Commit 19a1ff18e4 for openssl.org
commit 19a1ff18e4f04c89078578a17d8f0729e8004fa1
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Sep 18 17:13:28 2025 +0200
Fix warnings about casts in ECH code
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28611)
diff --git a/apps/s_client.c b/apps/s_client.c
index 52c8bb5086..34caee76b7 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -3451,8 +3451,9 @@ static void print_ech_retry_configs(BIO *bio, SSL *s)
* print nicely, note that any non-supported versions
* sent by server will have been filtered out by now
*/
- if ((biom = BIO_new(BIO_s_mem())) == NULL
- || BIO_write(biom, rtval, rtlen) <= 0
+ if (rtlen > INT_MAX
+ || (biom = BIO_new(BIO_s_mem())) == NULL
+ || BIO_write(biom, rtval, (int)rtlen) <= 0
|| (es = OSSL_ECHSTORE_new(NULL, NULL)) == NULL
|| OSSL_ECHSTORE_read_echconfiglist(es, biom) != 1) {
BIO_printf(bio, "ECH: Error loading retry-configs\n");
diff --git a/ssl/ech/ech_internal.c b/ssl/ech/ech_internal.c
index fece841784..0c82ae949e 100644
--- a/ssl/ech/ech_internal.c
+++ b/ssl/ech/ech_internal.c
@@ -41,7 +41,7 @@ void ossl_ech_pbuf(const char *msg, const unsigned char *buf, const size_t blen)
BIO_printf(trc_out, "%s: blen is %lu\n", msg, (unsigned long)blen);
} else {
BIO_printf(trc_out, "%s (%lu)\n", msg, (unsigned long)blen);
- BIO_dump_indent(trc_out, buf, blen, 4);
+ BIO_dump_indent(trc_out, buf, (int)blen, 4);
}
}
OSSL_TRACE_END(TLS);
@@ -377,7 +377,8 @@ int ossl_ech_pick_matching_cfg(SSL_CONNECTION *s, OSSL_ECHSTORE_ENTRY **ee,
OSSL_HPKE_SUITE *suite)
{
int namematch = 0, nameoverride = 0, suitematch = 0, num, cind = 0;
- unsigned int csuite = 0, tsuite = 0, hnlen = 0;
+ unsigned int csuite = 0, tsuite = 0;
+ size_t hnlen = 0;
OSSL_ECHSTORE_ENTRY *lee = NULL, *tee = NULL;
OSSL_ECHSTORE *es = NULL;
char *hn = NULL;
@@ -625,8 +626,8 @@ int ossl_ech_reset_hs_buffer(SSL_CONNECTION *s, const unsigned char *buf,
size_t ossl_ech_calc_padding(SSL_CONNECTION *s, OSSL_ECHSTORE_ENTRY *ee,
size_t encoded_len)
{
- int length_of_padding = 0, length_with_snipadding = 0;
- int innersnipadding = 0, length_with_padding = 0;
+ size_t length_of_padding = 0, length_with_snipadding = 0;
+ size_t innersnipadding = 0, length_with_padding = 0;
size_t mnl = 0, isnilen = 0;
if (s == NULL || ee == NULL)
@@ -659,13 +660,13 @@ size_t ossl_ech_calc_padding(SSL_CONNECTION *s, OSSL_ECHSTORE_ENTRY *ee,
length_with_padding += OSSL_ECH_PADDING_INCREMENT;
OSSL_TRACE_BEGIN(TLS)
{
- BIO_printf(trc_out, "EAAE: padding: mnl: %zu, lws: %d "
- "lop: %d, clear_len (len with padding): %d, orig: %zu\n",
+ BIO_printf(trc_out, "EAAE: padding: mnl: %zu, lws: %zu "
+ "lop: %zu, clear_len (len with padding): %zu, orig: %zu\n",
mnl, length_with_snipadding, length_of_padding,
length_with_padding, encoded_len);
}
OSSL_TRACE_END(TLS);
- return (size_t)length_with_padding;
+ return length_with_padding;
}
/*
@@ -964,7 +965,7 @@ static int ech_hkdf_extract_wrap(SSL_CONNECTION *s, EVP_MD *md, int for_hrr,
ossl_ech_pbuf("cc: client_random", p, SSL3_RANDOM_SIZE);
#endif
