mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-19 19:50:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix misc size_t issues causing Windows warnings in 64 bit

Browse Source 
Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Matt Caswell 2016-10-19 15:11:24 +01:00
parent a14aa99be8
commit 348240c676
17 changed files with 137 additions and 112 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ssl/record/ssl3_record.c
View File

@ -1022,8 +1022,8 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
header[8] = rec->type;
header[9] = (unsigned char)(ssl->version >> 8);
header[10] = (unsigned char)(ssl->version);
header[11] = (rec->length) >> 8;
header[12] = (rec->length) & 0xff;
header[11] = (unsigned char)(rec->length >> 8);
header[12] = (unsigned char)(rec->length & 0xff);
if (!send && !SSL_USE_ETM(ssl) &&
EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&

2
ssl/s3_cbc.c
View File

@ -357,7 +357,7 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
if (k > 0) {
if (is_sslv3) {
unsigned overhang;
size_t overhang;
/*
* The SSLv3 header is larger than a single block. overhang is

2
ssl/s3_enc.c
View File

@ -439,7 +439,7 @@ size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len,
if ((sender != NULL && EVP_DigestUpdate(ctx, sender, len) <= 0)
|| EVP_MD_CTX_ctrl(ctx, EVP_CTRL_SSL3_MASTER_SECRET,
s->session->master_key_length,
(int)s->session->master_key_length,
s->session->master_key) <= 0
|| EVP_DigestFinal_ex(ctx, p, NULL) <= 0) {
SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_INTERNAL_ERROR);

10
ssl/s3_lib.c
View File

@ -3035,9 +3035,10 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
*(unsigned char **)parg = s->tlsext_ocsp_resp;
if (s->tlsext_ocsp_resplen == 0)
if (s->tlsext_ocsp_resplen == 0
|| s->tlsext_ocsp_resplen > LONG_MAX)
return -1;
return s->tlsext_ocsp_resplen;
return (long)s->tlsext_ocsp_resplen;
case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
OPENSSL_free(s->tlsext_ocsp_resp);
@ -3955,9 +3956,10 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len)
unsigned long Time = (unsigned long)time(NULL);
unsigned char *p = result;
l2n(Time, p);
return RAND_bytes(p, len - 4);
/* TODO(size_t): Convert this */
return RAND_bytes(p, (int)(len - 4));
} else
return RAND_bytes(result, len);
return RAND_bytes(result, (int)len);
}
int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,

2
ssl/ssl_asn1.c
View File

@ -102,7 +102,7 @@ static void ssl_session_oinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os,
unsigned char *data, size_t len)
{
os->data = data;
os->length = len;
os->length = (int)len;
os->flags = 0;
*dest = os;
}

2
ssl/ssl_ciph.c
View File

@ -175,7 +175,7 @@ static int ssl_cipher_info_find(const ssl_cipher_table * table,
size_t i;
for (i = 0; i < table_cnt; i++, table++) {
if (table->mask == mask)
return i;
return (int)i;
}
return -1;
}

