From: Tomas Mraz <tomas@openssl.org>
Date: Thu, 18 Sep 2025 15:13:28 +0000 (+0200)
Subject: Fix warnings about casts in ECH code
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f76c956f67628a0f59eb45c62438aa3723fb1410;p=thirdparty%2Fopenssl.git

Fix warnings about casts in ECH code

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28611)
---

diff --git a/apps/s_client.c b/apps/s_client.c
index bf67469fe0c..095b25f7d24 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -3441,8 +3441,9 @@ static void print_ech_retry_configs(BIO *bio, SSL *s)
      * print nicely, note that any non-supported versions
      * sent by server will have been filtered out by now
      */
-    if ((biom = BIO_new(BIO_s_mem())) == NULL
-        || BIO_write(biom, rtval, rtlen) <= 0
+    if (rtlen > INT_MAX
+        || (biom = BIO_new(BIO_s_mem())) == NULL
+        || BIO_write(biom, rtval, (int)rtlen) <= 0
         || (es = OSSL_ECHSTORE_new(NULL, NULL)) == NULL
         || OSSL_ECHSTORE_read_echconfiglist(es, biom) != 1) {
         BIO_printf(bio, "ECH: Error loading retry-configs\n");
diff --git a/ssl/ech/ech_internal.c b/ssl/ech/ech_internal.c
index 7fdcf3c5c75..89fc63d19b0 100644
--- a/ssl/ech/ech_internal.c
+++ b/ssl/ech/ech_internal.c
@@ -40,7 +40,7 @@ void ossl_ech_pbuf(const char *msg, const unsigned char *buf, const size_t blen)
             BIO_printf(trc_out, "%s: blen is %lu\n", msg, (unsigned long)blen);
         } else {
             BIO_printf(trc_out, "%s (%lu)\n", msg, (unsigned long)blen);
-            BIO_dump_indent(trc_out, buf, blen, 4);
+            BIO_dump_indent(trc_out, buf, (int)blen, 4);
         }
     } OSSL_TRACE_END(TLS);
     return;
@@ -373,7 +373,8 @@ int ossl_ech_pick_matching_cfg(SSL_CONNECTION *s, OSSL_ECHSTORE_ENTRY **ee,
                                OSSL_HPKE_SUITE *suite)
 {
     int namematch = 0, nameoverride = 0, suitematch = 0, num, cind = 0;
-    unsigned int csuite = 0, tsuite = 0, hnlen = 0;
+    unsigned int csuite = 0, tsuite = 0;
+    size_t hnlen = 0;
     OSSL_ECHSTORE_ENTRY *lee = NULL, *tee = NULL;
     OSSL_ECHSTORE *es = NULL;
     char *hn = NULL;
@@ -620,8 +621,8 @@ int ossl_ech_reset_hs_buffer(SSL_CONNECTION *s, const unsigned char *buf,
 size_t ossl_ech_calc_padding(SSL_CONNECTION *s, OSSL_ECHSTORE_ENTRY *ee,
                              size_t encoded_len)
 {
-    int length_of_padding = 0, length_with_snipadding = 0;
-    int innersnipadding = 0, length_with_padding = 0;
+    size_t length_of_padding = 0, length_with_snipadding = 0;
+    size_t innersnipadding = 0, length_with_padding = 0;
     size_t mnl = 0, isnilen = 0;
 
     if (s == NULL || ee == NULL)
@@ -653,12 +654,12 @@ size_t ossl_ech_calc_padding(SSL_CONNECTION *s, OSSL_ECHSTORE_ENTRY *ee,
     while (length_with_padding < OSSL_ECH_PADDING_TARGET)
         length_with_padding += OSSL_ECH_PADDING_INCREMENT;
     OSSL_TRACE_BEGIN(TLS) {
-        BIO_printf(trc_out, "EAAE: padding: mnl: %zu, lws: %d "
-                   "lop: %d, clear_len (len with padding): %d, orig: %zu\n",
+        BIO_printf(trc_out, "EAAE: padding: mnl: %zu, lws: %zu "
+                   "lop: %zu, clear_len (len with padding): %zu, orig: %zu\n",
                    mnl, length_with_snipadding, length_of_padding,
                    length_with_padding, encoded_len);
     } OSSL_TRACE_END(TLS);
-    return (size_t)length_with_padding;
+    return length_with_padding;
 }
 
