 1; } diff --git a/providers/implementations/encode_decode/decode_epki2pki.c b/providers/implementations/encode_decode/decode_epki2pki.c index aecf2eb4f2b..2154d9e3d3d 100644 --- a/providers/implementations/encode_decode/decode_epki2pki.c +++ b/providers/implementations/encode_decode/decode_epki2pki.c @@ -140,7 +140,7 @@ int ossl_epki2pki_der_decode(unsigned char *der, long der_len, int selection, int new_der_len = 0; X509_SIG_get0(p8, &alg, &oct); - if (!PKCS12_pbe_crypt_ex(alg, pbuf, plen, + if (!PKCS12_pbe_crypt_ex(alg, pbuf, (int)plen, oct->data, oct->length, &new_der, &new_der_len, 0, libctx, propq)) { diff --git a/providers/implementations/encode_decode/encode_key2any.c b/providers/implementations/encode_decode/encode_key2any.c index 67a11590034..10b1d10ee17 100644 --- a/providers/implementations/encode_decode/encode_key2any.c +++ b/providers/implementations/encode_decode/encode_key2any.c @@ -124,7 +124,8 @@ static X509_SIG *p8info_to_encp8(PKCS8_PRIV_KEY_INFO *p8info, return NULL; } /* First argument == -1 means "standard" */ - p8 = PKCS8_encrypt_ex(-1, ctx->cipher, kstr, klen, NULL, 0, 0, p8info, libctx, NULL); + p8 = PKCS8_encrypt_ex(-1, ctx->cipher, kstr, (int)klen, NULL, 0, 0, p8info, + libctx, NULL); OPENSSL_cleanse(kstr, klen); return p8; } @@ -803,7 +804,7 @@ static int ecx_spki_pub_to_der(const void *vecxkey, unsigned char **pder, return 0; *pder = keyblob; - return ecxkey->keylen; + return (int)ecxkey->keylen; } static int ecx_pki_priv_to_der(const void *vecxkey, unsigned char **pder, @@ -819,7 +820,7 @@ static int ecx_pki_priv_to_der(const void *vecxkey, unsigned char **pder, } oct.data = ecxkey->privkey; - oct.length = ecxkey->keylen; + oct.length = (int)ecxkey->keylen; oct.flags = 0; keybloblen = i2d_ASN1_OCTET_STRING(&oct, pder); @@ -1043,7 +1044,7 @@ static int slh_dsa_spki_pub_to_der(const void *vkey, unsigned char **pder, return 0; *pder = key_blob; - return key_len; + return (int)key_len; } static int slh_dsa_pki_priv_to_der(const void *vkey, unsigned char **pder, @@ -1062,7 +1063,7 @@ static int slh_dsa_pki_priv_to_der(const void *vkey, unsigned char **pder, && ((*pder = OPENSSL_memdup(ossl_slh_dsa_key_get_priv(key), len)) == NULL)) return 0; - return len; + return (int)len; } # define slh_dsa_epki_priv_to_der slh_dsa_pki_priv_to_der diff --git a/providers/implementations/encode_decode/ml_dsa_codecs.c b/providers/implementations/encode_decode/ml_dsa_codecs.c index dd54137fe50..9f94a789d91 100644 --- a/providers/implementations/encode_decode/ml_dsa_codecs.c +++ b/providers/implementations/encode_decode/ml_dsa_codecs.c @@ -328,14 +328,14 @@ int ossl_ml_dsa_i2d_prvkey(const ML_DSA_KEY *key, uint8_t **out, params->alg); goto end; } - len = p8fmt->p8_bytes; + len = (int)p8fmt->p8_bytes; if (out == NULL) { ret = len; goto end; } - if ((pos = buf = OPENSSL_malloc((size_t) len)) == NULL) + if ((pos = buf = OPENSSL_malloc((size_t)len)) == NULL) goto end; switch (p8fmt->p8_shift) { diff --git a/providers/implementations/encode_decode/ml_kem_codecs.c b/providers/implementations/encode_decode/ml_kem_codecs.c index fe0c8acc7e6..f2ade879096 100644 --- a/providers/implementations/encode_decode/ml_kem_codecs.c +++ b/providers/implementations/encode_decode/ml_kem_codecs.c @@ -345,14 +345,14 @@ int ossl_ml_kem_i2d_prvkey(const ML_KEM_KEY *key, uint8_t **out, v->algorithm_name); goto end; } - len = p8fmt->p8_bytes; + len = (int)p8fmt->p8_bytes; if (out == NULL) { ret = len; goto end; } - if ((pos = buf = OPENSSL_malloc((size_t) len)) == NULL) + if ((pos = buf = OPENSSL_malloc((size_t)len)) == NULL) goto end; switch (p8fmt->p8_shift) { diff --git a/providers/implementations/include/prov/ciphercommon_gcm.h b/providers/implementations/include/prov/ciphercommon_gcm.h index e447b892374..d740da4b85e 100644 --- a/providers/implementations/include/prov/ciphercommon_gcm.h +++ b/providers/implementations/include/prov/ciphercommon_gcm.h @@ -127,8 +127,8 @@ int ossl_gcm_one_shot(PROV_GCM_CTX *ctx, unsigned char *aad, size_t aad_len, int ossl_gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in, size_t len, unsigned char *out); -# define GCM_HW_SET_KEY_CTR_FN(ks, fn_set_enc_key, fn_block, fn_ctr) \ - fn_set_enc_key(key, keylen * 8, ks); \ +# define GCM_HW_SET_KEY_CTR_FN(ks, fn_set_enc_key, fn_block, fn_ctr) \ + fn_set_enc_key(key, (int)(keylen * 8), ks); \ CRYPTO_gcm128_init(&ctx->gcm, ks, (block128_f)fn_block); \ ctx->ctr = (ctr128_f)fn_ctr; \ ctx->key_set = 1; diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c index f1d4a44f67f..f5306d60682 100644 --- a/providers/implementations/kdfs/hkdf.c +++ b/providers/implementations/kdfs/hkdf.c @@ -638,7 +638,7 @@ static int HKDF_Expand(const EVP_MD *evp_md, if ((hmac = HMAC_CTX_new()) == NULL) return 0; - if (!HMAC_Init_ex(hmac, prk, prk_len, evp_md, NULL)) + if (!HMAC_Init_ex(hmac, prk, (int)prk_len, evp_md, NULL)) goto err; for (i = 1; i <= n; i++) { diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c index 9ba834ac36d..dc386db7399 100644 --- a/providers/implementations/kdfs/kbkdf.c +++ b/providers/implementations/kdfs/kbkdf.c @@ -347,7 +347,7 @@ static int kbkdf_derive(void *vctx, unsigned char *key, size_t keylen, } if (ctx->use_l != 0) - l = be32(keylen * 8); + l = be32((uint32_t)(keylen * 8)); k_i = OPENSSL_zalloc(h); if (k_i == NULL) diff --git a/providers/implementations/kdfs/krb5kdf.c b/providers/implementations/kdfs/krb5kdf.c index 566afa74fec..9022da6d770 100644 --- a/providers/implementations/kdfs/krb5kdf.c +++ b/providers/implementations/kdfs/krb5kdf.c @@ -284,7 +284,7 @@ static int fixup_des3_key(unsigned char *key) * finally add carry if any */ static void n_fold(unsigned char *block, unsigned int blocksize, - const unsigned char *constant, size_t constant_len) + const unsigned char *constant, unsigned int constant_len) { unsigned int tmp, gcd, remainder, lcm, carry; int b, l; @@ -356,7 +356,7 @@ static int cipher_init(EVP_CIPHER_CTX *ctx, /* set the key len for the odd variable key len cipher */ klen = EVP_CIPHER_CTX_get_key_length(ctx); if (key_len != (size_t)klen) { - ret = EVP_CIPHER_CTX_set_key_length(ctx, key_len); + ret = EVP_CIPHER_CTX_set_key_length(ctx, (int)key_len); if (ret <= 0) { ret = 0; goto out; @@ -428,7 +428,7 @@ static int KRB5KDF(const EVP_CIPHER *cipher, ENGINE *engine, goto out; } - n_fold(block, blocksize, constant, constant_len); + n_fold(block, (unsigned int)blocksize, constant, (unsigned int)constant_len); plainblock = block; cipherblock = block + EVP_MAX_BLOCK_LENGTH; @@ -436,7 +436,7 @@ static int KRB5KDF(const EVP_CIPHER *cipher, ENGINE *engine, int olen; ret = EVP_EncryptUpdate(ctx, cipherblock, &olen, - plainblock, blocksize); + plainblock, (int)blocksize); if (!ret) goto out; cipherlen = olen; diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c index 6ec8e2f7656..e612323d632 100644 --- a/providers/implementations/kdfs/pbkdf2.c +++ b/providers/implementations/kdfs/pbkdf2.c @@ -272,7 +272,7 @@ static int kdf_pbkdf2_derive(void *vctx, unsigned char *key, size_t keylen, md = ossl_prov_digest_md(&ctx->digest); return pbkdf2_derive(ctx, (char *)ctx->pass, ctx->pass_len, - ctx->salt, ctx->salt_len, ctx->iter, + ctx->salt, (int)ctx->salt_len, ctx->iter, md, key, keylen, ctx->lower_bound_checks); } @@ -314,7 +314,7 @@ static int kdf_pbkdf2_set_ctx_params(void *vctx, const OSSL_PARAM params[]) return 0; if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SALT)) != NULL) { - if (!lower_bound_check_passed(ctx, p->data_size, UINT64_MAX, SIZE_MAX, + if (!lower_bound_check_passed(ctx, (int)p->data_size, UINT64_MAX, SIZE_MAX, ctx->lower_bound_checks)) return 0; if (!pbkdf2_set_membuf(&ctx->salt, &ctx->salt_len, p)) @@ -428,8 +428,8 @@ static int pbkdf2_derive(KDF_PBKDF2 *ctx, const char *pass, size_t passlen, if (hctx_tpl == NULL) return 0; p = key; - tkeylen = keylen; - if (!HMAC_Init_ex(hctx_tpl, pass, passlen, digest, NULL)) + tkeylen = (int)keylen; + if (!HMAC_Init_ex(hctx_tpl, pass, (int)passlen, digest, NULL)) goto err; hctx = HMAC_CTX_new(); if (hctx == NULL) diff --git a/providers/implementations/kdfs/scrypt.c b/providers/implementations/kdfs/scrypt.c index e27b09eb99a..2e94538cc0c 100644 --- a/providers/implementations/kdfs/scrypt.c +++ b/providers/implementations/kdfs/scrypt.c @@ -527,15 +527,15 @@ static int scrypt_alg(const char *pass, size_t passlen, X = (uint32_t *)(B + Blen); T = X + 32 * r; V = T + 32 * r; - if (ossl_pkcs5_pbkdf2_hmac_ex(pass, passlen, salt, saltlen, 1, sha256, - (int)Blen, B, libctx, propq) == 0) + if (ossl_pkcs5_pbkdf2_hmac_ex(pass, (int)passlen, salt, (int)saltlen, 1, + sha256, (int)Blen, B, libctx, propq) == 