diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 8001fd025..68949cbda 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -500,19 +500,19 @@ */ static int bench_all = 1; /* Cipher algorithms to benchmark. */ -static int bench_cipher_algs = 0; +static word32 bench_cipher_algs = 0; /* Digest algorithms to benchmark. */ -static int bench_digest_algs = 0; +static word32 bench_digest_algs = 0; /* MAC algorithms to benchmark. */ -static int bench_mac_algs = 0; +static word32 bench_mac_algs = 0; /* Asymmetric algorithms to benchmark. */ -static int bench_asym_algs = 0; +static word32 bench_asym_algs = 0; /* Post-Quantum Asymmetric algorithms to benchmark. */ -static int bench_pq_asym_algs = 0; +static word32 bench_pq_asym_algs = 0; /* Post-Quantum Asymmetric algorithms to benchmark. (Part 2)*/ -static int bench_pq_asym_algs2 = 0; +static word32 bench_pq_asym_algs2 = 0; /* Other cryptographic algorithms to benchmark. */ -static int bench_other_algs = 0; +static word32 bench_other_algs = 0; #if !defined(WOLFSSL_BENCHMARK_ALL) && !defined(NO_MAIN_DRIVER) @@ -907,10 +907,10 @@ static const char* bench_desc_words[][15] = { #define SHOW_INTEL_CYCLES(b, n, s) \ (void)XSNPRINTF((b) + XSTRLEN(b), (n) - XSTRLEN(b), " %s = %6.2f\n", \ bench_result_words1[lng_index][2], \ - count == 0 ? 0 : (float)total_cycles / ((word64)count*(s))) + count == 0 ? 0 : (double)total_cycles / ((word64)count*(s))) #define SHOW_INTEL_CYCLES_CSV(b, n, s) \ (void)XSNPRINTF((b) + XSTRLEN(b), (n) - XSTRLEN(b), "%.6f,\n", \ - count == 0 ? 0 : (float)total_cycles / ((word64)count*(s))) + count == 0 ? 0 : (double)total_cycles / ((word64)count*(s))) #elif defined(LINUX_CYCLE_COUNT) #include #include @@ -1323,15 +1323,15 @@ static const char* bench_result_words2[][5] = { while(options) { if (options & AAD_SIZE_DEFAULT) { aesAuthAddSz = AES_AUTH_ADD_SZ; - options &= ~AAD_SIZE_DEFAULT; + options &= ~(word32)AAD_SIZE_DEFAULT; } else if (options & AAD_SIZE_ZERO) { aesAuthAddSz = 0; - options &= ~AAD_SIZE_ZERO; + options &= ~(word32)AAD_SIZE_ZERO; } else if (options & AAD_SIZE_CUSTOM) { aesAuthAddSz = aes_aad_size; - options &= ~AAD_SIZE_CUSTOM; + options &= ~(word32)AAD_SIZE_CUSTOM; } fn(i); aesAuthAddSz = aesAuthAddSz_orig; @@ -1754,7 +1754,7 @@ static const char* get_blocktype_base10(double* blocks) /* countSz is number of bytes that 1 count represents. Normally bench_size, * except for AES direct that operates on AES_BLOCK_SIZE blocks */ static void bench_stats_sym_finish(const char* desc, int useDeviceID, - int count, int countSz, + int count, word32 countSz, double start, int ret) { double total, persec = 0, blocks = (double)count; @@ -1880,7 +1880,7 @@ static void bench_stats_sym_finish(const char* desc, int useDeviceID, ESP_LOGV(TAG, "finish total_cycles = %llu", total_cycles); /* implement other cycle counters here */ #else - SHOW_INTEL_CYCLES_CSV(msg, sizeof(msg), countSz); + SHOW_INTEL_CYCLES_CSV(msg, sizeof(msg), (unsigned)countSz); #endif } /* if (csv_format == 1) */ @@ -1913,7 +1913,7 @@ static void bench_stats_sym_finish(const char* desc, int useDeviceID, /* implement other architecture cycle counters here */ #else - SHOW_INTEL_CYCLES(msg, sizeof(msg), countSz); + SHOW_INTEL_CYCLES(msg, sizeof(msg), (unsigned)countSz); #endif } /* not CSV format */ @@ -3658,7 +3658,7 @@ static void bench_aesecb_internal(int useDeviceID, bench_stats_start(&count, &start); do { - int outer_loop_limit = ((bench_size / benchSz) * 10) + 1; + int outer_loop_limit = (((int)bench_size / benchSz) * 10) + 1; for (times = 0; times < outer_loop_limit /* numBlocks */ || pending > 0; ) { @@ -3700,7 +3700,7 @@ exit_aes_enc: bench_stats_start(&count, &start); do { - int outer_loop_limit = (10 * (bench_size / benchSz)) + 1; + int outer_loop_limit = (10 * ((int)bench_size / benchSz)) + 1; for (times = 0; times < outer_loop_limit || pending > 0; ) { bench_async_poll(&pending); @@ -5835,7 +5835,7 @@ void bench_blake2s(void) #ifdef WOLFSSL_CMAC -static void bench_cmac_helper(int keySz, const char* outMsg, int useDeviceID) +static void bench_cmac_helper(word32 keySz, const char* outMsg, int useDeviceID) { Cmac cmac; byte digest[AES_BLOCK_SIZE]; @@ -6180,7 +6180,7 @@ void bench_siphash(void) #ifndef NO_RSA #if defined(WOLFSSL_KEY_GEN) -static void bench_rsaKeyGen_helper(int useDeviceID, int keySz) +static void bench_rsaKeyGen_helper(int useDeviceID, word32 keySz) { RsaKey genKey[BENCH_MAX_PENDING]; double start; @@ -6207,7 +6207,8 @@ static void bench_rsaKeyGen_helper(int useDeviceID, int keySz) goto exit; } - ret = wc_MakeRsaKey(&genKey[i], keySz, rsa_e_val, &gRng); + ret = wc_MakeRsaKey(&genKey[i], (int)keySz, rsa_e_val, + &gRng); if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&genKey[i]), 0, ×, &pending)) { @@ -6219,7 +6220,7 @@ static void bench_rsaKeyGen_helper(int useDeviceID, int keySz) count += times; } while (bench_stats_check(start)); exit: - bench_stats_asym_finish("RSA", keySz, desc[2], useDeviceID, count, + bench_stats_asym_finish("RSA", (int)keySz, desc[2], useDeviceID, count, start, ret); /* cleanup */ @@ -6232,19 +6233,18 @@ void bench_rsaKeyGen(int useDeviceID) { int k; #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) - const int keySizes[2] = {1024, 2048}; + static const word32 keySizes[2] = {1024, 2048}; #else - const int keySizes[1] = {2048}; + static const word32 keySizes[1] = {2048}; #endif for (k = 0; k < (int)(sizeof(keySizes)/sizeof(int)); k++) { - int keySz = keySizes[k]; - bench_rsaKeyGen_helper(useDeviceID, keySz); + bench_rsaKeyGen_helper(useDeviceID, keySizes[k]); } } -void bench_rsaKeyGen_size(int useDeviceID, int keySz) +void bench_rsaKeyGen_size(int useDeviceID, word32 keySz) { bench_rsaKeyGen_helper(useDeviceID, keySz); } @@ -6358,7 +6358,7 @@ static unsigned char rsa_3072_sig[] = { #endif /* WOLFSSL_RSA_VERIFY_INLINE || WOLFSSL_RSA_PUBLIC_ONLY */ static void bench_rsa_helper(int useDeviceID, RsaKey rsaKey[BENCH_MAX_PENDING], - int rsaKeySz) + word32 rsaKeySz) { int ret = 0, i, times, count = 0, pending = 0; word32 idx = 0; @@ -6437,7 +6437,7 @@ static void bench_rsa_helper(int useDeviceID, RsaKey rsaKey[BENCH_MAX_PENDING], count += times; } while (bench_stats_check(start)); exit_rsa_verify: - bench_stats_asym_finish("RSA", rsaKeySz, desc[0], + bench_stats_asym_finish("RSA", (int)rsaKeySz, desc[0], useDeviceID, count, start, ret); #endif /* !WOLFSSL_RSA_VERIFY_ONLY */ @@ -6473,7 +6473,7 @@ exit_rsa_verify: count += times; } while (bench_stats_check(start)); exit_rsa_pub: - bench_stats_asym_finish("RSA", rsaKeySz, desc[1], + bench_stats_asym_finish("RSA", (int)rsaKeySz, desc[1], useDeviceID, count, start, ret); #endif /* !WOLFSSL_RSA_PUBLIC_ONLY */ } @@ -6503,7 +6503,7 @@ exit_rsa_pub: count += times; } while (bench_stats_check(start)); exit_rsa_sign: - bench_stats_asym_finish("RSA", rsaKeySz, desc[4], useDeviceID, + bench_stats_asym_finish("RSA", (int)rsaKeySz, desc[4], useDeviceID, count, start, ret); if (ret < 0) { @@ -6560,7 +6560,7 @@ exit_rsa_sign: } while (bench_stats_check(start)); exit_rsa_verifyinline: - bench_stats_asym_finish("RSA", rsaKeySz, desc[5], + bench_stats_asym_finish("RSA", (int)rsaKeySz, desc[5], useDeviceID, count, start, ret); } @@ -6580,7 +6580,7 @@ void bench_rsa(int useDeviceID) int i; RsaKey rsaKey[BENCH_MAX_PENDING]; int ret = 0; - int rsaKeySz = 0; + word32 rsaKeySz = 0; const byte* tmp; size_t bytes; #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY) @@ -6675,7 +6675,7 @@ exit_bench_rsa: #ifdef WOLFSSL_KEY_GEN /* bench any size of RSA key */ -void bench_rsa_key(int useDeviceID, int rsaKeySz) +void bench_rsa_key(int useDeviceID, word32 rsaKeySz) { int ret = 0, i, pending = 0; RsaKey rsaKey[BENCH_MAX_PENDING]; @@ -6706,7 +6706,7 @@ void bench_rsa_key(int useDeviceID, int rsaKeySz) } /* create the RSA key */ - ret = wc_MakeRsaKey(&rsaKey[i], rsaKeySz, exp, &gRng); + ret = wc_MakeRsaKey(&rsaKey[i], (int)rsaKeySz, exp, &gRng); if (ret == WC_PENDING_E) { isPending[i] = 1; pending = 1; @@ -7495,7 +7495,7 @@ void bench_eccEncrypt(int curveId) goto exit; for (i = 0; i < (int)sizeof(msg); i++) - msg[i] = i; + msg[i] = (byte)i; bench_stats_start(&count, &start); do { @@ -8931,12 +8931,12 @@ void bench_sphincsKeySign(byte level, byte optim) #endif /* HAVE_GET_CYCLES */ -void benchmark_configure(int block_size) +void benchmark_configure(word32 block_size) { /* must be greater than 0 */ if (block_size > 0) { - numBlocks = numBlocks * bench_size / block_size; - bench_size = (word32)block_size; + numBlocks = (int)((word32)numBlocks * bench_size / block_size); + bench_size = block_size; } } @@ -9065,8 +9065,7 @@ static void Usage(void) */ static int string_matches(const char* arg, const char* str) { - int len = (int)XSTRLEN(str) + 1; - return XSTRNCMP(arg, str, len) == 0; + return XSTRCMP(arg, str) == 0; } #endif /* MAIN_NO_ARGS */ @@ -9156,7 +9155,7 @@ int wolfcrypt_benchmark_main(int argc, char** argv) argc--; argv++; if (argc > 1) { - aes_aad_size = XATOI(argv[1]); + aes_aad_size = (word32)XATOI(argv[1]); aes_aad_options |= AAD_SIZE_CUSTOM; } } @@ -9298,7 +9297,7 @@ int wolfcrypt_benchmark_main(int argc, char** argv) } else { /* parse for block size */ - benchmark_configure(XATOI(argv[1])); + benchmark_configure((word32)XATOI(argv[1])); } argc--; argv++; diff --git a/wolfcrypt/benchmark/benchmark.h b/wolfcrypt/benchmark/benchmark.h index 3cc6aa8d5..a42b133de 100644 --- a/wolfcrypt/benchmark/benchmark.h +++ b/wolfcrypt/benchmark/benchmark.h @@ -43,7 +43,7 @@ int wolfcrypt_benchmark_main(int argc, char** argv); /* individual benchmarks */ int benchmark_init(void); int benchmark_free(void); -void benchmark_configure(int block_size); +void benchmark_configure(word32 block_size); void bench_des(int useDeviceID); void bench_arc4(int useDeviceID); @@ -92,9 +92,9 @@ void bench_hmac_sha384(int useDeviceID); void bench_hmac_sha512(int useDeviceID); void bench_siphash(void); void bench_rsaKeyGen(int useDeviceID); -void bench_rsaKeyGen_size(int useDeviceID, int keySz); +void bench_rsaKeyGen_size(int useDeviceID, word32 keySz); void bench_rsa(int useDeviceID); -void bench_rsa_key(int useDeviceID, int keySz); +void bench_rsa_key(int useDeviceID, word32 keySz); void bench_dh(int useDeviceID); void bench_kyber(int type); void bench_ecc_curve(int curveId); diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 042331ad4..d7d577607 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -2893,7 +2893,7 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( aes->left = 0; #endif - aes->keylen = keylen; + aes->keylen = (int)keylen; aes->rounds = (keylen/4) + 6; #ifdef WOLFSSL_AESNI @@ -4564,7 +4564,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) static WC_INLINE void IncCtr(byte* ctr, word32 ctrSz) { int i; - for (i = ctrSz-1; i >= 0; i--) { + for (i = (int)ctrSz - 1; i >= 0; i--) { if (++ctr[i]) break; } @@ -4683,12 +4683,12 @@ static void GenerateM0(Aes* aes) #elif defined(GCM_TABLE_4BIT) #if !defined(BIG_ENDIAN_ORDER) && !defined(WC_16BIT_CPU) -static WC_INLINE void Shift4_M0(byte *r8, byte* z8) +static WC_INLINE void Shift4_M0(byte *r8, byte *z8) { int i; for (i = 15; i > 0; i--) - r8[i] = (z8[i-1] << 4) | (z8[i] >> 4); - r8[0] = z8[0] >> 4; + r8[i] = (byte)(z8[i-1] << 4) | (byte)(z8[i] >> 4); + r8[0] = (byte)(z8[0] >> 4); } #endif @@ -7165,7 +7165,7 @@ int WARN_UNUSED_RESULT AES_GCM_decrypt_C( /* ConstantCompare returns the cumulative bitwise or of the bitwise xor of * the pairwise bytes in the strings. */ - res = ConstantCompare(authTag, Tprime, authTagSz); + res = ConstantCompare(authTag, Tprime, (int)authTagSz); /* convert positive retval from ConstantCompare() to all-1s word, in * constant time. */ @@ -8571,7 +8571,7 @@ int wc_AesGcmSetExtIV(Aes* aes, const byte* iv, word32 ivSz) { int ret = 0; - if (aes == NULL || iv == NULL || !CheckAesGcmIvSize(ivSz)) { + if (aes == NULL || iv == NULL || !CheckAesGcmIvSize((int)ivSz)) { ret = BAD_FUNC_ARG; } @@ -8599,7 +8599,7 @@ int wc_AesGcmSetIV(Aes* aes, word32 ivSz, { int ret = 0; - if (aes == NULL || rng == NULL || !CheckAesGcmIvSize(ivSz) || + if (aes == NULL || rng == NULL || !CheckAesGcmIvSize((int)ivSz) || (ivFixed == NULL && ivFixedSz != 0) || (ivFixed != NULL && ivFixedSz != AES_IV_FIXED_SZ)) { diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index d44769da3..c0ca63872 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -596,7 +596,7 @@ static word32 SizeASN_Num(word32 n, int bits, byte tag) int j; word32 len; - len = 1 + 1 + bits / 8; + len = 1 + 1 + (word32)bits / 8; /* Discover actual size by checking for high zeros. */ for (j = bits - 8; j > 0; j -= 8) { if (n >> j) @@ -696,7 +696,7 @@ int SizeASN_Items(const ASNItem* asn, ASNSetData *data, int count, int* encSz) /* Calculate the size of the MP integer data. */ length = mp_unsigned_bin_size(data[i].data.mp); length += mp_leading_bit(data[i].data.mp) ? 1 : 0; - len = SizeASNHeader(length) + length; + len = (word32)SizeASNHeader((word32)length) + (word32)length; break; case ASN_DATA_TYPE_REPLACE_BUFFER: @@ -776,7 +776,7 @@ int SizeASN_Items(const ASNItem* asn, ASNSetData *data, int count, int* encSz) #endif } - *encSz = sz; + *encSz = (int)sz; return 0; } @@ -800,7 +800,7 @@ static void SetASN_Num(word32 n, int bits, byte* out, byte tag) idx = 2; /* Set the length of the number based on maximum bit length. */ - len = bits / 8; + len = (byte)(bits / 8); /* Discover actual size by checking for leading zero bytes. */ for (j = bits - 8; j > 0; j -= 8) { if ((n >> j) != 0) { @@ -815,7 +815,7 @@ static void SetASN_Num(word32 n, int bits, byte* out, byte tag) */ if (tag == ASN_BIT_STRING) { byte unusedBits = 0; - byte lastByte = n >> j; + byte lastByte = (byte)(n >> j); /* Quick check last bit. */ if ((lastByte & 0x01) == 0x00) { @@ -840,7 +840,7 @@ static void SetASN_Num(word32 n, int bits, byte* out, byte tag) out[1] = len; /* Place in the required bytes of the number. */ for (; j >= 0; j -= 8) - out[idx++] = n >> j; + out[idx++] = (byte)(n >> j); } /* Creates the DER encoding of the ASN.1 items. @@ -917,7 +917,7 @@ int SetASN_Items(const ASNItem* asn, ASNSetData *data, int count, byte* output) /* Add one for leading zero to make encoding a positive num. */ length += mp_leading_bit(data[i].data.mp) ? 1 : 0; /* Write out length. */ - idx += SetASNLength(length, out + idx); + idx += SetASNLength((word32)length, out + idx); /* Write out leading zero to make positive. */ if (mp_leading_bit(data[i].data.mp)) { out[idx++] = 0; @@ -947,7 +947,7 @@ int SetASN_Items(const ASNItem* asn, ASNSetData *data, int count, byte* output) /* Always one byte of data. */ out[idx++] = 1; /* TRUE = 0xff, FALSE = 0x00 */ - out[idx] = data[i].data.u8 ? -1 : 0; + out[idx] = data[i].data.u8 ? 0xffU : 0x00U; } else if (asn[i].tag == ASN_TAG_NULL) { /* NULL tag is always a zero length item. */ @@ -995,7 +995,7 @@ int SetASN_Items(const ASNItem* asn, ASNSetData *data, int count, byte* output) } } - return sz; + return (int)sz; } @@ -1082,7 +1082,7 @@ static int GetASN_BitString(const byte* input, word32 idx, int length) return ASN_PARSE_E; } /* Ensure unused bits are zero. */ - if ((byte)(input[idx + length - 1] << (8 - input[idx])) != 0) { + if ((byte)(input[idx + (word32)length - 1] << (8 - input[idx])) != 0) { #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE WOLFSSL_MSG_VSNPRINTF("BIT STRING unused bits used: %d %02x", input[idx], input[idx + length - 1]); @@ -1142,7 +1142,7 @@ static int GetASN_StoreData(const ASNItem* asn, ASNGetData* data, *data->data.u16 = 0; for (i = 0; i < len; i++) { *data->data.u16 <<= 8; - *data->data.u16 |= input[idx + i] ; + *data->data.u16 |= input[idx + (word32)i] ; } break; case ASN_DATA_TYPE_WORD32: @@ -1157,7 +1157,7 @@ static int GetASN_StoreData(const ASNItem* asn, ASNGetData* data, *data->data.u32 = 0; for (i = 0; i < len; i++) { *data->data.u32 <<= 8; - *data->data.u32 |= input[idx + i] ; + *data->data.u32 |= input[idx + (word32)i] ; } break; @@ -1171,8 +1171,8 @@ static int GetASN_StoreData(const ASNItem* asn, ASNGetData* data, return ASN_PARSE_E; } /* Copy in data and record actual length seen. */ - XMEMCPY(data->data.buffer.data, input + idx, len); - *data->data.buffer.length = len; + XMEMCPY(data->data.buffer.data, input + idx, (size_t)len); + *data->data.buffer.length = (word32)len; break; case ASN_DATA_TYPE_EXP_BUFFER: @@ -1185,7 +1185,7 @@ static int GetASN_StoreData(const ASNItem* asn, ASNGetData* data, return ASN_PARSE_E; } /* Check data is same as expected. */ - if (XMEMCMP(data->data.ref.data, input + idx, len) != 0) { + if (XMEMCMP(data->data.ref.data, input + idx, (size_t)len) != 0) { #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE WOLFSSL_MSG("Data not as expected"); #endif @@ -1202,7 +1202,8 @@ static int GetASN_StoreData(const ASNItem* asn, ASNGetData* data, #endif return MP_INIT_E; } - err = mp_read_unsigned_bin(data->data.mp, (byte*)input + idx, len); + err = mp_read_unsigned_bin(data->data.mp, (byte*)input + idx, + (word32)len); if (err != 0) { #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE WOLFSSL_MSG_VSNPRINTF("Failed to read mp: %d", err); @@ -1261,7 +1262,7 @@ static int GetASN_StoreData(const ASNItem* asn, ASNGetData* data, /* Store data pointer and length for caller. */ data->data.ref.data = input + idx; - data->data.ref.length = len; + data->data.ref.length = (word32)len; break; case ASN_DATA_TYPE_NONE: @@ -1295,7 +1296,7 @@ static int GetASN_StoreData(const ASNItem* asn, ASNGetData* data, word32 oidIdx = 0; /* Store OID data pointer and length */ data->data.oid.data = input + idx; - data->data.oid.length = len; + data->data.oid.length = (word32)len; /* Get the OID sum. */ err = GetOID(input + idx, &oidIdx, &data->data.oid.sum, data->data.oid.type, len); @@ -1310,7 +1311,7 @@ static int GetASN_StoreData(const ASNItem* asn, ASNGetData* data, /* Otherwise store data pointer and length. */ data->data.ref.data = input + idx; - data->data.ref.length = len; + data->data.ref.length = (word32)len; break; #ifdef DEBUG_WOLFSSL @@ -1511,9 +1512,9 @@ int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count, int complete, return ASN_PARSE_E; } /* Store length of data. */ - data[i].length = len; + data[i].length = (word32)len; /* Note the max length of items under this one. */ - endIdx[depth + 1] = idx + len; + endIdx[depth + 1] = idx + (word32)len; if (choice > 1) { /* Note we found a number choice. */ choiceMet[choice - 2] = 1; @@ -1561,7 +1562,7 @@ int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count, int complete, if (asn[i].headerOnly) { /* Store reference to data and length. */ data[i].data.ref.data = input + idx; - data[i].data.ref.length = len; + data[i].data.ref.length = (word32)len; continue; } @@ -1572,7 +1573,7 @@ int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count, int complete, } /* Move index to next item. */ - idx += len; + idx += (word32)len; /* When matched numbered choice ... */ if (asn[i].optional > 1) { @@ -1780,7 +1781,7 @@ static int GetASN_Sequence(const byte* input, word32* inOutIdx, int* len, ret = ASN_PARSE_E; } /* Check all data used if complete set. */ - if ((ret == 0) && complete && (idx + *len != maxIdx)) { + if ((ret == 0) && complete && (idx + (word32)*len != maxIdx)) { ret = ASN_PARSE_E; } if (ret == 0) { @@ -2112,7 +2113,7 @@ int GetLength_ex(const byte* input, word32* inOutIdx, int* len, word32 maxIdx, int check) { int length = 0; - word32 idx = *inOutIdx; + word32 idx = (word32)*inOutIdx; byte b; /* Ensure zero return length on error. */ @@ -2177,7 +2178,7 @@ int GetLength_ex(const byte* input, word32* inOutIdx, int* len, word32 maxIdx, } /* When requested, check the buffer has at least length bytes left. */ - if (check && ((idx + length) > maxIdx)) { + if (check && ((idx + (word32)length) > maxIdx)) { WOLFSSL_MSG("GetLength - value exceeds buffer length"); return BUFFER_E; } @@ -2850,7 +2851,7 @@ const char* GetSigName(int oid) { */ int SetASNInt(int len, byte firstByte, byte* output) { - word32 idx = 0; + int idx = 0; if (output) { /* Write out tag. */ @@ -2865,7 +2866,7 @@ int SetASNInt(int len, byte firstByte, byte* output) len++; } /* Encode length - passing NULL for output will not encode. */ - idx += SetLength(len, output ? output + idx : NULL); + idx += (int)SetLength((word32)len, output ? output + idx : NULL); /* Put out pre-pended 0 as well. */ if (firstByte & 0x80) { if (output) { @@ -3088,8 +3089,8 @@ int GetShortInt(const byte* input, word32* inOutIdx, int* number, word32 maxIdx) maxIdx); if (ret == 0) { /* Return number through variable and return value. */ - *number = num; - ret = num; + *number = (int)num; + ret = (int)num; } return ret; #endif @@ -3102,7 +3103,7 @@ int GetShortInt(const byte* input, word32* inOutIdx, int* number, word32 maxIdx) int SetShortInt(byte* input, word32* inOutIdx, word32 number, word32 maxIdx) { word32 idx = *inOutIdx; - word32 len = 0; + int len = 0; int i; byte ar[MAX_LENGTH_SZ]; @@ -3209,7 +3210,7 @@ int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx, word32 maxIdx) if (mp_init(mpi) != MP_OKAY) return MP_INIT_E; - if (mp_read_unsigned_bin(mpi, input + idx, length) != 0) { + if (mp_read_unsigned_bin(mpi, input + idx, (word32)length) != 0) { mp_clear(mpi); return ASN_GETINT_E; } @@ -3221,7 +3222,7 @@ int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx, word32 maxIdx) } #endif /* HAVE_WOLF_BIGINT */ - *inOutIdx = idx + length; + *inOutIdx = idx + (word32)length; return 0; #else @@ -3254,7 +3255,7 @@ static int GetIntPositive(mp_int* mpi, const byte* input, word32* inOutIdx, if (mp_init(mpi) != MP_OKAY) return MP_INIT_E; - if (mp_read_unsigned_bin(mpi, input + idx, length) != 0) { + if (mp_read_unsigned_bin(mpi, input + idx, (word32)length) != 0) { mp_clear(mpi); return ASN_GETINT_E; } @@ -3266,7 +3267,7 @@ static int GetIntPositive(mp_int* mpi, const byte* input, word32* inOutIdx, } #endif /* HAVE_WOLF_BIGINT */ - *inOutIdx = idx + length; + *inOutIdx = idx + (word32)length; return 0; } @@ -3284,7 +3285,7 @@ static int SkipInt(const byte* input, word32* inOutIdx, word32 maxIdx) if (ret != 0) return ret; - *inOutIdx = idx + length; + *inOutIdx = idx + (word32)length; return 0; } @@ -3355,7 +3356,7 @@ int CheckBitString(const byte* input, word32* inOutIdx, int* len, if (b >= 0x08) return ASN_PARSE_E; if (b != 0) { - if ((byte)(input[idx + length - 1] << (8 - b)) != 0) + if ((byte)(input[idx + (word32)length - 1] << (8 - b)) != 0) return ASN_PARSE_E; } idx++; @@ -3389,10 +3390,10 @@ int CheckBitString(const byte* input, word32* inOutIdx, int* len, if (ret == 0) { /* Return length of data and unused bits if required. */ if (len != NULL) { - *len = dataASN[BITSTRINGASN_IDX_BIT_STR].data.ref.length; + *len = (int)dataASN[BITSTRINGASN_IDX_BIT_STR].data.ref.length; } if (unusedBits != NULL) { - *unusedBits = bits; + *unusedBits = (byte)bits; } } @@ -3487,7 +3488,7 @@ static int GetBerHeader(const byte* data, word32* idx, word32 maxIdx, /* Return tag, length and index after BER item header */ *pTag = tag; - *pLen = len; + *pLen = (word32)len; *idx = i; return 0; } @@ -3557,7 +3558,7 @@ static void IndefItems_AddData(IndefItems* items, word32 length) static void IndefItems_UpdateHeaderLen(IndefItems* items) { items->len[items->idx].headerLen += - SetLength(items->len[items->idx].len, NULL); + (int)SetLength(items->len[items->idx].len, NULL); } /* Go to indefinite parent of current item */ @@ -3583,11 +3584,11 @@ static void IndefItems_CalcLength(IndefItems* items) for (i = idx + 1; i < items->cnt; i++) { if (items->len[i].depth == items->depth) { - items->len[idx].len += items->len[i].headerLen; + items->len[idx].len += (word32)items->len[i].headerLen; items->len[idx].len += items->len[i].len; } } - items->len[idx].headerLen += SetLength(items->len[idx].len, NULL); + items->len[idx].headerLen += (int)SetLength(items->len[idx].len, NULL); } /* Add more data to indefinite length item */ @@ -3658,7 +3659,7 @@ int wc_BerToDer(const byte* ber, word32 berSz, byte* der, word32* derSz) tag != (ASN_SEQUENCE | ASN_CONSTRUCTED) && tag != (ASN_SET | ASN_CONSTRUCTED)) { /* Constructed basic type - get repeating tag */ - basic = tag & (~ASN_CONSTRUCTED); + basic = (byte)(tag & (~ASN_CONSTRUCTED)); /* Add up lengths of each item below */ for (; i < berSz; ) { @@ -3751,7 +3752,7 @@ int wc_BerToDer(const byte* ber, word32 berSz, byte* der, word32* derSz) if (indef) { if (der != NULL) { /* Check enough space for header */ - if (j + IndefItems_HeaderLen(indefItems) > *derSz) { + if (j + (word32)IndefItems_HeaderLen(indefItems) > *derSz) { ret = BUFFER_E; goto end; } @@ -3760,14 +3761,14 @@ int wc_BerToDer(const byte* ber, word32 berSz, byte* der, word32* derSz) tag != (ASN_SEQUENCE | ASN_CONSTRUCTED) && tag != (ASN_SET | ASN_CONSTRUCTED)) { /* Remove constructed tag for basic types */ - tag &= ~ASN_CONSTRUCTED; + tag &= (byte)~ASN_CONSTRUCTED; } /* Add tag and length */ der[j] = tag; (void)SetLength(IndefItems_Len(indefItems), der + j + 1); } /* Add header length of indefinite item */ - j += IndefItems_HeaderLen(indefItems); + j += (word32)IndefItems_HeaderLen(indefItems); if ((tag & 0xC0) == 0 && tag != (ASN_SEQUENCE | ASN_CONSTRUCTED) && @@ -3854,7 +3855,7 @@ static word32 SetBitString16Bit(word16 val, byte* output) while (((lastByte >> unusedBits) & 0x01) == 0x00) unusedBits++; - idx = SetBitString(len, unusedBits, output); + idx = SetBitString((word32)len, unusedBits, output); output[idx++] = (byte)val; if (len > 1) output[idx++] = (byte)(val >> 8); @@ -5572,7 +5573,7 @@ int SetObjectId(int len, byte* output) /* Skip tag. */ idx += ASN_TAG_SZ; /* Encode length - passing NULL for output will not encode. */ - idx += SetLength(len, output ? output + idx : NULL); + idx += (int)SetLength((word32)len, output ? output + idx : NULL); /* Return index after header. */ return idx; @@ -5815,7 +5816,7 @@ static int SkipObjectId(const byte* input, word32* inOutIdx, word32 maxIdx) if (ret != 0) return ret; - idx += length; + idx += (word32)length; *inOutIdx = idx; return 0; @@ -6287,7 +6288,7 @@ size_t rsaIntOffset[] = { * @return A pointer to an mp_int when valid index. * @return NULL when invalid index. */ -static mp_int* GetRsaInt(RsaKey* key, byte idx) +static mp_int* GetRsaInt(RsaKey* key, int idx) { /* Cast key to byte array to and use offset to get to mp_int field. */ return (mp_int*)(((byte*)key) + rsaIntOffset[idx]); @@ -6390,7 +6391,7 @@ static int _RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, if (GetASNInt(input, inOutIdx, keySz, inSz) < 0) { return ASN_PARSE_E; } - *inOutIdx += *keySz; + *inOutIdx += (word32)*keySz; for (i = 1; i < RSA_INTS; i++) { if (SkipInt(input, inOutIdx, inSz) < 0) { return ASN_RSA_KEY_E; @@ -6525,9 +6526,9 @@ static int _RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, } else if (ret == 0) { /* Not filling in key but do want key size. */ - *keySz = dataASN[(byte)RSAKEYASN_IDX_N].length; + *keySz = (int)dataASN[(byte)RSAKEYASN_IDX_N].length; /* Check whether first byte of data is 0x00 and drop it. */ - if (input[dataASN[(byte)RSAKEYASN_IDX_E].offset - *keySz] == 0) { + if (input[(int)dataASN[RSAKEYASN_IDX_E].offset - *keySz] == 0) { (*keySz)--; } } @@ -6847,7 +6848,7 @@ int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, word32 sz, /* Return index to start of internal key. */ *inOutIdx = GetASNItem_DataIdx(dataASN[PKCS8KEYASN_IDX_PKEY_DATA], input); /* Return value is length of internal key. */ - ret = dataASN[PKCS8KEYASN_IDX_PKEY_DATA].data.ref.length; + ret = (int)dataASN[PKCS8KEYASN_IDX_PKEY_DATA].data.ref.length; } FREE_ASNGETDATA(dataASN, NULL); @@ -6878,10 +6879,10 @@ int ToTraditional_ex(byte* input, word32 sz, word32* algId) if (length < 0) return length; - if (length + inOutIdx > sz) + if ((word32)length + inOutIdx > sz) return BUFFER_E; - XMEMMOVE(input, input + inOutIdx, length); + XMEMMOVE(input, input + inOutIdx, (size_t)length); return length; } @@ -6963,7 +6964,7 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz, /* version Version * no header information just INTEGER */ - sz = SetMyVersion(PKCS8v0, out + keyIdx, 0); + sz = (word32)SetMyVersion(PKCS8v0, out + keyIdx, 0); tmpSz += sz; keyIdx += sz; /* privateKeyAlgorithm PrivateKeyAlgorithmIdentifier */ sz = 0; /* set sz to 0 and get privateKey oid buffer size needed */ @@ -6972,20 +6973,20 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz, sz = SetLength(oidSz, buf); sz += 1; /* plus one for ASN object id */ } - sz = SetAlgoID(algoID, out + keyIdx, oidKeyType, oidSz + sz); + sz = (word32)SetAlgoID(algoID, out + keyIdx, oidKeyType, (int)(oidSz + sz)); tmpSz += sz; keyIdx += sz; /* privateKey PrivateKey * * pkcs8 ecc uses slightly different format. Places curve oid in * buffer */ if (curveOID != NULL && oidSz > 0) { - sz = SetObjectId(oidSz, out + keyIdx); + sz = (word32)SetObjectId((int)oidSz, out + keyIdx); keyIdx += sz; tmpSz += sz; XMEMCPY(out + keyIdx, curveOID, oidSz); keyIdx += oidSz; tmpSz += oidSz; } - sz = SetOctetString(keySz, out + keyIdx); + sz = (word32)SetOctetString(keySz, out + keyIdx); keyIdx += sz; tmpSz += sz; XMEMCPY(out + keyIdx, key, keySz); tmpSz += keySz; @@ -6998,7 +6999,7 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz, XMEMMOVE(out + sz, out + MAX_SEQ_SZ, tmpSz); *outSz = tmpSz + sz; - return tmpSz + sz; + return (int)(tmpSz + sz); #else DECL_ASNSETDATA(dataASN, pkcs8KeyASN_Length); int sz; @@ -7027,7 +7028,8 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz, /* Only support default PKCS #8 format - v0. */ SetASN_Int8Bit(&dataASN[PKCS8KEYASN_IDX_VER], PKCS8v0); /* Set key OID that corresponds to key data. */ - SetASN_OID(&dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_KEY], algoID, oidKeyType); + SetASN_OID(&dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_KEY], (word32)algoID, + oidKeyType); if (curveOID != NULL && oidSz > 0) { /* ECC key and curveOID set to write. */ SetASN_Buffer(&dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_CURVE], curveOID, oidSz); @@ -7049,7 +7051,7 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz, } if (ret == 0) { /* Always return the calculated size. */ - *outSz = sz; + *outSz = (word32)sz; } /* Check for buffer to encoded into. */ if ((ret == 0) && (out == NULL)) { @@ -8185,12 +8187,13 @@ int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz, ret = GetAlgoV2(encAlgId, &encOid, &encOidSz, &pbeId, &blockSz); } if (ret == 0) { - padSz = (blockSz - (keySz & (blockSz - 1))) & (blockSz - 1); + padSz = (word32)((blockSz - ((int)keySz & (blockSz - 1))) & + (blockSz - 1)); /* inner = OCT salt INT itt */ innerLen = 2 + saltSz + 2 + (itt < 256 ? 