From: Tomas Mraz Date: Wed, 11 Jun 2025 08:48:01 +0000 (+0200) Subject: libapps + libcrypto: Silence warnings on Win64 builds X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bb86c43fa88ce485b13f94514dddb08ce8f60280;p=thirdparty%2Fopenssl.git libapps + libcrypto: Silence warnings on Win64 builds Reviewed-by: Saša Nedvědický Reviewed-by: Neil Horman (Merged from https://github.com/openssl/openssl/pull/27806) --- diff --git a/apps/lib/app_params.c b/apps/lib/app_params.c index 25b1d4ed371..437392fc8b3 100644 --- a/apps/lib/app_params.c +++ b/apps/lib/app_params.c @@ -112,7 +112,7 @@ static void print_param_utf8(const char **s_ptr, size_t len) } BIO_puts(bio_out, "'"); if (len > 0) - BIO_write(bio_out, s, len); + BIO_write(bio_out, s, (int)len); BIO_puts(bio_out, "'\n"); } diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 33047c00112..a6278f6745e 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -1595,7 +1595,7 @@ int save_serial(const char *serialfile, const char *suffix, BIO *out = NULL; int ret = 0; ASN1_INTEGER *ai = NULL; - int j; + size_t j; if (suffix == NULL) j = strlen(serialfile); @@ -1643,7 +1643,7 @@ int rotate_serial(const char *serialfile, const char *new_suffix, const char *old_suffix) { char buf[2][BSIZE]; - int i, j; + size_t i, j; i = strlen(serialfile) + strlen(old_suffix); j = strlen(serialfile) + strlen(new_suffix); @@ -1807,7 +1807,7 @@ int save_index(const char *dbfile, const char *suffix, CA_DB *db) BIO *out; int j; - j = strlen(dbfile) + strlen(suffix); + j = (int)(strlen(dbfile) + strlen(suffix)); if (j + 6 >= BSIZE) { BIO_printf(bio_err, "File name too long\n"); goto err; @@ -1852,7 +1852,7 @@ int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix) { char buf[5][BSIZE]; - int i, j; + size_t i, j; i = strlen(dbfile) + strlen(old_suffix); j = strlen(dbfile) + strlen(new_suffix); @@ -2039,7 +2039,7 @@ X509_NAME *parse_name(const char *cp, int chtype, int canmulti, continue; } if (!X509_NAME_add_entry_by_NID(n, nid, chtype, - valstr, strlen((char *)valstr), + valstr, (int)strlen((char *)valstr), -1, ismulti ? -1 : 0)) { ERR_print_errors(bio_err); BIO_printf(bio_err, @@ -2764,12 +2764,12 @@ static int WIN32_rename(const char *from, const char *to) goto err; tto = tfrom + flen; # if !defined(_WIN32_WCE) || _WIN32_WCE >= 101 - if (!MultiByteToWideChar(CP_ACP, 0, from, flen, (WCHAR *)tfrom, flen)) + if (!MultiByteToWideChar(CP_ACP, 0, from, (int)flen, (WCHAR *)tfrom, (int)flen)) # endif for (i = 0; i < flen; i++) tfrom[i] = (TCHAR)from[i]; # if !defined(_WIN32_WCE) || _WIN32_WCE >= 101 - if (!MultiByteToWideChar(CP_ACP, 0, to, tlen, (WCHAR *)tto, tlen)) + if (!MultiByteToWideChar(CP_ACP, 0, to, (int)tlen, (WCHAR *)tto, (int)tlen)) # endif for (i = 0; i < tlen; i++) tto[i] = (TCHAR)to[i]; @@ -3275,7 +3275,7 @@ int mem_bio_to_file(BIO *in, const char *filename, int format, int private) out = bio_open_owner(filename, format, private); if (out == NULL) goto end; - rv = BIO_write(out, mem_buffer->data, mem_buffer->length); + rv = BIO_write(out, mem_buffer->data, (int)mem_buffer->length); if (rv < 0 || (size_t)rv != mem_buffer->length) BIO_printf(bio_err, "Error writing to output file: '%s'\n", filename); else diff --git a/apps/lib/apps_ui.c b/apps/lib/apps_ui.c index 00e0ba5d999..0ffc899b2bd 100644 --- a/apps/lib/apps_ui.c +++ b/apps/lib/apps_ui.c @@ -205,7 +205,7 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data) OPENSSL_clear_free(buff, (unsigned int)bufsiz); if (ok >= 0) - res = strlen(buf); + res = (int)strlen(buf); if (ok == -1) { BIO_printf(bio_err, "User interface error\n"); ERR_print_errors(bio_err); diff --git a/apps/lib/columns.c b/apps/lib/columns.c index aa58fe1781f..57e69d7466c 100644 --- a/apps/lib/columns.c +++ b/apps/lib/columns.c @@ -18,7 +18,7 @@ void calculate_columns(FUNCTION *functions, DISPLAY_COLUMNS *dc) for (f = functions; f->name != NULL; ++f) if (f->type == FT_general || f->type == FT_md || f->type == FT_cipher) - if ((len = strlen(f->name)) > maxlen) + if ((len = (int)strlen(f->name)) > maxlen) maxlen = len; dc->width = maxlen + 2; diff --git a/apps/lib/opt.c b/apps/lib/opt.c index 39276d828c8..978ac5280d2 100644 --- a/apps/lib/opt.c +++ b/apps/lib/opt.c @@ -1206,7 +1206,7 @@ void opt_help(const OPTIONS *list) i = 2 + (int)strlen(o->name); if (o->valtype != '-') - i += 1 + strlen(valtype2param(o)); + i += 1 + (int)strlen(valtype2param(o)); if (i > width) width = i; @@ -1243,7 +1243,7 @@ int opt_isdir(const char *name) return -1; # if !defined(_WIN32_WCE) || _WIN32_WCE>=101 - if (!MultiByteToWideChar(CP_ACP, 0, name, len_0, tempname, MAX_PATH)) + if (!MultiByteToWideChar(CP_ACP, 0, name, (int)len_0, tempname, MAX_PATH)) # endif for (i = 0; i < len_0; i++) tempname[i] = (WCHAR)name[i]; diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c index 9641e369e62..053f1e862da 100644 --- a/apps/lib/s_cb.c +++ b/apps/lib/s_cb.c @@ -509,7 +509,8 @@ long bio_dump_callback(BIO *bio, int cmd, const char *argp, size_t len, BIO_printf(out, "read from %p [%p] (%zu bytes => %zu (0x%zX))\n", (void *)bio, (void *)msg->data, msg->data_len, msg->data_len, msg->data_len); - BIO_dump(out, msg->data, msg->data_len); + if (msg->data_len <= INT_MAX) + BIO_dump(out, msg->data, (int)msg->data_len); } } else if (mmsgargs->num_msg > 0) { BIO_MSG *msg = mmsgargs->msg; @@ -529,7 +530,8 @@ long bio_dump_callback(BIO *bio, int cmd, const char *argp, size_t len, BIO_printf(out, "write to %p [%p] (%zu bytes => %zu (0x%zX))\n", (void *)bio, (void *)msg->data, msg->data_len, msg->data_len, msg->data_len); - BIO_dump(out, msg->data, msg->data_len); + if (msg->data_len <= INT_MAX) + BIO_dump(out, msg->data, (int)msg->data_len); } } else if (mmsgargs->num_msg > 0) { BIO_MSG *msg = mmsgargs->msg; diff --git a/apps/lib/win32_init.c b/apps/lib/win32_init.c index 6d2be0c6294..35dd71cd349 100644 --- a/apps/lib/win32_init.c +++ b/apps/lib/win32_init.c @@ -159,9 +159,9 @@ void win32_utf8argv(int *argc, char **argv[]) /* * make a copy of the command line, since we might have to modify it... */ - wlen = wcslen(wcmdline); + wlen = (int)wcslen(wcmdline); p = _alloca((wlen + 1) * sizeof(WCHAR)); - wcscpy(p, wcmdline); + memcpy(p, wcmdline, (wlen + 1) * sizeof(WCHAR)); while (*p != L'\0') { int in_quote = 0; @@ -205,14 +205,12 @@ void win32_utf8argv(int *argc, char **argv[]) */ { const WCHAR *q = p; - int i; + size_t i; while (*p == L'\\') p++; if (*p == L'"') { - int i; - for (i = (p - q) / 2; i > 0; i--) *wend++ = L'\\'; @@ -248,7 +246,7 @@ void win32_utf8argv(int *argc, char **argv[]) } } - wlen = wend - warg; + wlen = (int)(wend - warg); if (wlen == 0 || !process_glob(warg, wlen)) { if (!validate_argv(newargc + 1)) { diff --git a/crypto/LPdir_win.c b/crypto/LPdir_win.c index 83cbe1fc090..5cc23908dae 100644 --- a/crypto/LPdir_win.c +++ b/crypto/LPdir_win.c @@ -105,13 +105,13 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) do { # ifdef CP_UTF8 if ((sz = MultiByteToWideChar((cp = CP_UTF8), 0, - directory, len_0, + directory, (int)len_0, NULL, 0)) > 0 || GetLastError() != ERROR_NO_UNICODE_TRANSLATION) break; # endif sz = MultiByteToWideChar((cp = CP_ACP), 0, - directory, len_0, + directory, (int)len_0, NULL, 0); } while (0); @@ -121,7 +121,7 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) * concatenate asterisk, |sz| covers trailing '\0'! */ wdir = _alloca((sz + 2) * sizeof(TCHAR)); - if (!MultiByteToWideChar(cp, 0, directory, len_0, + if (!MultiByteToWideChar(cp, 0, directory, (int)len_0, (WCHAR *)wdir, sz)) { free(*ctx); *ctx = NULL; @@ -131,7 +131,7 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) } else #endif { - sz = len_0; + sz = (int)len_0; /* * allocate two additional characters in case we need to * concatenate asterisk, |sz| covers trailing '\0'! @@ -186,7 +186,7 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) len_0++; #ifdef LP_MULTIBYTE_AVAILABLE - if (!WideCharToMultiByte(CP_DEFAULT, 0, (WCHAR *)wdir, len_0, + if (!WideCharToMultiByte(CP_DEFAULT, 0, (WCHAR *)wdir, (int)len_0, (*ctx)->entry_name, sizeof((*ctx)->entry_name), NULL, 0)) #endif diff --git a/crypto/aes/aes_wrap.c b/crypto/aes/aes_wrap.c index 2187883aff9..b57891e3aa8 100644 --- a/crypto/aes/aes_wrap.c +++ b/crypto/aes/aes_wrap.c @@ -21,13 +21,13 @@ int AES_wrap_key(AES_KEY *key, const unsigned char *iv, unsigned char *out, const unsigned char *in, unsigned int inlen) { - return CRYPTO_128_wrap(key, iv, out, in, inlen, (block128_f) AES_encrypt); + return (int)CRYPTO_128_wrap(key, iv, out, in, inlen, (block128_f) AES_encrypt); } int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, unsigned char *out, const unsigned char *in, unsigned int inlen) { - return CRYPTO_128_unwrap(key, iv, out, in, inlen, - (block128_f) AES_decrypt); + return (int)CRYPTO_128_unwrap(key, iv, out, in, inlen, + (block128_f) AES_decrypt); } diff --git a/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.c index 4999ac1f65b..0c7e17b2e60 100644 --- a/crypto/asn1/a_d2i_fp.c +++ b/crypto/asn1/a_d2i_fp.c @@ -110,7 +110,6 @@ int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) { BUF_MEM *b; unsigned char *p; - int i; size_t want = HEADER_SIZE; uint32_t eos = 0; size_t off = 0; @@ -131,13 +130,15 @@ int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) for (;;) { diff = len - off; if (want >= diff) { + int i; + want -= diff; if (len + want < len || !BUF_MEM_grow_clean(b, len + want)) { ERR_raise(ERR_LIB_ASN1, ERR_R_BUF_LIB); goto err; } - i = BIO_read(in, &(b->data[len]), want); + i = BIO_read(in, &(b->data[len]), (int)want); if (i < 0 && diff == 0) { ERR_raise(ERR_LIB_ASN1, ASN1_R_NOT_ENOUGH_DATA); goto err; @@ -160,7 +161,7 @@ int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) diff = len - off; if (diff == 0) goto err; - inf = ASN1_get_object(&q, &slen, &tag, &xclass, diff); + inf = ASN1_get_object(&q, &slen, &tag, &xclass, (int)diff); if (inf & 0x80) { unsigned long e; @@ -169,8 +170,7 @@ int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) goto err; ERR_pop_to_mark(); } - i = q - p; /* header length */ - off += i; /* end of data */ + off += q - p; /* end of data */ if (inf & 1) { /* no data body so go round again */ @@ -207,6 +207,7 @@ int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) * in one go. */ size_t chunk = want > chunk_max ? chunk_max : want; + int i; if (!BUF_MEM_grow_clean(b, len + chunk)) { ERR_raise(ERR_LIB_ASN1, ERR_R_BUF_LIB); @@ -214,7 +215,7 @@ int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) } want -= chunk; while (chunk > 0) { - i = BIO_read(in, &(b->data[len]), chunk); + i = BIO_read(in, &(b->data[len]), (int)chunk); if (i <= 0) { ERR_raise(ERR_LIB_ASN1, ASN1_R_NOT_ENOUGH_DATA); goto err; @@ -248,7 +249,7 @@ int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) } *pb = b; - return off; + return (int)off; err: ERR_clear_last_mark(); BUF_MEM_free(b); diff --git a/crypto/asn1/a_gentm.c b/crypto/asn1/a_gentm.c index 0c06ac3c416..ea6df5e346f 100644 --- a/crypto/asn1/a_gentm.c +++ b/crypto/asn1/a_gentm.c @@ -38,9 +38,13 @@ int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d) int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str) { ASN1_GENERALIZEDTIME t; + size_t len; + + if ((len = strlen(str)) >= INT_MAX) + return 0; t.type = V_ASN1_GENERALIZEDTIME; - t.length = strlen(str); + t.length = (int)len; t.data = (unsigned char *)str; t.flags = 0; diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c index 854844e7eaf..932bd0dacf0 100644 --- a/crypto/asn1/a_int.c +++ b/crypto/asn1/a_int.c @@ -206,7 +206,16 @@ static size_t c2i_ibuf(unsigned char *b, int *pneg, int ossl_i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) { - return i2c_ibuf(a->data, a->length, a->type & V_ASN1_NEG, pp); + unsigned char *ptr = pp != NULL ? *pp : NULL; + size_t ret = i2c_ibuf(a->data, a->length, a->type & V_ASN1_NEG, &ptr); + + if (ret > INT_MAX) { + ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE); + return 0; + } + if (pp != NULL) + *pp = ptr; + return (int)ret; } /* Convert big endian buffer into uint64_t, return 0 on error */ @@ -307,7 +316,7 @@ ASN1_INTEGER *ossl_c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, } else ret = *a; - if (ASN1_STRING_set(ret, NULL, r) == 0) { + if (r > INT_MAX || ASN1_STRING_set(ret, NULL, (int)r) == 0) { ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB); goto err; } @@ -362,7 +371,7 @@ static int asn1_string_set_int64(ASN1_STRING *a, int64_t r, int itype) off = asn1_put_uint64(tbuf, r); a->type &= ~V_ASN1_NEG; } - return ASN1_STRING_set(a, tbuf + off, sizeof(tbuf) - off); + return ASN1_STRING_set(a, tbuf + off, (int)(sizeof(tbuf) - off)); } static int asn1_string_get_uint64(uint64_t *pr, const ASN1_STRING *a, @@ -390,7 +399,7 @@ static int asn1_string_set_uint64(ASN1_STRING *a, uint64_t r, int itype) a->type = itype; off = asn1_put_uint64(tbuf, r); - return ASN1_STRING_set(a, tbuf + off, sizeof(tbuf) - off); + return ASN1_STRING_set(a, tbuf + off, (int)(sizeof(tbuf) - off)); } /* @@ -642,6 +651,6 @@ int ossl_i2c_uint64_int(unsigned char *p, uint64_t r, int neg) size_t off; off = asn1_put_uint64(buf, r); - return i2c_ibuf(buf + off, sizeof(buf) - off, neg, &p); + return (int)i2c_ibuf(buf + off, sizeof(buf) - off, neg, &p); } diff --git a/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.c index c8170e16267..9e6b83cdd2b 100644 --- a/crypto/asn1/a_mbstr.c +++ b/crypto/asn1/a_mbstr.c @@ -51,12 +51,21 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, unsigned char *p; int nchar; int (*cpyfunc) (unsigned long, void *) = NULL; - if (len == -1) - len = strlen((const char *)in); + if (len == -1) { + size_t len_s = strlen((const char *)in); + + if (len_s >= INT_MAX) { + ERR_raise(ERR_LIB_ASN1, ASN1_R_STRING_TOO_LONG); + return -1; + } + len = (int)len_s; + } if (!mask) mask = DIRSTRING_TYPE; - if (len < 0) + if (len < 0) { + ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_INVALID_ARGUMENT); return -1; + } /* First do a string check and work out the number of characters */ switch (inform) { diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c index 6eb9feb16c4..89e7540e220 100644 --- a/crypto/asn1/a_object.c +++ b/crypto/asn1/a_object.c @@ -57,10 +57,17 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) unsigned long l; BIGNUM *bl = NULL; - if (num == 0) + if (num == 0) { return 0; - else if (num == -1) - num = strlen(buf); + } else if (num == -1) { + size_t num_s = strlen(buf); + + if (num_s >= INT_MAX) { + ERR_raise(ERR_LIB_ASN1, ASN1_R_LENGTH_TOO_LONG); + goto err; + } + num = (int)num_s; + } p = buf; c = *(p++); diff --git a/crypto/asn1/a_print.c b/crypto/asn1/a_print.c index d2768f74bdc..d0f59db0456 100644 --- a/crypto/asn1/a_print.c +++ b/crypto/asn1/a_print.c @@ -22,7 +22,7 @@ int ASN1_PRINTABLE_type(const unsigned char *s, int len) return V_ASN1_PRINTABLESTRING; if (len < 0) - len = strlen((const char *)s); + len = (int)strlen((const char *)s); while (len-- > 0) { c = *(s++); diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c index 073945172bb..596e19e152d 100644 --- a/crypto/asn1/a_sign.c +++ b/crypto/asn1/a_sign.c @@ -191,7 +191,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, if (algor1 != NULL) { const unsigned char *pp = aid; - if (d2i_X509_ALGOR(&algor1, &pp, aid_len) == NULL) { + if (d2i_X509_ALGOR(&algor1, &pp, (long)aid_len) == NULL) { ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR); goto err; } @@ -200,7 +200,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, if (algor2 != NULL) { const unsigned char *pp = aid; - if (d2i_X509_ALGOR(&algor2, &pp, aid_len) == NULL) { + if (d2i_X509_ALGOR(&algor2, &pp, (long)aid_len) == NULL) { ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR); goto err; } @@ -277,7 +277,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); goto err; } - ASN1_STRING_set0(signature, buf_out, outl); + ASN1_STRING_set0(signature, buf_out, (int)outl); buf_out = NULL; /* * In the interests of compatibility, I'll make sure that the bit string @@ -287,5 +287,5 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, err: OPENSSL_clear_free((char *)buf_in, inl); OPENSSL_clear_free((char *)buf_out, outll); - return outl; + return (int)outl; } diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c index 4b031a73add..1aff6123b40 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -527,7 +527,7 @@ static int do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n, objbuf = ""; } } - objlen = strlen(objbuf); + objlen = (int)strlen(objbuf); if (!io_ch(arg, objbuf, objlen)) return -1; if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) { diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index 194504415dd..ad28f46a9ba 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -266,7 +266,7 @@ ASN1_TIME *ossl_asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type) { char* p; ASN1_TIME *tmps = NULL; - const size_t len = 20; + const int len = 20; if (type == V_ASN1_UNDEF) { if (is_utc(ts->tm_year)) @@ -386,8 +386,11 @@ int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str) ASN1_TIME t; struct tm tm; int rv = 0; + size_t len; - t.length = strlen(str); + if ((len = strlen(str)) >= INT_MAX) + goto out; + t.length = (int)len; t.data = (unsigned char *)str; t.flags = ASN1_STRING_FLAG_X509_TIME; diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c index 323941ba97e..6c4598ac6ec 100644 --- a/crypto/asn1/a_utctm.c +++ b/crypto/asn1/a_utctm.c @@ -34,9 +34,12 @@ int ASN1_UTCTIME_check(const ASN1_UTCTIME *d) int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str) { ASN1_UTCTIME t; + size_t len; + if ((len = strlen(str)) >= INT_MAX) + return 0; t.type = V_ASN1_UTCTIME; - t.length = strlen(str); + t.length = (int)len; t.data = (unsigned char *)str; t.flags = 0; diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index 6ba13dd7f22..4abbd1e5716 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -110,7 +110,7 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, const EVP_PKEY_ASN1_METHOD *ameth = NULL; if (len == -1) - len = strlen(str); + len = (int)strlen(str); if (pe) { #ifndef OPENSSL_NO_ENGINE ENGINE *e; diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index 50b4db97aa6..937daf0645b 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -160,7 +160,7 @@ static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth, if (r & 0x80) goto err; /* Update copy length */ - cpy_len -= cpy_start - orig_der; + cpy_len -= (int)(cpy_start - orig_der); /* * For IMPLICIT tagging the length should match the original length * and constructed flag should be consistent. @@ -255,8 +255,8 @@ static int asn1_cb(const char *elem, int len, void *bitstr) /* Look for the ':' in name value pairs */ if (*p == ':') { vstart = p + 1; - vlen = len - (vstart - elem); - len = p - elem; + vlen = len - (int)(vstart - elem); + len = (int)(p - elem); break; } } @@ -362,7 +362,7 @@ static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass) *ptag = tag_num; /* If we have non numeric characters, parse them */ if (eptr) - vlen -= eptr - vstart; + vlen -= (int)(eptr - vstart); else vlen = 0; if (vlen) { @@ -562,7 +562,7 @@ static int asn1_str2tag(const char *tagstr, int len) }; if (len == -1) - len = strlen(tagstr); + len = (int)strlen(tagstr); tntmp = tnst; for (i = 0; i < OSSL_NELEM(tnst); i++, tntmp++) { diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index e3a8480eef3..e286a24d0de 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -318,7 +318,7 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in) return 0; } } - str->length = len; + str->length = (int)len; if (data != NULL) { memcpy(str->data, data, len); #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION diff --git a/crypto/asn1/asn1_local.h b/crypto/asn1/asn1_local.h index 10e9fcb7de4..cb78e993ad7 100644 --- a/crypto/asn1/asn1_local.h +++ b/crypto/asn1/asn1_local.h @@ -69,7 +69,7 @@ void ossl_asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it); void ossl_asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it); int ossl_asn1_enc_restore(int *len, unsigned char **out, const ASN1_VALUE **pval, const ASN1_ITEM *it); -int ossl_asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, +int ossl_asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, long inlen, const ASN1_ITEM *it); void ossl_asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed); diff --git a/crypto/asn1/asn1_parse.c b/crypto/asn1/asn1_parse.c index 6a4618d253d..9efb7c997df 100644 --- a/crypto/asn1/asn1_parse.c +++ b/crypto/asn1/asn1_parse.c @@ -120,7 +120,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, BIO_puts(bp, "Error in encoding\n"); goto end; } - hl = (p - op); + hl = (int)(p - op); length -= hl; /* * if j == 0x21 it is a constructed indefinite length object @@ -141,12 +141,12 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, if ((j == 0x21) && (len == 0)) { for (;;) { r = asn1_parse2(bp, &p, (long)(tot - p), - offset + (p - *pp), depth + 1, + offset + (int)(p - *pp), depth + 1, indent, dump); if (r == 0) goto end; if ((r == 2) || (p >= tot)) { - len = p - sp; + len = (long)(p - sp); break; } } @@ -156,11 +156,11 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, while (p < ep) { sp = p; r = asn1_parse2(bp, &p, tmp, - offset + (p - *pp), depth + 1, + offset + (int)(p - *pp), depth + 1, indent, dump); if (r == 0) goto end; - tmp -= p - sp; + tmp -= (long)(p - sp); } } } else if (xclass != 0) { diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c index fab66d791bd..430bd38eadb 100644 --- a/crypto/asn1/asn_mime.c +++ b/crypto/asn1/asn_mime.c @@ -647,12 +647,15 @@ static int multi_split(BIO *bio, int flags, const char *bound, STACK_OF(BIO) **r { char linebuf[MAX_SMLEN]; int len, blen; + size_t blen_s = strlen(bound); int eol = 0, next_eol = 0; BIO *bpart = NULL; STACK_OF(BIO) *parts; char state, part, first; - blen = strlen(bound); + if (blen_s > MAX_SMLEN) + return 0; + blen = (int)blen_s; part = 0; state = 0; first = 1; @@ -1028,10 +1031,8 @@ static void mime_param_free(MIME_PARAM *param) */ static int mime_bound_check(char *line, int linelen, const char *bound, int blen) { - if (linelen == -1) - linelen = strlen(line); - if (blen == -1) - blen = strlen(bound); + if (linelen < 0 || blen < 0) + return 0; /* Quickly eliminate if line length too short */ if (blen + 2 > linelen) return 0; diff --git a/crypto/asn1/bio_asn1.c b/crypto/asn1/bio_asn1.c index f1499425010..05e71e9f063 100644 --- a/crypto/asn1/bio_asn1.c +++ b/crypto/asn1/bio_asn1.c @@ -302,7 +302,12 @@ static int asn1_bio_read(BIO *b, char *in, int inl) static int asn1_bio_puts(BIO *b, const char *str) { - return asn1_bio_write(b, str, strlen(str)); + size_t len = strlen(str); + + if (len > INT_MAX) + return -1; + + return asn1_bio_write(b, str, (int)len); } static int asn1_bio_gets(BIO *b, char *str, int size) diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c index 279609e6035..202be9fe428 100644 --- a/crypto/asn1/bio_ndef.c +++ b/crypto/asn1/bio_ndef.c @@ -150,7 +150,7 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg) if (*ndef_aux->boundary == NULL) return 0; - *plen = *ndef_aux->boundary - *pbuf; + *plen = (int)(*ndef_aux->boundary - *pbuf); return 1; } @@ -223,7 +223,7 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg) if (*ndef_aux->boundary == NULL) return 0; *pbuf = *ndef_aux->boundary; - *plen = derlen - (*ndef_aux->boundary - ndef_aux->derbuf); + *plen = derlen - (int)(*ndef_aux->boundary - ndef_aux->derbuf); return 1; } diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c index 7f68e573280..d0c0be517bf 100644 --- a/crypto/asn1/d2i_pr.c +++ b/crypto/asn1/d2i_pr.c @@ -49,7 +49,7 @@ d2i_PrivateKey_decoder(int keytype, EVP_PKEY **a, const unsigned char **pp, /* This is just a probe. It might fail, so we ignore errors */ ERR_set_mark(); - p8info = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, len); + p8info = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, length); ERR_pop_to_mark(); if (p8info != NULL) { int64_t v; diff --git a/crypto/asn1/p5_scrypt.c b/crypto/asn1/p5_scrypt.c index 4f3dcecd41a..e87e6ec5243 100644 --- a/crypto/asn1/p5_scrypt.c +++ b/crypto/asn1/p5_scrypt.c @@ -30,7 +30,7 @@ ASN1_SEQUENCE(SCRYPT_PARAMS) = { IMPLEMENT_ASN1_FUNCTIONS(SCRYPT_PARAMS) -static X509_ALGOR *pkcs5_scrypt_set(const unsigned char *salt, size_t saltlen, +static X509_ALGOR *pkcs5_scrypt_set(const unsigned char *salt, int saltlen, size_t keylen, uint64_t N, uint64_t r, uint64_t p); @@ -153,7 +153,7 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, return NULL; } -static X509_ALGOR *pkcs5_scrypt_set(const unsigned char *salt, size_t saltlen, +static X509_ALGOR *pkcs5_scrypt_set(const unsigned char *salt, int