size_t i;
for (i = 0; i < OSSL_NELEM(nid_list); i++) {
if (nid_list[i].nid == nid)
- return i + 1;
+ return (int)(i + 1);
}
return 0;
}
#endif /* OPENSSL_NO_EC */
if (tls_use_ticket(s)) {
- int ticklen;
+ size_t ticklen;
if (!s->new_session && s->session && s->session->tlsext_tick)
ticklen = s->session->tlsext_ticklen;
else if (s->session && s->tlsext_session_ticket &&
if (s->ctx->alpn_select_cb != NULL && s->s3->alpn_proposed != NULL) {
int r = s->ctx->alpn_select_cb(s, &selected, &selected_len,
s->s3->alpn_proposed,
- s->s3->alpn_proposed_len,
+ (unsigned int)s->s3->alpn_proposed_len,
s->ctx->alpn_select_cb_arg);
if (r == SSL_TLSEXT_ERR_OK) {
if (s->tlsext_debug_cb)
s->tlsext_debug_cb(s, 0, type, PACKET_data(&extension),
- PACKET_remaining(&extension),
+ (int)PACKET_remaining(&extension),
s->tlsext_debug_arg);
if (type == TLSEXT_TYPE_renegotiate) {
else if (type == TLSEXT_TYPE_session_ticket) {
if (s->tls_session_ticket_ext_cb &&
!s->tls_session_ticket_ext_cb(s, PACKET_data(&extension),
- PACKET_remaining(&extension),
+ (int)PACKET_remaining(&extension),
s->tls_session_ticket_ext_cb_arg))
{
*al = TLS1_AD_INTERNAL_ERROR;
}
id_data = PACKET_data(&responder_id);
+ /* TODO(size_t): Convert d2i_* to size_t */
id = d2i_OCSP_RESPID(NULL, &id_data,
- PACKET_remaining(&responder_id));
+ (int)PACKET_remaining(&responder_id));
if (id == NULL)
return 0;
X509_EXTENSION_free);
s->tlsext_ocsp_exts =
d2i_X509_EXTENSIONS(NULL, &ext_data,
- PACKET_remaining(&exts));
+ (int)PACKET_remaining(&exts));
if (s->tlsext_ocsp_exts == NULL
|| ext_data != PACKET_end(&exts)) {
return 0;
SSL_SESSION *sess;
unsigned char *sdec;
const unsigned char *p;
- int slen, mlen, renew_ticket = 0, ret = -1;
+ int slen, renew_ticket = 0, ret = -1, declen;
+ size_t mlen;
unsigned char tick_hmac[EVP_MAX_MD_SIZE];
HMAC_CTX *hctx = NULL;
EVP_CIPHER_CTX *ctx;
* Attempt to process session ticket, first conduct sanity and integrity
* checks on ticket.
*/
- /* TODO(size_t) : convert me */
mlen = HMAC_size(hctx);
- if (mlen < 0) {
+ if (mlen == 0) {
goto err;
}
/* Sanity check ticket length: must exceed keyname + IV + HMAC */
if (eticklen <=
- TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx) + (size_t)mlen) {
+ TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx) + mlen) {
ret = 2;
goto err;
}
p = etick + 16 + EVP_CIPHER_CTX_iv_length(ctx);
eticklen -= 16 + EVP_CIPHER_CTX_iv_length(ctx);
sdec = OPENSSL_malloc(eticklen);
- if (sdec == NULL || EVP_DecryptUpdate(ctx, sdec, &slen, p, eticklen) <= 0) {
+ if (sdec == NULL || EVP_DecryptUpdate(ctx, sdec, &slen, p,
+ (int)eticklen) <= 0) {
EVP_CIPHER_CTX_free(ctx);
OPENSSL_free(sdec);
return -1;
}
- if (EVP_DecryptFinal(ctx, sdec + slen, &mlen) <= 0) {
+ if (EVP_DecryptFinal(ctx, sdec + slen, &declen) <= 0) {
EVP_CIPHER_CTX_free(ctx);
OPENSSL_free(sdec);
return 2;
}
- slen += mlen;
+ slen += declen;
EVP_CIPHER_CTX_free(ctx);
ctx = NULL;
p = sdec;
}
/* Given preference and allowed sigalgs set shared sigalgs */
-static int tls12_shared_sigalgs(SSL *s, TLS_SIGALGS *shsig,
- const unsigned char *pref, size_t preflen,
- const unsigned char *allow, size_t allowlen)
+static size_t tls12_shared_sigalgs(SSL *s, TLS_SIGALGS *shsig,
+ const unsigned char *pref, size_t preflen,
+ const unsigned char *allow, size_t allowlen)
{
const unsigned char *ptmp, *atmp;
size_t i, j, nmatch = 0;
unsigned char *rsig, unsigned char *rhash)
{
const unsigned char *psig = s->s3->tmp.peer_sigalgs;
- if (psig == NULL)
+ size_t numsigalgs = s->s3->tmp.peer_sigalgslen / 2;
+ if (psig == NULL || numsigalgs > INT_MAX)
return 0;
if (idx >= 0) {
idx <<= 1;
*rsig = psig[1];
tls1_lookup_sigalg(phash, psign, psignhash, psig);
}
- return s->s3->tmp.peer_sigalgslen / 2;
+ return (int)numsigalgs;
}
int SSL_get_shared_sigalgs(SSL *s, int idx,
unsigned char *rsig, unsigned char *rhash)
{
TLS_SIGALGS *shsigalgs = s->cert->shared_sigalgs;
- if (!shsigalgs || idx >= (int)s->cert->shared_sigalgslen)
+ if (!shsigalgs || idx >= (int)s->cert->shared_sigalgslen
+ || s->cert->shared_sigalgslen > INT_MAX)
return 0;
shsigalgs += idx;
if (phash)
*rsig = shsigalgs->rsign;
if (rhash)
*rhash = shsigalgs->rhash;
- return s->cert->shared_sigalgslen;
+ return (int)s->cert->shared_sigalgslen;
}
#define MAX_SIGALGLEN (TLSEXT_hash_num * TLSEXT_signature_num * 2)
/* idx == -2 means checking client certificate chains */
if (idx == -2) {
cpk = c->key;
- idx = cpk - c->pkeys;
+ idx = (int)(cpk - c->pkeys);
} else
cpk = c->pkeys + idx;
pvalid = s->s3->tmp.valid_flags + idx;
projects / openssl.git / blobdiff