1 : 2); if (version != PKCS5v2) { - pbeOidBuf = OidFromId(pbeId, oidPBEType, &pbeOidBufSz); + pbeOidBuf = OidFromId((word32)pbeId, oidPBEType, &pbeOidBufSz); /* pbe = OBJ pbse1 SEQ [ inner ] */ pbeLen = 2 + pbeOidBufSz + 2 + innerLen; } @@ -8200,11 +8203,12 @@ int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz, /* kdf = OBJ pbkdf2 [ SEQ innerLen ] */ kdfLen = 2 + sizeof(pbkdf2Oid) + 2 + innerLen; /* enc = OBJ enc_alg OCT iv */ - encLen = 2 + encOidSz + 2 + blockSz; + encLen = 2 + (word32)encOidSz + 2 + (word32)blockSz; /* pbe = OBJ pbse2 SEQ [ SEQ [ kdf ] SEQ [ enc ] ] */ - pbeLen = 2 + sizeof(pbes2) + 2 + 2 + kdfLen + 2 + encLen; + pbeLen = (word32)(2 + sizeof(pbes2) + 2 + 2 + (size_t)kdfLen + 2 + + (size_t)encLen); - ret = wc_RNG_GenerateBlock(rng, cbcIv, blockSz); + ret = wc_RNG_GenerateBlock(rng, cbcIv, (word32)blockSz); } } if (ret == 0) { @@ -8228,7 +8232,7 @@ int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz, /* Put Encrypted content in place. */ XMEMCPY(out + encIdx, key, keySz); if (padSz > 0) { - XMEMSET(out + encIdx + keySz, padSz, padSz); + XMEMSET(out + encIdx + keySz, (int)padSz, padSz); keySz += padSz; } @@ -8249,35 +8253,35 @@ int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz, } } if (ret == 0) { - ret = wc_CryptKey(password, passwordSz, salt, saltSz, itt, pbeId, - out + encIdx, keySz, version, cbcIv, 1, 0); + ret = wc_CryptKey(password, passwordSz, salt, (int)saltSz, itt, pbeId, + out + encIdx, (int)keySz, version, cbcIv, 1, 0); } if (ret == 0) { if (version != PKCS5v2) { /* PBE algorithm */ idx += SetSequence(pbeLen, out + idx); - idx += SetObjectId(pbeOidBufSz, out + idx); + idx += (word32)SetObjectId((int)pbeOidBufSz, out + idx); XMEMCPY(out + idx, pbeOidBuf, pbeOidBufSz); idx += pbeOidBufSz; } else { /* PBES2 algorithm identifier */ idx += SetSequence(pbeLen, out + idx); - idx += SetObjectId(pbeOidBufSz, out + idx); + idx += (word32)SetObjectId((int)pbeOidBufSz, out + idx); XMEMCPY(out + idx, pbeOidBuf, pbeOidBufSz); idx += pbeOidBufSz; /* PBES2 Parameters: SEQ [ kdf ] SEQ [ enc ] */ idx += SetSequence(2 + kdfLen + 2 + encLen, out + idx); /* KDF Algorithm Identifier */ idx += SetSequence(kdfLen, out + idx); - idx += SetObjectId(sizeof(pbkdf2Oid), out + idx); + idx += (word32)SetObjectId((int)sizeof(pbkdf2Oid), out + idx); XMEMCPY(out + idx, pbkdf2Oid, sizeof(pbkdf2Oid)); idx += sizeof(pbkdf2Oid); } idx += SetSequence(innerLen, out + idx); idx += SetOctetString(saltSz, out + idx); XMEMCPY(out + idx, salt, saltSz); idx += saltSz; - ret = SetShortInt(out, &idx, itt, *outSz); + ret = SetShortInt(out, &idx, (word32)itt, *outSz); if (ret > 0) ret = 0; } @@ -8285,19 +8289,19 @@ int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz, if (version == PKCS5v2) { /* Encryption Algorithm Identifier */ idx += SetSequence(encLen, out + idx); - idx += SetObjectId(encOidSz, out + idx); - XMEMCPY(out + idx, encOid, encOidSz); - idx += encOidSz; + idx += (word32)SetObjectId(encOidSz, out + idx); + XMEMCPY(out + idx, encOid, (size_t)encOidSz); + idx += (word32)encOidSz; /* Encryption Algorithm Parameter: CBC IV */ - idx += SetOctetString(blockSz, out + idx); - XMEMCPY(out + idx, cbcIv, blockSz); - idx += blockSz; + idx += SetOctetString((word32)blockSz, out + idx); + XMEMCPY(out + idx, cbcIv, (size_t)blockSz); + idx += (word32)blockSz; } idx += SetOctetString(keySz, out + idx); /* Default PRF - no need to write out OID */ idx += keySz; - ret = idx; + ret = (int)idx; } #ifdef WOLFSSL_SMALL_STACK @@ -8329,7 +8333,7 @@ int wc_DecryptPKCS8Key(byte* input, word32 sz, const char* password, ret = DecryptContent(input + inOutIdx, sz - inOutIdx, password, passwordSz); if (ret > 0) { - XMEMMOVE(input, input + inOutIdx, ret); + XMEMMOVE(input, input + inOutIdx, (size_t)ret); } } @@ -8338,11 +8342,11 @@ int wc_DecryptPKCS8Key(byte* input, word32 sz, const char* password, * bytes intact. This code calculates the length without the padding * and we return that to the user. */ inOutIdx = 0; - if (GetSequence(input, &inOutIdx, &length, ret) < 0) { + if (GetSequence(input, &inOutIdx, &length, (word32)ret) < 0) { ret = ASN_PARSE_E; } else { - ret = inOutIdx + length; + ret = (int)inOutIdx + length; } } @@ -8386,7 +8390,7 @@ int TraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz, ret = wc_CreatePKCS8Key(pkcs8Key, &pkcs8KeySz, key, keySz, algId, curveOid, curveOidSz); if (ret >= 0) { - pkcs8KeySz = ret; + pkcs8KeySz = (word32)ret; ret = 0; } } @@ -8519,7 +8523,7 @@ int DecryptContent(byte* input, word32 sz, const char* password, int passwordSz) } /* Find the end of this SEQUENCE so we can check for the OPTIONAL and * DEFAULT items. */ - seqEnd = inOutIdx + length; + seqEnd = inOutIdx + (word32)length; ret = GetOctetString(input, &inOutIdx, &saltSz, sz); if (ret < 0) @@ -8536,8 +8540,8 @@ int DecryptContent(byte* input, word32 sz, const char* password, int passwordSz) } #endif - XMEMCPY(salt, &input[inOutIdx], saltSz); - inOutIdx += saltSz; + XMEMCPY(salt, &input[inOutIdx], (size_t)saltSz); + inOutIdx += (word32)saltSz; if (GetShortInt(input, &inOutIdx, &iterations, sz) < 0) { ERROR_OUT(ASN_PARSE_E, exit_dc); @@ -8579,7 +8583,7 @@ int DecryptContent(byte* input, word32 sz, const char* password, int passwordSz) ERROR_OUT(ASN_PARSE_E, exit_dc); } - if (CheckAlgoV2(oid, &id, NULL) < 0) { + if (CheckAlgoV2((int)oid, &id, NULL) < 0) { ERROR_OUT(ASN_PARSE_E, exit_dc); /* PKCS v2 algo id error */ } @@ -8594,8 +8598,8 @@ int DecryptContent(byte* input, word32 sz, const char* password, int passwordSz) ERROR_OUT(ASN_PARSE_E, exit_dc); } - XMEMCPY(cbcIv, &input[inOutIdx], length); - inOutIdx += length; + XMEMCPY(cbcIv, &input[inOutIdx], (size_t)length); + inOutIdx += (word32)length; } if (GetASNTag(input, &inOutIdx, &tag, sz) < 0) { @@ -8611,7 +8615,7 @@ int DecryptContent(byte* input, word32 sz, const char* password, int passwordSz) } ret = wc_CryptKey(password, passwordSz, salt, saltSz, iterations, id, - input + inOutIdx, length, version, cbcIv, 0, shaOid); + input + inOutIdx, length, version, cbcIv, 0, (int)shaOid); exit_dc: #ifdef WOLFSSL_SMALL_STACK @@ -8620,7 +8624,7 @@ exit_dc: #endif if (ret == 0) { - XMEMMOVE(input, input + inOutIdx, length); + XMEMMOVE(input, input + inOutIdx, (size_t)length); ret = length; } @@ -8705,7 +8709,7 @@ exit_dc: GetASN_GetRef(&dataASN[PBES2PARAMSASN_IDX_PBKDF2_PARAMS_SALT], &salt, &saltSz); /* Get the digest and encryption algorithm id. */ shaOid = dataASN[PBES2PARAMSASN_IDX_PBKDF2_PARAMS_PRF_OID].data.oid.sum; /* Default HMAC-SHA1 */ - id = dataASN[PBES2PARAMSASN_IDX_ENCS_OID].data.oid.sum; + id = (int)dataASN[PBES2PARAMSASN_IDX_ENCS_OID].data.oid.sum; /* Convert encryption algorithm to a PBE algorithm if needed. */ CheckAlgoV2(id, &id, NULL); } @@ -8714,13 +8718,14 @@ exit_dc: if (ret == 0) { /* Decrypt the key. */ - ret = wc_CryptKey(password, passwordSz, salt, saltSz, iterations, id, - key, keySz, version, cbcIv, 0, shaOid); + ret = wc_CryptKey( + password, passwordSz, salt, (int)saltSz, (int)iterations, id, key, + (int)keySz, version, cbcIv, 0, (int)shaOid); } if (ret == 0) { /* Copy the decrypted key into the input (inline). */ XMEMMOVE(input, key, keySz); - ret = keySz; + ret = (int)keySz; } FREE_ASNGETDATA(dataASN, NULL); @@ -8757,7 +8762,7 @@ int ToTraditionalEnc(byte* input, word32 sz, const char* password, ret = wc_DecryptPKCS8Key(input, sz, password, passwordSz); if (ret > 0) { - ret = ToTraditional_ex(input, ret, algId); + ret = ToTraditional_ex(input, (word32)ret, algId); } return ret; @@ -8896,18 +8901,18 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, /* calculate size */ /* size of constructed string at end */ - sz = Pkcs8Pad(NULL, inputSz, blockSz); + sz = (word32)Pkcs8Pad(NULL, (int)inputSz, blockSz); totalSz = ASN_TAG_SZ; totalSz += SetLength(sz, seq); totalSz += sz; /* size of sequence holding object id and sub sequence of salt and itt */ - algoName = OidFromId(id, oidPBEType, &algoSz); + algoName = OidFromId((word32)id, oidPBEType, &algoSz); if (algoName == NULL) { WOLFSSL_MSG("Unknown Algorithm"); return 0; } - innerSz = SetObjectId(algoSz, seq); + innerSz = (word32)SetObjectId((int)algoSz, seq); innerSz += algoSz; /* get subsequence of salt and itt */ @@ -8921,9 +8926,9 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, seqSz += sz; tmpIdx = 0; - ret = SetShortInt(shr, &tmpIdx, itt, maxShr); + ret = SetShortInt(shr, &tmpIdx, (word32)itt, maxShr); if (ret >= 0) { - seqSz += ret; + seqSz += (word32)ret; } else { return ret; @@ -8941,7 +8946,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, return BUFFER_E; inOutIdx += SetSequence(innerSz, out + inOutIdx); - inOutIdx += SetObjectId(algoSz, out + inOutIdx); + inOutIdx += (word32)SetObjectId((int)algoSz, out + inOutIdx); XMEMCPY(out + inOutIdx, algoName, algoSz); inOutIdx += algoSz; inOutIdx += SetSequence(seqSz, out + inOutIdx); @@ -8975,7 +8980,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, inOutIdx += saltSz; /* place iteration setting in buffer */ - ret = SetShortInt(out, &inOutIdx, itt, *outSz); + ret = SetShortInt(out, &inOutIdx, (word32)itt, *outSz); if (ret < 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -8992,7 +8997,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, out[inOutIdx++] = ASN_CONTEXT_SPECIFIC | 0; /* get pad size and verify buffer room */ - sz = Pkcs8Pad(NULL, inputSz, blockSz); + sz = (word32)Pkcs8Pad(NULL, (int)inputSz, blockSz); if (sz + inOutIdx > *outSz) { #ifdef WOLFSSL_SMALL_STACK XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -9003,7 +9008,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, /* copy input to output buffer and pad end */ XMEMCPY(out + inOutIdx, input, inputSz); - sz = Pkcs8Pad(out + inOutIdx, inputSz, blockSz); + sz = (word32)Pkcs8Pad(out + inOutIdx, (int)inputSz, blockSz); #ifdef WOLFSSL_SMALL_STACK cbcIv = (byte*)XMALLOC(MAX_IV_SIZE, heap, DYNAMIC_TYPE_TMP_BUFFER); if (cbcIv == NULL) { @@ -9013,8 +9018,8 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, #endif /* encrypt */ - if ((ret = wc_CryptKey(password, passwordSz, salt, saltSz, itt, id, - out + inOutIdx, sz, version, cbcIv, 1, 0)) < 0) { + if ((ret = wc_CryptKey(password, passwordSz, salt, (int)saltSz, itt, id, + out + inOutIdx, (int)sz, version, cbcIv, 1, 0)) < 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(cbcIv, heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -9030,7 +9035,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, (void)rng; - return inOutIdx + sz; + return (int)(inOutIdx + sz); #else DECL_ASNSETDATA(dataASN, p8EncPbes1ASN_Length); int ret = 0; @@ -9066,7 +9071,8 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, if (ret == 0) { /* Setup data to go into encoding including PBE algorithm, salt, * iteration count, and padded key length. */ - SetASN_OID(&dataASN[P8ENCPBES1ASN_IDX_ENCALGO_OID], id, oidPBEType); + SetASN_OID(&dataASN[P8ENCPBES1ASN_IDX_ENCALGO_OID], (word32)id, + oidPBEType); if (salt == NULL || saltSz == 0) { salt = NULL; saltSz = PKCS5_SALT_SZ; @@ -9074,8 +9080,9 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, } SetASN_Buffer(&dataASN[P8ENCPBES1ASN_IDX_ENCALGO_PBEPARAM_SALT], salt, saltSz); - SetASN_Int16Bit(&dataASN[P8ENCPBES1ASN_IDX_ENCALGO_PBEPARAM_ITER], itt); - pkcs8Sz = Pkcs8Pad(NULL, inputSz, blockSz); + SetASN_Int16Bit(&dataASN[P8ENCPBES1ASN_IDX_ENCALGO_PBEPARAM_ITER], + (word16)itt); + pkcs8Sz = (word32)Pkcs8Pad(NULL, (int)inputSz, blockSz); SetASN_Buffer(&dataASN[P8ENCPBES1ASN_IDX_ENCDATA], NULL, pkcs8Sz); /* Calculate size of encoding. */ @@ -9086,7 +9093,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, } /* Return size when no output buffer. */ if ((ret == 0) && (out == NULL)) { - *outSz = sz; + *outSz = (word32)sz; ret = LENGTH_ONLY_E; } /* Check output buffer is big enough for encoded data. */ @@ -9102,7 +9109,8 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, if (salt == NULL) { /* Generate salt into encoding. */ - salt = (byte*)dataASN[P8ENCPBES1ASN_IDX_ENCALGO_PBEPARAM_SALT].data.buffer.data; + salt = (byte*)dataASN[P8ENCPBES1ASN_IDX_ENCALGO_PBEPARAM_SALT]. + data.buffer.data; ret = wc_RNG_GenerateBlock(rng, salt, saltSz); } } @@ -9112,11 +9120,11 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, byte* pkcs8 = (byte*)dataASN[P8ENCPBES1ASN_IDX_ENCDATA].data.buffer.data; XMEMCPY(pkcs8, input, inputSz); - Pkcs8Pad(pkcs8, inputSz, blockSz); + Pkcs8Pad(pkcs8, (int)inputSz, blockSz); /* Encrypt PKCS#8 key inline. */ - ret = wc_CryptKey(password, passwordSz, salt, saltSz, itt, id, pkcs8, - pkcs8Sz, version, cbcIv, 1, 0); + ret = wc_CryptKey(password, passwordSz, salt, (int)saltSz, itt, id, + pkcs8, (int)pkcs8Sz, version, cbcIv, 1, 0); } if (ret == 0) { /* Returning size on success. */ @@ -9343,10 +9351,10 @@ int wc_RsaPublicKeyDecode_ex(const byte* input, word32* inOutIdx, word32 inSz, return ASN_RSA_KEY_E; } if (nSz) - *nSz = length; + *nSz = (word32)length; if (n) *n = &input[*inOutIdx]; - *inOutIdx += length; + *inOutIdx += (word32)length; /* Get exponent */ ret = GetASNInt(input, inOutIdx, &length, inSz); @@ -9354,10 +9362,10 @@ int wc_RsaPublicKeyDecode_ex(const byte* input, word32* inOutIdx, word32 inSz, return ASN_RSA_KEY_E; } if (eSz) - *eSz = length; + *eSz = (word32)length; if (e) *e = &input[*inOutIdx]; - *inOutIdx += length; + *inOutIdx += (word32)length; return ret; #else @@ -9737,7 +9745,7 @@ int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key, word32 inSz) /* the version (0) - private only (for public skip) */ if (GetASNInt(input, inOutIdx, &length, inSz) == 0) { - *inOutIdx += length; + *inOutIdx += (word32)length; } /* Size of dhKeyAgreement section */ @@ -9865,8 +9873,8 @@ int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key, word32 inSz) int wc_DhKeyToDer(DhKey* key, byte* output, word32* outSz, int exportPriv) { #ifndef WOLFSSL_ASN_TEMPLATE - int ret, privSz = 0, pubSz = 0, keySz; - word32 idx, len, total; + int ret, privSz = 0, pubSz = 0; + word32 keySz, idx, len, total; if (key == NULL || outSz == NULL) { return BAD_FUNC_ARG; @@ -9876,12 +9884,17 @@ int wc_DhKeyToDer(DhKey* key, byte* output, word32* outSz, int exportPriv) if (exportPriv) { /* octect string: priv */ privSz = SetASNIntMP(&key->priv, -1, NULL); - idx = 1 + SetLength(privSz, NULL) + privSz; /* +1 for ASN_OCTET_STRING */ + if (privSz < 0) + return privSz; + idx = 1 + SetLength((word32)privSz, NULL) + + (word32)privSz; /* +1 for ASN_OCTET_STRING */ } else { /* bit string: public */ pubSz = SetASNIntMP(&key->pub, -1, NULL); - idx = SetBitString(pubSz, 0, NULL) + pubSz; + if (pubSz < 0) + return pubSz; + idx = SetBitString((word32)pubSz, 0, NULL) + (word32)pubSz; } keySz = idx; @@ -9893,8 +9906,8 @@ int wc_DhKeyToDer(DhKey* key, byte* output, word32* outSz, int exportPriv) idx += total; /* object dhKeyAgreement 1.2.840.113549.1.3.1 */ - idx += SetObjectId(sizeof(keyDhOid), NULL); - idx += sizeof(keyDhOid); + idx += (word32)SetObjectId(sizeof(keyDhOid), NULL); + idx += (word32)sizeof(keyDhOid); len = idx - keySz; /* sequence - all but pub/priv */ idx += SetSequence(len, NULL); @@ -9921,12 +9934,12 @@ int wc_DhKeyToDer(DhKey* key, byte* output, word32* outSz, int exportPriv) idx = SetSequence(total, output); if (exportPriv) { /* version: 0 */ - idx += SetMyVersion(0, output + idx, 0); + idx += (word32)SetMyVersion(0, output + idx, 0); } /* sequence - all but pub/priv */ idx += SetSequence(len, output + idx); /* object dhKeyAgreement 1.2.840.113549.1.3.1 */ - idx += SetObjectId(sizeof(keyDhOid), output + idx); + idx += (word32)SetObjectId(sizeof(keyDhOid), output + idx); XMEMCPY(output + idx, keyDhOid, sizeof(keyDhOid)); idx += sizeof(keyDhOid); @@ -9939,17 +9952,17 @@ int wc_DhKeyToDer(DhKey* key, byte* output, word32* outSz, int exportPriv) /* octect string: priv */ if (exportPriv) { - idx += SetOctetString(privSz, output + idx); - idx += SetASNIntMP(&key->priv, -1, output + idx); + idx += (word32)SetOctetString((word32)privSz, output + idx); + idx += (word32)SetASNIntMP(&key->priv, -1, output + idx); } else { /* bit string: public */ - idx += SetBitString(pubSz, 0, output + idx); - idx += SetASNIntMP(&key->pub, -1, output + idx); + idx += (word32)SetBitString((word32)pubSz, 0, output + idx); + idx += (word32)SetASNIntMP(&key->pub, -1, output + idx); } *outSz = idx; - return idx; + return (int)idx; #else ASNSetData dataASN[dhKeyPkcs8ASN_Length]; int ret = 0; @@ -9982,7 +9995,7 @@ int wc_DhKeyToDer(DhKey* key, byte* output, word32* outSz, int exportPriv) /* Calculate the size of the DH parameters. */ ret = SizeASN_Items(dhKeyPkcs8ASN, dataASN, dhKeyPkcs8ASN_Length, &sz); if (output == NULL) { - *outSz = sz; + *outSz = (word32)sz; ret = LENGTH_ONLY_E; } /* Check buffer is big enough for encoding. */ @@ -9993,7 +10006,7 @@ int wc_DhKeyToDer(DhKey* key, byte* output, word32* outSz, int exportPriv) /* Encode the DH parameters into buffer. */ SetASN_Items(dhKeyPkcs8ASN, dataASN, dhKeyPkcs8ASN_Length, output); /* Set the actual encoding size. */ - *outSz = sz; + *outSz = (word32)sz; /* Return the actual encoding size. */ ret = sz; } @@ -10023,6 +10036,7 @@ int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz) int wc_DhParamsToDer(DhKey* key, byte* output, word32* outSz) { #ifndef WOLFSSL_ASN_TEMPLATE + int ret; word32 idx, total; if (key == NULL || outSz == NULL) { @@ -10031,9 +10045,15 @@ int wc_DhParamsToDer(DhKey* key, byte* output, word32* outSz) /* determine size */ /* integer - g */ - idx = SetASNIntMP(&key->g, -1, NULL); + ret = SetASNIntMP(&key->g, -1, NULL); + if (ret < 0) + return ret; + idx = (word32)ret; /* integer - p */ - idx += SetASNIntMP(&key->p, -1, NULL); + ret = SetASNIntMP(&key->p, -1, NULL); + if (ret < 0) + return ret; + idx += (word32)ret; total = idx; /* sequence */ idx += SetSequence(idx, NULL); @@ -10052,12 +10072,18 @@ int wc_DhParamsToDer(DhKey* key, byte* output, word32* outSz) /* sequence - for P and G only */ idx = SetSequence(total, output); /* integer - p */ - idx += SetASNIntMP(&key->p, -1, output + idx); + ret = SetASNIntMP(&key->p, -1, output + idx); + if (ret < 0) + return ret; + idx += (word32)ret; /* integer - g */ - idx += SetASNIntMP(&key->g, -1, output + idx); + ret = SetASNIntMP(&key->g, -1, output + idx); + if (ret < 0) + return ret; + idx += (word32)ret; *outSz = idx; - return idx; + return (int)idx; #else ASNSetData dataASN[dhParamASN_Length]; int ret = 0; @@ -10081,7 +10107,7 @@ int wc_DhParamsToDer(DhKey* key, byte* output, word32* outSz) ret = SizeASN_Items(dhParamASN, dataASN, dhParamASN_Length, &sz); } if ((ret == 0) && (output == NULL)) { - *outSz = sz; + *outSz = (word32)sz; ret = LENGTH_ONLY_E; } /* Check buffer is big enough for encoding. */ @@ -10092,7 +10118,7 @@ int wc_DhParamsToDer(DhKey* key, byte* output, word32* outSz) /* Encode the DH parameters into buffer. */ SetASN_Items(dhParamASN, dataASN, dhParamASN_Length, output); /* Set the actual encoding size. */ - *outSz = sz; + *outSz = (word32)sz; /* Return count of bytes written. */ ret = sz; } @@ -10140,21 +10166,21 @@ int wc_DhParamsLoad(const byte* input, word32 inSz, byte* p, word32* pInOutSz, return ret; if (length <= (int)*pInOutSz) { - XMEMCPY(p, &input[idx], length); - *pInOutSz = length; + XMEMCPY(p, &input[idx], (size_t)length); + *pInOutSz = (word32)length; } else { return BUFFER_E; } - idx += length; + idx += (word32)length; ret = GetASNInt(input, &idx, &length, inSz); if (ret != 0) return ret; if (length <= (int)*gInOutSz) { - XMEMCPY(g, &input[idx], length); - *gInOutSz = length; + XMEMCPY(g, &input[idx], (size_t)length); + *gInOutSz = (word32)length; } else { return BUFFER_E; @@ -10308,7 +10334,7 @@ int wc_DsaPublicKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key, if (GetSequence(input, inOutIdx, &length, inSz) < 0) return ASN_PARSE_E; - maxIdx = (word32)(*inOutIdx + length); + maxIdx = (word32)(*inOutIdx + (word32)length); if (GetInt(&key->p, input, inOutIdx, maxIdx) < 0 || GetInt(&key->q, input, inOutIdx, maxIdx) < 0 || GetInt(&key->g, input, inOutIdx, maxIdx) < 0 || @@ -10407,7 +10433,7 @@ int wc_DsaParamsDecode(const byte* input, word32* inOutIdx, DsaKey* key, if (GetSequence(input, inOutIdx, &length, inSz) < 0) return ASN_PARSE_E; - maxIdx = (word32)(*inOutIdx + length); + maxIdx = (word32)(*inOutIdx + (word32)length); if (GetInt(&key->p, input, inOutIdx, maxIdx) < 0 || GetInt(&key->q, input, inOutIdx, maxIdx) < 0 || GetInt(&key->g, input, inOutIdx, maxIdx) < 0) @@ -10525,7 +10551,7 @@ int wc_DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key, } /* An alternate pass if default certificate fails parsing */ if (ret == ASN_PARSE_E) { - *inOutIdx = temp; + *inOutIdx = (word32)temp; if (GetMyVersion(input, inOutIdx, &version, inSz) < 0) return ASN_PARSE_E; @@ -10637,8 +10663,8 @@ int wc_SetDsaPublicKey(byte* output, DsaKey* key, int outLen, int with_header) byte innerSeq[MAX_SEQ_SZ]; byte outerSeq[MAX_SEQ_SZ]; byte bitString[1 + MAX_LENGTH_SZ + 1]; - int idx, pSz, gSz, qSz, ySz, innerSeqSz, outerSeqSz, bitStringSz = 0; - + int pSz, gSz, qSz, ySz; + word32 idx, innerSeqSz, outerSeqSz, bitStringSz = 0; WOLFSSL_ENTER("wc_SetDsaPublicKey"); if (output == NULL || key == NULL || outLen < MAX_SEQ_SZ) { @@ -10708,7 +10734,7 @@ int wc_SetDsaPublicKey(byte* output, DsaKey* key, int outLen, int with_header) } if (with_header) { - int algoSz; + word32 algoSz; #ifdef WOLFSSL_SMALL_STACK byte* algo = NULL; @@ -10723,18 +10749,19 @@ int wc_SetDsaPublicKey(byte* output, DsaKey* key, int outLen, int with_header) #else byte algo[MAX_ALGO_SZ]; #endif - innerSeqSz = SetSequence(pSz + qSz + gSz, innerSeq); + innerSeqSz = SetSequence((word32)(pSz + qSz + gSz), innerSeq); algoSz = SetAlgoID(DSAk, algo, oidKeyType, 0); - bitStringSz = SetBitString(ySz, 0, bitString); - outerSeqSz = SetSequence(algoSz + innerSeqSz + pSz + qSz + gSz, - outerSeq); + bitStringSz = SetBitString((word32)ySz, 0, bitString); + outerSeqSz = SetSequence(algoSz + innerSeqSz + + (word32)(pSz + qSz + gSz), outerSeq); - idx = SetSequence(algoSz + innerSeqSz + pSz + qSz + gSz + bitStringSz + - ySz + outerSeqSz, output); + idx = SetSequence(algoSz + innerSeqSz + (word32)(pSz + qSz + gSz) + + bitStringSz + (word32)ySz + outerSeqSz, output); /* check output size */ - if ((idx + algoSz + bitStringSz + innerSeqSz + pSz + qSz + gSz + ySz) > - outLen) { + if ((idx + algoSz + bitStringSz + innerSeqSz + + (word32)(pSz + qSz + gSz + ySz)) > (word32)outLen) + { #ifdef WOLFSSL_SMALL_STACK XFREE(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -10756,10 +10783,10 @@ int wc_SetDsaPublicKey(byte* output, DsaKey* key, int outLen, int with_header) XFREE(algo, key->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif } else { - innerSeqSz = SetSequence(pSz + qSz + gSz + ySz, innerSeq); + innerSeqSz = SetSequence((word32)(pSz + qSz + gSz + ySz), innerSeq); /* check output size */ - if ((innerSeqSz + pSz + qSz + gSz + ySz) > outLen) { + if ((innerSeqSz + (word32)(pSz + qSz + gSz + ySz)) > (word32)outLen) { #ifdef WOLFSSL_SMALL_STACK XFREE(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -10777,22 +10804,22 @@ int wc_SetDsaPublicKey(byte* output, DsaKey* key, int outLen, int with_header) XMEMCPY(output + idx, innerSeq, innerSeqSz); idx += innerSeqSz; /* p */ - XMEMCPY(output + idx, p, pSz); - idx += pSz; + XMEMCPY(output + idx, p, (size_t)pSz); + idx += (word32)pSz; /* q */ - XMEMCPY(output + idx, q, qSz); - idx += qSz; + XMEMCPY(output + idx, q, (size_t)qSz); + idx += (word32)qSz; /* g */ - XMEMCPY(output + idx, g, gSz); - idx += gSz; + XMEMCPY(output + idx, g, (size_t)gSz); + idx += (word32)gSz; /* bit string */ if (bitStringSz > 0) { XMEMCPY(output + idx, bitString, bitStringSz); idx += bitStringSz; } /* y */ - XMEMCPY(output + idx, y, ySz); - idx += ySz; + XMEMCPY(output + idx, y, (size_t)ySz); + idx += (word32)ySz; #ifdef WOLFSSL_SMALL_STACK XFREE(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -10800,7 +10827,7 @@ int wc_SetDsaPublicKey(byte* output, DsaKey* key, int outLen, int with_header) XFREE(g, key->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(y, key->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif - return idx; + return (int)idx; #else DECL_ASNSETDATA(dataASN, dsaPubKeyASN_Length); int ret = 0; @@ -10873,7 +10900,7 @@ int wc_SetDsaPublicKey(byte* output, DsaKey* key, int outLen, int with_header) */ int wc_DsaKeyToPublicDer(DsaKey* key, byte* output, word32 inLen) { - return wc_SetDsaPublicKey(output, key, inLen, 1); + return wc_SetDsaPublicKey(output, key, (int)inLen, 1); } #endif /* !HAVE_SELFTEST && (WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN) */ @@ -10881,9 +10908,9 @@ static int DsaKeyIntsToDer(DsaKey* key, byte* output, word32* inLen, int ints, int includeVersion) { #ifndef WOLFSSL_ASN_TEMPLATE - word32 seqSz = 0, verSz = 0, intTotalLen = 0; + word32 seqSz = 0, verSz = 0, intTotalLen = 0, outLen, j; word32 sizes[DSA_INTS]; - int i, j, outLen, ret = 0; + int i, ret = 0; byte seq[MAX_SEQ_SZ]; byte ver[MAX_VERSION_SZ]; @@ -10900,7 +10927,7 @@ static int DsaKeyIntsToDer(DsaKey* key, byte* output, word32* inLen, for (i = 0; i < ints; i++) { int mpSz; mp_int* keyInt = GetDsaInt(key, i); - word32 rawLen = mp_unsigned_bin_size(keyInt) + 1; + word32 rawLen = (word32)mp_unsigned_bin_size(keyInt) + 1; tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, key->heap, DYNAMIC_TYPE_DSA); @@ -10914,7 +10941,8 @@ static int DsaKeyIntsToDer(DsaKey* key, byte* output, word32* inLen, ret = mpSz; break; } - intTotalLen += (sizes[i] = mpSz); + sizes[i] = (word32)mpSz; + intTotalLen += (word32)mpSz; } if (ret != 0) { @@ -10924,7 +10952,7 @@ static int DsaKeyIntsToDer(DsaKey* key, byte* output, word32* inLen, /* make headers */ if (includeVersion) - verSz = SetMyVersion(0, ver, FALSE); + verSz = (word32)SetMyVersion(0, ver, FALSE); seqSz = SetSequence(verSz + intTotalLen, seq); outLen = seqSz + verSz + intTotalLen; @@ -10933,7 +10961,7 @@ static int DsaKeyIntsToDer(DsaKey* key, byte* output, word32* inLen, FreeTmpDsas(tmps, key->heap, ints); return LENGTH_ONLY_E; } - if (outLen > (int)*inLen) { + if (outLen > *inLen) { FreeTmpDsas(tmps, key->heap, ints); return BAD_FUNC_ARG; } @@ -10952,7 +10980,7 @@ static int DsaKeyIntsToDer(DsaKey* key, byte* output, word32* inLen, } FreeTmpDsas(tmps, key->heap, ints); - return outLen; + return (int)outLen; #else DECL_ASNSETDATA(dataASN, dsaKeyASN_Length); int ret = 0; @@ -10992,7 +11020,7 @@ static int DsaKeyIntsToDer(DsaKey* key, byte* output, word32* inLen, ret = SizeASN_Items(dsaKeyASN, dataASN, dsaKeyASN_Length, &sz); } if ((ret == 0) && (output == NULL)) { - *inLen = sz; + *inLen = (word32)sz; ret = LENGTH_ONLY_E; } /* Check buffer is big enough for encoding. */ @@ -11231,13 +11259,13 @@ static int GetCertHeader(DecodedCert* cert) return ASN_PARSE_E; /* Reset the max index for the size indicated in the outer wrapper. */ - cert->maxIdx = len + cert->srcIdx; + cert->maxIdx = (word32)len + cert->srcIdx; cert->certBegin = cert->srcIdx; if (GetSequence(cert->source, &cert->srcIdx, &len, cert->maxIdx) < 0) return ASN_PARSE_E; - cert->sigIndex = len + cert->srcIdx; + cert->sigIndex = (word32)len + cert->srcIdx; if (cert->sigIndex > cert->maxIdx) return ASN_PARSE_E; @@ -11338,19 +11366,19 @@ static int StoreRsaKey(DecodedCert* cert, const byte* source, word32* srcIdx, return ASN_PARSE_E; pubIdx = *srcIdx; - if (GetSequence(source, srcIdx, &length, pubIdx + pubLen) < 0) + if (GetSequence(source, srcIdx, &length, pubIdx + (word32)pubLen) < 0) return ASN_PARSE_E; #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_SCEPROTECT) cert->sigCtx.CertAtt.pubkey_n_start = cert->sigCtx.CertAtt.pubkey_e_start = pubIdx; #endif - cert->pubKeySize = pubLen; + cert->pubKeySize = (word32)pubLen; cert->publicKey = source + pubIdx; #ifdef WOLFSSL_MAXQ10XX_TLS cert->publicKeyIndex = pubIdx; #endif - *srcIdx += length; + *srcIdx += (word32)length; #ifdef HAVE_OCSP return CalcHashId(cert->publicKey, cert->pubKeySize, cert->subjectKeyHash); @@ -11480,11 +11508,12 @@ static int StoreEccKey(DecodedCert* cert, const byte* source, word32* srcIdx, #endif #ifdef HAVE_OCSP - ret = CalcHashId(source + *srcIdx, length, cert->subjectKeyHash); + ret = CalcHashId(source + *srcIdx, (word32)length, + cert->subjectKeyHash); if (ret != 0) return ret; #endif - *srcIdx += length; + *srcIdx += (word32)length; } publicKey = (byte*)XMALLOC(pubKeyLen, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY); @@ -11619,7 +11648,7 @@ static int ParseDsaKey(const byte* source, word32* srcIdx, word32 maxIdx, if (ret != 0) return ASN_PARSE_E; - *srcIdx += length; + *srcIdx += (word32)length; return 0; #else @@ -11664,7 +11693,7 @@ static int GetCertKey(DecodedCert* cert, const byte* source, word32* inOutIdx, int pubLen; #endif #if defined(HAVE_ECC) || !defined(NO_DSA) - int pubIdx = srcIdx; + int pubIdx = (int)srcIdx; #endif int ret = 0; int length; @@ -11680,9 +11709,9 @@ static int GetCertKey(DecodedCert* cert, const byte* source, word32* inOutIdx, } #if defined(HAVE_ECC) || !defined(NO_DSA) - pubLen = srcIdx - pubIdx + length; + pubLen = (int)srcIdx - pubIdx + length; #endif - maxIdx = srcIdx + length; + maxIdx = srcIdx + (word32)length; /* Decode the algorithm identifier for the key. */ if (GetAlgoId(source, &srcIdx, &cert->keyOID, oidKeyType, maxIdx) < 0) { @@ -11748,7 +11777,7 @@ static int GetCertKey(DecodedCert* cert, const byte* source, word32* inOutIdx, #ifdef HAVE_ECC case ECDSAk: ret = StoreEccKey(cert, source, &srcIdx, maxIdx, source + pubIdx, - pubLen); + (word32)pubLen); break; #endif /* HAVE_ECC */ #ifdef HAVE_ED25519 @@ -11818,7 +11847,7 @@ static int GetCertKey(DecodedCert* cert, const byte* source, word32* inOutIdx, #ifndef NO_DSA case DSAk: cert->publicKey = source + pubIdx; - cert->pubKeySize = pubLen; + cert->pubKeySize = (word32)pubLen; ret = ParseDsaKey(source, &srcIdx, maxIdx, cert->heap); break; #endif /* NO_DSA */ @@ -11877,11 +11906,11 @@ static int GetHashId(const byte* id, int length, byte* hash) int ret; if (length == KEYID_SIZE) { - XMEMCPY(hash, id, length); + XMEMCPY(hash, id, (size_t)length); ret = 0; } else { - ret = CalcHashId(id, length, hash); + ret = CalcHashId(id, (word32)length, hash); } return ret; @@ -11903,7 +11932,7 @@ static int GetHashId(const byte* id, int length, byte* hash) *((char**)(((byte *)(cert)) + certNameSubject[(id) - 3].data)) = (val) /* Set the string length for a name component into the subject name. */ #define SetCertNameSubjectLen(cert, id, val) \ - *((int*)(((byte *)(cert)) + certNameSubject[(id) - 3].len)) = (val) + *((int*)(((byte *)(cert)) + certNameSubject[(id) - 3].len)) = (int)(val) /* Set the encoding for a name component into the subject name. */ #define SetCertNameSubjectEnc(cert, id, val) \ *((byte*)(((byte *)(cert)) + certNameSubject[(id) - 3].enc)) = (val) @@ -12352,7 +12381,7 @@ static int SetDNSEntry(DecodedCert* cert, const char* str, int strLen, } if (ret == 0) { /* Allocate DNS Entry name - length of string plus 1 for NUL. */ - dnsEntry->name = (char*)XMALLOC(strLen + 1, cert->heap, + dnsEntry->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap, DYNAMIC_TYPE_ALTNAME); if (dnsEntry->name == NULL) { XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); @@ -12363,7 +12392,7 @@ static int SetDNSEntry(DecodedCert* cert, const char* str, int strLen, /* Set tag type, name length, name and NUL terminate name. */ dnsEntry->type = type; dnsEntry->len = strLen; - XMEMCPY(dnsEntry->name, str, strLen); + XMEMCPY(dnsEntry->name, str, (size_t)strLen); dnsEntry->name[strLen] = '\0'; #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) @@ -12394,7 +12423,7 @@ static int SetDNSEntry(DecodedCert* cert, const char* str, int strLen, * @param [in] tag BER tag representing encoding of string. * @return 0 on success, negative values on failure. */ -static int SetSubject(DecodedCert* cert, int id, byte* str, word32 strLen, +static int SetSubject(DecodedCert* cert, int id, byte* str, int strLen, byte tag) { int ret = 0; @@ -12402,8 +12431,8 @@ static int SetSubject(DecodedCert* cert, int id, byte* str, word32 strLen, /* Put string and encoding into certificate. */ if (id == ASN_COMMON_NAME) { cert->subjectCN = (char *)str; - cert->subjectCNLen = strLen; - cert->subjectCNEnc = tag; + cert->subjectCNLen = (int)strLen; + cert->subjectCNEnc = (char)tag; } #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) else if (id > ASN_COMMON_NAME && id <= ASN_USER_ID) { @@ -12425,12 +12454,12 @@ static int SetSubject(DecodedCert* cert, int id, byte* str, word32 strLen, else if (id == ASN_JURIS_C) { cert->subjectJC = (char*)str; cert->subjectJCLen = strLen; - cert->subjectJCEnc = tag; + cert->subjectJCEnc = (char)tag; } else if (id == ASN_JURIS_ST) { cert->subjectJS = (char*)str; cert->subjectJSLen = strLen; - cert->subjectJSEnc = tag; + cert->subjectJSEnc = (char)tag; } #endif @@ -12555,7 +12584,7 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid, if (isSubject) { /* Store subject field components. */ - ret = SetSubject(cert, id, str, strLen, tag); + ret = SetSubject(cert, id, str, (int)strLen, tag); } if (ret == 0) { /* Check there is space for this in the full name string and @@ -12648,7 +12677,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, } #endif - length += srcIdx; + length += (int)srcIdx; idx = 0; while (srcIdx < (word32)length) { @@ -12714,14 +12743,14 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, if (nameType == SUBJECT) { cert->subjectCN = (char *)&input[srcIdx]; cert->subjectCNLen = strLen; - cert->subjectCNEnc = b; + cert->subjectCNEnc = (char)b; } #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)) && \ defined(WOLFSSL_HAVE_ISSUER_NAMES) else if (nameType == ISSUER) { cert->issuerCN = (char*)&input[srcIdx]; cert->issuerCNLen = strLen; - cert->issuerCNEnc = b; + cert->issuerCNEnc = (char)b; } #endif @@ -12805,13 +12834,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, if (nameType == SUBJECT) { cert->subjectSN = (char*)&input[srcIdx]; cert->subjectSNLen = strLen; - cert->subjectSNEnc = b; + cert->subjectSNEnc = (char)b; } #if defined(WOLFSSL_HAVE_ISSUER_NAMES) else if (nameType == ISSUER) { cert->issuerSN = (char*)&input[srcIdx]; cert->issuerSNLen = strLen; - cert->issuerSNEnc = b; + cert->issuerSNEnc = (char)b; } #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ @@ -12828,13 +12857,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, if (nameType == SUBJECT) { cert->subjectC = (char*)&input[srcIdx]; cert->subjectCLen = strLen; - cert->subjectCEnc = b; + cert->subjectCEnc = (char)b; } #if defined(WOLFSSL_HAVE_ISSUER_NAMES) else if (nameType == ISSUER) { cert->issuerC = (char*)&input[srcIdx]; cert->issuerCLen = strLen; - cert->issuerCEnc = b; + cert->issuerCEnc = (char)b; } #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ @@ -12851,13 +12880,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, if (nameType == SUBJECT) { cert->subjectL = (char*)&input[srcIdx]; cert->subjectLLen = strLen; - cert->subjectLEnc = b; + cert->subjectLEnc = (char)b; } #if defined(WOLFSSL_HAVE_ISSUER_NAMES) else if (nameType == ISSUER) { cert->issuerL = (char*)&input[srcIdx]; cert->issuerLLen = strLen; - cert->issuerLEnc = b; + cert->issuerLEnc = (char)b; } #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ @@ -12874,13 +12903,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, if (nameType == SUBJECT) { cert->subjectST = (char*)&input[srcIdx]; cert->subjectSTLen = strLen; - cert->subjectSTEnc = b; + cert->subjectSTEnc = (char)b; } #if defined(WOLFSSL_HAVE_ISSUER_NAMES) else if (nameType == ISSUER) { cert->issuerST = (char*)&input[srcIdx]; cert->issuerSTLen = strLen; - cert->issuerSTEnc = b; + cert->issuerSTEnc = (char)b; } #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT*/ @@ -12897,13 +12926,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, if (nameType == SUBJECT) { cert->subjectO = (char*)&input[srcIdx]; cert->subjectOLen = strLen; - cert->subjectOEnc = b; + cert->subjectOEnc = (char)b; } #if defined(WOLFSSL_HAVE_ISSUER_NAMES) else if (nameType == ISSUER) { cert->issuerO = (char*)&input[srcIdx]; cert->issuerOLen = strLen; - cert->issuerOEnc = b; + cert->issuerOEnc = (char)b; } #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ @@ -12920,13 +12949,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, if (nameType == SUBJECT) { cert->subjectOU = (char*)&input[srcIdx]; cert->subjectOULen = strLen; - cert->subjectOUEnc = b; + cert->subjectOUEnc = (char)b; } #if defined(WOLFSSL_HAVE_ISSUER_NAMES) else if (nameType == ISSUER) { cert->issuerOU = (char*)&input[srcIdx]; cert->issuerOULen = strLen; - cert->issuerOUEnc = b; + cert->issuerOUEnc = (char)b; } #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ @@ -12943,13 +12972,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, if (nameType == SUBJECT) { cert->subjectSND = (char*)&input[srcIdx]; cert->subjectSNDLen = strLen; - cert->subjectSNDEnc = b; + cert->subjectSNDEnc = (char)b; } #if defined(WOLFSSL_HAVE_ISSUER_NAMES) else if (nameType == ISSUER) { cert->issuerSND = (char*)&input[srcIdx]; cert->issuerSNDLen = strLen; - cert->issuerSNDEnc = b; + cert->issuerSNDEnc = (char)b; } #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ @@ -12966,7 +12995,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, if (nameType == SUBJECT) { cert->subjectUID = (char*)&input[srcIdx]; cert->subjectUIDLen = strLen; - cert->subjectUIDEnc = b; + cert->subjectUIDEnc = (char)b; } #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ #if (defined(OPENSSL_EXTRA) || \ @@ -12983,7 +13012,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, if (nameType == SUBJECT) { cert->subjectStreet = (char*)&input[srcIdx]; cert->subjectStreetLen = strLen; - cert->subjectStreetEnc = b; + cert->subjectStreetEnc = (char)b; } #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ #if (defined(OPENSSL_EXTRA) || \ @@ -12999,7 +13028,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, if (nameType == SUBJECT) { cert->subjectBC = (char*)&input[srcIdx]; cert->subjectBCLen = strLen; - cert->subjectBCEnc = b; + cert->subjectBCEnc = (char)b; } #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \ @@ -13014,7 +13043,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, if (nameType == SUBJECT) { cert->subjectPC = (char*)&input[srcIdx]; cert->subjectPCLen = strLen; - cert->subjectPCEnc = b; + cert->subjectPCEnc = (char)b; } #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT*/ #if (defined(OPENSSL_EXTRA) || \ @@ -13053,7 +13082,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, if (nameType == SUBJECT) { cert->subjectJC = (char*)&input[srcIdx]; cert->subjectJCLen = strLen; - cert->subjectJCEnc = b; + cert->subjectJCEnc = (char)b; } #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ #if (defined(OPENSSL_EXTRA) || \ @@ -13071,7 +13100,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, if (nameType == SUBJECT) { cert->subjectJS = (char*)&input[srcIdx]; cert->subjectJSLen = strLen; - cert->subjectJSEnc = b; + cert->subjectJSEnc = (char)b; } #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ #if (defined(OPENSSL_EXTRA) || \ @@ -13099,13 +13128,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, if (joint[0] == 0x9 && joint[1] == 0x92) { /* uid id hdr 9.146.