ssl: avoid integer overflow by casting sum terms to size_t and not the result

Avoid possible integer overflow:  instead of casting the sum to size_t,
each operand of the sum is cast to size_t before addition to avoid int
overflow.

Signed-off-by: Herman Semenoff <GermanAizek@yandex.ru>
Reviewed-by: Matt Caswell <matt@openssl.foundation>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Mon Jun  1 07:24:21 2026
(Merged from https://github.com/openssl/openssl/pull/30972)

diff --git a/ssl/quic/quic_port.c b/ssl/quic/quic_port.c
index 42b121103d788af9278846df2d0c8a82958f1fbd..e29e4bcf74be9c0aad3dc297a3373039493accf7 100644 (file)
--- a/ssl/quic/quic_port.c
+++ b/ssl/quic/quic_port.c
@@ -1136,7 +1136,7 @@ static int decrypt_validation_token(const QUIC_PORT *port,
         goto err;
 
     /* Prevent decryption of a buffer that is not within reasonable bounds */
-    if (ct_len < (size_t)(iv_len + tag_len) || ct_len > ENCRYPTED_TOKEN_MAX_LEN)
+    if (ct_len < (size_t)iv_len + tag_len || ct_len > ENCRYPTED_TOKEN_MAX_LEN)
         goto err;
 
     *pt_len = ct_len - iv_len - tag_len;

diff --git a/ssl/record/methods/tls13_meth.c b/ssl/record/methods/tls13_meth.c
index ade57396224daefc3632899856f60ebb661be26f..e091d8d38216b0e376a88507f7d7946687e038e9 100644 (file)
--- a/ssl/record/methods/tls13_meth.c
+++ b/ssl/record/methods/tls13_meth.c
@@ -236,7 +236,7 @@ static int tls13_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs,
                (unsigned int)rec->length)
             <= 0
         || EVP_CipherFinal_ex(enc_ctx, rec->data + lenu, &lenf) <= 0
-        || (size_t)(lenu + lenf) != rec->length) {
+        || (size_t)lenu + lenf != rec->length) {
         return 0;
     }
     if (sending) {