1berry/openssl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

libssl: Silence warnings on Win64 builds

Browse Source 
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27806)
This commit is contained in:
Tomas Mraz 2025-06-17 11:13:35 +02:00
parent 6f9683d651
commit abdbad370c
34 changed files with 107 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/internal/quic_stream_map.h
View File

@ -509,7 +509,7 @@ static ossl_inline ossl_unused int ossl_quic_stream_recv_get_final_size(const QU
* Determines the number of bytes available still to be read, and (if
* include_fin is 1) whether a FIN or reset has yet to be read.
*/
static ossl_inline ossl_unused int ossl_quic_stream_recv_pending(const QUIC_STREAM *s,
static ossl_inline ossl_unused size_t ossl_quic_stream_recv_pending(const QUIC_STREAM *s,
int include_fin)
{
size_t avail;

2
include/internal/quic_wire_pkt.h
View File

@ -545,7 +545,7 @@ int ossl_quic_wire_get_pkt_hdr_dst_conn_id(const unsigned char *buf,
* function returns non-zero does not guarantee that
* ossl_quic_wire_encode_pkt_hdr() will succeed.
*/
int ossl_quic_wire_get_encoded_pkt_hdr_len(size_t short_conn_id_len,
size_t ossl_quic_wire_get_encoded_pkt_hdr_len(size_t short_conn_id_len,
const QUIC_PKT_HDR *hdr);
/*

8
ssl/bio_ssl.c
View File

@ -433,10 +433,12 @@ static long ssl_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
static int ssl_puts(BIO *bp, const char *str)
{
int n, ret;
int ret;
size_t n = strlen(str);
n = strlen(str);
ret = BIO_write(bp, str, n);
if (n > INT_MAX)
return -1;
ret = BIO_write(bp, str, (int)n);
return ret;
}

2
ssl/d1_lib.c
View File

@ -768,7 +768,7 @@ int DTLSv1_listen(SSL *ssl, BIO_ADDR *client)
BIO_ADDR_free(tmpclient);
tmpclient = NULL;
if (BIO_write(wbio, wbuf, wreclen) < (int)wreclen) {
if (BIO_write(wbio, wbuf, (int)wreclen) < (int)wreclen) {
if (BIO_should_retry(wbio)) {
/*
* Non-blocking IO...but we're stateless, so we're just

7
ssl/quic/quic_impl.c
View File

@ -3163,8 +3163,9 @@ static size_t ossl_quic_pending_int(const SSL *s, int check_channel)
}
if (check_channel)
/* We care about boolean result here only */
avail = ossl_quic_stream_recv_pending(ctx.xso->stream,
/*include_fin=*/1)
/*include_fin=*/1) > 0
|| ossl_quic_channel_has_pending(ctx.qc->ch)
|| ossl_quic_channel_is_term_any(ctx.qc->ch);
else
@ -4938,7 +4939,7 @@ size_t ossl_quic_get_accept_connection_queue_len(SSL *ssl)
qctx_lock(&ctx);
ret = ossl_quic_port_get_num_incoming_channels(ctx.ql->port);
ret = (int)ossl_quic_port_get_num_incoming_channels(ctx.ql->port);
qctx_unlock(&ctx);
return ret;
@ -5187,7 +5188,7 @@ QUIC_NEEDS_LOCK
static int test_poll_event_is(QUIC_CONNECTION *qc, int is_uni)
{
return ossl_quic_stream_map_get_accept_queue_len(ossl_quic_channel_get_qsm(qc->ch),
is_uni);
is_uni) > 0;
}
/* Do we have the OS (outgoing: stream) condition? */

14
ssl/quic/quic_port.c
View File

@ -946,10 +946,10 @@ static int encrypt_validation_token(const QUIC_PORT *port,
size_t *ct_len)
{
int iv_len, len, ret = 0;
size_t tag_len;
int tag_len;
unsigned char *iv = ciphertext, *data, *tag;
if ((tag_len = EVP_CIPHER_CTX_get_tag_length(port->token_ctx)) == 0
if ((tag_len = EVP_CIPHER_CTX_get_tag_length(port->token_ctx)) <= 0
|| (iv_len = EVP_CIPHER_CTX_get_iv_length(port->token_ctx)) <= 0)
goto err;
@ -964,7 +964,7 @@ static int encrypt_validation_token(const QUIC_PORT *port,
if (!RAND_bytes_ex(port->engine->libctx, ciphertext, iv_len, 0)
|| !EVP_EncryptInit_ex(port->token_ctx, NULL, NULL, NULL, iv)
|| !EVP_EncryptUpdate(port->token_ctx, data, &len, plaintext, pt_len)
|| !EVP_EncryptUpdate(port->token_ctx, data, &len, plaintext, (int)pt_len)
|| !EVP_EncryptFinal_ex(port->token_ctx, data + pt_len, &len)
|| !EVP_CIPHER_CTX_ctrl(port->token_ctx, EVP_CTRL_GCM_GET_TAG, tag_len, tag))
goto err;
@ -996,15 +996,15 @@ static int decrypt_validation_token(const QUIC_PORT *port,
size_t *pt_len)
{
int iv_len, len = 0, ret = 0;
size_t tag_len;
int tag_len;
const unsigned char *iv = ciphertext, *data, *tag;
if ((tag_len = EVP_CIPHER_CTX_get_tag_length(port->token_ctx)) == 0
if ((tag_len = EVP_CIPHER_CTX_get_tag_length(port->token_ctx)) <= 0
|| (iv_len = EVP_CIPHER_CTX_get_iv_length(port->token_ctx)) <= 0)
goto err;
/* Prevent decryption of a buffer that is not within reasonable bounds */
if (ct_len < (iv_len + tag_len) || ct_len > ENCRYPTED_TOKEN_MAX_LEN)
if (ct_len < (size_t)(iv_len + tag_len) || ct_len > ENCRYPTED_TOKEN_MAX_LEN)
goto err;
*pt_len = ct_len - iv_len - tag_len;
@ -1018,7 +1018,7 @@ static int decrypt_validation_token(const QUIC_PORT *port,
if (!EVP_DecryptInit_ex(port->token_ctx, NULL, NULL, NULL, iv)
|| !EVP_DecryptUpdate(port->token_ctx, plaintext, &len, data,
ct_len - iv_len - tag_len)
(int)(ct_len - iv_len - tag_len))
|| !EVP_CIPHER_CTX_ctrl(port->token_ctx, EVP_CTRL_GCM_SET_TAG, tag_len,
(void *)tag)
|| !EVP_DecryptFinal_ex(port->token_ctx, plaintext + len, &len))

