Commit b069590724 for openssl.org

commit b069590724f09d060c79dc3013f2a0a60438b07f
Author: Herman Semenoff <GermanAizek@yandex.ru>
Date:   Sat Apr 25 07:22:54 2026 +0300

    ssl: avoid integer overflow by casting sum terms to size_t and not the result

    Avoid possible integer overflow:  instead of casting the sum to size_t,
    each operand of the sum is cast to size_t before addition to avoid int
    overflow.

    Signed-off-by: Herman Semenoff <GermanAizek@yandex.ru>

    Reviewed-by: Matt Caswell <matt@openssl.foundation>
    Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    MergeDate: Mon Jun  1 07:24:21 2026
    (Merged from https://github.com/openssl/openssl/pull/30972)

diff --git a/ssl/quic/quic_port.c b/ssl/quic/quic_port.c
index 42b121103d..e29e4bcf74 100644
--- a/ssl/quic/quic_port.c
+++ b/ssl/quic/quic_port.c
@@ -1136,7 +1136,7 @@ static int decrypt_validation_token(const QUIC_PORT *port,
         goto err;

     /* Prevent decryption of a buffer that is not within reasonable bounds */
-    if (ct_len < (size_t)(iv_len + tag_len) || ct_len > ENCRYPTED_TOKEN_MAX_LEN)
+    if (ct_len < (size_t)iv_len + tag_len || ct_len > ENCRYPTED_TOKEN_MAX_LEN)
         goto err;

     *pt_len = ct_len - iv_len - tag_len;
diff --git a/ssl/record/methods/tls13_meth.c b/ssl/record/methods/tls13_meth.c
index ade5739622..e091d8d382 100644
--- a/ssl/record/methods/tls13_meth.c
+++ b/ssl/record/methods/tls13_meth.c
@@ -236,7 +236,7 @@ static int tls13_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs,
                (unsigned int)rec->length)
             <= 0
         || EVP_CipherFinal_ex(enc_ctx, rec->data + lenu, &lenf) <= 0
-        || (size_t)(lenu + lenf) != rec->length) {
+        || (size_t)lenu + lenf != rec->length) {
         return 0;
     }
     if (sending) {