if (EVP_PKEY_CTX_set1_hkdf_key(pctx, p, SSL3_RANDOM_SIZE) != 1
- || EVP_PKEY_CTX_set1_hkdf_salt(pctx, zeros, hashlen) != 1
+ || EVP_PKEY_CTX_set1_hkdf_salt(pctx, zeros, (int)hashlen) != 1
|| EVP_PKEY_derive(pctx, NULL, &retlen) != 1
|| hashlen != retlen
|| EVP_PKEY_derive(pctx, notsecret, &retlen) != 1) {
diff --git a/ssl/ech/ech_local.h b/ssl/ech/ech_local.h
index 08730cb94e..047aa8873b 100644
--- a/ssl/ech/ech_local.h
+++ b/ssl/ech/ech_local.h
@@ -335,7 +335,7 @@ int ossl_ech_calc_confirm(SSL_CONNECTION *s, int for_hrr,
/* these are internal but located in ssl/statem/extensions.c */
int ossl_ech_same_ext(SSL_CONNECTION *s, WPACKET *pkt);
int ossl_ech_same_key_share(void);
-int ossl_ech_2bcompressed(int ind);
+int ossl_ech_2bcompressed(size_t ind);
int ossl_ech_copy_inner2outer(SSL_CONNECTION *s, uint16_t ext_type, int ind,
WPACKET *pkt);
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 502cf3197d..153fecb224 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -549,14 +549,14 @@ int ossl_ech_same_key_share(void)
* say if extension at index |ind| in ext_defs is to be ECH compressed
* return 1 if this one is to be compressed, 0 if not, -1 for error
*/
-int ossl_ech_2bcompressed(int ind)
+int ossl_ech_2bcompressed(size_t ind)
{
- const int nexts = OSSL_NELEM(ext_defs);
+ const size_t nexts = OSSL_NELEM(ext_defs);
#ifdef DUPEMALL
return 0;
#endif
- if (ind < 0 || ind >= nexts)
+ if (ind >= nexts)
return -1;
return ext_defs[ind].ech_handling == OSSL_ECH_HANDLING_COMPRESS;
}
@@ -1091,7 +1091,7 @@ int tls_construct_extensions(SSL_CONNECTION *s, WPACKET *pkt,
if (ossl_ech_2bcompressed(i) == pass)
continue;
/* stash index - needed for COMPRESS ECH handling */
- s->ext.ech.ext_ind = i;
+ s->ext.ech.ext_ind = (int)i;
#endif
/* Skip if not relevant for our context */
if (!should_add_extension(s, thisexd->context, context, max_version))
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 7f455a3f7b..23eac642b6 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -2761,7 +2761,7 @@ err:
int tls_parse_stoc_ech(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx)
{
- unsigned int rlen = 0;
+ size_t rlen = 0;
const unsigned char *rval = NULL;
unsigned char *srval = NULL;
PACKET rcfgs_pkt;
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 080cb0d304..fc523398e7 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -537,7 +537,7 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which)
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
- handlen = s->ext.ech.innerch_len;
+ handlen = (long)s->ext.ech.innerch_len;
hdata = s->ext.ech.innerch;
} else
#endif
diff --git a/test/ech_test.c b/test/ech_test.c
index 998afeb03b..cbbcf692a1 100644
--- a/test/ech_test.c
+++ b/test/ech_test.c
@@ -834,7 +834,7 @@ static int ech_ingest_test(int run)
char *pn = NULL, *ec = NULL;
if ((in = BIO_new(BIO_s_mem())) == NULL
- || BIO_write(in, tv->tv, tv->len) <= 0
+ || BIO_write(in, tv->tv, (int)tv->len) <= 0
|| (out = BIO_new(BIO_s_mem())) == NULL
|| (es = OSSL_ECHSTORE_new(NULL, NULL)) == NULL)
goto end;