4
ssl/quic/quic_record_rx.c
View File

@ -946,11 +946,11 @@ static int qrx_decrypt_pkt_body(OSSL_QRX *qrx, unsigned char *dst,
return 0;
/* Feed AAD data. */
if (EVP_CipherUpdate(cctx, NULL, &l, aad, aad_len) != 1)
if (EVP_CipherUpdate(cctx, NULL, &l, aad, (int)aad_len) != 1)
return 0;
/* Feed encrypted packet body. */
if (EVP_CipherUpdate(cctx, dst, &l, src, src_len - el->tag_len) != 1)
if (EVP_CipherUpdate(cctx, dst, &l, src, (int)(src_len - el->tag_len)) != 1)
return 0;
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION

4
ssl/quic/quic_record_tx.c
View File

@ -541,7 +541,7 @@ static int qtx_encrypt_into_txe(OSSL_QTX *qtx, struct iovec_cur *cur, TXE *txe,
}
/* Feed AAD data. */
if (EVP_CipherUpdate(cctx, NULL, &l, hdr, hdr_len) != 1) {
if (EVP_CipherUpdate(cctx, NULL, &l, hdr, (int)hdr_len) != 1) {
ERR_raise(ERR_LIB_SSL, ERR_R_EVP_LIB);
return 0;
}
@ -556,7 +556,7 @@ static int qtx_encrypt_into_txe(OSSL_QTX *qtx, struct iovec_cur *cur, TXE *txe,
break;
if (EVP_CipherUpdate(cctx, txe_data(txe) + txe->data_len,
&l, src, src_len) != 1) {
&l, src, (int)src_len) != 1) {
ERR_raise(ERR_LIB_SSL, ERR_R_EVP_LIB);
return 0;
}

3
ssl/quic/quic_tserver.c
View File

@ -66,7 +66,8 @@ static int alpn_select_cb(SSL *ssl, const unsigned char **out,
alpnlen = srv->args.alpnlen;
}
if (SSL_select_next_proto((unsigned char **)out, outlen, alpn, alpnlen,
if (SSL_select_next_proto((unsigned char **)out, outlen, alpn,
(unsigned int)alpnlen,
in, inlen) != OPENSSL_NPN_NEGOTIATED)
return SSL_TLSEXT_ERR_ALERT_FATAL;

2
ssl/quic/quic_txp.c
View File

@ -1320,7 +1320,7 @@ static int txp_determine_geometry(OSSL_QUIC_TX_PACKETISER *txp,
/* Assemble packet header. */
phdr->type = ossl_quic_enc_level_to_pkt_type(enc_level);
phdr->spin_bit = 0;
phdr->pn_len = txp_determine_pn_len(txp);
phdr->pn_len = (unsigned int)txp_determine_pn_len(txp);
phdr->partial = 0;
phdr->fixed = 1;
phdr->reserved = 0;

2
ssl/quic/quic_types.c
View File

@ -19,7 +19,7 @@ int ossl_quic_gen_rand_conn_id(OSSL_LIB_CTX *libctx, size_t len,
cid->id_len = (unsigned char)len;
if (RAND_bytes_ex(libctx, cid->id, len, len * 8) != 1) {
if (RAND_bytes_ex(libctx, cid->id, len, 0) != 1) {
ERR_raise(ERR_LIB_SSL, ERR_R_RAND_LIB);
cid->id_len = 0;
return 0;