saltlen, size_t keylen, uint64_t N, uint64_t r, uint64_t p) { diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index c4f9d61514e..6d410606254 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -351,7 +351,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, } else if (ret == -1) return -1; if (aux && (aux->flags & ASN1_AFLG_BROKEN)) { - len = tmplen - (p - *in); + len = tmplen - (long)(p - *in); seq_nolen = 1; } /* If indefinite we don't do a length check */ @@ -401,7 +401,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, ERR_raise(ERR_LIB_ASN1, ASN1_R_UNEXPECTED_EOC); goto err; } - len -= p - q; + len -= (long)(p - q); seq_eoc = 0; break; } @@ -432,7 +432,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, continue; } /* Update length */ - len -= p - q; + len -= (long)(p - q); } /* Check for EOC if expecting one */ @@ -467,7 +467,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, } } /* Save encoding */ - if (!ossl_asn1_enc_save(pval, *in, p - *in, it)) + if (!ossl_asn1_enc_save(pval, *in, (long)(p - *in), it)) goto auxerr; if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL)) goto auxerr; @@ -538,7 +538,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val, return 0; } /* We read the field in OK so update length */ - len -= p - q; + len -= (long)(p - q); if (exp_eoc) { /* If NDEF we must have an EOC here */ if (!asn1_check_eoc(&p, len)) { @@ -643,7 +643,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, ERR_raise(ERR_LIB_ASN1, ASN1_R_UNEXPECTED_EOC); goto err; } - len -= p - q; + len -= (long)(p - q); sk_eoc = 0; break; } @@ -656,7 +656,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, ASN1_item_free(skfield, ASN1_ITEM_ptr(tt->item)); goto err; } - len -= p - q; + len -= (long)(p - q); if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val, skfield)) { ERR_raise(ERR_LIB_ASN1, ERR_R_CRYPTO_LIB); ASN1_item_free(skfield, ASN1_ITEM_ptr(tt->item)); @@ -775,9 +775,9 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, if (inf) { if (!asn1_find_end(&p, plen, inf)) goto err; - len = p - cont; + len = (long)(p - cont); } else { - len = p - cont + plen; + len = (long)(p - cont) + plen; p += plen; } } else if (cst) { @@ -799,7 +799,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0)) { goto err; } - len = buf.length; + len = (long)buf.length; /* Append a final null to string */ if (!BUF_MEM_grow_clean(&buf, len + 1)) { ERR_raise(ERR_LIB_ASN1, ERR_R_BUF_LIB); @@ -1017,7 +1017,7 @@ static int asn1_find_end(const unsigned char **in, long len, char inf) } else { p += plen; } - len -= p - q; + len -= (long)(p - q); } if (expected_eoc) { ERR_raise(ERR_LIB_ASN1, ASN1_R_MISSING_EOC); @@ -1090,7 +1090,7 @@ static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, return 0; } else if (plen && !collect_data(buf, &p, plen)) return 0; - len -= p - q; + len -= (long)(p - q); } if (inf) { ERR_raise(ERR_LIB_ASN1, ASN1_R_MISSING_EOC); @@ -1102,9 +1102,14 @@ static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen) { - int len; + long len; if (buf) { - len = buf->length; + len = (long)buf->length; + if (len + plen < 0) { + /* resulting buffer length will not fit into long */ + ERR_raise(ERR_LIB_ASN1, ASN1_R_LENGTH_TOO_LONG); + return 0; + } if (!BUF_MEM_grow_clean(buf, len + plen)) { ERR_raise(ERR_LIB_ASN1, ERR_R_BUF_LIB); return 0; @@ -1167,7 +1172,7 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, ctx->plen = plen; ctx->pclass = pclass; ctx->ptag = ptag; - ctx->hdrlen = p - q; + ctx->hdrlen = (int)(p - q); ctx->valid = 1; /* * If definite length, and no error, length + header can't exceed @@ -1202,7 +1207,7 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, } if ((i & 1) != 0) - plen = len - (p - q); + plen = len - (long)(p - q); if (inf != NULL) *inf = i & 1; diff --git a/crypto/asn1/tasn_utl.c b/crypto/asn1/tasn_utl.c index 67a9ccde62d..b9196397b4e 100644 --- a/crypto/asn1/tasn_utl.c +++ b/crypto/asn1/tasn_utl.c @@ -161,7 +161,7 @@ void ossl_asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it) } } -int ossl_asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, +int ossl_asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, long inlen, const ASN1_ITEM *it) { ASN1_ENCODING *enc = asn1_get_enc_ptr(pval, it); @@ -170,8 +170,10 @@ int ossl_asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, return 1; OPENSSL_free(enc->enc); - if (inlen <= 0) + if (inlen <= 0) { + enc->enc = NULL; return 0; + } if ((enc->enc = OPENSSL_malloc(inlen)) == NULL) return 0; memcpy(enc->enc, in, inlen); diff --git a/crypto/async/async.c b/crypto/async/async.c index 447c7976109..65beb8fa843 100644 --- a/crypto/async/async.c +++ b/crypto/async/async.c @@ -344,7 +344,7 @@ int ASYNC_init_thread(size_t max_size, size_t init_size) async_pool *pool; size_t curr_size = 0; - if (init_size > max_size) { + if (init_size > max_size || max_size > INT_MAX) { ERR_raise(ERR_LIB_ASYNC, ASYNC_R_INVALID_POOL_SIZE); return 0; } @@ -359,7 +359,7 @@ int ASYNC_init_thread(size_t max_size, size_t init_size) if (pool == NULL) return 0; - pool->jobs = sk_ASYNC_JOB_new_reserve(NULL, init_size); + pool->jobs = sk_ASYNC_JOB_new_reserve(NULL, (int)init_size); if (pool->jobs == NULL) { ERR_raise(ERR_LIB_ASYNC, ERR_R_CRYPTO_LIB); OPENSSL_free(pool); diff --git a/crypto/bio/bf_buff.c b/crypto/bio/bf_buff.c index 737910cc751..47f3d1cd6c6 100644 --- a/crypto/bio/bf_buff.c +++ b/crypto/bio/bf_buff.c @@ -465,5 +465,9 @@ static int buffer_gets(BIO *b, char *buf, int size) static int buffer_puts(BIO *b, const char *str) { - return buffer_write(b, str, strlen(str)); + size_t len = strlen(str); + + if (len > INT_MAX) + return -1; + return buffer_write(b, str, (int)len); } diff --git a/crypto/bio/bf_lbuf.c b/crypto/bio/bf_lbuf.c index eed3dc4633e..a3b65e88926 100644 --- a/crypto/bio/bf_lbuf.c +++ b/crypto/bio/bf_lbuf.c @@ -133,14 +133,15 @@ static int linebuffer_write(BIO *b, const char *in, int inl) while ((foundnl || p - in > ctx->obuf_size - ctx->obuf_len) && ctx->obuf_len > 0) { int orig_olen = ctx->obuf_len; + int llen = (int)(p - in); i = ctx->obuf_size - ctx->obuf_len; - if (p - in > 0) { - if (i >= p - in) { - memcpy(&(ctx->obuf[ctx->obuf_len]), in, p - in); - ctx->obuf_len += p - in; - inl -= p - in; - num += p - in; + if (llen > 0) { + if (i >= llen) { + memcpy(&(ctx->obuf[ctx->obuf_len]), in, llen); + ctx->obuf_len += llen; + inl -= llen; + num += llen; in = p; } else { memcpy(&(ctx->obuf[ctx->obuf_len]), in, i); @@ -170,7 +171,7 @@ static int linebuffer_write(BIO *b, const char *in, int inl) * if a NL was found and there is anything to write. */ if ((foundnl || p - in > ctx->obuf_size) && p - in > 0) { - i = BIO_write(b->next_bio, in, p - in); + i = BIO_write(b->next_bio, in, (int)(p - in)); if (i <= 0) { BIO_copy_next_retry(b); if (i < 0) @@ -311,5 +312,9 @@ static int linebuffer_gets(BIO *b, char *buf, int size) static int linebuffer_puts(BIO *b, const char *str) { - return linebuffer_write(b, str, strlen(str)); + size_t len = strlen(str); + + if (len > INT_MAX) + return -1; + return linebuffer_write(b, str, (int)len); } diff --git a/crypto/bio/bf_prefix.c b/crypto/bio/bf_prefix.c index 872efa13b55..e13173fde10 100644 --- a/crypto/bio/bf_prefix.c +++ b/crypto/bio/bf_prefix.c @@ -203,5 +203,9 @@ static int prefix_gets(BIO *b, char *buf, int size) static int prefix_puts(BIO *b, const char *str) { - return BIO_write(b, str, strlen(str)); + size_t len = strlen(str); + + if (len > INT_MAX) + return -1; + return BIO_write(b, str, (int)len); } diff --git a/crypto/bio/bio_addr.c b/crypto/bio/bio_addr.c index 4bdce0bbe84..7301165a7e3 100644 --- a/crypto/bio/bio_addr.c +++ b/crypto/bio/bio_addr.c @@ -427,7 +427,7 @@ int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai) socklen_t BIO_ADDRINFO_sockaddr_size(const BIO_ADDRINFO *bai) { if (bai != NULL) - return bai->bai_addrlen; + return (socklen_t)bai->bai_addrlen; return 0; } diff --git a/crypto/bio/bio_cb.c b/crypto/bio/bio_cb.c index 8e4f79ea3cd..86d42a2b354 100644 --- a/crypto/bio/bio_cb.c +++ b/crypto/bio/bio_cb.c @@ -111,7 +111,7 @@ long BIO_debug_callback_ex(BIO *bio, int cmd, const char *argp, size_t len, b = (BIO *)bio->cb_arg; if (b != NULL) - BIO_write(b, buf, strlen(buf)); + BIO_write(b, buf, (int)strlen(buf)); #if !defined(OPENSSL_NO_STDIO) else fputs(buf, stderr); diff --git a/crypto/bio/bio_dump.c b/crypto/bio/bio_dump.c index a566a9efe48..88adb09de77 100644 --- a/crypto/bio/bio_dump.c +++ b/crypto/bio/bio_dump.c @@ -99,7 +99,7 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), #ifndef OPENSSL_NO_STDIO static int write_fp(const void *data, size_t len, void *fp) { - return UP_fwrite(data, len, 1, fp); + return (int)UP_fwrite(data, len, 1, fp); } int BIO_dump_fp(FILE *fp, const void *s, int len) @@ -115,7 +115,9 @@ int BIO_dump_indent_fp(FILE *fp, const void *s, int len, int indent) static int write_bio(const void *data, size_t len, void *bp) { - return BIO_write((BIO *)bp, (const char *)data, len); + if (len > INT_MAX) + return -1; + return BIO_write((BIO *)bp, (const char *)data, (int)len); } int BIO_dump(BIO *bp, const void *s, int len) diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c index 66e575a837c..0250524e479 100644 --- a/crypto/bio/bio_lib.c +++ b/crypto/bio/bio_lib.c @@ -65,7 +65,7 @@ static long bio_call_callback(BIO *b, int oper, const char *argp, size_t len, if (inret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) { if (*processed > INT_MAX) return -1; - inret = *processed; + inret = (long)*processed; } ret = b->callback(b, oper, argp, argi, argl, inret); @@ -433,9 +433,9 @@ int BIO_sendmmsg(BIO *b, BIO_MSG *msg, if (HAS_CALLBACK(b)) ret = (size_t)bio_call_callback(b, BIO_CB_SENDMMSG | BIO_CB_RETURN, - (void *)&args, ret, 0, 0, ret, NULL); + (void *)&args, ret, 0, 0, (long)ret, NULL); - return ret; + return ret > 0; } int BIO_recvmmsg(BIO *b, BIO_MSG *msg, @@ -480,9 +480,9 @@ int BIO_recvmmsg(BIO *b, BIO_MSG *msg, if (HAS_CALLBACK(b)) ret = (size_t)bio_call_callback(b, BIO_CB_RECVMMSG | BIO_CB_RETURN, - (void *)&args, ret, 0, 0, ret, NULL); + (void *)&args, ret, 0, 0, (long)ret, NULL); - return ret; + return ret > 0; } int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc) @@ -624,7 +624,7 @@ int BIO_get_line(BIO *bio, char *buf, int size) if (*ptr++ == '\n') break; *ptr = '\0'; - return ret > 0 || BIO_eof(bio) ? ptr - buf : ret; + return ret > 0 || BIO_eof(bio) ? (int)(ptr - buf) : ret; } int BIO_indent(BIO *b, int indent, int max) diff --git a/crypto/bio/bio_print.c b/crypto/bio/bio_print.c index 887f3e19412..b987ecd750f 100644 --- a/crypto/bio/bio_print.c +++ b/crypto/bio/bio_print.c @@ -103,7 +103,8 @@ _dopr(char **sbuffer, size_t currlen; state = DP_S_DEFAULT; - flags = currlen = cflags = min = 0; + currlen = 0; + flags = cflags = min = 0; max = -1; ch = *format++; @@ -316,10 +317,10 @@ _dopr(char **sbuffer, case 's': strvalue = va_arg(args, char *); if (max < 0) { - if (buffer) + if (buffer || *maxlen > INT_MAX) max = INT_MAX; else - max = *maxlen; + max = (int)*maxlen; } if (!fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue, flags, min, max)) @@ -334,8 +335,9 @@ _dopr(char **sbuffer, case 'n': { int *num; + num = va_arg(args, int *); - *num = currlen; + *num = (int)currlen; } break; case '%': @@ -391,7 +393,7 @@ fmtstr(char **sbuffer, strln = OPENSSL_strnlen(value, max < 0 ? SIZE_MAX : (size_t)max); - padlen = min - strln; + padlen = (int)(min - strln); if (min < 0 || padlen < 0) padlen = 0; if (max >= 0) { @@ -474,7 +476,7 @@ fmtint(char **sbuffer, zpadlen = max - place; spadlen = - min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - strlen(prefix); + min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - (int)strlen(prefix); if (zpadlen < 0) zpadlen = 0; if (spadlen < 0) diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c index b9c19402318..1a131cc2a30 100644 --- a/crypto/bio/bss_acpt.c +++ b/crypto/bio/bss_acpt.c @@ -554,10 +554,12 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) static int acpt_puts(BIO *bp, const char *str) { - int n, ret; + int ret; + size_t n = strlen(str); - n = strlen(str); - ret = acpt_write(bp, str, n); + if (n > INT_MAX) + return -1; + ret = acpt_write(bp, str, (int)n); return ret; } diff --git a/crypto/bio/bss_bio.c b/crypto/bio/bss_bio.c index 3af3b27ea5a..81d08e91f2b 100644 --- a/crypto/bio/bss_bio.c +++ b/crypto/bio/bss_bio.c @@ -183,7 +183,7 @@ static int bio_read(BIO *bio, char *buf, int size_) } while (rest); - return size; + return (int)size; } /*- @@ -332,7 +332,7 @@ static int bio_write(BIO *bio, const char *buf, int num_) } while (rest); - return num; + return (int)num; } /*- @@ -474,7 +474,7 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr) if (b->peer == NULL || b->closed) ret = 0; else - ret = (long)b->size - b->len; + ret = (long)(b->size - b->len); break; case BIO_C_GET_READ_REQUEST: @@ -600,7 +600,11 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr) static int bio_puts(BIO *bio, const char *str) { - return bio_write(bio, str, strlen(str)); + size_t len = strlen(str); + + if (len > INT_MAX) + return -1; + return bio_write(bio, str, (int)len); } static int bio_make_pair(BIO *bio1, BIO *bio2) @@ -683,6 +687,9 @@ int BIO_new_bio_pair(BIO **bio1_p, size_t writebuf1, long r; int ret = 0; + if (writebuf1 > LONG_MAX || writebuf2 > LONG_MAX) + goto err; + bio1 = BIO_new(BIO_s_bio()); if (bio1 == NULL) goto err; @@ -691,12 +698,12 @@ int BIO_new_bio_pair(BIO **bio1_p, size_t writebuf1, goto err; if (writebuf1) { - r = BIO_set_write_buf_size(bio1, writebuf1); + r = BIO_set_write_buf_size(bio1, (long)writebuf1); if (!r) goto err; } if (writebuf2) { - r = BIO_set_write_buf_size(bio2, writebuf2); + r = BIO_set_write_buf_size(bio2, (long)writebuf2); if (!r) goto err; } diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index 9d00f18297f..70b60b31273 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -751,10 +751,12 @@ static long conn_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) static int conn_puts(BIO *bp, const char *str) { - int n, ret; + int ret; + size_t n = strlen(str); - n = strlen(str); - ret = conn_write(bp, str, n); + if (n > INT_MAX) + return -1; + ret = conn_write(bp, str, (int)n); return ret; } @@ -810,7 +812,7 @@ int conn_gets(BIO *bio, char *buf, int size) break; } *ptr = '\0'; - return ret > 0 || (bio->flags & BIO_FLAGS_IN_EOF) != 0 ? ptr - buf : ret; + return ret > 0 || (bio->flags & BIO_FLAGS_IN_EOF) != 0 ? (int)(ptr - buf) : ret; } static int conn_sendmmsg(BIO *bio, BIO_MSG *msg, size_t stride, size_t num_msgs, diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index ea2550859cc..70c1c01e10f 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -1028,10 +1028,12 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) static int dgram_puts(BIO *bp, const char *str) { - int n, ret; + int ret; + size_t n = strlen(str); - n = strlen(str); - ret = dgram_write(bp, str, n); + if (n > INT_MAX) + return -1; + ret = dgram_write(bp, str, (int)n); return ret; } diff --git a/crypto/bio/bss_dgram_pair.c b/crypto/bio/bss_dgram_pair.c index 540f061ff59..e061208ad63 100644 --- a/crypto/bio/bss_dgram_pair.c +++ b/crypto/bio/bss_dgram_pair.c @@ -620,7 +620,7 @@ static int dgram_pair_ctrl_get_mtu(BIO *bio) { struct bio_dgram_pair_st *b = bio->ptr; - return b->mtu; + return (int)b->mtu; } /* BIO_dgram_set_mtu (BIO_CTRL_DGRAM_SET_MTU) */ @@ -807,6 +807,9 @@ int BIO_new_bio_dgram_pair(BIO **pbio1, size_t writebuf1, long r; BIO *bio1 = NULL, *bio2 = NULL; + if (writebuf1 > LONG_MAX || writebuf2 > LONG_MAX) + goto err; + bio1 = BIO_new(BIO_s_dgram_pair()); if (bio1 == NULL) goto err; @@ -816,13 +819,13 @@ int BIO_new_bio_dgram_pair(BIO **pbio1, size_t writebuf1, goto err; if (writebuf1 > 0) { - r = BIO_set_write_buf_size(bio1, writebuf1); + r = BIO_set_write_buf_size(bio1, (long)writebuf1); if (r == 0) goto err; } if (writebuf2 > 0) { - r = BIO_set_write_buf_size(bio2, writebuf2); + r = BIO_set_write_buf_size(bio2, (long)writebuf2); if (r == 0) goto err; } @@ -1037,7 +1040,7 @@ static int dgram_pair_read(BIO *bio, char *buf, int sz_) l = dgram_pair_read_actual(bio, buf, (size_t)sz_, NULL, NULL, 0); if (l < 0) { if (l != -BIO_R_NON_FATAL) - ERR_raise(ERR_LIB_BIO, -l); + ERR_raise(ERR_LIB_BIO, (int)-l); ret = -1; } else { ret = (int)l; @@ -1090,7 +1093,7 @@ static int dgram_pair_recvmmsg(BIO *bio, BIO_MSG *msg, if (i > 0) { ret = 1; } else { - ERR_raise(ERR_LIB_BIO, -l); + ERR_raise(ERR_LIB_BIO, (int)-l); ret = 0; } goto out; @@ -1127,7 +1130,7 @@ static int dgram_mem_read(BIO *bio, char *buf, int sz_) l = dgram_pair_read_actual(bio, buf, (size_t)sz_, NULL, NULL, 0); if (l < 0) { if (l != -BIO_R_NON_FATAL) - ERR_raise(ERR_LIB_BIO, -l); + ERR_raise(ERR_LIB_BIO, (int)-l); ret = -1; } else { ret = (int)l; @@ -1289,7 +1292,7 @@ static int dgram_pair_write(BIO *bio, const char *buf, int sz_) l = dgram_pair_write_actual(bio, buf, (size_t)sz_, NULL, NULL, 0); if (l < 0) { - ERR_raise(ERR_LIB_BIO, -l); + ERR_raise(ERR_LIB_BIO, (int)-l); ret = -1; } else { ret = (int)l; @@ -1304,10 +1307,11 @@ static int dgram_pair_sendmmsg(BIO *bio, BIO_MSG *msg, size_t stride, size_t num_msg, uint64_t flags, size_t *num_processed) { - ossl_ssize_t ret, l; + ossl_ssize_t l; BIO_MSG *m; size_t i; struct bio_dgram_pair_st *b = bio->ptr; + int ret = 0; if (num_msg == 0) { *num_processed = 0; @@ -1329,8 +1333,7 @@ static int dgram_pair_sendmmsg(BIO *bio, BIO_MSG *msg, if (i > 0) { ret = 1; } else { - ERR_raise(ERR_LIB_BIO, -l); - ret = 0; + ERR_raise(ERR_LIB_BIO, (int)-l); } goto out; } diff --git a/crypto/bio/bss_fd.c b/crypto/bio/bss_fd.c index 41514589a5d..863ea6d6a3a 100644 --- a/crypto/bio/bss_fd.c +++ b/crypto/bio/bss_fd.c @@ -116,7 +116,7 @@ static int fd_read(BIO *b, char *out, int outl) if (out != NULL) { clear_sys_error(); - ret = UP_read(b->num, out, outl); + ret = (int)UP_read(b->num, out, outl); BIO_clear_retry_flags(b); if (ret <= 0) { if (BIO_fd_should_retry(ret)) @@ -132,7 +132,7 @@ static int fd_write(BIO *b, const char *in, int inl) { int ret; clear_sys_error(); - ret = UP_write(b->num, in, inl); + ret = (int)UP_write(b->num, in, inl); BIO_clear_retry_flags(b); if (ret <= 0) { if (BIO_fd_should_retry(ret)) @@ -198,10 +198,12 @@ static long fd_ctrl(BIO *b, int cmd, long num, void *ptr) static int fd_puts(BIO *bp, const char *str) { - int n, ret; + int ret; + size_t n = strlen(str); - n = strlen(str); - ret = fd_write(bp, str, n); + if (n > INT_MAX) + return -1; + ret = fd_write(bp, str, (int)n); return ret; } @@ -219,7 +221,7 @@ static int fd_gets(BIO *bp, char *buf, int size) ptr[0] = '\0'; if (buf[0] != '\0') - ret = strlen(buf); + ret = (int)strlen(buf); return ret; } diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c index 2743a14417c..26b63f5c55d 100644 --- a/crypto/bio/bss_file.c +++ b/crypto/bio/bss_file.c @@ -139,9 +139,9 @@ static int file_read(BIO *b, char *out, int outl) if (b->init && (out != NULL)) { if (b->flags & BIO_FLAGS_UPLINK_INTERNAL) - ret = UP_fread(out, 1, (int)outl, b->ptr); + ret = (int)UP_fread(out, 1, outl, b->ptr); else - ret = fread(out, 1, (int)outl, (FILE *)b->ptr); + ret = (int)fread(out, 1, outl, (FILE *)b->ptr); if (ret == 0 && (b->flags & BIO_FLAGS_UPLINK_INTERNAL ? UP_ferror((FILE *)b->ptr) : ferror((FILE *)b->ptr))) { @@ -160,9 +160,9 @@ static int file_write(BIO *b, const char *in, int inl) if (b->init && (in != NULL)) { if (b->flags & BIO_FLAGS_UPLINK_INTERNAL) - ret = UP_fwrite(in, (int)inl, 1, b->ptr); + ret = (int)UP_fwrite(in, inl, 1, b->ptr); else - ret = fwrite(in, (int)inl, 1, (FILE *)b->ptr); + ret = (int)fwrite(in, inl, 1, (FILE *)b->ptr); if (ret) ret = inl; /* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */ @@ -348,17 +348,19 @@ static int file_gets(BIO *bp, char *buf, int size) goto err; } if (buf[0] != '\0') - ret = strlen(buf); + ret = (int)strlen(buf); err: return ret; } static int file_puts(BIO *bp, const char *str) { - int n, ret; + int ret; + size_t n = strlen(str); - n = strlen(str); - ret = file_write(bp, str, n); + if (n > INT_MAX) + return -1; + ret = file_write(bp, str, (int)n); return ret; } diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c index 8cbea38a902..02bd7654427 100644 --- a/crypto/bio/bss_mem.c +++ b/crypto/bio/bss_mem.c @@ -214,7 +214,7 @@ static int mem_read(BIO *b, char *out, int outl) static int mem_write(BIO *b, const char *in, int inl) { int ret = -1; - int blen; + size_t blen; BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr; if (b->flags & BIO_FLAGS_MEM_RDONLY) { @@ -245,7 +245,7 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr) char **pptr; BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr; BUF_MEM *bm, *bo; /* bio_mem, bio_other */ - long off, remain; + ossl_ssize_t off, remain; if (b->flags & BIO_FLAGS_MEM_RDONLY) { bm = bbm->buf; @@ -280,10 +280,12 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr) bm->data = (num != 0) ? bo->data + num : bo->data; bm->length = bo->length - num; bm->max = bo->max - num; - off = num; + off = (ossl_ssize_t)num; /* FALLTHRU */ case BIO_C_FILE_TELL: - ret = off; + ret = (long)off; + if (off > LONG_MAX) + ret = -1; break; case BIO_CTRL_EOF: ret = (long)(bm->length == 0); @@ -349,7 +351,7 @@ static int mem_gets(BIO *bp, char *buf, int size) if (bp->flags & BIO_FLAGS_MEM_RDONLY) bm = bbm->buf; BIO_clear_retry_flags(bp); - j = bm->length; + j = bm->length < INT_MAX ? (int)bm->length: INT_MAX; if ((size - 1) < j) j = size - 1; if (j <= 0) { @@ -378,10 +380,12 @@ static int mem_gets(BIO *bp, char *buf, int size) static int mem_puts(BIO *bp, const char *str) { - int n, ret; + int ret; + size_t n = strlen(str); - n = strlen(str); - ret = mem_write(bp, str, n); + if (n > INT_MAX) + return -1; + ret = mem_write(bp, str, (int)n); /* memory semantics is that it will always work */ return ret; } diff --git a/crypto/bio/bss_null.c b/crypto/bio/bss_null.c index ba266f186c2..7d76db6b1b4 100644 --- a/crypto/bio/bss_null.c +++ b/crypto/bio/bss_null.c @@ -79,7 +79,12 @@ static int null_gets(BIO *bp, char *buf, int size) static int null_puts(BIO *bp, const char *str) { + size_t n; + if (str == NULL) return 0; - return strlen(str); + n = strlen(str); + if (n > INT_MAX) + return -1; + return (int)n; } diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c index 82f7be85ae0..fcce9f863f2 100644 --- a/crypto/bio/bss_sock.c +++ b/crypto/bio/bss_sock.c @@ -286,10 +286,12 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr) static int sock_puts(BIO *bp, const char *str) { - int n, ret; + int ret; + size_t n = strlen(str); - n = strlen(str); - ret = sock_write(bp, str, n); + if (n > INT_MAX) + return -1; + ret = sock_write(bp, str, (int)n); return ret; } diff --git a/crypto/bn/bn_add.c b/crypto/bn/bn_add.c index ae3e549e443..39ef1bc1831 100644 --- a/crypto/bn/bn_add.c +++ b/crypto/bn/bn_add.c @@ -114,7 +114,7 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) carry &= (t2 == 0); } *rp = carry; - r->top += carry; + r->top += (int)carry; r->neg = 0; bn_check_top(r); diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c index 6c6de1a30f5..29bf84537c4 100644 --- a/crypto/bn/bn_blind.c +++ b/crypto/bn/bn_blind.c @@ -186,7 +186,7 @@ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, } mask = (BN_ULONG)0 - ((rtop - ntop) >> (8 * sizeof(ntop) - 1)); /* always true, if (rtop >= ntop) n->top = r->top; */ - n->top = (int)(rtop & ~mask) | (ntop & mask); + n->top = (int)((rtop & ~mask) | (ntop & mask)); n->flags |= (BN_FLG_FIXED_TOP & ~mask); } ret = bn_mul_mont_fixed_top(n, n, r, b->m_ctx, ctx); diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c index 13de70eb0d5..edaafca3c05 100644 --- a/crypto/bn/bn_gcd.c +++ b/crypto/bn/bn_gcd.c @@ -619,7 +619,7 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) pow2_numbits_temp = r->d[i] | g->d[i]; pow2_condition_mask = constant_time_is_zero_bn(pow2_flag); pow2_flag &= constant_time_is_zero_bn(pow2_numbits_temp); - pow2_shifts += pow2_flag; + pow2_shifts += (int)pow2_flag; pow2_numbits = constant_time_select_bn(pow2_condition_mask, pow2_numbits, pow2_numbits_temp); } @@ -628,7 +628,7 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) pow2_flag = 1; for (j = 0; j < BN_BITS2; j++) { pow2_flag &= pow2_numbits; - pow2_shifts += pow2_flag; + pow2_shifts += (int)pow2_flag; pow2_numbits >>= 1; } diff --git a/crypto/bn/bn_intern.c b/crypto/bn/bn_intern.c index 505a9dfcc39..41066e8f587 100644 --- a/crypto/bn/bn_intern.c +++ b/crypto/bn/bn_intern.c @@ -114,7 +114,7 @@ signed char *bn_compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) r[j++] = sign * digit; window_val >>= 1; - window_val += bit * BN_is_bit_set(scalar, j + w); + window_val += bit * BN_is_bit_set(scalar, (int)(j + w)); if (window_val > next_bit) { ERR_raise(ERR_LIB_BN, ERR_R_INTERNAL_ERROR); diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 470592731fa..7981a3bdf15 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -718,9 +718,9 @@ int BN_ucmp(const BIGNUM *a, const BIGNUM *b) int res = 0; for (i = 0; i < b->top; i++) { - res = constant_time_select_int(constant_time_lt_bn(ap[i], bp[i]), + res = constant_time_select_int((int)constant_time_lt_bn(ap[i], bp[i]), -1, res); - res = constant_time_select_int(constant_time_lt_bn(bp[i], ap[i]), + res = constant_time_select_int((int)constant_time_lt_bn(bp[i], ap[i]), 1, res); } return res; @@ -1057,10 +1057,10 @@ int ossl_bn_is_word_fixed_top(const BIGNUM *a, const BN_ULONG w) if (a->neg || a->top == 0) return 0; - res = constant_time_select_int(constant_time_eq_bn(ap[0], w), 1, 0); + res = constant_time_select_int((int)constant_time_eq_bn(ap[0], w), 1, 0); for (i = 1; i < a->top; i++) - res = constant_time_select_int(constant_time_is_zero_bn(ap[i]), + res = constant_time_select_int((int)constant_time_is_zero_bn(ap[i]), res, 0); return res; } diff --git a/crypto/bn/bn_mod.c b/crypto/bn/bn_mod.c index 5f08bfa4a53..c3aa0900469 100644 --- a/crypto/bn/bn_mod.c +++ b/crypto/bn/bn_mod.c @@ -59,7 +59,7 @@ int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_ULONG carry, temp, mask, *rp, *tp = storage; const BN_ULONG *ap, *bp; - if (bn_wexpand(r, mtop) == NULL) + if (bn_wexpand(r, (int)mtop) == NULL) return 0; if (mtop > OSSL_NELEM(storage)) { @@ -85,12 +85,12 @@ int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, bi += (i - b->dmax) >> (8 * sizeof(i) - 1); } rp = r->d; - carry -= bn_sub_words(rp, tp, m->d, mtop); + carry -= bn_sub_words(rp, tp, m->d, (int)mtop); for (i = 0; i < mtop; i++) { rp[i] = (carry & tp[i]) | (~carry & rp[i]); ((volatile BN_ULONG *)tp)[i] = 0; } - r->top = mtop; + r->top = (int)mtop; r->flags |= BN_FLG_FIXED_TOP; r->neg = 0; @@ -140,7 +140,7 @@ int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_ULONG borrow, carry, ta, tb, mask, *rp; const BN_ULONG *ap, *bp; - if (bn_wexpand(r, mtop) == NULL) + if (bn_wexpand(r, (int)mtop) == NULL) return 0; rp = r->d; @@ -176,7 +176,7 @@ int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, carry += (rp[i] < ta); } - r->top = mtop; + r->top = (int)mtop; r->flags |= BN_FLG_FIXED_TOP; r->neg = 0; diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index 4f08394d7f0..3cce2f7c190 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -467,7 +467,7 @@ BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock, } int ossl_bn_mont_ctx_set(BN_MONT_CTX *ctx, const BIGNUM *modulus, int ri, const unsigned char *rr, - size_t rrlen, uint32_t nlo, uint32_t nhi) + int rrlen, uint32_t nlo, uint32_t nhi) { if (BN_copy(&ctx->N, modulus) == NULL) return 0; diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c index d67331f1f63..57bc60daff1 100644 --- a/crypto/bn/bn_shift.c +++ b/crypto/bn/bn_shift.c @@ -37,7 +37,7 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a) c = t >> (BN_BITS2 - 1); } *rp = c; - r->top += c; + r->top += (int)c; bn_check_top(r); return 1; } diff --git a/crypto/bn/rsaz_exp.h b/crypto/bn/rsaz_exp.h index 49a0bf3bf19..e5a741a52ba 100644 --- a/crypto/bn/rsaz_exp.h +++ b/crypto/bn/rsaz_exp.h @@ -72,7 +72,7 @@ static ossl_inline BN_ULONG bn_reduce_once_in_place(BN_ULONG *r, const BN_ULONG *m, BN_ULONG *tmp, size_t num) { - carry -= bn_sub_words(tmp, r, m, num); + carry -= bn_sub_words(tmp, r, m, (int)num); bn_select_words(r, carry, r /* tmp < 0 */, tmp /* tmp >= 0 */, num); return carry; } diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c index 16f4b904ad8..83f303a956f 100644 --- a/crypto/cmac/cmac.c +++ b/crypto/cmac/cmac.c @@ -149,7 +149,8 @@ int ossl_cmac_init(CMAC_CTX *ctx, const void *key, size_t keylen, ctx->nlast_block = -1; if (EVP_CIPHER_CTX_get0_cipher(ctx->cctx) == NULL) return 0; - if (EVP_CIPHER_CTX_set_key_length(ctx->cctx, keylen) <= 0) + if (keylen > INT_MAX + || EVP_CIPHER_CTX_set_key_length(ctx->cctx, (int)keylen) <= 0) return 0; if (!EVP_EncryptInit_ex2(ctx->cctx, NULL, key, zero_iv, param)) return 0; @@ -198,7 +199,7 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) nleft = dlen; memcpy(ctx->last_block + ctx->nlast_block, data, nleft); dlen -= nleft; - ctx->nlast_block += nleft; + ctx->nlast_block += (int)nleft; /* If no more to process return */ if (dlen == 0) return 1; @@ -224,14 +225,14 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) } } else { while (cipher_blocks > max_burst_blocks) { - if (EVP_Cipher(ctx->cctx, buf, data, max_burst_blocks * bl) <= 0) + if (EVP_Cipher(ctx->cctx, buf, data, (int)(max_burst_blocks * bl)) <= 0) return 0; dlen -= max_burst_blocks * bl; data += max_burst_blocks * bl; cipher_blocks -= max_burst_blocks; } if (cipher_blocks > 0) { - if (EVP_Cipher(ctx->cctx, buf, data, cipher_blocks * bl) <= 0) + if (EVP_Cipher(ctx->cctx, buf, data, (int)(cipher_blocks * bl)) <= 0) return 0; dlen -= cipher_blocks * bl; data += cipher_blocks * bl; @@ -240,7 +241,7 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) } /* Copy any data left to last block buffer */ memcpy(ctx->last_block, data, dlen); - ctx->nlast_block = dlen; + ctx->nlast_block = (int)dlen; return 1; } diff --git a/crypto/cmp/cmp_genm.c b/crypto/cmp/cmp_genm.c index 6afe3e720ea..138592167d5 100644 --- a/crypto/cmp/cmp_genm.c +++ b/crypto/cmp/cmp_genm.c @@ -124,7 +124,7 @@ static OSSL_CMP_ITAV *get_genm_itav(OSSL_CMP_CTX *ctx, return itav; } - if (OBJ_obj2txt(name + offset, sizeof(name) - offset, obj, 0) < 0) + if (OBJ_obj2txt(name + offset, (int)(sizeof(name) - offset), obj, 0) < 0) strcat(name, ""); ossl_cmp_log2(WARN, ctx, "%s' while expecting 'id-it-%s'", name, desc); OSSL_CMP_ITAV_free(itav); diff --git a/crypto/cmp/cmp_hdr.c b/crypto/cmp/cmp_hdr.c index d00c9f76bb4..74e97afe0f2 100644 --- a/crypto/cmp/cmp_hdr.c +++ b/crypto/cmp/cmp_hdr.c @@ -119,7 +119,7 @@ int ossl_cmp_hdr_update_messageTime(OSSL_CMP_PKIHEADER *hdr) } /* assign to *tgt a random byte array of given length */ -static int set_random(ASN1_OCTET_STRING **tgt, OSSL_CMP_CTX *ctx, size_t len) +static int set_random(ASN1_OCTET_STRING **tgt, OSSL_CMP_CTX *ctx, int len) { unsigned char *bytes = OPENSSL_malloc(len); int res = 0; diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c index e4f3bffed72..f325c4505f5 100644 --- a/crypto/cmp/cmp_protect.c +++ b/crypto/cmp/cmp_protect.c @@ -92,11 +92,11 @@ ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_CTX *ctx, &protection, &sig_len)) goto end; - if ((prot = ASN1_BIT_STRING_new()) == NULL) + if (sig_len > INT_MAX || (prot = ASN1_BIT_STRING_new()) == NULL) goto end; /* OpenSSL by default encodes all bit strings as ASN.1 NamedBitList */ ossl_asn1_string_set_bits_left(prot, 0); - if (!ASN1_BIT_STRING_set(prot, protection, sig_len)) { + if (!ASN1_BIT_STRING_set(prot, protection, (int)sig_len)) { ASN1_BIT_STRING_free(prot); prot = NULL; } diff --git a/crypto/cmp/cmp_util.c b/crypto/cmp/cmp_util.c index f3c21c5d914..95859cbfb09 100644 --- a/crypto/cmp/cmp_util.c +++ b/crypto/cmp/cmp_util.c @@ -55,7 +55,7 @@ static OSSL_CMP_severity parse_level(const char *level) if (HAS_PREFIX(level, OSSL_CMP_LOG_PREFIX)) level += strlen(OSSL_CMP_LOG_PREFIX); - len = end_level - level; + len = (int)(end_level - level); if (len > max_level_len) return -1; OPENSSL_strlcpy(level_copy, level, len + 1); diff --git a/crypto/cms/cms_dh.c b/crypto/cms/cms_dh.c index b49e5f7f536..531339cd5df 100644 --- a/crypto/cms/cms_dh.c +++ b/crypto/cms/cms_dh.c @@ -85,7 +85,7 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) ASN1_OCTET_STRING *ukm; const unsigned char *p; unsigned char *dukm = NULL; - size_t dukmlen = 0; + int dukmlen = 0; int keylen, plen; EVP_CIPHER *kekcipher = NULL; EVP_CIPHER_CTX *kekctx; @@ -201,7 +201,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri) ASN1_OCTET_STRING *ukm; unsigned char *penc = NULL, *dukm = NULL; int penclen; - size_t dukmlen = 0; + int dukmlen = 0; int rv = 0; int kdf_type, wrap_nid; const EVP_MD *kdf_md; diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c index ea8f07e1aff..27654515500 100644 --- a/crypto/cms/cms_enc.c +++ b/crypto/cms/cms_enc.c @@ -107,7 +107,7 @@ BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec, piv = aparams.iv; if (ec->taglen > 0 && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, - ec->taglen, ec->tag) <= 0) { + (int)ec->taglen, ec->tag) <= 0) { ERR_raise(ERR_LIB_CMS, CMS_R_CIPHER_AEAD_SET_TAG_ERROR); goto err; } @@ -140,7 +140,7 @@ BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec, if (ec->keylen != tkeylen) { /* If necessary set key length */ - if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0) { + if (EVP_CIPHER_CTX_set_key_length(ctx, (int)ec->keylen) <= 0) { /* * Only reveal failure if debugging so we don't leak information * which may be useful in MMA. diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index 375239c78db..5c087206937 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -552,7 +552,7 @@ static int cms_RecipientInfo_ktri_encrypt(const CMS_ContentInfo *cms, if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0) goto err; - ASN1_STRING_set0(ktri->encryptedKey, ek, eklen); + ASN1_STRING_set0(ktri->encryptedKey, ek, (int)eklen); ek = NULL; ret = 1; @@ -700,7 +700,7 @@ CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, CMS_KEKRecipientInfo *kekri; STACK_OF(CMS_RecipientInfo) *ris = CMS_get0_RecipientInfos(cms); - if (ris == NULL) + if (ris == NULL || idlen > INT_MAX) goto err; if (nid == NID_undef) { @@ -774,7 +774,7 @@ CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, kekri->key = key; kekri->keylen = keylen; - ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen); + ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, (int)idlen); kekri->kekid->date = date; @@ -909,7 +909,7 @@ static int cms_RecipientInfo_kekri_encrypt(const CMS_ContentInfo *cms, EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); if (!EVP_EncryptInit_ex(ctx, cipher, NULL, kekri->key, NULL) - || !EVP_EncryptUpdate(ctx, wkey, &wkeylen, ec->key, ec->keylen) + || !EVP_EncryptUpdate(ctx, wkey, &wkeylen, ec->key, (int)ec->keylen) || !EVP_EncryptFinal_ex(ctx, wkey + wkeylen, &outlen)) { ERR_raise(ERR_LIB_CMS, CMS_R_WRAP_ERROR); goto err; diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c index ba7579f9f23..8f799dc1804 100644 --- a/crypto/cms/cms_kari.c +++ b/crypto/cms/cms_kari.c @@ -219,7 +219,7 @@ static int cms_kek_cipher(unsigned char **pout, size_t *poutlen, int outlen; keklen = EVP_CIPHER_CTX_get_key_length(kari->ctx); - if (keklen > EVP_MAX_KEY_LENGTH) + if (keklen > EVP_MAX_KEY_LENGTH || inlen > INT_MAX) return 0; /* Derive KEK */ if (EVP_PKEY_derive(kari->pctx, kek, &keklen) <= 0) @@ -228,12 +228,12 @@ static int cms_kek_cipher(unsigned char **pout, size_t *poutlen, if (!EVP_CipherInit_ex(kari->ctx, NULL, NULL, kek, NULL, enc)) goto err; /* obtain output length of ciphered key */ - if (!EVP_CipherUpdate(kari->ctx, NULL, &outlen, in, inlen)) + if (!EVP_CipherUpdate(kari->ctx, NULL, &outlen, in, (int)inlen)) goto err; out = OPENSSL_malloc(outlen); if (out == NULL) goto err; - if (!EVP_CipherUpdate(kari->ctx, out, &outlen, in, inlen)) + if (!EVP_CipherUpdate(kari->ctx, out, &outlen, in, (int)inlen)) goto err; *pout = out; *poutlen = (size_t)outlen; @@ -525,7 +525,7 @@ int ossl_cms_RecipientInfo_kari_encrypt(const CMS_ContentInfo *cms, if (!cms_kek_cipher(&enckey, &enckeylen, ec->key, ec->keylen, kari, 1)) return 0; - ASN1_STRING_set0(rek->encryptedKey, enckey, enckeylen); + ASN1_STRING_set0(rek->encryptedKey, enckey, (int)enckeylen); } return 1; diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index efed89a017a..5f68ad4b36c 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -203,18 +203,18 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen, const unsigned char *in, size_t inlen, EVP_CIPHER_CTX *ctx) { - size_t blocklen = EVP_CIPHER_CTX_get_block_size(ctx); + int blocklen = EVP_CIPHER_CTX_get_block_size(ctx); unsigned char *tmp; int outl, rv = 0; - if (blocklen == 0) + if (blocklen <= 0) return 0; - if (inlen < 2 * blocklen) { + if (inlen < 2 * (size_t)blocklen) { /* too small */ return 0; } - if (inlen % blocklen) { + if (inlen > INT_MAX || inlen % blocklen) { /* Invalid size */ return 0; } @@ -231,12 +231,12 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen, || !EVP_DecryptUpdate(ctx, tmp, &outl, tmp + inlen - blocklen, blocklen) /* Can now decrypt first n - 1 blocks */ - || !EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen) + || !EVP_DecryptUpdate(ctx, tmp, &outl, in, (int)(inlen - blocklen)) /* Reset IV to original value */ || !EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL) /* Decrypt again */ - || !EVP_DecryptUpdate(ctx, tmp, &outl, tmp, inlen)) + || !EVP_DecryptUpdate(ctx, tmp, &outl, tmp, (int)inlen)) goto err; /* Check check bytes */ if (((tmp[1] ^ tmp[4]) & (tmp[2] ^ tmp[5]) & (tmp[3] ^ tmp[6])) != 0xff) { @@ -294,8 +294,8 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen, olen - 4 - inlen, 0) <= 0) return 0; /* Encrypt twice */ - if (!EVP_EncryptUpdate(ctx, out, &dummy, out, olen) - || !EVP_EncryptUpdate(ctx, out, &dummy, out, olen)) + if (!EVP_EncryptUpdate(ctx, out, &dummy, out, (int)olen) + || !EVP_EncryptUpdate(ctx, out, &dummy, out, (int)olen)) return 0; } @@ -371,7 +371,7 @@ int ossl_cms_RecipientInfo_pwri_crypt(const CMS_ContentInfo *cms, /* Finish password based key derivation to setup key in "ctx" */ if (EVP_PBE_CipherInit_ex(algtmp->algorithm, - (char *)pwri->pass, pwri->passlen, + (char *)pwri->pass, (int)pwri->passlen, algtmp->parameter, kekctx, en_de, cms_ctx->libctx, cms_ctx->propq) < 0) { ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB); @@ -393,7 +393,7 @@ int ossl_cms_RecipientInfo_pwri_crypt(const CMS_ContentInfo *cms, if (!kek_wrap_key(key, &keylen, ec->key, ec->keylen, kekctx, cms_ctx)) goto err; pwri->encryptedKey->data = key; - pwri->encryptedKey->length = keylen; + pwri->encryptedKey->length = (int)keylen; } else { key = OPENSSL_malloc(pwri->encryptedKey->length); if (key == NULL) diff --git a/crypto/cms/cms_rsa.c b/crypto/cms/cms_rsa.c index f132df5c8a0..bb65a34ded5 100644 --- a/crypto/cms/cms_rsa.c +++ b/crypto/cms/cms_rsa.c @@ -236,7 +236,7 @@ static int rsa_cms_sign(CMS_SignerInfo *si) return 0; if ((aid_len = params[0].return_size) == 0) return 0; - if (d2i_X509_ALGOR(&alg, &pp, aid_len) == NULL) + if (d2i_X509_ALGOR(&alg, &pp, (long)aid_len) == NULL) return 0; return 1; } diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 9d5b8607de0..80f7d73d6dd 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -799,7 +799,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, OPENSSL_free(sig); goto err; } - ASN1_STRING_set0(si->signature, sig, siglen); + ASN1_STRING_set0(si->signature, sig, (int)siglen); } else { unsigned char *sig; unsigned int siglen; @@ -910,7 +910,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) EVP_MD_CTX_reset(mctx); - ASN1_STRING_set0(si->signature, abuf, siglen); + ASN1_STRING_set0(si->signature, abuf, (int)siglen); return 1; diff --git a/crypto/comp/c_brotli.c b/crypto/comp/c_brotli.c index 07e1e76471c..43ae36f5065 100644 --- a/crypto/comp/c_brotli.c +++ b/crypto/comp/c_brotli.c @@ -553,10 +553,10 @@ static int bio_brotli_read(BIO *b, char *out, int outl) * No data in input buffer try to read some in, if an error then * return the total data read. */ - ret = BIO_read(next, ctx->decode.buf, ctx->decode.bufsize); + ret = BIO_read(next, ctx->decode.buf, (int)ctx->decode.bufsize); if (ret <= 0) { /* Total data read */ - int tot = outl - ctx->decode.avail_out; + int tot = outl - (int)ctx->decode.avail_out; BIO_copy_next_retry(b); if (ret < 0) @@ -608,10 +608,10 @@ static int bio_brotli_write(BIO *b, const char *in, int inl) for (;;) { /* If data in output buffer write it first */ while (ctx->encode.count > 0) { - ret = BIO_write(next, ctx->encode.ptr, ctx->encode.count); + ret = BIO_write(next, ctx->encode.ptr, (int)ctx->encode.count); if (ret <= 0) { /* Total data written */ - int tot = inl - ctx->encode.avail_in; + int tot = inl - (int)ctx->encode.avail_in; BIO_copy_next_retry(b); if (ret < 0) @@ -664,7 +664,7 @@ static int bio_brotli_flush(BIO *b) for (;;) { /* If data in output buffer write it first */ while (ctx->encode.count > 0) { - ret = BIO_write(next, ctx->encode.ptr, ctx->encode.count); + ret = BIO_write(next, ctx->encode.ptr, (int)ctx->encode.count); if (ret <= 0) { BIO_copy_next_retry(b); return ret; diff --git a/crypto/comp/c_zstd.c b/crypto/comp/c_zstd.c index b4667649f3c..a1c83279fa0 100644 --- a/crypto/comp/c_zstd.c +++ b/crypto/comp/c_zstd.c @@ -613,19 +613,19 @@ static int bio_zstd_read(BIO *b, char *out, int outl) } /* No more output space */ if (outBuf.pos == outBuf.size) - return outBuf.pos; + return (int)outBuf.pos; } while (ctx->decompress.inbuf.pos < ctx->decompress.inbuf.size); /* * No data in input buffer try to read some in, if an error then * return the total data read. */ - ret = BIO_read(next, ctx->decompress.buffer, ctx->decompress.bufsize); + ret = BIO_read(next, ctx->decompress.buffer, (int)ctx->decompress.bufsize); if (ret <= 0) { BIO_copy_next_retry(b); if (ret < 0 && outBuf.pos == 0) return ret; - return outBuf.pos; + return (int)outBuf.pos; } ctx->decompress.inbuf.size = ret; ctx->decompress.inbuf.pos = 0; @@ -665,19 +665,19 @@ static int bio_zstd_write(BIO *b, const char *in, int inl) /* If data in output buffer write it first */ while (ctx->compress.write_pos < ctx->compress.outbuf.pos) { ret = BIO_write(next, (unsigned char*)ctx->compress.outbuf.dst + ctx->compress.write_pos, - ctx->compress.outbuf.pos - ctx->compress.write_pos); + (int)(ctx->compress.outbuf.pos - ctx->compress.write_pos)); if (ret <= 0) { BIO_copy_next_retry(b); if (ret < 0 && inBuf.pos == 0) return ret; - return inBuf.pos; + return (int)inBuf.pos; } ctx->compress.write_pos += ret; } /* Have we consumed all supplied data? */ if (done) - return inBuf.pos; + return (int)inBuf.pos; /* Reset buffer */ ctx->compress.outbuf.pos = 0; @@ -717,7 +717,7 @@ static int bio_zstd_flush(BIO *b) /* If data in output buffer write it first */ while (ctx->compress.write_pos < ctx->compress.outbuf.pos) { ret = BIO_write(next, (unsigned char*)ctx->compress.outbuf.dst + ctx->compress.write_pos, - ctx->compress.outbuf.pos - ctx->compress.write_pos); + (int)(ctx->compress.outbuf.pos - ctx->compress.write_pos)); if (ret <= 0) { BIO_copy_next_retry(b); return ret; diff --git a/crypto/comp/comp_lib.c b/crypto/comp/comp_lib.c index 56ca17a7a54..817b5cd3632 100644 --- a/crypto/comp/comp_lib.c +++ b/crypto/comp/comp_lib.c @@ -68,7 +68,7 @@ int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, if (ctx->meth->compress == NULL) { return -1; } - ret = ctx->meth->compress(ctx, out, olen, in, ilen); + ret = (int)ctx->meth->compress(ctx, out, olen, in, ilen); if (ret > 0) { ctx->compress_in += ilen; ctx->compress_out += ret; @@ -84,7 +84,7 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, if (ctx->meth->expand == NULL) { return -1; } - ret = ctx->meth->expand(ctx, out, olen, in, ilen); + ret = (int)ctx->meth->expand(ctx, out, olen, in, ilen); if (ret > 0) { ctx->expand_in += ilen; ctx->expand_out += ret; diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c index 5b1bf0e78f3..2989259d50a 100644 --- a/crypto/conf/conf_api.c +++ b/crypto/conf/conf_api.c @@ -192,7 +192,7 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) goto err; if ((v = OPENSSL_malloc(sizeof(*v))) == NULL) goto err; - i = strlen(section) + 1; + i = (int)strlen(section) + 1; if ((v->section = OPENSSL_malloc(i)) == NULL) goto err; diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 399aefb1996..be3bafe0b45 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -263,7 +263,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) if (in != NULL && BIO_gets(in, p, CONFBUFSIZE - 1) < 0) goto err; p[CONFBUFSIZE - 1] = '\0'; - ii = i = strlen(p); + ii = i = (int)strlen(p); if (first_call) { /* Other BOMs imply unsupported multibyte encoding, * so don't strip them and let the error raise */ @@ -641,15 +641,14 @@ static void clear_comments(CONF *conf, char *p) static int str_copy(CONF *conf, char *section, char **pto, char *from) { - int q, r, rr = 0, to = 0, len = 0; + int q, r, rr = 0, to = 0; char *s, *e, *rp, *p, *rrp, *np, *cp, v; BUF_MEM *buf; if ((buf = BUF_MEM_new()) == NULL) return 0; - len = strlen(from) + 1; - if (!BUF_MEM_grow(buf, len)) + if (!BUF_MEM_grow(buf, strlen(from) + 1)) goto err; for (;;) { @@ -771,11 +770,6 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) while (*p) buf->data[to++] = *(p++); - /* - * Since we change the pointer 'from', we also have to change the - * perceived length of the string it points at. /RL - */ - len -= e - from; from = e; /* diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index 9d49a5f69d1..ce8ff4da306 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -396,7 +396,8 @@ static CONF_MODULE *module_add(DSO *dso, const char *name, static CONF_MODULE *module_find(const char *name) { CONF_MODULE *tmod; - int i, nchar; + int i; + size_t nchar; char *p; STACK_OF(CONF_MODULE) *mods; @@ -754,7 +755,7 @@ int CONF_parse_list(const char *list_, int sep, int nospc, while (isspace((unsigned char)*tmpend)) tmpend--; } - ret = list_cb(lstart, tmpend - lstart + 1, arg); + ret = list_cb(lstart, (int)(tmpend - lstart + 1), arg); } if (ret <= 0) return ret; diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c index 4b1380a6f2d..c8ac441231c 100644 --- a/crypto/core_namemap.c +++ b/crypto/core_namemap.c @@ -179,7 +179,7 @@ int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap, return 0; HT_INIT_KEY(&key); - HT_SET_KEY_STRING_CASE_N(&key, name, name, name_len); + HT_SET_KEY_STRING_CASE_N(&key, name, name, (int)name_len); val = ossl_ht_get(namemap->namenum_ht, TO_HT_KEY(&key)); @@ -191,7 +191,7 @@ int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap, } const char *ossl_namemap_num2name(const OSSL_NAMEMAP *namemap, int number, - size_t idx) + int idx) { NAMES *names; const char *ret = NULL; diff --git a/crypto/crmf/crmf_pbm.c b/crypto/crmf/crmf_pbm.c index d4c7af38cb0..e65a3886f72 100644 --- a/crypto/crmf/crmf_pbm.c +++ b/crypto/crmf/crmf_pbm.c @@ -89,7 +89,7 @@ OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(OSSL_LIB_CTX *libctx, size_t slen, goto err; } - if (!ASN1_INTEGER_set(pbm->iterationCount, itercnt)) { + if (!ASN1_INTEGER_set(pbm->iterationCount, (long)itercnt)) { ERR_raise(ERR_LIB_CRMF, CRMF_R_CRMFERROR); goto err; } diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 6c194794387..933e11e721a 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -60,7 +60,7 @@ int OPENSSL_isservice(void) } if (_OPENSSL_isservice.p != (void *)-1) - return (*_OPENSSL_isservice.f) (); + return (int)((*_OPENSSL_isservice.f)()); h = GetProcessWindowStation(); if (h == NULL) @@ -144,7 +144,7 @@ void OPENSSL_showfatal(const char *fmta, ...) fmt = (const TCHAR *)L"no stack?"; break; } - if (!MultiByteToWideChar(CP_ACP, 0, fmta, len_0, fmtw, len_0)) + if (!MultiByteToWideChar(CP_ACP, 0, fmta, (int)len_0, fmtw, (int)len_0)) for (i = 0; i < len_0; i++) fmtw[i] = (WCHAR)fmta[i]; for (i = 0; i < len_0; i++) { diff --git a/crypto/ct/ct_b64.c b/crypto/ct/ct_b64.c index 2535442063b..3fd62ba3529 100644 --- a/crypto/ct/ct_b64.c +++ b/crypto/ct/ct_b64.c @@ -27,17 +27,17 @@ static int ct_base64_decode(const char *in, unsigned char **out) int outlen, i; unsigned char *outbuf = NULL; - if (inlen == 0) { + if (inlen == 0 || inlen > INT_MAX) { *out = NULL; return 0; } - outlen = (inlen / 4) * 3; + outlen = (int)((inlen / 4) * 3); outbuf = OPENSSL_malloc(outlen); if (outbuf == NULL) goto err; - outlen = EVP_DecodeBlock(outbuf, (unsigned char *)in, inlen); + outlen = EVP_DecodeBlock(outbuf, (unsigned char *)in, (int)inlen); if (outlen < 0) { ERR_raise(ERR_LIB_CT, CT_R_BASE64_DECODE_ERROR); goto err; diff --git a/crypto/ct/ct_oct.c b/crypto/ct/ct_oct.c index 145b277109e..0f35ab0d1a8 100644 --- a/crypto/ct/ct_oct.c +++ b/crypto/ct/ct_oct.c @@ -64,7 +64,7 @@ int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len) len_remaining -= siglen; *in = p + siglen; - return len - len_remaining; + return (int)(len - len_remaining); } SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len) @@ -189,7 +189,7 @@ int i2o_SCT_signature(const SCT *sct, unsigned char **out) memcpy(p, sct->sig, sct->sig_len); } - return len; + return (int)len; err: OPENSSL_free(pstart); return -1; @@ -215,8 +215,10 @@ int i2o_SCT(const SCT *sct, unsigned char **out) else len = sct->sct_len; + if (len > INT_MAX) + return -1; if (out == NULL) - return len; + return (int)len; if (*out != NULL) { p = *out; @@ -244,7 +246,7 @@ int i2o_SCT(const SCT *sct, unsigned char **out) memcpy(p, sct->sct, len); } - return len; + return (int)len; err: OPENSSL_free(pstart); return -1; @@ -357,7 +359,7 @@ int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp) if (!is_pp_new) *pp += len2; } - return len2; + return (int)len2; err: if (is_pp_new) { diff --git a/crypto/ct/ct_prn.c b/crypto/ct/ct_prn.c index 374235b7ec5..6c81a54364c 100644 --- a/crypto/ct/ct_prn.c +++ b/crypto/ct/ct_prn.c @@ -82,7 +82,7 @@ void SCT_print(const SCT *sct, BIO *out, int indent, if (sct->version != SCT_VERSION_V1) { BIO_printf(out, "unknown\n%*s", indent + 16, ""); - BIO_hex_string(out, indent + 16, 16, sct->sct, sct->sct_len); + BIO_hex_string(out, indent + 16, 16, sct->sct, (int)sct->sct_len); return; } @@ -94,7 +94,7 @@ void SCT_print(const SCT *sct, BIO *out, int indent, } BIO_printf(out, "\n%*sLog ID : ", indent + 4, ""); - BIO_hex_string(out, indent + 16, 16, sct->log_id, sct->log_id_len); + BIO_hex_string(out, indent + 16, 16, sct->log_id, (int)sct->log_id_len); BIO_printf(out, "\n%*sTimestamp : ", indent + 4, ""); timestamp_print(sct->timestamp, out); @@ -103,12 +103,12 @@ void SCT_print(const SCT *sct, BIO *out, int indent, if (sct->ext_len == 0) BIO_printf(out, "none"); else - BIO_hex_string(out, indent + 16, 16, sct->ext, sct->ext_len); + BIO_hex_string(out, indent + 16, 16, sct->ext, (int)sct->ext_len); BIO_printf(out, "\n%*sSignature : ", indent + 4, ""); SCT_signature_algorithms_print(sct, out); BIO_printf(out, "\n%*s ", indent + 4, ""); - BIO_hex_string(out, indent + 16, 16, sct->sig, sct->sig_len); + BIO_hex_string(out, indent + 16, 16, sct->sig, (int)sct->sig_len); } void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent, diff --git a/crypto/des/str2key.c b/crypto/des/str2key.c index f6687fe524f..1595cd35188 100644 --- a/crypto/des/str2key.c +++ b/crypto/des/str2key.c @@ -19,11 +19,14 @@ void DES_string_to_key(const char *str, DES_cblock *key) { DES_key_schedule ks; - int i, length; + int i; + size_t length; memset(key, 0, 8); length = strlen(str); - for (i = 0; i < length; i++) { + if (length > INT_MAX) + length = INT_MAX; + for (i = 0; i < (int)length; i++) { register unsigned char j = str[i]; if ((i % 16) < 8) @@ -38,7 +41,7 @@ void DES_string_to_key(const char *str, DES_cblock *key) } DES_set_odd_parity(key); DES_set_key_unchecked(key, &ks); - DES_cbc_cksum((const unsigned char *)str, key, length, &ks, key); + DES_cbc_cksum((const unsigned char *)str, key, (int)length, &ks, key); OPENSSL_cleanse(&ks, sizeof(ks)); DES_set_odd_parity(key); } @@ -46,12 +49,15 @@ void DES_string_to_key(const char *str, DES_cblock *key) void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2) { DES_key_schedule ks; - int i, length; + int i; + size_t length; memset(key1, 0, 8); memset(key2, 0, 8); length = strlen(str); - for (i = 0; i < length; i++) { + if (length > INT_MAX) + length = INT_MAX; + for (i = 0; i < (int)length; i++) { register unsigned char j = str[i]; if ((i % 32) < 16) { @@ -74,9 +80,9 @@ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2) DES_set_odd_parity(key1); DES_set_odd_parity(key2); DES_set_key_unchecked(key1, &ks); - DES_cbc_cksum((const unsigned char *)str, key1, length, &ks, key1); + DES_cbc_cksum((const unsigned char *)str, key1, (int)length, &ks, key1); DES_set_key_unchecked(key2, &ks); - DES_cbc_cksum((const unsigned char *)str, key2, length, &ks, key2); + DES_cbc_cksum((const unsigned char *)str, key2, (int)length, &ks, key2); OPENSSL_cleanse(&ks, sizeof(ks)); DES_set_odd_parity(key1); DES_set_odd_parity(key2); diff --git a/crypto/deterministic_nonce.c b/crypto/deterministic_nonce.c index 3da9ba420f2..98ef226f41d 100644 --- a/crypto/deterministic_nonce.c +++ b/crypto/deterministic_nonce.c @@ -28,7 +28,7 @@ static int bits2int(BIGNUM *out, int qlen_bits, const unsigned char *in, size_t inlen) { - int blen_bits = inlen * 8; + int blen_bits = (int)(inlen * 8); int shift; if (BN_bin2bn(in, (int)inlen, out) == NULL) @@ -55,7 +55,7 @@ static int bits2int(BIGNUM *out, int qlen_bits, static int bits2int_consttime(BIGNUM *out, int qlen_bits, const unsigned char *in, size_t inlen) { - int blen_bits = (inlen - sizeof(BN_ULONG)) * 8; + int blen_bits = (int)((inlen - sizeof(BN_ULONG)) * 8); int shift; if (BN_bin2bn(in, (int)inlen, out) == NULL) diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 80e1612256b..e181fc295d8 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -410,7 +410,7 @@ static int dh_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) dh = (DH *) EVP_PKEY_get0_DH(pkey); if (dh == NULL) return 0; - return ossl_dh_key2buf(dh, arg2, 0, 1); + return (int)ossl_dh_key2buf(dh, arg2, 0, 1); default: return -2; } diff --git a/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c index 5fa91a8ec7d..928df3a6db7 100644 --- a/crypto/dh/dh_asn1.c +++ b/crypto/dh/dh_asn1.c @@ -116,7 +116,7 @@ DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length) if (dhx->vparams != NULL) { /* The counter has a maximum value of 4 * numbits(p) - 1 */ - size_t counter = (size_t)BN_get_word(dhx->vparams->counter); + int counter = (int)BN_get_word(dhx->vparams->counter); ossl_ffc_params_set_validate_params(params, dhx->vparams->seed->data, dhx->vparams->seed->length, counter); diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 7132b9b68e5..fab29ff265e 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -114,7 +114,7 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) { int ret = 0, i; - volatile size_t npad = 0, mask = 1; + volatile int npad = 0, mask = 1; /* compute the key; ret is constant unless compute_key is external */ #ifdef FIPS_MODULE @@ -392,7 +392,7 @@ int ossl_dh_buf2key(DH *dh, const unsigned char *buf, size_t len) const BIGNUM *p; int ret; - if ((pubkey = BN_bin2bn(buf, len, NULL)) == NULL) + if (len > INT_MAX || (pubkey = BN_bin2bn(buf, (int)len, NULL)) == NULL) goto err; DH_get0_pqg(dh, &p, NULL, NULL); if (p == NULL || BN_num_bytes(p) == 0) { diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c index 5095d8c2d67..0d9bb0dcb9a 100644 --- a/crypto/dh/dh_pmeth.c +++ b/crypto/dh/dh_pmeth.c @@ -188,7 +188,7 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return 1; case EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN: - *(int *)p2 = dctx->kdf_outlen; + *(int *)p2 = (int)dctx->kdf_outlen; return 1; case EVP_PKEY_CTRL_DH_KDF_UKM: @@ -202,7 +202,7 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) case EVP_PKEY_CTRL_GET_DH_KDF_UKM: *(unsigned char **)p2 = dctx->kdf_ukm; - return dctx->kdf_ukmlen; + return (int)dctx->kdf_ukmlen; case EVP_PKEY_CTRL_DH_KDF_OID: ASN1_OBJECT_free(dctx->kdf_oid); diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c index 00ac18fdffe..737d6247962 100644 --- a/crypto/dsa/dsa_pmeth.c +++ b/crypto/dsa/dsa_pmeth.c @@ -96,7 +96,7 @@ static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, return 0; } - ret = DSA_sign(0, tbs, tbslen, sig, &sltmp, dsa); + ret = DSA_sign(0, tbs, (int)tbslen, sig, &sltmp, dsa); if (ret <= 0) return ret; @@ -125,7 +125,7 @@ static int pkey_dsa_verify(EVP_PKEY_CTX *ctx, return 0; } - ret = DSA_verify(0, tbs, tbslen, sig, siglen, dsa); + ret = DSA_verify(0, tbs, (int)tbslen, sig, (int)siglen, dsa); return ret; } diff --git a/crypto/dso/dso_win32.c b/crypto/dso/dso_win32.c index 085ddef9695..21163d2c5f2 100644 --- a/crypto/dso/dso_win32.c +++ b/crypto/dso/dso_win32.c @@ -449,9 +449,9 @@ static char *win32_name_converter(DSO *dso, const char *filename) (strstr(filename, ":") == NULL)); /* If transform != 0, then we convert to %s.dll, else just dupe filename */ - len = strlen(filename) + 1; + len = (int)strlen(filename) + 1; if (transform) - len += strlen(".dll"); + len += (int)strlen(".dll"); translated = OPENSSL_malloc(len); if (translated == NULL) { ERR_raise(ERR_LIB_DSO, DSO_R_NAME_TRANSLATION_FAILED); diff --git a/crypto/ec/ec2_oct.c b/crypto/ec/ec2_oct.c index 4ed6287562a..eca6d750d5e 100644 --- a/crypto/ec/ec2_oct.c +++ b/crypto/ec/ec2_oct.c @@ -260,7 +260,7 @@ int ossl_ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, point_conversion_form_t form; int y_bit, m; BIGNUM *x, *y, *yxi; - size_t field_len, enc_len; + int field_len, enc_len; int ret = 0; #ifndef FIPS_MODULE BN_CTX *new_ctx = NULL; @@ -312,7 +312,7 @@ int ossl_ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len; - if (len != enc_len) { + if (len != (size_t)enc_len) { ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); return 0; } diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index ad28ba6827d..ae1c982152c 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -412,8 +412,8 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) return EC_KEY_oct2key(evp_pkey_get0_EC_KEY_int(pkey), arg2, arg1, NULL); case ASN1_PKEY_CTRL_GET1_TLS_ENCPT: - return EC_KEY_key2buf(EVP_PKEY_get0_EC_KEY(pkey), - POINT_CONVERSION_UNCOMPRESSED, arg2, NULL); + return (int)EC_KEY_key2buf(EVP_PKEY_get0_EC_KEY(pkey), + POINT_CONVERSION_UNCOMPRESSED, arg2, NULL); default: return -2; diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 643d2d8d7b8..62bf672974c 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -312,7 +312,7 @@ static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve) int ok = 0; BIGNUM *tmp_1 = NULL, *tmp_2 = NULL; unsigned char *a_buf = NULL, *b_buf = NULL; - size_t len; + int len; if (!group || !curve || !curve->a || !curve->b) return 0; @@ -333,7 +333,7 @@ static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve) * definition of Curve, C.1's definition of FieldElement, and 2.3.5's * definition of how to encode the field elements. */ - len = ((size_t)EC_GROUP_get_degree(group) + 7) / 8; + len = (EC_GROUP_get_degree(group) + 7) / 8; if ((a_buf = OPENSSL_malloc(len)) == NULL || (b_buf = OPENSSL_malloc(len)) == NULL) goto err; @@ -421,7 +421,7 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, form = EC_GROUP_get_point_conversion_form(group); len = EC_POINT_point2buf(group, point, form, &buffer, NULL); - if (len == 0) { + if (len == 0 || len > INT_MAX) { ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); goto err; } @@ -430,7 +430,7 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB); goto err; } - ASN1_STRING_set0(ret->base, buffer, len); + ASN1_STRING_set0(ret->base, buffer, (int)len); /* set the order */ tmp = EC_GROUP_get0_order(group); @@ -1037,12 +1037,12 @@ int i2d_ECPrivateKey(const EC_KEY *a, unsigned char **out) privlen = EC_KEY_priv2buf(a, &priv); - if (privlen == 0) { + if (privlen == 0 || privlen > INT_MAX) { ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); goto err; } - ASN1_STRING_set0(priv_key->privateKey, priv, privlen); + ASN1_STRING_set0(priv_key->privateKey, priv, (int)privlen); priv = NULL; if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS)) { @@ -1063,13 +1063,13 @@ int i2d_ECPrivateKey(const EC_KEY *a, unsigned char **out) publen = EC_KEY_key2buf(a, a->conv_form, &pub, NULL); - if (publen == 0) { + if (publen == 0 || publen > INT_MAX) { ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); goto err; } ossl_asn1_string_set_bits_left(priv_key->publicKey, 0); - ASN1_STRING_set0(priv_key->publicKey, pub, publen); + ASN1_STRING_set0(priv_key->publicKey, pub, (int)publen); pub = NULL; } @@ -1164,9 +1164,13 @@ int i2o_ECPublicKey(const EC_KEY *a, unsigned char **out) buf_len = EC_POINT_point2oct(a->group, a->pub_key, a->conv_form, NULL, 0, NULL); + if (buf_len > INT_MAX) { + ERR_raise(ERR_LIB_EC, ERR_R_PASSED_INVALID_ARGUMENT); + return 0; + } if (out == NULL || buf_len == 0) /* out == NULL => just return the length of the octet string */ - return buf_len; + return (int)buf_len; if (*out == NULL) { if ((*out = OPENSSL_malloc(buf_len)) == NULL) @@ -1184,7 +1188,7 @@ int i2o_ECPublicKey(const EC_KEY *a, unsigned char **out) } if (!new_buffer) *out += buf_len; - return buf_len; + return (int)buf_len; } DECLARE_ASN1_FUNCTIONS(ECDSA_SIG) diff --git a/crypto/ec/ec_deprecated.c b/crypto/ec/ec_deprecated.c index 905b5606383..20765c0b6f2 100644 --- a/crypto/ec/ec_deprecated.c +++ b/crypto/ec/ec_deprecated.c @@ -28,10 +28,10 @@ BIGNUM *EC_POINT_point2bn(const EC_GROUP *group, buf_len = EC_POINT_point2buf(group, point, form, &buf, ctx); - if (buf_len == 0) + if (buf_len == 0 || buf_len > INT_MAX) return NULL; - ret = BN_bin2bn(buf, buf_len, ret); + ret = BN_bin2bn(buf, (int)buf_len, ret); OPENSSL_free(buf); @@ -41,7 +41,7 @@ BIGNUM *EC_POINT_point2bn(const EC_GROUP *group, EC_POINT *EC_POINT_bn2point(const EC_GROUP *group, const BIGNUM *bn, EC_POINT *point, BN_CTX *ctx) { - size_t buf_len = 0; + int buf_len = 0; unsigned char *buf; EC_POINT *ret; diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index a3907ca5994..8adc6e89961 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -1007,14 +1007,14 @@ size_t EC_KEY_priv2oct(const EC_KEY *eckey, size_t ossl_ec_key_simple_priv2oct(const EC_KEY *eckey, unsigned char *buf, size_t len) { - size_t buf_len; + int buf_len; buf_len = (EC_GROUP_order_bits(eckey->group) + 7) / 8; if (eckey->priv_key == NULL) return 0; if (buf == NULL) return buf_len; - else if (len < buf_len) + else if (len < (size_t)buf_len) return 0; /* Octetstring may need leading zeros if BN is to short */ @@ -1046,13 +1046,17 @@ int EC_KEY_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len) int ossl_ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len) { + if (len > INT_MAX) { + ERR_raise(ERR_LIB_EC, ERR_R_PASSED_INVALID_ARGUMENT); + return 0; + } if (eckey->priv_key == NULL) eckey->priv_key = BN_secure_new(); if (eckey->priv_key == NULL) { ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); return 0; } - if (BN_bin2bn(buf, len, eckey->priv_key) == NULL) { + if (BN_bin2bn(buf, (int)len, eckey->priv_key) == NULL) { ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); return 0; } diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c index 054a3333a78..b034a11ef45 100644 --- a/crypto/ec/ec_kmeth.c +++ b/crypto/ec/ec_kmeth.c @@ -171,7 +171,7 @@ int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, memcpy(out, sec, outlen); } OPENSSL_clear_free(sec, seclen); - return outlen; + return (int)outlen; } EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth) diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index e9092a6c9db..c9ff0afe09e 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -530,7 +530,7 @@ int ossl_ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, num_val += (size_t)1 << (wsize[i] - 1); wNAF[i + 1] = NULL; /* make sure we always have a pivot */ wNAF[i] = - bn_compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], + bn_compute_wNAF((i < num ? scalars[i] : scalar), (int)wsize[i], &wNAF_len[i]); if (wNAF[i] == NULL) goto err; @@ -560,7 +560,7 @@ int ossl_ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, * use the window size for which we have precomputation */ wsize[num] = pre_comp->w; - tmp_wNAF = bn_compute_wNAF(scalar, wsize[num], &tmp_len); + tmp_wNAF = bn_compute_wNAF(scalar, (int)wsize[num], &tmp_len); if (!tmp_wNAF) goto err; @@ -708,7 +708,9 @@ int ossl_ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, r_is_at_infinity = 1; - for (k = max_len - 1; k >= 0; k--) { + if (max_len > INT_MAX) + goto err; + for (k = (int)(max_len - 1); k >= 0; k--) { if (!r_is_at_infinity) { if (!EC_POINT_dbl(group, r, r, ctx)) goto err; diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c index 716b1860bbf..ab93009c741 100644 --- a/crypto/ec/ec_pmeth.c +++ b/crypto/ec/ec_pmeth.c @@ -131,7 +131,7 @@ static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, type = (dctx->md != NULL) ? EVP_MD_get_type(dctx->md) : NID_sha1; - ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec); + ret = ECDSA_sign(type, tbs, (int)tbslen, sig, &sltmp, ec); if (ret <= 0) return ret; @@ -157,7 +157,7 @@ static int pkey_ec_verify(EVP_PKEY_CTX *ctx, else type = NID_sha1; - ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec); + ret = ECDSA_verify(type, tbs, (int)tbslen, sig, (int)siglen, ec); return ret; } @@ -334,7 +334,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return 1; case EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN: - *(int *)p2 = dctx->kdf_outlen; + *(int *)p2 = (int)dctx->kdf_outlen; return 1; case EVP_PKEY_CTRL_EC_KDF_UKM: @@ -348,7 +348,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) case EVP_PKEY_CTRL_GET_EC_KDF_UKM: *(unsigned char **)p2 = dctx->kdf_ukm; - return dctx->kdf_ukmlen; + return (int)dctx->kdf_ukmlen; case EVP_PKEY_CTRL_MD: if (EVP_MD_get_type((const EVP_MD *)p2) != NID_sha1 && diff --git a/crypto/ec/ecp_oct.c b/crypto/ec/ecp_oct.c index 68943e521e8..18f4386caee 100644 --- a/crypto/ec/ecp_oct.c +++ b/crypto/ec/ecp_oct.c @@ -279,7 +279,7 @@ int ossl_ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, int y_bit; BN_CTX *new_ctx = NULL; BIGNUM *x, *y; - size_t field_len, enc_len; + int field_len, enc_len; int ret = 0; if (len == 0) { @@ -314,7 +314,7 @@ int ossl_ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len; - if (len != enc_len) { + if (len != (size_t)enc_len) { ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); return 0; } diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c index 6c445f9121b..531ff1c3df4 100644 --- a/crypto/ec/ecx_meth.c +++ b/crypto/ec/ecx_meth.c @@ -265,7 +265,7 @@ static int ecx_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv, if (pkey->keymgmt != NULL) libctx = ossl_provider_libctx(EVP_KEYMGMT_get0_provider(pkey->keymgmt)); - ecx = ossl_ecx_key_op(NULL, priv, len, pkey->ameth->pkey_id, + ecx = ossl_ecx_key_op(NULL, priv, (int)len, pkey->ameth->pkey_id, KEY_OP_PRIVATE, libctx, NULL); if (ecx != NULL) { @@ -283,7 +283,7 @@ static int ecx_set_pub_key(EVP_PKEY *pkey, const unsigned char *pub, size_t len) if (pkey->keymgmt != NULL) libctx = ossl_provider_libctx(EVP_KEYMGMT_get0_provider(pkey->keymgmt)); - ecx = ossl_ecx_key_op(NULL, pub, len, pkey->ameth->pkey_id, + ecx = ossl_ecx_key_op(NULL, pub, (int)len, pkey->ameth->pkey_id, KEY_OP_PUBLIC, libctx, NULL); if (ecx != NULL) { diff --git a/crypto/encode_decode/decoder_lib.c b/crypto/encode_decode/decoder_lib.c index dedfb24e569..f0e29c1608e 100644 --- a/crypto/encode_decode/decoder_lib.c +++ b/crypto/encode_decode/decoder_lib.c @@ -30,9 +30,9 @@ struct decoder_process_data_st { BIO *bio; /* Index of the current decoder instance to be processed */ - size_t current_decoder_inst_index; + int current_decoder_inst_index; /* For tracing, count recursion level */ - size_t recursion; + int recursion; /*- * Flags @@ -419,8 +419,8 @@ struct collect_extra_decoder_data_st { * 1 to check that the decoder's input type differs from the decoder name */ enum { IS_SAME = 0, IS_DIFFERENT = 1 } type_check; - size_t w_prev_start, w_prev_end; /* "previous" decoders */ - size_t w_new_start, w_new_end; /* "new" decoders */ + int w_prev_start, w_prev_end; /* "previous" decoders */ + int w_new_start, w_new_end; /* "new" decoders */ }; DEFINE_STACK_OF(OSSL_DECODER) @@ -437,7 +437,7 @@ static void collect_all_decoders(OSSL_DECODER *decoder, void *arg) static void collect_extra_decoder(OSSL_DECODER *decoder, void *arg) { struct collect_extra_decoder_data_st *data = arg; - size_t j; + int j; const OSSL_PROVIDER *prov = OSSL_DECODER_get0_provider(decoder); void *provctx = OSSL_PROVIDER_get0_provider_ctx(prov); @@ -574,7 +574,7 @@ int OSSL_DECODER_CTX_add_extra(OSSL_DECODER_CTX *ctx, struct collect_extra_decoder_data_st data; size_t depth = 0; /* Counts the number of iterations */ size_t count; /* Calculates how many were added in each iteration */ - size_t numdecoders; + int numdecoders; STACK_OF(OSSL_DECODER) *skdecoders; if (!ossl_assert(ctx != NULL)) { @@ -628,7 +628,7 @@ int OSSL_DECODER_CTX_add_extra(OSSL_DECODER_CTX *ctx, data.w_prev_start = 0; data.w_prev_end = sk_OSSL_DECODER_INSTANCE_num(ctx->decoder_insts); do { - size_t i, j; + int i, j; data.w_new_start = data.w_new_end = data.w_prev_end; @@ -797,7 +797,7 @@ static int decoder_process(const OSSL_PARAM params[], void *arg) OSSL_CORE_BIO *cbio = NULL; BIO *bio = data->bio; long loc; - size_t i; + int i; int ok = 0; /* For recursions */ struct decoder_process_data_st new_data; @@ -817,7 +817,7 @@ static int decoder_process(const OSSL_PARAM params[], void *arg) new_data.recursion = data->recursion + 1; #define LEVEL_STR ">>>>>>>>>>>>>>>>" -#define LEVEL (new_data.recursion < sizeof(LEVEL_STR) \ +#define LEVEL ((size_t)new_data.recursion < sizeof(LEVEL_STR) \ ? &LEVEL_STR[sizeof(LEVEL_STR) - new_data.recursion - 1] \ : LEVEL_STR "...") diff --git a/crypto/encode_decode/decoder_meth.c b/crypto/encode_decode/decoder_meth.c index 85ab3b52867..8043d7a0741 100644 --- a/crypto/encode_decode/decoder_meth.c +++ b/crypto/encode_decode/decoder_meth.c @@ -641,8 +641,8 @@ int OSSL_DECODER_CTX_set_params(OSSL_DECODER_CTX *ctx, const OSSL_PARAM params[]) { int ok = 1; - size_t i; - size_t l; + int i; + int l; if (!ossl_assert(ctx != NULL)) { ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER); diff --git a/crypto/encode_decode/encoder_meth.c b/crypto/encode_decode/encoder_meth.c index e99eaecbfb3..88b85611887 100644 --- a/crypto/encode_decode/encoder_meth.c +++ b/crypto/encode_decode/encoder_meth.c @@ -625,8 +625,8 @@ int OSSL_ENCODER_CTX_set_params(OSSL_ENCODER_CTX *ctx, const OSSL_PARAM params[]) { int ok = 1; - size_t i; - size_t l; + int i; + int l; if (!ossl_assert(ctx != NULL)) { ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER); diff --git a/crypto/engine/eng_ctrl.c b/crypto/engine/eng_ctrl.c index f1da9b23bb5..cfc90c8ec43 100644 --- a/crypto/engine/eng_ctrl.c +++ b/crypto/engine/eng_ctrl.c @@ -108,15 +108,15 @@ static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, cdp++; return int_ctrl_cmd_is_null(cdp) ? 