 /*
@@ -955,7 +956,7 @@ static int ech_hkdf_extract_wrap(SSL_CONNECTION *s, EVP_MD *md, int for_hrr,
     ossl_ech_pbuf("cc: client_random", p, SSL3_RANDOM_SIZE);
 # endif
     if (EVP_PKEY_CTX_set1_hkdf_key(pctx, p, SSL3_RANDOM_SIZE) != 1
-        || EVP_PKEY_CTX_set1_hkdf_salt(pctx, zeros, hashlen) != 1
+        || EVP_PKEY_CTX_set1_hkdf_salt(pctx, zeros, (int)hashlen) != 1
         || EVP_PKEY_derive(pctx, NULL, &retlen) != 1
         || hashlen != retlen
         || EVP_PKEY_derive(pctx, notsecret, &retlen) != 1) {
diff --git a/ssl/ech/ech_local.h b/ssl/ech/ech_local.h
index 7dcd553de98..9928d1a2844 100644
--- a/ssl/ech/ech_local.h
+++ b/ssl/ech/ech_local.h
@@ -335,7 +335,7 @@ int ossl_ech_calc_confirm(SSL_CONNECTION *s, int for_hrr,
 /* these are internal but located in ssl/statem/extensions.c */
 int ossl_ech_same_ext(SSL_CONNECTION *s, WPACKET *pkt);
 int ossl_ech_same_key_share(void);
-int ossl_ech_2bcompressed(int ind);
+int ossl_ech_2bcompressed(size_t ind);
 int ossl_ech_copy_inner2outer(SSL_CONNECTION *s, uint16_t ext_type, int ind,
                               WPACKET *pkt);
 
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index bb225decd37..6bdc1e1a8d5 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -602,9 +602,9 @@ int ossl_ech_same_key_share(void)
  * say if extension at index |ind| in ext_defs is to be ECH compressed
  * return 1 if this one is to be compressed, 0 if not, -1 for error
  */
-int ossl_ech_2bcompressed(int ind)
+int ossl_ech_2bcompressed(size_t ind)
 {
-    const int nexts = OSSL_NELEM(ext_defs);
+    const size_t nexts = OSSL_NELEM(ext_defs);
 
 # ifdef DUPEMALL
     return 0;
@@ -1146,7 +1146,7 @@ int tls_construct_extensions(SSL_CONNECTION *s, WPACKET *pkt,
             if (ossl_ech_2bcompressed(i) == pass)
                 continue;
             /* stash index - needed for COMPRESS ECH handling */
-            s->ext.ech.ext_ind = i;
+            s->ext.ech.ext_ind = (int)i;
 #endif
             /* Skip if not relevant for our context */
             if (!should_add_extension(s, thisexd->context, context, max_version))
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 461463efa2a..98fa3e4b59b 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -2701,7 +2701,7 @@ err:
 int tls_parse_stoc_ech(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
                        X509 *x, size_t chainidx)
 {
-    unsigned int rlen = 0;
+    size_t rlen = 0;
     const unsigned char *rval = NULL;
     unsigned char *srval = NULL;
     PACKET rcfgs_pkt;
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 6ad2056e128..9e4f212a37e 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -533,7 +533,7 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which)
                     SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
                     goto err;
                 }
-                handlen = s->ext.ech.innerch_len;
+                handlen = (long)s->ext.ech.innerch_len;
                 hdata = s->ext.ech.innerch;
             } else
 #endif
diff --git a/test/ech_test.c b/test/ech_test.c
index 2f3cddc27b1..07fd9bddf49 100644
--- a/test/ech_test.c
+++ b/test/ech_test.c
@@ -833,7 +833,7 @@ static int ech_ingest_test(int run)
     char *pn = NULL, *ec = NULL;
 
     if ((in = BIO_new(BIO_s_mem())) == NULL
-        || BIO_write(in, tv->tv, tv->len) <= 0
+        || BIO_write(in, tv->tv, (int)tv->len) <= 0
         || (out = BIO_new(BIO_s_mem())) == NULL
         || (es = OSSL_ECHSTORE_new(NULL, NULL)) == NULL)
         goto end;