6
ssl/quic/quic_wire_pkt.c
View File

@ -607,7 +607,7 @@ int ossl_quic_wire_encode_pkt_hdr(WPACKET *pkt,
return 1;
}
int ossl_quic_wire_get_encoded_pkt_hdr_len(size_t short_conn_id_len,
size_t ossl_quic_wire_get_encoded_pkt_hdr_len(size_t short_conn_id_len,
const QUIC_PKT_HDR *hdr)
{
size_t len = 0, enclen;
@ -926,14 +926,14 @@ int ossl_quic_calculate_retry_integrity_tag(OSSL_LIB_CTX *libctx,
}
/* Feed packet header as AAD data. */
if (EVP_CipherUpdate(cctx, NULL, &l, buf, hdr_enc_len) != 1) {
if (EVP_CipherUpdate(cctx, NULL, &l, buf, (int)hdr_enc_len) != 1) {
ERR_raise(ERR_LIB_SSL, ERR_R_EVP_LIB);
goto err;
}
/* Feed packet body as AAD data. */
if (EVP_CipherUpdate(cctx, NULL, &l, hdr->data,
hdr->len - QUIC_RETRY_INTEGRITY_TAG_LEN) != 1) {
(int)(hdr->len - QUIC_RETRY_INTEGRITY_TAG_LEN)) != 1) {
ERR_raise(ERR_LIB_SSL, ERR_R_EVP_LIB);
goto err;
}

2
ssl/record/methods/dtls_meth.c
View File

@ -209,7 +209,7 @@ static int dtls_process_record(OSSL_RECORD_LAYER *rl, DTLS_BITMAP *bitmap)
ERR_clear_last_mark();
OSSL_TRACE_BEGIN(TLS) {
BIO_printf(trc_out, "dec %zd\n", rr->length);
BIO_dump_indent(trc_out, rr->data, rr->length, 4);
BIO_dump_indent(trc_out, rr->data, (int)rr->length, 4);
} OSSL_TRACE_END(TLS);
/* r->length is now the compressed data plus mac */

8
ssl/record/methods/tls13_meth.c
View File

@ -69,10 +69,10 @@ static int tls13_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
mode = EVP_CIPHER_get_mode(ciph);
if (EVP_CipherInit_ex(ciph_ctx, ciph, NULL, NULL, NULL, enc) <= 0
|| EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen,
|| EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_IVLEN, (int)ivlen,
NULL) <= 0
|| (mode == EVP_CIPH_CCM_MODE
&& EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_TAG, taglen,
&& EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_TAG, (int)taglen,
NULL) <= 0)
|| EVP_CipherInit_ex(ciph_ctx, NULL, NULL, key, NULL, enc) <= 0) {
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
@ -214,7 +214,7 @@ static int tls13_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs,
if (EVP_CipherInit_ex(enc_ctx, NULL, NULL, NULL, nonce, sending) <= 0
|| (!sending && EVP_CIPHER_CTX_ctrl(enc_ctx, EVP_CTRL_AEAD_SET_TAG,
rl->taglen,
(int)rl->taglen,
rec->data + rec->length) <= 0)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
@ -237,7 +237,7 @@ static int tls13_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs,
}
if (sending) {
/* Add the tag */
if (EVP_CIPHER_CTX_ctrl(enc_ctx, EVP_CTRL_AEAD_GET_TAG, rl->taglen,
if (EVP_CIPHER_CTX_ctrl(enc_ctx, EVP_CTRL_AEAD_GET_TAG, (int)rl->taglen,
rec->data + rec->length) <= 0) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;

4
ssl/record/methods/tls1_meth.c
View File

@ -534,7 +534,7 @@ static int tls1_mac(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec, unsigned char *md
BIO_printf(trc_out, "seq:\n");
BIO_dump_indent(trc_out, seq, 8, 4);
BIO_printf(trc_out, "rec:\n");
BIO_dump_indent(trc_out, rec->data, rec->length, 4);
BIO_dump_indent(trc_out, rec->data, (int)rec->length, 4);
} OSSL_TRACE_END(TLS);
if (!rl->isdtls && !tls_increment_sequence_ctr(rl)) {
@ -544,7 +544,7 @@ static int tls1_mac(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec, unsigned char *md
OSSL_TRACE_BEGIN(TLS) {
BIO_printf(trc_out, "md:\n");
BIO_dump_indent(trc_out, md, md_size, 4);
BIO_dump_indent(trc_out, md, (int)md_size, 4);
} OSSL_TRACE_END(TLS);
ret = 1;
end:

8
ssl/record/methods/tls_common.c
View File

@ -403,7 +403,7 @@ int tls_default_read_n(OSSL_RECORD_LAYER *rl, size_t n, size_t max, int extend,
clear_sys_error();
if (bio != NULL) {
ret = BIO_read(bio, pkt + len + left, max - left);
ret = BIO_read(bio, pkt + len + left, (int)(max - left));
if (ret > 0) {
bioread = ret;
ret = OSSL_RECORD_RETURN_SUCCESS;
@ -506,7 +506,7 @@ static int rlayer_early_data_count_ok(OSSL_RECORD_LAYER *rl, size_t length,
}
/* If we are dealing with ciphertext we need to allow for the overhead */
max_early_data += overhead;
max_early_data += (uint32_t)overhead;
if (rl->early_data_count + length > max_early_data) {
RLAYERfatal(rl, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE,
@ -874,7 +874,7 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl)
}
OSSL_TRACE_BEGIN(TLS) {
BIO_printf(trc_out, "dec %lu\n", (unsigned long)rr[0].length);
BIO_dump_indent(trc_out, rr[0].data, rr[0].length, 4);
BIO_dump_indent(trc_out, rr[0].data, (int)rr[0].length, 4);
} OSSL_TRACE_END(TLS);
/* r->length is now the compressed data plus mac */
@ -2064,7 +2064,7 @@ const COMP_METHOD *tls_get_compression(OSSL_RECORD_LAYER *rl)
void tls_set_max_frag_len(OSSL_RECORD_LAYER *rl, size_t max_frag_len)
{
rl->max_frag_len = max_frag_len;
rl->max_frag_len = (unsigned int)max_frag_len;
/*
* We don't need to adjust buffer sizes. Write buffer sizes are
* automatically checked anyway. We should only be changing the read buffer

2
ssl/record/methods/tls_multib.c
View File

@ -118,7 +118,7 @@ static int tls_write_records_multiblock_int(OSSL_RECORD_LAYER *rl,
}
wb = &rl->wbuf[0];
mb_param.interleave = numtempl;
mb_param.interleave = (unsigned int)numtempl;
memcpy(aad, rl->sequence, 8);
aad[8] = templates[0].type;
aad[9] = (unsigned char)(templates[0].version >> 8);

6
ssl/record/methods/tls_pad.c
View File

@ -280,7 +280,8 @@ static int ssl3_cbc_copy_mac(size_t *reclen,
*/
aux1 = rotated_mac[rotate_offset & ~32];
aux2 = rotated_mac[rotate_offset | 32];
mask = constant_time_eq_8(rotate_offset & ~32, rotate_offset);
mask = constant_time_eq_8((unsigned int)(rotate_offset & ~32),
(unsigned int)rotate_offset);
aux3 = constant_time_select_8(mask, aux1, aux2);
rotate_offset++;
@ -296,7 +297,8 @@ static int ssl3_cbc_copy_mac(size_t *reclen,
rotate_offset &= constant_time_lt_s(rotate_offset, mac_size);
for (i = 0; i < mac_size; i++) {
for (j = 0; j < mac_size; j++)
out[j] |= rotated_mac[i] & constant_time_eq_8_s(j, rotate_offset);
out[j] |= rotated_mac[i] & constant_time_eq_8_s((unsigned int)j,
(unsigned int)rotate_offset);
rotate_offset++;
rotate_offset &= constant_time_lt_s(rotate_offset, mac_size);

4
ssl/record/rec_layer_s3.c
View File

@ -159,14 +159,14 @@ static int ossl_early_data_count_ok(SSL_CONNECTION *s, size_t length,
}
/* If we are dealing with ciphertext we need to allow for the overhead */
max_early_data += overhead;
max_early_data += (uint32_t)overhead;
if (s->early_data_count + length > max_early_data) {
SSLfatal(s, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE,
SSL_R_TOO_MUCH_EARLY_DATA);
return 0;
}
s->early_data_count += length;
s->early_data_count += (uint32_t)length;
return 1;
}

4
ssl/s3_lib.c
View File

@ -3803,7 +3803,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
return 0;
if (pctype)
*pctype = sc->s3.tmp.ctype;
return sc->s3.tmp.ctype_len;
return (long)sc->s3.tmp.ctype_len;
}
case SSL_CTRL_SET_CLIENT_CERT_TYPES:
@ -4412,7 +4412,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL_CONNECTION *s, STACK_OF(SSL_CIPHER) *cl
* that.
*/
if (s->psk_server_callback != NULL) {
for (j = 0; j < s->ssl_pkey_num && !ssl_has_cert(s, j); j++);
for (j = 0; j < s->ssl_pkey_num && !ssl_has_cert(s, (int)j); j++);
if (j == s->ssl_pkey_num) {
/* There are no certificates */
prefer_sha256 = 1;

3
ssl/ssl_cert_comp.c
View File

@ -111,12 +111,13 @@ __owur static OSSL_COMP_CERT *OSSL_COMP_CERT_from_uncompressed_data(unsigned cha
}
if ((max_length = ossl_calculate_comp_expansion(alg, len)) == 0
|| max_length > INT_MAX
|| method == NULL
|| (comp_ctx = COMP_CTX_new(method)) == NULL
|| (comp_data = OPENSSL_zalloc(max_length)) == NULL)
goto err;
comp_length = COMP_compress_block(comp_ctx, comp_data, max_length, data, len);
comp_length = COMP_compress_block(comp_ctx, comp_data, (int)max_length, data, (int)len);
if (comp_length <= 0)
goto err;