0 : cdp->cmd_num; case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD: - return strlen(cdp->cmd_name); + return (int)strlen(cdp->cmd_name); case ENGINE_CTRL_GET_NAME_FROM_CMD: - return strlen(strcpy(s, cdp->cmd_name)); + return (int)strlen(strcpy(s, cdp->cmd_name)); case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD: - return strlen(cdp->cmd_desc == NULL ? int_no_description - : cdp->cmd_desc); + return (int)strlen(cdp->cmd_desc == NULL ? int_no_description + : cdp->cmd_desc); case ENGINE_CTRL_GET_DESC_FROM_CMD: - return strlen(strcpy(s, cdp->cmd_desc == NULL ? int_no_description - : cdp->cmd_desc)); + return (int)strlen(strcpy(s, cdp->cmd_desc == NULL ? int_no_description + : cdp->cmd_desc)); case ENGINE_CTRL_GET_CMD_FLAGS: return cdp->cmd_flags; } diff --git a/crypto/engine/tb_asnmth.c b/crypto/engine/tb_asnmth.c index c74fc4700b4..e9d21317f25 100644 --- a/crypto/engine/tb_asnmth.c +++ b/crypto/engine/tb_asnmth.c @@ -146,7 +146,7 @@ const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e, if (!e->pkey_asn1_meths) return NULL; if (len == -1) - len = strlen(str); + len = (int)strlen(str); nidcount = e->pkey_asn1_meths(e, NULL, &nids, 0); for (i = 0; i < nidcount; i++) { e->pkey_asn1_meths(e, &ameth, NULL, nids[i]); diff --git a/crypto/err/err.c b/crypto/err/err.c index 485e802f96a..167b66ed6bf 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -813,7 +813,8 @@ void ERR_add_error_data(int num, ...) void ERR_add_error_vdata(int num, va_list args) { - int i, len, size; + int i; + size_t len, size; int flags = ERR_TXT_MALLOCED | ERR_TXT_STRING; char *str, *arg; ERR_STATE *es; @@ -865,7 +866,7 @@ void ERR_add_error_vdata(int num, va_list args) } str = p; } - OPENSSL_strlcat(str, arg, (size_t)size); + OPENSSL_strlcat(str, arg, size); } if (!err_set_error_data_int(str, size, flags, 0)) OPENSSL_free(str); diff --git a/crypto/err/err_prn.c b/crypto/err/err_prn.c index 028811eedee..5efb033e1bb 100644 --- a/crypto/err/err_prn.c +++ b/crypto/err/err_prn.c @@ -35,9 +35,9 @@ void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u), hex = ossl_buf2hexstr_sep((const unsigned char *)&tid, sizeof(tid), '\0'); BIO_snprintf(buf, sizeof(buf), "%s:", hex == NULL ? "" : hex); - offset = strlen(buf); + offset = (int)strlen(buf); ossl_err_string_int(l, func, buf + offset, sizeof(buf) - offset); - offset += strlen(buf + offset); + offset += (int)strlen(buf + offset); BIO_snprintf(buf + offset, sizeof(buf) - offset, ":%s:%d:%s\n", file, line, data); OPENSSL_free(hex); @@ -165,7 +165,7 @@ void ERR_add_error_mem_bio(const char *separator, BIO *bio) static int print_bio(const char *str, size_t len, void *bp) { - return BIO_write((BIO *)bp, str, len); + return BIO_write((BIO *)bp, str, (int)len); } void ERR_print_errors(BIO *bp) diff --git a/crypto/err/err_save.c b/crypto/err/err_save.c index 1994c26ceef..b983b8334b3 100644 --- a/crypto/err/err_save.c +++ b/crypto/err/err_save.c @@ -25,7 +25,7 @@ ERR_STATE *OSSL_ERR_STATE_new(void) void OSSL_ERR_STATE_save(ERR_STATE *es) { - size_t i; + int i; ERR_STATE *thread_es; if (es == NULL) @@ -45,7 +45,7 @@ void OSSL_ERR_STATE_save(ERR_STATE *es) void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es) { - size_t i, j, count; + int i, j, count; int top; ERR_STATE *thread_es; @@ -112,7 +112,7 @@ void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es) void OSSL_ERR_STATE_restore(const ERR_STATE *es) { - size_t i; + int i; ERR_STATE *thread_es; if (es == NULL || es->bottom == es->top) @@ -122,8 +122,8 @@ void OSSL_ERR_STATE_restore(const ERR_STATE *es) if (thread_es == NULL) return; - for (i = (size_t)es->bottom; i != (size_t)es->top;) { - size_t top; + for (i = es->bottom; i != es->top;) { + int top; i = (i + 1) % ERR_NUM_ERRORS; if ((es->err_flags[i] & ERR_FLAG_CLEAR) != 0) diff --git a/crypto/evp/bio_b64.c b/crypto/evp/bio_b64.c index 7f15e21b52c..e4c0f54c7f6 100644 --- a/crypto/evp/bio_b64.c +++ b/crypto/evp/bio_b64.c @@ -224,7 +224,7 @@ static int b64_read(BIO *b, char *out, int outl) continue; } - k = EVP_DecodeUpdate(ctx->base64, ctx->buf, &num, p, q - p); + k = EVP_DecodeUpdate(ctx->base64, ctx->buf, &num, p, (int)(q - p)); EVP_DecodeInit(ctx->base64); if (k <= 0 && num == 0) { p = q; @@ -233,7 +233,7 @@ static int b64_read(BIO *b, char *out, int outl) ctx->start = 0; if (p != ctx->tmp) { - i -= p - ctx->tmp; + i -= (int)(p - ctx->tmp); for (x = 0; x < i; x++) ctx->tmp[x] = p[x]; } @@ -254,7 +254,7 @@ static int b64_read(BIO *b, char *out, int outl) } } else if (p != q) { /* Retain partial line at end of buffer */ - n = q - p; + n = (int)(q - p); for (ii = 0; ii < n; ii++) ctx->tmp[ii] = p[ii]; ctx->tmp_len = n; @@ -580,5 +580,9 @@ static long b64_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) static int b64_puts(BIO *b, const char *str) { - return b64_write(b, str, strlen(str)); + size_t len = strlen(str); + + if (len > INT_MAX) + return -1; + return b64_write(b, str, (int)len); } diff --git a/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c index b0889fe0bb1..77a38d9e94d 100644 --- a/crypto/evp/bio_enc.c +++ b/crypto/evp/bio_enc.c @@ -154,7 +154,7 @@ static int enc_read(BIO *b, char *out, int outl) if (i > 0) ctx->read_end += i; } else { - i = ctx->read_end - ctx->read_start; + i = (int)(ctx->read_end - ctx->read_start); } if (i <= 0) { diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c index 20811ffded6..864ebad6b71 100644 --- a/crypto/evp/bio_ok.c +++ b/crypto/evp/bio_ok.c @@ -184,7 +184,7 @@ static int ok_read(BIO *b, char *out, int outl) /* copy clean bytes to output buffer */ if (ctx->blockout) { - i = ctx->buf_len - ctx->buf_off; + i = (int)(ctx->buf_len - ctx->buf_off); if (i > outl) i = outl; memcpy(out, &(ctx->buf[ctx->buf_off]), i); @@ -216,7 +216,7 @@ static int ok_read(BIO *b, char *out, int outl) break; /* no clean bytes in buffer -- fill it */ - n = IOBS - ctx->buf_len; + n = (int)(IOBS - ctx->buf_len); i = BIO_read(next, &(ctx->buf[ctx->buf_len]), n); if (i <= 0) @@ -272,7 +272,7 @@ static int ok_write(BIO *b, const char *in, int inl) do { BIO_clear_retry_flags(b); - n = ctx->buf_len - ctx->buf_off; + n = (int)(ctx->buf_len - ctx->buf_off); while (ctx->blockout && n > 0) { i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n); if (i <= 0) { @@ -348,7 +348,7 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr) break; case BIO_CTRL_PENDING: /* More to read in buffer */ case BIO_CTRL_WPENDING: /* More to read in buffer */ - ret = ctx->blockout ? ctx->buf_len - ctx->buf_off : 0; + ret = ctx->blockout ? (long)(ctx->buf_len - ctx->buf_off) : 0; if (ret <= 0) ret = BIO_ctrl(next, cmd, num, ptr); break; @@ -538,7 +538,7 @@ static int block_out(BIO *b) if (md_size <= 0) goto berr; - tl = ctx->buf_len - OK_BLOCK_BLOCK; + tl = (unsigned long)(ctx->buf_len - OK_BLOCK_BLOCK); ctx->buf[0] = (unsigned char)(tl >> 24); ctx->buf[1] = (unsigned char)(tl >> 16); ctx->buf[2] = (unsigned char)(tl >> 8); diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c index 1d1f571d35c..015fab1f438 100644 --- a/crypto/evp/ctrl_params_translate.c +++ b/crypto/evp/ctrl_params_translate.c @@ -465,7 +465,8 @@ static int default_fixup_args(enum state state, = OPENSSL_malloc(ctx->buflen)) == NULL) return 0; if (BN_bn2nativepad(ctx->p2, - ctx->allocated_buf, ctx->buflen) < 0) { + ctx->allocated_buf, + (int)ctx->buflen) < 0) { OPENSSL_free(ctx->allocated_buf); ctx->allocated_buf = NULL; return 0; @@ -774,10 +775,10 @@ static int fix_cipher_md(enum state state, ctx->p2 = (char *)(ctx->p2 == NULL ? OBJ_nid2sn(ctx->p1) : get_name(ctx->p2)); - ctx->p1 = strlen(ctx->p2); + ctx->p1 = (int)strlen(ctx->p2); } else if (state == POST_PARAMS_TO_CTRL && ctx->action_type == OSSL_ACTION_GET) { ctx->p2 = (ctx->p2 == NULL ? "" : (char *)get_name(ctx->p2)); - ctx->p1 = strlen(ctx->p2); + ctx->p1 = (int)strlen(ctx->p2); } if ((ret = default_fixup_args(state, translation, ctx)) <= 0) @@ -895,7 +896,7 @@ static int fix_kdf_type(enum state state, } if (ret <= 0) goto end; - ctx->p1 = strlen(ctx->p2); + ctx->p1 = (int)strlen(ctx->p2); } if ((ret = default_fixup_args(state, translation, ctx)) <= 0) @@ -1081,7 +1082,7 @@ static int fix_dh_paramgen_type(enum state state, ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE); return 0; } - ctx->p1 = strlen(ctx->p2); + ctx->p1 = (int)strlen(ctx->p2); } return default_fixup_args(state, translation, ctx); @@ -1338,7 +1339,7 @@ static int fix_rsa_padding_mode(enum state state, return -2; } ctx->p2 = str_value_map[i].ptr; - ctx->p1 = strlen(ctx->p2); + ctx->p1 = (int)strlen(ctx->p2); } if ((ret = default_fixup_args(state, translation, ctx)) <= 0) @@ -1417,7 +1418,7 @@ static int fix_rsa_pss_saltlen(enum state state, ctx->name_buf[sizeof(ctx->name_buf) - 1] = '\0'; } ctx->p2 = ctx->name_buf; - ctx->p1 = strlen(ctx->p2); + ctx->p1 = (int)strlen(ctx->p2); } if ((ret = default_fixup_args(state, translation, ctx)) <= 0) @@ -1476,7 +1477,7 @@ static int fix_hkdf_mode(enum state state, if (i == OSSL_NELEM(str_value_map)) return 0; ctx->p2 = str_value_map[i].ptr; - ctx->p1 = strlen(ctx->p2); + ctx->p1 = (int)strlen(ctx->p2); } if ((ret = default_fixup_args(state, translation, ctx)) <= 0) @@ -1561,7 +1562,7 @@ static int get_payload_group_name(enum state state, if (ctx->p2 == NULL) return 1; - ctx->p1 = strlen(ctx->p2); + ctx->p1 = (int)strlen(ctx->p2); return default_fixup_args(state, translation, ctx); } diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 6fc201bcfe2..20311a610c2 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -485,7 +485,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *isize) OPENSSL_assert(mdsize <= EVP_MAX_MD_SIZE); ret = ctx->digest->final(ctx, md); if (isize != NULL) - *isize = mdsize; + *isize = (unsigned int)mdsize; if (ctx->digest->cleanup) { ctx->digest->cleanup(ctx); EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 10abb7d52cf..fa9504dad96 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -2951,7 +2951,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, out += len; /* Finally write tag */ CRYPTO_gcm128_tag(&gctx->gcm, out, EVP_GCM_TLS_TAG_LEN); - rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; + rv = (int)(len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN); } else { /* Decrypt */ if (gctx->ctr) { @@ -2998,7 +2998,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, OPENSSL_cleanse(out, len); goto err; } - rv = len; + rv = (int)len; } err: @@ -3155,7 +3155,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return -1; } } - return len; + return (int)len; } else { if (!EVP_CIPHER_CTX_is_encrypting(ctx)) { if (gctx->taglen < 0) @@ -3559,7 +3559,7 @@ static int aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return -1; if (!CRYPTO_ccm128_tag(ccm, out + len, cctx->M)) return -1; - return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M; + return (int)(len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M); } else { if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, cctx->str) : @@ -3567,7 +3567,7 @@ static int aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, unsigned char tag[16]; if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { if (!CRYPTO_memcmp(tag, in + len, cctx->M)) - return len; + return (int)len; } } OPENSSL_cleanse(out, len); @@ -3600,13 +3600,13 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 15 - cctx->L, len)) return -1; cctx->len_set = 1; - return len; + return (int)len; } /* If have AAD need message length */ if (!cctx->len_set && len) return -1; CRYPTO_ccm128_aad(ccm, in, len); - return len; + return (int)len; } /* The tag must be set before actually decrypting data */ @@ -3625,7 +3625,7 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, CRYPTO_ccm128_encrypt(ccm, in, out, len)) return -1; cctx->tag_set = 1; - return len; + return (int)len; } else { int rv = -1; if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, @@ -3635,7 +3635,7 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { if (!CRYPTO_memcmp(tag, EVP_CIPHER_CTX_buf_noconst(ctx), cctx->M)) - rv = len; + rv = (int)len; } } if (rv == -1) @@ -3715,7 +3715,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, /* If not padding input must be multiple of 8 */ if (!pad && inlen & 0x7) return -1; - if (ossl_is_partially_overlapping(out, in, inlen)) { + if (ossl_is_partially_overlapping(out, in, (int)inlen)) { ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING); return 0; } @@ -3725,14 +3725,14 @@ static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (pad) inlen = (inlen + 7) / 8 * 8; /* 8 byte prefix */ - return inlen + 8; + return (int)(inlen + 8); } else { /* * If not padding output will be exactly 8 bytes smaller than * input. If padding it will be at least 8 bytes smaller but we * don't know how much. */ - return inlen - 8; + return (int)(inlen - 8); } } if (pad) { @@ -4021,7 +4021,7 @@ static int aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, buf = octx->data_buf; buf_len = &(octx->data_buf_len); - if (ossl_is_partially_overlapping(out + *buf_len, in, len)) { + if (ossl_is_partially_overlapping(out + *buf_len, in, (int)len)) { ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING); return 0; } @@ -4037,7 +4037,7 @@ static int aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, remaining = AES_BLOCK_SIZE - (*buf_len); if (remaining > len) { memcpy(buf + (*buf_len), in, len); - *(buf_len) += len; + *(buf_len) += (int)len; return 0; } memcpy(buf + (*buf_len), in, remaining); @@ -4084,14 +4084,14 @@ static int aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, (&octx->ocb, in, out, len - trailing_len)) return -1; } - written_len += len - trailing_len; + written_len += (int)(len - trailing_len); in += len - trailing_len; } /* Handle any trailing partial block */ if (trailing_len > 0) { memcpy(buf, in, trailing_len); - *buf_len = trailing_len; + *buf_len = (int)trailing_len; } return written_len; diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c index 8843c8ae119..3b8c5fb4797 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -122,8 +122,8 @@ static void sha1_update(SHA_CTX *c, const void *data, size_t len) sha1_block_data_order(c, ptr, len / SHA_CBLOCK); ptr += len; - c->Nh += len >> 29; - c->Nl += len <<= 3; + c->Nh += (unsigned int)(len >> 29); + c->Nl += (unsigned int)(len <<= 3); if (c->Nl < (unsigned int)len) c->Nh++; } @@ -445,8 +445,8 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, blocks *= SHA_CBLOCK; aes_off += blocks; sha_off += blocks; - key->md.Nh += blocks >> 29; - key->md.Nl += blocks <<= 3; + key->md.Nh += (unsigned int)(blocks >> 29); + key->md.Nl += (unsigned int)(blocks <<= 3); if (key->md.Nl < (unsigned int)blocks) key->md.Nh++; } else { @@ -468,7 +468,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, /* pad the payload|hmac */ plen += SHA_DIGEST_LENGTH; - for (l = len - plen - 1; plen < len; plen++) + for (l = (unsigned int)(len - plen - 1); plen < len; plen++) out[plen] = l; /* encrypt HMAC|padding at once */ aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off, @@ -536,7 +536,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, /* figure out payload length */ pad = out[len - 1]; - maxpad = len - (SHA_DIGEST_LENGTH + 1); + maxpad = (unsigned int)(len - (SHA_DIGEST_LENGTH + 1)); maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8); maxpad &= 255; @@ -548,12 +548,12 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, * we'll use the maxpad value instead of the supplied pad to make * sure we perform well defined pointer arithmetic. */ - pad = constant_time_select(mask, pad, maxpad); + pad = constant_time_select((unsigned int)mask, pad, maxpad); inp_len = len - (SHA_DIGEST_LENGTH + pad + 1); - key->aux.tls_aad[plen - 2] = inp_len >> 8; - key->aux.tls_aad[plen - 1] = inp_len; + key->aux.tls_aad[plen - 2] = (unsigned char)(inp_len >> 8); + key->aux.tls_aad[plen - 1] = (unsigned char)inp_len; /* calculate HMAC */ key->md = key->head; @@ -594,7 +594,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } /* but pretend as if we hashed padded payload */ - bitlen = key->md.Nl + (inp_len << 3); /* at most 18 bits */ + bitlen = key->md.Nl + (unsigned int)(inp_len << 3); /* at most 18 bits */ # ifdef BSWAP4 bitlen = BSWAP4(bitlen); # else @@ -869,7 +869,7 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, if (inp_len >= 8192 && OPENSSL_ia32cap_P[2] & (1 << 5)) n4x = 2; /* AVX2 */ } else if ((n4x = param->interleave / 4) && n4x <= 2) - inp_len = param->len; + inp_len = (unsigned int)param->len; else return -1; diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c index 3a5f757dbff..8edcbf799a6 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha256.c +++ b/crypto/evp/e_aes_cbc_hmac_sha256.c @@ -116,8 +116,8 @@ static void sha256_update(SHA256_CTX *c, const void *data, size_t len) sha256_block_data_order(c, ptr, len / SHA256_CBLOCK); ptr += len; - c->Nh += len >> 29; - c->Nl += len <<= 3; + c->Nh += (unsigned int)(len >> 29); + c->Nl += (unsigned int)(len <<= 3); if (c->Nl < (unsigned int)len) c->Nh++; } @@ -473,8 +473,8 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, blocks *= SHA256_CBLOCK; aes_off += blocks; sha_off += blocks; - key->md.Nh += blocks >> 29; - key->md.Nl += blocks <<= 3; + key->md.Nh += (unsigned int)(blocks >> 29); + key->md.Nl += (unsigned int)(blocks <<= 3); if (key->md.Nl < (unsigned int)blocks) key->md.Nh++; } else { @@ -496,7 +496,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, /* pad the payload|hmac */ plen += SHA256_DIGEST_LENGTH; - for (l = len - plen - 1; plen < len; plen++) + for (l = (unsigned int)(len - plen - 1); plen < len; plen++) out[plen] = l; /* encrypt HMAC|padding at once */ aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off, @@ -540,7 +540,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, /* figure out payload length */ pad = out[len - 1]; - maxpad = len - (SHA256_DIGEST_LENGTH + 1); + maxpad = (unsigned int)(len - (SHA256_DIGEST_LENGTH + 1)); maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8); maxpad &= 255; @@ -552,12 +552,12 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, * we'll use the maxpad value instead of the supplied pad to make * sure we perform well defined pointer arithmetic. */ - pad = constant_time_select(mask, pad, maxpad); + pad = constant_time_select((unsigned int)mask, pad, maxpad); inp_len = len - (SHA256_DIGEST_LENGTH + pad + 1); - key->aux.tls_aad[plen - 2] = inp_len >> 8; - key->aux.tls_aad[plen - 1] = inp_len; + key->aux.tls_aad[plen - 2] = (unsigned char)(inp_len >> 8); + key->aux.tls_aad[plen - 1] = (unsigned char)inp_len; /* calculate HMAC */ key->md = key->head; @@ -575,7 +575,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, } /* but pretend as if we hashed padded payload */ - bitlen = key->md.Nl + (inp_len << 3); /* at most 18 bits */ + bitlen = key->md.Nl + (unsigned int)(inp_len << 3); /* at most 18 bits */ # ifdef BSWAP4 bitlen = BSWAP4(bitlen); # else @@ -846,7 +846,7 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, if (inp_len >= 8192 && OPENSSL_ia32cap_P[2] & (1 << 5)) n4x = 2; /* AVX2 */ } else if ((n4x = param->interleave / 4) && n4x <= 2) - inp_len = param->len; + inp_len = (unsigned int)param->len; else return -1; diff --git a/crypto/evp/e_aria.c b/crypto/evp/e_aria.c index 5a894fbb9be..317808cf736 100644 --- a/crypto/evp/e_aria.c +++ b/crypto/evp/e_aria.c @@ -428,7 +428,7 @@ static int aria_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, out += len; /* Finally write tag */ CRYPTO_gcm128_tag(&gctx->gcm, out, EVP_GCM_TLS_TAG_LEN); - rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; + rv = (int)(len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN); } else { /* Decrypt */ if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len)) @@ -442,7 +442,7 @@ static int aria_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, OPENSSL_cleanse(out, len); goto err; } - rv = len; + rv = (int)len; } err: @@ -476,7 +476,7 @@ static int aria_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len)) return -1; } - return len; + return (int)len; } if (!EVP_CIPHER_CTX_is_encrypting(ctx)) { if (gctx->taglen < 0) @@ -667,14 +667,14 @@ static int aria_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return -1; if (!CRYPTO_ccm128_tag(ccm, out + len, cctx->M)) return -1; - return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M; + return (int)(len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M); } else { if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, cctx->str) : !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { unsigned char tag[16]; if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { if (!CRYPTO_memcmp(tag, in + len, cctx->M)) - return len; + return (int)len; } } OPENSSL_cleanse(out, len); @@ -707,13 +707,13 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len)) return -1; cctx->len_set = 1; - return len; + return (int)len; } /* If have AAD need message length */ if (!cctx->len_set && len) return -1; CRYPTO_ccm128_aad(ccm, in, len); - return len; + return (int)len; } /* The tag must be set before actually decrypting data */ @@ -731,7 +731,7 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, : CRYPTO_ccm128_encrypt(ccm, in, out, len)) return -1; cctx->tag_set = 1; - return len; + return (int)len; } else { int rv = -1; if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, @@ -741,7 +741,7 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { if (!CRYPTO_memcmp(tag, EVP_CIPHER_CTX_buf_noconst(ctx), cctx->M)) - rv = len; + rv = (int)len; } } if (rv == -1) diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c index 731c1a1dc70..fd012e4cee6 100644 --- a/crypto/evp/e_chacha20_poly1305.c +++ b/crypto/evp/e_chacha20_poly1305.c @@ -355,7 +355,7 @@ static int chacha20_poly1305_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } } - return len; + return (int)len; } # else static const unsigned char zero[CHACHA_BLK_SIZE] = { 0 }; @@ -393,7 +393,7 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, Poly1305_Update(POLY1305_ctx(actx), in, len); actx->len.aad += len; actx->aad = 1; - return len; + return (int)len; } else { /* plain- or ciphertext */ if (actx->aad) { /* wrap up aad */ if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE)) @@ -482,7 +482,7 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return -1; } } - return len; + return (int)len; } static int chacha20_poly1305_cleanup(EVP_CIPHER_CTX *ctx) diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index 8fdf17cdc0d..cb8050c23bc 100644 --- a/crypto/evp/e_des3.c +++ b/crypto/evp/e_des3.c @@ -321,10 +321,11 @@ static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out, { unsigned char icv[8], iv[8], sha1tmp[SHA_DIGEST_LENGTH]; int rv = -1; + if (inl < 24) return -1; if (out == NULL) - return inl - 16; + return (int)(inl - 16); memcpy(ctx->iv, wrap_iv, 8); /* Decrypt first block which will end up as icv */ des_ede_cbc_cipher(ctx, icv, in, 8); @@ -349,7 +350,7 @@ static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out, des_ede_cbc_cipher(ctx, icv, icv, 8); if (ossl_sha1(out, inl - 16, sha1tmp) /* Work out hash of first portion */ && CRYPTO_memcmp(sha1tmp, icv, 8) == 0) - rv = inl - 16; + rv = (int)(inl - 16); OPENSSL_cleanse(icv, 8); OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH); OPENSSL_cleanse(iv, 8); @@ -365,7 +366,7 @@ static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned char *out, { unsigned char sha1tmp[SHA_DIGEST_LENGTH]; if (out == NULL) - return inl + 16; + return (int)(inl + 16); /* Copy input to output buffer + 8 so we have space for IV */ memmove(out + 8, in, inl); /* Work out ICV */ @@ -382,7 +383,7 @@ static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned char *out, BUF_reverse(out, NULL, inl + 16); memcpy(ctx->iv, wrap_iv, 8); des_ede_cbc_cipher(ctx, out, out, inl + 16); - return inl + 16; + return (int)(inl + 16); } static int des_ede3_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, @@ -396,7 +397,7 @@ static int des_ede3_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (inl >= EVP_MAXCHUNK || inl % 8) return -1; - if (ossl_is_partially_overlapping(out, in, inl)) { + if (ossl_is_partially_overlapping(out, in, (int)inl)) { ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING); return 0; } diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c index 183ecefcec6..d64ba8ead26 100644 --- a/crypto/evp/e_rc4_hmac_md5.c +++ b/crypto/evp/e_rc4_hmac_md5.c @@ -106,8 +106,8 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, blocks *= MD5_CBLOCK; rc4_off += blocks; md5_off += blocks; - key->md.Nh += blocks >> 29; - key->md.Nl += blocks <<= 3; + key->md.Nh += (unsigned int)(blocks >> 29); + key->md.Nl += (unsigned int)(blocks <<= 3); if (key->md.Nl < (unsigned int)blocks) key->md.Nh++; } else { @@ -154,7 +154,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (l < key->md.Nl) key->md.Nh++; key->md.Nl = l; - key->md.Nh += blocks >> 29; + key->md.Nh += (unsigned int)(blocks >> 29); } else { md5_off = 0; rc4_off = 0; diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c index 9bbb9b43aa4..7b2680db34a 100644 --- a/crypto/evp/encode.c +++ b/crypto/evp/encode.c @@ -209,7 +209,7 @@ int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, if (inl != 0) memcpy(&(ctx->enc_data[0]), in, inl); ctx->num = inl; - *outl = total; + *outl = (int)total; return 1; } diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index eee00a07800..bcc507edfdc 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -1014,11 +1014,11 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, in, inl_); if (ossl_likely(ret)) { - if (soutl > INT_MAX) { + if (ossl_unlikely(soutl > INT_MAX)) { ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR); return 0; } - *outl = soutl; + *outl = (int)soutl; } return ret; @@ -1078,7 +1078,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR); return 0; } - *outl = soutl; + *outl = (int)soutl; } return ret; @@ -1161,11 +1161,11 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, in, inl_); if (ossl_likely(ret)) { - if (soutl > INT_MAX) { + if (ossl_unlikely(soutl > INT_MAX)) { ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR); return 0; } - *outl = soutl; + *outl = (int)soutl; } return ret; @@ -1300,7 +1300,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR); return 0; } - *outl = soutl; + *outl = (int)soutl; } return ret; @@ -1534,7 +1534,9 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params); if (ret <= 0) goto end; - return sz; + if (sz > INT_MAX) + return 0; + return (int)sz; #ifndef OPENSSL_NO_RC2 case EVP_CTRL_GET_RC2_KEY_BITS: set_params = 0; /* Fall thru */ @@ -1554,9 +1556,9 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE, &sz); params[1] = OSSL_PARAM_construct_end(); ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params); - if (ret <= 0) + if (ret <= 0 || sz > INT_MAX) return 0; - return sz; + return (int)sz; case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD: { EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *p = (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *)ptr; @@ -1578,9 +1580,9 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, &p->interleave); params[2] = OSSL_PARAM_construct_end(); ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params); - if (ret <= 0) + if (ret <= 0 || sz > INT_MAX) return 0; - return sz; + return (int)sz; } case EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT: { EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *p = @@ -1601,9 +1603,9 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN, &sz); params[1] = OSSL_PARAM_construct_end(); ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params); - if (ret <= 0) + if (ret <= 0 || sz > INT_MAX) return 0; - return sz; + return (int)sz; } #endif /* OPENSSL_NO_MULTIBLOCK */ case EVP_CTRL_AEAD_SET_MAC_KEY: diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 6c44b845c99..c99d847974f 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -344,9 +344,9 @@ int evp_cipher_cache_constants(EVP_CIPHER *cipher) params[10] = OSSL_PARAM_construct_end(); ok = evp_do_ciph_getparams(cipher, params) > 0; if (ok) { - cipher->block_size = blksz; - cipher->iv_len = ivlen; - cipher->key_len = keylen; + cipher->block_size = (int)blksz; + cipher->iv_len = (int)ivlen; + cipher->key_len = (int)keylen; cipher->flags = mode; if (aead) cipher->flags |= EVP_CIPH_FLAG_AEAD_CIPHER; @@ -1057,10 +1057,10 @@ int EVP_MD_CTX_get_size_ex(const EVP_MD_CTX *ctx) */ params[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_SIZE, &sz); if (EVP_MD_CTX_get_params(c, params) != 1 - || sz == SIZE_MAX + || sz > INT_MAX || sz == 0) return -1; - return sz; + return (int)sz; } /* Normal digests have a constant fixed size output */ return EVP_MD_get_size(EVP_MD_CTX_get0_md(ctx)); @@ -1361,7 +1361,7 @@ int EVP_CIPHER_CTX_get_algor(EVP_CIPHER_CTX *ctx, X509_ALGOR **alg) ret = -2; goto err; } - if (alg != NULL) { + if (alg != NULL && aid_len <= LONG_MAX) { unsigned char *aid = NULL; const unsigned char *pp = NULL; @@ -1370,7 +1370,7 @@ int EVP_CIPHER_CTX_get_algor(EVP_CIPHER_CTX *ctx, X509_ALGOR **alg) pp = aid; if (EVP_CIPHER_CTX_get_params(ctx, params) && OSSL_PARAM_modified(¶ms[0]) - && d2i_X509_ALGOR(alg, &pp, aid_len) != NULL) + && d2i_X509_ALGOR(alg, &pp, (long)aid_len) != NULL) ret = 1; } OPENSSL_free(aid); @@ -1436,6 +1436,7 @@ int EVP_PKEY_CTX_get_algor_params(EVP_PKEY_CTX *ctx, X509_ALGOR *alg) if (OSSL_PARAM_modified(¶ms[0]) /* ... but, we should get a return size too! */ && derl != 0 + && derl <= LONG_MAX && (der = OPENSSL_malloc(derl)) != NULL) { unsigned char *derp = der; @@ -1443,7 +1444,7 @@ int EVP_PKEY_CTX_get_algor_params(EVP_PKEY_CTX *ctx, X509_ALGOR *alg) if (EVP_PKEY_CTX_get_params(ctx, params) && OSSL_PARAM_modified(¶ms[0]) && d2i_ASN1_TYPE(&type, (const unsigned char **)&derp, - derl) != NULL) { + (long)derl) != NULL) { /* * Don't free alg->parameter, see comment further up. * Worst case, alg->parameter gets assigned its own value. @@ -1477,7 +1478,7 @@ int EVP_PKEY_CTX_get_algor(EVP_PKEY_CTX *ctx, X509_ALGOR **alg) ret = -2; goto err; } - if (alg != NULL) { + if (alg != NULL && aid_len <= LONG_MAX) { unsigned char *aid = NULL; const unsigned char *pp = NULL; @@ -1486,7 +1487,7 @@ int EVP_PKEY_CTX_get_algor(EVP_PKEY_CTX *ctx, X509_ALGOR **alg) pp = aid; if (EVP_PKEY_CTX_get_params(ctx, params) && OSSL_PARAM_modified(¶ms[0]) - && d2i_X509_ALGOR(alg, &pp, aid_len) != NULL) + && d2i_X509_ALGOR(alg, &pp, (long)aid_len) != NULL) ret = 1; } OPENSSL_free(aid); diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c index 5478dfcd3b6..101b32a7711 100644 --- a/crypto/evp/evp_pbe.c +++ b/crypto/evp/evp_pbe.c @@ -122,7 +122,7 @@ int EVP_PBE_CipherInit_ex(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, if (pass == NULL) passlen = 0; else if (passlen == -1) - passlen = strlen(pass); + passlen = (int)strlen(pass); if (cipher_nid != -1) { (void)ERR_set_mark(); diff --git a/crypto/evp/evp_rand.c b/crypto/evp/evp_rand.c index 37c519592f0..45d46db7341 100644 --- a/crypto/evp/evp_rand.c +++ b/crypto/evp/evp_rand.c @@ -723,7 +723,7 @@ size_t evp_rand_get_seed(EVP_RAND_CTX *ctx, int prediction_resistance, const unsigned char *adin, size_t adin_len) { - int res; + size_t res; if (!evp_rand_lock(ctx)) return 0; diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index d5df497da77..b24a7451df4 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -717,7 +717,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, vctx = 0; if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) { if (vctx) { - r = pctx->pmeth->verifyctx(pctx, sig, siglen, ctx); + r = pctx->pmeth->verifyctx(pctx, sig, (int)siglen, ctx); ctx->flags |= EVP_MD_CTX_FLAG_FINALISED; } else r = EVP_DigestFinal_ex(ctx, md, &mdlen); @@ -731,7 +731,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, } if (vctx) r = tmp_ctx->pctx->pmeth->verifyctx(tmp_ctx->pctx, - sig, siglen, tmp_ctx); + sig, (int)siglen, tmp_ctx); else r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen); EVP_MD_CTX_free(tmp_ctx); diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c index eb8fbc09fb2..f7045407e70 100644 --- a/crypto/evp/p5_crpt.c +++ b/crypto/evp/p5_crpt.c @@ -75,7 +75,7 @@ int PKCS5_PBE_keyivgen_ex(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, if (pass == NULL) passlen = 0; else if (passlen == -1) - passlen = strlen(pass); + passlen = (int)strlen(pass); mdsize = EVP_MD_get_size(md); if (mdsize <= 0) diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index 35617390233..42a8e684cd9 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -36,7 +36,7 @@ int ossl_pkcs5_pbkdf2_hmac_ex(const char *pass, int passlen, pass = empty; passlen = 0; } else if (passlen == -1) { - passlen = strlen(pass); + passlen = (int)strlen(pass); } if (salt == NULL && saltlen == 0) salt = (unsigned char *)empty; diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 09c36b944db..2d741b2378e 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -1450,7 +1450,7 @@ int EVP_PKEY_set1_encoded_public_key(EVP_PKEY *pkey, const unsigned char *pub, if (publen > INT_MAX) return 0; /* Historically this function was EVP_PKEY_set1_tls_encodedpoint */ - if (evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_SET1_TLS_ENCPT, publen, + if (evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_SET1_TLS_ENCPT, (int)publen, (void *)pub) <= 0) return 0; return 1; @@ -1679,7 +1679,7 @@ static void find_ameth(const char *name, void *data) */ ERR_set_mark(); - if (pkey_set_type(NULL, NULL, EVP_PKEY_NONE, name, strlen(name), + if (pkey_set_type(NULL, NULL, EVP_PKEY_NONE, name, (int)strlen(name), NULL)) { if (str[0] == NULL) str[0] = name; diff --git a/crypto/evp/p_open.c b/crypto/evp/p_open.c index 8630553e796..fa3966a95d4 100644 --- a/crypto/evp/p_open.c +++ b/crypto/evp/p_open.c @@ -48,7 +48,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, if (EVP_PKEY_decrypt(pctx, key, &keylen, ek, ekl) <= 0) goto err; - if (EVP_CIPHER_CTX_set_key_length(ctx, keylen) <= 0 + if (EVP_CIPHER_CTX_set_key_length(ctx, (int)keylen) <= 0 || !EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv)) goto err; diff --git a/crypto/evp/p_sign.c b/crypto/evp/p_sign.c index e5555281a6b..cc26e7cf556 100644 --- a/crypto/evp/p_sign.c +++ b/crypto/evp/p_sign.c @@ -57,7 +57,7 @@ int EVP_SignFinal_ex(EVP_MD_CTX *ctx, unsigned char *sigret, goto err; if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) goto err; - *siglen = sltmp; + *siglen = (unsigned int)sltmp; i = 1; err: EVP_PKEY_CTX_free(pkctx); diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 08c0d6a7b2b..e2819bf8269 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -662,7 +662,7 @@ const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx) idx -= OSSL_NELEM(standard_methods); if (idx >= (size_t)sk_EVP_PKEY_METHOD_num(app_pkey_methods)) return NULL; - return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx); + return sk_EVP_PKEY_METHOD_value(app_pkey_methods, (int)idx); } #endif @@ -1604,7 +1604,7 @@ int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str) len = strlen(str); if (len > INT_MAX) return -1; - return ctx->pmeth->ctrl(ctx, cmd, len, (void *)str); + return ctx->pmeth->ctrl(ctx, cmd, (int)len, (void *)str); } int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex) diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c index f6dc57fc998..41ccda46456 100644 --- a/crypto/ffc/ffc_params_generate.c +++ b/crypto/ffc/ffc_params_generate.c @@ -556,7 +556,7 @@ int ossl_ffc_params_FIPS186_4_gen_verify(OSSL_LIB_CTX *libctx, if (N == 0) N = mdsize * 8; - qsize = N >> 3; + qsize = (int)(N >> 3); /* * A.1.1.2 Step (1) AND @@ -660,7 +660,7 @@ int ossl_ffc_params_FIPS186_4_gen_verify(OSSL_LIB_CTX *libctx, } /* A.1.1.2 Step (11): max loop count = 4L - 1 */ - counter = 4 * L - 1; + counter = (int)(4 * L - 1); /* Validation requires the counter to be supplied */ if (verify) { /* A.1.1.3 Step (4) : if (counter > (4L -1)) return INVALID */ @@ -676,10 +676,10 @@ int ossl_ffc_params_FIPS186_4_gen_verify(OSSL_LIB_CTX *libctx, * A.1.1.3 Step (10) * n = floor(L / hash_outlen) - 1 */ - n = (L - 1) / (mdsize << 3); + n = (int)((L - 1) / (mdsize << 3)); /* Calculate 2^(L-1): Used in step A.1.1.2 Step (11.3) */ - if (!BN_lshift(test, BN_value_one(), L - 1)) + if (!BN_lshift(test, BN_value_one(), (int)(L - 1))) goto err; for (;;) { @@ -697,7 +697,7 @@ int ossl_ffc_params_FIPS186_4_gen_verify(OSSL_LIB_CTX *libctx, goto err; memcpy(seed_tmp, seed, seedlen); - r = generate_p(ctx, md, counter, n, seed_tmp, seedlen, q, p, L, + r = generate_p(ctx, md, counter, n, seed_tmp, seedlen, q, p, (int)L, cb, &pcounter, res); if (r > 0) break; /* found p */ @@ -898,7 +898,7 @@ int ossl_ffc_params_FIPS186_2_gen_verify(OSSL_LIB_CTX *libctx, if (test == NULL) goto err; - if (!BN_lshift(test, BN_value_one(), L - 1)) + if (!BN_lshift(test, BN_value_one(), (int)(L - 1))) goto err; if (!verify) { @@ -944,8 +944,8 @@ int ossl_ffc_params_FIPS186_2_gen_verify(OSSL_LIB_CTX *libctx, goto err; /* step 6 */ - n = (L - 1) / 160; - counter = 4 * L - 1; /* Was 4096 */ + n = (int)((L - 1) / 160); + counter = (int)(4 * L - 1); /* Was 4096 */ /* Validation requires the counter to be supplied */ if (verify) { if (params->pcounter > counter) { @@ -955,7 +955,7 @@ int ossl_ffc_params_FIPS186_2_gen_verify(OSSL_LIB_CTX *libctx, counter = params->pcounter; } - rv = generate_p(ctx, md, counter, n, buf, qsize, q, p, L, cb, + rv = generate_p(ctx, md, counter, n, buf, qsize, q, p, (int)L, cb, &pcounter, res); if (rv > 0) break; /* found it */ diff --git a/crypto/hpke/hpke.c b/crypto/hpke/hpke.c index 8dca5584cbc..cdf903b3a96 100644 --- a/crypto/hpke/hpke.c +++ b/crypto/hpke/hpke.c @@ -149,7 +149,8 @@ static int hpke_aead_dec(OSSL_HPKE_CTX *hctx, const unsigned char *iv, size_t taglen; taglen = hctx->aead_info->taglen; - if (ctlen <= taglen || *ptlen < ctlen - taglen) { + if (ctlen <= taglen || *ptlen < ctlen - taglen + || aadlen > INT_MAX || ctlen > INT_MAX) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_INVALID_ARGUMENT); return 0; } @@ -162,7 +163,7 @@ static int hpke_aead_dec(OSSL_HPKE_CTX *hctx, const unsigned char *iv, goto err; } if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, - hctx->noncelen, NULL) != 1) { + (int)hctx->noncelen, NULL) != 1) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); goto err; } @@ -173,18 +174,18 @@ static int hpke_aead_dec(OSSL_HPKE_CTX *hctx, const unsigned char *iv, } /* Provide AAD. */ if (aadlen != 0 && aad != NULL) { - if (EVP_DecryptUpdate(ctx, NULL, &len, aad, aadlen) != 1) { + if (EVP_DecryptUpdate(ctx, NULL, &len, aad, (int)aadlen) != 1) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); goto err; } } - if (EVP_DecryptUpdate(ctx, pt, &len, ct, ctlen - taglen) != 1) { + if (EVP_DecryptUpdate(ctx, pt, &len, ct, (int)(ctlen - taglen)) != 1) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); goto err; } *ptlen = len; if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, - taglen, (void *)(ct + ctlen - taglen))) { + (int)taglen, (void *)(ct + ctlen - taglen))) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); goto err; } @@ -226,7 +227,8 @@ static int hpke_aead_enc(OSSL_HPKE_CTX *hctx, const unsigned char *iv, unsigned char tag[EVP_MAX_AEAD_TAG_LENGTH]; taglen = hctx->aead_info->taglen; - if (*ctlen <= taglen || ptlen > *ctlen - taglen) { + if (*ctlen <= taglen || ptlen > *ctlen - taglen + || aadlen > INT_MAX || ptlen > INT_MAX) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_INVALID_ARGUMENT); return 0; } @@ -243,7 +245,7 @@ static int hpke_aead_enc(OSSL_HPKE_CTX *hctx, const unsigned char *iv, goto err; } if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, - hctx->noncelen, NULL) != 1) { + (int)hctx->noncelen, NULL) != 1) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); goto err; } @@ -254,12 +256,12 @@ static int hpke_aead_enc(OSSL_HPKE_CTX *hctx, const unsigned char *iv, } /* Provide any AAD data. */ if (aadlen != 0 && aad != NULL) { - if (EVP_EncryptUpdate(ctx, NULL, &len, aad, aadlen) != 1) { + if (EVP_EncryptUpdate(ctx, NULL, &len, aad, (int)aadlen) != 1) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); goto err; } } - if (EVP_EncryptUpdate(ctx, ct, &len, pt, ptlen) != 1) { + if (EVP_EncryptUpdate(ctx, ct, &len, pt, (int)ptlen) != 1) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); goto err; } @@ -271,7 +273,7 @@ static int hpke_aead_enc(OSSL_HPKE_CTX *hctx, const unsigned char *iv, } *ctlen += len; /* Get tag. Not a duplicate so needs to be added to the ciphertext */ - if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag) != 1) { + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, (int)taglen, tag) != 1) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); goto err; } diff --git a/crypto/hpke/hpke_util.c b/crypto/hpke/hpke_util.c index a9d86a93559..2857b096a31 100644 --- a/crypto/hpke/hpke_util.c +++ b/crypto/hpke/hpke_util.c @@ -193,7 +193,7 @@ const OSSL_HPKE_KEM_INFO *ossl_HPKE_KEM_INFO_find_random(OSSL_LIB_CTX *ctx) { uint32_t rval = 0; int err = 0; - size_t sz = OSSL_NELEM(hpke_kem_tab); + uint32_t sz = OSSL_NELEM(hpke_kem_tab); rval = ossl_rand_uniform_uint32(ctx, sz, &err); return (err == 1 ? NULL : &hpke_kem_tab[rval]); @@ -215,7 +215,7 @@ const OSSL_HPKE_KDF_INFO *ossl_HPKE_KDF_INFO_find_random(OSSL_LIB_CTX *ctx) { uint32_t rval = 0; int err = 0; - size_t sz = OSSL_NELEM(hpke_kdf_tab); + uint32_t sz = OSSL_NELEM(hpke_kdf_tab); rval = ossl_rand_uniform_uint32(ctx, sz, &err); return (err == 1 ? NULL : &hpke_kdf_tab[rval]); @@ -238,7 +238,7 @@ const OSSL_HPKE_AEAD_INFO *ossl_HPKE_AEAD_INFO_find_random(OSSL_LIB_CTX *ctx) uint32_t rval = 0; int err = 0; /* the minus 1 below is so we don't pick the EXPORTONLY codepoint */ - size_t sz = OSSL_NELEM(hpke_aead_tab) - 1; + uint32_t sz = OSSL_NELEM(hpke_aead_tab) - 1; rval = ossl_rand_uniform_uint32(ctx, sz, &err); return (err == 1 ? NULL : &hpke_aead_tab[rval]); diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c index dea69ffc64d..463c595b023 100644 --- a/crypto/http/http_client.c +++ b/crypto/http/http_client.c @@ -647,7 +647,7 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx) if (rctx->state == OHS_WRITE_HDR1) rctx->state = OHS_WRITE_HDR; rctx->pos += sz; - rctx->len_to_send -= sz; + rctx->len_to_send -= (long)sz; goto next_io; } if (rctx->state == OHS_WRITE_HDR) { @@ -1402,6 +1402,8 @@ static char *base64encode(const void *buf, size_t len) size_t outl; char *out; + if (len > INT_MAX) + return 0; /* Calculate size of encoded data */ outl = (len / 3); if (len % 3 > 0) @@ -1411,7 +1413,7 @@ static char *base64encode(const void *buf, size_t len) if (out == NULL) return 0; - i = EVP_EncodeBlock((unsigned char *)out, buf, len); + i = EVP_EncodeBlock((unsigned char *)out, buf, (int)len); if (!ossl_assert(0 <= i && (size_t)i <= outl)) { OPENSSL_free(out); return NULL; diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c index e8700ebaa42..b8489607ffa 100644 --- a/crypto/mem_sec.c +++ b/crypto/mem_sec.c @@ -656,8 +656,8 @@ static void *sh_malloc(size_t size) char *temp = sh.freelist[slist]; /* remove from bigger list */ - OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc)); - sh_clearbit(temp, slist, sh.bittable); + OPENSSL_assert(!sh_testbit(temp, (int)slist, sh.bitmalloc)); + sh_clearbit(temp, (int)slist, sh.bittable); sh_remove_from_list(temp); OPENSSL_assert(temp != sh.freelist[slist]); @@ -665,25 +665,25 @@ static void *sh_malloc(size_t size) slist++; /* add to smaller list */ - OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc)); - sh_setbit(temp, slist, sh.bittable); + OPENSSL_assert(!sh_testbit(temp, (int)slist, sh.bitmalloc)); + sh_setbit(temp, (int)slist, sh.bittable); sh_add_to_list(&sh.freelist[slist], temp); OPENSSL_assert(sh.freelist[slist] == temp); /* split in 2 */ temp += sh.arena_size >> slist; - OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc)); - sh_setbit(temp, slist, sh.bittable); + OPENSSL_assert(!sh_testbit(temp, (int)slist, sh.bitmalloc)); + sh_setbit(temp, (int)slist, sh.bittable); sh_add_to_list(&sh.freelist[slist], temp); OPENSSL_assert(sh.freelist[slist] == temp); - OPENSSL_assert(temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)); + OPENSSL_assert(temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, (int)slist)); } /* peel off memory to hand back */ chunk = sh.freelist[list]; - OPENSSL_assert(sh_testbit(chunk, list, sh.bittable)); - sh_setbit(chunk, list, sh.bitmalloc); + OPENSSL_assert(sh_testbit(chunk, (int)list, sh.bittable)); + sh_setbit(chunk, (int)list, sh.bitmalloc); sh_remove_from_list(chunk); OPENSSL_assert(WITHIN_ARENA(chunk)); @@ -706,19 +706,19 @@ static void sh_free(void *ptr) return; list = sh_getlist(ptr); - OPENSSL_assert(sh_testbit(ptr, list, sh.bittable)); - sh_clearbit(ptr, list, sh.bitmalloc); + OPENSSL_assert(sh_testbit(ptr, (int)list, sh.bittable)); + sh_clearbit(ptr, (int)list, sh.bitmalloc); sh_add_to_list(&sh.freelist[list], ptr); /* Try to coalesce two adjacent free areas. */ - while ((buddy = sh_find_my_buddy(ptr, list)) != NULL) { - OPENSSL_assert(ptr == sh_find_my_buddy(buddy, list)); + while ((buddy = sh_find_my_buddy(ptr, (int)list)) != NULL) { + OPENSSL_assert(ptr == sh_find_my_buddy(buddy, (int)list)); OPENSSL_assert(ptr != NULL); - OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc)); - sh_clearbit(ptr, list, sh.bittable); + OPENSSL_assert(!sh_testbit(ptr, (int)list, sh.bitmalloc)); + sh_clearbit(ptr, (int)list, sh.bittable); sh_remove_from_list(ptr); - OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc)); - sh_clearbit(buddy, list, sh.bittable); + OPENSSL_assert(!sh_testbit(ptr, (int)list, sh.bitmalloc)); + sh_clearbit(buddy, (int)list, sh.bittable); sh_remove_from_list(buddy); list--; @@ -728,8 +728,8 @@ static void sh_free(void *ptr) if (ptr > buddy) ptr = buddy; - OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc)); - sh_setbit(ptr, list, sh.bittable); + OPENSSL_assert(!sh_testbit(ptr, (int)list, sh.bitmalloc)); + sh_setbit(ptr, (int)list, sh.bittable); sh_add_to_list(&sh.freelist[list], ptr); OPENSSL_assert(sh.freelist[list] == ptr); } @@ -742,7 +742,7 @@ static size_t sh_actual_size(char *ptr) OPENSSL_assert(WITHIN_ARENA(ptr)); if (!WITHIN_ARENA(ptr)) return 0; - list = sh_getlist(ptr); + list = (int)sh_getlist(ptr); OPENSSL_assert(sh_testbit(ptr, list, sh.bittable)); return sh.arena_size / (ONE << list); } diff --git a/crypto/ml_dsa/ml_dsa_encoders.c b/crypto/ml_dsa/ml_dsa_encoders.c index 7d8012efcaf..2dca3ae060a 100644 --- a/crypto/ml_dsa/ml_dsa_encoders.c +++ b/crypto/ml_dsa/ml_dsa_encoders.c @@ -836,7 +836,7 @@ int ossl_ml_dsa_sk_decode(ML_DSA_KEY *key, const uint8_t *in, size_t in_len) */ static int hint_bits_encode(const VECTOR *hint, WPACKET *pkt, uint32_t omega) { - int i, j, k = hint->num_poly; + int i, j, k = (int)hint->num_poly; size_t coeff_index = 0; POLY *p = hint->poly; uint8_t *data; diff --git a/crypto/ml_dsa/ml_dsa_key.c b/crypto/ml_dsa/ml_dsa_key.c index d1b07570f38..0deeb7f6bb2 100644 --- a/crypto/ml_dsa/ml_dsa_key.c +++ b/crypto/ml_dsa/ml_dsa_key.c @@ -312,7 +312,7 @@ static int public_from_private(const ML_DSA_KEY *key, EVP_MD_CTX *md_ctx, VECTOR *t1, VECTOR *t0) { const ML_DSA_PARAMS *params = key->params; - uint32_t k = params->k, l = params->l; + uint32_t k = (uint32_t)params->k, l = (uint32_t)params->l; POLY *polys; MATRIX a_ntt; VECTOR s1_ntt; @@ -374,7 +374,7 @@ int ossl_ml_dsa_key_pairwise_check(const ML_DSA_KEY *key) int ret = 0; VECTOR t1, t0; POLY *polys = NULL; - uint32_t k = key->params->k; + uint32_t k = (uint32_t)key->params->k; EVP_MD_CTX *md_ctx = NULL; if (key->pub_encoding == NULL || key->priv_encoding == 0) diff --git a/crypto/ml_dsa/ml_dsa_sign.c b/crypto/ml_dsa/ml_dsa_sign.c index cb375f698c3..dd67ef5cc3b 100644 --- a/crypto/ml_dsa/ml_dsa_sign.c +++ b/crypto/ml_dsa/ml_dsa_sign.c @@ -160,7 +160,7 @@ static int ml_dsa_sign_internal(const ML_DSA_KEY *priv, int ret = 0; const ML_DSA_PARAMS *params = priv->params; EVP_MD_CTX *md_ctx = NULL; - uint32_t k = params->k, l = params->l; + uint32_t k = (uint32_t)params->k, l = (uint32_t)params->l; uint32_t gamma1 = params->gamma1, gamma2 = params->gamma2; uint8_t *alloc = NULL, *w1_encoded; size_t alloc_len, w1_encoded_len; @@ -241,7 +241,7 @@ static int ml_dsa_sign_internal(const ML_DSA_KEY *priv, VECTOR *ct0 = &w1; uint32_t z_max, r0_max, ct0_max, h_ones; - vector_expand_mask(&y, rho_prime, sizeof(rho_prime), kappa, + vector_expand_mask(&y, rho_prime, sizeof(rho_prime), (uint32_t)kappa, gamma1, md_ctx, priv->shake256_md); vector_copy(y_ntt, &y); vector_ntt(y_ntt); @@ -256,7 +256,7 @@ static int ml_dsa_sign_internal(const ML_DSA_KEY *priv, w1_encoded, w1_encoded_len, c_tilde, c_tilde_len)) break; - if (!poly_sample_in_ball_ntt(c_ntt, c_tilde, c_tilde_len, + if (!poly_sample_in_ball_ntt(c_ntt, c_tilde, (int)c_tilde_len, md_ctx, priv->shake256_md, params->tau)) break; @@ -286,7 +286,7 @@ static int ml_dsa_sign_internal(const ML_DSA_KEY *priv, vector_make_hint(ct0, &cs2, &w, gamma2, &sig.hint); ct0_max = vector_max(ct0); - h_ones = vector_count_ones(&sig.hint); + h_ones = (uint32_t)vector_count_ones(&sig.hint); /* Same reasoning applies to the leak as above */ if (value_barrier_32(constant_time_ge(ct0_max, gamma2) | constant_time_lt(params->omega, h_ones))) @@ -326,8 +326,8 @@ static int ml_dsa_verify_internal(const ML_DSA_KEY *pub, VECTOR az_ntt, ct1_ntt, *z_ntt, *w1, *w_approx; ML_DSA_SIG sig; const ML_DSA_PARAMS *params = pub->params; - uint32_t k = pub->params->k; - uint32_t l = pub->params->l; + uint32_t k = (uint32_t)pub->params->k; + uint32_t l = (uint32_t)pub->params->l; uint32_t gamma2 = params->gamma2; size_t w1_encoded_len; size_t num_polys_sig = k + l; @@ -375,7 +375,7 @@ static int ml_dsa_verify_internal(const ML_DSA_KEY *pub, goto err; /* Compute verifiers challenge c_ntt = NTT(SampleInBall(c_tilde)) */ - if (!poly_sample_in_ball_ntt(c_ntt, c_tilde_sig, c_tilde_len, + if (!poly_sample_in_ball_ntt(c_ntt, c_tilde_sig, (int)c_tilde_len, md_ctx, pub->shake256_md, params->tau)) goto err; diff --git a/crypto/modes/wrap128.c b/crypto/modes/wrap128.c index a9622c16bd7..98d2f10e312 100644 --- a/crypto/modes/wrap128.c +++ b/crypto/modes/wrap128.c @@ -196,7 +196,7 @@ size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv, const size_t padding_len = padded_len - inlen; /* RFC 5649 section 3: Alternative Initial Value */ unsigned char aiv[8]; - int ret; + size_t ret; /* Section 1: use 32-bit fixed field for plaintext octet length */ if (inlen == 0 || inlen >= CRYPTO128_WRAP_MAX) diff --git a/crypto/o_fopen.c b/crypto/o_fopen.c index cee4eee8a9e..f253df42913 100644 --- a/crypto/o_fopen.c +++ b/crypto/o_fopen.c @@ -71,7 +71,7 @@ FILE *openssl_fopen(const char *filename, const char *mode) if (MultiByteToWideChar(CP_UTF8, flags, filename, len_0, wfilename, sz) && - MultiByteToWideChar(CP_UTF8, 0, mode, strlen(mode) + 1, + MultiByteToWideChar(CP_UTF8, 0, mode, (int)(strlen(mode) + 1), wmode, OSSL_NELEM(wmode)) && (file = _wfopen(wfilename, wmode)) == NULL && (errno == ENOENT || errno == EBADF) diff --git a/crypto/o_str.c b/crypto/o_str.c index 93af73561f9..c8333cc4a92 100644 --- a/crypto/o_str.c +++ b/crypto/o_str.c @@ -22,12 +22,15 @@ char *CRYPTO_strdup(const char *str, const char* file, int line) { char *ret; + size_t len; if (str == NULL) return NULL; - ret = CRYPTO_malloc(strlen(str) + 1, file, line); + + len = strlen(str) + 1; + ret = CRYPTO_malloc(len, file, line); if (ret != NULL) - strcpy(ret, str); + memcpy(ret, str, len); return ret; } diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index 8bc4fa8ec2d..380e47c8c86 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -576,7 +576,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) bndec = BN_bn2dec(bl); if (!bndec) goto err; - i = strlen(bndec); + i = (int)strlen(bndec); if (buf != NULL) { if (buf_len > 1) { *buf++ = '.'; @@ -597,7 +597,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) OPENSSL_free(bndec); } else { BIO_snprintf(tbuf, sizeof(tbuf), ".