* */ /* last value of OID is the type of pilot attribute */ - id = input[srcIdx + oidSz - 1]; + id = input[srcIdx + (word32)oidSz - 1]; if (id == 0x01) id = ASN_USER_ID; pilot = TRUE; } - srcIdx += oidSz + 1; + srcIdx += (word32)oidSz + 1; if (GetLength(input, &srcIdx, &strLen, maxIdx) < 0) { #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ @@ -13199,10 +13228,10 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, tooBig = TRUE; } if ((copy != NULL) && !tooBig) { - XMEMCPY(&full[idx], copy, copyLen); - idx += copyLen; - XMEMCPY(&full[idx], &input[srcIdx], strLen); - idx += strLen; + XMEMCPY(&full[idx], copy, (size_t)copyLen); + idx += (word32)copyLen; + XMEMCPY(&full[idx], &input[srcIdx], (size_t)strLen); + idx += (word32)strLen; } #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ !defined(WOLFCRYPT_ONLY) @@ -13227,7 +13256,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, } } #endif /* OPENSSL_EXTRA */ - srcIdx += strLen; + srcIdx += (word32)strLen; } full[idx++] = 0; @@ -13446,30 +13475,30 @@ int GetName(DecodedCert* cert, int nameType, int maxIdx) } localIdx = cert->srcIdx; - if (GetASNTag(cert->source, &localIdx, &tag, maxIdx) < 0) { + if (GetASNTag(cert->source, &localIdx, &tag, (word32)maxIdx) < 0) { return ASN_PARSE_E; } if (tag == ASN_OBJECT_ID) { WOLFSSL_MSG("Trying optional prefix..."); - if (SkipObjectId(cert->source, &cert->srcIdx, maxIdx) < 0) + if (SkipObjectId(cert->source, &cert->srcIdx, (word32)maxIdx) < 0) return ASN_PARSE_E; WOLFSSL_MSG("Got optional prefix"); } localIdx = cert->srcIdx; - if (GetASNTag(cert->source, &localIdx, &tag, maxIdx) < 0) { + if (GetASNTag(cert->source, &localIdx, &tag, (word32)maxIdx) < 0) { return ASN_PARSE_E; } localIdx = cert->srcIdx + 1; - if (GetLength(cert->source, &localIdx, &length, maxIdx) < 0) { + if (GetLength(cert->source, &localIdx, &length, (word32)maxIdx) < 0) { return ASN_PARSE_E; } - length += localIdx - cert->srcIdx; + length += (int)(localIdx - cert->srcIdx); return GetCertName(cert, full, hash, nameType, cert->source, &cert->srcIdx, - cert->srcIdx + length); + cert->srcIdx + (word32)length); #else ASNGetData dataASN[certNameASN_Length]; word32 idx = cert->srcIdx; @@ -13481,7 +13510,7 @@ int GetName(DecodedCert* cert, int nameType, int maxIdx) /* Initialize for data and don't check optional prefix OID. */ GetASN_OID(&dataASN[CERTNAMEASN_IDX_OID], oidIgnoreType); ret = GetASN_Items(certNameASN, dataASN, certNameASN_Length, 0, - cert->source, &idx, maxIdx); + cert->source, &idx, (word32)maxIdx); if (ret == 0) { char* full; byte* hash; @@ -13520,8 +13549,8 @@ static WC_INLINE int GetTime(int* value, const byte* date, int* idx) return ASN_PARSE_E; } - *value += btoi(date[i++]) * 10; - *value += btoi(date[i++]); + *value += (int)btoi(date[i++]) * 10; + *value += (int)btoi(date[i++]); *idx = i; @@ -13676,7 +13705,7 @@ int GetAsnTimeString(void* currTime, byte* buf, word32 len) { byte* data_ptr = buf; byte uf_time[ASN_GENERALIZED_TIME_SIZE]; - word32 data_len = 0; + int data_len = 0; WOLFSSL_ENTER("GetAsnTimeString"); @@ -13686,11 +13715,11 @@ int GetAsnTimeString(void* currTime, byte* buf, word32 len) XMEMSET(uf_time, 0, sizeof(uf_time)); /* GetFormattedTime returns length with null terminator */ data_len = GetFormattedTime(currTime, uf_time, (word32)sizeof(uf_time)); - if ((int)data_len <= 0) { + if (data_len <= 0) { return ASN_TIME_E; } /* ensure room to add 2 bytes (ASN type and length) before proceeding */ - else if (len < data_len + 2) { + else if (len < (word32)data_len + 2) { return BUFFER_E; } @@ -14039,7 +14068,7 @@ static int GetDateInfo(const byte* source, word32* idx, const byte** pDate, if (pLength) *pLength = length; - *idx += length; + *idx += (word32)length; return 0; #else @@ -14068,7 +14097,7 @@ static int GetDateInfo(const byte* source, word32* idx, const byte** pDate, *pDate = dataASN[i].data.ref.data; } if (pLength != NULL) { - *pLength = dataASN[i].data.ref.length; + *pLength = (int)dataASN[i].data.ref.length; } } @@ -14092,17 +14121,17 @@ static int GetDate(DecodedCert* cert, int dateType, int verify, int maxIdx) startIdx = cert->srcIdx; ret = GetDateInfo(cert->source, &cert->srcIdx, &datePtr, &format, - &length, maxIdx); + &length, (word32)maxIdx); if (ret < 0) return ret; XMEMSET(date, 0, MAX_DATE_SIZE); - XMEMCPY(date, datePtr, length); + XMEMCPY(date, datePtr, (size_t)length); if (dateType == BEFORE) - cert->beforeDateLen = cert->srcIdx - startIdx; + cert->beforeDateLen = (int)(cert->srcIdx - startIdx); else - cert->afterDateLen = cert->srcIdx - startIdx; + cert->afterDateLen = (int)(cert->srcIdx - startIdx); #ifndef NO_ASN_TIME if (verify != NO_VERIFY && verify != VERIFY_SKIP_DATE && @@ -14128,10 +14157,10 @@ static int GetValidity(DecodedCert* cert, int verify, int maxIdx) int length; int badDate = 0; - if (GetSequence(cert->source, &cert->srcIdx, &length, maxIdx) < 0) + if (GetSequence(cert->source, &cert->srcIdx, &length, (word32)maxIdx) < 0) return ASN_PARSE_E; - maxIdx = cert->srcIdx + length; + maxIdx = (int)cert->srcIdx + length; if (GetDate(cert, BEFORE, verify, maxIdx) < 0) badDate = ASN_BEFORE_DATE_E; /* continue parsing */ @@ -14153,7 +14182,7 @@ int wc_GetDateInfo(const byte* certDate, int certDateSz, const byte** date, int ret; word32 idx = 0; - ret = GetDateInfo(certDate, &idx, date, format, length, certDateSz); + ret = GetDateInfo(certDate, &idx, date, format, length, (word32)certDateSz); return ret; } @@ -14206,7 +14235,7 @@ static int GetSigAlg(DecodedCert* cert, word32* sigOid, word32 maxIdx) if (GetSequence(cert->source, &cert->srcIdx, &length, maxIdx) < 0) return ASN_PARSE_E; - endSeqIdx = cert->srcIdx + length; + endSeqIdx = cert->srcIdx + (word32)length; if (GetObjectId(cert->source, &cert->srcIdx, sigOid, oidSigType, maxIdx) < 0) { @@ -14287,16 +14316,16 @@ int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate) WOLFSSL_MSG("Got Algo ID"); - if ( (ret = GetName(cert, ISSUER, cert->sigIndex)) < 0) + if ( (ret = GetName(cert, ISSUER, (int)cert->sigIndex)) < 0) return ret; - if ( (ret = GetValidity(cert, verify, cert->sigIndex)) < 0) + if ( (ret = GetValidity(cert, verify, (int)cert->sigIndex)) < 0) *badDate = ret; #ifdef WOLFSSL_CERT_REQ } #endif - if ( (ret = GetName(cert, SUBJECT, cert->sigIndex)) < 0) + if ( (ret = GetName(cert, SUBJECT, (int)cert->sigIndex)) < 0) return ret; WOLFSSL_MSG("Got Subject Name"); @@ -14310,7 +14339,7 @@ int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate) ret = DecodeCertInternal(cert, verify, NULL, badDate, 1, 0); if (ret >= 0) { /* Store current index: public key. */ - cert->srcIdx = ret; + cert->srcIdx = (word32)ret; } return ret; #endif /* WOLFSSL_ASN_TEMPLATE */ @@ -14388,7 +14417,7 @@ static int GetSignature(DecodedCert* cert) if (ret != 0) return ret; - cert->sigLength = length; + cert->sigLength = (word32)length; cert->signature = &cert->source[cert->srcIdx]; cert->srcIdx += cert->sigLength; @@ -14569,11 +14598,11 @@ static int SetCurve(ecc_key* key, byte* output, size_t outSz) oidSz = key->dp->oidSz; #endif - idx = SetObjectId(oidSz, output); + idx = SetObjectId((int)oidSz, output); /* length only */ if (output == NULL) { - return idx + oidSz; + return idx + (int)oidSz; } /* verify output buffer has room */ @@ -14588,7 +14617,7 @@ static int SetCurve(ecc_key* key, byte* output, size_t outSz) #else XMEMCPY(output+idx, key->dp->oid, oidSz); #endif - idx += oidSz; + idx += (int)oidSz; return idx; } @@ -14603,7 +14632,7 @@ static int SetCurve(ecc_key* key, byte* output, size_t outSz) * @return 1 when algorithm is using ECDSA. * @return 0 otherwise. */ -static WC_INLINE int IsSigAlgoECDSA(int algoOID) +static WC_INLINE int IsSigAlgoECDSA(word32 algoOID) { /* ECDSA sigAlgo must not have ASN1 NULL parameters */ if (algoOID == CTC_SHAwECDSA || algoOID == CTC_SHA256wECDSA || @@ -14622,7 +14651,7 @@ static WC_INLINE int IsSigAlgoECDSA(int algoOID) * @return 1 when is EC signing algorithm. * @return 0 otherwise. */ -static WC_INLINE int IsSigAlgoECC(int algoOID) +static WC_INLINE int IsSigAlgoECC(word32 algoOID) { (void)algoOID; @@ -14682,20 +14711,20 @@ word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) const byte* algoName = 0; byte ID_Length[1 + MAX_LENGTH_SZ]; byte seqArray[MAX_SEQ_SZ + 1]; /* add object_id to end */ - int length = 0; + word32 length = 0; tagSz = (type == oidHashType || - (type == oidSigType && !IsSigAlgoECC(algoOID)) || + (type == oidSigType && !IsSigAlgoECC((word32)algoOID)) || (type == oidKeyType && algoOID == RSAk)) ? 2 : 0; - algoName = OidFromId(algoOID, type, &algoSz); + algoName = OidFromId((word32)algoOID, (word32)type, &algoSz); if (algoName == NULL) { WOLFSSL_MSG("Unknown Algorithm"); return 0; } - idSz = SetObjectId(algoSz, ID_Length); - seqSz = SetSequence(idSz + algoSz + tagSz + curveSz, seqArray); + idSz = (word32)SetObjectId((int)algoSz, ID_Length); + seqSz = SetSequence(idSz + algoSz + tagSz + (word32)curveSz, seqArray); /* Copy only algo to output for DSA keys */ if (algoOID == DSAk && output) { @@ -14728,16 +14757,16 @@ word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) CALLOC_ASNSETDATA(dataASN, algoIdASN_Length, ret, NULL); - algoName = OidFromId(algoOID, type, &algoSz); + algoName = OidFromId((word32)algoOID, (word32)type, &algoSz); if (algoName == NULL) { WOLFSSL_MSG("Unknown Algorithm"); } else { /* Set the OID and OID type to encode. */ - SetASN_OID(&dataASN[ALGOIDASN_IDX_OID], algoOID, type); + SetASN_OID(&dataASN[ALGOIDASN_IDX_OID], (word32)algoOID, (word32)type); /* Hashes, signatures not ECC and keys not RSA output NULL tag. */ if (!(type == oidHashType || - (type == oidSigType && !IsSigAlgoECC(algoOID)) || + (type == oidSigType && !IsSigAlgoECC((word32)algoOID)) || (type == oidKeyType && algoOID == RSAk))) { /* Don't put out NULL DER item. */ dataASN[ALGOIDASN_IDX_NULL].noOut = 1; @@ -14751,19 +14780,21 @@ word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) dataASN[ALGOIDASN_IDX_NULL].noOut = 0; /* Include space for extra data of length curveSz. * Subtract 1 for sequence and 1 for length encoding. */ - SetASN_Buffer(&dataASN[ALGOIDASN_IDX_NULL], NULL, curveSz - 2); + SetASN_Buffer(&dataASN[ALGOIDASN_IDX_NULL], NULL, + (word32)curveSz - 2); } /* Calculate size of encoding. */ - ret = SizeASN_Items(algoIdASN + o, dataASN + o, algoIdASN_Length - o, - &sz); + ret = SizeASN_Items(algoIdASN + o, dataASN + o, + (int)algoIdASN_Length - (int)o, &sz); if (ret == 0 && output != NULL) { /* Encode into buffer. */ - SetASN_Items(algoIdASN + o, dataASN + o, algoIdASN_Length - o, - output); + SetASN_Items(algoIdASN + o, dataASN + o, + (int)algoIdASN_Length - (int)o, output); if (curveSz > 0) { /* Return size excluding curve data. */ - sz = dataASN[o].offset - dataASN[ALGOIDASN_IDX_NULL].offset; + sz = (int)(dataASN[o].offset - + dataASN[ALGOIDASN_IDX_NULL].offset); } } @@ -14778,7 +14809,7 @@ word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) } FREE_ASNSETDATA(dataASN, NULL); - return ret; + return (word32)ret; #endif /* WOLFSSL_ASN_TEMPLATE */ } @@ -14844,7 +14875,8 @@ word32 wc_EncodeSignature(byte* out, const byte* digest, word32 digSz, if (ret == 0) { /* Set hash OID and type. */ - SetASN_OID(&dataASN[DIGESTINFOASN_IDX_DIGALGO_OID], hashOID, oidHashType); + SetASN_OID(&dataASN[DIGESTINFOASN_IDX_DIGALGO_OID], (word32)hashOID, + oidHashType); /* Set digest. */ if (digest == out) { XMEMCPY(dgst, digest, digSz); @@ -14866,7 +14898,7 @@ word32 wc_EncodeSignature(byte* out, const byte* digest, word32 digSz, } FREE_ASNSETDATA(dataASN, NULL); - return ret; + return (word32)ret; #endif } @@ -15892,7 +15924,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, if (sigCtx->pkCbEcc) { ret = sigCtx->pkCbEcc( sig, sigSz, - sigCtx->digest, sigCtx->digestSz, + sigCtx->digest, (unsigned int)sigCtx->digestSz, key, keySz, &sigCtx->verify, sigCtx->pkCtxEcc); } @@ -15905,8 +15937,8 @@ static int ConfirmSignature(SignatureCtx* sigCtx, #endif /* HAVE_PK_CALLBACKS */ { ret = wc_ecc_verify_hash(sig, sigSz, sigCtx->digest, - sigCtx->digestSz, &sigCtx->verify, - sigCtx->key.ecc); + (word32)sigCtx->digestSz, &sigCtx->verify, + sigCtx->key.ecc); } break; } @@ -16038,10 +16070,12 @@ static int ConfirmSignature(SignatureCtx* sigCtx, verifySz = ret; /* make sure we're right justified */ - encodedSigSz = wc_EncodeSignature(encodedSig, - sigCtx->digest, sigCtx->digestSz, sigCtx->typeH); + encodedSigSz = (int)wc_EncodeSignature(encodedSig, + sigCtx->digest, (word32)sigCtx->digestSz, + sigCtx->typeH); if (encodedSigSz == verifySz && sigCtx->out != NULL && - XMEMCMP(sigCtx->out, encodedSig, encodedSigSz) == 0) { + XMEMCMP(sigCtx->out, encodedSig, + (size_t)encodedSigSz) == 0) { ret = 0; } else { @@ -16287,7 +16321,7 @@ static int MatchBaseName(int type, const char* name, int nameSz, } if (type == ASN_DIR_TYPE) - return XMEMCMP(name, base, baseSz) == 0; + return XMEMCMP(name, base, (size_t)baseSz) == 0; /* If an email type, handle special cases where the base is only * a domain, or is an email address itself. */ @@ -16593,7 +16627,7 @@ static int DecodeSEP(ASNGetData* dataASN, DecodedCert* cert) /* Copy, into cert HW type OID */ XMEMCPY(cert->hwType, dataASN[OTHERNAMEASN_IDX_HWN_TYPE].data.oid.data, oidLen); - cert->hwTypeSz = oidLen; + cert->hwTypeSz = (int)oidLen; /* TODO: check this is the HW serial number OID - no test data. */ /* Allocate space for HW serial number. */ @@ -16609,7 +16643,7 @@ static int DecodeSEP(ASNGetData* dataASN, DecodedCert* cert) XMEMCPY(cert->hwSerialNum, dataASN[OTHERNAMEASN_IDX_HWN_NUM].data.ref.data, serialLen); cert->hwSerialNum[serialLen] = '\0'; - cert->hwSerialNumSz = serialLen; + cert->hwSerialNumSz = (int)serialLen; } return ret; } @@ -16640,7 +16674,7 @@ static int DecodeOtherHelper(ASNGetData* dataASN, DecodedCert* cert, int oid) } if (ret == 0) { - ret = SetDNSEntry(cert, buf, bufLen, ASN_OTHER_TYPE, &entry); + ret = SetDNSEntry(cert, buf, (int)bufLen, ASN_OTHER_TYPE, &entry); if (ret == 0) { #ifdef WOLFSSL_FPKI entry->oidSum = oid; @@ -16696,7 +16730,7 @@ static int DecodeOtherName(DecodedCert* cert, const byte* input, #endif /* WOLFSSL_FPKI */ case UPN_OID: ret = DecodeOtherHelper(dataASN, cert, - dataASN[OTHERNAMEASN_IDX_TYPEID].data.oid.sum); + (int)dataASN[OTHERNAMEASN_IDX_TYPEID].data.oid.sum); break; default: WOLFSSL_MSG("\tunsupported OID skipping"); @@ -16734,7 +16768,7 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag, ret = SetDNSEntry(cert, (const char*)(input + idx), len, ASN_DNS_TYPE, &cert->altNames); if (ret == 0) { - idx += len; + idx += (word32)len; } } #ifndef IGNORE_NAME_CONSTRAINTS @@ -16744,7 +16778,8 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag, word32 idxDir = idx; /* Expecting a SEQUENCE using up all data. */ - if (GetASN_Sequence(input, &idxDir, &strLen, idx + len, 1) < 0) { + if (GetASN_Sequence(input, &idxDir, &strLen, idx + (word32)len, 1) < 0) + { WOLFSSL_MSG("\tfail: seq length"); return ASN_PARSE_E; } @@ -16752,7 +16787,7 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag, ret = SetDNSEntry(cert, (const char*)(input + idxDir), strLen, ASN_DIR_TYPE, &cert->altDirNames); if (ret == 0) { - idx += len; + idx += (word32)len; } } /* GeneralName choice: rfc822Name */ @@ -16760,7 +16795,7 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag, ret = SetDNSEntry(cert, (const char*)(input + idx), len, ASN_RFC822_TYPE, &cert->altEmailNames); if (ret == 0) { - idx += len; + idx += (word32)len; } } /* GeneralName choice: uniformResourceIdentifier */ @@ -16779,10 +16814,10 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag, /* skip past scheme (i.e http,ftp,...) finding first ':' char */ for (i = 0; i < len; i++) { - if (input[idx + i] == ':') { + if (input[idx + (word32)i] == ':') { break; } - if (input[idx + i] == '/') { + if (input[idx + (word32)i] == '/') { i = len; /* error, found relative path since '/' was * encountered before ':'. Returning error * value in next if statement. */ @@ -16797,7 +16832,7 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag, } /* test if scheme is missing */ - if (input[idx + i] != ':') { + if (input[idx + (word32)i] != ':') { WOLFSSL_MSG("\tAlt Name must be absolute URI"); WOLFSSL_ERROR_VERBOSE(ASN_ALT_NAME_E); return ASN_ALT_NAME_E; @@ -16808,7 +16843,7 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag, ret = SetDNSEntry(cert, (const char*)(input + idx), len, ASN_URI_TYPE, &cert->altNames); if (ret == 0) { - idx += len; + idx += (word32)len; } } #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \ @@ -16827,14 +16862,14 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag, /* GeneralName choice: otherName */ else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_OTHER_TYPE)) { /* TODO: test data for code path */ - ret = DecodeOtherName(cert, input, &idx, idx + len); + ret = DecodeOtherName(cert, input, &idx, idx + (word32)len); } #endif /* GeneralName choice: dNSName, x400Address, ediPartyName, * registeredID */ else { WOLFSSL_MSG("\tUnsupported name type, skipping"); - idx += len; + idx += (word32)len; } if (ret == 0) { @@ -16877,7 +16912,7 @@ enum { #if defined(WOLFSSL_SEP) && !defined(WOLFSSL_ASN_TEMPLATE) /* return 0 on success */ static int DecodeSepHwAltName(DecodedCert* cert, const byte* input, - word32* idxIn, int sz) + word32* idxIn, word32 sz) { word32 idx = *idxIn; int strLen; @@ -16917,16 +16952,16 @@ static int DecodeSepHwAltName(DecodedCert* cert, const byte* input, return ret; } - cert->hwType = (byte*)XMALLOC(strLen, cert->heap, + cert->hwType = (byte*)XMALLOC((size_t)strLen, cert->heap, DYNAMIC_TYPE_X509_EXT); if (cert->hwType == NULL) { WOLFSSL_MSG("\tOut of Memory"); return MEMORY_E; } - XMEMCPY(cert->hwType, &input[idx], strLen); + XMEMCPY(cert->hwType, &input[idx], (size_t)strLen); cert->hwTypeSz = strLen; - idx += strLen; + idx += (word32)strLen; ret = GetOctetString(input, &idx, &strLen, sz); if (ret < 0) { @@ -16935,7 +16970,7 @@ static int DecodeSepHwAltName(DecodedCert* cert, const byte* input, return ret; } - cert->hwSerialNum = (byte*)XMALLOC(strLen + 1, cert->heap, + cert->hwSerialNum = (byte*)XMALLOC((size_t)strLen + 1, cert->heap, DYNAMIC_TYPE_X509_EXT); if (cert->hwSerialNum == NULL) { WOLFSSL_MSG("\tOut of Memory"); @@ -16944,10 +16979,10 @@ static int DecodeSepHwAltName(DecodedCert* cert, const byte* input, return MEMORY_E; } - XMEMCPY(cert->hwSerialNum, &input[idx], strLen); + XMEMCPY(cert->hwSerialNum, &input[idx], (size_t)strLen); cert->hwSerialNum[strLen] = '\0'; cert->hwSerialNumSz = strLen; - idx += strLen; + idx += (word32)strLen; *idxIn = idx; return 0; @@ -16957,7 +16992,7 @@ static int DecodeSepHwAltName(DecodedCert* cert, const byte* input, #if !defined(WOLFSSL_ASN_TEMPLATE) /* return 0 on success */ static int DecodeConstructedOtherName(DecodedCert* cert, const byte* input, - word32* idx, int sz, int oid) + word32* idx, word32 sz, int oid) { int ret = 0; int strLen = 0; @@ -17022,7 +17057,7 @@ static int DecodeConstructedOtherName(DecodedCert* cert, const byte* input, if (ret == 0 && dnsEntry != NULL) { dnsEntry->type = ASN_OTHER_TYPE; dnsEntry->len = strLen; - dnsEntry->name = (char*)XMALLOC(strLen + 1, cert->heap, + dnsEntry->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap, DYNAMIC_TYPE_ALTNAME); #ifdef WOLFSSL_FPKI dnsEntry->oidSum = oid; @@ -17032,14 +17067,14 @@ static int DecodeConstructedOtherName(DecodedCert* cert, const byte* input, ret = MEMORY_E; } else { - XMEMCPY(dnsEntry->name, &input[*idx], strLen); + XMEMCPY(dnsEntry->name, &input[*idx], (size_t)strLen); dnsEntry->name[strLen] = '\0'; AddAltName(cert, dnsEntry); } } if (ret == 0) { - *idx += strLen; + *idx += (word32)strLen; } else { XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); @@ -17063,7 +17098,7 @@ static int DecodeConstructedOtherName(DecodedCert* cert, const byte* input, * @return ASN_UNKNOWN_OID_E when the OID cannot be verified. * @return MEMORY_E when dynamic memory allocation fails. */ -static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert) +static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert) { #ifndef WOLFSSL_ASN_TEMPLATE word32 idx = 0; @@ -17114,7 +17149,7 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert) WOLFSSL_MSG("\tfail: str length"); return ASN_PARSE_E; } - length -= (idx - lenStartIdx); + length -= (int)(idx - lenStartIdx); dnsEntry = AltNameNew(cert->heap); if (dnsEntry == NULL) { @@ -17123,7 +17158,7 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert) } dnsEntry->type = ASN_DNS_TYPE; - dnsEntry->name = (char*)XMALLOC(strLen + 1, cert->heap, + dnsEntry->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap, DYNAMIC_TYPE_ALTNAME); if (dnsEntry->name == NULL) { WOLFSSL_MSG("\tOut of Memory"); @@ -17131,13 +17166,13 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert) return MEMORY_E; } dnsEntry->len = strLen; - XMEMCPY(dnsEntry->name, &input[idx], strLen); + XMEMCPY(dnsEntry->name, &input[idx], (size_t)strLen); dnsEntry->name[strLen] = '\0'; AddAltName(cert, dnsEntry); length -= strLen; - idx += strLen; + idx += (word32)strLen; } #ifndef IGNORE_NAME_CONSTRAINTS else if (current_byte == @@ -17155,7 +17190,7 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert) WOLFSSL_MSG("\tfail: seq length"); return ASN_PARSE_E; } - length -= (idx - lenStartIdx); + length -= (int)(idx - lenStartIdx); dirEntry = AltNameNew(cert->heap); if (dirEntry == NULL) { @@ -17164,7 +17199,7 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert) } dirEntry->type = ASN_DIR_TYPE; - dirEntry->name = (char*)XMALLOC(strLen + 1, cert->heap, + dirEntry->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap, DYNAMIC_TYPE_ALTNAME); if (dirEntry->name == NULL) { WOLFSSL_MSG("\tOut of Memory"); @@ -17172,13 +17207,13 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert) return MEMORY_E; } dirEntry->len = strLen; - XMEMCPY(dirEntry->name, &input[idx], strLen); + XMEMCPY(dirEntry->name, &input[idx], (size_t)strLen); dirEntry->name[strLen] = '\0'; dirEntry->next = cert->altDirNames; cert->altDirNames = dirEntry; length -= strLen; - idx += strLen; + idx += (word32)strLen; } else if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_RFC822_TYPE)) { DNS_entry* emailEntry; @@ -17189,7 +17224,7 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert) WOLFSSL_MSG("\tfail: str length"); return ASN_PARSE_E; } - length -= (idx - lenStartIdx); + length -= (int)(idx - lenStartIdx); emailEntry = AltNameNew(cert->heap); if (emailEntry == NULL) { @@ -17198,7 +17233,7 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert) } emailEntry->type = ASN_RFC822_TYPE; - emailEntry->name = (char*)XMALLOC(strLen + 1, cert->heap, + emailEntry->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap, DYNAMIC_TYPE_ALTNAME); if (emailEntry->name == NULL) { WOLFSSL_MSG("\tOut of Memory"); @@ -17206,14 +17241,14 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert) return MEMORY_E; } emailEntry->len = strLen; - XMEMCPY(emailEntry->name, &input[idx], strLen); + XMEMCPY(emailEntry->name, &input[idx], (size_t)strLen); emailEntry->name[strLen] = '\0'; emailEntry->next = cert->altEmailNames; cert->altEmailNames = emailEntry; length -= strLen; - idx += strLen; + idx += (word32)strLen; } else if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_URI_TYPE)) { DNS_entry* uriEntry; @@ -17225,10 +17260,10 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert) WOLFSSL_MSG("\tfail: str length"); return ASN_PARSE_E; } - length -= (idx - lenStartIdx); + length -= (int)(idx - lenStartIdx); /* check that strLen at index is not past input buffer */ - if (strLen + (int)idx > sz) { + if ((word32)strLen + idx > sz) { return BUFFER_E; } @@ -17241,10 +17276,10 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert) hier-part, it must come after the ':' (see RFC 3986 Sec 3). */ { - int i; + word32 i; /* skip past scheme (i.e http,ftp,...) finding first ':' char */ - for (i = 0; i < strLen; i++) { + for (i = 0; i < (word32)strLen; i++) { if (input[idx + i] == ':') { break; } @@ -17256,7 +17291,7 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert) } /* test hier-part is empty */ - if (i == 0 || i == strLen) { + if (i == 0 || i == (word32)strLen) { WOLFSSL_MSG("\tEmpty or malformed URI"); WOLFSSL_ERROR_VERBOSE(ASN_ALT_NAME_E); return ASN_ALT_NAME_E; @@ -17278,7 +17313,7 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert) } uriEntry->type = ASN_URI_TYPE; - uriEntry->name = (char*)XMALLOC(strLen + 1, cert->heap, + uriEntry->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap, DYNAMIC_TYPE_ALTNAME); if (uriEntry->name == NULL) { WOLFSSL_MSG("\tOut of Memory"); @@ -17286,13 +17321,13 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert) return MEMORY_E; } uriEntry->len = strLen; - XMEMCPY(uriEntry->name, &input[idx], strLen); + XMEMCPY(uriEntry->name, &input[idx], (size_t)strLen); uriEntry->name[strLen] = '\0'; AddAltName(cert, uriEntry); length -= strLen; - idx += strLen; + idx += (word32)strLen; } #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) else if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_IP_TYPE)) { @@ -17307,7 +17342,7 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert) } length -= (idx - lenStartIdx); /* check that strLen at index is not past input buffer */ - if (strLen + (int)idx > sz) { + if (strLen + idx > sz) { return BUFFER_E; } @@ -17318,7 +17353,7 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert) } ipAddr->type = ASN_IP_TYPE; - ipAddr->name = (char*)XMALLOC(strLen + 1, cert->heap, + ipAddr->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap, DYNAMIC_TYPE_ALTNAME); if (ipAddr->name == NULL) { WOLFSSL_MSG("\tOut of Memory"); @@ -17340,7 +17375,7 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert) AddAltName(cert, ipAddr); length -= strLen; - idx += strLen; + idx += (word32)strLen; } #endif /* WOLFSSL_QT || OPENSSL_ALL */ #endif /* IGNORE_NAME_CONSTRAINTS */ @@ -17356,7 +17391,7 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert) return ASN_PARSE_E; } /* Consume the rest of this sequence. */ - length -= (strLen + idx - lenStartIdx); + length -= (int)(((word32)strLen + idx - lenStartIdx)); if (GetObjectId(input, &idx, &oid, oidCertAltNameType, sz) < 0) { WOLFSSL_MSG("\tbad OID"); @@ -17387,13 +17422,13 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert) if (GetLength(input, &idx, &strLen, sz) < 0) { /* check to skip constructed other names too */ if (DecodeConstructedOtherName(cert, input, &idx, sz, - oid) != 0) { + (int)oid) != 0) { WOLFSSL_MSG("\tfail: unsupported other name length"); return ASN_PARSE_E; } } else { - idx += strLen; + idx += (word32)strLen; } } (void)ret; @@ -17408,8 +17443,8 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert) WOLFSSL_MSG("\tfail: unsupported name length"); return ASN_PARSE_E; } - length -= (strLen + idx - lenStartIdx); - idx += strLen; + length -= (int)((word32)strLen + idx - lenStartIdx); + idx += (word32)strLen; } } @@ -17442,12 +17477,12 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert) cert->weOwnAltNames = 1; - if (length + (int)idx != sz) { + if ((word32)length + idx != sz) { ret = ASN_PARSE_E; } } - while ((ret == 0) && ((int)idx < sz)) { + while ((ret == 0) && (idx < sz)) { ASNGetData dataASN[altNameASN_Length]; /* Clear dynamic data items. */ @@ -17459,7 +17494,7 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert) &idx, sz); if (ret == 0) { ret = DecodeGeneralName(input, &idx, dataASN[ALTNAMEASN_IDX_GN].tag, - dataASN[ALTNAMEASN_IDX_GN].length, cert); + (int)dataASN[ALTNAMEASN_IDX_GN].length, cert); } } @@ -17514,7 +17549,7 @@ static int DecodeBasicCaConstraint(const byte* input, int sz, DecodedCert* cert) WOLFSSL_ENTER("DecodeBasicCaConstraint"); - if (GetSequence(input, &idx, &length, sz) < 0) { + if (GetSequence(input, &idx, &length, (word32)sz) < 0) { WOLFSSL_MSG("\tfail: bad SEQUENCE"); return ASN_PARSE_E; } @@ -17525,7 +17560,7 @@ static int DecodeBasicCaConstraint(const byte* input, int sz, DecodedCert* cert) /* If the basic ca constraint is false, this extension may be named, but * left empty. So, if the length is 0, just return. */ - ret = GetBoolean(input, &idx, sz); + ret = GetBoolean(input, &idx, (word32)sz); /* Removed logic for WOLFSSL_X509_BASICCONS_INT which was mistreating the * pathlen value as if it were the CA Boolean value 7/2/2021 - KH. @@ -17535,14 +17570,14 @@ static int DecodeBasicCaConstraint(const byte* input, int sz, DecodedCert* cert) ret = 0; } - cert->isCA = (byte)ret; + cert->isCA = ret ? 1 : 0; /* If there isn't any more data, return. */ if (idx >= (word32)sz) { return 0; } - ret = GetInteger7Bit(input, &idx, sz); + ret = GetInteger7Bit(input, &idx, (word32)sz); if (ret < 0) return ret; cert->pathLength = (byte)ret; @@ -17565,7 +17600,7 @@ static int DecodeBasicCaConstraint(const byte* input, int sz, DecodedCert* cert) GetASN_Int8Bit(&dataASN[BASICCONSASN_IDX_PLEN], &cert->pathLength); ret = GetASN_Items(basicConsASN, dataASN, basicConsASN_Length, 1, input, - &idx, sz); + &idx, (word32)sz); } /* Empty SEQUENCE is OK - nothing to store. */ @@ -17584,7 +17619,7 @@ static int DecodeBasicCaConstraint(const byte* input, int sz, DecodedCert* cert) /* Store CA boolean and whether a path length was seen. */ if (ret == 0) { /* isCA in certificate is a 1 bit of a byte. */ - cert->isCA = isCA; + cert->isCA = isCA ? 