8
ssl/ssl_lib.c
View File

@ -3468,7 +3468,7 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size)
if (sk_SSL_CIPHER_find(srvrsk, c) < 0)
continue;
n = OPENSSL_strnlen(c->name, size);
n = (int)OPENSSL_strnlen(c->name, size);
if (n >= size) {
if (p != buf)
--p;
@ -7328,7 +7328,7 @@ __owur unsigned int ssl_get_max_send_fragment(const SSL_CONNECTION *sc)
return GET_MAX_FRAGMENT_LENGTH(sc->session);
/* return current SSL connection setting */
return sc->max_send_fragment;
return (unsigned int)sc->max_send_fragment;
}
__owur unsigned int ssl_get_split_send_fragment(const SSL_CONNECTION *sc)
@ -7340,10 +7340,10 @@ __owur unsigned int ssl_get_split_send_fragment(const SSL_CONNECTION *sc)
/* else limit |split_send_fragment| to current |max_send_fragment| */
if (sc->split_send_fragment > sc->max_send_fragment)
return sc->max_send_fragment;
return (unsigned int)sc->max_send_fragment;
/* return current SSL connection setting */
return sc->split_send_fragment;
return (unsigned int)sc->split_send_fragment;
}
int SSL_stateless(SSL *s)

2
ssl/ssl_rsa.c
View File

@ -903,7 +903,7 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
break;
}
/* Check that PEM name starts with "BEGIN SERVERINFO FOR " */
name_len = strlen(name);
name_len = (unsigned int)strlen(name);
if (name_len < sizeof(NAME_PREFIX1) - 1) {
ERR_raise(ERR_LIB_SSL, SSL_R_PEM_NAME_TOO_SHORT);
goto end;

2
ssl/ssl_sess.c
View File

@ -527,7 +527,7 @@ SSL_SESSION *lookup_sess_in_cache(SSL_CONNECTION *s,
int copy = 1;
ret = s->session_ctx->get_session_cb(SSL_CONNECTION_GET_USER_SSL(s),
sess_id, sess_id_len, &copy);
sess_id, (int)sess_id_len, &copy);
if (ret != NULL) {
if (ret->not_resumable) {

4
ssl/statem/extensions.c
View File

@ -656,7 +656,7 @@ int tls_collect_extensions(SSL_CONNECTION *s, PACKET *packet,
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_EXTENSION);
goto err;
}
idx = thisex - raw_extensions;
idx = (unsigned int)(thisex - raw_extensions);
/*-
* Check that we requested this extension (if appropriate). Requests can
* be sent in the ClientHello and CertificateRequest. Unsolicited
@ -696,7 +696,7 @@ int tls_collect_extensions(SSL_CONNECTION *s, PACKET *packet,
if (s->ext.debug_cb)
s->ext.debug_cb(SSL_CONNECTION_GET_USER_SSL(s), !s->server,
thisex->type, PACKET_data(&thisex->data),
PACKET_remaining(&thisex->data),
(int)PACKET_remaining(&thisex->data),
s->ext.debug_arg);
}
}

4
ssl/statem/extensions_clnt.c
View File

@ -1466,7 +1466,7 @@ int tls_parse_stoc_session_ticket(SSL_CONNECTION *s, PACKET *pkt,
if (s->ext.session_ticket_cb != NULL &&
!s->ext.session_ticket_cb(ssl, PACKET_data(pkt),
PACKET_remaining(pkt),
(int)PACKET_remaining(pkt),
s->ext.session_ticket_cb_arg)) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_BAD_EXTENSION);
return 0;
@ -1638,7 +1638,7 @@ int tls_parse_stoc_npn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
}
if (sctx->ext.npn_select_cb(SSL_CONNECTION_GET_USER_SSL(s),
&selected, &selected_len,
PACKET_data(pkt), PACKET_remaining(pkt),
PACKET_data(pkt), (unsigned int)PACKET_remaining(pkt),
sctx->ext.npn_select_cb_arg) != SSL_TLSEXT_ERR_OK
|| selected_len == 0) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_BAD_EXTENSION);

4
ssl/statem/extensions_srvr.c
View File

@ -267,7 +267,7 @@ int tls_parse_ctos_session_ticket(SSL_CONNECTION *s, PACKET *pkt,
{
if (s->ext.session_ticket_cb &&
!s->ext.session_ticket_cb(SSL_CONNECTION_GET_USER_SSL(s),
PACKET_data(pkt), PACKET_remaining(pkt),
PACKET_data(pkt), (int)PACKET_remaining(pkt),
s->ext.session_ticket_cb_arg)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
@ -816,7 +816,7 @@ static void check_overlap(SSL_CONNECTION *s,
if (new_group_idx < group_idx) {
group_idx = new_group_idx;
*candidate_group_idx = current_group;
*prio_group_idx = group_idx;
*prio_group_idx = (int)group_idx;
*selected_group = prio_groups[group_idx];
}
}

4
ssl/statem/statem_clnt.c
View File

@ -3909,8 +3909,8 @@ CON_FUNC_RETURN tls_construct_client_compressed_certificate(SSL_CONNECTION *sc,
|| !WPACKET_reserve_bytes(pkt, max_length, NULL))
goto err;
comp_len = COMP_compress_block(comp, WPACKET_get_curr(pkt), max_length,
(unsigned char *)buf->data, length);
comp_len = COMP_compress_block(comp, WPACKET_get_curr(pkt), (int)max_length,
(unsigned char *)buf->data, (int)length);
if (comp_len <= 0)
goto err;