0) goto err; for (i = 0; i < p; i++) scryptROMix(B + 128 * r * i, r, N, X, T, V); - if (ossl_pkcs5_pbkdf2_hmac_ex(pass, passlen, B, (int)Blen, 1, sha256, - keylen, key, libctx, propq) == 0) + if (ossl_pkcs5_pbkdf2_hmac_ex(pass, (int)passlen, B, (int)Blen, 1, sha256, + (int)keylen, key, libctx, propq) == 0) goto err; rv = 1; err: diff --git a/providers/implementations/kdfs/x942kdf.c b/providers/implementations/kdfs/x942kdf.c index 63164d8b8fb..996d5a9e0e9 100644 --- a/providers/implementations/kdfs/x942kdf.c +++ b/providers/implementations/kdfs/x942kdf.c @@ -217,7 +217,7 @@ x942_encode_otherinfo(size_t keylen, /* keylenbits must fit into 4 bytes */ if (keylen > 0xFFFFFF) return 0; - keylen_bits = 8 * keylen; + keylen_bits = (uint32_t)(8 * keylen); /* Calculate the size of the buffer */ if (!der_encode_sharedinfo(&pkt, NULL, 0, cek_oid, cek_oid_len, diff --git a/providers/implementations/kem/ec_kem.c b/providers/implementations/kem/ec_kem.c index 975f41144ad..a48cbcaa34b 100644 --- a/providers/implementations/kem/ec_kem.c +++ b/providers/implementations/kem/ec_kem.c @@ -430,7 +430,7 @@ int ossl_ec_dhkem_derive_private(EC_KEY *ec, BIGNUM *priv, &counter, 1)) goto err; privbuf[0] &= info->bitmask; - if (BN_bin2bn(privbuf, info->Nsk, priv) == NULL) + if (BN_bin2bn(privbuf, (int)info->Nsk, priv) == NULL) goto err; if (counter == 0xFF) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GENERATE_KEY); @@ -576,7 +576,8 @@ static int derive_secret(PROV_EC_CTX *ctx, unsigned char *secret, size_t encodedprivlen = info->Nsk; int auth = ctx->sender_authkey != NULL; - if (!generate_ecdhkm(privkey1, peerkey1, dhkm, sizeof(dhkm), encodedprivlen)) + if (!generate_ecdhkm(privkey1, peerkey1, dhkm, sizeof(dhkm), + (unsigned int)encodedprivlen)) goto err; dhkmlen = encodedprivlen; kemctxlen = 2 * encodedpublen; @@ -594,7 +595,7 @@ static int derive_secret(PROV_EC_CTX *ctx, unsigned char *secret, } if (!generate_ecdhkm(privkey2, peerkey2, dhkm + dhkmlen, sizeof(dhkm) - dhkmlen, - encodedprivlen)) + (unsigned int)encodedprivlen)) goto err; dhkmlen += encodedprivlen; kemctxlen += encodedpublen; diff --git a/providers/implementations/kem/ecx_kem.c b/providers/implementations/kem/ecx_kem.c index 823662dd37c..b158fbce422 100644 --- a/providers/implementations/kem/ecx_kem.c +++ b/providers/implementations/kem/ecx_kem.c @@ -485,7 +485,8 @@ static int derive_secret(PROV_ECX_CTX *ctx, unsigned char *secret, int auth = ctx->sender_authkey != NULL; size_t encodedkeylen = info->Npk; - if (!generate_ecxdhkm(privkey1, peerkey1, dhkm, sizeof(dhkm), encodedkeylen)) + if (!generate_ecxdhkm(privkey1, peerkey1, dhkm, sizeof(dhkm), + (unsigned int)encodedkeylen)) goto err; dhkmlen = encodedkeylen; @@ -493,7 +494,7 @@ static int derive_secret(PROV_ECX_CTX *ctx, unsigned char *secret, if (auth) { if (!generate_ecxdhkm(privkey2, peerkey2, dhkm + dhkmlen, sizeof(dhkm) - dhkmlen, - encodedkeylen)) + (unsigned int)encodedkeylen)) goto err; /* Get the public key of the auth sender in encoded form */ sender_authpub = ecx_pubkey(ctx->sender_authkey); diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c index 7494dcc0107..d7654883bbf 100644 --- a/providers/implementations/kem/rsa_kem.c +++ b/providers/implementations/kem/rsa_kem.c @@ -312,11 +312,12 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx, * Step (2): Generate a random byte string z of nlen bytes where * 1 < z < n - 1 */ - if (!rsasve_gen_rand_bytes(prsactx->rsa, secret, nlen)) + if (!rsasve_gen_rand_bytes(prsactx->rsa, secret, (int)nlen)) return 0; /* Step(3): out = RSAEP((n,e), z) */ - ret = RSA_public_encrypt(nlen, secret, out, prsactx->rsa, RSA_NO_PADDING); + ret = RSA_public_encrypt((int)nlen, secret, out, prsactx->rsa, + RSA_NO_PADDING); if (ret) { ret = 1; if (outlen != NULL) @@ -389,7 +390,7 @@ static int rsasve_recover(PROV_RSA_CTX *prsactx, } /* Step (3): out = RSADP((n,d), in) */ - ret = RSA_private_decrypt(inlen, in, out, prsactx->rsa, RSA_NO_PADDING); + ret = RSA_private_decrypt((int)inlen, in, out, prsactx->rsa, RSA_NO_PADDING); if (ret > 0 && outlen != NULL) *outlen = ret; return ret > 0; diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c index b2823cbab08..a8c552c8a55 100644 --- a/providers/implementations/keymgmt/dh_kmgmt.c +++ b/providers/implementations/keymgmt/dh_kmgmt.c @@ -734,7 +734,7 @@ static void *dh_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) && gctx->ffc_params == NULL) { /* Select a named group if there is not one already */ if (gctx->group_nid == NID_undef) - gctx->group_nid = ossl_dh_get_named_group_uid_from_size(gctx->pbits); + gctx->group_nid = ossl_dh_get_named_group_uid_from_size((int)gctx->pbits); if (gctx->group_nid == NID_undef) return NULL; dh = ossl_dh_new_by_nid_ex(gctx->libctx, gctx->group_nid); @@ -776,12 +776,12 @@ static void *dh_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) * group based on pbits. */ if (gctx->gen_type == DH_PARAMGEN_TYPE_GENERATOR) - ret = DH_generate_parameters_ex(dh, gctx->pbits, + ret = DH_generate_parameters_ex(dh, (int)gctx->pbits, gctx->generator, gencb); else ret = ossl_dh_generate_ffc_parameters(dh, gctx->gen_type, - gctx->pbits, gctx->qbits, - gencb); + (int)gctx->pbits, + (int)gctx->qbits, gencb); if (ret <= 0) goto end; } diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c index 3c5649d7e7d..f506b04830f 100644 --- a/providers/implementations/keymgmt/dsa_kmgmt.c +++ b/providers/implementations/keymgmt/dsa_kmgmt.c @@ -666,8 +666,8 @@ static void *dsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) if ((gctx->selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) { if (ossl_dsa_generate_ffc_parameters(dsa, gctx->gen_type, - gctx->pbits, gctx->qbits, - gencb) <= 0) + (int)gctx->pbits, + (int)gctx->qbits, gencb) <= 0) goto end; } ossl_ffc_params_enable_flags(ffc, FFC_PARAM_FLAG_VALIDATE_LEGACY, diff --git a/providers/implementations/keymgmt/ml_dsa_kmgmt.c.in b/providers/implementations/keymgmt/ml_dsa_kmgmt.c.in index 841def9c49c..875abdbf38b 100644 --- a/providers/implementations/keymgmt/ml_dsa_kmgmt.c.in +++ b/providers/implementations/keymgmt/ml_dsa_kmgmt.c.in @@ -320,15 +320,15 @@ static int ml_dsa_get_params(void *keydata, OSSL_PARAM params[]) struct ml_dsa_get_params_st p = ml_dsa_get_params_decoder(params); if (p.bits != NULL - && !OSSL_PARAM_set_int(p.bits, 8 * ossl_ml_dsa_key_get_pub_len(key))) + && !OSSL_PARAM_set_size_t(p.bits, 8 * ossl_ml_dsa_key_get_pub_len(key))) return 0; if (p.secbits != NULL - && !OSSL_PARAM_set_int(p.secbits, ossl_ml_dsa_key_get_collision_strength_bits(key))) + && !OSSL_PARAM_set_size_t(p.secbits, ossl_ml_dsa_key_get_collision_strength_bits(key))) return 0; if (p.maxsize != NULL - && !OSSL_PARAM_set_int(p.maxsize, ossl_ml_dsa_key_get_sig_len(key))) + && !OSSL_PARAM_set_size_t(p.maxsize, ossl_ml_dsa_key_get_sig_len(key))) return 0; if (p.seccat != NULL diff --git a/providers/implementations/keymgmt/ml_kem_kmgmt.c.in b/providers/implementations/keymgmt/ml_kem_kmgmt.c.in index 775a66c3647..12d9baa2c1d 100644 --- a/providers/implementations/keymgmt/ml_kem_kmgmt.c.in +++ b/providers/implementations/keymgmt/ml_kem_kmgmt.c.in @@ -572,13 +572,13 @@ static int ml_kem_get_params(void *vkey, OSSL_PARAM params[]) const ML_KEM_VINFO *v = ossl_ml_kem_key_vinfo(key); struct ml_kem_get_params_st p = ml_kem_get_params_decoder(params); - if (p.bits != NULL && !OSSL_PARAM_set_int(p.bits, v->bits)) + if (p.bits != NULL && !OSSL_PARAM_set_size_t(p.bits, v->bits)) return 0; - if (p.secbits != NULL && !OSSL_PARAM_set_int(p.secbits, v->secbits)) + if (p.secbits != NULL && !OSSL_PARAM_set_size_t(p.secbits, v->secbits)) return 0; - if (p.maxsize != NULL && !OSSL_PARAM_set_int(p.maxsize, v->ctext_bytes)) + if (p.maxsize != NULL && !OSSL_PARAM_set_size_t(p.maxsize, v->ctext_bytes)) return 0; if (p.seccat != NULL && !OSSL_PARAM_set_int(p.seccat, v->security_category)) diff --git a/providers/implementations/keymgmt/mlx_kmgmt.c.in b/providers/implementations/keymgmt/mlx_kmgmt.c.in index 6d497910ba3..9ea8eaf7239 100644 --- a/providers/implementations/keymgmt/mlx_kmgmt.c.in +++ b/providers/implementations/keymgmt/mlx_kmgmt.c.in @@ -387,13 +387,15 @@ load_keys(MLX_KEY *key, /* Ignore public keys when private provided */ if (!load_slot(key->libctx, key->propq, OSSL_PKEY_PARAM_PRIV_KEY, minimal_selection, key, slot, prvenc, - key->minfo->prvkey_bytes, key->xinfo->prvkey_bytes)) + (int)key->minfo->prvkey_bytes, + (int)key->xinfo->prvkey_bytes)) goto err; } else if (publen) { /* Absent private key data, import public keys */ if (!load_slot(key->libctx, key->propq, OSSL_PKEY_PARAM_PUB_KEY, minimal_selection, key, slot, pubenc, - key->minfo->pubkey_bytes, key->xinfo->pubkey_bytes)) + (int)key->minfo->pubkey_bytes, + (int)key->xinfo->pubkey_bytes)) goto err; } } @@ -518,7 +520,7 @@ static int mlx_kem_get_params(void *vkey, OSSL_PARAM params[]) /* The ciphertext sizes are additive */ if (p.maxsize != NULL) - if (!OSSL_PARAM_set_int(p.maxsize, key->minfo->ctext_bytes + key->xinfo->pubkey_bytes)) + if (!OSSL_PARAM_set_size_t(p.maxsize, key->minfo->ctext_bytes + key->xinfo->pubkey_bytes)) return 0; if (!mlx_kem_have_pubkey(key)) diff --git a/providers/implementations/keymgmt/slh_dsa_kmgmt.c b/providers/implementations/keymgmt/slh_dsa_kmgmt.c index b7f8f351b1f..4da667bb36f 100644 --- a/providers/implementations/keymgmt/slh_dsa_kmgmt.c +++ b/providers/implementations/keymgmt/slh_dsa_kmgmt.c @@ -176,13 +176,13 @@ static int slh_dsa_get_params(void *keydata, OSSL_PARAM params[]) const uint8_t *pub, *priv; if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL - && !OSSL_PARAM_set_int(p, 8 * ossl_slh_dsa_key_get_pub_len(key))) + && !OSSL_PARAM_set_size_t(p, 8 * ossl_slh_dsa_key_get_pub_len(key))) return 0; if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL - && !OSSL_PARAM_set_int(p, 8 * ossl_slh_dsa_key_get_n(key))) + && !OSSL_PARAM_set_size_t(p, 8 * ossl_slh_dsa_key_get_n(key))) return 0; if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL - && !OSSL_PARAM_set_int(p, ossl_slh_dsa_key_get_sig_len(key))) + && !OSSL_PARAM_set_size_t(p, ossl_slh_dsa_key_get_sig_len(key))) return 0; if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_CATEGORY)) != NULL && !OSSL_PARAM_set_int(p, ossl_slh_dsa_key_get_security_category(key))) diff --git a/providers/implementations/macs/gmac_prov.c b/providers/implementations/macs/gmac_prov.c index ca9382b0a82..c56045e8045 100644 --- a/providers/implementations/macs/gmac_prov.c +++ b/providers/implementations/macs/gmac_prov.c @@ -139,7 +139,7 @@ static int gmac_update(void *vmacctx, const unsigned char *data, data += INT_MAX; datalen -= INT_MAX; } - return EVP_EncryptUpdate(ctx, NULL, &outlen, data, datalen); + return EVP_EncryptUpdate(ctx, NULL, &outlen, data, (int)datalen); } static int gmac_final(void *vmacctx, unsigned char *out, size_t *outl, @@ -155,7 +155,7 @@ static int gmac_final(void *vmacctx, unsigned char *out, size_t *outl, if (!EVP_EncryptFinal_ex(macctx->ctx, out, &hlen)) return 0; - hlen = gmac_size(); + hlen = (int)gmac_size(); params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, out, (size_t)hlen); if (!EVP_CIPHER_CTX_get_params(macctx->ctx, params)) @@ -236,7 +236,7 @@ static int gmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[]) return 0; if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, - p->data_size, NULL) <= 0 + (int)p->data_size, NULL) <= 0 || !EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, p->data)) return 0; } diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c index e9c3087027c..2e9ecd0ed5f 100644 --- a/providers/implementations/macs/hmac_prov.c +++ b/providers/implementations/macs/hmac_prov.c @@ -190,7 +190,7 @@ static int hmac_setkey(struct hmac_data_st *macctx, digest = ossl_prov_digest_md(&macctx->digest); /* HMAC_Init_ex doesn't tolerate all zero params, so we must be careful */ if (key != NULL || (macctx->tls_data_size == 0 && digest != NULL)) - return HMAC_Init_ex(macctx->ctx, key, keylen, digest, + return HMAC_Init_ex(macctx->ctx, key, (int)keylen, digest, ossl_prov_digest_engine(&macctx->digest)); return 1; } diff --git a/providers/implementations/macs/kmac_prov.c b/providers/implementations/macs/kmac_prov.c index 8e583ed8f32..2a0a96c6260 100644 --- a/providers/implementations/macs/kmac_prov.c +++ b/providers/implementations/macs/kmac_prov.c @@ -599,9 +599,9 @@ static int bytepad(unsigned char *out, size_t *out_len, const unsigned char *in1, size_t in1_len, const unsigned char *in2, size_t in2_len, size_t w) { - int len; + size_t len; unsigned char *p = out; - int sz = w; + size_t sz = w; if (out == NULL) { if (out_len == NULL) { diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c index 4925a3b400e..aa7f2afd90d 100644 --- a/providers/implementations/rands/drbg.c +++ b/providers/implementations/rands/drbg.c @@ -352,7 +352,8 @@ int ossl_prov_drbg_instantiate(PROV_DRBG *drbg, unsigned int strength, { unsigned char *nonce = NULL, *entropy = NULL; size_t noncelen = 0, entropylen = 0; - size_t min_entropy, min_entropylen, max_entropylen; + unsigned int min_entropy; + size_t min_entropylen, max_entropylen; if (strength > drbg->strength) { ERR_raise(ERR_LIB_PROV, PROV_R_INSUFFICIENT_DRBG_STRENGTH); diff --git a/providers/implementations/rands/drbg_ctr.c b/providers/implementations/rands/drbg_ctr.c index a5c929a2cad..986eb7ed57b 100644 --- a/providers/implementations/rands/drbg_ctr.c +++ b/providers/implementations/rands/drbg_ctr.c @@ -437,7 +437,7 @@ static int drbg_ctr_generate(PROV_DRBG *drbg, * requests in 2^30 byte chunks, which is the greatest multiple * of AES block size lower than or equal to 2^31-1. */ - buflen = outlen > (1U << 30) ? (1U << 30) : outlen; + buflen = outlen > (1U << 30) ? (1 << 30) : (int)outlen; blocks = (buflen + 15) / 16; ctr32 = GETU32(ctr->V + 12) + blocks; @@ -587,7 +587,7 @@ static int drbg_ctr_init(PROV_DRBG *drbg) goto err; } - drbg->strength = keylen * 8; + drbg->strength = (unsigned int)(keylen * 8); drbg->seedlen = keylen + 16; if (ctr->use_df) { diff --git a/providers/implementations/rands/drbg_hash.c b/providers/implementations/rands/drbg_hash.c index 8bb831ae357..22d19807e61 100644 --- a/providers/implementations/rands/drbg_hash.c +++ b/providers/implementations/rands/drbg_hash.c @@ -585,7 +585,7 @@ static int drbg_hash_set_ctx_params_locked(void *vctx, const OSSL_PARAM params[] return 0; hash->blocklen = md_size; /* See SP800-57 Part1 Rev4 5.6.1 Table 3 */ - ctx->strength = 64 * (hash->blocklen >> 3); + ctx->strength = (unsigned int)(64 * (hash->blocklen >> 3)); if (ctx->strength > 256) ctx->strength = 256; if (hash->blocklen > MAX_BLOCKLEN_USING_SMALL_SEEDLEN) diff --git a/providers/implementations/rands/fips_crng_test.c b/providers/implementations/rands/fips_crng_test.c index 209a1adb278..2a2b996fe5b 100644 --- a/providers/implementations/rands/fips_crng_test.c +++ b/providers/implementations/rands/fips_crng_test.c @@ -288,7 +288,7 @@ static size_t crng_test_get_seed(void *vcrngt, unsigned char **pout, { CRNG_TEST *crngt = (CRNG_TEST *)vcrngt; size_t n; - int r = 0; + size_t r = 0; /* Without a parent, we rely on the up calls */ if (crngt->parent == NULL diff --git a/providers/implementations/rands/seeding/rand_win.c b/providers/implementations/rands/seeding/rand_win.c index ee2d3e4d7f6..2cf8fe24d3f 100644 --- a/providers/implementations/rands/seeding/rand_win.c +++ b/providers/implementations/rands/seeding/rand_win.c @@ -88,8 +88,8 @@ size_t ossl_pool_acquire_entropy(RAND_POOL *pool) /* poll the CryptoAPI PRNG */ if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT) != 0) { - if (CryptGenRandom(hProvider, bytes_needed, buffer) != 0) - bytes = bytes_needed; + if (CryptGenRandom(hProvider, (DWORD)bytes_needed, buffer) != 0) + bytes = (DWORD)bytes_needed; CryptReleaseContext(hProvider, 0); } @@ -108,8 +108,8 @@ size_t ossl_pool_acquire_entropy(RAND_POOL *pool) if (CryptAcquireContextW(&hProvider, NULL, INTEL_DEF_PROV, PROV_INTEL_SEC, CRYPT_VERIFYCONTEXT | CRYPT_SILENT) != 0) { - if (CryptGenRandom(hProvider, bytes_needed, buffer) != 0) - bytes = bytes_needed; + if (CryptGenRandom(hProvider, (DWORD)bytes_needed, buffer) != 0) + bytes = (DWORD)bytes_needed; CryptReleaseContext(hProvider, 0); } diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c index 13b38f62e2a..c10df19eee4 100644 --- a/providers/implementations/signature/dsa_sig.c +++ b/providers/implementations/signature/dsa_sig.c @@ -356,7 +356,7 @@ static int dsa_sign_directly(void *vpdsactx, if (mdsize != 0 && tbslen != mdsize) return 0; - ret = ossl_dsa_sign_int(0, tbs, tbslen, sig, &sltmp, pdsactx->dsa, + ret = ossl_dsa_sign_int(0, tbs, (int)tbslen, sig, &sltmp, pdsactx->dsa, pdsactx->nonce_type, pdsactx->mdname, pdsactx->libctx, pdsactx->propq); if (ret <= 0) @@ -446,7 +446,7 @@ static int dsa_verify_directly(void *vpdsactx, if (!ossl_prov_is_running() || (mdsize != 0 && tbslen != mdsize)) return 0; - return DSA_verify(0, tbs, tbslen, sig, siglen, pdsactx->dsa); + return DSA_verify(0, tbs, (int)tbslen, sig, (int)siglen, pdsactx->dsa); } static int dsa_verify_set_sig(void *vpdsactx, diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c index 7bb182bcb5d..a1d78d439fa 100644 --- a/providers/implementations/signature/ecdsa_sig.c +++ b/providers/implementations/signature/ecdsa_sig.c @@ -353,13 +353,13 @@ static int ecdsa_sign_directly(void *vctx, if (ctx->mdname[0] != '\0') mdname = ctx->mdname; - ret = ossl_ecdsa_deterministic_sign(tbs, tbslen, sig, &sltmp, + ret = ossl_ecdsa_deterministic_sign(tbs, (int)tbslen, sig, &sltmp, ctx->ec, ctx->nonce_type, mdname, ctx->libctx, ctx->propq); } else { - ret = ECDSA_sign_ex(0, tbs, tbslen, sig, &sltmp, ctx->kinv, ctx->r, - ctx->ec); + ret = ECDSA_sign_ex(0, tbs, (int)tbslen, sig, &sltmp, + ctx->kinv, ctx->r, ctx->ec); } if (ret <= 0) return 0; @@ -445,7 +445,7 @@ static int ecdsa_verify_directly(void *vctx, if (!ossl_prov_is_running() || (ctx->mdsize != 0 && tbslen != ctx->mdsize)) return 0; - return ECDSA_verify(0, tbs, tbslen, sig, siglen, ctx->ec); + return ECDSA_verify(0, tbs, (int)tbslen, sig, (int)siglen, ctx->ec); } static int ecdsa_verify_set_sig(void *vctx, diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c index 23823a21cb2..79bda673959 100644 --- a/providers/implementations/signature/rsa_sig.c +++ b/providers/implementations/signature/rsa_sig.c @@ -160,7 +160,7 @@ typedef struct { /* True if PSS parameters are restricted */ #define rsa_pss_restricted(prsactx) (prsactx->min_saltlen != -1) -static size_t rsa_get_md_size(const PROV_RSA_CTX *prsactx) +static int rsa_get_md_size(const PROV_RSA_CTX *prsactx) { int md_size; @@ -710,8 +710,8 @@ static int rsa_sign_directly(PROV_RSA_CTX *prsactx, "only PKCS#1 padding supported with MDC2"); return 0; } - ret = RSA_sign_ASN1_OCTET_STRING(0, tbs, tbslen, sig, &sltmp, - prsactx->rsa); + ret = RSA_sign_ASN1_OCTET_STRING(0, tbs, (unsigned int)tbslen, sig, + &sltmp, prsactx->rsa); if (ret <= 0) { ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB); @@ -735,7 +735,7 @@ static int rsa_sign_directly(PROV_RSA_CTX *prsactx, } memcpy(prsactx->tbuf, tbs, tbslen); prsactx->tbuf[tbslen] = RSA_X931_hash_id(prsactx->mdnid); - ret = RSA_private_encrypt(tbslen + 1, prsactx->tbuf, + ret = RSA_private_encrypt((int)(tbslen + 1), prsactx->tbuf, sig, prsactx->rsa, RSA_X931_PADDING); clean_tbuf(prsactx); break; @@ -743,8 +743,8 @@ static int rsa_sign_directly(PROV_RSA_CTX *prsactx, { unsigned int sltmp; - ret = RSA_sign(prsactx->mdnid, tbs, tbslen, sig, &sltmp, - prsactx->rsa); + ret = RSA_sign(prsactx->mdnid, tbs, (unsigned int)tbslen, + sig, &sltmp, prsactx->rsa); if (ret <= 0) { ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB); return 0; @@ -811,7 +811,7 @@ static int rsa_sign_directly(PROV_RSA_CTX *prsactx, return 0; } } else { - ret = RSA_private_encrypt(tbslen, tbs, sig, prsactx->rsa, + ret = RSA_private_encrypt((int)tbslen, tbs, sig, prsactx->rsa, prsactx->pad_mode); } @@ -950,7 +950,7 @@ static int rsa_verify_recover(void *vprsactx, case RSA_X931_PADDING: if (!setup_tbuf(prsactx)) return 0; - ret = RSA_public_decrypt(siglen, sig, prsactx->tbuf, prsactx->rsa, + ret = RSA_public_decrypt((int)siglen, sig, prsactx->tbuf, prsactx->rsa, RSA_X931_PADDING); if (ret < 1) { ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB); @@ -990,7 +990,7 @@ static int rsa_verify_recover(void *vprsactx, ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB); return 0; } - ret = sltmp; + ret = (int)sltmp; } break; @@ -1000,7 +1000,7 @@ static int rsa_verify_recover(void *vprsactx, return 0; } } else { - ret = RSA_public_decrypt(siglen, sig, rout, prsactx->rsa, + ret = RSA_public_decrypt((int)siglen, sig, rout, prsactx->rsa, prsactx->pad_mode); if (ret < 0) { ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB); @@ -1036,8 +1036,8 @@ static int rsa_verify_directly(PROV_RSA_CTX *prsactx, if (prsactx->md != NULL) { switch (prsactx->pad_mode) { case RSA_PKCS1_PADDING: - if (!RSA_verify(prsactx->mdnid, tbs, tbslen, sig, siglen, - prsactx->rsa)) { + if (!RSA_verify(prsactx->mdnid, tbs, (unsigned int)tbslen, + sig, (unsigned int)siglen, prsactx->rsa)) { ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB); return 0; } @@ -1069,7 +1069,7 @@ static int rsa_verify_directly(PROV_RSA_CTX *prsactx, if (!setup_tbuf(prsactx)) return 0; - ret = RSA_public_decrypt(siglen, sig, prsactx->tbuf, + ret = RSA_public_decrypt((int)siglen, sig, prsactx->tbuf, prsactx->rsa, RSA_NO_PADDING); if (ret <= 0) { ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB); @@ -1100,7 +1100,7 @@ static int