1 : 0; cert->pathLengthSet = (dataASN[BASICCONSASN_IDX_PLEN].length > 0); } } @@ -17605,7 +17640,7 @@ static int DecodePolicyConstraints(const byte* input, int sz, DecodedCert* cert) WOLFSSL_ENTER("DecodePolicyConstraints"); - if (GetSequence(input, &idx, &length, sz) < 0) { + if (GetSequence(input, &idx, &length, (word32)sz) < 0) { WOLFSSL_MSG("\tfail: bad SEQUENCE"); return ASN_PARSE_E; } @@ -17613,7 +17648,7 @@ static int DecodePolicyConstraints(const byte* input, int sz, DecodedCert* cert) if (length == 0) return ASN_PARSE_E; - if (GetASNTag(input, &idx, &tag, sz) < 0) { + if (GetASNTag(input, &idx, &tag, (word32)sz) < 0) { WOLFSSL_MSG("\tfail: bad TAG"); return ASN_PARSE_E; } @@ -17631,7 +17666,7 @@ static int DecodePolicyConstraints(const byte* input, int sz, DecodedCert* cert) return ASN_PARSE_E; } - ret = GetLength(input, &idx, &skipLength, sz); + ret = GetLength(input, &idx, &skipLength, (word32)sz); if (ret < 0) { WOLFSSL_MSG("\tfail: invalid length"); return ret; @@ -17710,7 +17745,7 @@ enum { * is invalid. * @return BUFFER_E when data in buffer is too small. */ -static int DecodeCrlDist(const byte* input, int sz, DecodedCert* cert) +static int DecodeCrlDist(const byte* input, word32 sz, DecodedCert* cert) { #ifndef WOLFSSL_ASN_TEMPLATE word32 idx = 0, localIdx; @@ -17720,7 +17755,7 @@ static int DecodeCrlDist(const byte* input, int sz, DecodedCert* cert) WOLFSSL_ENTER("DecodeCrlDist"); cert->extCrlInfoRaw = input; - cert->extCrlInfoRawSz = sz; + cert->extCrlInfoRawSz = (int)sz; /* Unwrap the list of Distribution Points*/ if (GetSequence(input, &idx, &length, sz) < 0) @@ -17759,15 +17794,15 @@ static int DecodeCrlDist(const byte* input, int sz, DecodedCert* cert) cert->extCrlInfoSz = length; cert->extCrlInfo = input + idx; - idx += length; + idx += (word32)length; } else /* This isn't a URI, skip it. */ - idx += length; + idx += (word32)length; } else { /* This isn't a FULLNAME, skip it. */ - idx += length; + idx += (word32)length; } } @@ -17780,7 +17815,7 @@ static int DecodeCrlDist(const byte* input, int sz, DecodedCert* cert) idx++; if (GetLength(input, &idx, &length, sz) < 0) return ASN_PARSE_E; - idx += length; + idx += (word32)length; } /* Check for cRLIssuer */ @@ -17792,7 +17827,7 @@ static int DecodeCrlDist(const byte* input, int sz, DecodedCert* cert) idx++; if (GetLength(input, &idx, &length, sz) < 0) return ASN_PARSE_E; - idx += length; + idx += (word32)length; } if (idx < (word32)sz) @@ -17815,7 +17850,7 @@ static int DecodeCrlDist(const byte* input, int sz, DecodedCert* cert) CALLOC_ASNGETDATA(dataASN, crlDistASN_Length, ret, cert->heap); cert->extCrlInfoRaw = input; - cert->extCrlInfoRawSz = sz; + cert->extCrlInfoRawSz = (int)sz; if (ret == 0) { /* Get the GeneralName choice */ @@ -17830,7 +17865,7 @@ static int DecodeCrlDist(const byte* input, int sz, DecodedCert* cert) word32 sz32; GetASN_GetConstRef(&dataASN[CRLDISTASN_IDX_DP_DISTPOINT_FN_GN], &cert->extCrlInfo, &sz32); - cert->extCrlInfoSz = sz32; + cert->extCrlInfoSz = (int)sz32; } #ifdef CRLDP_VALIDATE_DATA @@ -17896,7 +17931,7 @@ enum { * @return ASN_OBJECT_ID_E when the expected OBJECT_ID tag is not found. * @return ASN_UNKNOWN_OID_E when the OID cannot be verified. */ -static int DecodeAuthInfo(const byte* input, int sz, DecodedCert* cert) +static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert) { #ifndef WOLFSSL_ASN_TEMPLATE word32 idx = 0; @@ -17948,7 +17983,7 @@ static int DecodeAuthInfo(const byte* input, int sz, DecodedCert* cert) count++; } #endif - idx += length; + idx += (word32)length; } return 0; @@ -17984,7 +18019,7 @@ static int DecodeAuthInfo(const byte* input, int sz, DecodedCert* cert) /* Store URI for OCSP lookup. */ GetASN_GetConstRef(&dataASN[ACCESSDESCASN_IDX_LOC], &cert->extAuthInfo, &sz32); - cert->extAuthInfoSz = sz32; + cert->extAuthInfoSz = (int)sz32; #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) count++; #else @@ -18049,7 +18084,7 @@ enum { * is invalid. * @return BUFFER_E when data in buffer is too small. */ -static int DecodeAuthKeyId(const byte* input, int sz, DecodedCert* cert) +static int DecodeAuthKeyId(const byte* input, word32 sz, DecodedCert* cert) { #ifndef WOLFSSL_ASN_TEMPLATE word32 idx = 0; @@ -18120,7 +18155,7 @@ static int DecodeAuthKeyId(const byte* input, int sz, DecodedCert* cert) /* Get the hash or hash of the hash if wrong size. */ ret = GetHashId(dataASN[AUTHKEYIDASN_IDX_KEYID].data.ref.data, - dataASN[AUTHKEYIDASN_IDX_KEYID].data.ref.length, + (int)dataASN[AUTHKEYIDASN_IDX_KEYID].data.ref.length, cert->extAuthKeyId); } } @@ -18142,7 +18177,7 @@ static int DecodeAuthKeyId(const byte* input, int sz, DecodedCert* cert) * invalid. * @return MEMORY_E on dynamic memory allocation failure. */ -static int DecodeSubjKeyId(const byte* input, int sz, DecodedCert* cert) +static int DecodeSubjKeyId(const byte* input, word32 sz, DecodedCert* cert) { word32 idx = 0; int length = 0; @@ -18197,7 +18232,7 @@ enum { * is invalid. * @return MEMORY_E on dynamic memory allocation failure. */ -static int DecodeKeyUsage(const byte* input, int sz, DecodedCert* cert) +static int DecodeKeyUsage(const byte* input, word32 sz, DecodedCert* cert) { #ifndef WOLFSSL_ASN_TEMPLATE word32 idx = 0; @@ -18259,7 +18294,7 @@ enum { * is invalid. * @return MEMORY_E on dynamic memory allocation failure. */ -static int DecodeExtKeyUsage(const byte* input, int sz, DecodedCert* cert) +static int DecodeExtKeyUsage(const byte* input, word32 sz, DecodedCert* cert) { #ifndef WOLFSSL_ASN_TEMPLATE word32 idx = 0, oid; @@ -18460,7 +18495,7 @@ enum { * @return MEMORY_E when dynamic memory allocation fails. * @return ASN_PARSE_E when SEQUENCE is not found as expected. */ -static int DecodeSubtreeGeneralName(const byte* input, int sz, byte tag, +static int DecodeSubtreeGeneralName(const byte* input, word32 sz, byte tag, Base_entry** head, void* heap) { Base_entry* entry; @@ -18478,7 +18513,7 @@ static int DecodeSubtreeGeneralName(const byte* input, int sz, byte tag, ret = ASN_PARSE_E; } else { - len = strLen; + len = (word32)strLen; ret = 0; } } @@ -18503,7 +18538,7 @@ static int DecodeSubtreeGeneralName(const byte* input, int sz, byte tag, /* Store name, size and tag in object. */ XMEMCPY(entry->name, &input[nameIdx], len); entry->name[len] = '\0'; - entry->nameSz = len; + entry->nameSz = (int)len; entry->type = tag & ASN_TYPE_MASK; /* Put entry at front of linked list. */ @@ -18527,7 +18562,7 @@ static int DecodeSubtreeGeneralName(const byte* input, int sz, byte tag, * @return MEMORY_E when dynamic memory allocation fails. * @return ASN_PARSE_E when SEQUENCE is not found as expected. */ -static int DecodeSubtree(const byte* input, int sz, Base_entry** head, +static int DecodeSubtree(const byte* input, word32 sz, Base_entry** head, void* heap) { #ifndef WOLFSSL_ASN_TEMPLATE @@ -18581,14 +18616,15 @@ static int DecodeSubtree(const byte* input, int sz, Base_entry** head, return MEMORY_E; } - entry->name = (char*)XMALLOC(strLength+1, heap, DYNAMIC_TYPE_ALTNAME); + entry->name = (char*)XMALLOC((size_t)strLength+1, heap, + DYNAMIC_TYPE_ALTNAME); if (entry->name == NULL) { WOLFSSL_MSG("allocate error"); XFREE(entry, heap, DYNAMIC_TYPE_ALTNAME); return MEMORY_E; } - XMEMCPY(entry->name, &input[nameIdx], strLength); + XMEMCPY(entry->name, &input[nameIdx], (size_t)strLength); entry->name[strLength] = '\0'; entry->nameSz = strLength; entry->type = bType; @@ -18597,7 +18633,7 @@ static int DecodeSubtree(const byte* input, int sz, Base_entry** head, *head = entry; } - idx += seqLength; + idx += (word32)seqLength; } return ret; @@ -18679,7 +18715,8 @@ enum { * is invalid. * @return MEMORY_E on dynamic memory allocation failure. */ -static int DecodeNameConstraints(const byte* input, int sz, DecodedCert* cert) +static int DecodeNameConstraints(const byte* input, word32 sz, + DecodedCert* cert) { #ifndef WOLFSSL_ASN_TEMPLATE word32 idx = 0; @@ -18710,12 +18747,13 @@ static int DecodeNameConstraints(const byte* input, int sz, DecodedCert* cert) return ASN_PARSE_E; } - if (DecodeSubtree(input + idx, length, subtree, cert->heap) < 0) { + if (DecodeSubtree(input + idx, (word32)length, subtree, + cert->heap) < 0) { WOLFSSL_MSG("\terror parsing subtree"); return ASN_PARSE_E; } - idx += length; + idx += (word32)length; } return 0; @@ -18835,7 +18873,7 @@ exit: #endif /* Reference: https://tools.ietf.org/html/rfc5280#section-4.2.1.4 */ - static int DecodeCertPolicy(const byte* input, int sz, DecodedCert* cert) + static int DecodeCertPolicy(const byte* input, word32 sz, DecodedCert* cert) { #ifndef WOLFSSL_ASN_TEMPLATE word32 idx = 0; @@ -18868,7 +18906,7 @@ exit: } /* Validate total length */ - if (total_length > (sz - (int)idx)) { + if (total_length > (int)(sz - idx)) { WOLFSSL_MSG("\tCertPolicy length mismatch"); return ASN_PARSE_E; } @@ -18886,24 +18924,24 @@ exit: ret = GetASNObjectId(input, &idx, &length, sz); if (ret != 0) return ret; - policy_length -= idx - oldIdx; + policy_length -= (int)(idx - oldIdx); if (length > 0) { /* Verify length won't overrun buffer */ - if (length > (sz - (int)idx)) { + if (length > (int)(sz - idx)) { WOLFSSL_MSG("\tCertPolicy length exceeds input buffer"); return ASN_PARSE_E; } #if defined(WOLFSSL_SEP) - cert->deviceType = (byte*)XMALLOC(length, cert->heap, + cert->deviceType = (byte*)XMALLOC((size_t)length, cert->heap, DYNAMIC_TYPE_X509_EXT); if (cert->deviceType == NULL) { WOLFSSL_MSG("\tCouldn't alloc memory for deviceType"); return MEMORY_E; } cert->deviceTypeSz = length; - XMEMCPY(cert->deviceType, input + idx, length); + XMEMCPY(cert->deviceType, input + idx, (size_t)length); break; #elif defined(WOLFSSL_CERT_EXT) /* decode cert policy */ @@ -18937,7 +18975,7 @@ exit: return 0; #endif } - idx += policy_length; + idx += (word32)policy_length; } while((int)idx < total_length #if defined(WOLFSSL_CERT_EXT) && cert->extCertPoliciesNb < MAX_CERTPOL_NB @@ -18964,12 +19002,13 @@ exit: if (ret == 0) { #if defined(WOLFSSL_CERT_EXT) - cert->extCertPoliciesNb = 0; + cert->extCertPoliciesNb = 0; #endif /* Strip SEQUENCE OF and check using all data. */ - if (GetASN_Sequence(input, &idx, &total_length, sz, 1) < 0) { - ret = ASN_PARSE_E; + if (GetASN_Sequence(input, &idx, &total_length, (word32)sz, 1) < 0) + { + ret = ASN_PARSE_E; } } @@ -18987,7 +19026,7 @@ exit: XMEMSET(dataASN, 0, sizeof(dataASN)); GetASN_OID(&dataASN[POLICYINFOASN_IDX_ID], oidCertPolicyType); ret = GetASN_Items(policyInfoASN, dataASN, policyInfoASN_Length, 1, - input, &idx, sz); + input, &idx, (word32)sz); if (ret == 0) { /* Get the OID. */ GetASN_OIDData(&dataASN[POLICYINFOASN_IDX_ID], &data, &length); @@ -19007,7 +19046,7 @@ exit: } if (ret == 0) { /* Store device type data and length. */ - cert->deviceTypeSz = length; + cert->deviceTypeSz = (int)length; XMEMCPY(cert->deviceType, data, length); break; } @@ -19327,7 +19366,7 @@ static int DecodeSubjInfoAcc(const byte* input, int sz, DecodedCert* cert) * @return MEMORY_E on dynamic memory allocation failure. * @return Other negative values on error. */ -static int DecodeExtensionType(const byte* input, int length, word32 oid, +static int DecodeExtensionType(const byte* input, word32 length, word32 oid, byte critical, DecodedCert* cert, int *isUnknownExt) { @@ -19341,8 +19380,8 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid, /* Basic Constraints. */ case BASIC_CA_OID: VERIFY_AND_SET_OID(cert->extBasicConstSet); - cert->extBasicConstCrit = critical; - if (DecodeBasicCaConstraint(input, length, cert) < 0) { + cert->extBasicConstCrit = critical ? 1 : 0; + if (DecodeBasicCaConstraint(input, (int)length, cert) < 0) { ret = ASN_PARSE_E; } break; @@ -19350,7 +19389,7 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid, /* CRL Distribution point. */ case CRL_DIST_OID: VERIFY_AND_SET_OID(cert->extCRLdistSet); - cert->extCRLdistCrit = critical; + cert->extCRLdistCrit = critical ? 1 : 0; if (DecodeCrlDist(input, length, cert) < 0) { ret = ASN_PARSE_E; } @@ -19359,7 +19398,7 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid, /* Authority information access. */ case AUTH_INFO_OID: VERIFY_AND_SET_OID(cert->extAuthInfoSet); - cert->extAuthInfoCrit = critical; + cert->extAuthInfoCrit = critical ? 1 : 0; if (DecodeAuthInfo(input, length, cert) < 0) { ret = ASN_PARSE_E; } @@ -19368,14 +19407,14 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid, /* Subject alternative name. */ case ALT_NAMES_OID: VERIFY_AND_SET_OID(cert->extSubjAltNameSet); - cert->extSubjAltNameCrit = critical; + cert->extSubjAltNameCrit = critical ? 1 : 0; ret = DecodeAltNames(input, length, cert); break; /* Authority Key Identifier. */ case AUTH_KEY_OID: VERIFY_AND_SET_OID(cert->extAuthKeyIdSet); - cert->extAuthKeyIdCrit = critical; + cert->extAuthKeyIdCrit = critical ? 1 : 0; #ifndef WOLFSSL_ALLOW_CRIT_SKID /* This check is added due to RFC 5280 section 4.2.1.1 * stating that conforming CA's must mark this extension @@ -19395,7 +19434,7 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid, /* Subject Key Identifier. */ case SUBJ_KEY_OID: VERIFY_AND_SET_OID(cert->extSubjKeyIdSet); - cert->extSubjKeyIdCrit = critical; + cert->extSubjKeyIdCrit = critical ? 1 : 0; #ifndef WOLFSSL_ALLOW_CRIT_SKID /* This check is added due to RFC 5280 section 4.2.1.2 * stating that conforming CA's must mark this extension @@ -19419,7 +19458,7 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid, VERIFY_AND_SET_OID(cert->extCertPolicySet); #if defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL) - cert->extCertPolicyCrit = critical; + cert->extCertPolicyCrit = critical ? 1 : 0; #endif #endif #if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) || \ @@ -19435,7 +19474,7 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid, /* Key usage. */ case KEY_USAGE_OID: VERIFY_AND_SET_OID(cert->extKeyUsageSet); - cert->extKeyUsageCrit = critical; + cert->extKeyUsageCrit = critical ? 1 : 0; if (DecodeKeyUsage(input, length, cert) < 0) { ret = ASN_PARSE_E; } @@ -19444,7 +19483,7 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid, /* Extended key usage. */ case EXT_KEY_USAGE_OID: VERIFY_AND_SET_OID(cert->extExtKeyUsageSet); - cert->extExtKeyUsageCrit = critical; + cert->extExtKeyUsageCrit = critical ? 1 : 0; if (DecodeExtKeyUsage(input, length, cert) < 0) { ret = ASN_PARSE_E; } @@ -19464,7 +19503,7 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid, } #endif VERIFY_AND_SET_OID(cert->extNameConstraintSet); - cert->extNameConstraintCrit = critical; + cert->extNameConstraintCrit = critical ? 1 : 0; if (DecodeNameConstraints(input, length, cert) < 0) { ret = ASN_PARSE_E; } @@ -19480,7 +19519,7 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid, #ifndef IGNORE_NETSCAPE_CERT_TYPE /* Netscape's certificate type. */ case NETSCAPE_CT_OID: - if (DecodeNsCertType(input, length, cert) < 0) + if (DecodeNsCertType(input, (int)length, cert) < 0) ret = ASN_PARSE_E; break; #endif @@ -19496,8 +19535,8 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid, #endif case POLICY_CONST_OID: VERIFY_AND_SET_OID(cert->extPolicyConstSet); - cert->extPolicyConstCrit = critical; - if (DecodePolicyConstraints(&input[idx], length, cert) < 0) + cert->extPolicyConstCrit = critical ? 1 : 0; + if (DecodePolicyConstraints(&input[idx], (int)length, cert) < 0) return ASN_PARSE_E; break; #ifdef WOLFSSL_SUBJ_DIR_ATTR @@ -19594,7 +19633,7 @@ static int DecodeCertExtensions(DecodedCert* cert) #ifndef WOLFSSL_ASN_TEMPLATE int ret = 0; word32 idx = 0; - int sz = cert->extensionsSz; + word32 sz = (word32)cert->extensionsSz; const byte* input = cert->extensions; int length; word32 oid; @@ -19672,15 +19711,15 @@ static int DecodeCertExtensions(DecodedCert* cert) return ret; } - ret = DecodeExtensionType(input + idx, length, oid, critical, cert, - NULL); + ret = DecodeExtensionType(input + idx, (word32)length, oid, critical, + cert, NULL); if (ret == ASN_CRIT_EXT_E) { ret = 0; criticalFail = 1; } if (ret < 0) goto end; - idx += length; + idx += (word32)length; } ret = criticalFail ? ASN_CRIT_EXT_E : 0; @@ -19713,7 +19752,8 @@ end: XMEMSET(dataExtsASN, 0, sizeof(dataExtsASN)); /* Parse extensions header. */ ret = GetASN_Items(certExtHdrASN + offset, dataExtsASN + offset, - certExtHdrASN_Length - offset, 0, input, &idx, sz); + (int)(certExtHdrASN_Length - (size_t)offset), 0, + input, &idx, (word32)sz); } /* Parse each extension. */ while ((ret == 0) && (idx < (word32)sz)) { @@ -19728,10 +19768,10 @@ end: GetASN_Int8Bit(&dataASN[CERTEXTASN_IDX_CRIT], &critical); /* Parse extension wrapper. */ ret = GetASN_Items(certExtASN, dataASN, certExtASN_Length, 0, input, - &idx, sz); + &idx, (word32)sz); if (ret == 0) { word32 oid = dataASN[CERTEXTASN_IDX_OID].data.oid.sum; - int length = dataASN[CERTEXTASN_IDX_VAL].length; + word32 length = dataASN[CERTEXTASN_IDX_VAL].length; /* Decode the extension by type. */ ret = DecodeExtensionType(input + idx, length, oid, critical, cert, @@ -20009,7 +20049,7 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt, /* Set fields extracted from data. */ cert->version = version; - cert->serialSz = serialSz; + cert->serialSz = (int)serialSz; cert->signatureOID = dataASN[X509CERTASN_IDX_TBS_ALGOID_OID].data.oid.sum; cert->keyOID = dataASN[X509CERTASN_IDX_TBS_SPUBKEYINFO_ALGO_OID].data.oid.sum; cert->certBegin = dataASN[X509CERTASN_IDX_TBS_SEQ].offset; @@ -20025,7 +20065,7 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt, } /* Store reference to BEFOREdate. */ cert->beforeDate = GetASNItem_Addr(dataASN[i], cert->source); - cert->beforeDateLen = GetASNItem_Length(dataASN[i], cert->source); + cert->beforeDateLen = (int)GetASNItem_Length(dataASN[i], cert->source); /* Find the item with the AFTER date and check it. */ i = (dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTA_UTC].tag != 0) @@ -20036,7 +20076,7 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt, } /* Store reference to AFTER date. */ cert->afterDate = GetASNItem_Addr(dataASN[i], cert->source); - cert->afterDateLen = GetASNItem_Length(dataASN[i], cert->source); + cert->afterDateLen = (int)GetASNItem_Length(dataASN[i], cert->source); /* Get the issuer name and calculate hash. */ idx = dataASN[X509CERTASN_IDX_TBS_ISSUER_SEQ].offset; @@ -20070,7 +20110,7 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt, if (badDateRet != NULL) { *badDateRet = badDate; } - ret = dataASN[X509CERTASN_IDX_TBS_SPUBKEYINFO_SEQ].offset; + ret = (int)dataASN[X509CERTASN_IDX_TBS_SPUBKEYINFO_SEQ].offset; done = 1; } } @@ -20170,7 +20210,7 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt, /* Save references to extension data. */ cert->extensions = GetASNItem_Addr( dataASN[X509CERTASN_IDX_TBS_EXT], cert->source); - cert->extensionsSz = GetASNItem_Length( + cert->extensionsSz = (int)GetASNItem_Length( dataASN[X509CERTASN_IDX_TBS_EXT], cert->source); cert->extensionsIdx = dataASN[X509CERTASN_IDX_TBS_EXT].offset; @@ -20299,7 +20339,7 @@ static int DecodeCertReqAttrValue(DecodedCert* cert, int* criticalExt, cert->contentType = (char*)strDataASN[STRATTRASN_IDX_STR].data.ref.data; cert->contentTypeLen = - strDataASN[STRATTRASN_IDX_STR].data.ref.length; + (int)strDataASN[STRATTRASN_IDX_STR].data.ref.length; } break; @@ -20317,7 +20357,8 @@ static int DecodeCertReqAttrValue(DecodedCert* cert, int* criticalExt, /* Store references to password data. */ cert->cPwd = (char*)strDataASN[STRATTRASN_IDX_STR].data.ref.data; - cert->cPwdLen = strDataASN[STRATTRASN_IDX_STR].data.ref.length; + cert->cPwdLen = (int)strDataASN[STRATTRASN_IDX_STR]. + data.ref.length; } break; @@ -20336,10 +20377,11 @@ static int DecodeCertReqAttrValue(DecodedCert* cert, int* criticalExt, /* Store references to serial number. */ cert->sNum = (char*)strDataASN[STRATTRASN_IDX_STR].data.ref.data; - cert->sNumLen = strDataASN[STRATTRASN_IDX_STR].data.ref.length; + cert->sNumLen = (int)strDataASN[STRATTRASN_IDX_STR]. + data.ref.length; /* Store serial number if small enough. */ if (cert->sNumLen <= EXTERNAL_SERIAL_SIZE) { - XMEMCPY(cert->serial, cert->sNum, cert->sNumLen); + XMEMCPY(cert->serial, cert->sNum, (size_t)cert->sNumLen); cert->serialSz = cert->sNumLen; } } @@ -20351,7 +20393,7 @@ static int DecodeCertReqAttrValue(DecodedCert* cert, int* criticalExt, case EXTENSION_REQUEST_OID: /* Store references to all extensions. */ cert->extensions = input; - cert->extensionsSz = maxIdx; + cert->extensionsSz = (int)maxIdx; cert->extensionsIdx = aIdx; /* Decode and validate extensions. */ @@ -20591,11 +20633,11 @@ int ParseCert(DecodedCert* cert, int type, int verify, void* cm) defined(WOLFSSL_DYN_CERT) /* cert->subjectCN not stored as copy of WOLFSSL_NO_MALLOC defind */ if (cert->subjectCNLen > 0) { - ptr = (char*) XMALLOC(cert->subjectCNLen + 1, cert->heap, + ptr = (char*)XMALLOC((size_t)cert->subjectCNLen + 1, cert->heap, DYNAMIC_TYPE_SUBJECT_CN); if (ptr == NULL) return MEMORY_E; - XMEMCPY(ptr, cert->subjectCN, cert->subjectCNLen); + XMEMCPY(ptr, cert->subjectCN, (size_t)cert->subjectCNLen); ptr[cert->subjectCNLen] = '\0'; cert->subjectCN = ptr; cert->subjectCNStored = 1; @@ -20610,7 +20652,7 @@ int ParseCert(DecodedCert* cert, int type, int verify, void* cm) || cert->keyOID == RSAPSSk #endif ) && cert->publicKey != NULL && cert->pubKeySize > 0) { - ptr = (char*) XMALLOC(cert->pubKeySize, cert->heap, + ptr = (char*)XMALLOC(cert->pubKeySize, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY); if (ptr == NULL) return MEMORY_E; @@ -21410,7 +21452,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) } if (len) { - word32 attrMaxIdx = cert->srcIdx + len; + word32 attrMaxIdx = cert->srcIdx + (word32)len; word32 oid; byte tag; @@ -21451,7 +21493,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) } cert->contentType = (char*)cert->source + cert->srcIdx; cert->contentTypeLen = len; - cert->srcIdx += len; + cert->srcIdx += (word32)len; break; case CHALLENGE_PASSWORD_OID: if (GetHeader(cert->source, &tag, @@ -21466,7 +21508,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) } cert->cPwd = (char*)cert->source + cert->srcIdx; cert->cPwdLen = len; - cert->srcIdx += len; + cert->srcIdx += (word32)len; break; case SERIAL_NUMBER_OID: if (GetHeader(cert->source, &tag, @@ -21481,9 +21523,10 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) } cert->sNum = (char*)cert->source + cert->srcIdx; cert->sNumLen = len; - cert->srcIdx += len; + cert->srcIdx += (word32)len; if (cert->sNumLen <= EXTERNAL_SERIAL_SIZE) { - XMEMCPY(cert->serial, cert->sNum, cert->sNumLen); + XMEMCPY(cert->serial, cert->sNum, + (size_t)cert->sNumLen); cert->serialSz = cert->sNumLen; } break; @@ -21495,7 +21538,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) } cert->dnQualifier = (char*)cert->source + cert->srcIdx; cert->dnQualifierLen = len; - cert->srcIdx += len; + cert->srcIdx += (word32)len; break; case INITIALS_OID: if (GetHeader(cert->source, &tag, @@ -21505,7 +21548,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) } cert->initials = (char*)cert->source + cert->srcIdx; cert->initialsLen = len; - cert->srcIdx += len; + cert->srcIdx += (word32)len; break; case SURNAME_OID: if (GetHeader(cert->source, &tag, @@ -21515,7 +21558,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) } cert->surname = (char*)cert->source + cert->srcIdx; cert->surnameLen = len; - cert->srcIdx += len; + cert->srcIdx += (word32)len; break; case GIVEN_NAME_OID: if (GetHeader(cert->source, &tag, @@ -21525,7 +21568,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) } cert->givenName = (char*)cert->source + cert->srcIdx; cert->givenNameLen = len; - cert->srcIdx += len; + cert->srcIdx += (word32)len; break; case UNSTRUCTURED_NAME_OID: if (GetHeader(cert->source, &tag, @@ -21536,7 +21579,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) cert->unstructuredName = (char*)cert->source + cert->srcIdx; cert->unstructuredNameLen = len; - cert->srcIdx += len; + cert->srcIdx += (word32)len; break; case EXTENSION_REQUEST_OID: /* save extensions */ @@ -21552,7 +21595,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) return ret; } } - cert->srcIdx += len; + cert->srcIdx += (word32)len; break; default: WOLFSSL_MSG("Unsupported attribute type"); @@ -21575,7 +21618,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) /* save extensions */ cert->extensions = &cert->source[cert->srcIdx]; - cert->extensionsSz = cert->sigIndex - cert->srcIdx; + cert->extensionsSz = (int)(cert->sigIndex - cert->srcIdx); cert->extensionsIdx = cert->srcIdx; /* for potential later use */ if ((ret = DecodeCertExtensions(cert)) < 0) { @@ -22127,7 +22170,7 @@ int SetSerialNumber(const byte* sn, word32 snSz, byte* output, /* write out ASN.1 Integer */ (void)SetASNInt(snSzInt, sn[0], output); - XMEMCPY(output + i, sn, snSzInt); + XMEMCPY(output + i, sn, (size_t)snSzInt); /* compute final length */ i += snSzInt; @@ -22169,7 +22212,7 @@ int wc_GetSerialNumber(const byte* input, word32* inOutIdx, /* return serial */ XMEMCPY(serial, &input[*inOutIdx], (size_t)*serialSz); - *inOutIdx += *serialSz; + *inOutIdx += (word32)*serialSz; return result; } @@ -22670,7 +22713,7 @@ int wc_EncryptedInfoParse(EncryptedInfo* info, const char** pBuffer, /* get cipher name */ if (NAME_SZ < (finish - start)) /* buffer size of info->name */ return BUFFER_E; - if (XMEMCPY(info->name, start, finish - start) == NULL) + if (XMEMCPY(info->name, start, (size_t)(finish - start)) == NULL) return BUFFER_E; info->name[finish - start] = '\0'; /* null term */ @@ -22729,7 +22772,7 @@ static int wc_EncryptedInfoAppend(char* dest, int destSz, char* cipherInfo) XSTRNCAT(dest, ": 4,ENCRYPTED\n", 15); XSTRNCAT(dest, kDecInfoHeader, 9); XSTRNCAT(dest, ": ", 3); - XSTRNCAT(dest, cipherInfo, destSz - (int)XSTRLEN(dest) - 1); + XSTRNCAT(dest, cipherInfo, (size_t)destSz - XSTRLEN(dest) - 1); XSTRNCAT(dest, "\n\n", 4); } } @@ -22790,9 +22833,9 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz, #endif /* build header and footer based on type */ - XSTRNCPY(header, headerStr, headerLen - 1); + XSTRNCPY(header, headerStr, (size_t)headerLen - 1); header[headerLen - 2] = 0; - XSTRNCPY(footer, footerStr, footerLen - 1); + XSTRNCPY(footer, footerStr, (size_t)footerLen - 1); footer[footerLen - 2] = 0; /* add new line to end */ @@ -22837,7 +22880,7 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz, } /* don't even try if outSz too short */ - if (outSz < headerLen + footerLen + derSz) { + if (outSz < (word32)headerLen + (word32)footerLen + derSz) { #ifdef WOLFSSL_SMALL_STACK XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -22846,7 +22889,7 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz, } /* header */ - XMEMCPY(output, header, headerLen); + XMEMCPY(output, header, (size_t)headerLen); i = headerLen; #ifdef WOLFSSL_SMALL_STACK @@ -22854,7 +22897,7 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz, #endif /* body */ - outLen = outSz - (headerLen + footerLen); /* input to Base64_Encode */ + outLen = (int)outSz - (headerLen + footerLen); /* input to Base64_Encode */ if ( (err = Base64_Encode(der, derSz, output + i, (word32*)&outLen)) < 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -22871,7 +22914,7 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz, #endif return BAD_FUNC_ARG; } - XMEMCPY(output + i, footer, footerLen); + XMEMCPY(output + i, footer, (size_t)footerLen); #ifdef WOLFSSL_SMALL_STACK XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -22916,7 +22959,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type, /* map header if not found for type */ for (;;) { - headerEnd = XSTRNSTR((char*)buff, header, sz); + headerEnd = XSTRNSTR((char*)buff, header, (word32)sz); if (headerEnd) { break; } @@ -23099,7 +23142,8 @@ int PemToDer(const unsigned char* buff, long longSz, int type, #ifdef WOLFSSL_ENCRYPTED_KEYS if (info) { - ret = wc_EncryptedInfoParse(info, &headerEnd, bufferEnd - headerEnd); + ret = wc_EncryptedInfoParse(info, &headerEnd, + (size_t)(bufferEnd - headerEnd)); if (ret < 0) return ret; if (info->set) @@ -23161,7 +23205,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type, ret = ToTraditionalInline_ex(der->buffer, &idx, der->length, &algId); if (ret > 0) { if (keyFormat) - *keyFormat = algId; + *keyFormat = (int)algId; } else { /* ignore failure here and assume key is not pkcs8 wrapped */ @@ -23207,7 +23251,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type, password, passwordSz); if (ret > 0) { /* update length by decrypted content */ - der->length = ret; + der->length = (word32)ret; idx = 0; /* detect pkcs8 key and get alg type */ /* keep PKCS8 header */ @@ -23215,7 +23259,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type, &algId); if (ret >= 0) { if (keyFormat) - *keyFormat = algId; + *keyFormat = (int)algId; ret = 0; } } @@ -23260,7 +23304,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type, (der->length % DES_BLOCK_SIZE) != 0) { padVal = der->buffer[der->length-1]; if (padVal < DES_BLOCK_SIZE) { - der->length -= padVal; + der->length -= (word32)padVal; } } } @@ -23271,7 +23315,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type, if (der->length > AES_BLOCK_SIZE) { padVal = der->buffer[der->length-1]; if (padVal <= AES_BLOCK_SIZE) { - der->length -= padVal; + der->length -= (word32)padVal; } } } @@ -23284,7 +23328,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type, PEMerr(0, PEM_R_BAD_DECRYPT); } #endif - ForceZero(password, passwordSz); + ForceZero(password, (word32)passwordSz); } #ifdef OPENSSL_EXTRA else { @@ -23313,7 +23357,7 @@ int wc_PemToDer(const unsigned char* buff, long longSz, int type, /* if a PKCS8 key header exists remove it */ ret = ToTraditional(der->buffer, der->length); if (ret > 0) { - der->length = ret; + der->length = (word32)ret; } ret = 0; /* ignore error removing PKCS8 header */ } @@ -23330,8 +23374,8 @@ static int KeyPemToDerPassCb(char* passwd, int sz, int rw, void* userdata) if (userdata == NULL) return 0; - XSTRNCPY(passwd, (char*)userdata, sz); - return min((word32)sz, (word32)XSTRLEN((char*)userdata)); + XSTRNCPY(passwd, (char*)userdata, (size_t)sz); + return (int)min((word32)sz, (word32)XSTRLEN((char*)userdata)); } #endif @@ -23380,11 +23424,11 @@ int wc_KeyPemToDer(const unsigned char* pem, int pemSz, } else if (buff == NULL) { WOLFSSL_MSG("Return needed der buff length"); - ret = der->length; + ret = (int)der->length; } else if (der->length <= (word32)buffSz) { XMEMCPY(buff, der->buffer, der->length); - ret = der->length; + ret = (int)der->length; } else { WOLFSSL_MSG("Bad der length"); @@ -23423,7 +23467,7 @@ int wc_CertPemToDer(const unsigned char* pem, int pemSz, else { if (der->length <= (word32)buffSz) { XMEMCPY(buff, der->buffer, der->length); - ret = der->length; + ret = (int)der->length; } else { WOLFSSL_MSG("Bad der length"); @@ -23462,11 +23506,11 @@ int wc_PubKeyPemToDer(const unsigned char* pem, int pemSz, } else if (buff == NULL) { WOLFSSL_MSG("Return needed der buff length"); - ret = der->length; + ret = (int)der->length; } else if (der->length <= (word32)buffSz) { XMEMCPY(buff, der->buffer, der->length); - ret = der->length; + ret = (int)der->length; } else { WOLFSSL_MSG("Bad der length"); @@ -23528,7 +23572,7 @@ int wc_PemCertToDer_ex(const char* fileName, DerBuffer** der) else #endif { - fileBuf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE); + fileBuf = (byte*)XMALLOC((size_t)sz, NULL, DYNAMIC_TYPE_FILE); if (fileBuf == NULL) ret = MEMORY_E; else @@ -23536,7 +23580,7 @@ int wc_PemCertToDer_ex(const char* fileName, DerBuffer** der) } } if (ret == 0) { - if ((size_t)XFREAD(fileBuf, 1, sz, file) != (size_t)sz) { + if ((size_t)XFREAD(fileBuf, 1, (size_t)sz, file) != (size_t)sz) { ret = IO_FAILED_E; } else { @@ -23560,7 +23604,7 @@ int wc_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz) if (ret == 0) { if (converted->length < (word32)derSz) { XMEMCPY(derBuf, converted->buffer, converted->length); - ret = converted->length; + ret = (int)converted->length; } else ret = BUFFER_E; @@ -23619,7 +23663,7 @@ int wc_PemPubKeyToDer_ex(const char* fileName, DerBuffer** der) else #endif { - fileBuf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE); + fileBuf = (byte*)XMALLOC((size_t)sz, NULL, DYNAMIC_TYPE_FILE); if (fileBuf == NULL) ret = MEMORY_E; else @@ -23627,7 +23671,7 @@ int wc_PemPubKeyToDer_ex(const char* fileName, DerBuffer** der) } } if (ret == 0) { - if ((size_t)XFREAD(fileBuf, 1, sz, file) != (size_t)sz) { + if ((size_t)XFREAD(fileBuf, 1, (size_t)sz, file) != (size_t)sz) { ret = BUFFER_E; } else { @@ -23653,7 +23697,7 @@ int wc_PemPubKeyToDer(const char* fileName, if (ret == 0) { if (converted->length < (word32)derSz) { XMEMCPY(derBuf, converted->buffer, converted->length); - ret = converted->length; + ret = (int)converted->length; } else ret = BUFFER_E; @@ -23838,7 +23882,8 @@ static int SetRsaPublicKey(byte* output, RsaKey* key, int outLen, int with_header) { #ifndef WOLFSSL_ASN_TEMPLATE - int idx, nSz, eSz, seqSz, headSz = 0, bitStringSz = 0, algoSz = 0; + int nSz, eSz; + word32 seqSz, algoSz = 0, headSz = 0, bitStringSz = 0, idx; byte seq[MAX_SEQ_SZ]; byte headSeq[MAX_SEQ_SZ]; byte bitString[1 + MAX_LENGTH_SZ + 1]; @@ -23863,22 +23908,23 @@ static int SetRsaPublicKey(byte* output, RsaKey* key, int outLen, #endif if (eSz < 0) return eSz; - seqSz = SetSequence(nSz + eSz, seq); + seqSz = SetSequence((word32)(nSz + eSz), seq); /* headers */ if (with_header) { algoSz = SetAlgoID(RSAk, algo, oidKeyType, 0); - bitStringSz = SetBitString(seqSz + nSz + eSz, 0, bitString); - headSz = SetSequence(nSz + eSz + seqSz + bitStringSz + algoSz, headSeq); + bitStringSz = SetBitString(seqSz + (word32)(nSz + eSz), 0, bitString); + headSz = SetSequence((word32)(nSz + eSz) + seqSz + bitStringSz + algoSz, + headSeq); } /* if getting length only */ if (output == NULL) { - return headSz + algoSz + bitStringSz + seqSz + nSz + eSz; + return (int)(headSz + algoSz + bitStringSz + seqSz) + nSz + eSz; } /* check output size */ - if ((headSz + algoSz + bitStringSz + seqSz + nSz + eSz) > outLen) { + if (((int)(headSz + algoSz + bitStringSz + seqSz) + nSz + eSz) > outLen) { return BUFFER_E; } @@ -23905,16 +23951,16 @@ static int SetRsaPublicKey(byte* output, RsaKey* key, int outLen, #else nSz = SetASNIntMP(&key->n, nSz, output + idx); #endif - idx += nSz; + idx += (word32)nSz; /* e */ #ifdef HAVE_USER_RSA eSz = SetASNIntRSA(key->e, output + idx); #else eSz = SetASNIntMP(&key->e, eSz, output + idx); #endif - idx += eSz; + idx += (word32)eSz; - return idx; + return (int)idx; #else DECL_ASNSETDATA(dataASN, rsaPublicKeyASN_Length); int sz = 0; @@ -23948,7 +23994,7 @@ static int SetRsaPublicKey(byte* output, RsaKey* key, int outLen, #endif /* Calculate size of RSA public key. */ ret = SizeASN_Items(rsaPublicKeyASN + o, dataASN + o, - rsaPublicKeyASN_Length - o, &sz); + (int)rsaPublicKeyASN_Length - o, &sz); } /* Check output buffer is big enough for encoding. */ if ((ret == 0) && (output != NULL) && (sz > outLen)) { @@ -23957,7 +24003,7 @@ static int SetRsaPublicKey(byte* output, RsaKey* key, int outLen, if ((ret == 0) && (output != NULL)) { /* Encode RSA public key. */ SetASN_Items(rsaPublicKeyASN + o, dataASN + o, - rsaPublicKeyASN_Length - o, output); + (int)rsaPublicKeyASN_Length - o, output); } if (ret == 0) { /* Return size of encoding. */ @@ -24002,7 +24048,7 @@ int wc_RsaPublicKeyDerSize(RsaKey* key, int with_header) */ int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen) { - return SetRsaPublicKey(output, key, inLen, 1); + return SetRsaPublicKey(output, key, (int)inLen, 1); } /* Returns public DER version of the RSA key. If with_header is 0 then only a @@ -24010,7 +24056,7 @@ int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen) int wc_RsaKeyToPublicDer_ex(RsaKey* key, byte* output, word32 inLen, int with_header) { - return SetRsaPublicKey(output, key, inLen, with_header); + return SetRsaPublicKey(output, key, (int)inLen, with_header); } #endif /* !NO_RSA && (WOLFSSL_CERT_GEN || WOLFSSL_KCAPI_RSA || @@ -24034,8 +24080,8 @@ int wc_RsaKeyToPublicDer_ex(RsaKey* key, byte* output, word32 inLen, int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen) { #ifndef WOLFSSL_ASN_TEMPLATE - int ret = 0, i, j, outLen = 0, mpSz; - word32 seqSz = 0, verSz = 0, rawLen, intTotalLen = 0; + int ret = 0, i, mpSz; + word32 j, seqSz = 0, verSz = 0, rawLen, intTotalLen = 0, outLen = 0; word32 sizes[RSA_INTS]; byte seq[MAX_SEQ_SZ]; byte ver[MAX_VERSION_SZ]; @@ -24052,9 +24098,13 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen) /* write all big ints from key to DER tmps */ for (i = 0; i < RSA_INTS; i++) { - mp_int* keyInt = GetRsaInt(key, (byte)i); + mp_int* keyInt = GetRsaInt(key, i); - rawLen = mp_unsigned_bin_size(keyInt) + 1; + ret = mp_unsigned_bin_size(keyInt); + if (ret < 0) + return ret; + rawLen = (word32)ret + 1; + ret = 0; if (output != NULL) { tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, key->heap, DYNAMIC_TYPE_RSA); @@ -24069,16 +24119,21 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen) ret = mpSz; break; } - intTotalLen += (sizes[i] = mpSz); + sizes[i] = (word32)mpSz; + intTotalLen += (word32)mpSz; } if (ret == 0) { /* make headers */ - verSz = SetMyVersion(0, ver, FALSE); - seqSz = SetSequence(verSz + intTotalLen, seq); + ret = SetMyVersion(0, ver, FALSE); + } + if (ret >= 0) { + verSz = (word32)ret; + ret = 0; + seqSz = SetSequence(verSz + intTotalLen, seq); outLen = seqSz + verSz + intTotalLen; - if (output != NULL && outLen > (int)inLen) + if (output != NULL && outLen > inLen) ret = BUFFER_E; } if (ret == 0 && output != NULL) { @@ -24100,7 +24155,7 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen) } if (ret == 0) - ret = outLen; + ret = (int)outLen; return ret; #else DECL_ASNSETDATA(dataASN, rsaKeyASN_Length); @@ -24476,13 +24531,13 @@ static int SetEccPublicKey(byte* output, ecc_key* key, int outLen, int with_header, int comp) { #ifndef WOLFSSL_ASN_TEMPLATE - int ret, idx = 0, algoSz, curveSz, bitStringSz; - word32 pubSz; + int ret; + word32 idx = 0, curveSz, algoSz, pubSz, bitStringSz; byte bitString[1 + MAX_LENGTH_SZ + 1]; /* 6 */ byte algo[MAX_ALGO_SZ]; /* 20 */ /* public size */ - pubSz = key->dp ? key->dp->size : MAX_ECC_BYTES; + pubSz = key->dp ? (word32)key->dp->size : MAX_ECC_BYTES; if (comp) pubSz = 1 + pubSz; else @@ -24495,13 +24550,15 @@ static int SetEccPublicKey(byte* output, ecc_key* key, int outLen, /* headers */ if (with_header) { - curveSz = SetCurve(key, NULL, 0); - if (curveSz <= 0) { - return curveSz; + ret = SetCurve(key, NULL, 0); + if (ret <= 0) { + return ret; } + curveSz = (word32)ret; + ret = 0; /* calculate size */ - algoSz = SetAlgoID(ECDSAk, algo, oidKeyType, curveSz); + algoSz = SetAlgoID(ECDSAk, algo, oidKeyType, (int)curveSz); bitStringSz = SetBitString(pubSz, 0, bitString); idx = SetSequence(pubSz + curveSz + bitStringSz + algoSz, NULL); @@ -24511,7 +24568,8 @@ static int SetEccPublicKey(byte* output, ecc_key* key, int outLen, return BUFFER_E; } - idx = SetSequence(pubSz + curveSz + bitStringSz + algoSz, output); + idx = SetSequence(pubSz + curveSz + bitStringSz + algoSz, + output); /* algo */ if (output) XMEMCPY(output + idx, algo, algoSz); @@ -24537,7 +24595,7 @@ static int SetEccPublicKey(byte* output, ecc_key* key, int outLen, } idx += pubSz; - return idx; + return (int)idx; #else word32 pubSz = 0; int sz = 0; @@ -24590,7 +24648,7 @@ static int SetEccPublicKey(byte* output, ecc_key* key, int outLen, oidKeyType); /* Set the curve OID. */ SetASN_ReplaceBuffer(&dataASN[ECCPUBLICKEYASN_IDX_ALGOID_CURVEID], - NULL, curveIdSz); + NULL, (word32)curveIdSz); /* Don't try to write out explicit parameters. */ dataASN[ECCPUBLICKEYASN_IDX_ALGOID_PARAMS].noOut = 1; /* Set size of public point to ensure space is made for it. */ @@ -24609,7 +24667,7 @@ static int SetEccPublicKey(byte* output, ecc_key* key, int outLen, SetASN_Items(eccPublicKeyASN, dataASN, eccPublicKeyASN_Length, output); /* Skip to where public point is to be encoded. */ - output += sz - pubSz; + output += sz - (int)pubSz; /* Cache the location to place the name curve OID. */ curveOid = (byte*) dataASN[ECCPUBLICKEYASN_IDX_ALGOID_CURVEID].data.buffer.data; @@ -24622,12 +24680,12 @@ static int SetEccPublicKey(byte* output, ecc_key* key, int outLen, } else { /* Total size is the public point size. */ - sz = pubSz; + sz = (int)pubSz; } if ((ret == 0) && (output != NULL)) { /* Put named curve OID data into encoding. */ - curveIdSz = SetCurve(key, curveOid, curveIdSz); + curveIdSz = SetCurve(key, curveOid, (size_t)curveIdSz); if (curveIdSz < 0) { ret = curveIdSz; } @@ -24664,13 +24722,13 @@ WOLFSSL_ABI int wc_EccPublicKeyToDer(ecc_key* key, byte* output, word32 inLen, int with_AlgCurve) { - return SetEccPublicKey(output, key, inLen, with_AlgCurve, 0); + return SetEccPublicKey(output, key, (int)inLen, with_AlgCurve, 0); } int wc_EccPublicKeyToDer_ex(ecc_key* key, byte* output, word32 inLen, int with_AlgCurve, int comp) { - return SetEccPublicKey(output, key, inLen, with_AlgCurve, comp); + return SetEccPublicKey(output, key, (int)inLen, with_AlgCurve, comp); } int wc_EccPublicKeyDerSize(ecc_key* key, int with_AlgCurve) @@ -24777,7 +24835,7 @@ int SetAsymKeyDerPublic(const byte* pubKey, word32 pubKeyLen, } if (ret == 0) { - ret = sz; + ret = (int)sz; } #else if (withHeader) { @@ -24785,7 +24843,7 @@ int SetAsymKeyDerPublic(const byte* pubKey, word32 pubKeyLen, if (ret == 0) { /* Set the OID. */ - SetASN_OID(&dataASN[EDPUBKEYASN_IDX_ALGOID_OID], keyType, + SetASN_OID(&dataASN[EDPUBKEYASN_IDX_ALGOID_OID], (word32)keyType, oidKeyType); /* Leave space for public point. */ SetASN_Buffer(&dataASN[EDPUBKEYASN_IDX_PUBKEY], NULL, pubKeyLen); @@ -24808,7 +24866,7 @@ int SetAsymKeyDerPublic(const byte* pubKey, word32 pubKeyLen, ret = BUFFER_E; } else if (ret == 0) { - sz = pubKeyLen; + sz = (int)pubKeyLen; } if ((ret == 0) && (output != NULL)) { @@ -24931,18 +24989,19 @@ static void SetTime(struct tm* date, byte* output) /* Copy Dates from cert, return bytes written */ static int CopyValidity(byte* output, Cert* cert) { - int seqSz; + word32 seqSz; WOLFSSL_ENTER("CopyValidity"); /* headers and output */ - seqSz = SetSequence(cert->beforeDateSz + cert->afterDateSz, output); + seqSz = SetSequence((word32)(cert->beforeDateSz + cert->afterDateSz), + output); if (output) { - XMEMCPY(output + seqSz, cert->beforeDate, cert->beforeDateSz); + XMEMCPY(output + seqSz, cert->beforeDate, (size_t)cert->beforeDateSz); XMEMCPY(output + seqSz + cert->beforeDateSz, cert->afterDate, - cert->afterDateSz); + (size_t)cert->afterDateSz); } - return seqSz + cert->beforeDateSz + cert->afterDateSz; + return (int)seqSz + cert->beforeDateSz + cert->afterDateSz; } #endif /* !WOLFSSL_ASN_TEMPLATE */ @@ -25116,18 +25175,18 @@ static int SetExtensions(byte* out, word32 outSz, int *IdxInOut, if (outSz < (word32)(*IdxInOut+extSz)) return BUFFER_E; - XMEMCPY(&out[*IdxInOut], ext, extSz); /* extensions */ + XMEMCPY(&out[*IdxInOut], ext, (size_t)extSz); /* extensions */ *IdxInOut += extSz; return *IdxInOut; } /* encode extensions header, return total bytes written */ -static int SetExtensionsHeader(byte* out, word32 outSz, int extSz) +static int SetExtensionsHeader(byte* out, word32 outSz, word32 extSz) { byte sequence[MAX_SEQ_SZ]; byte len[MAX_LENGTH_SZ]; - int seqSz, lenSz, idx = 0; + word32 seqSz, lenSz, idx = 0; if (out == NULL) return BAD_FUNC_ARG; @@ -25150,7 +25209,7 @@ static int SetExtensionsHeader(byte* out, word32 outSz, int extSz) XMEMCPY(&out[idx], sequence, seqSz); /* sequence */ idx += seqSz; - return idx; + return (int)idx; } @@ -25229,7 +25288,7 @@ static int SetBC(byte* out, word32 outSz) static int SetOidValue(byte* out, word32 outSz, const byte *oid, word32 oidSz, byte *in, word32 inSz) { - int idx = 0; + word32 idx = 0; if (out == NULL || oid == NULL || in == NULL) return BAD_FUNC_ARG; @@ -25248,7 +25307,7 @@ static int SetOidValue(byte* out, word32 outSz, const byte *oid, word32 oidSz, out[idx++] = (byte)inSz; XMEMCPY(out+idx, in, inSz); - return (idx+inSz); + return (int)(idx+inSz); } /* encode Subject Key Identifier, return total bytes written @@ -25257,7 +25316,7 @@ static int SetSKID(byte* output, word32 outSz, const byte *input, word32 length) { byte skid_len[1 + MAX_LENGTH_SZ]; byte skid_enc_len[MAX_LENGTH_SZ]; - int idx = 0, skid_lenSz, skid_enc_lenSz; + word32 idx = 0, skid_lenSz, skid_enc_lenSz; const byte skid_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04 }; if (output == NULL || input == NULL) @@ -25272,8 +25331,8 @@ static int SetSKID(byte* output, word32 outSz, const byte *input, word32 length) if (outSz < 3) return BUFFER_E; - idx = SetSequence(length + sizeof(skid_oid) + skid_lenSz + skid_enc_lenSz, - output); + idx = SetSequence(length + (word32)sizeof(skid_oid) + skid_lenSz + + skid_enc_lenSz, output); if ((length + sizeof(skid_oid) + skid_lenSz + skid_enc_lenSz) > outSz) return BUFFER_E; @@ -25294,7 +25353,7 @@ static int SetSKID(byte* output, word32 outSz, const byte *input, word32 length) XMEMCPY(output+idx, input, length); idx += length; - return idx; + return (int)idx; } /* encode Authority Key Identifier, return total bytes written @@ -25302,12 +25361,12 @@ static int SetSKID(byte* output, word32 outSz, const byte *input, word32 length) static int SetAKID(byte* output, word32 outSz, byte *input, word32 length, byte rawAkid) { - int enc_valSz, inSeqSz; + int enc_valSz; byte enc_val_buf[MAX_KID_SZ]; byte* enc_val; const byte akid_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x23 }; const byte akid_cs[] = { 0x80 }; - word32 idx; + word32 inSeqSz, idx; (void)rawAkid; @@ -25323,20 +25382,20 @@ static int SetAKID(byte* output, word32 outSz, byte *input, word32 length, #endif { enc_val = enc_val_buf; - enc_valSz = length + 3 + sizeof(akid_cs); + enc_valSz = (int)length + 3 + (int)sizeof(akid_cs); if (enc_valSz > (int)sizeof(enc_val_buf)) return BAD_FUNC_ARG; /* sequence for ContentSpec & value */ - enc_valSz = SetOidValue(enc_val, enc_valSz, akid_cs, sizeof(akid_cs), - input, length); + enc_valSz = SetOidValue(enc_val, (word32)enc_valSz, akid_cs, + sizeof(akid_cs), input, length); if (enc_valSz <= 0) return enc_valSz; } /* The size of the extension sequence contents */ - inSeqSz = sizeof(akid_oid) + SetOctetString(enc_valSz, NULL) + - enc_valSz; + inSeqSz = (word32)sizeof(akid_oid) + + SetOctetString((word32)enc_valSz, NULL) + (word32)enc_valSz; if (SetSequence(inSeqSz, NULL) + inSeqSz > outSz) return BAD_FUNC_ARG; @@ -25349,10 +25408,10 @@ static int SetAKID(byte* output, word32 outSz, byte *input, word32 length, idx += sizeof(akid_oid); /* Write out AKID */ - idx += SetOctetString(enc_valSz, output + idx); - XMEMCPY(output + idx, enc_val, enc_valSz); + idx += SetOctetString((word32)enc_valSz, output + idx); + XMEMCPY(output + idx, enc_val, (size_t)enc_valSz); - return idx + enc_valSz; + return (int)idx + enc_valSz; } /* encode Key Usage, return total bytes written @@ -25360,7 +25419,7 @@ static int SetAKID(byte* output, word32 outSz, byte *input, word32 length, static int SetKeyUsage(byte* output, word32 outSz, word16 input) { byte ku[5]; - int idx; + word32 idx; const byte keyusage_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04}; if (output == NULL) @@ -25371,14 +25430,14 @@ static int SetKeyUsage(byte* output, word32 outSz, word16 input) ku, idx); } -static int SetOjectIdValue(byte* output, word32 outSz, int* idx, +static int SetOjectIdValue(byte* output, word32 outSz, word32* idx, const byte* oid, word32 oidSz) { /* verify room */ if (*idx + 2 + oidSz >= outSz) return ASN_PARSE_E; - *idx += SetObjectId(oidSz, &output[*idx]); + *idx += (word32)SetObjectId((int)oidSz, &output[*idx]); XMEMCPY(&output[*idx], oid, oidSz); *idx += oidSz; @@ -25421,7 +25480,8 @@ struct { static int SetExtKeyUsage(Cert* cert, byte* output, word32 outSz, byte input) { #ifndef WOLFSSL_ASN_TEMPLATE - int idx = 0, oidListSz = 0, totalSz, ret = 0; + word32 idx = 0, oidListSz = 0, totalSz; + int ret = 0; const byte extkeyusage_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x25 }; if (output == NULL) @@ -25494,14 +25554,14 @@ static int SetExtKeyUsage(Cert* cert, byte* output, word32 outSz, byte input) idx += oidListSz; (void)cert; - return idx; + return (int)idx; #else /* TODO: consider calculating size of OBJECT_IDs, setting length into * SEQUENCE, encode SEQUENCE, encode OBJECT_IDs into buffer. */ ASNSetData* dataASN; ASNItem* extKuASN = NULL; int asnIdx = 1; - int cnt = 1 + EKU_OID_HI; + size_t cnt = 1 + EKU_OID_HI; int i; int ret = 0; int sz = 0; @@ -25647,7 +25707,7 @@ static int SetNsCertType(Cert* cert, byte* output, word32 outSz, byte input) idx += SetBitString(1, unusedBits, &output[idx]); output[idx++] = nsCertType; - return idx; + return (int)idx; } #endif #endif @@ -25664,7 +25724,8 @@ static int SetCRLInfo(Cert* cert, byte* output, word32 outSz, byte* input, input == 0 || inSz <= 0) return BAD_FUNC_ARG; - totalSz = sizeof(crlinfo_oid) + SetOctetString(inSz, NULL) + inSz; + totalSz = (word32)sizeof(crlinfo_oid) + SetOctetString((word32)inSz, NULL) + + (word32)inSz; if (SetSequence(totalSz, NULL) + totalSz > outSz) return BAD_FUNC_ARG; @@ -25677,13 +25738,13 @@ static int SetCRLInfo(Cert* cert, byte* output, word32 outSz, byte* input, idx += sizeof(crlinfo_oid); /* 3. Octet String */ - idx += SetOctetString(inSz, &output[idx]); + idx += SetOctetString((word32)inSz, &output[idx]); /* 4. CRL Info */ - XMEMCPY(&output[idx], input, inSz); - idx += inSz; + XMEMCPY(&output[idx], input, (size_t)inSz); + idx += (word32)inSz; - return idx; + return (int)idx; } #endif @@ -25737,7 +25798,7 @@ static int SetCertificatePolicies(byte *output, } /* add sequence */ - ret = SetSequence(outSz-2, out); + ret = (int)SetSequence(outSz-2, out); if (ret <= 0) return ret; @@ -25770,7 +25831,7 @@ static int SetCertificatePolicies(byte *output, ret = SizeASN_Items(policyInfoASN, dataASN, policyInfoASN_Length, &piSz); } - if ((ret == 0) && (output != NULL) && (sz + piSz > outputSz)) { + if ((ret == 0) && (output != NULL) && (sz + (word32)piSz > outputSz)) { ret = BUFFER_E; } if (ret == 0) { @@ -25779,12 +25840,12 @@ static int SetCertificatePolicies(byte *output, output); output += piSz; } - sz += piSz; + sz += (word32)piSz; } } if (ret == 0) { - ret = sz; + ret = (int)sz; } return ret; #endif @@ -25800,10 +25861,9 @@ static int SetAltNames(byte *output, word32 outSz, const byte *input, word32 length, int critical) { byte san_len[1 + MAX_LENGTH_SZ]; - int idx = 0, san_lenSz; const byte san_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x11 }; const byte san_crit[] = { 0x01, 0x01, 0xff }; - word32 seqSz; + word32 seqSz, san_lenSz, idx = 0; if (output == NULL || input == NULL) return BAD_FUNC_ARG; @@ -25817,7 +25877,7 @@ static int SetAltNames(byte *output, word32 outSz, if (outSz < MAX_SEQ_SZ) return BUFFER_E; - seqSz = length + sizeof(san_oid) + san_lenSz; + seqSz = length + (word32)sizeof(san_oid) + san_lenSz; if (critical) seqSz += sizeof(san_crit); idx = SetSequence(seqSz, output); @@ -25842,7 +25902,7 @@ static int SetAltNames(byte *output, word32 outSz, XMEMCPY(output+idx, input, length); idx += length; - return idx; + return (int)idx; } #endif /* WOLFSSL_ASN_TEMPLATE */ @@ -25864,9 +25924,9 @@ int FlattenAltNames(byte* output, word32 outputSz, const DNS_entry* names) curName = names; do { - namesSz += curName->len + 2 + + namesSz += (word32)curName->len + 2 + ((curName->len < ASN_LONG_LENGTH) ? 0 - : BytePrecision(curName->len)); + : BytePrecision((word32)curName->len)); curName = curName->next; } while (curName != NULL); @@ -25891,10 +25951,10 @@ int FlattenAltNames(byte* output, word32 outputSz, const DNS_entry* names) output[idx] |= ASN_CONSTRUCTED; } idx++; - idx += SetLength(curName->len, output + idx); - XMEMCPY(output + idx, curName->name, curName->len); + idx += SetLength((word32)curName->len, output + idx); + XMEMCPY(output + idx, curName->name, (size_t)curName->len); #ifndef WOLFSSL_ALT_NAMES_NO_REV - idx += curName->len; + idx += (word32)curName->len; #endif curName = curName->next; } while (curName != NULL); @@ -25902,7 +25962,7 @@ int FlattenAltNames(byte* output, word32 outputSz, const DNS_entry* names) #ifdef WOLFSSL_ALT_NAMES_NO_REV idx = namesSz; #endif - return idx; + return (int)idx; } #endif /* WOLFSSL_ALT_NAMES */ @@ -25932,23 +25992,23 @@ static int EncodeName(EncodedName* name, const char* nameStr, byte sequence[MAX_SEQ_SZ]; byte set[MAX_SET_SZ]; - int strLen; - int thisLen; - int firstSz, secondSz, seqSz, setSz; + word32 strLen; + word32 thisLen; + word32 firstSz, secondSz, seqSz, setSz; if (nameStr == NULL) { name->used = 0; return 0; } - thisLen = strLen = (int)XSTRLEN(nameStr); + thisLen = strLen = (word32)XSTRLEN(nameStr); #ifdef WOLFSSL_CUSTOM_OID if (type == ASN_CUSTOM_NAME) { if (cname == NULL || cname->custom.oidSz == 0) { name->used = 0; return 0; } - thisLen = strLen = cname->custom.valSz; + thisLen = strLen = (word32)cname->custom.valSz; } #else (void)cname; @@ -25996,7 +26056,7 @@ static int EncodeName(EncodedName* name, const char* nameStr, firstSz = DN_OID_SZ; } thisLen++; /* id type */ - firstSz = SetObjectId(firstSz, firstLen); + firstSz = (word32)SetObjectId((int)firstSz, firstLen); thisLen += firstSz; seqSz = SetSequence(thisLen, sequence); @@ -26071,10 +26131,10 @@ static int EncodeName(EncodedName* name, const char* nameStr, idx += strLen; name->type = type; - name->totalLen = idx; + name->totalLen = (int)idx; name->used = 1; - return idx; + return (int)idx; #else DECL_ASNSETDATA(dataASN, rdnASN_Length); ASNItem namesASN[rdnASN_Length]; @@ -26082,7 +26142,7 @@ static int EncodeName(EncodedName* name, const char* nameStr, int ret = 0; int sz = 0; const byte* oid; - int oidSz; + word32 oidSz; word32 nameSz; /* Validate input parameters. */ @@ -26204,7 +26264,7 @@ int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType, #ifdef WOLFSSL_ASN_TEMPLATE static void SetRdnItems(ASNItem* namesASN, ASNSetData* dataASN, const byte* oid, - int oidSz, byte tag, const byte* data, int sz) + word32 oidSz, byte tag, const byte* data, word32 sz) { XMEMCPY(namesASN, rdnASN, sizeof(rdnASN)); SetASN_Buffer(&dataASN[RDNASN_IDX_ATTR_TYPE], oid, oidSz); @@ -26248,7 +26308,7 @@ static int SetNameRdnItems(ASNSetData* dataASN, ASNItem* namesASN, int i; int idx; int ret = 0; - int nameLen[NAME_ENTRIES]; + word32 nameLen[NAME_ENTRIES]; #ifdef WOLFSSL_MULTI_ATTRIB int j; #endif @@ -26256,7 +26316,7 @@ static int SetNameRdnItems(ASNSetData* dataASN, ASNItem* namesASN, for (i = 0; i < NAME_ENTRIES; i++) { /* Keep name length to identify component is to be encoded. */ const char* nameStr = GetOneCertName(name, i); - nameLen[i] = nameStr ? (int)XSTRLEN(nameStr) : 0; + nameLen[i] = nameStr ? (word32)XSTRLEN(nameStr) : 0; } idx = nameASN_Length; @@ -26278,10 +26338,11 @@ static int SetNameRdnItems(ASNSetData* dataASN, ASNItem* namesASN, } /* Copy data into dynamic vars. */ SetRdnItems(namesASN + idx, dataASN + idx, dcOid, - sizeof(dcOid), name->name[j].type, - (byte*)name->name[j].value, name->name[j].sz); + sizeof(dcOid), (byte)name->name[j].type, + (byte*)name->name[j].value, + (word32)name->name[j].sz); } - idx += rdnASN_Length; + idx += (int)rdnASN_Length; } if (ret != 0) break; @@ -26304,13 +26365,13 @@ static int SetNameRdnItems(ASNSetData* dataASN, ASNItem* namesASN, else if (type == ASN_USER_ID) { /* Copy userID data into dynamic vars. */ SetRdnItems(namesASN + idx, dataASN + idx, uidOid, - sizeof(uidOid), GetNameType(name, i), + sizeof(uidOid), (byte)GetNameType(name, i), (const byte*)GetOneCertName(name, i), nameLen[i]); } else if (type == ASN_FAVOURITE_DRINK) { /* Copy favourite drink data into dynamic vars. */ SetRdnItems(namesASN + idx, dataASN + idx, fvrtDrk, - sizeof(fvrtDrk), GetNameType(name, i), + sizeof(fvrtDrk), (byte)GetNameType(name, i), (const byte*)GetOneCertName(name, i), nameLen[i]); } else if (type == ASN_CUSTOM_NAME) { @@ -26323,11 +26384,11 @@ static int SetNameRdnItems(ASNSetData* dataASN, ASNItem* namesASN, else { /* Copy name data into dynamic vars. */ SetRdnItems(namesASN + idx, dataASN + idx, nameOid[i], - NAME_OID_SZ, GetNameType(name, i), + NAME_OID_SZ, (byte)GetNameType(name, i), (const byte*)GetOneCertName(name, i), nameLen[i]); } } - idx += rdnASN_Length; + idx += (int)rdnASN_Length; } #ifdef WOLFSSL_MULTI_ATTRIB @@ -26345,10 +26406,10 @@ static int SetNameRdnItems(ASNSetData* dataASN, ASNItem* namesASN, } /* Copy data into dynamic vars. */ SetRdnItems(namesASN + idx, dataASN + idx, nameOid[i], - NAME_OID_SZ, name->name[j].type, - (byte*)name->name[j].value, name->name[j].sz); + NAME_OID_SZ, (byte)name->name[j].type, + (byte*)name->name[j].value, (word32)name->name[j].sz); } - idx += rdnASN_Length; + idx += (int)rdnASN_Length; } if (ret != 0) break; @@ -26365,7 +26426,8 @@ int SetNameEx(byte* output, word32 outputSz, CertName* name, void* heap) { #ifndef WOLFSSL_ASN_TEMPLATE int ret; - int totalBytes = 0, i, idx; + int i; + word32 idx, totalBytes = 0; #ifdef WOLFSSL_SMALL_STACK EncodedName* names = NULL; #else @@ -26392,7 +26454,7 @@ int SetNameEx(byte* output, word32 outputSz, CertName* name, void* heap) for (i = 0; i < NAME_ENTRIES; i++) { const char* nameStr = GetOneCertName(name, i); - ret = EncodeName(&names[i], nameStr, GetNameType(name, i), + ret = EncodeName(&names[i], nameStr, (byte)GetNameType(name, i), GetCertNameId(i), ASN_IA5_STRING, name); if (ret < 0) { #ifdef WOLFSSL_SMALL_STACK @@ -26401,13 +26463,13 @@ int SetNameEx(byte* output, word32 outputSz, CertName* name, void* heap) WOLFSSL_MSG("EncodeName failed"); return BUFFER_E; } - totalBytes += ret; + totalBytes += (word32)ret; } #ifdef WOLFSSL_MULTI_ATTRIB for (i = 0; i < CTC_MAX_ATTRIB; i++) { if (name->name[i].sz > 0) { ret = EncodeName(&addNames[i], name->name[i].value, - (byte)name->name[i].type, name->name[i].id, + (byte)name->name[i].type, (byte)name->name[i].id, ASN_IA5_STRING, NULL); if (ret < 0) { #ifdef WOLFSSL_SMALL_STACK @@ -26416,7 +26478,7 @@ int SetNameEx(byte* output, word32 outputSz, CertName* name, void* heap) WOLFSSL_MSG("EncodeName on multiple attributes failed"); return BUFFER_E; } - totalBytes += ret; + totalBytes += (word32)ret; } else { addNames[i].used = 0; @@ -26440,7 +26502,7 @@ int SetNameEx(byte* output, word32 outputSz, CertName* name, void* heap) type = GetCertNameId(i); for (j = 0; j < CTC_MAX_ATTRIB; j++) { if (name->name[j].sz > 0 && type == name->name[j].id) { - if (outputSz < (word32)(idx+addNames[j].totalLen)) { + if (outputSz < idx + (word32)addNames[j].totalLen) { #ifdef WOLFSSL_SMALL_STACK XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif @@ -26449,22 +26511,22 @@ int SetNameEx(byte* output, word32 outputSz, CertName* name, void* heap) } XMEMCPY(output + idx, addNames[j].encoded, - addNames[j].totalLen); - idx += addNames[j].totalLen; + (size_t)addNames[j].totalLen); + idx += (word32)addNames[j].totalLen; } } #endif /* WOLFSSL_MULTI_ATTRIB */ if (names[i].used) { - if (outputSz < (word32)(idx+names[i].totalLen)) { + if (outputSz < idx + (word32)names[i].totalLen) { #ifdef WOLFSSL_SMALL_STACK XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return BUFFER_E; } - XMEMCPY(output + idx, names[i].encoded, names[i].totalLen); - idx += names[i].totalLen; + XMEMCPY(output + idx, names[i].encoded, (size_t)names[i].totalLen); + idx += (word32)names[i].totalLen; } } @@ -26473,20 +26535,20 @@ int SetNameEx(byte* output, word32 outputSz, CertName* name, void* heap) #endif (void)heap; - return totalBytes; + return (int)totalBytes; #else /* TODO: consider calculating size of entries, putting length into * SEQUENCE, encode SEQUENCE, encode entries into buffer. */ ASNSetData* dataASN = NULL; /* Can't use DECL_ASNSETDATA. Always dynamic. */ ASNItem* namesASN = NULL; - int items = 0; + word32 items = 0; int ret = 0; int sz = 0; /* Calculate length of name entries and size for allocating. */ ret = SetNameRdnItems(NULL, NULL, 0, name); if (ret > 0) { - items = ret; + items = (word32)ret; ret = 0; } @@ -26511,8 +26573,8 @@ int SetNameEx(byte* output, word32 outputSz, CertName* name, void* heap) /* Copy in the outer sequence. */ XMEMCPY(namesASN, nameASN, sizeof(nameASN)); - ret = SetNameRdnItems(dataASN, namesASN, items, name); - if (ret == items) + ret = SetNameRdnItems(dataASN, namesASN, (int)items, name); + if (ret == (int)items) ret = 0; else if (ret > 0) { WOLFSSL_MSG("SetNameRdnItems returned different length"); @@ -26521,7 +26583,7 @@ int SetNameEx(byte* output, word32 outputSz, CertName* name, void* heap) } if (ret == 0) { /* Calculate size of encoding. */ - ret = SizeASN_Items(namesASN, dataASN, items, &sz); + ret = SizeASN_Items(namesASN, dataASN, (int)items, &sz); } /* Check buffer size if passed in. */ if (ret == 0 && output != NULL && sz > (int)outputSz) { @@ -26530,7 +26592,7 @@ int SetNameEx(byte* output, word32 outputSz, CertName* name, void* heap) if (ret == 0) { if (output != NULL) { /* Encode Name. */ - ret = SetASN_Items(namesASN, dataASN, items, output); + ret = SetASN_Items(namesASN, dataASN, (int)items, output); } else { /* Return the encoding size. */ @@ -26823,7 +26885,7 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz, dataASN[CERTEXTSASN_IDX_SAN_CRIT].noOut = 1; } SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_SAN_STR], - cert->altNames, cert->altNamesSz); + cert->altNames, (word32)cert->altNamesSz); } else #endif @@ -26838,7 +26900,7 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz, SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_SKID_OID], skidOID, sizeof(skidOID)); SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_SKID_KEYID], - cert->skid, cert->skidSz); + cert->skid, (word32)cert->skidSz); } else #endif @@ -26864,7 +26926,7 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz, #endif { SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_AKID_KEYID], - cert->akid, cert->akidSz); + cert->akid, (word32)cert->akidSz); } } else @@ -26901,7 +26963,7 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz, SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_EKU_OID], ekuOID, sizeof(ekuOID)); SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_EKU_STR], - NULL, sz); + NULL, (word32)sz); } else #endif @@ -26922,7 +26984,7 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz, cpOID, sizeof(cpOID)); /* Make space for data. */ SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_POLICIES_INFO], - NULL, sz); + NULL, (word32)sz); } else { ret = CERTPOLICIES_E; @@ -26957,7 +27019,7 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz, SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_CRLINFO_OID], crlInfoOID, sizeof(crlInfoOID)); SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_CRLINFO_STR], - cert->crlInfo, cert->crlInfoSz); + cert->crlInfo, (word32)cert->crlInfoSz); } else #endif @@ -27085,9 +27147,7 @@ static int SetValidity(byte* output, int daysValid) byte before[MAX_DATE_SIZE]; byte after[MAX_DATE_SIZE]; - int beforeSz; - int afterSz; - int seqSz; + word32 beforeSz, afterSz, seqSz; time_t now; time_t then; @@ -27150,7 +27210,7 @@ static int SetValidity(byte* output, int daysValid) XMEMCPY(output + seqSz, before, beforeSz); XMEMCPY(output + seqSz + beforeSz, after, afterSz); - return seqSz + beforeSz + afterSz; + return (int)(seqSz + beforeSz + afterSz); #else (void)output; (void)daysValid; @@ -27246,25 +27306,26 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, XMEMSET(der, 0, sizeof(DerCert)); /* version */ - der->versionSz = SetMyVersion(cert->version, der->version, TRUE); + der->versionSz = SetMyVersion((word32)cert->version, der->version, TRUE); /* serial number (must be positive) */ if (cert->serialSz == 0) { /* generate random serial */ cert->serialSz = CTC_GEN_SERIAL_SZ; - ret = wc_RNG_GenerateBlock(rng, cert->serial, cert->serialSz); + ret = wc_RNG_GenerateBlock(rng, cert->serial, (word32)cert->serialSz); if (ret != 0) return ret; /* Clear the top bit to avoid a negative value */ cert->serial[0] &= 0x7f; } - der->serialSz = SetSerialNumber(cert->serial, cert->serialSz, der->serial, - sizeof(der->serial), CTC_SERIAL_SIZE); + der->serialSz = SetSerialNumber(cert->serial, (word32)cert->serialSz, + der->serial, sizeof(der->serial), + CTC_SERIAL_SIZE); if (der->serialSz < 0) return der->serialSz; /* signature algo */ - der->sigAlgoSz = SetAlgoID(cert->sigType, der->sigAlgo, oidSigType, 0); + der->sigAlgoSz = (int)SetAlgoID(cert->sigType, der->sigAlgo, oidSigType, 0); if (der->sigAlgoSz <= 0) return ALGO_ID_E; @@ -27377,19 +27438,19 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) if (XSTRLEN((const char*)cert->sbjRaw) > 0) { /* Use the raw subject */ - int idx; + word32 idx; - der->subjectSz = min(sizeof(der->subject), - (word32)XSTRLEN((const char*)cert->sbjRaw)); + der->subjectSz = (int)min((word32)sizeof(der->subject), + (word32)XSTRLEN((const char*)cert->sbjRaw)); /* header */ - idx = SetSequence(der->subjectSz, der->subject); - if (der->subjectSz + idx > (int)sizeof(der->subject)) { + idx = SetSequence((word32)der->subjectSz, der->subject); + if ((word32)der->subjectSz + idx > (word32)sizeof(der->subject)) { return SUBJECT_E; } XMEMCPY((char*)der->subject + idx, (const char*)cert->sbjRaw, - der->subjectSz); - der->subjectSz += idx; + (size_t)der->subjectSz); + der->subjectSz += (int)idx; } else #endif @@ -27405,20 +27466,20 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) if (XSTRLEN((const char*)cert->issRaw) > 0) { /* Use the raw issuer */ - int idx; + word32 idx; - der->issuerSz = min(sizeof(der->issuer), - (word32)XSTRLEN((const