9
ssl/statem/statem_lib.c
View File

@ -506,7 +506,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s, PACKET *pkt)
|| EVP_PKEY_get_id(pkey) == NID_id_GostR3410_2012_256))
|| (PACKET_remaining(pkt) == 128
&& EVP_PKEY_get_id(pkey) == NID_id_GostR3410_2012_512))) {
len = PACKET_remaining(pkt);
len = (unsigned int)PACKET_remaining(pkt);
} else
#endif
if (!PACKET_get_net_2(pkt, &len)) {
@ -1953,7 +1953,7 @@ static int is_tls13_capable(const SSL_CONNECTION *s)
default:
break;
}
if (!ssl_has_cert(s, i))
if (!ssl_has_cert(s, (int)i))
continue;
if (i != SSL_PKEY_ECC)
return 1;
@ -2919,8 +2919,9 @@ MSG_PROCESS_RETURN tls13_process_compressed_certificate(SSL_CONNECTION *sc,
if (!BUF_MEM_grow(buf, expected_length)
|| !PACKET_buf_init(tmppkt, (unsigned char *)buf->data, expected_length)
|| COMP_expand_block(comp, (unsigned char *)buf->data, expected_length,
(unsigned char*)PACKET_data(pkt), comp_length) != (int)expected_length) {
|| COMP_expand_block(comp, (unsigned char *)buf->data, (int)expected_length,
(unsigned char*)PACKET_data(pkt),
(int)comp_length) != (int)expected_length) {
SSLfatal(sc, SSL_AD_BAD_CERTIFICATE, SSL_R_BAD_DECOMPRESSION);
goto err;
}

4
ssl/statem/statem_srvr.c
View File

@ -1778,7 +1778,7 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s)
if (SSL_get_options(ssl) & SSL_OP_COOKIE_EXCHANGE) {
if (sctx->app_verify_cookie_cb != NULL) {
if (sctx->app_verify_cookie_cb(ussl, clienthello->dtls_cookie,
clienthello->dtls_cookie_len) == 0) {
(unsigned int)clienthello->dtls_cookie_len) == 0) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
SSL_R_COOKIE_MISMATCH);
goto err;
@ -3276,7 +3276,7 @@ static int tls_process_cke_gost(SSL_CONNECTION *s, PACKET *pkt)
ptr = PACKET_data(pkt);
/* Some implementations provide extra data in the opaqueBlob
* We have nothing to do with this blob so we just skip it */
pKX = d2i_GOST_KX_MESSAGE(NULL, &ptr, PACKET_remaining(pkt));
pKX = d2i_GOST_KX_MESSAGE(NULL, &ptr, (long)PACKET_remaining(pkt));
if (pKX == NULL
|| pKX->kxBlob == NULL
|| ASN1_TYPE_get(pKX->kxBlob) != V_ASN1_SEQUENCE) {

10
ssl/t1_enc.c
View File

@ -245,7 +245,7 @@ int tls1_change_cipher_state(SSL_CONNECTION *s, int which)
BIO_printf(trc_out, "which = %04X, key:\n", which);
BIO_dump_indent(trc_out, key, EVP_CIPHER_get_key_length(c), 4);
BIO_printf(trc_out, "iv:\n");
BIO_dump_indent(trc_out, iv, k, 4);
BIO_dump_indent(trc_out, iv, (int)k, 4);
} OSSL_TRACE_END(TLS);
return 1;
@ -308,7 +308,7 @@ int tls1_setup_key_block(SSL_CONNECTION *s)
BIO_printf(trc_out, "master key\n");
BIO_dump_indent(trc_out,
s->session->master_key,
s->session->master_key_length, 4);
(int)s->session->master_key_length, 4);
} OSSL_TRACE_END(TLS);
if (!tls1_generate_key_block(s, p, num)) {
@ -318,7 +318,7 @@ int tls1_setup_key_block(SSL_CONNECTION *s)
OSSL_TRACE_BEGIN(TLS) {
BIO_printf(trc_out, "key block\n");
BIO_dump_indent(trc_out, p, num, 4);
BIO_dump_indent(trc_out, p, (int)num, 4);
} OSSL_TRACE_END(TLS);
ret = 1;
@ -375,7 +375,7 @@ int tls1_generate_master_secret(SSL_CONNECTION *s, unsigned char *out,
}
OSSL_TRACE_BEGIN(TLS) {
BIO_printf(trc_out, "Handshake hashes:\n");
BIO_dump(trc_out, (char *)hash, hashlen);
BIO_dump(trc_out, (char *)hash, (int)hashlen);
} OSSL_TRACE_END(TLS);
if (!tls1_PRF(s,
TLS_MD_EXTENDED_MASTER_SECRET_CONST,
@ -405,7 +405,7 @@ int tls1_generate_master_secret(SSL_CONNECTION *s, unsigned char *out,
OSSL_TRACE_BEGIN(TLS) {
BIO_printf(trc_out, "Premaster Secret:\n");
BIO_dump_indent(trc_out, p, len, 4);
BIO_dump_indent(trc_out, p, (int)len, 4);
BIO_printf(trc_out, "Client Random:\n");
BIO_dump_indent(trc_out, s->s3.client_random, SSL3_RANDOM_SIZE, 4);
BIO_printf(trc_out, "Server Random:\n");