57
ssl/ssl_lib.c
View File

@ -80,7 +80,7 @@ SSL3_ENC_METHOD ssl3_undef_enc_method = {
struct ssl_async_args {
SSL *s;
void *buf;
int num;
size_t num;
enum { READFUNC, WRITEFUNC, OTHERFUNC } type;
union {
int (*func_read) (SSL *, void *, size_t, size_t *);
@ -318,14 +318,14 @@ static int dane_tlsa_add(SSL_DANE *dane,
t->usage = usage;
t->selector = selector;
t->mtype = mtype;
t->data = OPENSSL_malloc(ilen);
t->data = OPENSSL_malloc(dlen);
if (t->data == NULL) {
tlsa_free(t);
SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
return -1;
}
memcpy(t->data, data, ilen);
t->dlen = ilen;
memcpy(t->data, data, dlen);
t->dlen = dlen;
/* Validate and cache full certificate or public key */
if (mtype == DANETLS_MATCHING_FULL) {
@ -335,7 +335,7 @@ static int dane_tlsa_add(SSL_DANE *dane,
switch (selector) {
case DANETLS_SELECTOR_CERT:
if (!d2i_X509(&cert, &p, dlen) || p < data ||
if (!d2i_X509(&cert, &p, ilen) || p < data ||
dlen != (size_t)(p - data)) {
tlsa_free(t);
SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
@ -370,7 +370,7 @@ static int dane_tlsa_add(SSL_DANE *dane,
break;
case DANETLS_SELECTOR_SPKI:
if (!d2i_PUBKEY(&pkey, &p, dlen) || p < data ||
if (!d2i_PUBKEY(&pkey, &p, ilen) || p < data ||
dlen != (size_t)(p - data)) {
tlsa_free(t);
SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY);
@ -1304,7 +1304,7 @@ int SSL_pending(const SSL *s)
* SSL_pending also cannot work properly if the value >INT_MAX. In that case
* we just return INT_MAX.
*/
return pending < INT_MAX ? pending : INT_MAX;
return pending < INT_MAX ? (int)pending : INT_MAX;
}
int SSL_has_pending(const SSL *s)
@ -1382,7 +1382,7 @@ int SSL_copy_session_id(SSL *t, const SSL *f)
CRYPTO_atomic_add(&f->cert->references, 1, &i, f->cert->lock);
ssl_cert_free(t->cert);
t->cert = f->cert;
if (!SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length)) {
if (!SSL_set_session_id_context(t, f->sid_ctx, (int)f->sid_ctx_length)) {
return 0;
}
@ -1513,7 +1513,7 @@ static int ssl_io_intern(void *vargs)
struct ssl_async_args *args;
SSL *s;
void *buf;
int num;
size_t num;
args = (struct ssl_async_args *)vargs;
s = args->s;
@ -1767,11 +1767,13 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
case SSL_CTRL_CLEAR_MODE:
return (s->mode &= ~larg);
case SSL_CTRL_GET_MAX_CERT_LIST:
return (s->max_cert_list);
return (long)(s->max_cert_list);
case SSL_CTRL_SET_MAX_CERT_LIST:
l = s->max_cert_list;
s->max_cert_list = larg;
return (l);
if (larg < 0)
return 0;
l = (long)s->max_cert_list;
s->max_cert_list = (size_t)larg;
return l;
case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
return 0;
@ -1879,18 +1881,22 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
return 1;
case SSL_CTRL_GET_MAX_CERT_LIST:
return (ctx->max_cert_list);
return (long)(ctx->max_cert_list);
case SSL_CTRL_SET_MAX_CERT_LIST:
l = ctx->max_cert_list;
ctx->max_cert_list = larg;
return (l);
if (larg < 0)
return 0;
l = (long)ctx->max_cert_list;
ctx->max_cert_list = (size_t)larg;
return l;
case SSL_CTRL_SET_SESS_CACHE_SIZE:
l = ctx->session_cache_size;
ctx->session_cache_size = larg;
return (l);
if (larg < 0)
return 0;
l = (long)ctx->session_cache_size;
ctx->session_cache_size = (size_t)larg;
return l;
case SSL_CTRL_GET_SESS_CACHE_SIZE:
return (ctx->session_cache_size);
return (long)(ctx->session_cache_size);
case SSL_CTRL_SET_SESS_CACHE_MODE:
l = ctx->session_cache_mode;
ctx->session_cache_mode = larg;
@ -2249,7 +2255,7 @@ void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
if (!*data) {
*len = 0;
} else {
*len = s->next_proto_negotiated_len;
*len = (unsigned int)s->next_proto_negotiated_len;
}
}
@ -2366,7 +2372,7 @@ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
if (*data == NULL)
*len = 0;
else
*len = ssl->s3->alpn_selected_len;
*len = (unsigned int)ssl->s3->alpn_selected_len;
}
int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
@ -3227,7 +3233,8 @@ SSL *SSL_dup(SSL *s)
goto err;
}
if (!SSL_set_session_id_context(ret, s->sid_ctx, s->sid_ctx_length))
if (!SSL_set_session_id_context(ret, s->sid_ctx,
(int)s->sid_ctx_length))
goto err;
}
@ -4068,7 +4075,7 @@ static int ct_extract_ocsp_response_scts(SSL *s)
goto err;
p = s->tlsext_ocsp_resp;
rsp = d2i_OCSP_RESPONSE(NULL, &p, s->tlsext_ocsp_resplen);
rsp = d2i_OCSP_RESPONSE(NULL, &p, (int)s->tlsext_ocsp_resplen);
if (rsp == NULL)
goto err;