char*)cert->issRaw)); + der->issuerSz = (int)min((word32)sizeof(der->issuer), + (word32)XSTRLEN((const char*)cert->issRaw)); /* header */ - idx = SetSequence(der->issuerSz, der->issuer); - if (der->issuerSz + idx > (int)sizeof(der->issuer)) { + idx = SetSequence((word32)der->issuerSz, der->issuer); + if ((word32)der->issuerSz + idx > (word32)sizeof(der->issuer)) { return ISSUER_E; } XMEMCPY((char*)der->issuer + idx, (const char*)cert->issRaw, - der->issuerSz); - der->issuerSz += idx; + (size_t)der->issuerSz); + der->issuerSz += (int)idx; } else #endif @@ -27472,7 +27533,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, /* Alternative Name */ if (cert->altNamesSz) { der->altNamesSz = SetAltNames(der->altNames, sizeof(der->altNames), - cert->altNames, cert->altNamesSz, + cert->altNames, (word32)cert->altNamesSz, cert->altNamesCrit); if (der->altNamesSz <= 0) return ALT_NAME_E; @@ -27493,7 +27554,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, /* Note: different skid buffers sizes for der (MAX_KID_SZ) and cert (CTC_MAX_SKID_SIZE). */ der->skidSz = SetSKID(der->skid, sizeof(der->skid), - cert->skid, cert->skidSz); + cert->skid, (word32)cert->skidSz); if (der->skidSz <= 0) return SKID_E; @@ -27517,13 +27578,13 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, return AKID_E; der->akidSz = SetAKID(der->akid, sizeof(der->akid), cert->akid, - cert->akidSz, + (word32)cert->akidSz, #ifdef WOLFSSL_AKID_NAME - cert->rawAkid + cert->rawAkid #else - 0 + 0 #endif - ); + ); if (der->akidSz <= 0) return AKID_E; @@ -27603,7 +27664,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, /* put the start of extensions sequence (ID, Size) */ der->extensionsSz = SetExtensionsHeader(der->extensions, sizeof(der->extensions), - der->extensionsSz); + (word32)der->extensionsSz); if (der->extensionsSz <= 0) return EXTENSIONS_E; @@ -27706,49 +27767,50 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, /* write DER encoded cert to buffer, size already checked */ static int WriteCertBody(DerCert* der, byte* buf) { - int idx; + word32 idx; /* signed part header */ - idx = SetSequence(der->total, buf); + idx = SetSequence((word32)der->total, buf); /* version */ - XMEMCPY(buf + idx, der->version, der->versionSz); - idx += der->versionSz; + XMEMCPY(buf + idx, der->version, (size_t)der->versionSz); + idx += (word32)der->versionSz; /* serial */ - XMEMCPY(buf + idx, der->serial, der->serialSz); - idx += der->serialSz; + XMEMCPY(buf + idx, der->serial, (size_t)der->serialSz); + idx += (word32)der->serialSz; /* sig algo */ - XMEMCPY(buf + idx, der->sigAlgo, der->sigAlgoSz); - idx += der->sigAlgoSz; + XMEMCPY(buf + idx, der->sigAlgo, (size_t)der->sigAlgoSz); + idx += (word32)der->sigAlgoSz; /* issuer */ - XMEMCPY(buf + idx, der->issuer, der->issuerSz); - idx += der->issuerSz; + XMEMCPY(buf + idx, der->issuer, (size_t)der->issuerSz); + idx += (word32)der->issuerSz; /* validity */ - XMEMCPY(buf + idx, der->validity, der->validitySz); - idx += der->validitySz; + XMEMCPY(buf + idx, der->validity, (size_t)der->validitySz); + idx += (word32)der->validitySz; /* subject */ - XMEMCPY(buf + idx, der->subject, der->subjectSz); - idx += der->subjectSz; + XMEMCPY(buf + idx, der->subject, (size_t)der->subjectSz); + idx += (word32)der->subjectSz; /* public key */ - XMEMCPY(buf + idx, der->publicKey, der->publicKeySz); - idx += der->publicKeySz; + XMEMCPY(buf + idx, der->publicKey, (size_t)der->publicKeySz); + idx += (word32)der->publicKeySz; if (der->extensionsSz) { /* extensions */ - XMEMCPY(buf + idx, der->extensions, min(der->extensionsSz, - (int)sizeof(der->extensions))); - idx += der->extensionsSz; + XMEMCPY(buf + idx, der->extensions, + min((word32)der->extensionsSz, + (word32)sizeof(der->extensions))); + idx += (word32)der->extensionsSz; } - return idx; + return (int)idx; } #endif /* !WOLFSSL_ASN_TEMPLATE */ /* Make signature from buffer (sz), write to sig (sigSz) */ -static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, int sz, - byte* sig, int sigSz, RsaKey* rsaKey, ecc_key* eccKey, +static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz, + byte* sig, word32 sigSz, RsaKey* rsaKey, ecc_key* eccKey, ed25519_key* ed25519Key, ed448_key* ed448Key, falcon_key* falconKey, dilithium_key* dilithiumKey, sphincs_key* sphincsKey, WC_RNG* rng, - int sigAlgoType, void* heap) + word32 sigAlgoType, void* heap) { int digestSz = 0, typeH = 0, ret = 0; @@ -27798,8 +27860,8 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, int sz, } /* signature */ - certSignCtx->encSigSz = wc_EncodeSignature(certSignCtx->encSig, - certSignCtx->digest, digestSz, typeH); + certSignCtx->encSigSz = (int)wc_EncodeSignature(certSignCtx->encSig, + certSignCtx->digest, (word32)digestSz, typeH); } #endif /* !NO_RSA */ FALL_THROUGH; @@ -27811,7 +27873,8 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, int sz, #ifndef NO_RSA if (rsaKey) { /* signature */ - ret = wc_RsaSSL_Sign(certSignCtx->encSig, certSignCtx->encSigSz, + ret = wc_RsaSSL_Sign(certSignCtx->encSig, + (word32)certSignCtx->encSigSz, sig, sigSz, rsaKey, rng); } #endif /* !NO_RSA */ @@ -27820,10 +27883,10 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, int sz, if (!rsaKey && eccKey) { word32 outSz = sigSz; - ret = wc_ecc_sign_hash(certSignCtx->digest, digestSz, + ret = wc_ecc_sign_hash(certSignCtx->digest, (word32)digestSz, sig, &outSz, rng, eccKey); if (ret == 0) - ret = outSz; + ret = (int)outSz; } #endif /* HAVE_ECC && HAVE_ECC_SIGN */ @@ -27919,7 +27982,7 @@ exit_ms: * @return 0 on success. * @return -ve when random number generation failed. */ -static int GenerateInteger(WC_RNG* rng, byte* out, int len) +static int GenerateInteger(WC_RNG* rng, byte* out, word32 len) { int ret; @@ -27932,14 +27995,14 @@ static int GenerateInteger(WC_RNG* rng, byte* out, int len) out[0] &= 0x7f; /* Find first non-zero byte. One zero byte is valid though. */ - for (i = 0; i < len - 1; i++) { + for (i = 0; i < (int)len - 1; i++) { if (out[i] != 0) { break; } } if (i != 0) { /* Remove leading zeros. */ - XMEMMOVE(out, out + i, len - i); + XMEMMOVE(out, out + i, (size_t)len - (size_t)i); } } @@ -27980,16 +28043,21 @@ int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz, { #ifndef WOLFSSL_ASN_TEMPLATE byte seq[MAX_SEQ_SZ]; - int idx = bodySz, seqSz; + word32 idx, seqSz; + + if ((bodySz < 0) || (sigSz < 0)) + return BUFFER_E; + + idx = (word32)bodySz; /* algo */ idx += SetAlgoID(sigAlgoType, buf ? buf + idx : NULL, oidSigType, 0); /* bit string */ - idx += SetBitString(sigSz, 0, buf ? buf + idx : NULL); + idx += SetBitString((word32)sigSz, 0, buf ? buf + idx : NULL); /* signature */ if (buf) - XMEMCPY(buf + idx, sig, sigSz); - idx += sigSz; + XMEMCPY(buf + idx, sig, (size_t)sigSz); + idx += (word32)sigSz; /* make room for overall header */ seqSz = SetSequence(idx, seq); @@ -27998,7 +28066,7 @@ int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz, XMEMCPY(buf, seq, seqSz); } - return idx + seqSz; + return (int)(idx + seqSz); #else DECL_ASNSETDATA(dataASN, sigASN_Length); word32 seqSz; @@ -28010,12 +28078,13 @@ int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz, /* In place, put body between SEQUENCE and signature. */ if (ret == 0) { /* Set sigature OID and signature data. */ - SetASN_OID(&dataASN[SIGASN_IDX_SIGALGO_OID], sigAlgoType, oidSigType); - if (IsSigAlgoECC(sigAlgoType)) { + SetASN_OID(&dataASN[SIGASN_IDX_SIGALGO_OID], (word32)sigAlgoType, + oidSigType); + if (IsSigAlgoECC((word32)sigAlgoType)) { /* ECDSA and EdDSA doesn't have NULL tagged item. */ dataASN[SIGASN_IDX_SIGALGO_NULL].noOut = 1; } - SetASN_Buffer(&dataASN[SIGASN_IDX_SIGNATURE], sig, sigSz); + SetASN_Buffer(&dataASN[SIGASN_IDX_SIGNATURE], sig, (word32)sigSz); /* Calculate size of signature data. */ ret = SizeASN_Items(&sigASN[SIGASN_IDX_SIGALGO_SEQ], &dataASN[SIGASN_IDX_SIGALGO_SEQ], sigASN_Length - 2, &sz); @@ -28023,13 +28092,14 @@ int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz, if (ret == 0) { /* Calculate size of outer sequence by calculating size of the encoded * length and adding 1 for tag. */ - seqSz = SizeASNHeader(bodySz + sz); + seqSz = SizeASNHeader((word32)bodySz + (word32)sz); if (buf != NULL) { /* Move body to after sequence. */ - XMEMMOVE(buf + seqSz, buf, bodySz); + XMEMMOVE(buf + seqSz, buf, (size_t)bodySz); } /* Leave space for body in encoding. */ - SetASN_ReplaceBuffer(&dataASN[SIGASN_IDX_TBS_SEQ], NULL, bodySz); + SetASN_ReplaceBuffer(&dataASN[SIGASN_IDX_TBS_SEQ], NULL, + (word32)bodySz); /* Calculate overall size and put in offsets and lengths. */ ret = SizeASN_Items(sigASN, dataASN, sigASN_Length, &sz); @@ -28242,9 +28312,9 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz, { /* Calculate issuer name encoding size. If the cert is self-signed * use the subject instead of the issuer. */ - issuerSz = SetNameEx(NULL, WC_ASN_NAME_MAX, cert->selfSigned ? + ret = SetNameEx(NULL, WC_ASN_NAME_MAX, cert->selfSigned ? &cert->subject : &cert->issuer, cert->heap); - ret = issuerSz; + issuerSz = (word32)ret; } } if (ret >= 0) { @@ -28259,30 +28329,33 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz, #endif { /* Calculate subject name encoding size. */ - subjectSz = SetNameEx(NULL, WC_ASN_NAME_MAX, &cert->subject, + ret = SetNameEx(NULL, WC_ASN_NAME_MAX, &cert->subject, cert->heap); - ret = subjectSz; + subjectSz = (word32)ret; } } if (ret >= 0) { /* Calculate public key encoding size. */ - ret = publicKeySz = EncodePublicKey(cert->keyType, NULL, 0, rsaKey, + ret = EncodePublicKey(cert->keyType, NULL, 0, rsaKey, eccKey, ed25519Key, ed448Key, dsaKey); + publicKeySz = (word32)ret; } if (ret >= 0) { /* Calculate extensions encoding size - may be 0. */ - ret = extSz = EncodeExtensions(cert, NULL, 0, 0); + ret = EncodeExtensions(cert, NULL, 0, 0); + extSz = (word32)ret; } if (ret >= 0) { /* Don't write out outer sequence - only doing body. */ dataASN[X509CERTASN_IDX_SEQ].noOut = 1; /* Set version, serial number and signature OID */ - SetASN_Int8Bit(&dataASN[X509CERTASN_IDX_TBS_VER_INT], cert->version); + SetASN_Int8Bit(&dataASN[X509CERTASN_IDX_TBS_VER_INT], + (byte)cert->version); SetASN_Buffer(&dataASN[X509CERTASN_IDX_TBS_SERIAL], cert->serial, - cert->serialSz); - SetASN_OID(&dataASN[X509CERTASN_IDX_TBS_ALGOID_OID], cert->sigType, - oidSigType); - if (IsSigAlgoECC(cert->sigType)) { + (word32)cert->serialSz); + SetASN_OID(&dataASN[X509CERTASN_IDX_TBS_ALGOID_OID], + (word32)cert->sigType, oidSigType); + if (IsSigAlgoECC((word32)cert->sigType)) { /* No NULL tagged item with ECDSA and EdDSA signature OIDs. */ dataASN[X509CERTASN_IDX_TBS_ALGOID_PARAMS_NULL].noOut = 1; } @@ -28426,7 +28499,7 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz, ret = EncodePublicKey(cert->keyType, (byte*)dataASN[X509CERTASN_IDX_TBS_SPUBKEYINFO_SEQ] .data.buffer.data, - dataASN[X509CERTASN_IDX_TBS_SPUBKEYINFO_SEQ] + (int)dataASN[X509CERTASN_IDX_TBS_SPUBKEYINFO_SEQ] .data.buffer.length, rsaKey, eccKey, ed25519Key, ed448Key, dsaKey); } @@ -28515,18 +28588,19 @@ int wc_MakeCert(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey, /* return size of data set on success * if getting size only then attr and oid should be NULL */ -static int SetReqAttribSingle(byte* output, int* idx, char* attr, int attrSz, - const byte* oid, int oidSz, byte printable, int extSz) +static word32 SetReqAttribSingle(byte* output, word32* idx, char* attr, + word32 attrSz, const byte* oid, word32 oidSz, byte printable, + word32 extSz) { - int totalSz = 0; - int seqSz = 0; - int setSz = 0; - int strSz = 0; + word32 totalSz = 0; + word32 seqSz = 0; + word32 setSz = 0; + word32 strSz = 0; byte seq[MAX_SEQ_SZ]; byte set[MAX_SET_SZ]; byte str[MAX_PRSTR_SZ]; - totalSz = SetObjectId(oidSz, NULL); + totalSz = (word32)SetObjectId((int)oidSz, NULL); totalSz += oidSz; if (extSz > 0) { totalSz += setSz = SetSet(extSz, set); @@ -28535,7 +28609,8 @@ static int SetReqAttribSingle(byte* output, int* idx, char* attr, int attrSz, } else { if (printable) { - totalSz += strSz = SetPrintableString(attrSz, str); + strSz = SetPrintableString(attrSz, str); + totalSz += strSz; } else { totalSz += strSz = SetUTF8String(attrSz, str); @@ -28548,7 +28623,7 @@ static int SetReqAttribSingle(byte* output, int* idx, char* attr, int attrSz, if (oid) { XMEMCPY(&output[*idx], seq, seqSz); *idx += seqSz; - *idx += SetObjectId(oidSz, output + *idx); + *idx += (word32)SetObjectId((int)oidSz, output + *idx); XMEMCPY(&output[*idx], oid, oidSz); *idx += oidSz; XMEMCPY(&output[*idx], set, setSz); @@ -28567,24 +28642,24 @@ static int SetReqAttribSingle(byte* output, int* idx, char* attr, int attrSz, -static int SetReqAttrib(byte* output, Cert* cert, int extSz) +static int SetReqAttrib(byte* output, Cert* cert, word32 extSz) { - int sz = 0; /* overall size */ - int setSz = 0; + word32 sz = 0; /* overall size */ + word32 setSz = 0; output[0] = ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED; sz++; if (cert->challengePw[0]) { setSz += SetReqAttribSingle(output, &sz, NULL, - (int)XSTRLEN(cert->challengePw), NULL, + (word32)XSTRLEN(cert->challengePw), NULL, sizeof(attrChallengePasswordOid), - cert->challengePwPrintableString, 0); + (byte)cert->challengePwPrintableString, 0); } if (cert->unstructuredName[0]) { setSz += SetReqAttribSingle(output, &sz, NULL, - (int)XSTRLEN(cert->unstructuredName), NULL, + (word32)XSTRLEN(cert->unstructuredName), NULL, sizeof(attrUnstructuredNameOid), 1, 0); } @@ -28602,14 +28677,15 @@ static int SetReqAttrib(byte* output, Cert* cert, int extSz) if (cert->challengePw[0]) { SetReqAttribSingle(output, &sz, cert->challengePw, - (int)XSTRLEN(cert->challengePw), &attrChallengePasswordOid[0], + (word32)XSTRLEN(cert->challengePw), + &attrChallengePasswordOid[0], sizeof(attrChallengePasswordOid), - cert->challengePwPrintableString, 0); + (byte)cert->challengePwPrintableString, 0); } if (cert->unstructuredName[0]) { SetReqAttribSingle(output, &sz, cert->unstructuredName, - (int)XSTRLEN(cert->unstructuredName), + (word32)XSTRLEN(cert->unstructuredName), &attrUnstructuredNameOid[0], sizeof(attrUnstructuredNameOid), 1, 0); } @@ -28620,7 +28696,7 @@ static int SetReqAttrib(byte* output, Cert* cert, int extSz) /* The actual extension data will be tacked onto the output later. */ } - return sz; + return (int)sz; } #ifdef WOLFSSL_CUSTOM_OID @@ -28695,7 +28771,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey, XMEMSET(der, 0, sizeof(DerCert)); /* version */ - der->versionSz = SetMyVersion(cert->version, der->version, FALSE); + der->versionSz = SetMyVersion((word32)cert->version, der->version, FALSE); /* subject name */ #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) @@ -28703,16 +28779,16 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey, /* Use the raw subject */ int idx; - der->subjectSz = min(sizeof(der->subject), + der->subjectSz = (int)min(sizeof(der->subject), (word32)XSTRLEN((const char*)cert->sbjRaw)); /* header */ - idx = SetSequence(der->subjectSz, der->subject); + idx = (int)SetSequence((word32)der->subjectSz, der->subject); if (der->subjectSz + idx > (int)sizeof(der->subject)) { return SUBJECT_E; } XMEMCPY((char*)der->subject + idx, (const char*)cert->sbjRaw, - der->subjectSz); + (size_t)der->subjectSz); der->subjectSz += idx; } else @@ -28849,7 +28925,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey, /* Alternative Name */ if (cert->altNamesSz) { der->altNamesSz = SetAltNames(der->altNames, sizeof(der->altNames), - cert->altNames, cert->altNamesSz, + cert->altNames, (word32)cert->altNamesSz, cert->altNamesCrit); if (der->altNamesSz <= 0) return ALT_NAME_E; @@ -28868,7 +28944,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey, return SKID_E; der->skidSz = SetSKID(der->skid, sizeof(der->skid), - cert->skid, cert->skidSz); + cert->skid, (word32)cert->skidSz); if (der->skidSz <= 0) return SKID_E; @@ -28917,7 +28993,8 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey, /* put extensions */ if (der->extensionsSz > 0) { /* put the start of sequence (ID, Size) */ - der->extensionsSz = SetSequence(der->extensionsSz, der->extensions); + der->extensionsSz = (int)SetSequence((word32)der->extensionsSz, + der->extensions); if (der->extensionsSz <= 0) return EXTENSIONS_E; @@ -28990,7 +29067,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey, #endif /* WOLFSSL_CERT_EXT */ } - der->attribSz = SetReqAttrib(der->attrib, cert, der->extensionsSz); + der->attribSz = SetReqAttrib(der->attrib, cert, (word32)der->extensionsSz); if (der->attribSz <= 0) return REQ_ATTRIBUTE_E; @@ -29007,28 +29084,28 @@ static int WriteCertReqBody(DerCert* der, byte* buf) int idx; /* signed part header */ - idx = SetSequence(der->total, buf); + idx = (int)SetSequence((word32)der->total, buf); /* version */ if (buf) - XMEMCPY(buf + idx, der->version, der->versionSz); + XMEMCPY(buf + idx, der->version, (size_t)der->versionSz); idx += der->versionSz; /* subject */ if (buf) - XMEMCPY(buf + idx, der->subject, der->subjectSz); + XMEMCPY(buf + idx, der->subject, (size_t)der->subjectSz); idx += der->subjectSz; /* public key */ if (buf) - XMEMCPY(buf + idx, der->publicKey, der->publicKeySz); + XMEMCPY(buf + idx, der->publicKey, (size_t)der->publicKeySz); idx += der->publicKeySz; /* attributes */ if (buf) - XMEMCPY(buf + idx, der->attrib, der->attribSz); + XMEMCPY(buf + idx, der->attrib, (size_t)der->attribSz); idx += der->attribSz; /* extensions */ if (der->extensionsSz) { if (buf) - XMEMCPY(buf + idx, der->extensions, min(der->extensionsSz, - (int)sizeof(der->extensions))); + XMEMCPY(buf + idx, der->extensions, min((word32)der->extensionsSz, + sizeof(der->extensions))); idx += der->extensionsSz; } @@ -29264,22 +29341,24 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz, else #endif { - subjectSz = SetNameEx(NULL, WC_ASN_NAME_MAX, &cert->subject, cert->heap); - ret = subjectSz; + ret = SetNameEx(NULL, WC_ASN_NAME_MAX, &cert->subject, cert->heap); + subjectSz = (word32)ret; } } if (ret >= 0) { /* Determine encode public key size. */ - ret = publicKeySz = EncodePublicKey(cert->keyType, NULL, 0, rsaKey, + ret = EncodePublicKey(cert->keyType, NULL, 0, rsaKey, eccKey, ed25519Key, ed448Key, dsaKey); + publicKeySz = (word32)ret; } if (ret >= 0) { /* Determine encode extensions size. */ - ret = extSz = EncodeExtensions(cert, NULL, 0, 1); + ret = EncodeExtensions(cert, NULL, 0, 1); + extSz = (word32)ret; } if (ret >= 0) { /* Set version. */ - SetASN_Int8Bit(&dataASN[CERTREQBODYASN_IDX_VER], cert->version); + SetASN_Int8Bit(&dataASN[CERTREQBODYASN_IDX_VER], (byte)cert->version); #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) if (sbjRawSz > 0) { /* Put in encoded subject name. */ @@ -29365,7 +29444,7 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz, /* Encode public key into space in buffer. */ ret = EncodePublicKey(cert->keyType, (byte*)dataASN[CERTREQBODYASN_IDX_SPUBKEYINFO_SEQ].data.buffer.data, - dataASN[CERTREQBODYASN_IDX_SPUBKEYINFO_SEQ].data.buffer.length, + (int)dataASN[CERTREQBODYASN_IDX_SPUBKEYINFO_SEQ].data.buffer.length, rsaKey, eccKey, ed25519Key, ed448Key, dsaKey); } if ((ret >= 0 && derBuffer != NULL) && @@ -29492,9 +29571,9 @@ static int SignCert(int requestSz, int sType, byte* buf, word32 buffSz, return MEMORY_E; } - sigSz = MakeSignature(certSignCtx, buf, requestSz, certSignCtx->sig, + sigSz = MakeSignature(certSignCtx, buf, (word32)requestSz, certSignCtx->sig, MAX_ENCODED_SIG_SZ, rsaKey, eccKey, ed25519Key, ed448Key, - falconKey, dilithiumKey, sphincsKey, rng, sType, heap); + falconKey, dilithiumKey, sphincsKey, rng, (word32)sType, heap); #ifdef WOLFSSL_ASYNC_CRYPT if (sigSz == WC_PENDING_E) { /* Not free'ing certSignCtx->sig here because it could still be in use @@ -29674,11 +29753,11 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey, /* Compute SKID by hashing public key */ if (kid_type == SKID_TYPE) { - ret = CalcHashId(buf, bufferSz, cert->skid); + ret = CalcHashId(buf, (word32)bufferSz, cert->skid); cert->skidSz = KEYID_SIZE; } else if (kid_type == AKID_TYPE) { - ret = CalcHashId(buf, bufferSz, cert->akid); + ret = CalcHashId(buf, (word32)bufferSz, cert->akid); cert->akidSz = KEYID_SIZE; } else @@ -29816,7 +29895,7 @@ int wc_SetSubjectKeyId(Cert *cert, const char* file) } derSz = MAX_PUBLIC_KEY_SZ; - XMEMSET(der, 0, derSz); + XMEMSET(der, 0, (size_t)derSz); derSz = wc_PemPubKeyToDer(file, der, derSz); if (derSz <= 0) { XFREE(der, cert->heap, DYNAMIC_TYPE_CERT); @@ -29839,7 +29918,7 @@ int wc_SetSubjectKeyId(Cert *cert, const char* file) } idx = 0; - ret = wc_RsaPublicKeyDecode(der, &idx, rsakey, derSz); + ret = wc_RsaPublicKeyDecode(der, &idx, rsakey, (word32)derSz); if (ret != 0) #endif { @@ -29867,7 +29946,7 @@ int wc_SetSubjectKeyId(Cert *cert, const char* file) } idx = 0; - ret = wc_EccPublicKeyDecode(der, &idx, eckey, derSz); + ret = wc_EccPublicKeyDecode(der, &idx, eckey, (word32)derSz); if (ret != 0) { WOLFSSL_MSG("wc_EccPublicKeyDecode failed"); XFREE(der, cert->heap, DYNAMIC_TYPE_CERT); @@ -29933,7 +30012,7 @@ int wc_SetAuthKeyIdFromCert(Cert *cert, const byte *der, int derSz) /* Check if decodedCert is cached */ if (cert->der != der) { /* Allocate cache for the decoded cert */ - ret = wc_SetCert_LoadDer(cert, der, derSz); + ret = wc_SetCert_LoadDer(cert, der, (word32)derSz); } if (ret >= 0) { @@ -29962,7 +30041,7 @@ int wc_SetAuthKeyId(Cert *cert, const char* file) ret = wc_PemCertToDer_ex(file, &der); if (ret == 0) { - ret = wc_SetAuthKeyIdFromCert(cert, der->buffer, der->length); + ret = wc_SetAuthKeyIdFromCert(cert, der->buffer, (int)der->length); FreeDer(&der); } @@ -30193,7 +30272,7 @@ static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz) return MEMORY_E; #endif - InitDecodedCert(decoded, der, derSz, NULL); + InitDecodedCert(decoded, der, (word32)derSz, NULL); ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0); if (ret < 0) { @@ -30227,8 +30306,10 @@ static int SetDatesFromDcert(Cert* cert, DecodedCert* decoded) ret = -1; } else { - XMEMCPY(cert->beforeDate, decoded->beforeDate, decoded->beforeDateLen); - XMEMCPY(cert->afterDate, decoded->afterDate, decoded->afterDateLen); + XMEMCPY(cert->beforeDate, decoded->beforeDate, + (size_t)decoded->beforeDateLen); + XMEMCPY(cert->afterDate, decoded->afterDate, + (size_t)decoded->afterDateLen); cert->beforeDateSz = decoded->beforeDateLen; cert->afterDateSz = decoded->afterDateLen; @@ -30246,63 +30327,63 @@ static void SetNameFromDcert(CertName* cn, DecodedCert* decoded) if (decoded->subjectCN) { sz = (decoded->subjectCNLen < CTC_NAME_SIZE) ? decoded->subjectCNLen : CTC_NAME_SIZE - 1; - XSTRNCPY(cn->commonName, decoded->subjectCN, sz); + XSTRNCPY(cn->commonName, decoded->subjectCN, (size_t)sz); cn->commonName[sz] = '\0'; cn->commonNameEnc = decoded->subjectCNEnc; } if (decoded->subjectC) { sz = (decoded->subjectCLen < CTC_NAME_SIZE) ? decoded->subjectCLen : CTC_NAME_SIZE - 1; - XSTRNCPY(cn->country, decoded->subjectC, sz); + XSTRNCPY(cn->country, decoded->subjectC, (size_t)sz); cn->country[sz] = '\0'; cn->countryEnc = decoded->subjectCEnc; } if (decoded->subjectST) { sz = (decoded->subjectSTLen < CTC_NAME_SIZE) ? decoded->subjectSTLen : CTC_NAME_SIZE - 1; - XSTRNCPY(cn->state, decoded->subjectST, sz); + XSTRNCPY(cn->state, decoded->subjectST, (size_t)sz); cn->state[sz] = '\0'; cn->stateEnc = decoded->subjectSTEnc; } if (decoded->subjectL) { sz = (decoded->subjectLLen < CTC_NAME_SIZE) ? decoded->subjectLLen : CTC_NAME_SIZE - 1; - XSTRNCPY(cn->locality, decoded->subjectL, sz); + XSTRNCPY(cn->locality, decoded->subjectL, (size_t)sz); cn->locality[sz] = '\0'; cn->localityEnc = decoded->subjectLEnc; } if (decoded->subjectO) { sz = (decoded->subjectOLen < CTC_NAME_SIZE) ? decoded->subjectOLen : CTC_NAME_SIZE - 1; - XSTRNCPY(cn->org, decoded->subjectO, sz); + XSTRNCPY(cn->org, decoded->subjectO, (size_t)sz); cn->org[sz] = '\0'; cn->orgEnc = decoded->subjectOEnc; } if (decoded->subjectOU) { sz = (decoded->subjectOULen < CTC_NAME_SIZE) ? decoded->subjectOULen : CTC_NAME_SIZE - 1; - XSTRNCPY(cn->unit, decoded->subjectOU, sz); + XSTRNCPY(cn->unit, decoded->subjectOU, (size_t)sz); cn->unit[sz] = '\0'; cn->unitEnc = decoded->subjectOUEnc; } if (decoded->subjectSN) { sz = (decoded->subjectSNLen < CTC_NAME_SIZE) ? decoded->subjectSNLen : CTC_NAME_SIZE - 1; - XSTRNCPY(cn->sur, decoded->subjectSN, sz); + XSTRNCPY(cn->sur, decoded->subjectSN, (size_t)sz); cn->sur[sz] = '\0'; cn->surEnc = decoded->subjectSNEnc; } if (decoded->subjectSND) { sz = (decoded->subjectSNDLen < CTC_NAME_SIZE) ? decoded->subjectSNDLen : CTC_NAME_SIZE - 1; - XSTRNCPY(cn->serialDev, decoded->subjectSND, sz); + XSTRNCPY(cn->serialDev, decoded->subjectSND, (size_t)sz); cn->serialDev[sz] = '\0'; cn->serialDevEnc = decoded->subjectSNDEnc; } if (decoded->subjectUID) { sz = (decoded->subjectUIDLen < CTC_NAME_SIZE) ? decoded->subjectUIDLen : CTC_NAME_SIZE - 1; - XSTRNCPY(cn->userId, decoded->subjectUID, sz); + XSTRNCPY(cn->userId, decoded->subjectUID, (size_t)sz); cn->userId[sz] = '\0'; cn->userIdEnc = decoded->subjectUIDEnc; } @@ -30310,21 +30391,21 @@ static void SetNameFromDcert(CertName* cn, DecodedCert* decoded) if (decoded->subjectBC) { sz = (decoded->subjectBCLen < CTC_NAME_SIZE) ? decoded->subjectBCLen : CTC_NAME_SIZE - 1; - XSTRNCPY(cn->busCat, decoded->subjectBC, sz); + XSTRNCPY(cn->busCat, decoded->subjectBC, (size_t)sz); cn->busCat[sz] = '\0'; cn->busCatEnc = decoded->subjectBCEnc; } if (decoded->subjectJC) { sz = (decoded->subjectJCLen < CTC_NAME_SIZE) ? decoded->subjectJCLen : CTC_NAME_SIZE - 1; - XSTRNCPY(cn->joiC, decoded->subjectJC, sz); + XSTRNCPY(cn->joiC, decoded->subjectJC, (size_t)sz); cn->joiC[sz] = '\0'; cn->joiCEnc = decoded->subjectJCEnc; } if (decoded->subjectJS) { sz = (decoded->subjectJSLen < CTC_NAME_SIZE) ? decoded->subjectJSLen : CTC_NAME_SIZE - 1; - XSTRNCPY(cn->joiSt, decoded->subjectJS, sz); + XSTRNCPY(cn->joiSt, decoded->subjectJS, (size_t)sz); cn->joiSt[sz] = '\0'; cn->joiStEnc = decoded->subjectJSEnc; } @@ -30332,7 +30413,7 @@ static void SetNameFromDcert(CertName* cn, DecodedCert* decoded) if (decoded->subjectEmail) { sz = (decoded->subjectEmailLen < CTC_NAME_SIZE) ? decoded->subjectEmailLen : CTC_NAME_SIZE - 1; - XSTRNCPY(cn->email, decoded->subjectEmail, sz); + XSTRNCPY(cn->email, decoded->subjectEmail, (size_t)sz); cn->email[sz] = '\0'; } #if defined(WOLFSSL_CERT_NAME_ALL) && \ @@ -30340,28 +30421,28 @@ static void SetNameFromDcert(CertName* cn, DecodedCert* decoded) if (decoded->subjectN) { sz = (decoded->subjectNLen < CTC_NAME_SIZE) ? decoded->subjectNLen : CTC_NAME_SIZE - 1; - XSTRNCPY(cn->dnName, decoded->subjectN, sz); + XSTRNCPY(cn->dnName, decoded->subjectN, (size_t)sz); cn->dnName[sz] = '\0'; cn->dnNameEnc = decoded->subjectNEnc; } if (decoded->subjectI) { sz = (decoded->subjectILen < CTC_NAME_SIZE) ? decoded->subjectILen : CTC_NAME_SIZE - 1; - XSTRNCPY(cn->initials, decoded->subjectI, sz); + XSTRNCPY(cn->initials, decoded->subjectI, (size_t)sz); cn->initials[sz] = '\0'; cn->initialsEnc = decoded->subjectIEnc; } if (decoded->subjectGN) { sz = (decoded->subjectGNLen < CTC_NAME_SIZE) ? decoded->subjectGNLen : CTC_NAME_SIZE - 1; - XSTRNCPY(cn->givenName, decoded->subjectGN, sz); + XSTRNCPY(cn->givenName, decoded->subjectGN, (size_t)sz); cn->givenName[sz] = '\0'; cn->givenNameEnc = decoded->subjectGNEnc; } if (decoded->subjectDNQ) { sz = (decoded->subjectDNQLen < CTC_NAME_SIZE) ? decoded->subjectDNQLen : CTC_NAME_SIZE - 1; - XSTRNCPY(cn->dnQualifier, decoded->subjectDNQ, sz); + XSTRNCPY(cn->dnQualifier, decoded->subjectDNQ, (size_t)sz); cn->dnQualifier[sz] = '\0'; cn->dnQualifierEnc = decoded->subjectDNQEnc; } @@ -30390,7 +30471,7 @@ static int SetNameFromCert(CertName* cn, const byte* der, int derSz) return MEMORY_E; #endif - InitDecodedCert(decoded, der, derSz, NULL); + InitDecodedCert(decoded, der, (word32)derSz, NULL); ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0); if (ret < 0) { @@ -30422,7 +30503,7 @@ int wc_SetIssuer(Cert* cert, const char* issuerFile) ret = wc_PemCertToDer_ex(issuerFile, &der); if (ret == 0) { cert->selfSigned = 0; - ret = SetNameFromCert(&cert->issuer, der->buffer, der->length); + ret = SetNameFromCert(&cert->issuer, der->buffer, (int)der->length); FreeDer(&der); } @@ -30443,7 +30524,7 @@ int wc_SetSubject(Cert* cert, const char* subjectFile) ret = wc_PemCertToDer_ex(subjectFile, &der); if (ret == 0) { - ret = SetNameFromCert(&cert->subject, der->buffer, der->length); + ret = SetNameFromCert(&cert->subject, der->buffer, (int)der->length); FreeDer(&der); } @@ -30466,7 +30547,7 @@ int wc_SetAltNames(Cert* cert, const char* file) ret = wc_PemCertToDer_ex(file, &der); if (ret == 0) { - ret = SetAltNamesFromCert(cert, der->buffer, der->length); + ret = SetAltNamesFromCert(cert, der->buffer, (int)der->length); FreeDer(&der); } @@ -30493,7 +30574,7 @@ int wc_SetIssuerBuffer(Cert* cert, const byte* der, int derSz) /* Check if decodedCert is cached */ if (cert->der != der) { /* Allocate cache for the decoded cert */ - ret = wc_SetCert_LoadDer(cert, der, derSz); + ret = wc_SetCert_LoadDer(cert, der, (word32)derSz); } if (ret >= 0) { @@ -30520,7 +30601,7 @@ int wc_SetSubjectBuffer(Cert* cert, const byte* der, int derSz) /* Check if decodedCert is cached */ if (cert->der != der) { /* Allocate cache for the decoded cert */ - ret = wc_SetCert_LoadDer(cert, der, derSz); + ret = wc_SetCert_LoadDer(cert, der, (word32)derSz); } if (ret >= 0) { @@ -30547,7 +30628,7 @@ int wc_SetSubjectRaw(Cert* cert, const byte* der, int derSz) /* Check if decodedCert is cached */ if (cert->der != der) { /* Allocate cache for the decoded cert */ - ret = wc_SetCert_LoadDer(cert, der, derSz); + ret = wc_SetCert_LoadDer(cert, der, (word32)derSz); } if (ret >= 0) { @@ -30556,7 +30637,8 @@ int wc_SetSubjectRaw(Cert* cert, const byte* der, int derSz) (int)sizeof(CertName))) { XMEMCPY(cert->sbjRaw, ((DecodedCert*)cert->decodedCert)->subjectRaw, - ((DecodedCert*)cert->decodedCert)->subjectRawLen); + (size_t)((DecodedCert*)cert->decodedCert)-> + subjectRawLen); } #ifndef WOLFSSL_CERT_GEN_CACHE wc_SetCert_Free(cert); @@ -30580,7 +30662,7 @@ int wc_SetIssuerRaw(Cert* cert, const byte* der, int derSz) /* Check if decodedCert is cached */ if (cert->der != der) { /* Allocate cache for the decoded cert */ - ret = wc_SetCert_LoadDer(cert, der, derSz); + ret = wc_SetCert_LoadDer(cert, der, (word32)derSz); } if (ret >= 0) { @@ -30590,7 +30672,8 @@ int wc_SetIssuerRaw(Cert* cert, const byte* der, int derSz) /* Copy the subject to the issuer field */ XMEMCPY(cert->issRaw, ((DecodedCert*)cert->decodedCert)->subjectRaw, - ((DecodedCert*)cert->decodedCert)->subjectRawLen); + (size_t)((DecodedCert*)cert->decodedCert)-> + subjectRawLen); } #ifndef WOLFSSL_CERT_GEN_CACHE wc_SetCert_Free(cert); @@ -30616,7 +30699,7 @@ int wc_SetAltNamesBuffer(Cert* cert, const byte* der, int derSz) /* Check if decodedCert is cached */ if (cert->der != der) { /* Allocate cache for the decoded cert */ - ret = wc_SetCert_LoadDer(cert, der, derSz); + ret = wc_SetCert_LoadDer(cert, der, (word32)derSz); } if (ret >= 0) { @@ -30643,7 +30726,7 @@ int wc_SetDatesBuffer(Cert* cert, const byte* der, int derSz) /* Check if decodedCert is cached */ if (cert->der != der) { /* Allocate cache for the decoded cert */ - ret = wc_SetCert_LoadDer(cert, der, derSz); + ret = wc_SetCert_LoadDer(cert, der, (word32)derSz); } if (ret >= 0) { @@ -30851,7 +30934,7 @@ int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r, mp_int* s) word32 idx = 0; int rSz; /* encoding size */ int sSz; - word32 headerSz = 4; /* 2*ASN_TAG + 2*LEN(ENUM) */ + int headerSz = 4; /* 2*ASN_TAG + 2*LEN(ENUM) */ /* If the leading bit on the INTEGER is a 1, add a leading zero */ int rLeadingZero = mp_leading_bit(r); @@ -30859,23 +30942,24 @@ int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r, mp_int* s) int rLen = mp_unsigned_bin_size(r); /* big int size */ int sLen = mp_unsigned_bin_size(s); - if (*outLen < (rLen + rLeadingZero + sLen + sLeadingZero + - headerSz + 2)) /* SEQ_TAG + LEN(ENUM) */ + if (*outLen < (word32)((rLen + rLeadingZero + sLen + sLeadingZero + + headerSz + 2))) /* SEQ_TAG + LEN(ENUM) */ return BUFFER_E; - idx = SetSequence(rLen + rLeadingZero + sLen+sLeadingZero + headerSz, out); + idx = SetSequence((word32)(rLen + rLeadingZero + sLen + sLeadingZero + + headerSz), out); /* store r */ - rSz = SetASNIntMP(r, *outLen - idx, &out[idx]); + rSz = SetASNIntMP(r, (int)(*outLen - idx), &out[idx]); if (rSz < 0) return rSz; - idx += rSz; + idx += (word32)rSz; /* store s */ - sSz = SetASNIntMP(s, *outLen - idx, &out[idx]); + sSz = SetASNIntMP(s, (int)(*outLen - idx), &out[idx]); if (sSz < 0) return sSz; - idx += sSz; + idx += (word32)sSz; *outLen = idx; @@ -30900,7 +30984,7 @@ int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r, mp_int* s) /* Encode DSA signature into buffer. */ SetASN_Items(dsaSigASN, dataASN, dsaSigASN_Length, out); /* Set the actual encoding size. */ - *outLen = sz; + *outLen = (word32)sz; } return ret; @@ -30909,16 +30993,17 @@ int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r, mp_int* s) #ifndef WOLFSSL_ASN_TEMPLATE /* determine if leading bit is set */ -static int is_leading_bit_set(const byte* input, word32 sz) +static word32 is_leading_bit_set(const byte* input, word32 sz) { byte c = 0; if (sz > 0) c = input[0]; return (c & 0x80) != 0; } -static int trim_leading_zeros(const byte** input, word32 sz) +static word32 trim_leading_zeros(const byte** input, word32 sz) { - int i, leadingZeroCount = 0; + int i; + word32 leadingZeroCount = 0; const byte* tmp = *input; for (i=0; i<(int)sz; i++) { if (tmp[i] != 0) @@ -30926,7 +31011,7 @@ static int trim_leading_zeros(const byte** input, word32 sz) leadingZeroCount++; } /* catch all zero case */ - if (sz > 0 && leadingZeroCount == (int)sz) { + if (sz > 0 && leadingZeroCount == sz) { leadingZeroCount--; } *input += leadingZeroCount; @@ -30944,7 +31029,7 @@ int StoreECC_DSA_Sig_Bin(byte* out, word32* outLen, const byte* r, word32 rLen, int ret; word32 idx; word32 headerSz = 4; /* 2*ASN_TAG + 2*LEN(ENUM) */ - int rAddLeadZero, sAddLeadZero; + word32 rAddLeadZero, sAddLeadZero; if ((out == NULL) || (outLen == NULL) || (r == NULL) || (s == NULL)) return BAD_FUNC_ARG; @@ -30964,18 +31049,18 @@ int StoreECC_DSA_Sig_Bin(byte* out, word32* outLen, const byte* r, word32 rLen, idx = SetSequence(rLen+rAddLeadZero + sLen+sAddLeadZero + headerSz, out); /* store r */ - ret = SetASNInt(rLen, rAddLeadZero ? 