26
ssl/t1_lib.c
View File

@ -958,13 +958,13 @@ int tls1_get0_implemented_groups(int min_proto_version, int max_proto_version,
TLS_GROUP_IX *gix;
uint16_t id = 0;
int ret = 0;
size_t ix;
int ix;
if (grps == NULL || out == NULL)
if (grps == NULL || out == NULL || num > INT_MAX)
return 0;
if ((collect = sk_TLS_GROUP_IX_new(tls_group_ix_cmp)) == NULL)
return 0;
for (ix = 0; ix < num; ++ix, ++grps) {
for (ix = 0; ix < (int)num; ++ix, ++grps) {
if (grps->mintls > 0 && max_proto_version > 0
&& grps->mintls > max_proto_version)
continue;
@ -984,7 +984,7 @@ int tls1_get0_implemented_groups(int min_proto_version, int max_proto_version,
sk_TLS_GROUP_IX_sort(collect);
num = sk_TLS_GROUP_IX_num(collect);
for (ix = 0; ix < num; ++ix) {
for (ix = 0; ix < (int)num; ++ix) {
gix = sk_TLS_GROUP_IX_value(collect, ix);
if (!all && gix->grp->group_id == id)
continue;
@ -2245,7 +2245,7 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
cache[cache_idx].hash = si.hash_name?OBJ_txt2nid(si.hash_name):NID_undef;
cache[cache_idx].hash_idx = ssl_get_md_idx(cache[cache_idx].hash);
cache[cache_idx].sig = OBJ_txt2nid(si.sigalg_name);
cache[cache_idx].sig_idx = i + SSL_PKEY_NUM;
cache[cache_idx].sig_idx = (int)(i + SSL_PKEY_NUM);
cache[cache_idx].sigandhash = OBJ_txt2nid(si.sigalg_name);
cache[cache_idx].curve = NID_undef;
cache[cache_idx].mintls = TLS1_3_VERSION;
@ -2457,7 +2457,7 @@ static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL_CONNECTION *s,
if (clu == NULL)
continue;
if (clu->amask & s->s3.tmp.new_cipher->algorithm_auth) {
idx = i;
idx = (int)i;
break;
}
}
@ -2492,7 +2492,7 @@ static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL_CONNECTION *s,
}
}
} else {
idx = s->cert->key - s->cert->pkeys;
idx = (int)(s->cert->key - s->cert->pkeys);
}
}
if (idx < 0 || idx >= (int)OSSL_NELEM(tls_default_sigalg))
@ -2523,7 +2523,7 @@ int tls1_set_peer_legacy_sigalg(SSL_CONNECTION *s, const EVP_PKEY *pkey)
if (ssl_cert_lookup_by_pkey(pkey, &idx, SSL_CONNECTION_GET_CTX(s)) == NULL)
return 0;
lu = tls1_get_legacy_sigalg(s, idx);
lu = tls1_get_legacy_sigalg(s, (int)idx);
if (lu == NULL)
return 0;
s->s3.tmp.peer_sigalg = lu;
@ -2968,7 +2968,7 @@ int tls1_set_server_sigalgs(SSL_CONNECTION *s)
size_t sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs);
for (i = 0; i < s->ssl_pkey_num; i++) {
const SIGALG_LOOKUP *lu = tls1_get_legacy_sigalg(s, i);
const SIGALG_LOOKUP *lu = tls1_get_legacy_sigalg(s, (int)i);
size_t j;
if (lu == NULL)
@ -3222,7 +3222,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL_CONNECTION *s,
p = sdec;
sess = d2i_SSL_SESSION_ex(NULL, &p, slen, sctx->libctx, sctx->propq);
slen -= p - sdec;
slen -= (int)(p - sdec);
OPENSSL_free(sdec);
if (sess) {
/* Some additional consistency checks */
@ -4050,7 +4050,7 @@ int tls1_check_chain(SSL_CONNECTION *s, X509 *x, EVP_PKEY *pk,
if (ssl_cert_lookup_by_pkey(pk, &certidx,
SSL_CONNECTION_GET_CTX(s)) == NULL)
return 0;
idx = certidx;
idx = (int)certidx;
pvalid = s->s3.tmp.valid_flags + idx;
if (c->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)
@ -4655,7 +4655,7 @@ int tls_choose_sigalg(SSL_CONNECTION *s, int fatalerrs)
/* If ciphersuite doesn't require a cert nothing to do */
if (!(s->s3.tmp.new_cipher->algorithm_auth & SSL_aCERT))
return 1;
if (!s->server && !ssl_has_cert(s, s->cert->key - s->cert->pkeys))
if (!s->server && !ssl_has_cert(s, (int)(s->cert->key - s->cert->pkeys)))
return 1;
if (SSL_USE_SIGALGS(s)) {
@ -4682,7 +4682,7 @@ int tls_choose_sigalg(SSL_CONNECTION *s, int fatalerrs)
if ((sig_idx = tls12_get_cert_sigalg_idx(s, lu)) == -1)
continue;
} else {
int cc_idx = s->cert->key - s->cert->pkeys;
int cc_idx = (int)(s->cert->key - s->cert->pkeys);
sig_idx = lu->sig_idx;
if (cc_idx != sig_idx)