4
ssl/ssl_mcnf.c
View File

@ -73,7 +73,7 @@ static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf)
ssl_names_count = cnt;
for (i = 0; i < ssl_names_count; i++) {
struct ssl_conf_name *ssl_name = ssl_names + i;
CONF_VALUE *sect = sk_CONF_VALUE_value(cmd_lists, i);
CONF_VALUE *sect = sk_CONF_VALUE_value(cmd_lists, (int)i);
STACK_OF(CONF_VALUE) *cmds = NCONF_get_section(cnf, sect->value);
if (sk_CONF_VALUE_num(cmds) <= 0) {
if (cmds == NULL)
@ -94,7 +94,7 @@ static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf)
ssl_name->cmd_count = cnt;
for (j = 0; j < cnt; j++) {
const char *name;
CONF_VALUE *cmd_conf = sk_CONF_VALUE_value(cmds, j);
CONF_VALUE *cmd_conf = sk_CONF_VALUE_value(cmds, (int)j);
struct ssl_conf_cmd *cmd = ssl_name->cmds + j;
/* Skip any initial dot in name */
name = strchr(cmd_conf->name, '.');

10
ssl/ssl_sess.c
View File

@ -236,14 +236,14 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
{
if (len)
*len = s->session_id_length;
*len = (unsigned int)s->session_id_length;
return s->session_id;
}
const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s,
unsigned int *len)
{
if (len != NULL)
*len = s->sid_ctx_length;
*len = (unsigned int)s->sid_ctx_length;
return s->sid_ctx;
}
@ -369,7 +369,7 @@ int ssl_get_new_session(SSL *s, int session)
CRYPTO_THREAD_unlock(s->lock);
/* Choose a session ID */
memset(ss->session_id, 0, ss->session_id_length);
tmp = ss->session_id_length;
tmp = (int)ss->session_id_length;
if (!cb(s, ss->session_id, &tmp)) {
/* The callback failed */
SSLerr(SSL_F_SSL_GET_NEW_SESSION,
@ -391,7 +391,7 @@ int ssl_get_new_session(SSL *s, int session)
ss->session_id_length = tmp;
/* Finally, check for a conflict */
if (SSL_has_matching_session_id(s, ss->session_id,
ss->session_id_length)) {
(unsigned int)ss->session_id_length)) {
SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_SSL_SESSION_ID_CONFLICT);
SSL_SESSION_free(ss);
return (0);
@ -502,7 +502,7 @@ int ssl_get_prev_session(SSL *s, const PACKET *ext, const PACKET *session_id)
ret == NULL && s->session_ctx->get_session_cb != NULL) {
int copy = 1;
ret = s->session_ctx->get_session_cb(s, PACKET_data(session_id),
PACKET_remaining(session_id),
(int)PACKET_remaining(session_id),
&copy);
if (ret != NULL) {

3
ssl/ssl_txt.c
View File

@ -128,8 +128,9 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
if (x->tlsext_tick) {
if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0)
goto err;
/* TODO(size_t): Convert this call */
if (BIO_dump_indent
(bp, (const char *)x->tlsext_tick, x->tlsext_ticklen, 4)
(bp, (const char *)x->tlsext_tick, (int)x->tlsext_ticklen, 4)
<= 0)
goto err;
}

