Reduce casting nastiness.

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 243992542b0abd129c2ebaa56e690dbdabee5cac..dab2bd766fd997abe5698cfbc4622fe57feef0fe 100644 (file)
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -643,6 +643,13 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
 #endif
        SSL3_BUFFER *wb=&(s->s3->wbuf);
        int i;
+       unsigned int u_len = (unsigned int)len;
+
+       if (len < 0)
+               {
+               SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_NEGATIVE_LENGTH);
+               return -1;
+               }
 
        s->rwstate=SSL_NOTHING;
        OPENSSL_assert(s->s3->wnum <= INT_MAX);
@@ -697,7 +704,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
         * compromise is considered worthy.
         */
        if (type==SSL3_RT_APPLICATION_DATA &&
-           len >= 4*(int)(max_send_fragment=s->max_send_fragment) &&
+           u_len >= 4*(max_send_fragment=s->max_send_fragment) &&
            s->compress==NULL && s->msg_callback==NULL &&
            !SSL_USE_ETM(s) && SSL_USE_EXPLICIT_IV(s) &&
            EVP_CIPHER_flags(s->enc_write_ctx->cipher)&EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)
@@ -718,7 +725,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
                                        EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE,
                                        max_send_fragment,NULL);
 
-                       if (len>=8*(int)max_send_fragment)      packlen *= 8;
+                       if (u_len >= 8*max_send_fragment)       packlen *= 8;
                        else                            packlen *= 4;
 
                        wb->buf=OPENSSL_malloc(packlen);

diff --git a/ssl/ssl.h b/ssl/ssl.h
index c434b86a54e204c72fde6c7e2f62e9699da4ab7a..d44a9d5e97b12859bd9e109d9ea4e5499731db7a 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -3057,6 +3057,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION        228
 #define SSL_R_SSL_HANDSHAKE_FAILURE                     229
 #define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS                230
+#define SSL_R_SSL_NEGATIVE_LENGTH                       372
 #define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED            301
 #define SSL_R_SSL_SESSION_ID_CONFLICT                   302
 #define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG           273

diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 258d408f54f831b61de302ede1e3fd60ed1d657a..70a2a73c3681660c4e33b215aeab70eb5b25561e 100644 (file)
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -551,6 +551,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),"ssl ctx has no default ssl version"},
 {ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) ,"ssl handshake failure"},
 {ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS),"ssl library has no ciphers"},
+{ERR_REASON(SSL_R_SSL_NEGATIVE_LENGTH)   ,"ssl negative length"},
 {ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED),"ssl session id callback failed"},
 {ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT),"ssl session id conflict"},
 {ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),"ssl session id context too long"},