%lu", l); - i = strlen(tbuf); + i = (int)strlen(tbuf); if (buf && buf_len > 0) { OPENSSL_strlcpy(buf, tbuf, buf_len); if (i > buf_len) { diff --git a/crypto/packet.c b/crypto/packet.c index 6a43b35655f..85c05173c2c 100644 --- a/crypto/packet.c +++ b/crypto/packet.c @@ -236,7 +236,7 @@ static int put_quic_value(unsigned char *data, size_t value, size_t len) if (ossl_quic_vlint_encode_len(value) > len) return 0; - ossl_quic_vlint_encode_n(data, value, len); + ossl_quic_vlint_encode_n(data, value, (int)len); return 1; } #endif diff --git a/crypto/param_build.c b/crypto/param_build.c index 3294045156f..6d4e818f8f7 100644 --- a/crypto/param_build.c +++ b/crypto/param_build.c @@ -331,9 +331,9 @@ static OSSL_PARAM *param_bld_convert(OSSL_PARAM_BLD *bld, OSSL_PARAM *param, if (pd->bn != NULL) { /* BIGNUM */ if (pd->type == OSSL_PARAM_UNSIGNED_INTEGER) - BN_bn2nativepad(pd->bn, (unsigned char *)p, pd->size); + BN_bn2nativepad(pd->bn, (unsigned char *)p, (int)pd->size); else - BN_signed_bn2native(pd->bn, (unsigned char *)p, pd->size); + BN_signed_bn2native(pd->bn, (unsigned char *)p, (int)pd->size); } else if (pd->type == OSSL_PARAM_OCTET_PTR || pd->type == OSSL_PARAM_UTF8_PTR) { /* PTR */ diff --git a/crypto/params.c b/crypto/params.c index 01aff0739b1..f3d86ca6da7 100644 --- a/crypto/params.c +++ b/crypto/params.c @@ -1143,13 +1143,13 @@ int OSSL_PARAM_set_BN(OSSL_PARAM *p, const BIGNUM *val) switch (p->data_type) { case OSSL_PARAM_UNSIGNED_INTEGER: - if (BN_bn2nativepad(val, p->data, p->data_size) < 0) { + if (BN_bn2nativepad(val, p->data, (int)p->data_size) < 0) { ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_INTEGER_OVERFLOW); return 0; } break; case OSSL_PARAM_INTEGER: - if (BN_signed_bn2native(val, p->data, p->data_size) < 0) { + if (BN_signed_bn2native(val, p->data, (int)p->data_size) < 0) { ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_INTEGER_OVERFLOW); return 0; } diff --git a/crypto/params_from_text.c b/crypto/params_from_text.c index fb25400dc12..ff3b1c86deb 100644 --- a/crypto/params_from_text.c +++ b/crypto/params_from_text.c @@ -151,7 +151,7 @@ static int construct_from_text(OSSL_PARAM *to, const OSSL_PARAM *paramdef, } */ - BN_bn2nativepad(tmpbn, buf, buf_n); + BN_bn2nativepad(tmpbn, buf, (int)buf_n); /* * 2's complement negation, part two. @@ -271,14 +271,14 @@ int OSSL_PARAM_print_to_bio(const OSSL_PARAM *p, BIO *bio, int print_values) } break; case OSSL_PARAM_UTF8_PTR: - ok = BIO_dump(bio, p->data, p->data_size); + ok = BIO_dump(bio, p->data, (int)p->data_size); break; case OSSL_PARAM_UTF8_STRING: - ok = BIO_dump(bio, (char *)p->data, p->data_size); + ok = BIO_dump(bio, (char *)p->data, (int)p->data_size); break; case OSSL_PARAM_OCTET_PTR: case OSSL_PARAM_OCTET_STRING: - ok = BIO_dump(bio, (char *)p->data, p->data_size); + ok = BIO_dump(bio, (char *)p->data, (int)p->data_size); break; #ifndef OPENSSL_SYS_UEFI case OSSL_PARAM_REAL: diff --git a/crypto/passphrase.c b/crypto/passphrase.c index 563c5acd1e5..fa84b6d664f 100644 --- a/crypto/passphrase.c +++ b/crypto/passphrase.c @@ -152,7 +152,7 @@ static int do_ui_passphrase(char *pass, size_t pass_size, size_t *pass_len, prompt_idx = UI_add_input_string(ui, prompt, UI_INPUT_FLAG_DEFAULT_PWD, - ipass, 0, pass_size) - 1; + ipass, 0, (int)pass_size) - 1; if (prompt_idx < 0) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_UI_LIB); goto end; @@ -165,7 +165,7 @@ static int do_ui_passphrase(char *pass, size_t pass_size, size_t *pass_len, goto end; verify_idx = UI_add_verify_string(ui, prompt, UI_INPUT_FLAG_DEFAULT_PWD, - vpass, 0, pass_size, + vpass, 0, (int)pass_size, ipass) - 1; if (verify_idx < 0) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_UI_LIB); diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 4f0a0049a48..52da6991de3 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -38,7 +38,7 @@ int PEM_def_callback(char *buf, int num, int rwflag, void *userdata) /* We assume that the user passes a default password as userdata */ if (userdata) { - i = strlen(userdata); + i = (int)strlen(userdata); i = (i > num) ? num : i; memcpy(buf, userdata, i); return i; @@ -63,7 +63,7 @@ int PEM_def_callback(char *buf, int num, int rwflag, void *userdata) memset(buf, 0, (unsigned int)num); return -1; } - return strlen(buf); + return (int)strlen(buf); } void PEM_proc_type(char *buf, int type) @@ -87,7 +87,7 @@ void PEM_dek_info(char *buf, const char *type, int len, const char *str) { long i; char *p = buf + strlen(buf); - int j = PEM_BUFSIZE - (size_t)(p - buf), n; + int j = PEM_BUFSIZE - (int)(p - buf), n; n = BIO_snprintf(p, j, "DEK-Info: %s,", type); if (n > 0) { @@ -646,7 +646,7 @@ int PEM_write_bio(BIO *bp, const char *name, const char *header, } EVP_EncodeInit(ctx); - nlen = strlen(name); + nlen = (int)strlen(name); if ((BIO_write(bp, "-----BEGIN ", 11) != 11) || (BIO_write(bp, name, nlen) != nlen) || @@ -655,7 +655,7 @@ int PEM_write_bio(BIO *bp, const char *name, const char *header, goto err; } - i = header != NULL ? strlen(header) : 0; + i = header != NULL ? (int)strlen(header) : 0; if (i > 0) { if ((BIO_write(bp, header, i) != i) || (BIO_write(bp, "\n", 1) != 1)) { reason = ERR_R_BIO_LIB; @@ -978,7 +978,11 @@ int PEM_read_bio_ex(BIO *bp, char **name_out, char **header, goto end; BIO_get_mem_ptr(dataB, &buf_mem); - len = buf_mem->length; + if (buf_mem->length > INT_MAX) { + ERR_raise(ERR_LIB_PEM, PEM_R_BAD_BASE64_DECODE); + goto end; + } + len = (int)buf_mem->length; /* There was no data in the PEM file */ if (len == 0) @@ -1044,9 +1048,10 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, int ossl_pem_check_suffix(const char *pem_str, const char *suffix) { - int pem_len = strlen(pem_str); - int suffix_len = strlen(suffix); + int pem_len = (int)strlen(pem_str); + int suffix_len = (int)strlen(suffix); const char *p; + if (suffix_len + 1 >= pem_len) return 0; p = pem_str + pem_len - suffix_len; @@ -1055,5 +1060,5 @@ int ossl_pem_check_suffix(const char *pem_str, const char *suffix) p--; if (*p != ' ') return 0; - return p - pem_str; + return (int)(p - pem_str); } diff --git a/crypto/pem/pem_local.h b/crypto/pem/pem_local.h index 5cc1c76fdbf..0e6d70c1430 100644 --- a/crypto/pem/pem_local.h +++ b/crypto/pem/pem_local.h @@ -55,7 +55,7 @@ if (kstr == NULL && cb == NULL) { \ if (u != NULL) { \ kstr = u; \ - klen = strlen(u); \ + klen = (int)strlen(u); \ } else { \ cb = PEM_def_callback; \ } \ diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c index 6e84f0afd05..1ec77afb3de 100644 --- a/crypto/pem/pem_pk8.c +++ b/crypto/pem/pem_pk8.c @@ -87,7 +87,7 @@ static int do_pk8pkey(BIO *bp, const EVP_PKEY *x, int isder, int nid, if (kstr == NULL && cb == NULL) { if (u != NULL) { kstr = u; - klen = strlen(u); + klen = (int)strlen(u); } else { cb = PEM_def_callback; } diff --git a/crypto/pkcs12/p12_utl.c b/crypto/pkcs12/p12_utl.c index a96623f19fb..ebeb59b9d8f 100644 --- a/crypto/pkcs12/p12_utl.c +++ b/crypto/pkcs12/p12_utl.c @@ -22,7 +22,7 @@ unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, unsigned char *unitmp; if (asclen == -1) - asclen = strlen(asc); + asclen = (int)strlen(asc); if (asclen < 0) return NULL; ulen = asclen * 2 + 2; @@ -82,7 +82,7 @@ unsigned char *OPENSSL_utf82uni(const char *asc, int asclen, unsigned long utf32chr = 0; if (asclen == -1) - asclen = strlen(asc); + asclen = (int)strlen(asc); for (ulen = 0, i = 0; i < asclen; i += j) { j = UTF8_getc((const unsigned char *)asc+i, asclen-i, &utf32chr); diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 9fa215a6284..0a6eb3674b5 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -175,7 +175,7 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0) goto err; - ASN1_STRING_set0(ri->enc_key, ek, eklen); + ASN1_STRING_set0(ri->enc_key, ek, (int)eklen); ek = NULL; ret = 1; @@ -221,7 +221,7 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, OPENSSL_clear_free(*pek, *peklen); *pek = ek; - *peklen = eklen; + *peklen = (int)eklen; err: EVP_PKEY_CTX_free(pctx); @@ -987,7 +987,7 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) EVP_MD_CTX_free(mctx); - ASN1_STRING_set0(si->enc_digest, abuf, siglen); + ASN1_STRING_set0(si->enc_digest, abuf, (int)siglen); return 1; diff --git a/crypto/property/property.c b/crypto/property/property.c index 4141c176030..a104e577401 100644 --- a/crypto/property/property.c +++ b/crypto/property/property.c @@ -574,9 +574,9 @@ void ossl_method_store_do_all(OSSL_METHOD_STORE *store, if (!ossl_property_read_lock(store)) return; - + tmpalgs = sk_ALGORITHM_new_reserve(NULL, - ossl_sa_ALGORITHM_num(store->algs)); + (int)ossl_sa_ALGORITHM_num(store->algs)); if (tmpalgs == NULL) { ossl_property_unlock(store); return; @@ -726,7 +726,7 @@ fin: #ifndef FIPS_MODULE OSSL_TRACE_BEGIN(QUERY) { char buf[512]; - int size; + size_t size; size = ossl_property_list_to_string(NULL, pq, buf, 512); BIO_printf(trc_out, "method store query with properties %s " diff --git a/crypto/punycode.c b/crypto/punycode.c index 68fc586e681..7f6542fd0ea 100644 --- a/crypto/punycode.c +++ b/crypto/punycode.c @@ -122,12 +122,15 @@ int ossl_punycode_decode(const char *pEncoded, const size_t enc_len, unsigned int n = initial_n; unsigned int i = 0; unsigned int bias = initial_bias; - size_t processed_in = 0, written_out = 0; + unsigned int processed_in = 0; + unsigned int written_out = 0; unsigned int max_out = *pout_length; unsigned int basic_count = 0; unsigned int loop; - for (loop = 0; loop < enc_len; loop++) { + if (enc_len >= UINT_MAX) + return 0; + for (loop = 0; loop < (unsigned int)enc_len; loop++) { if (pEncoded[loop] == delimiter) basic_count = loop; } @@ -146,7 +149,7 @@ int ossl_punycode_decode(const char *pEncoded, const size_t enc_len, processed_in = basic_count + 1; } - for (loop = processed_in; loop < enc_len;) { + for (loop = processed_in; loop < (unsigned int)enc_len;) { unsigned int oldi = i; unsigned int w = 1; unsigned int k, t; diff --git a/crypto/quic_vlint.c b/crypto/quic_vlint.c index 02389859631..af81739ff7a 100644 --- a/crypto/quic_vlint.c +++ b/crypto/quic_vlint.c @@ -29,7 +29,7 @@ void ossl_quic_vlint_encode_n(uint8_t *buf, uint64_t v, int n) void ossl_quic_vlint_encode(uint8_t *buf, uint64_t v) { - ossl_quic_vlint_encode_n(buf, v, ossl_quic_vlint_encode_len(v)); + ossl_quic_vlint_encode_n(buf, v, (int)ossl_quic_vlint_encode_len(v)); } uint64_t ossl_quic_vlint_decode_unchecked(const unsigned char *buf) @@ -75,7 +75,7 @@ int ossl_quic_vlint_decode(const unsigned char *buf, size_t buf_len, uint64_t *v x = ossl_quic_vlint_decode_unchecked(buf); *v = x; - return dec_len; + return (int)dec_len; } #endif diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 7cc434c71cb..fedb6ed92ae 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -225,7 +225,7 @@ int RAND_poll(void) if (meth->add == NULL || meth->add(ossl_rand_pool_buffer(pool), - ossl_rand_pool_length(pool), + (int)ossl_rand_pool_length(pool), (ossl_rand_pool_entropy(pool) / 8.0)) == 0) goto err; @@ -423,8 +423,12 @@ int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num, const RAND_METHOD *meth = RAND_get_rand_method(); if (meth != NULL && meth != RAND_OpenSSL()) { + if (num > INT_MAX) { + ERR_raise(ERR_LIB_RAND, RAND_R_ARGUMENT_OUT_OF_RANGE); + return -1; + } if (meth->bytes != NULL) - return meth->bytes(buf, num); + return meth->bytes(buf, (int)num); ERR_raise(ERR_LIB_RAND, RAND_R_FUNC_NOT_IMPLEMENTED); return -1; } @@ -462,8 +466,12 @@ int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num, const RAND_METHOD *meth = RAND_get_rand_method(); if (meth != NULL && meth != RAND_OpenSSL()) { + if (num > INT_MAX) { + ERR_raise(ERR_LIB_RAND, RAND_R_ARGUMENT_OUT_OF_RANGE); + return -1; + } if (meth->bytes != NULL) - return meth->bytes(buf, num); + return meth->bytes(buf, (int)num); ERR_raise(ERR_LIB_RAND, RAND_R_FUNC_NOT_IMPLEMENTED); return -1; } diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c index 9337b36dc8b..b6488e43da5 100644 --- a/crypto/rand/randfile.c +++ b/crypto/rand/randfile.c @@ -150,7 +150,7 @@ int RAND_load_file(const char *file, long bytes) n = (bytes <= RAND_LOAD_BUF_SIZE) ? (int)bytes : RAND_BUF_SIZE; else n = RAND_LOAD_BUF_SIZE; - i = fread(buf, 1, n, in); + i = (int)fread(buf, 1, n, in); #ifdef EINTR if (ferror(in) && errno == EINTR) { clearerr(in); @@ -258,7 +258,7 @@ int RAND_write_file(const char *file) chmod(file, 0600); #endif - ret = fwrite(buf, 1, RAND_BUF_SIZE, out); + ret = (int)fwrite(buf, 1, RAND_BUF_SIZE, out); fclose(out); OPENSSL_cleanse(buf, RAND_BUF_SIZE); return ret; diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 42b03fb2fd6..c2023528615 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -704,13 +704,13 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, const void *asn, if (alg1 != NULL) { const unsigned char *pp = aid; - if (d2i_X509_ALGOR(&alg1, &pp, aid_len) == NULL) + if (d2i_X509_ALGOR(&alg1, &pp, (long)aid_len) == NULL) return 0; } if (alg2 != NULL) { const unsigned char *pp = aid; - if (d2i_X509_ALGOR(&alg2, &pp, aid_len) == NULL) + if (d2i_X509_ALGOR(&alg2, &pp, (long)aid_len) == NULL) return 0; } diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c index 8f89f748e7a..da864f4c3bd 100644 --- a/crypto/rsa/rsa_pmeth.c +++ b/crypto/rsa/rsa_pmeth.c @@ -162,7 +162,7 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, unsigned int sltmp; if (rctx->pad_mode != RSA_PKCS1_PADDING) return -1; - ret = RSA_sign_ASN1_OCTET_STRING(0, tbs, tbslen, sig, &sltmp, rsa); + ret = RSA_sign_ASN1_OCTET_STRING(0, tbs, (int)tbslen, sig, &sltmp, rsa); if (ret <= 0) return ret; @@ -178,12 +178,12 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, } memcpy(rctx->tbuf, tbs, tbslen); rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_get_type(rctx->md)); - ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf, + ret = RSA_private_encrypt((int)(tbslen + 1), rctx->tbuf, sig, rsa, RSA_X931_PADDING); } else if (rctx->pad_mode == RSA_PKCS1_PADDING) { unsigned int sltmp; ret = RSA_sign(EVP_MD_get_type(rctx->md), - tbs, tbslen, sig, &sltmp, rsa); + tbs, (unsigned int)tbslen, sig, &sltmp, rsa); if (ret <= 0) return ret; ret = sltmp; @@ -201,7 +201,7 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, return -1; } } else { - ret = RSA_private_encrypt(tbslen, tbs, sig, rsa, rctx->pad_mode); + ret = RSA_private_encrypt((int)tbslen, tbs, sig, rsa, rctx->pad_mode); } if (ret < 0) return ret; @@ -226,7 +226,7 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx, if (rctx->pad_mode == RSA_X931_PADDING) { if (!setup_tbuf(rctx, ctx)) return -1; - ret = RSA_public_decrypt(siglen, sig, rctx->tbuf, rsa, + ret = RSA_public_decrypt((int)siglen, sig, rctx->tbuf, rsa, RSA_X931_PADDING); if (ret < 1) return 0; @@ -248,12 +248,12 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx, sig, siglen, rsa); if (ret <= 0) return 0; - ret = sltmp; + ret = (int)sltmp; } else { return -1; } } else { - ret = RSA_public_decrypt(siglen, sig, rout, rsa, rctx->pad_mode); + ret = RSA_public_decrypt((int)siglen, sig, rout, rsa, rctx->pad_mode); } if (ret < 0) return ret; @@ -277,8 +277,8 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, if (rctx->md) { if (rctx->pad_mode == RSA_PKCS1_PADDING) - return RSA_verify(EVP_MD_get_type(rctx->md), tbs, tbslen, - sig, siglen, rsa); + return RSA_verify(EVP_MD_get_type(rctx->md), tbs, (unsigned int)tbslen, + sig, (unsigned int)siglen, rsa); md_size = EVP_MD_get_size(rctx->md); if (md_size <= 0) { ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_DIGEST_LENGTH); @@ -295,7 +295,7 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, int ret; if (!setup_tbuf(rctx, ctx)) return -1; - ret = RSA_public_decrypt(siglen, sig, rctx->tbuf, + ret = RSA_public_decrypt((int)siglen, sig, rctx->tbuf, rsa, RSA_NO_PADDING); if (ret <= 0) return 0; @@ -311,7 +311,7 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, } else { if (!setup_tbuf(rctx, ctx)) return -1; - rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf, + rslen = RSA_public_decrypt((int)siglen, sig, rctx->tbuf, rsa, rctx->pad_mode); if (rslen == 0) return 0; @@ -342,14 +342,14 @@ static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx, if (!setup_tbuf(rctx, ctx)) return -1; if (!RSA_padding_add_PKCS1_OAEP_mgf1(rctx->tbuf, klen, - in, inlen, + in, (int)inlen, rctx->oaep_label, - rctx->oaep_labellen, + (int)rctx->oaep_labellen, rctx->md, rctx->mgf1md)) return -1; ret = RSA_public_encrypt(klen, rctx->tbuf, out, rsa, RSA_NO_PADDING); } else { - ret = RSA_public_encrypt(inlen, in, out, rsa, rctx->pad_mode); + ret = RSA_public_encrypt((int)inlen, in, out, rsa, rctx->pad_mode); } if (ret < 0) return ret; @@ -374,13 +374,13 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING) { if (!setup_tbuf(rctx, ctx)) return -1; - ret = RSA_private_decrypt(inlen, in, rctx->tbuf, rsa, RSA_NO_PADDING); + ret = RSA_private_decrypt((int)inlen, in, rctx->tbuf, rsa, RSA_NO_PADDING); if (ret <= 0) return ret; ret = RSA_padding_check_PKCS1_OAEP_mgf1(out, ret, rctx->tbuf, ret, ret, rctx->oaep_label, - rctx->oaep_labellen, + (int)rctx->oaep_labellen, rctx->md, rctx->mgf1md); } else { if (rctx->pad_mode == RSA_PKCS1_PADDING && @@ -388,7 +388,7 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, pad_mode = RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING; else pad_mode = rctx->pad_mode; - ret = RSA_private_decrypt(inlen, in, out, rsa, pad_mode); + ret = RSA_private_decrypt((int)inlen, in, out, rsa, pad_mode); } *outlen = constant_time_select_s(constant_time_msb_s(ret), *outlen, ret); ret = constant_time_select_int(constant_time_msb(ret), ret, 1); @@ -616,7 +616,7 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return 0; } *(unsigned char **)p2 = rctx->oaep_label; - return rctx->oaep_labellen; + return (int)rctx->oaep_labellen; case EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION: if (rctx->pad_mode != RSA_PKCS1_PADDING) { diff --git a/crypto/siphash/siphash.c b/crypto/siphash/siphash.c index e2be3ca597f..0f2f42a9d75 100644 --- a/crypto/siphash/siphash.c +++ b/crypto/siphash/siphash.c @@ -95,12 +95,12 @@ int SipHash_set_hash_size(SIPHASH *ctx, size_t hash_size) */ /* Start by adjusting the stored size, to make things easier */ - ctx->hash_size = siphash_adjust_hash_size(ctx->hash_size); + ctx->hash_size = (unsigned int)siphash_adjust_hash_size(ctx->hash_size); /* Now, adjust ctx->v1 if the old and the new size differ */ if ((size_t)ctx->hash_size != hash_size) { ctx->v1 ^= 0xee; - ctx->hash_size = hash_size; + ctx->hash_size = (unsigned int)hash_size; } return 1; } @@ -112,7 +112,7 @@ int SipHash_Init(SIPHASH *ctx, const unsigned char *k, int crounds, int drounds) uint64_t k1 = U8TO64_LE(k + 8); /* If the hash size wasn't set, i.e. is zero */ - ctx->hash_size = siphash_adjust_hash_size(ctx->hash_size); + ctx->hash_size = (unsigned int)siphash_adjust_hash_size(ctx->hash_size); if (drounds == 0) drounds = SIPHASH_D_ROUNDS; @@ -156,7 +156,7 @@ void SipHash_Update(SIPHASH *ctx, const unsigned char *in, size_t inlen) /* not enough to fill leavings */ if (inlen < available) { memcpy(&ctx->leavings[ctx->len], in, inlen); - ctx->len += inlen; + ctx->len += (unsigned int)inlen; return; } diff --git a/crypto/slh_dsa/slh_hash.c b/crypto/slh_dsa/slh_hash.c index 6a8d6bab03c..9f41f1cf207 100644 --- a/crypto/slh_dsa/slh_hash.c +++ b/crypto/slh_dsa/slh_hash.c @@ -162,7 +162,7 @@ slh_hmsg_sha2(SLH_DSA_HASH_CTX *hctx, const uint8_t *r, const uint8_t *pk_seed, memcpy(seed + n, pk_seed, n); return digest_4(hctx->md_big_ctx, r, n, pk_seed, n, pk_root, n, msg, msg_len, seed + 2 * n) - && (PKCS1_MGF1(out, m, seed, seed_len, hctx->key->md_big) == 0); + && (PKCS1_MGF1(out, (long)m, seed, (long)seed_len, hctx->key->md_big) == 0); } static int diff --git a/crypto/slh_dsa/slh_wots.c b/crypto/slh_dsa/slh_wots.c index 2776cc07c41..35288912b63 100644 --- a/crypto/slh_dsa/slh_wots.c +++ b/crypto/slh_dsa/slh_wots.c @@ -109,13 +109,13 @@ static int slh_wots_chain(SLH_DSA_HASH_CTX *ctx, const uint8_t *in, if (!WPACKET_allocate_bytes(wpkt, tmp_len, &tmp)) return 0; - set_hash_address(adrs, j++); + set_hash_address(adrs, (uint32_t)(j++)); if (!F(ctx, pk_seed, adrs, in, n, tmp, tmp_len)) return 0; end_index = start_index + steps; for (; j < end_index; ++j) { - set_hash_address(adrs, j); + set_hash_address(adrs, (uint32_t)j); if (!F(ctx, pk_seed, adrs, tmp, n, tmp, tmp_len)) return 0; } @@ -162,11 +162,11 @@ int ossl_slh_wots_pk_gen(SLH_DSA_HASH_CTX *ctx, adrsf->copy_keypair_address(sk_adrs, adrs); for (i = 0; i < len; ++i) { /* len = 2n + 3 */ - set_chain_address(sk_adrs, i); + set_chain_address(sk_adrs, (uint32_t)i); if (!PRF(ctx, pk_seed, sk_seed, sk_adrs, sk, sizeof(sk))) goto end; - set_chain_address(adrs, i); + set_chain_address(adrs, (uint32_t)i); if (!slh_wots_chain(ctx, sk, 0, NIBBLE_MASK, pk_seed, adrs, tmp_wpkt)) goto end; } @@ -232,11 +232,11 @@ int ossl_slh_wots_sign(SLH_DSA_HASH_CTX *ctx, const uint8_t *msg, adrsf->copy_keypair_address(sk_adrs, adrs); for (i = 0; i < len; ++i) { - set_chain_address(sk_adrs, i); + set_chain_address(sk_adrs, (uint32_t)i); /* compute chain i secret */ if (!PRF(ctx, pk_seed, sk_seed, sk_adrs, sk, sizeof(sk))) goto err; - set_chain_address(adrs, i); + set_chain_address(adrs, (uint32_t)i); /* compute chain i signature */ if (!slh_wots_chain(ctx, sk, 0, msg_and_csum_nibbles[i], pk_seed, adrs, sig_wpkt)) @@ -293,7 +293,7 @@ int ossl_slh_wots_pk_from_sig(SLH_DSA_HASH_CTX *ctx, /* Compute the end nodes for each of the chains */ for (i = 0; i < len; ++i) { - set_chain_address(adrs, i); + set_chain_address(adrs, (uint32_t)i); if (!PACKET_get_bytes(sig_rpkt, &sig_i, n) || !slh_wots_chain(ctx, sig_i, msg_and_csum_nibbles[i], NIBBLE_MASK - msg_and_csum_nibbles[i], diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c index 0e5017cff60..92f09f3f7f5 100644 --- a/crypto/sm2/sm2_crypt.c +++ b/crypto/sm2/sm2_crypt.c @@ -44,7 +44,7 @@ ASN1_SEQUENCE(SM2_Ciphertext) = { IMPLEMENT_ASN1_FUNCTIONS(SM2_Ciphertext) -static size_t ec_field_size(const EC_GROUP *group) +static int ec_field_size(const EC_GROUP *group) { const BIGNUM *p = EC_GROUP_get0_field(group); @@ -71,7 +71,7 @@ int ossl_sm2_plaintext_size(const unsigned char *ct, size_t ct_size, { struct SM2_Ciphertext_st *sm2_ctext = NULL; - sm2_ctext = d2i_SM2_Ciphertext(NULL, &ct, ct_size); + sm2_ctext = d2i_SM2_Ciphertext(NULL, &ct, (long)ct_size); if (sm2_ctext == NULL) { ERR_raise(ERR_LIB_SM2, SM2_R_INVALID_ENCODING); @@ -87,19 +87,19 @@ int ossl_sm2_plaintext_size(const unsigned char *ct, size_t ct_size, int ossl_sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len, size_t *ct_size) { - const size_t field_size = ec_field_size(EC_KEY_get0_group(key)); + const int field_size = ec_field_size(EC_KEY_get0_group(key)); const int md_size = EVP_MD_get_size(digest); - size_t sz; + int sz; - if (field_size == 0 || md_size <= 0) + if (field_size == 0 || md_size <= 0 || msg_len > INT_MAX/2) return 0; /* Integer and string are simple type; set constructed = 0, means primitive and definite length encoding. */ sz = 2 * ASN1_object_size(0, field_size + 1, V_ASN1_INTEGER) + ASN1_object_size(0, md_size, V_ASN1_OCTET_STRING) - + ASN1_object_size(0, msg_len, V_ASN1_OCTET_STRING); + + ASN1_object_size(0, (int)msg_len, V_ASN1_OCTET_STRING); /* Sequence is structured type; set constructed = 1, means constructed and definite length encoding. */ - *ct_size = ASN1_object_size(1, sz, V_ASN1_SEQUENCE); + *ct_size = (size_t)ASN1_object_size(1, sz, V_ASN1_SEQUENCE); return 1; } @@ -127,7 +127,7 @@ int ossl_sm2_encrypt(const EC_KEY *key, uint8_t *msg_mask = NULL; uint8_t *x2y2 = NULL; uint8_t *C3 = NULL; - size_t field_size; + int field_size; const int C3_size = EVP_MD_get_size(digest); EVP_MD *fetched_digest = NULL; OSSL_LIB_CTX *libctx = ossl_ec_key_get_libctx(key); @@ -137,6 +137,11 @@ int ossl_sm2_encrypt(const EC_KEY *key, ctext_struct.C2 = NULL; ctext_struct.C3 = NULL; + if (msg_len > INT_MAX/2) { + ERR_raise(ERR_LIB_SM2, ERR_R_PASSED_INVALID_ARGUMENT); + goto done; + } + if (hash == NULL || C3_size <= 0) { ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); goto done; @@ -243,7 +248,7 @@ again: goto done; } if (!ASN1_OCTET_STRING_set(ctext_struct.C3, C3, C3_size) - || !ASN1_OCTET_STRING_set(ctext_struct.C2, msg_mask, msg_len)) { + || !ASN1_OCTET_STRING_set(ctext_struct.C2, msg_mask, (int)msg_len)) { ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); goto done; } @@ -287,7 +292,7 @@ int ossl_sm2_decrypt(const EC_KEY *key, BIGNUM *y2 = NULL; uint8_t *x2y2 = NULL; uint8_t *computed_C3 = NULL; - const size_t field_size = ec_field_size(group); + const int field_size = ec_field_size(group); const int hash_size = EVP_MD_get_size(digest); uint8_t *msg_mask = NULL; const uint8_t *C2 = NULL; @@ -297,12 +302,12 @@ int ossl_sm2_decrypt(const EC_KEY *key, OSSL_LIB_CTX *libctx = ossl_ec_key_get_libctx(key); const char *propq = ossl_ec_key_get0_propq(key); - if (field_size == 0 || hash_size <= 0) + if (field_size == 0 || hash_size <= 0 || ciphertext_len > LONG_MAX) goto done; memset(ptext_buf, 0xFF, *ptext_len); - sm2_ctext = d2i_SM2_Ciphertext(NULL, &ciphertext, ciphertext_len); + sm2_ctext = d2i_SM2_Ciphertext(NULL, &ciphertext, (long)ciphertext_len); if (sm2_ctext == NULL) { ERR_raise(ERR_LIB_SM2, SM2_R_ASN1_ERROR); diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c index 5f626d70555..c53fbe73d8d 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c @@ -84,11 +84,11 @@ static int t_fromb64(unsigned char *a, size_t alen, const char *src) /* Add any encoded padding that is required */ if (padsize != 0 - && EVP_DecodeUpdate(ctx, a, &outl, pad, padsize) < 0) { + && EVP_DecodeUpdate(ctx, a, &outl, pad, (int)padsize) < 0) { outl = -1; goto err; } - if (EVP_DecodeUpdate(ctx, a, &outl2, (const unsigned char *)src, size) < 0) { + if (EVP_DecodeUpdate(ctx, a, &outl2, (const unsigned char *)src, (int)size) < 0) { outl = -1; goto err; } @@ -117,7 +117,7 @@ static int t_fromb64(unsigned char *a, size_t alen, const char *src) * from the encoded data as we added to the pre-encoded data. */ memmove(a, a + padsize, outl - padsize); - outl -= padsize; + outl -= (int)padsize; } err: @@ -135,7 +135,7 @@ static int t_tob64(char *dst, const unsigned char *src, int size) EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new(); int outl = 0, outl2 = 0; unsigned char pad[2] = {0, 0}; - size_t leadz = 0; + int leadz = 0; if (ctx == NULL) return 0; diff --git a/crypto/store/store_result.c b/crypto/store/store_result.c index 9944d353dc6..70e67ad5028 100644 --- a/crypto/store/store_result.c +++ b/crypto/store/store_result.c @@ -370,7 +370,7 @@ static EVP_PKEY *try_key_value_legacy(struct extracted_param_data_st *data, * No need to check the returned value, |new_der| * will be NULL on error anyway. */ - PKCS12_pbe_crypt(alg, pbuf, plen, + PKCS12_pbe_crypt(alg, pbuf, (int)plen, oct->data, oct->length, &new_der, &len, 0); der_len = len; @@ -500,10 +500,10 @@ static int try_cert(struct extracted_param_data_st *data, OSSL_STORE_INFO **v, ignore_trusted = 0; if (d2i_X509_AUX(&cert, (const unsigned char **)&data->octet_data, - data->octet_data_size) == NULL + (long)data->octet_data_size) == NULL && (!ignore_trusted || d2i_X509(&cert, (const unsigned char **)&data->octet_data, - data->octet_data_size) == NULL)) { + (long)data->octet_data_size) == NULL)) { X509_free(cert); cert = NULL; } @@ -528,7 +528,7 @@ static int try_crl(struct extracted_param_data_st *data, OSSL_STORE_INFO **v, X509_CRL *crl; crl = d2i_X509_CRL(NULL, (const unsigned char **)&data->octet_data, - data->octet_data_size); + (long)data->octet_data_size); if (crl != NULL) /* We determined the object type */ @@ -560,7 +560,7 @@ static int try_pkcs12(struct extracted_param_data_st *data, OSSL_STORE_INFO **v, PKCS12 *p12; p12 = d2i_PKCS12(NULL, (const unsigned char **)&data->octet_data, - data->octet_data_size); + (long)data->octet_data_size); if (p12 != NULL) { char *pass = NULL; @@ -601,7 +601,7 @@ static int try_pkcs12(struct extracted_param_data_st *data, OSSL_STORE_INFO **v, * we must do it for PKCS12_parse() */ pass[tpass_len] = '\0'; - if (!PKCS12_verify_mac(p12, pass, tpass_len)) { + if (!PKCS12_verify_mac(p12, pass, (int)tpass_len)) { ERR_raise_data(ERR_LIB_OSSL_STORE, OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC, tpass_len == 0 ? "empty password" : diff --git a/crypto/thread/arch/thread_win.c b/crypto/thread/arch/thread_win.c index fc0c2147701..dbf52790ac7 100644 --- a/crypto/thread/arch/thread_win.c +++ b/crypto/thread/arch/thread_win.c @@ -504,7 +504,7 @@ void ossl_crypto_condvar_broadcast(CRYPTO_CONDVAR *cv_) cv->closed = 1; ossl_crypto_mutex_unlock(cv->int_m); - ReleaseSemaphore(cv->sema, num_wake, NULL); + ReleaseSemaphore(cv->sema, (LONG)num_wake, NULL); } void ossl_crypto_condvar_signal(CRYPTO_CONDVAR *cv_) diff --git a/crypto/trace.c b/crypto/trace.c index fbd4bf29140..384a98740c0 100644 --- a/crypto/trace.c +++ b/crypto/trace.c @@ -496,7 +496,7 @@ BIO *OSSL_trace_begin(int category) break; case CALLBACK_CHANNEL: (void)BIO_ctrl(channel, OSSL_TRACE_CTRL_BEGIN, - prefix == NULL ? 0 : strlen(prefix), prefix); + prefix == NULL ? 0 : (int)strlen(prefix), prefix); break; } } @@ -525,7 +525,7 @@ void OSSL_trace_end(int category, BIO *channel) break; case CALLBACK_CHANNEL: (void)BIO_ctrl(channel, OSSL_TRACE_CTRL_END, - suffix == NULL ? 0 : strlen(suffix), suffix); + suffix == NULL ? 0 : (int)strlen(suffix), suffix); break; } current_channel = NULL; diff --git a/crypto/ts/ts_lib.c b/crypto/ts/ts_lib.c index 5a99c9df175..a7788e8a99f 100644 --- a/crypto/ts/ts_lib.c +++ b/crypto/ts/ts_lib.c @@ -27,7 +27,7 @@ int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num) return -1; if ((hex = BN_bn2hex(num_bn))) { result = BIO_write(bio, "0x", 2) > 0; - result = result && BIO_write(bio, hex, strlen(hex)) > 0; + result = result && BIO_write(bio, hex, (int)strlen(hex)) > 0; OPENSSL_free(hex); } BN_free(num_bn); diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index 0547736aa04..db208a15a60 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -299,7 +299,7 @@ int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, } if (text) { if ((utf8_text = ASN1_UTF8STRING_new()) == NULL - || !ASN1_STRING_set(utf8_text, text, strlen(text))) { + || !ASN1_STRING_set(utf8_text, text, (int)strlen(text))) { ERR_raise(ERR_LIB_TS, ERR_R_ASN1_LIB); goto err; } diff --git a/crypto/txt_db/txt_db.c b/crypto/txt_db/txt_db.c index 25fe9bf64bf..8da5027f1ff 100644 --- a/crypto/txt_db/txt_db.c +++ b/crypto/txt_db/txt_db.c @@ -64,7 +64,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num) break; if ((offset == 0) && (buf->data[0] == '#')) continue; - i = strlen(&(buf->data[offset])); + i = (int)strlen(&(buf->data[offset])); offset += i; if (buf->data[offset - 1] != '\n') continue; @@ -201,7 +201,7 @@ long TXT_DB_write(BIO *out, TXT_DB *db) l = 0; for (j = 0; j < nn; j++) { if (pp[j] != NULL) - l += strlen(pp[j]); + l += (long)strlen(pp[j]); } if (!BUF_MEM_grow_clean(buf, (int)(l * 2 + nn))) goto err; @@ -220,7 +220,7 @@ long TXT_DB_write(BIO *out, TXT_DB *db) *(p++) = '\t'; } p[-1] = '\n'; - j = p - buf->data; + j = (long)(p - buf->data); if (BIO_write(out, buf->data, (int)j) != j) goto err; tot += j; diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c index 0741303badf..087d53d2d59 100644 --- a/crypto/ui/ui_lib.c +++ b/crypto/ui/ui_lib.c @@ -374,9 +374,9 @@ char *UI_construct_prompt(UI *ui, const char *phrase_desc, if (phrase_desc == NULL) return NULL; - len = sizeof(prompt1) - 1 + strlen(phrase_desc); + len = sizeof(prompt1) - 1 + (int)strlen(phrase_desc); if (object_name != NULL) - len += sizeof(prompt2) - 1 + strlen(object_name); + len += sizeof(prompt2) - 1 + (int)strlen(object_name); len += sizeof(prompt3) - 1; if ((prompt = OPENSSL_malloc(len + 1)) == NULL) @@ -827,7 +827,7 @@ int UI_get_result_string_length(UI_STRING *uis) switch (uis->type) { case UIT_PROMPT: case UIT_VERIFY: - return uis->result_len; + return (int)uis->result_len; case UIT_NONE: case UIT_BOOLEAN: case UIT_INFO: @@ -884,7 +884,7 @@ int UI_get_result_maxsize(UI_STRING *uis) int UI_set_result(UI *ui, UI_STRING *uis, const char *result) { - return UI_set_result_ex(ui, uis, result, strlen(result)); + return UI_set_result_ex(ui, uis, result, (int)strlen(result)); } int UI_set_result_ex(UI *ui, UI_STRING *uis, const char *result, int len) diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index bdcdc4555bd..bce97e170c6 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -266,7 +266,7 @@ static int get_cert_by_subject_ex(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, BY_DIR_HASH htmp, *hent; ent = sk_BY_DIR_ENTRY_value(ctx->dirs, i); - j = strlen(ent->dir) + 1 + 8 + 6 + 1 + 1; + j = (int)strlen(ent->dir) + 1 + 8 + 6 + 1 + 1; if (!BUF_MEM_grow(b, j)) { ERR_raise(ERR_LIB_X509, ERR_R_BUF_LIB); goto finish; diff --git a/crypto/x509/v3_addr.c b/crypto/x509/v3_addr.c index ac0e1e66d95..463d8f18b5d 100644 --- a/crypto/x509/v3_addr.c +++ b/crypto/x509/v3_addr.c @@ -1027,8 +1027,8 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, continue; } - i1 = strspn(s, addr_chars); - i2 = i1 + strspn(s + i1, " \t"); + i1 = (int)strspn(s, addr_chars); + i2 = i1 + (int)strspn(s + i1, " \t"); delim = s[i2++]; s[i1] = '\0'; @@ -1055,8 +1055,8 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, } break; case '-': - i1 = i2 + strspn(s + i2, " \t"); - i2 = i1 + strspn(s + i1, addr_chars); + i1 = i2 + (int)strspn(s + i2, " \t"); + i2 = i1 + (int)strspn(s + i1, addr_chars); if (i1 == i2 || s[i2] != '\0') { ERR_raise(ERR_LIB_X509V3, X509V3_R_EXTENSION_VALUE_ERROR); X509V3_conf_add_error_name_value(val); diff --git a/crypto/x509/v3_asid.c b/crypto/x509/v3_asid.c index e08e11d587e..c099b876acb 100644 --- a/crypto/x509/v3_asid.c +++ b/crypto/x509/v3_asid.c @@ -564,20 +564,20 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method, /* * Number, range, or mistake, pick it apart and figure out which. */ - i1 = strspn(val->value, "0123456789"); + i1 = (int)strspn(val->value, "0123456789"); if (val->value[i1] == '\0') { is_range = 0; } else { is_range = 1; - i2 = i1 + strspn(val->value + i1, " \t"); + i2 = i1 + (int)strspn(val->value + i1, " \t"); if (val->value[i2] != '-') { ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_ASNUMBER); X509V3_conf_add_error_name_value(val); goto err; } i2++; - i2 = i2 + strspn(val->value + i2, " \t"); - i3 = i2 + strspn(val->value + i2, "0123456789"); + i2 = i2 + (int)strspn(val->value + i2, " \t"); + i3 = i2 + (int)strspn(val->value + i2, "0123456789"); if (val->value[i3] != '\0') { ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_ASRANGE); X509V3_conf_add_error_name_value(val); diff --git a/crypto/x509/v3_cpols.c b/crypto/x509/v3_cpols.c index fcf8728937d..5dcbf8888d1 100644 --- a/crypto/x509/v3_cpols.c +++ b/crypto/x509/v3_cpols.c @@ -208,7 +208,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, goto err; } if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value, - strlen(cnf->value))) { + (int)strlen(cnf->value))) { ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); goto err; } @@ -259,7 +259,7 @@ static int displaytext_get_tag_len(const char *tagstr) { char *colon = strchr(tagstr, ':'); - return (colon == NULL) ? -1 : colon - tagstr; + return (colon == NULL) ? -1 : (int)(colon - tagstr); } static int displaytext_str2tag(const char *tagstr, unsigned int *tag_len) @@ -323,7 +323,7 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, } if (tag_len != 0) value += tag_len + 1; - len = strlen(value); + len = (int)strlen(value); if (!ASN1_STRING_set(not->exptext, value, len)) { ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); goto err; @@ -344,7 +344,7 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, else nref->organization->type = V_ASN1_VISIBLESTRING; if (!ASN1_STRING_set(nref->organization, cnf->value, - strlen(cnf->value))) { + (int)strlen(cnf->value))) { ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); goto err; } diff --git a/crypto/x509/v3_ia5.c b/crypto/x509/v3_ia5.c index 7b799358727..7686d9dd1b0 100644 --- a/crypto/x509/v3_ia5.c +++ b/crypto/x509/v3_ia5.c @@ -50,7 +50,7 @@ ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); return NULL; } - if (!ASN1_STRING_set((ASN1_STRING *)ia5, str, strlen(str))) { + if (!ASN1_STRING_set((ASN1_STRING *)ia5, str, (int)strlen(str))) { ASN1_IA5STRING_free(ia5); return NULL; } diff --git a/crypto/x509/v3_info.c b/crypto/x509/v3_info.c index 7e4d9313d82..1a1590392c3 100644 --- a/crypto/x509/v3_info.c +++ b/crypto/x509/v3_info.c @@ -63,7 +63,8 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS( STACK_OF(CONF_VALUE) *ret) { ACCESS_DESCRIPTION *desc; - int i, nlen; + int i; + size_t nlen; char objtmp[80], *ntmp; CONF_VALUE *vtmp; STACK_OF(CONF_VALUE) *tret = ret; diff --git a/crypto/x509/v3_ist.c b/crypto/x509/v3_ist.c index b7ce4bb9191..482e99e6e76 100644 --- a/crypto/x509/v3_ist.c +++ b/crypto/x509/v3_ist.c @@ -52,7 +52,7 @@ static ISSUER_SIGN_TOOL *v2i_issuer_sign_tool(X509V3_EXT_METHOD *method, X509V3_ ist->signTool = ASN1_UTF8STRING_new(); if (ist->signTool == NULL || cnf->value == NULL - || !ASN1_STRING_set(ist->signTool, cnf->value, strlen(cnf->value))) { + || !ASN1_STRING_set(ist->signTool, cnf->value, (int)strlen(cnf->value))) { ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); goto err; } @@ -60,7 +60,7 @@ static ISSUER_SIGN_TOOL *v2i_issuer_sign_tool(X509V3_EXT_METHOD *method, X509V3_ ist->cATool = ASN1_UTF8STRING_new(); if (ist->cATool == NULL || cnf->value == NULL - || !ASN1_STRING_set(ist->cATool, cnf->value, strlen(cnf->value))) { + || !ASN1_STRING_set(ist->cATool, cnf->value, (int)strlen(cnf->value))) { ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); goto err; } @@ -68,7 +68,7 @@ static ISSUER_SIGN_TOOL *v2i_issuer_sign_tool(X509V3_EXT_METHOD *method, X509V3_ ist->signToolCert = ASN1_UTF8STRING_new(); if (ist->signToolCert == NULL || cnf->value == NULL - || !ASN1_STRING_set(ist->signToolCert, cnf->value, strlen(cnf->value))) { + || !ASN1_STRING_set(ist->signToolCert, cnf->value, (int)strlen(cnf->value))) { ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); goto err; } @@ -76,7 +76,7 @@ static ISSUER_SIGN_TOOL *v2i_issuer_sign_tool(X509V3_EXT_METHOD *method, X509V3_ ist->cAToolCert = ASN1_UTF8STRING_new(); if (ist->cAToolCert == NULL || cnf->value == NULL - || !ASN1_STRING_set(ist->cAToolCert, cnf->value, strlen(cnf->value))) { + || !ASN1_STRING_set(ist->cAToolCert, cnf->value, (int)strlen(cnf->value))) { ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); goto err; } diff --git a/crypto/x509/v3_ncons.c b/crypto/x509/v3_ncons.c index 51208ce7891..73e1dbc0c82 100644 --- a/crypto/x509/v3_ncons.c +++ b/crypto/x509/v3_ncons.c @@ -468,7 +468,7 @@ int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc) if (idlen == 0) continue; - stmp.length = idlen; + stmp.length = (int)idlen; stmp.data = idval; r = nc_match(&gntmp, nc); OPENSSL_free(idval); @@ -810,7 +810,7 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) OPENSSL_free(scheme); OPENSSL_free(uri_copy); - hostlen = strlen(host); + hostlen = (int)strlen(host); /* Special case: initial '.' is RHS match */ if (base->length > 0 && *baseptr == '.') { diff --git a/crypto/x509/v3_pci.c b/crypto/x509/v3_pci.c index 1549a244ac8..5bba359b456 100644 --- a/crypto/x509/v3_pci.c +++ b/crypto/x509/v3_pci.c @@ -194,7 +194,7 @@ static int process_pci_value(CONF_VALUE *val, goto err; } } else if (CHECK_AND_SKIP_PREFIX(valp, "text:")) { - val_len = strlen(valp); + val_len = (int)strlen(valp); tmp_data = OPENSSL_realloc((*policy)->data, (*policy)->length + val_len + 1); if (tmp_data) { diff --git a/crypto/x509/v3_san.c b/crypto/x509/v3_san.c index bc13c088d54..b91bbcefc06 100644 --- a/crypto/x509/v3_san.c +++ b/crypto/x509/v3_san.c @@ -578,7 +578,7 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, if (is_string) { if ((gen->d.ia5 = ASN1_IA5STRING_new()) == NULL || !ASN1_STRING_set(gen->d.ia5, (unsigned char *)value, - strlen(value))) { + (int)strlen(value))) { ASN1_IA5STRING_free(gen->d.ia5); gen->d.ia5 = NULL; ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); @@ -639,7 +639,7 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx) { char *objtmp = NULL, *p; - int objlen; + size_t objlen; if ((p = strchr(value, ';')) == NULL) return 0; diff --git a/crypto/x509/v3_sxnet.c b/crypto/x509/v3_sxnet.c index 507945f8295..d5c1f65ac76 100644 --- a/crypto/x509/v3_sxnet.c +++ b/crypto/x509/v3_sxnet.c @@ -168,7 +168,7 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user, return 0; } if (userlen == -1) - userlen = strlen(user); + userlen = (int)strlen(user); if (userlen > 64) { ERR_raise(ERR_LIB_X509V3, X509V3_R_USER_TOO_LONG); return 0; diff --git a/crypto/x509/v3_utf8.c b/crypto/x509/v3_utf8.c index 22345c3a65e..5306f3418ad 100644 --- a/crypto/x509/v3_utf8.c +++ b/crypto/x509/v3_utf8.c @@ -54,7 +54,7 @@ ASN1_UTF8STRING *s2i_ASN1_UTF8STRING(X509V3_EXT_METHOD *method, ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); return NULL; } - if (!ASN1_STRING_set((ASN1_STRING *)utf8, str, strlen(str))) { + if (!ASN1_STRING_set((ASN1_STRING *)utf8, str, (int)strlen(str))) { ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); ASN1_UTF8STRING_free(utf8); return NULL; diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.c index 60aa31a7c75..2cbce26f5e8 100644 --- a/crypto/x509/v3_utl.c +++ b/crypto/x509/v3_utl.c @@ -431,7 +431,8 @@ static char *strip_spaces(char *name) int ossl_v3_name_cmp(const char *name, const char *cmp) { - int len, ret; + size_t len; + int ret; char c; len = strlen(cmp); diff --git a/crypto/x509/x509_acert.c b/crypto/x509/x509_acert.c index d97648ca0c4..26ff0164f22 100644 --- a/crypto/x509/x509_acert.c +++ b/crypto/x509/x509_acert.c @@ -301,7 +301,7 @@ int X509_ACERT_add_attr_nconf(CONF *conf, const char *section, ret = X509_ACERT_add1_attr_by_txt(acert, v->name, V_ASN1_OCTET_STRING, (unsigned char *)value, - strlen(value)); + (int)strlen(value)); if (!ret) goto err; } diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c index a55ee1a73e2..76aabc9f3c5 100644 --- a/crypto/x509/x509_obj.c +++ b/crypto/x509/x509_obj.c @@ -67,7 +67,7 @@ char *X509_NAME_oneline(const X509_NAME *a, char *buf, int len) i2t_ASN1_OBJECT(tmp_buf, sizeof(tmp_buf), ne->object); s = tmp_buf; } - l1 = strlen(s); + l1 = (int)strlen(s); type = ne->value->type; num = ne->value->length; diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 6f1cfd9320e..ed5e8ee76de 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -462,7 +462,7 @@ char *X509_VERIFY_PARAM_get1_ip_asc(X509_VERIFY_PARAM *param) size_t iplen; unsigned char *ip = int_X509_VERIFY_PARAM_get0_ip(param, &iplen); - return ip == NULL ? NULL : ossl_ipaddr_to_asc(ip, iplen); + return ip == NULL ? NULL : ossl_ipaddr_to_asc(ip, (int)iplen); } int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c index 75ff07d899d..a255067d10b 100644 --- a/crypto/x509/x509name.c +++ b/crypto/x509/x509name.c @@ -326,7 +326,7 @@ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, len, type, OBJ_obj2nid(ne->object)) ? 1 : 0; if (len < 0) - len = strlen((const char *)bytes); + len = (int)strlen((const char *)bytes); i = ASN1_STRING_set(ne->value, bytes, len); if (!i) return 0; diff --git a/crypto/x509/x509spki.c b/crypto/x509/x509spki.c index 142eeb79bd5..d8f1e95a6c7 100644 --- a/crypto/x509/x509spki.c +++ b/crypto/x509/x509spki.c @@ -34,7 +34,7 @@ NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len) int spki_len; NETSCAPE_SPKI *spki; if (len <= 0) - len = strlen(str); + len = (int)strlen(str); if ((spki_der = OPENSSL_malloc(len + 1)) == NULL) return NULL; spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len); diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c index bcb480f58fd..87dd7430069 100644 --- a/crypto/x509/x_name.c +++ b/crypto/x509/x_name.c @@ -225,7 +225,7 @@ static int x509_name_ex_i2d(const ASN1_VALUE **val, unsigned char **out, if (!ret) return -1; } - ret = a->bytes->length; + ret = (int)a->bytes->length; if (out != NULL) { memcpy(*out, a->bytes->data, ret); *out += ret; @@ -462,7 +462,7 @@ static int asn1_string_canon(ASN1_STRING *out, const ASN1_STRING *in) } } - out->length = to - out->data; + out->length = (int)(to - out->data); return 1; @@ -521,7 +521,7 @@ int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase) (ossl_isupper(s[2]) && (s[3] == '=')) ))) || (*s == '\0')) { - i = s - c; + i = (int)(s - c); if (BIO_write(bp, c, i) != i) goto err; c = s + 1; /* skip following slash */ diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c index 53639b2bfab..0c71129ade4 100644 --- a/crypto/x509/x_pubkey.c +++ b/crypto/x509/x_pubkey.c @@ -579,7 +579,7 @@ int i2d_PUBKEY(const EVP_PKEY *a, unsigned char **pp) && out != NULL && OSSL_ENCODER_to_bio(ctx, out) && BIO_get_mem_ptr(out, &buf) > 0) { - ret = buf->length; + ret = (int)buf->length; if (pp != NULL) { if (*pp == NULL) { diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c index 75c5c9223ac..1850c3d51f0 100644 --- a/crypto/x509/x_x509.c +++ b/crypto/x509/x_x509.c @@ -203,7 +203,7 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) if (ret == NULL) return NULL; /* update length */ - length -= q - *pp; + length -= (long)(q - *pp); if (length > 0 && !d2i_X509_CERT_AUX(&ret->aux, &q, length)) goto err; *pp = q; diff --git a/include/crypto/bn.h b/include/crypto/bn.h index 73779639003..2acdeacfe89 100644 --- a/include/crypto/bn.h +++ b/include/crypto/bn.h @@ -140,7 +140,7 @@ int s390x_crt(BIGNUM *r, const BIGNUM *i, const BIGNUM *p, const BIGNUM *q, #endif int ossl_bn_mont_ctx_set(BN_MONT_CTX *ctx, const BIGNUM *modulus, int ri, - const unsigned char *rr, size_t rrlen, + const unsigned char *rr, int rrlen, uint32_t nlo, uint32_t nhi); int ossl_bn_mont_ctx_eq(const BN_MONT_CTX *m1, const BN_MONT_CTX *m2); diff --git a/include/internal/hashtable.h b/include/internal/hashtable.h index ccbc470db72..9c0214eeb0c 100644 --- a/include/internal/hashtable.h +++ b/include/internal/hashtable.h @@ -153,7 +153,7 @@ memset((key), 0, sizeof(*(key))); \ /* Same as HT_SET_KEY_STRING_CASE but also takes length of the string. */ #define HT_SET_KEY_STRING_CASE_N(key, member, value, len) do { \ - if (len < sizeof((key)->keyfields.member)) \ + if ((size_t)len < sizeof((key)->keyfields.member)) \ ossl_ht_strcase((key)->keyfields.member, value, len); \ else \ ossl_ht_strcase((key)->keyfields.member, value, sizeof((key)->keyfields.member) - 1); \ diff --git a/include/internal/namemap.h b/include/internal/namemap.h index a3a3414869a..eb0c0aa8299 100644 --- a/include/internal/namemap.h +++ b/include/internal/namemap.h @@ -28,7 +28,7 @@ int ossl_namemap_name2num(const OSSL_NAMEMAP *namemap, const char *name); int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap, const char *name, size_t name_len); const char *ossl_namemap_num2name(const OSSL_NAMEMAP *namemap, int number, - size_t idx); + int idx); int ossl_namemap_doall_names(const OSSL_NAMEMAP *namemap, int number, void (*fn)(const char *name, void *data), void *data); diff --git a/include/internal/quic_vlint.h b/include/internal/quic_vlint.h index d4b70b229c3..5b6d21a4d11 100644 --- a/include/internal/quic_vlint.h +++ b/include/internal/quic_vlint.h @@ -96,7 +96,7 @@ void ossl_quic_vlint_encode_n(unsigned char *buf, uint64_t v, int n); */ static ossl_unused ossl_inline size_t ossl_quic_vlint_decode_len(uint8_t first_byte) { - return 1U << ((first_byte & 0xC0) >> 6); + return (size_t)(1U << ((first_byte & 0xC0) >> 6)); } /* diff --git a/include/internal/tsan_assist.h b/include/internal/tsan_assist.h index a840df0b24c..3b0fab909c6 100644 --- a/include/internal/tsan_assist.h +++ b/include/internal/tsan_assist.h @@ -100,10 +100,10 @@ # define _InterlockedExchangeAdd64 _InterlockedExchangeAdd64_nf # pragma intrinsic(_InterlockedExchangeAdd64_nf) # pragma intrinsic(__iso_volatile_load64, __iso_volatile_store64) -# define tsan_load(ptr) (sizeof(*(ptr)) == 8 ? __iso_volatile_load64(ptr) \ - : __iso_volatile_load32(ptr)) -# define tsan_store(ptr, val) (sizeof(*(ptr)) == 8 ? __iso_volatile_store64((ptr), (val)) \ - : __iso_volatile_store32((ptr), (val))) +# define tsan_load(ptr) (sizeof(*(ptr)) == 8 ? __iso_volatile_load64((void *)(ptr)) \ + : __iso_volatile_load32((void *)(ptr))) +# define tsan_store(ptr, val) (sizeof(*(ptr)) == 8 ? __iso_volatile_store64(((void *)(ptr)), (val)) \ + : __iso_volatile_store32((void *)(ptr), (val))) # else # define tsan_load(ptr) __iso_volatile_load32(ptr) # define tsan_store(ptr, val) __iso_volatile_store32((ptr), (val)) @@ -115,8 +115,8 @@ # pragma intrinsic(_InterlockedExchangeAdd) # ifdef _WIN64 # pragma intrinsic(_InterlockedExchangeAdd64) -# define tsan_add(ptr, n) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), (n)) \ - : _InterlockedExchangeAdd((ptr), (n))) +# define tsan_add(ptr, n) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((void *)(ptr), (n)) \ + : _InterlockedExchangeAdd((void *)(ptr), (n))) # else # define tsan_add(ptr, n) _InterlockedExchangeAdd((ptr), (n)) # endif diff --git a/ms/uplink.c b/ms/uplink.c index 48f31838fc7..caf1f71f582 100644 --- a/ms/uplink.c +++ b/ms/uplink.c @@ -20,6 +20,7 @@ #include #include #include +#include #include "uplink.h" void OPENSSL_showfatal(const char *, ...); @@ -89,7 +90,7 @@ void OPENSSL_Uplink(volatile void **table, int index) } else p = applinktable; - if (index > (int)p[0]) + if (index > (intptr_t)p[0]) break; if (p[index])