36
ssl/statem/statem_clnt.c
View File

@ -1358,18 +1358,19 @@ static int tls_process_ske_srp(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
return 0;
}
/* TODO(size_t): Convert BN_bin2bn() calls */
if ((s->srp_ctx.N =
BN_bin2bn(PACKET_data(&prime),
PACKET_remaining(&prime), NULL)) == NULL
(int)PACKET_remaining(&prime), NULL)) == NULL
|| (s->srp_ctx.g =
BN_bin2bn(PACKET_data(&generator),
PACKET_remaining(&generator), NULL)) == NULL
(int)PACKET_remaining(&generator), NULL)) == NULL
|| (s->srp_ctx.s =
BN_bin2bn(PACKET_data(&salt),
PACKET_remaining(&salt), NULL)) == NULL
(int)PACKET_remaining(&salt), NULL)) == NULL
|| (s->srp_ctx.B =
BN_bin2bn(PACKET_data(&server_pub),
PACKET_remaining(&server_pub), NULL)) == NULL) {
(int)PACKET_remaining(&server_pub), NULL)) == NULL) {
*al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_SKE_SRP, ERR_R_BN_LIB);
return 0;
@ -1419,10 +1420,12 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
goto err;
}
p = BN_bin2bn(PACKET_data(&prime), PACKET_remaining(&prime), NULL);
g = BN_bin2bn(PACKET_data(&generator), PACKET_remaining(&generator), NULL);
bnpub_key = BN_bin2bn(PACKET_data(&pub_key), PACKET_remaining(&pub_key),
NULL);
/* TODO(size_t): Convert these calls */
p = BN_bin2bn(PACKET_data(&prime), (int)PACKET_remaining(&prime), NULL);
g = BN_bin2bn(PACKET_data(&generator), (int)PACKET_remaining(&generator),
NULL);
bnpub_key = BN_bin2bn(PACKET_data(&pub_key),
(int)PACKET_remaining(&pub_key), NULL);
if (p == NULL || g == NULL || bnpub_key == NULL) {
*al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_BN_LIB);
@ -1710,8 +1713,10 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB);
goto err;
}
/* TODO(size_t): Convert this call */
if (EVP_VerifyFinal(md_ctx, PACKET_data(&signature),
PACKET_remaining(&signature), pkey) <= 0) {
(unsigned int)PACKET_remaining(&signature),
pkey) <= 0) {
/* bad signature */
EVP_MD_CTX_free(md_ctx);
al = SSL_AD_DECRYPT_ERROR;
@ -2193,7 +2198,8 @@ static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt, int *al)
pms[0] = s->client_version >> 8;
pms[1] = s->client_version & 0xff;
if (RAND_bytes(pms + 2, pmslen - 2) <= 0) {
/* TODO(size_t): Convert this function */
if (RAND_bytes(pms + 2, (int)(pmslen - 2)) <= 0) {
goto err;
}
@ -2283,7 +2289,7 @@ static int tls_construct_cke_ecdhe(SSL *s, WPACKET *pkt, int *al)
{
#ifndef OPENSSL_NO_EC
unsigned char *encodedPoint = NULL;
int encoded_pt_len = 0;
size_t encoded_pt_len = 0;
EVP_PKEY *ckey = NULL, *skey = NULL;
int ret = 0;
@ -2375,8 +2381,10 @@ static int tls_construct_cke_gost(SSL *s, WPACKET *pkt, int *al)
}
if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0
/* Generate session key */
|| RAND_bytes(pms, pmslen) <= 0) {
/* Generate session key
* TODO(size_t): Convert this function
*/
|| RAND_bytes(pms, (int)pmslen) <= 0) {
*al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR);
goto err;
@ -2617,7 +2625,7 @@ int tls_construct_client_verify(SSL *s, WPACKET *pkt)
|| !EVP_SignUpdate(mctx, hdata, hdatalen)
|| (s->version == SSL3_VERSION
&& !EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET,
s->session->master_key_length,
(int)s->session->master_key_length,
s->session->master_key))
|| !EVP_SignFinal(mctx, sig, &u, pkey)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_EVP_LIB);