rsa_verify_directly(PROV_RSA_CTX *prsactx, if (!setup_tbuf(prsactx)) return 0; - ret = RSA_public_decrypt(siglen, sig, prsactx->tbuf, prsactx->rsa, + ret = RSA_public_decrypt((int)siglen, sig, prsactx->tbuf, prsactx->rsa, prsactx->pad_mode); if (ret <= 0) { ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB); diff --git a/providers/implementations/signature/sm2_sig.c b/providers/implementations/signature/sm2_sig.c index bcbbd1e2450..4da392dad1e 100644 --- a/providers/implementations/signature/sm2_sig.c +++ b/providers/implementations/signature/sm2_sig.c @@ -178,7 +178,7 @@ static int sm2sig_sign(void *vpsm2ctx, unsigned char *sig, size_t *siglen, if (ctx->mdsize != 0 && tbslen != ctx->mdsize) return 0; - ret = ossl_sm2_internal_sign(tbs, tbslen, sig, &sltmp, ctx->ec); + ret = ossl_sm2_internal_sign(tbs, (int)tbslen, sig, &sltmp, ctx->ec); if (ret <= 0) return 0; @@ -194,7 +194,7 @@ static int sm2sig_verify(void *vpsm2ctx, const unsigned char *sig, size_t siglen if (ctx->mdsize != 0 && tbslen != ctx->mdsize) return 0; - return ossl_sm2_internal_verify(tbs, tbslen, sig, siglen, ctx->ec); + return ossl_sm2_internal_verify(tbs, (int)tbslen, sig, (int)siglen, ctx->ec); } static void free_md(PROV_SM2_CTX *ctx) diff --git a/providers/implementations/storemgmt/file_store.c b/providers/implementations/storemgmt/file_store.c index 70e811fbe7d..ef9f9bb0465 100644 --- a/providers/implementations/storemgmt/file_store.c +++ b/providers/implementations/storemgmt/file_store.c @@ -339,7 +339,8 @@ static int file_set_ctx_params(void *loaderctx, const OSSL_PARAM params[]) int ok = 0; if (!OSSL_PARAM_get_octet_string_ptr(p, (const void **)&der, &der_len) - || (x509_name = d2i_X509_NAME(NULL, &der, der_len)) == NULL) + || der_len > LONG_MAX + || (x509_name = d2i_X509_NAME(NULL, &der, (long)der_len)) == NULL) return 0; if (ctx->type != IS_DIR) { char *str = X509_NAME_oneline(x509_name, NULL, 0); @@ -587,7 +588,7 @@ static char *file_name_to_uri(struct file_ctx_st *ctx, const char *name) assert(name != NULL); { const char *pathsep = ossl_ends_with_dirsep(ctx->uri) ? "" : "/"; - long calculated_length = strlen(ctx->uri) + strlen(pathsep) + size_t calculated_length = strlen(ctx->uri) + strlen(pathsep) + strlen(name) + 1 /* \0 */; data = OPENSSL_zalloc(calculated_length); diff --git a/providers/implementations/storemgmt/file_store_any2obj.c b/providers/implementations/storemgmt/file_store_any2obj.c index bec6091608a..0d5f875032d 100644 --- a/providers/implementations/storemgmt/file_store_any2obj.c +++ b/providers/implementations/storemgmt/file_store_any2obj.c @@ -176,7 +176,7 @@ static int msblob2obj_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, } ERR_set_mark(); - ok = BIO_read(in, &mem->data[0], mem_want) == (int)mem_want; + ok = BIO_read(in, &mem->data[0], (int)mem_want) == (int)mem_want; mem_len += mem_want; ERR_pop_to_mark(); if (!ok) @@ -198,7 +198,7 @@ static int msblob2obj_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, } ERR_set_mark(); - ok = BIO_read(in, &mem->data[mem_len], mem_want) == (int)mem_want; + ok = BIO_read(in, &mem->data[mem_len], (int)mem_want) == (int)mem_want; mem_len += mem_want; ERR_pop_to_mark(); @@ -245,7 +245,7 @@ static int pvk2obj_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, } ERR_set_mark(); - ok = BIO_read(in, &mem->data[0], mem_want) == (int)mem_want; + ok = BIO_read(in, &mem->data[0], (int)mem_want) == (int)mem_want; mem_len += mem_want; ERR_pop_to_mark(); if (!ok) @@ -267,7 +267,7 @@ static int pvk2obj_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, } ERR_set_mark(); - ok = BIO_read(in, &mem->data[mem_len], mem_want) == (int)mem_want; + ok = BIO_read(in, &mem->data[mem_len], (int)mem_want) == (int)mem_want; mem_len += mem_want; ERR_pop_to_mark(); diff --git a/providers/implementations/storemgmt/winstore_store.c b/providers/implementations/storemgmt/winstore_store.c index 57316c57817..fb28b04738d 100644 --- a/providers/implementations/storemgmt/winstore_store.c +++ b/providers/implementations/storemgmt/winstore_store.c @@ -65,7 +65,7 @@ static void winstore_win_advance(struct winstore_ctx_st *ctx) if (ctx->state == STATE_EOF) return; - name.cbData = ctx->subject_len; + name.cbData = (DWORD)ctx->subject_len; name.pbData = ctx->subject; ctx->win_ctx = (name.cbData == 0 ? NULL :