19
ssl/t1_trce.c
View File

@ -802,7 +802,7 @@ static int ssl_print_extension(BIO *bio, int indent, int server,
if (plen + 1 > xlen)
return 0;
BIO_indent(bio, indent + 2, 80);
BIO_write(bio, ext, plen);
BIO_write(bio, ext, (int)plen);
BIO_puts(bio, "\n");
ext += plen;
xlen -= plen + 1;
@ -954,7 +954,7 @@ static int ssl_print_extension(BIO *bio, int indent, int server,
return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1, ssl_cert_type_tbl);
default:
BIO_dump_indent(bio, (const char *)ext, extlen, indent + 2);
BIO_dump_indent(bio, (const char *)ext, (int)extlen, indent + 2);
}
return 1;
}
@ -996,7 +996,7 @@ static int ssl_print_extensions(BIO *bio, int indent, int server,
if (extslen < extlen + 4) {
BIO_printf(bio, "extensions, extype = %d, extlen = %d\n", extype,
(int)extlen);
BIO_dump_indent(bio, (const char *)msg, extslen, indent + 2);
BIO_dump_indent(bio, (const char *)msg, (int)extslen, indent + 2);
return 0;
}
msg += 4;
@ -1301,7 +1301,7 @@ static int ssl_print_certificate(BIO *bio, const SSL_CONNECTION *sc, int indent,
BIO_indent(bio, indent, 80);
BIO_printf(bio, "ASN.1Cert, length=%d", (int)clen);
x = X509_new_ex(ctx->libctx, ctx->propq);
if (x != NULL && d2i_X509(&x, &q, clen) == NULL) {
if (x != NULL && d2i_X509(&x, &q, (long)clen) == NULL) {
X509_free(x);
x = NULL;
}
@ -1343,7 +1343,7 @@ static int ssl_print_raw_public_key(BIO *bio, const SSL *ssl, int server,
BIO_indent(bio, indent, 80);
BIO_printf(bio, "raw_public_key, length=%d\n", (int)clen);
pkey = d2i_PUBKEY_ex(NULL, &msg, clen, ssl->ctx->libctx, ssl->ctx->propq);
pkey = d2i_PUBKEY_ex(NULL, &msg, (long)clen, ssl->ctx->libctx, ssl->ctx->propq);
if (pkey == NULL)
return 0;
EVP_PKEY_print_public(bio, pkey, indent + 2, NULL);
@ -1428,7 +1428,7 @@ static int ssl_print_compressed_certificates(BIO *bio, const SSL_CONNECTION *sc,
else
BIO_printf(bio, "Compressed length=%d, Ratio=unknown\n", (int)clen);
BIO_dump_indent(bio, (const char *)msg, clen, indent);
BIO_dump_indent(bio, (const char *)msg, (int)clen, indent);
#ifndef OPENSSL_NO_COMP_ALG
if (!ossl_comp_has_alg(alg))
@ -1453,7 +1453,8 @@ static int ssl_print_compressed_certificates(BIO *bio, const SSL_CONNECTION *sc,
}
if ((comp = COMP_CTX_new(method)) == NULL
|| COMP_expand_block(comp, ucdata, uclen, (unsigned char*)msg, clen) != (int)uclen)
|| COMP_expand_block(comp, ucdata, (int)uclen,
(unsigned char*)msg, (int)clen) != (int)uclen)
goto err;
ret = ssl_print_certificates(bio, sc, server, indent, ucdata, uclen);
@ -1534,7 +1535,7 @@ static int ssl_print_cert_request(BIO *bio, int indent, const SSL_CONNECTION *sc
BIO_indent(bio, indent + 2, 80);
BIO_printf(bio, "DistinguishedName (len=%d): ", (int)dlen);
p = msg;
nm = d2i_X509_NAME(NULL, &p, dlen);
nm = d2i_X509_NAME(NULL, &p, (long)dlen);
if (!nm) {
BIO_puts(bio, "<UNPARSEABLE DN>\n");
} else {
@ -1712,7 +1713,7 @@ static int ssl_print_handshake(BIO *bio, const SSL_CONNECTION *sc, int server,
default:
BIO_indent(bio, indent + 2, 80);
BIO_puts(bio, "Unsupported, hex dump follows:\n");
BIO_dump_indent(bio, (const char *)msg, msglen, indent + 4);
BIO_dump_indent(bio, (const char *)msg, (int)msglen, indent + 4);
}
return 1;
}

2
ssl/tls_depr.c
View File

@ -119,7 +119,7 @@ void ssl_hmac_old_free(SSL_HMAC *ctx)
int ssl_hmac_old_init(SSL_HMAC *ctx, void *key, size_t len, char *md)
{
return HMAC_Init_ex(ctx->old_ctx, key, len, EVP_get_digestbyname(md), NULL);
return HMAC_Init_ex(ctx->old_ctx, key, (int)len, EVP_get_digestbyname(md), NULL);
}
int ssl_hmac_old_update(SSL_HMAC *ctx, const unsigned char *data, size_t len)