7
ssl/statem/statem_dtls.c
View File

@ -390,11 +390,10 @@ int dtls_get_message(SSL *s, int *mt, size_t *len)
* permitted in a DTLS handshake message for |s|. The minimum is 16KB, but
* may be greater if the maximum certificate list size requires it.
*/
static unsigned long dtls1_max_handshake_message_len(const SSL *s)
static size_t dtls1_max_handshake_message_len(const SSL *s)
{
unsigned long max_len =
DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
if (max_len < (unsigned long)s->max_cert_list)
size_t max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
if (max_len < s->max_cert_list)
return s->max_cert_list;
return max_len;
}

2
ssl/statem/statem_lib.c
View File

@ -155,7 +155,7 @@ static void ssl3_take_mac(SSL *s)
MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt)
{
int al;
long remain;
size_t remain;
remain = PACKET_remaining(pkt);
/*

32
ssl/statem/statem_srvr.c
View File

@ -888,7 +888,8 @@ int dtls_construct_hello_verify_request(SSL *s, WPACKET *pkt)
MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
{
int i, al = SSL_AD_INTERNAL_ERROR;
unsigned int j, complen = 0;
unsigned int j;
size_t loop, complen = 0;
unsigned long id;
const SSL_CIPHER *c;
#ifndef OPENSSL_NO_COMP
@ -1087,8 +1088,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
if (s->ctx->app_verify_cookie_cb != NULL) {
if (s->ctx->app_verify_cookie_cb(s, PACKET_data(&cookie),
PACKET_remaining(&cookie)) ==
0) {
(unsigned int)PACKET_remaining(&cookie)) == 0) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO,
SSL_R_COOKIE_MISMATCH);
@ -1197,12 +1197,12 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
}
complen = PACKET_remaining(&compression);
for (j = 0; j < complen; j++) {
if (PACKET_data(&compression)[j] == 0)
for (loop = 0; loop < complen; loop++) {
if (PACKET_data(&compression)[loop] == 0)
break;
}
if (j >= complen) {
if (loop >= complen) {
/* no compress */
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_NO_COMPRESSION_SPECIFIED);
@ -1576,7 +1576,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
#endif
#ifndef OPENSSL_NO_EC
unsigned char *encodedPoint = NULL;
int encodedlen = 0;
size_t encodedlen = 0;
int curve_id = 0;
#endif
EVP_PKEY *pkey;
@ -1909,7 +1909,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
int tls_construct_certificate_request(SSL *s, WPACKET *pkt)
{
int i, nl;
int i;
STACK_OF(X509_NAME) *sk = NULL;
/* get the list of acceptable cert types */
@ -1922,7 +1922,7 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt)
if (SSL_USE_SIGALGS(s)) {
const unsigned char *psigs;
nl = tls12_get_psigalgs(s, &psigs);
size_t nl = tls12_get_psigalgs(s, &psigs);
if (!WPACKET_start_sub_packet_u16(pkt)
|| !tls12_copy_sigalgs(s, pkt, psigs, nl)
|| !WPACKET_close(pkt)) {
@ -2103,9 +2103,10 @@ static int tls_process_cke_rsa(SSL *s, PACKET *pkt, int *al)
* Decrypt with no padding. PKCS#1 padding will be removed as part of
* the timing-sensitive code below.
*/
decrypt_len = RSA_private_decrypt(PACKET_remaining(&enc_premaster),
PACKET_data(&enc_premaster),
rsa_decrypt, rsa, RSA_NO_PADDING);
/* TODO(size_t): Convert this function */
decrypt_len = (int)RSA_private_decrypt((int)PACKET_remaining(&enc_premaster),
PACKET_data(&enc_premaster),
rsa_decrypt, rsa, RSA_NO_PADDING);
if (decrypt_len < 0)
goto err;
@ -2386,7 +2387,7 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt, int *al)
unsigned long alg_a;
int Ttag, Tclass;
long Tlen;
long sess_key_len;
size_t sess_key_len;
const unsigned char *data;
int ret = 0;
@ -2436,8 +2437,9 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt, int *al)
SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, ERR_R_INTERNAL_ERROR);
goto err;
}
/* TODO(size_t): Convert this function */
if (ASN1_get_object((const unsigned char **)&data, &Tlen, &Ttag,
&Tclass, sess_key_len) != V_ASN1_CONSTRUCTED
&Tclass, (long)sess_key_len) != V_ASN1_CONSTRUCTED
|| Ttag != V_ASN1_SEQUENCE || Tclass != V_ASN1_UNIVERSAL) {
*al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, SSL_R_DECRYPTION_FAILED);
@ -2739,7 +2741,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
if (s->version == SSL3_VERSION
&& !EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET,
s->session->master_key_length,
(int)s->session->master_key_length,
s->session->master_key)) {
SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_EVP_LIB);
al = SSL_AD_INTERNAL_ERROR;

22
ssl/t1_enc.c
View File

@ -64,18 +64,18 @@ static int tls1_PRF(SSL *s,
pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
if (pctx == NULL || EVP_PKEY_derive_init(pctx) <= 0
|| EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) <= 0
|| EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, sec, slen) <= 0)
|| EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, sec, (int)slen) <= 0)
goto err;
if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed1, seed1_len) <= 0)
if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed1, (int)seed1_len) <= 0)
goto err;
if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed2, seed2_len) <= 0)
if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed2, (int)seed2_len) <= 0)
goto err;
if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed3, seed3_len) <= 0)
if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed3, (int)seed3_len) <= 0)
goto err;
if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed4, seed4_len) <= 0)
if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed4, (int)seed4_len) <= 0)
goto err;
if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed5, seed5_len) <= 0)
if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed5, (int)seed5_len) <= 0)
goto err;
if (EVP_PKEY_derive(pctx, out, &olen) <= 0)
@ -250,8 +250,9 @@ int tls1_change_cipher_state(SSL *s, int which)
memcpy(mac_secret, ms, i);
if (!(EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) {
/* TODO(size_t): Convert this function */
mac_key = EVP_PKEY_new_mac_key(mac_type, NULL,
mac_secret, *mac_secret_size);
mac_secret, (int)*mac_secret_size);
if (mac_key == NULL
|| EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key) <= 0) {
EVP_PKEY_free(mac_key);
@ -271,7 +272,8 @@ int tls1_change_cipher_state(SSL *s, int which)
if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) {
if (!EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE))
|| !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, k, iv)) {
|| !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, (int)k,
iv)) {
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
goto err2;
}
@ -285,7 +287,7 @@ int tls1_change_cipher_state(SSL *s, int which)
if (!EVP_CipherInit_ex(dd, c, NULL, NULL, NULL, (which & SSL3_CC_WRITE))
|| !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_IVLEN, 12, NULL)
|| !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_TAG, taglen, NULL)
|| !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_CCM_SET_IV_FIXED, k, iv)
|| !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_CCM_SET_IV_FIXED, (int)k, iv)
|| !EVP_CipherInit_ex(dd, NULL, NULL, key, NULL, -1)) {
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
goto err2;
@ -299,7 +301,7 @@ int tls1_change_cipher_state(SSL *s, int which)
/* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */
if ((EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size
&& !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY,
*mac_secret_size, mac_secret)) {
(int)*mac_secret_size, mac_secret)) {
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
goto err2;
}

48
ssl/t1_lib.c
View File

@ -246,7 +246,7 @@ int tls1_ec_nid2curve_id(int nid)
size_t i;
for (i = 0; i < OSSL_NELEM(nid_list); i++) {
if (nid_list[i].nid == nid)
return i + 1;
return (int)(i + 1);
}
return 0;
}
@ -1151,7 +1151,7 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al)
#endif /* OPENSSL_NO_EC */
if (tls_use_ticket(s)) {
int ticklen;
size_t ticklen;
if (!s->new_session && s->session && s->session->tlsext_tick)
ticklen = s->session->tlsext_ticklen;
else if (s->session && s->tlsext_session_ticket &&
@ -1663,7 +1663,7 @@ static int tls1_alpn_handle_client_hello_late(SSL *s, int *al)
if (s->ctx->alpn_select_cb != NULL && s->s3->alpn_proposed != NULL) {
int r = s->ctx->alpn_select_cb(s, &selected, &selected_len,
s->s3->alpn_proposed,
s->s3->alpn_proposed_len,
(unsigned int)s->s3->alpn_proposed_len,
s->ctx->alpn_select_cb_arg);
if (r == SSL_TLSEXT_ERR_OK) {
@ -1825,7 +1825,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
if (s->tlsext_debug_cb)
s->tlsext_debug_cb(s, 0, type, PACKET_data(&extension),
PACKET_remaining(&extension),
(int)PACKET_remaining(&extension),
s->tlsext_debug_arg);
if (type == TLSEXT_TYPE_renegotiate) {
@ -1977,7 +1977,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
else if (type == TLSEXT_TYPE_session_ticket) {
if (s->tls_session_ticket_ext_cb &&
!s->tls_session_ticket_ext_cb(s, PACKET_data(&extension),
PACKET_remaining(&extension),
(int)PACKET_remaining(&extension),
s->tls_session_ticket_ext_cb_arg))
{
*al = TLS1_AD_INTERNAL_ERROR;
@ -2039,8 +2039,9 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
}
id_data = PACKET_data(&responder_id);
/* TODO(size_t): Convert d2i_* to size_t */
id = d2i_OCSP_RESPID(NULL, &id_data,
PACKET_remaining(&responder_id));
(int)PACKET_remaining(&responder_id));
if (id == NULL)
return 0;
@ -2066,7 +2067,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
X509_EXTENSION_free);
s->tlsext_ocsp_exts =
d2i_X509_EXTENSIONS(NULL, &ext_data,
PACKET_remaining(&exts));
(int)PACKET_remaining(&exts));
if (s->tlsext_ocsp_exts == NULL
|| ext_data != PACKET_end(&exts)) {
return 0;
@ -2961,7 +2962,8 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
SSL_SESSION *sess;
unsigned char *sdec;
const unsigned char *p;
int slen, mlen, renew_ticket = 0, ret = -1;
int slen, renew_ticket = 0, ret = -1, declen;
size_t mlen;
unsigned char tick_hmac[EVP_MAX_MD_SIZE];
HMAC_CTX *hctx = NULL;
EVP_CIPHER_CTX *ctx;
@ -3009,14 +3011,13 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
* Attempt to process session ticket, first conduct sanity and integrity
* checks on ticket.
*/
/* TODO(size_t) : convert me */
mlen = HMAC_size(hctx);
if (mlen < 0) {
if (mlen == 0) {
goto err;
}
/* Sanity check ticket length: must exceed keyname + IV + HMAC */
if (eticklen <=
TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx) + (size_t)mlen) {
TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx) + mlen) {
ret = 2;
goto err;
}
@ -3036,17 +3037,18 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
p = etick + 16 + EVP_CIPHER_CTX_iv_length(ctx);
eticklen -= 16 + EVP_CIPHER_CTX_iv_length(ctx);
sdec = OPENSSL_malloc(eticklen);
if (sdec == NULL || EVP_DecryptUpdate(ctx, sdec, &slen, p, eticklen) <= 0) {
if (sdec == NULL || EVP_DecryptUpdate(ctx, sdec, &slen, p,
(int)eticklen) <= 0) {
EVP_CIPHER_CTX_free(ctx);
OPENSSL_free(sdec);
return -1;
}
if (EVP_DecryptFinal(ctx, sdec + slen, &mlen) <= 0) {
if (EVP_DecryptFinal(ctx, sdec + slen, &declen) <= 0) {
EVP_CIPHER_CTX_free(ctx);
OPENSSL_free(sdec);
return 2;
}
slen += mlen;
slen += declen;
EVP_CIPHER_CTX_free(ctx);
ctx = NULL;
p = sdec;
@ -3327,9 +3329,9 @@ int tls12_copy_sigalgs(SSL *s, WPACKET *pkt,
}
/* Given preference and allowed sigalgs set shared sigalgs */
static int tls12_shared_sigalgs(SSL *s, TLS_SIGALGS *shsig,
const unsigned char *pref, size_t preflen,
const unsigned char *allow, size_t allowlen)
static size_t tls12_shared_sigalgs(SSL *s, TLS_SIGALGS *shsig,
const unsigned char *pref, size_t preflen,
const unsigned char *allow, size_t allowlen)
{
const unsigned char *ptmp, *atmp;
size_t i, j, nmatch = 0;
@ -3491,7 +3493,8 @@ int SSL_get_sigalgs(SSL *s, int idx,
unsigned char *rsig, unsigned char *rhash)
{
const unsigned char *psig = s->s3->tmp.peer_sigalgs;
if (psig == NULL)
size_t numsigalgs = s->s3->tmp.peer_sigalgslen / 2;
if (psig == NULL || numsigalgs > INT_MAX)
return 0;
if (idx >= 0) {
idx <<= 1;
@ -3504,7 +3507,7 @@ int SSL_get_sigalgs(SSL *s, int idx,
*rsig = psig[1];
tls1_lookup_sigalg(phash, psign, psignhash, psig);
}
return s->s3->tmp.peer_sigalgslen / 2;
return (int)numsigalgs;
}
int SSL_get_shared_sigalgs(SSL *s, int idx,
@ -3512,7 +3515,8 @@ int SSL_get_shared_sigalgs(SSL *s, int idx,
unsigned char *rsig, unsigned char *rhash)
{
TLS_SIGALGS *shsigalgs = s->cert->shared_sigalgs;
if (!shsigalgs || idx >= (int)s->cert->shared_sigalgslen)
if (!shsigalgs || idx >= (int)s->cert->shared_sigalgslen
|| s->cert->shared_sigalgslen > INT_MAX)
return 0;
shsigalgs += idx;
if (phash)
@ -3525,7 +3529,7 @@ int SSL_get_shared_sigalgs(SSL *s, int idx,
*rsig = shsigalgs->rsign;
if (rhash)
*rhash = shsigalgs->rhash;
return s->cert->shared_sigalgslen;
return (int)s->cert->shared_sigalgslen;
}
#define MAX_SIGALGLEN (TLSEXT_hash_num * TLSEXT_signature_num * 2)
@ -3698,7 +3702,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
/* idx == -2 means checking client certificate chains */
if (idx == -2) {
cpk = c->key;
idx = cpk - c->pkeys;
idx = (int)(cpk - c->pkeys);
} else
cpk = c->pkeys + idx;
pvalid = s->s3->tmp.valid_flags + idx;

6
ssl/t1_reneg.c
View File

@ -71,9 +71,9 @@ int ssl_add_serverhello_renegotiate_ext(SSL *s, WPACKET *pkt)
*/
int ssl_parse_serverhello_renegotiate_ext(SSL *s, PACKET *pkt, int *al)
{
unsigned int expected_len = s->s3->previous_client_finished_len
size_t expected_len = s->s3->previous_client_finished_len
+ s->s3->previous_server_finished_len;
unsigned int ilen;
size_t ilen;
const unsigned char *data;
/* Check for logic errors */
@ -81,7 +81,7 @@ int ssl_parse_serverhello_renegotiate_ext(SSL *s, PACKET *pkt, int *al)
OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len);
/* Parse the length byte */
if (!PACKET_get_1(pkt, &ilen)) {
if (!PACKET_get_1_len(pkt, &ilen)) {
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
SSL_R_RENEGOTIATION_ENCODING_ERR);
*al = SSL_AD_ILLEGAL_PARAMETER;