0x80 : 0x00, &out[idx]); + ret = SetASNInt((int)rLen, rAddLeadZero ? 0x80 : 0x00, &out[idx]); if (ret < 0) return ret; - idx += ret; + idx += (word32)ret; XMEMCPY(&out[idx], r, rLen); idx += rLen; /* store s */ - ret = SetASNInt(sLen, sAddLeadZero ? 0x80 : 0x00, &out[idx]); + ret = SetASNInt((int)sLen, sAddLeadZero ? 0x80 : 0x00, &out[idx]); if (ret < 0) return ret; - idx += ret; + idx += (word32)ret; XMEMCPY(&out[idx], s, sLen); idx += sLen; @@ -31002,7 +31087,7 @@ int StoreECC_DSA_Sig_Bin(byte* out, word32* outLen, const byte* r, word32 rLen, /* Encode DSA signature into buffer. */ SetASN_Items(dsaSigASN, dataASN, dsaSigASN_Length, out); /* Set the actual encoding size. */ - *outLen = sz; + *outLen = (word32)sz; } return ret; @@ -31039,23 +31124,23 @@ int DecodeECC_DSA_Sig_Bin(const byte* sig, word32 sigLen, byte* r, word32* rLen, if (ret != 0) return ret; if (rLen) - *rLen = len; + *rLen = (word32)len; if (r) - XMEMCPY(r, (byte*)sig + idx, len); - idx += len; + XMEMCPY(r, (byte*)sig + idx, (size_t)len); + idx += (word32)len; ret = GetASNInt(sig, &idx, &len, sigLen); if (ret != 0) return ret; if (sLen) - *sLen = len; + *sLen = (word32)len; if (s) - XMEMCPY(s, (byte*)sig + idx, len); + XMEMCPY(s, (byte*)sig + idx, (size_t)len); #ifndef NO_STRICT_ECDSA_LEN /* sanity check that the index has been advanced all the way to the end of * the buffer */ - if (idx + len != sigLen) { + if (idx + (word32)len != sigLen) { ret = ASN_ECC_KEY_E; } #endif @@ -31344,13 +31429,13 @@ static int EccSpecifiedECDomainDecode(const byte* input, word32 inSz, /* Allocate buffer to put hex strings into. */ if (ret == 0) { /* Base X-ordinate */ - ret = DataToHexStringAlloc(base + 1, curve->size, + ret = DataToHexStringAlloc(base + 1, (word32)curve->size, (char**)&curve->Gx, key->heap, DYNAMIC_TYPE_ECC_BUFFER); } if (ret == 0) { /* Base Y-ordinate */ - ret = DataToHexStringAlloc(base + 1 + curve->size, curve->size, + ret = DataToHexStringAlloc(base + 1 + curve->size, (word32)curve->size, (char**)&curve->Gy, key->heap, DYNAMIC_TYPE_ECC_BUFFER); } @@ -31524,8 +31609,8 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key, #endif /* priv key */ - XMEMCPY(priv, &input[*inOutIdx], privSz); - *inOutIdx += length; + XMEMCPY(priv, &input[*inOutIdx], (size_t)privSz); + *inOutIdx += (word32)length; if ((*inOutIdx + 1) < inSz) { /* prefix 0, may have */ @@ -31577,8 +31662,8 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key, else #endif { - XMEMCPY(pub, &input[*inOutIdx], pubSz); - *inOutIdx += length; + XMEMCPY(pub, &input[*inOutIdx], (size_t)pubSz); + *inOutIdx += (word32)length; pubData = pub; } } @@ -31587,8 +31672,8 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key, } if (ret == 0) { - ret = wc_ecc_import_private_key_ex(priv, privSz, pubData, pubSz, key, - curve_id); + ret = wc_ecc_import_private_key_ex(priv, (word32)privSz, pubData, + (word32)pubSz, key, curve_id); } #ifdef WOLFSSL_SMALL_STACK @@ -31695,16 +31780,16 @@ static int ASNToHexString(const byte* input, word32* inOutIdx, char** out, return ASN_PARSE_E; } - str = (char*)XMALLOC(len * 2 + 1, heap, heapType); + str = (char*)XMALLOC((size_t)len * 2 + 1, heap, heapType); if (str == NULL) { return MEMORY_E; } for (i=0; i ECC_MAXSIZE) return BUFFER_E; - *inOutIdx += length; + *inOutIdx += (word32)length; /* Private Curve Header */ if (*inOutIdx >= inSz) @@ -31890,7 +31975,7 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx, ret = GetASNHeader(input, ASN_BIT_STRING, inOutIdx, &len, inSz); if (ret > 0) ret = 0; /* reset on success */ - *inOutIdx += len; + *inOutIdx += (word32)len; } } if (ret == 0) { @@ -31907,10 +31992,10 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx, } if (ret == 0) { #ifndef WOLFSSL_ECC_CURVE_STATIC - curve->Gx = (const char*)XMALLOC(curve->size * 2 + 2, key->heap, - DYNAMIC_TYPE_ECC_BUFFER); - curve->Gy = (const char*)XMALLOC(curve->size * 2 + 2, key->heap, - DYNAMIC_TYPE_ECC_BUFFER); + curve->Gx = (const char*)XMALLOC((size_t)curve->size * 2 + 2, + key->heap, DYNAMIC_TYPE_ECC_BUFFER); + curve->Gy = (const char*)XMALLOC((size_t)curve->size * 2 + 2, + key->heap, DYNAMIC_TYPE_ECC_BUFFER); if (curve->Gx == NULL || curve->Gy == NULL) { XFREE(point, key->heap, DYNAMIC_TYPE_ECC_BUFFER); ret = MEMORY_E; @@ -31925,9 +32010,9 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx, if (ret == 0) { char* o = NULL; - XMEMCPY((char*)curve->Gx, point + 2, curve->size * 2); + XMEMCPY((char*)curve->Gx, point + 2, (size_t)curve->size * 2); XMEMCPY((char*)curve->Gy, point + curve->size * 2 + 2, - curve->size * 2); + (size_t)curve->size * 2); ((char*)curve->Gx)[curve->size * 2] = '\0'; ((char*)curve->Gy)[curve->size * 2] = '\0'; XFREE(point, key->heap, DYNAMIC_TYPE_ECC_BUFFER); @@ -32002,12 +32087,12 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx, return ret; /* This is the raw point data compressed or uncompressed. */ - if (wc_ecc_import_x963_ex(input + *inOutIdx, length, key, + if (wc_ecc_import_x963_ex(input + *inOutIdx, (word32)length, key, curve_id) != 0) { return ASN_ECC_KEY_E; } - *inOutIdx += length; + *inOutIdx += (word32)length; return 0; #else @@ -32100,7 +32185,8 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen, byte curve[MAX_ALGO_SZ+2]; byte ver[MAX_VERSION_SZ]; byte seq[MAX_SEQ_SZ]; - int ret, totalSz, curveSz, verSz; + int ret, curveSz, verSz; + word32 totalSz; int privHdrSz = ASN_ECC_HEADER_SZ; int pubHdrSz = ASN_ECC_CONTEXT_SZ + ASN_ECC_HEADER_SZ; #ifdef WOLFSSL_NO_MALLOC @@ -32126,11 +32212,11 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen, return curveSz; /* set computed size */ curve[1] = (byte)curveSz; - curveidx += curveSz; + curveidx += (word32)curveSz; } /* private */ - privSz = key->dp->size; + privSz = (word32)key->dp->size; #ifdef WOLFSSL_QNX_CAAM /* check if is a black key, and add MAC size if needed */ @@ -32140,7 +32226,7 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen, #endif #ifndef WOLFSSL_NO_MALLOC - prv = (byte*)XMALLOC(privSz + privHdrSz + MAX_SEQ_SZ, + prv = (byte*)XMALLOC(privSz + (word32)privHdrSz + MAX_SEQ_SZ, key->heap, DYNAMIC_TYPE_TMP_BUFFER); if (prv == NULL) { return MEMORY_E; @@ -32178,7 +32264,7 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen, } #ifndef WOLFSSL_NO_MALLOC - pub = (byte*)XMALLOC(pubSz + pubHdrSz + MAX_SEQ_SZ, + pub = (byte*)XMALLOC(pubSz + (word32)pubHdrSz + MAX_SEQ_SZ, key->heap, DYNAMIC_TYPE_TMP_BUFFER); if (pub == NULL) { XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -32213,9 +32299,9 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen, /* make headers */ verSz = SetMyVersion(1, ver, FALSE); - seqSz = SetSequence(verSz + prvidx + pubidx + curveidx, seq); + seqSz = SetSequence((word32)verSz + prvidx + pubidx + curveidx, seq); - totalSz = prvidx + pubidx + curveidx + verSz + seqSz; + totalSz = prvidx + pubidx + curveidx + (word32)verSz + seqSz; if (output == NULL) { *inLen = totalSz; #ifndef WOLFSSL_NO_MALLOC @@ -32226,7 +32312,7 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen, #endif return LENGTH_ONLY_E; } - if (inLen != NULL && totalSz > (int)*inLen) { + if (inLen != NULL && totalSz > *inLen) { #ifndef WOLFSSL_NO_MALLOC XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); if (pubIn) { @@ -32242,8 +32328,8 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen, idx = seqSz; /* ver */ - XMEMCPY(output + idx, ver, verSz); - idx += verSz; + XMEMCPY(output + idx, ver, (size_t)verSz); + idx += (word32)verSz; /* private */ XMEMCPY(output + idx, prv, prvidx); @@ -32265,7 +32351,7 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen, #endif } - return totalSz; + return (int)totalSz; #else DECL_ASNSETDATA(dataASN, eccKeyASN_Length); word32 privSz, pubSz; @@ -32287,7 +32373,7 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen, if (ret == 0) { /* Private key size is the curve size. */ - privSz = key->dp->size; + privSz = (word32)key->dp->size; if (pubIn) { /* Get the length of the public key. */ PRIVATE_KEY_UNLOCK(); @@ -32310,7 +32396,7 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen, } /* Curve OID */ SetASN_ReplaceBuffer(&dataASN[ECCKEYASN_IDX_CURVEID], NULL, - curveIdSz); + (word32)curveIdSz); /* TODO: add support for SpecifiedECDomain curve. */ dataASN[ECCKEYASN_IDX_CURVEPARAMS].noOut = 1; } @@ -32334,7 +32420,7 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen, } /* Return the size if no buffer. */ if ((ret == 0) && (output == NULL)) { - *inLen = sz; + *inLen = (word32)sz; ret = LENGTH_ONLY_E; } /* Check the buffer is big enough. */ @@ -32349,7 +32435,7 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen, /* Put named curve OID data into encoding. */ curveIdSz = SetCurve(key, (byte*)dataASN[ECCKEYASN_IDX_CURVEID].data.buffer.data, - curveIdSz); + (size_t)curveIdSz); if (curveIdSz < 0) { ret = curveIdSz; } @@ -32398,7 +32484,7 @@ int wc_EccKeyDerSize(ecc_key* key, int pub) if (ret != LENGTH_ONLY_E) { return ret; } - return sz; + return (int)sz; } /* Write only private ecc key to DER format, @@ -32422,7 +32508,8 @@ int wc_EccPrivateKeyToDer(ecc_key* key, byte* output, word32 inLen) static int eccToPKCS8(ecc_key* key, byte* output, word32* outLen, int includePublic) { - int ret, tmpDerSz; + int ret; + word32 tmpDerSz; int algoID = 0; word32 oidSz = 0; word32 pkcs8Sz = 0; @@ -32458,7 +32545,7 @@ static int eccToPKCS8(ecc_key* key, byte* output, word32* outLen, #endif return ret; } - tmpDerSz = ret; + tmpDerSz = (word32)ret; /* get pkcs8 expected output size */ ret = wc_CreatePKCS8Key(NULL, &pkcs8Sz, tmpDer, tmpDerSz, algoID, @@ -32499,7 +32586,7 @@ static int eccToPKCS8(ecc_key* key, byte* output, word32* outLen, XFREE(tmpDer, key->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif - *outLen = ret; + *outLen = (word32)ret; return ret; } @@ -32589,7 +32676,7 @@ int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz, #ifndef WOLFSSL_ASN_TEMPLATE if (GetSequence(input, inOutIdx, &length, inSz) >= 0) { - endKeyIdx = *inOutIdx + length; + endKeyIdx = (int)*inOutIdx + length; if (GetMyVersion(input, inOutIdx, &version, inSz) < 0) return ASN_PARSE_E; @@ -32610,22 +32697,22 @@ int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz, return ASN_PARSE_E; priv = input + *inOutIdx; - *inOutIdx += privSz; + *inOutIdx += (word32)privSz; } else { if (GetOctetString(input, inOutIdx, &privSz, inSz) < 0) return ASN_PARSE_E; priv = input + *inOutIdx; - *inOutIdx += privSz; - endKeyIdx = *inOutIdx; + *inOutIdx += (word32)privSz; + endKeyIdx = (int)*inOutIdx; } if ((word32)privSz > *privKeyLen) return BUFFER_E; if (endKeyIdx == (int)*inOutIdx) { - *privKeyLen = privSz; + *privKeyLen = (word32)privSz; XMEMCPY(privKey, priv, *privKeyLen); if (pubKeyLen != NULL) *pubKeyLen = 0; @@ -32644,11 +32731,11 @@ int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz, return BUFFER_E; pub = input + *inOutIdx; - *inOutIdx += pubSz; + *inOutIdx += (word32)pubSz; - *privKeyLen = privSz; + *privKeyLen = (word32)privSz; XMEMCPY(privKey, priv, *privKeyLen); - *pubKeyLen = pubSz; + *pubKeyLen = (word32)pubSz; if (pubKey != NULL) XMEMCPY(pubKey, pub, *pubKeyLen); } @@ -32659,7 +32746,7 @@ int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz, if (ret == 0) { /* Require OID. */ word32 oidSz; - const byte* oid = OidFromId(keyType, oidKeyType, &oidSz); + const byte* oid = OidFromId((word32)keyType, oidKeyType, &oidSz); GetASN_ExpBuffer(&dataASN[EDKEYASN_IDX_PKEYALGO_OID], oid, oidSz); /* Parse full private key. */ ret = GetASN_Items(edKeyASN, dataASN, edKeyASN_Length, 1, input, @@ -32751,7 +32838,7 @@ int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz, return ASN_PARSE_E; /* This is the raw point data compressed or uncompressed. */ - *pubKeyLen = length; + *pubKeyLen = (word32)length; XMEMCPY(pubKey, input + *inOutIdx, *pubKeyLen); #else len = inSz - *inOutIdx; @@ -32761,7 +32848,7 @@ int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz, if (ret == 0) { /* Require OID. */ word32 oidSz; - const byte* oid = OidFromId(keyType, oidKeyType, &oidSz); + const byte* oid = OidFromId((word32)keyType, oidKeyType, &oidSz); GetASN_ExpBuffer(&dataASN[EDPUBKEYASN_IDX_ALGOID_OID], oid, oidSz); /* Decode Ed25519 private key. */ @@ -32961,7 +33048,7 @@ int SetAsymKeyDer(const byte* privKey, word32 privKeyLen, } if (ret == 0) { /* Return size of encoding. */ - ret = sz; + ret = (int)sz; } #else @@ -32971,7 +33058,8 @@ int SetAsymKeyDer(const byte* privKey, word32 privKeyLen, /* Set version = 0 */ SetASN_Int8Bit(&dataASN[EDKEYASN_IDX_VER], 0); /* Set OID. */ - SetASN_OID(&dataASN[EDKEYASN_IDX_PKEYALGO_OID], keyType, oidKeyType); + SetASN_OID(&dataASN[EDKEYASN_IDX_PKEYALGO_OID], (word32)keyType, + oidKeyType); /* Leave space for private key. */ SetASN_Buffer(&dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY], NULL, privKeyLen); /* Don't write out attributes. */ @@ -35125,13 +35213,14 @@ int GetNameHash(const byte* source, word32* idx, byte* hash, int maxIdx) WOLFSSL_ENTER("GetNameHash"); dummy = *idx; - if (GetASNTag(source, &dummy, &tag, maxIdx) == 0 && tag == ASN_OBJECT_ID) { + if (GetASNTag(source, &dummy, &tag, (word32)maxIdx) == 0 && + tag == ASN_OBJECT_ID) { WOLFSSL_MSG("Trying optional prefix..."); - if (GetLength(source, idx, &length, maxIdx) < 0) + if (GetLength(source, idx, &length, (word32)maxIdx) < 0) return ASN_PARSE_E; - *idx += length; + *idx += (word32)length; WOLFSSL_MSG("Got optional prefix"); } @@ -35139,12 +35228,12 @@ int GetNameHash(const byte* source, word32* idx, byte* hash, int maxIdx) * calculated over the entire DER encoding of the Name field, including * the tag and length. */ dummy = *idx; - if (GetSequence(source, idx, &length, maxIdx) < 0) + if (GetSequence(source, idx, &length, (word32)maxIdx) < 0) return ASN_PARSE_E; - ret = CalcHashId(source + dummy, length + *idx - dummy, hash); + ret = CalcHashId(source + dummy, (word32)length + *idx - dummy, hash); - *idx += length; + *idx += (word32)length; return ret; #else @@ -35156,7 +35245,7 @@ int GetNameHash(const byte* source, word32* idx, byte* hash, int maxIdx) GetASN_OID(&dataASN[NAMEHASHASN_IDX_OID], oidIgnoreType); /* Decode certificate name. */ ret = GetASN_Items(nameHashASN, dataASN, nameHashASN_Length, 0, source, idx, - maxIdx); + (word32)maxIdx); if (ret == 0) { /* For OCSP, RFC2560 section 4.1.1 states the issuer hash should be * calculated over the entire DER encoding of the Name field, including @@ -36384,8 +36473,8 @@ int wc_MIME_parse_headers(char* in, int inLen, MimeHdr** headers) ret = MEMORY_E; goto error; } - XMEMSET(nextHdr, 0, (word32)sizeof(MimeHdr)); - XMEMSET(nextParam, 0, (word32)sizeof(MimeParam)); + XMEMSET(nextHdr, 0, sizeof(MimeHdr)); + XMEMSET(nextParam, 0, sizeof(MimeParam)); curLine = XSTRTOK(in, "\r\n", &ptr); if (curLine == NULL) { @@ -36445,7 +36534,7 @@ int wc_MIME_parse_headers(char* in, int inLen, MimeHdr** headers) ret = MEMORY_E; goto error; } - XMEMSET(nextHdr, 0, (word32)sizeof(MimeHdr)); + XMEMSET(nextHdr, 0, sizeof(MimeHdr)); } else { nextParam->attribute = nameAttr; @@ -36460,7 +36549,7 @@ int wc_MIME_parse_headers(char* in, int inLen, MimeHdr** headers) ret = MEMORY_E; goto error; } - XMEMSET(nextParam, 0, (word32)sizeof(MimeParam)); + XMEMSET(nextParam, 0, sizeof(MimeParam)); } mimeType = MIME_PARAM; mimeStatus = MIME_NAMEATTR; @@ -36491,7 +36580,7 @@ int wc_MIME_parse_headers(char* in, int inLen, MimeHdr** headers) ret = MEMORY_E; goto error; } - XMEMSET(nextHdr, 0, (word32)sizeof(MimeHdr)); + XMEMSET(nextHdr, 0, sizeof(MimeHdr)); } else { nextParam->attribute = nameAttr; nameAttr = NULL; @@ -36505,7 +36594,7 @@ int wc_MIME_parse_headers(char* in, int inLen, MimeHdr** headers) ret = MEMORY_E; goto error; } - XMEMSET(nextParam, 0, (word32)sizeof(MimeParam)); + XMEMSET(nextParam, 0, sizeof(MimeParam)); } } diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 208c0c688..d65515520 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -228,8 +228,8 @@ ECC Curve Sizes: #define MAX_ECC_BITS_USE MAX_ECC_BITS_NEEDED #endif #define ECC_KEY_MAX_BITS(key) \ - (((key == NULL) || (key->dp == NULL)) ? MAX_ECC_BITS_USE \ - : (key->dp->size * 8)) + ((((key) == NULL) || ((key)->dp == NULL)) ? MAX_ECC_BITS_USE \ + : (unsigned)((key)->dp->size * 8)) /* forward declarations */ static int wc_ecc_new_point_ex(ecc_point** point, void* heap); @@ -3020,7 +3020,7 @@ static int ecc_mulmod(const mp_int* k, ecc_point* P, ecc_point* Q, err = mp_copy(k, kt); } if (err == MP_OKAY) { - err = mp_grow(kt, modulus->used + 1); + err = mp_grow(kt, (int)modulus->used + 1); } /* Step 2: for j = 1 to t-1 do */ for (i = 1; (err == MP_OKAY) && (i < t); i++) { @@ -3040,13 +3040,13 @@ static int ecc_mulmod(const mp_int* k, ecc_point* P, ecc_point* Q, } #else /* Swap R[0] and R[1] if other index is needed. */ - swap ^= b; + swap ^= (int)b; if (err == MP_OKAY) - err = mp_cond_swap_ct(R[0]->x, R[1]->x, modulus->used, swap); + err = mp_cond_swap_ct(R[0]->x, R[1]->x, (int)modulus->used, swap); if (err == MP_OKAY) - err = mp_cond_swap_ct(R[0]->y, R[1]->y, modulus->used, swap); + err = mp_cond_swap_ct(R[0]->y, R[1]->y, (int)modulus->used, swap); if (err == MP_OKAY) - err = mp_cond_swap_ct(R[0]->z, R[1]->z, modulus->used, swap); + err = mp_cond_swap_ct(R[0]->z, R[1]->z, (int)modulus->used, swap); swap = (int)b; if (err == MP_OKAY) @@ -3062,11 +3062,11 @@ static int ecc_mulmod(const mp_int* k, ecc_point* P, ecc_point* Q, /* Swap back if last bit is 0. */ swap ^= 1; if (err == MP_OKAY) - err = mp_cond_swap_ct(R[0]->x, R[1]->x, modulus->used, swap); + err = mp_cond_swap_ct(R[0]->x, R[1]->x, (int)modulus->used, swap); if (err == MP_OKAY) - err = mp_cond_swap_ct(R[0]->y, R[1]->y, modulus->used, swap); + err = mp_cond_swap_ct(R[0]->y, R[1]->y, (int)modulus->used, swap); if (err == MP_OKAY) - err = mp_cond_swap_ct(R[0]->z, R[1]->z, modulus->used, swap); + err = mp_cond_swap_ct(R[0]->z, R[1]->z, (int)modulus->used, swap); #endif /* Step 5: b = k[0]; R[b] = R[b] - P */ @@ -3085,21 +3085,21 @@ static int ecc_mulmod(const mp_int* k, ecc_point* P, ecc_point* Q, &infinity); #else /* Swap R[0] and R[1], if necessary, to operate on the one we want. */ - err = mp_cond_swap_ct(R[0]->x, R[1]->x, modulus->used, (int)b); + err = mp_cond_swap_ct(R[0]->x, R[1]->x, (int)modulus->used, (int)b); if (err == MP_OKAY) - err = mp_cond_swap_ct(R[0]->y, R[1]->y, modulus->used, (int)b); + err = mp_cond_swap_ct(R[0]->y, R[1]->y, (int)modulus->used, (int)b); if (err == MP_OKAY) - err = mp_cond_swap_ct(R[0]->z, R[1]->z, modulus->used, (int)b); + err = mp_cond_swap_ct(R[0]->z, R[1]->z, (int)modulus->used, (int)b); if (err == MP_OKAY) err = ecc_projective_add_point_safe(R[0], R[2], R[0], a, modulus, mp, &infinity); /* Swap back if necessary. */ if (err == MP_OKAY) - err = mp_cond_swap_ct(R[0]->x, R[1]->x, modulus->used, (int)b); + err = mp_cond_swap_ct(R[0]->x, R[1]->x, (int)modulus->used, (int)b); if (err == MP_OKAY) - err = mp_cond_swap_ct(R[0]->y, R[1]->y, modulus->used, (int)b); + err = mp_cond_swap_ct(R[0]->y, R[1]->y, (int)modulus->used, (int)b); if (err == MP_OKAY) - err = mp_cond_swap_ct(R[0]->z, R[1]->z, modulus->used, (int)b); + err = mp_cond_swap_ct(R[0]->z, R[1]->z, (int)modulus->used, (int)b); #endif } @@ -4584,7 +4584,7 @@ static int wc_ecc_shared_secret_gen_sync(ecc_key* private_key, ecc_point* point, #ifdef WOLFSSL_NO_MALLOC ecc_point lcl_result; #endif - word32 x = 0; + int x = 0; mp_digit mp = 0; DECLARE_CURVE_SPECS(3); @@ -4644,17 +4644,17 @@ static int wc_ecc_shared_secret_gen_sync(ecc_key* private_key, ecc_point* point, } if (err == MP_OKAY) { x = mp_unsigned_bin_size(curve->prime); - if (*outlen < x || (int)x < mp_unsigned_bin_size(result->x)) { + if (*outlen < (word32)x || x < mp_unsigned_bin_size(result->x)) { err = BUFFER_E; } } if (err == MP_OKAY) { - XMEMSET(out, 0, x); - err = mp_to_unsigned_bin(result->x,out + + XMEMSET(out, 0, (size_t)x); + err = mp_to_unsigned_bin(result->x, out + (x - mp_unsigned_bin_size(result->x))); } - *outlen = x; + *outlen = (word32)x; mp_forcezero(result->x); mp_forcezero(result->y); @@ -4974,7 +4974,7 @@ int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order) int err; byte buf[ECC_MAXSIZE_GEN]; - if (rng == NULL || size + 8 > ECC_MAXSIZE_GEN || k == NULL || + if (rng == NULL || size < 0 || size + 8 > ECC_MAXSIZE_GEN || k == NULL || order == NULL) { return BAD_FUNC_ARG; } @@ -4984,14 +4984,14 @@ int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order) size += 8; /* make up random string */ - err = wc_RNG_GenerateBlock(rng, buf, size); + err = wc_RNG_GenerateBlock(rng, buf, (word32)size); #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Add("wc_ecc_gen_k buf", buf, size); #endif /* load random buffer data into k */ if (err == 0) - err = mp_read_unsigned_bin(k, buf, size); + err = mp_read_unsigned_bin(k, buf, (word32)size); /* the key should be smaller than the order of base point */ if (err == MP_OKAY) { @@ -5285,7 +5285,7 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, return err; } - key->flags = flags; + key->flags = (byte)flags; #ifdef WOLF_CRYPTO_CB if (key->devId != INVALID_DEVID) { @@ -5870,7 +5870,7 @@ int wc_ecc_init_id(ecc_key* key, unsigned char* id, int len, void* heap, if (ret == 0) ret = wc_ecc_init_ex(key, heap, devId); if (ret == 0 && id != NULL && len != 0) { - XMEMCPY(key->id, id, len); + XMEMCPY(key->id, id, (size_t)len); key->idLen = len; #ifdef WOLFSSL_SE050 /* Set SE050 ID from word32, populate ecc_key with public from SE050 */ @@ -5900,7 +5900,7 @@ int wc_ecc_init_label(ecc_key* key, const char* label, void* heap, int devId) if (ret == 0) ret = wc_ecc_init_ex(key, heap, devId); if (ret == 0) { - XMEMCPY(key->label, label, labelLen); + XMEMCPY(key->label, label, (size_t)labelLen); key->labelLen = labelLen; } @@ -5921,7 +5921,7 @@ int wc_ecc_set_flags(ecc_key* key, word32 flags) static int wc_ecc_get_curve_order_bit_count(const ecc_set_type* dp) { int err = MP_OKAY; - word32 orderBits; + int orderBits; DECLARE_CURVE_SPECS(1); ALLOC_CURVE_SPECS(1, err); @@ -5937,7 +5937,7 @@ static int wc_ecc_get_curve_order_bit_count(const ecc_set_type* dp) wc_ecc_curve_free(curve); FREE_CURVE_SPECS(); - return (int)orderBits; + return orderBits; } #ifdef HAVE_ECC_SIGN @@ -6878,7 +6878,7 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng, /* load digest into e */ if (err == MP_OKAY) { /* we may need to truncate if hash is longer than key size */ - word32 orderBits = mp_count_bits(curve->order); + word32 orderBits = (word32)mp_count_bits(curve->order); /* truncate down to byte size, may be all that's needed */ if ((WOLFSSL_BIT_SIZE * inlen) > orderBits) @@ -7133,7 +7133,7 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz, #endif VSz = KSz = hashSz; - qLen = xSz = h1len = mp_unsigned_bin_size(order); + qLen = xSz = h1len = (word32)mp_unsigned_bin_size(order); /* 3.2 b. Set V = 0x01 0x01 ... */ XMEMSET(V, 0x01, VSz); @@ -7142,7 +7142,7 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz, XMEMSET(K, 0x00, KSz); mp_init(z1); /* always init z1 and free z1 */ - ret = mp_to_unsigned_bin_len(priv, x, qLen); + ret = mp_to_unsigned_bin_len(priv, x, (int)qLen); if (ret == 0) { #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Add("wc_ecc_gen_deterministic_k x", x, qLen); @@ -7176,7 +7176,7 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz, #endif { /* use original hash and keep leading 0's */ - mp_to_unsigned_bin_len(z1, h1, h1len); + mp_to_unsigned_bin_len(z1, h1, (int)h1len); } } mp_free(z1); @@ -7224,9 +7224,9 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz, if (ret == 0) { int sz; - sz = MIN(qLen - xSz, VSz); - XMEMCPY(x + xSz, V, sz); - xSz += sz; + sz = (int)MIN(qLen - xSz, (size_t)VSz); + XMEMCPY(x + xSz, V, (size_t)sz); + xSz += (word32)sz; } else { break; /* error case */ @@ -7241,7 +7241,7 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz, if ((ret == 0) && ((int)(xSz * WOLFSSL_BIT_SIZE) != qbits)) { /* handle odd case where shift of 'k' is needed with RFC 6979 * k = bits2int(T) in section 3.2 h.3 */ - mp_rshb(k, (xSz * WOLFSSL_BIT_SIZE) - qbits); + mp_rshb(k, ((int)xSz * WOLFSSL_BIT_SIZE) - qbits); } /* 3.2 step h.3 the key should be smaller than the order of base @@ -7297,7 +7297,7 @@ int wc_ecc_set_deterministic(ecc_key* key, byte flag) return BAD_FUNC_ARG; } - key->deterministic = flag; + key->deterministic = flag ? 1 : 0; return 0; } #endif /* end sign_ex and deterministic sign */ @@ -7656,7 +7656,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA, ecc_point lcl_precomp[SHAMIR_PRECOMP_SZ]; #endif #endif - unsigned bitbufA, bitbufB, lenA, lenB, len, nA, nB, nibble; + unsigned int bitbufA, bitbufB, lenA, lenB, len, nA, nB, nibble; #ifdef WOLFSSL_NO_MALLOC unsigned char tA[ECC_BUFSIZE]; unsigned char tB[ECC_BUFSIZE]; @@ -7750,8 +7750,8 @@ int ecc_mul2add(ecc_point* A, mp_int* kA, #endif /* get sizes */ - lenA = mp_unsigned_bin_size(kA); - lenB = mp_unsigned_bin_size(kB); + lenA = (unsigned int)mp_unsigned_bin_size(kA); + lenB = (unsigned int)mp_unsigned_bin_size(kB); len = MAX(lenA, lenB); /* sanity check */ @@ -7863,7 +7863,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA, /* if not both zero */ if ((nA != 0) || (nB != 0)) { - int i = nA + (nB<<2); + unsigned int i = nA + (nB<<2); if (first == 1) { /* if first, copy from table */ first = 0; @@ -8110,6 +8110,8 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, } #endif /* !NO_ASN */ +#ifndef WOLF_CRYPTO_CB_ONLY_ECC + #if !defined(WOLFSSL_STM32_PKA) && !defined(WOLFSSL_PSOC6_CRYPTO) && \ !defined(WOLF_CRYPTO_CB_ONLY_ECC) static int wc_ecc_check_r_s_range(ecc_key* key, mp_int* r, mp_int* s) @@ -8142,7 +8144,6 @@ static int wc_ecc_check_r_s_range(ecc_key* key, mp_int* r, mp_int* s) } #endif /* !WOLFSSL_STM32_PKA && !WOLFSSL_PSOC6_CRYPTO */ -#ifndef WOLF_CRYPTO_CB_ONLY_ECC static int ecc_verify_hash_sp(mp_int *r, mp_int *s, const byte* hash, word32 hashlen, int* res, ecc_key* key) { @@ -8333,7 +8334,7 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash, /* read hash */ if (err == MP_OKAY) { /* we may need to truncate if hash is longer than key size */ - unsigned int orderBits = mp_count_bits(curve->order); + unsigned int orderBits = (unsigned int)mp_count_bits(curve->order); /* truncate down to byte size, may be all that's needed */ if ( (WOLFSSL_BIT_SIZE * hashlen) > orderBits) @@ -8581,7 +8582,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, return err; } - keySz = key->dp->size; + keySz = (word32)key->dp->size; #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) && \ defined(WOLFSSL_ASYNC_CRYPT_SW) @@ -8830,14 +8831,14 @@ int wc_ecc_import_point_der_ex(const byte* in, word32 inLen, /* calculate key size based on inLen / 2 if uncompressed or shortKeySize * is true */ #ifdef HAVE_COMP_KEY - keysize = compressed && !shortKeySize ? inLen : inLen>>1; + keysize = (int)((compressed && !shortKeySize) ? inLen : inLen>>1); #else - keysize = inLen>>1; + keysize = (int)(inLen>>1); #endif /* read data */ if (err == MP_OKAY) - err = mp_read_unsigned_bin(point->x, in, keysize); + err = mp_read_unsigned_bin(point->x, in, (word32)keysize); #ifdef HAVE_COMP_KEY if (err == MP_OKAY && compressed == 1) { /* build y */ @@ -8980,7 +8981,7 @@ int wc_ecc_import_point_der_ex(const byte* in, word32 inLen, #ifdef HAVE_COMP_KEY if (compressed == 0) #endif - err = mp_read_unsigned_bin(point->y, in + keysize, keysize); + err = mp_read_unsigned_bin(point->y, in + keysize, (word32)keysize); } if (err == MP_OKAY) err = mp_set(point->z, 1); @@ -9034,7 +9035,7 @@ int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, byte* out, if ((curve_idx < 0) || (wc_ecc_is_valid_idx(curve_idx) == 0)) return ECC_BAD_ARG_E; - numlen = ecc_sets[curve_idx].size; + numlen = (word32)ecc_sets[curve_idx].size; /* return length needed only */ if (point != NULL && out == NULL && outLen != NULL) { @@ -9068,7 +9069,7 @@ int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, byte* out, /* pad and store x */ XMEMSET(buf, 0, ECC_BUFSIZE); ret = mp_to_unsigned_bin(point->x, buf + - (numlen - mp_unsigned_bin_size(point->x))); + (numlen - (word32)mp_unsigned_bin_size(point->x))); if (ret != MP_OKAY) goto done; XMEMCPY(out+1, buf, numlen); @@ -9076,7 +9077,7 @@ int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, byte* out, /* pad and store y */ XMEMSET(buf, 0, ECC_BUFSIZE); ret = mp_to_unsigned_bin(point->y, buf + - (numlen - mp_unsigned_bin_size(point->y))); + (numlen - (word32)mp_unsigned_bin_size(point->y))); if (ret != MP_OKAY) goto done; XMEMCPY(out+1+numlen, buf, numlen); @@ -9109,7 +9110,7 @@ int wc_ecc_export_point_der_compressed(const int curve_idx, ecc_point* point, if ((curve_idx < 0) || (wc_ecc_is_valid_idx(curve_idx) == 0)) return ECC_BAD_ARG_E; - numlen = ecc_sets[curve_idx].size; + numlen = (word32)ecc_sets[curve_idx].size; output_len = 1 + numlen; /* y point type + x */ /* return length needed only */ @@ -9145,7 +9146,7 @@ int wc_ecc_export_point_der_compressed(const int curve_idx, ecc_point* point, /* pad and store x */ XMEMSET(buf, 0, ECC_BUFSIZE); ret = mp_to_unsigned_bin(point->x, buf + - (numlen - mp_unsigned_bin_size(point->x))); + (numlen - (word32)mp_unsigned_bin_size(point->x))); if (ret != MP_OKAY) goto done; XMEMCPY(out+1, buf, numlen); @@ -9177,8 +9178,8 @@ int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen) /* return length needed only */ if (key != NULL && out == NULL && outLen != NULL) { /* if key hasn't been setup assume max bytes for size estimation */ - numlen = key->dp ? key->dp->size : MAX_ECC_BYTES; - *outLen = 1 + 2*numlen; + numlen = key->dp ? (word32)key->dp->size : MAX_ECC_BYTES; + *outLen = 1 + 2 * numlen; return LENGTH_ONLY_E; } @@ -9208,7 +9209,7 @@ int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen) return ECC_BAD_ARG_E; } - numlen = key->dp->size; + numlen = (word32)key->dp->size; /* verify room in out buffer */ if (*outLen < (1 + 2*numlen)) { @@ -9217,8 +9218,8 @@ int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen) } /* verify public key length is less than key size */ - pubxlen = mp_unsigned_bin_size(key->pubkey.x); - pubylen = mp_unsigned_bin_size(key->pubkey.y); + pubxlen = (word32)mp_unsigned_bin_size(key->pubkey.x); + pubylen = (word32)mp_unsigned_bin_size(key->pubkey.y); if ((pubxlen > numlen) || (pubylen > numlen)) { WOLFSSL_MSG("Public key x/y invalid!"); return BUFFER_E; @@ -10049,14 +10050,14 @@ int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key, #endif /* determine key size */ - keysize = (inLen>>1); + keysize = (int)(inLen>>1); err = wc_ecc_set_curve(key, keysize, curve_id); key->type = ECC_PUBLICKEY; } /* read data */ if (err == MP_OKAY) - err = mp_read_unsigned_bin(key->pubkey.x, in, keysize); + err = mp_read_unsigned_bin(key->pubkey.x, in, (word32)keysize); #ifdef HAVE_COMP_KEY if (err == MP_OKAY && compressed == 1) { /* build y */ @@ -10192,7 +10193,8 @@ int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key, if (compressed == 0) #endif { - err = mp_read_unsigned_bin(key->pubkey.y, in + keysize, keysize); + err = mp_read_unsigned_bin(key->pubkey.y, in + keysize, + (word32)keysize); } } if (err == MP_OKAY) @@ -10280,7 +10282,7 @@ int wc_ecc_export_ex(ecc_key* key, byte* qx, word32* qxLen, if (wc_ecc_is_valid_idx(key->idx) == 0 || key->dp == NULL) { return ECC_BAD_ARG_E; } - keySz = key->dp->size; + keySz = (word32)key->dp->size; /* private key, d */ if (d != NULL) { @@ -10437,7 +10439,7 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz, wc_ecc_reset(key); /* set key size */ - ret = wc_ecc_set_curve(key, privSz, curve_id); + ret = wc_ecc_set_curve(key, (int)privSz, curve_id); key->type = ECC_PRIVATEKEY_ONLY; } @@ -10771,7 +10773,7 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx, err = mp_read_radix(key->pubkey.x, qx, MP_RADIX_HEX); else err = mp_read_unsigned_bin(key->pubkey.x, (const byte*)qx, - key->dp->size); + (word32)key->dp->size); if (mp_isneg(key->pubkey.x)) { WOLFSSL_MSG("Invalid Qx"); @@ -10788,7 +10790,7 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx, err = mp_read_radix(key->pubkey.y, qy, MP_RADIX_HEX); else err = mp_read_unsigned_bin(key->pubkey.y, (const byte*)qy, - key->dp->size); + (word32)key->dp->size); if (mp_isneg(key->pubkey.y)) { WOLFSSL_MSG("Invalid Qy"); @@ -10946,7 +10948,7 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx, #endif /* WOLFSSL_QNX_CAAM */ { err = mp_read_unsigned_bin(&key->k, (const byte*)d, - key->dp->size); + (word32)key->dp->size); } } #if defined(WOLFSSL_XILINX_CRYPT_VERSAL) @@ -11077,7 +11079,7 @@ static int ecc_public_key_size(ecc_key* key, word32* sz) return BAD_FUNC_ARG; /* 'Uncompressed' | x | y */ - *sz = 1 + 2 * key->dp->size; + *sz = 1 + 2 * (word32)key->dp->size; return 0; } @@ -11724,8 +11726,7 @@ static const struct { /* find a hole and free as required, return -1 if no hole found */ static int find_hole(void) { - unsigned x; - int y, z; + int x, y, z; for (z = -1, y = INT_MAX, x = 0; x < FP_ENTRIES; x++) { if (fp_cache[x].lru_count < y && fp_cache[x].lock == 0) { z = x; @@ -11745,7 +11746,7 @@ static int find_hole(void) mp_clear(&fp_cache[z].mu); wc_ecc_del_point(fp_cache[z].g); fp_cache[z].g = NULL; - for (x = 0; x < (1U< mp_unsigned_bin_size(modulus)) { /* find order */ - y = mp_unsigned_bin_size(modulus); + y = (unsigned)mp_unsigned_bin_size(modulus); for (x = 0; ecc_sets[x].size; x++) { if (y <= (unsigned)ecc_sets[x].size) break; } @@ -12048,10 +12049,10 @@ static int accel_fp_mul(int idx, const mp_int* k, ecc_point *R, mp_int* a, } /* get bitlen and round up to next multiple of FP_LUT */ - bitlen = mp_unsigned_bin_size(modulus) << 3; + bitlen = (unsigned)mp_unsigned_bin_size(modulus) << 3; x = bitlen % FP_LUT; if (x) { - bitlen += FP_LUT - x; + bitlen += FP_LUT - (unsigned)x; } lut_gap = bitlen / FP_LUT; @@ -12075,7 +12076,7 @@ static int accel_fp_mul(int idx, const mp_int* k, ecc_point *R, mp_int* a, #endif /* let's reverse kb so it's little endian */ x = 0; - y = mp_unsigned_bin_size(tk); + y = (unsigned)mp_unsigned_bin_size(tk); if (y > 0) { y -= 1; } @@ -12087,10 +12088,10 @@ static int accel_fp_mul(int idx, const mp_int* k, ecc_point *R, mp_int* a, /* at this point we can start, yipee */ first = 1; - for (x = lut_gap-1; x >= 0; x--) { + for (x = (int)lut_gap-1; x >= 0; x--) { /* extract FP_LUT bits from kb spread out by lut_gap bits and offset by x bits from the start */ - bitpos = x; + bitpos = (unsigned)x; for (y = z = 0; y < FP_LUT; y++) { z |= ((kb[bitpos>>3] >> (bitpos&7)) & 1) << y; bitpos += lut_gap; /* it's y*lut_gap + x, but here we can avoid @@ -12205,7 +12206,7 @@ static int accel_fp_mul2add(int idx1, int idx2, /* if it's smaller than modulus we fine */ if (mp_unsigned_bin_size(kA) > mp_unsigned_bin_size(modulus)) { /* find order */ - y = mp_unsigned_bin_size(modulus); + y = (unsigned)mp_unsigned_bin_size(modulus); for (x = 0; ecc_sets[x].size; x++) { if (y <= (unsigned)ecc_sets[x].size) break; } @@ -12240,7 +12241,7 @@ static int accel_fp_mul2add(int idx1, int idx2, /* if it's smaller than modulus we fine */ if (mp_unsigned_bin_size(kB) > mp_unsigned_bin_size(modulus)) { /* find order */ - y = mp_unsigned_bin_size(modulus); + y = (unsigned)mp_unsigned_bin_size(modulus); for (x = 0; ecc_sets[x].size; x++) { if (y <= (unsigned)ecc_sets[x].size) break; } @@ -12273,10 +12274,10 @@ static int accel_fp_mul2add(int idx1, int idx2, #endif /* get bitlen and round up to next multiple of FP_LUT */ - bitlen = mp_unsigned_bin_size(modulus) << 3; + bitlen = (unsigned)mp_unsigned_bin_size(modulus) << 3; x = bitlen % FP_LUT; if (x) { - bitlen += FP_LUT - x; + bitlen += FP_LUT - (unsigned)x; } lut_gap = bitlen / FP_LUT; @@ -12304,7 +12305,7 @@ static int accel_fp_mul2add(int idx1, int idx2, /* let's reverse kb so it's little endian */ x = 0; - y = mp_unsigned_bin_size(tka); + y = (unsigned)mp_unsigned_bin_size(tka); if (y > 0) { y -= 1; } @@ -12328,7 +12329,7 @@ static int accel_fp_mul2add(int idx1, int idx2, #endif if ((err = mp_to_unsigned_bin(tkb, kb[1])) == MP_OKAY) { x = 0; - y = mp_unsigned_bin_size(tkb); + y = (unsigned)mp_unsigned_bin_size(tkb); if (y > 0) { y -= 1; } @@ -12340,10 +12341,10 @@ static int accel_fp_mul2add(int idx1, int idx2, /* at this point we can start, yipee */ first = 1; - for (x = lut_gap-1; x >= 0; x--) { + for (x = (int)lut_gap-1; x >= 0; x--) { /* extract FP_LUT bits from kb spread out by lut_gap bits and offset by x bits from the start */ - bitpos = x; + bitpos = (unsigned)x; for (y = zA = zB = 0; y < FP_LUT; y++) { zA |= ((kb[0][bitpos>>3] >> (bitpos&7)) & 1) << y; zB |= ((kb[1][bitpos>>3] >> (bitpos&7)) & 1) << y; @@ -13099,7 +13100,7 @@ int wc_ecc_ctx_set_info(ecEncCtx* ctx, const byte* info, int sz) return BAD_FUNC_ARG; ctx->kdfInfo = info; - ctx->kdfInfoSz = sz; + ctx->kdfInfoSz = (word32)sz; return 0; } @@ -13136,9 +13137,9 @@ int wc_ecc_ctx_set_peer_salt(ecEncCtx* ctx, const byte* salt) /* mix half and half */ /* tmp stores 2nd half of client before overwrite */ - XMEMCPY(tmp, ctx->clientSalt + halfSz, halfSz); - XMEMCPY(ctx->clientSalt + halfSz, ctx->serverSalt, halfSz); - XMEMCPY(ctx->serverSalt, tmp, halfSz); + XMEMCPY(tmp, ctx->clientSalt + halfSz, (size_t)halfSz); + XMEMCPY(ctx->clientSalt + halfSz, ctx->serverSalt, (size_t)halfSz); + XMEMCPY(ctx->serverSalt, tmp, (size_t)halfSz); ctx->kdfSalt = ctx->clientSalt; ctx->kdfSaltSz = EXCHANGE_SALT_SZ; @@ -13324,9 +13325,9 @@ static int ecc_get_key_sizes(ecEncCtx* ctx, int* encKeySz, int* ivSz, return BAD_FUNC_ARG; #ifdef WOLFSSL_ECIES_OLD - *keysLen = *encKeySz + *ivSz + *digestSz; + *keysLen = *encKeySz + *ivSz + (int)*digestSz; #else - *keysLen = *encKeySz + *digestSz; + *keysLen = *encKeySz + (int)*digestSz; #endif return 0; @@ -13391,10 +13392,10 @@ int wc_ecc_encrypt_ex(ecc_key* privKey, ecc_key* pubKey, const byte* msg, #ifndef WOLFSSL_ECIES_OLD if (!compressed) { - pubKeySz = 1 + wc_ecc_size(privKey) * 2; + pubKeySz = 1 + (word32)wc_ecc_size(privKey) * 2; } else { - pubKeySz = 1 + wc_ecc_size(privKey); + pubKeySz = 1 + (word32)wc_ecc_size(privKey); } #else (void) compressed; /* avoid unused parameter if WOLFSSL_ECIES_OLD is defined */ @@ -13495,7 +13496,7 @@ int wc_ecc_encrypt_ex(ecc_key* privKey, ecc_key* pubKey, const byte* msg, case ecHKDF_SHA256 : ret = wc_HKDF(WC_SHA256, sharedSecret, sharedSz, ctx->kdfSalt, ctx->kdfSaltSz, ctx->kdfInfo, ctx->kdfInfoSz, - keys, keysLen); + keys, (word32)keysLen); break; default: @@ -13516,7 +13517,7 @@ int wc_ecc_encrypt_ex(ecc_key* privKey, ecc_key* pubKey, const byte* msg, macKey = encKey + encKeySz; ret = wc_RNG_GenerateBlock(privKey->rng, encIv, ivSz); #else - XMEMSET(iv, 0, ivSz); + XMEMSET(iv, 0, (size_t)ivSz); encKey = keys + offset; encIv = iv; macKey = encKey + encKeySz; @@ -13541,7 +13542,7 @@ int wc_ecc_encrypt_ex(ecc_key* privKey, ecc_key* pubKey, const byte* msg, #endif ret = wc_AesInit(aes, NULL, INVALID_DEVID); if (ret == 0) { - ret = wc_AesSetKey(aes, encKey, encKeySz, encIv, + ret = wc_AesSetKey(aes, encKey, (word32)encKeySz, encIv, AES_ENCRYPTION); if (ret == 0) { ret = wc_AesCbcEncrypt(aes, out, msg, msgSz); @@ -13584,7 +13585,7 @@ int wc_ecc_encrypt_ex(ecc_key* privKey, ecc_key* pubKey, const byte* msg, ret = wc_AesInit(aes, NULL, INVALID_DEVID); if (ret == 0) { - ret = wc_AesSetKey(aes, encKey, encKeySz, ctr_iv, + ret = wc_AesSetKey(aes, encKey, (word32)encKeySz, ctr_iv, AES_ENCRYPTION); if (ret == 0) { ret = wc_AesCtrEncrypt(aes, out, msg, msgSz); @@ -13890,7 +13891,7 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, case ecHKDF_SHA256 : ret = wc_HKDF(WC_SHA256, sharedSecret, sharedSz, ctx->kdfSalt, ctx->kdfSaltSz, ctx->kdfInfo, ctx->kdfInfoSz, - keys, keysLen); + keys, (word32)keysLen); break; default: @@ -13911,7 +13912,7 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, msgSz -= ivSz; macKey = encKey + encKeySz; #else - XMEMSET(iv, 0, ivSz); + XMEMSET(iv, 0, (size_t)ivSz); encKey = keys + offset; encIv = iv; macKey = encKey + encKeySz; @@ -13984,7 +13985,7 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, #endif ret = wc_AesInit(aes, NULL, INVALID_DEVID); if (ret == 0) { - ret = wc_AesSetKey(aes, encKey, encKeySz, encIv, + ret = wc_AesSetKey(aes, encKey, (word32)encKeySz, encIv, AES_DECRYPTION); if (ret == 0) { ret = wc_AesCbcDecrypt(aes, out, msg, msgSz-digestSz); @@ -14023,7 +14024,7 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, XMEMCPY(ctr_iv, encIv, WOLFSSL_ECIES_GEN_IV_SIZE); XMEMSET(ctr_iv + WOLFSSL_ECIES_GEN_IV_SIZE, 0, AES_BLOCK_SIZE - WOLFSSL_ECIES_GEN_IV_SIZE); - ret = wc_AesSetKey(aes, encKey, encKeySz, ctr_iv, + ret = wc_AesSetKey(aes, encKey, (word32)encKeySz, ctr_iv, AES_ENCRYPTION); if (ret == 0) { ret = wc_AesCtrEncrypt(aes, out, msg, msgSz-digestSz); @@ -14528,7 +14529,7 @@ static int wc_ecc_export_x963_compressed(ecc_key* key, byte* out, word32* outLen return ECC_BAD_ARG_E; } - numlen = key->dp->size; + numlen = (word32)key->dp->size; if (*outLen < (1 + numlen)) { *outLen = 1 + numlen; @@ -14546,8 +14547,9 @@ static int wc_ecc_export_x963_compressed(ecc_key* key, byte* out, word32* outLen /* pad and store x */ XMEMSET(out+1, 0, numlen); - ret = mp_to_unsigned_bin(key->pubkey.x, - out+1 + (numlen - mp_unsigned_bin_size(key->pubkey.x))); + ret = mp_to_unsigned_bin( + key->pubkey.x, + out+1 + (numlen - (word32)mp_unsigned_bin_size(key->pubkey.x))); *outLen = 1 + numlen; return ret; @@ -14635,8 +14637,7 @@ int wc_X963_KDF(enum wc_HashType type, const byte* secret, word32 secretSz, const byte* sinfo, word32 sinfoSz, byte* out, word32 outSz) { int ret; - int digestSz, copySz; - int remaining = outSz; + word32 digestSz, copySz, remaining = outSz; byte* outIdx; byte counter[4]; byte tmp[WC_MAX_DIGEST_SIZE]; @@ -14656,9 +14657,10 @@ int wc_X963_KDF(enum wc_HashType type, const byte* secret, word32 secretSz, type != WC_HASH_TYPE_SHA512) return BAD_FUNC_ARG; - digestSz = wc_HashGetDigestSize(type); - if (digestSz < 0) - return digestSz; + ret = wc_HashGetDigestSize(type); + if (ret < 0) + return ret; + digestSz = (word32)ret; #ifdef WOLFSSL_SMALL_STACK hash = (wc_HashAlg*)XMALLOC(sizeof(wc_HashAlg), NULL, diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c index 04de18e28..7a146359a 100644 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -528,11 +528,15 @@ int wc_Hash(enum wc_HashType hash_type, const byte* data, word32 data_len, byte* hash, word32 hash_len) { int ret = HASH_TYPE_E; /* Default to hash type error */ - word32 dig_size; + int dig_size; /* Validate hash buffer size */ dig_size = wc_HashGetDigestSize(hash_type); - if (hash_len < dig_size) { + if (dig_size < 0) { + return dig_size; + } + + if (hash_len < (word32)dig_size) { return BUFFER_E; } diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c index 11abc58c5..1c7847335 100644 --- a/wolfcrypt/src/hmac.c +++ b/wolfcrypt/src/hmac.c @@ -340,7 +340,7 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) #ifdef WOLF_CRYPTO_CB hmac->keyRaw = key; /* use buffer directly */ - hmac->keyLen = length; + hmac->keyLen = (word16)length; #endif #ifdef WOLFSSL_MAXQ108X @@ -1055,7 +1055,7 @@ int wc_HmacInit_Id(Hmac* hmac, unsigned char* id, int len, void* heap, if (ret == 0) ret = wc_HmacInit(hmac, heap, devId); if (ret == 0) { - XMEMCPY(hmac->id, id, len); + XMEMCPY(hmac->id, id, (size_t)len); hmac->idLen = len; } @@ -1078,7 +1078,7 @@ int wc_HmacInit_Label(Hmac* hmac, const char* label, void* heap, int devId) if (ret == 0) ret = wc_HmacInit(hmac, heap, devId); if (ret == 0) { - XMEMCPY(hmac->label, label, labelLen); + XMEMCPY(hmac->label, label, (size_t)labelLen); hmac->labelLen = labelLen; } @@ -1199,7 +1199,7 @@ int wolfSSL_GetHmacMaxSize(void) #endif int ret; const byte* localSalt; /* either points to user input or tmp */ - int hashSz; + word32 hashSz; ret = wc_HmacSizeByType(type); if (ret < 0) { @@ -1213,7 +1213,7 @@ int wolfSSL_GetHmacMaxSize(void) } #endif - hashSz = ret; + hashSz = (word32)ret; localSalt = salt; if (localSalt == NULL) { XMEMSET(tmp, 0, hashSz); @@ -1259,9 +1259,15 @@ int wolfSSL_GetHmacMaxSize(void) #endif int ret = 0; word32 outIdx = 0; - word32 hashSz = wc_HmacSizeByType(type); + word32 hashSz; byte n = 0x1; + ret = wc_HmacSizeByType(type); + if (ret < 0) { + return ret; + } + hashSz = (word32)ret; + /* RFC 5869 states that the length of output keying material in * octets must be L <= 255*HashLen or N = ceil(L/HashLen) */ @@ -1285,7 +1291,7 @@ int wolfSSL_GetHmacMaxSize(void) } while (outIdx < outSz) { - int tmpSz = (n == 1) ? 0 : hashSz; + word32 tmpSz = (n == 1) ? 0 : hashSz; word32 left = outSz - outIdx; ret = wc_HmacSetKey(myHmac, type, inKey, inKeySz); @@ -1338,11 +1344,14 @@ int wolfSSL_GetHmacMaxSize(void) byte* out, word32 outSz) { byte prk[WC_MAX_DIGEST_SIZE]; - int hashSz = wc_HmacSizeByType(type); + word32 hashSz; int ret; - if (hashSz < 0) - return BAD_FUNC_ARG; + ret = wc_HmacSizeByType(type); + if (ret < 0) { + return ret; + } + hashSz = (word32)ret; ret = wc_HKDF_Extract(type, salt, saltSz, inKey, inKeySz, prk); if (ret != 0) diff --git a/wolfcrypt/src/kdf.c b/wolfcrypt/src/kdf.c index 480753cb6..f866dfcc3 100644 --- a/wolfcrypt/src/kdf.c +++ b/wolfcrypt/src/kdf.c @@ -351,11 +351,11 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen, * digest The type of digest to use. * returns 0 on success, otherwise failure. */ - int wc_Tls13_HKDF_Extract(byte* prk, const byte* salt, int saltLen, - byte* ikm, int ikmLen, int digest) + int wc_Tls13_HKDF_Extract(byte* prk, const byte* salt, word32 saltLen, + byte* ikm, word32 ikmLen, int digest) { int ret; - int len = 0; + word32 len = 0; switch (digest) { #ifndef NO_SHA256 @@ -425,7 +425,7 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen, int digest) { int ret = 0; - int idx = 0; + word32 idx = 0; #ifdef WOLFSSL_SMALL_STACK byte* data; #else @@ -755,7 +755,7 @@ int wc_SSH_KDF(byte hashId, byte keyId, byte* key, word32 keySz, byte kPad = 0; byte pad = 0; byte kSzFlat[LENGTH_SZ]; - int digestSz; + word32 digestSz; int ret; if (key == NULL || keySz == 0 || @@ -766,10 +766,11 @@ int wc_SSH_KDF(byte hashId, byte keyId, byte* key, word32 keySz, return BAD_FUNC_ARG; } - digestSz = wc_HmacSizeByType(enmhashId); - if (digestSz <= 0) { + ret = wc_HmacSizeByType(enmhashId); + if (ret <= 0) { return BAD_FUNC_ARG; } + digestSz = (word32)ret; if (k[0] & 0x80) kPad = 1; c32toa(kSz + kPad, kSzFlat); diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c index e0cc5b057..3c47e517c 100644 --- a/wolfcrypt/src/misc.c +++ b/wolfcrypt/src/misc.c @@ -330,8 +330,12 @@ WC_MISC_STATIC WC_INLINE void ForceZero(void* mem, word32 len) len -= l; while (l--) *z++ = 0; #endif - for (w = (volatile word64*)z; len >= sizeof(*w); len -= sizeof(*w)) - *w++ = 0; + for (w = (volatile word64*)z; + len >= sizeof(*w); + len -= (word32)sizeof(*w)) + { + *w++ = 0; + } z = (volatile byte*)w; #endif @@ -384,25 +388,25 @@ WC_MISC_STATIC WC_INLINE int ConstantCompare(const byte* a, const byte* b, /* converts a 32 bit integer to 24 bit */ WC_MISC_STATIC WC_INLINE void c32to24(word32 in, word24 out) { - out[0] = (in >> 16) & 0xff; - out[1] = (in >> 8) & 0xff; - out[2] = in & 0xff; + out[0] = (byte)((in >> 16) & 0xff); + out[1] = (byte)((in >> 8) & 0xff); + out[2] = (byte)(in & 0xff); } /* convert 16 bit integer to opaque */ WC_MISC_STATIC WC_INLINE void c16toa(word16 wc_u16, byte* c) { - c[0] = (wc_u16 >> 8) & 0xff; - c[1] = wc_u16 & 0xff; + c[0] = (byte)((wc_u16 >> 8) & 0xff); + c[1] = (byte)(wc_u16 & 0xff); } /* convert 32 bit integer to opaque */ WC_MISC_STATIC WC_INLINE void c32toa(word32 wc_u32, byte* c) { - c[0] = (wc_u32 >> 24) & 0xff; - c[1] = (wc_u32 >> 16) & 0xff; - c[2] = (wc_u32 >> 8) & 0xff; - c[3] = wc_u32 & 0xff; + c[0] = (byte)((wc_u32 >> 24) & 0xff); + c[1] = (byte)((wc_u32 >> 16) & 0xff); + c[2] = (byte)((wc_u32 >> 8) & 0xff); + c[3] = (byte)(wc_u32 & 0xff); } #endif @@ -410,14 +414,16 @@ WC_MISC_STATIC WC_INLINE void c32toa(word32 wc_u32, byte* c) /* convert a 24 bit integer into a 32 bit one */ WC_MISC_STATIC WC_INLINE void c24to32(const word24 wc_u24, word32* wc_u32) { - *wc_u32 = ((word32)wc_u24[0] << 16) | (wc_u24[1] << 8) | wc_u24[2]; + *wc_u32 = ((word32)wc_u24[0] << 16) | + ((word32)wc_u24[1] << 8) | + (word32)wc_u24[2]; } /* convert opaque to 24 bit integer */ WC_MISC_STATIC WC_INLINE void ato24(const byte* c, word32* wc_u24) { - *wc_u24 = ((word32)c[0] << 16) | (c[1] << 8) | c[2]; + *wc_u24 = ((word32)c[0] << 16) | ((word32)c[1] << 8) | c[2]; } /* convert opaque to 16 bit integer */ @@ -429,7 +435,10 @@ WC_MISC_STATIC WC_INLINE void ato16(const byte* c, word16* wc_u16) /* convert opaque to 32 bit integer */ WC_MISC_STATIC WC_INLINE void ato32(const byte* c, word32* wc_u32) { - *wc_u32 = ((word32)c[0] << 24) | ((word32)c[1] << 16) | (c[2] << 8) | c[3]; + *wc_u32 = ((word32)c[0] << 24) | + ((word32)c[1] << 16) | + ((word32)c[2] << 8) | + (word32)c[3]; } @@ -474,31 +483,31 @@ WC_MISC_STATIC WC_INLINE int ByteToHexStr(byte in, char* out) /* Constant time - mask set when a > b. */ WC_MISC_STATIC WC_INLINE byte ctMaskGT(int a, int b) { - return (byte)((((word32)a - b - 1) >> 31) - 1); + return (byte)((((word32)a - (word32)b - 1) >> 31) - 1); } /* Constant time - mask set when a >= b. */ WC_MISC_STATIC WC_INLINE byte ctMaskGTE(int a, int b) { - return (byte)((((word32)a - b ) >> 31) - 1); + return (byte)((((word32)a - (word32)b) >> 31) - 1); } /* Constant time - mask set when a >= b. */ WC_MISC_STATIC WC_INLINE int ctMaskIntGTE(int a, int b) { - return (int)((((word32)a - b ) >> 31) - 1); + return (int)((((word32)a - (word32)b) >> 31) - 1); } /* Constant time - mask set when a < b. */ WC_MISC_STATIC WC_INLINE byte ctMaskLT(int a, int b) { - return (byte)((((word32)b - a - 1) >> 31) - 1); + return (byte)((((word32)b - (word32)a - 1) >> 31) - 1); } /* Constant time - mask set when a <= b. */ WC_MISC_STATIC WC_INLINE byte ctMaskLTE(int a, int b) { - return (byte)((((word32)b - a ) >> 31) - 1); + return (byte)((((word32)b - (word32)a) >> 31) - 1); } /* Constant time - mask set when a == b. */ @@ -510,25 +519,25 @@ WC_MISC_STATIC WC_INLINE byte ctMaskEq(int a, int b) /* Constant time - sets 16 bit integer mask when a > b */ WC_MISC_STATIC WC_INLINE word16 ctMask16GT(int a, int b) { - return (word16)((((word32)a - b - 1) >> 31) - 1); + return (word16)((((word32)a - (word32)b - 1) >> 31) - 1); } /* Constant time - sets 16 bit integer mask when a >= b */ WC_MISC_STATIC WC_INLINE word16 ctMask16GTE(int a, int b) { - return (word16)((((word32)a - b ) >> 31) - 1); + return (word16)((((word32)a - (word32)b) >> 31) - 1); } /* Constant time - sets 16 bit integer mask when a < b. */ WC_MISC_STATIC WC_INLINE word16 ctMask16LT(int a, int b) { - return (word16)((((word32)b - a - 1) >> 31) - 1); + return (word16)((((word32)b - (word32)a - 1) >> 31) - 1); } /* Constant time - sets 16 bit integer mask when a <= b. */ WC_MISC_STATIC WC_INLINE word16 ctMask16LTE(int a, int b) { - return (word16)((((word32)b - a ) >> 31) - 1); + return (word16)((((word32)b - (word32)a) >> 31) - 1); } /* Constant time - sets 16 bit integer mask when a == b. */ @@ -556,10 +565,17 @@ WC_MISC_STATIC WC_INLINE int ctMaskSelInt(byte m, int a, int b) (a & ( (signed int)(signed char)m)); } +/* Constant time - select word32 a when mask is set and word32 b otherwise. */ +WC_MISC_STATIC WC_INLINE word32 ctMaskSelWord32(byte m, word32 a, word32 b) +{ + return (((word32)b & (word32)(~(signed int)(signed char)m)) | + ((word32)a & (word32)( (signed int)(signed char)m))); +} + /* Constant time - bit set when a <= b. */ WC_MISC_STATIC WC_INLINE byte ctSetLTE(int a, int b) { - return (byte)(((word32)a - b - 1) >> 31); + return (byte)(((word32)a - (word32)b - 1) >> 31); } /* Constant time - conditionally copy size bytes from src to dst if mask is set diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 57cf90ef0..e873e0cf3 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -3820,7 +3820,7 @@ static int wc_PKCS7_VerifyContentMessageDigest(PKCS7* pkcs7, /* compare generated to hash in messageDigest attribute */ if ((innerAttribSz != digestSz) || - (XMEMCMP(attrib->value + idx, digestBuf, (word32)digestSz) != 0)) { + (XMEMCMP(attrib->value + idx, digestBuf, (size_t)digestSz) != 0)) { WOLFSSL_MSG("Content digest does not match messageDigest attrib value"); #ifdef WOLFSSL_SMALL_STACK XFREE(digest, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -11718,14 +11718,18 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, ret = ASN_PARSE_E; } - blockKeySz = wc_PKCS7_GetOIDKeySize(encOID); - if (ret == 0 && blockKeySz < 0) { - ret = blockKeySz; + if (ret == 0) { + blockKeySz = wc_PKCS7_GetOIDKeySize(encOID); + if (blockKeySz < 0) { + ret = blockKeySz; + } } - expBlockSz = wc_PKCS7_GetOIDBlockSize(encOID); - if (ret == 0 && expBlockSz < 0) { - ret = expBlockSz; + if (ret == 0) { + expBlockSz = wc_PKCS7_GetOIDBlockSize(encOID); + if (expBlockSz < 0) { + ret = expBlockSz; + } } /* get nonce, stored in OPTIONAL parameter of AlgoID @@ -11868,8 +11872,25 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz; encryptedContentSz = pkcs7->stream->expected; + #else + pkiMsgSz = inSz; #endif + if (expBlockSz == 0) { + #ifndef NO_PKCS7_STREAM + wc_PKCS7_StreamGetVar(pkcs7, &encOID, NULL, NULL); + #endif + if (encOID == 0) + expBlockSz = 1; + else { + expBlockSz = wc_PKCS7_GetOIDBlockSize(encOID); + if (expBlockSz < 0) { + ret = expBlockSz; + break; + } + } + } + /* AES-GCM/CCM does NOT require padding for plaintext content or * AAD inputs RFC 5084 section 3.1 and 3.2, but we must alloc * full blocks to ensure crypto only gets full blocks */ diff --git a/wolfcrypt/src/poly1305.c b/wolfcrypt/src/poly1305.c index c0ba66afb..f138b60c1 100644 --- a/wolfcrypt/src/poly1305.c +++ b/wolfcrypt/src/poly1305.c @@ -778,7 +778,7 @@ int wc_Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes) /* process full blocks */ if (bytes >= POLY1305_BLOCK_SIZE) { - size_t want = (bytes & ~(POLY1305_BLOCK_SIZE - 1)); + size_t want = ((size_t)bytes & ~(POLY1305_BLOCK_SIZE - 1)); #if !defined(WOLFSSL_ARMASM) || !defined(__aarch64__) int ret; ret = poly1305_blocks(ctx, m, want); diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index fc5ca7845..f25039b5f 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -370,8 +370,8 @@ static int Hash_df(DRBG_internal* drbg, byte* out, word32 outSz, byte type, { int ret = DRBG_FAILURE; byte ctr; - int i; - int len; + word32 i; + word32 len; word32 bits = (outSz * 8); /* reverse byte order */ #ifdef WOLFSSL_SMALL_STACK_CACHE wc_Sha256* sha = &drbg->sha256; @@ -520,7 +520,7 @@ int wc_RNG_DRBG_Reseed(WC_RNG* rng, const byte* seed, word32 seedSz) static WC_INLINE void array_add_one(byte* data, word32 dataSz) { int i; - for (i = dataSz - 1; i >= 0; i--) { + for (i = (int)dataSz - 1; i >= 0; i--) { data[i]++; if (data[i] != 0) break; } @@ -537,8 +537,8 @@ static int Hash_gen(DRBG_internal* drbg, byte* out, word32 outSz, const byte* V) byte data[DRBG_SEED_LEN]; byte digest[WC_SHA256_DIGEST_SIZE]; #endif - int i; - int len; + word32 i; + word32 len; #ifdef WOLFSSL_SMALL_STACK_CACHE wc_Sha256* sha = &drbg->sha256; #else @@ -621,9 +621,9 @@ static WC_INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen int sIdx, dIdx; word16 carry = 0; - dIdx = dLen - 1; - for (sIdx = sLen - 1; sIdx >= 0; sIdx--) { - carry += (word16)d[dIdx] + (word16)s[sIdx]; + dIdx = (int)dLen - 1; + for (sIdx = (int)sLen - 1; sIdx >= 0; sIdx--) { + carry += (word16)(d[dIdx] + s[sIdx]); d[dIdx] = (byte)carry; carry >>= 8; dIdx--; @@ -779,7 +779,7 @@ int wc_RNG_TestSeed(const byte* seed, word32 seedSz) while (seedIdx < seedSz - SEED_BLOCK_SZ) { if (ConstantCompare(seed + seedIdx, seed + seedIdx + scratchSz, - scratchSz) == 0) { + (int)scratchSz) == 0) { ret = DRBG_CONT_FAILURE; } @@ -3753,7 +3753,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) break; } - sz -= len; + sz -= (word32)len; output += len; if (sz) { diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index eca9729cc..54503236e 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -373,7 +373,7 @@ int wc_InitRsaKey_Id(RsaKey* key, unsigned char* id, int len, void* heap, if (ret == 0) ret = wc_InitRsaKey_ex(key, heap, devId); if (ret == 0 && id != NULL && len != 0) { - XMEMCPY(key->id, id, len); + XMEMCPY(key->id, id, (size_t)len); key->idLen = len; #ifdef WOLFSSL_SE050 /* Set SE050 ID from word32, populate RsaKey with public from SE050 */ @@ -403,7 +403,7 @@ int wc_InitRsaKey_Label(RsaKey* key, const char* label, void* heap, int devId) if (ret == 0) ret = wc_InitRsaKey_ex(key, heap, devId); if (ret == 0) { - XMEMCPY(key->label, label, labelLen); + XMEMCPY(key->label, label, (size_t)labelLen); key->labelLen = labelLen; } @@ -1141,7 +1141,7 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock, void* heap) { int ret; - int hLen; + word32 hLen; int psLen; int i; word32 idx; @@ -1163,10 +1163,11 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock, } /* limit of label is the same as limit of hash function which is massive */ - hLen = wc_HashGetDigestSize(hType); - if (hLen < 0) { - return hLen; + ret = wc_HashGetDigestSize(hType); + if (ret < 0) { + return ret; } + hLen = (word32)ret; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) lHash = (byte*)XMALLOC(hLen, heap, DYNAMIC_TYPE_RSA_BUFFER); @@ -1181,7 +1182,7 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock, #else /* hLen should never be larger than lHash since size is max digest size, but check before blindly calling wc_Hash */ - if ((word32)hLen > sizeof(lHash)) { + if (hLen > sizeof(lHash)) { WOLFSSL_MSG("OAEP lHash to small for digest!!"); return MEMORY_E; } @@ -1204,7 +1205,7 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock, k = RSA key size hLen = hash digest size -- will always be >= 0 at this point */ - if ((word32)(2 * hLen + 2) > pkcsBlockLen) { + if ((2 * hLen + 2) > pkcsBlockLen) { WOLFSSL_MSG("OAEP pad error hash to big for RSA key size"); #ifdef WOLFSSL_SMALL_STACK XFREE(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER); @@ -1224,7 +1225,7 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock, /* concatenate lHash || PS || 0x01 || msg */ idx = pkcsBlockLen - 1 - inputLen; - psLen = pkcsBlockLen - inputLen - 2 * hLen - 2; + psLen = (int)pkcsBlockLen - (int)inputLen - 2 * (int)hLen - 2; if (pkcsBlockLen < inputLen) { /*make sure not writing over end of buffer */ #ifdef WOLFSSL_SMALL_STACK XFREE(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER); @@ -1301,7 +1302,7 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock, /* xor created seedMask with seed to make maskedSeed */ i = 0; - while (idx < (word32)(hLen + 1) && i < hLen) { + while (idx < (hLen + 1) && i < (int)hLen) { pkcsBlock[idx] = pkcsBlock[idx] ^ seed[i++]; idx++; } @@ -1635,7 +1636,7 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen, byte **output, enum wc_HashType hType, int mgf, byte* optLabel, word32 labelLen, void* heap) { - int hLen; + word32 hLen; int ret; byte h[WC_MAX_DIGEST_SIZE]; /* max digest size */ word32 idx; @@ -1653,10 +1654,11 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen, return BUFFER_E; } - hLen = wc_HashGetDigestSize(hType); - if ((hLen < 0) || (pkcsBlockLen < (2 * (word32)hLen + 2))) { + ret = wc_HashGetDigestSize(hType); + if ((ret < 0) || (pkcsBlockLen < (2 * (word32)ret + 2))) { return BAD_FUNC_ARG; } + hLen = (word32)ret; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) tmp = (byte*)XMALLOC(pkcsBlockLen, heap, DYNAMIC_TYPE_RSA_BUFFER); @@ -1730,16 +1732,16 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen, these checks. */ ret = 0; - ret |= ConstantCompare(pkcsBlock + hLen + 1, h, hLen); + ret |= ConstantCompare(pkcsBlock + hLen + 1, h, (int)hLen); ret += pkcsBlock[idx++] ^ 0x01; /* separator value is 0x01 */ ret += pkcsBlock[0] ^ 0x00; /* Y, the first value, should be 0 */ /* Return 0 data length on error. */ - idx = ctMaskSelInt(ctMaskEq(ret, 0), idx, pkcsBlockLen); + idx = ctMaskSelWord32(ctMaskEq(ret, 0), idx, pkcsBlockLen); /* adjust pointer to correct location in array and return size of M */ *output = (byte*)(pkcsBlock + idx); - return pkcsBlockLen - idx; + return (int)(pkcsBlockLen - idx); } #endif /* !WC_NO_RSA_OAEP */ @@ -1916,7 +1918,7 @@ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen, } *output = (byte *)(pkcsBlock + i); - ret = pkcsBlockLen - i; + ret = (int)pkcsBlockLen - i; } #ifndef WOLFSSL_RSA_VERIFY_ONLY else { @@ -1928,21 +1930,22 @@ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen, /* Decrypted with private key - unpad must be constant time. */ for (j = 2; j < pkcsBlockLen; j++) { /* Update i if not passed the separator and at separator. */ - i |= (~pastSep) & ctMask16Eq(pkcsBlock[j], 0x00) & (j + 1); + i |= (word16)(~pastSep) & ctMask16Eq(pkcsBlock[j], 0x00) & + (word16)(j + 1); pastSep |= ctMask16Eq(pkcsBlock[j], 0x00); } /* Minimum of 11 bytes of pre-message data - including leading 0x00. */ invalid |= ctMaskLT(i, RSA_MIN_PAD_SZ); /* Must have seen separator. */ - invalid |= ~pastSep; + invalid |= (byte)~pastSep; /* First byte must be 0x00. */ invalid |= ctMaskNotEq(pkcsBlock[0], 0x00); /* Check against expected block type: padValue */ invalid |= ctMaskNotEq(pkcsBlock[1], padValue); *output = (byte *)(pkcsBlock + i); - ret = ((int)-1 + (int)(invalid >> 7)) & (pkcsBlockLen - i); + ret = ((int)-1 + (int)(invalid >> 7)) & ((int)pkcsBlockLen - i); } #endif @@ -2782,7 +2785,7 @@ static int RsaFunctionSync(const byte* in, word32 inLen, byte* out, } if (ret == 0) { - if (mp_to_unsigned_bin_len(tmp, out, *outLen) != MP_OKAY) + if (mp_to_unsigned_bin_len(tmp, out, (int)*outLen) != MP_OKAY) ret = MP_TO_E; } #else @@ -2803,11 +2806,14 @@ static int RsaFunctionSync(const byte* in, word32 inLen, byte* out, static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out, word32* outLen, int type, RsaKey* key, WC_RNG* rng) { -#ifdef WOLFSSL_HAVE_SP_RSA int ret; -#endif + word32 keyLen; - word32 keyLen = wc_RsaEncryptSize(key); + ret = wc_RsaEncryptSize(key); + if (ret < 0) { + return ret; + } + keyLen = (word32)ret; if (inLen > keyLen) { WOLFSSL_MSG("Expected that inLen be no longer RSA key length"); @@ -3187,8 +3193,7 @@ static int wc_RsaFunction_ex(const byte* in, word32 inLen, byte* out, #ifndef WOLF_CRYPTO_CB_ONLY_RSA if (ret != CRYPTOCB_UNAVAILABLE) return ret; - /* fall-through when unavailable */ - ret = 0; /* reset error code and try using software */ + /* fall-through when unavailable and try using software */ #else return ret; #endif @@ -3371,9 +3376,9 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out, #endif /* WOLFSSL_CRYPTOCELL */ key->state = RSA_STATE_ENCRYPT_PAD; - ret = wc_RsaPad_ex(in, inLen, out, sz, pad_value, rng, pad_type, hash, - mgf, label, labelSz, saltLen, mp_count_bits(&key->n), - key->heap); + ret = wc_RsaPad_ex(in, inLen, out, (word32)sz, pad_value, rng, pad_type, + hash, mgf, label, labelSz, saltLen, + mp_count_bits(&key->n), key->heap); if (ret < 0) { break; } @@ -3384,7 +3389,8 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out, case RSA_STATE_ENCRYPT_EXPTMOD: key->dataLen = outLen; - ret = wc_RsaFunction(out, sz, out, &key->dataLen, rsa_type, key, rng); + ret = wc_RsaFunction(out, (word32)sz, out, &key->dataLen, rsa_type, key, + rng); if (ret >= 0 || ret == WC_PENDING_E) { key->state = RSA_STATE_ENCRYPT_RES; @@ -3396,7 +3402,7 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out, FALL_THROUGH; case RSA_STATE_ENCRYPT_RES: - ret = key->dataLen; + ret = (int)key->dataLen; break; default: @@ -3588,8 +3594,8 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out, for (j = 0; j < key->dataLen; j++) { signed char c; out[i] = key->data[j]; - c = ctMaskGTE(j, start); - c &= ctMaskLT(i, outLen); + c = (signed char)ctMaskGTE((int)j, start); + c &= (signed char)ctMaskLT((int)i, (int)outLen); /* 0 - no add, -1 add */ i += (word32)((byte)(-c)); } @@ -3597,14 +3603,14 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out, else #endif { - XMEMCPY(out, pad, ret); + XMEMCPY(out, pad, (size_t)ret); } } else *outPtr = pad; #if !defined(WOLFSSL_RSA_VERIFY_ONLY) - ret = ctMaskSelInt(ctMaskLTE(ret, outLen), ret, RSA_BUFFER_E); + ret = ctMaskSelInt(ctMaskLTE(ret, (int)outLen), ret, RSA_BUFFER_E); #ifndef WOLFSSL_RSA_DECRYPT_TO_0_LEN ret = ctMaskSelInt(ctMaskNotEq(ret, 0), ret, RSA_BUFFER_E); #endif @@ -4545,7 +4551,7 @@ static int _CheckProbablePrime(mp_int* p, mp_int* q, mp_int* e, int nlen, /* 4.4,5.5 - Check that prime >= (2^(1/2))(2^((nlen/2)-1)) * This is a comparison against lowerBound */ - ret = mp_read_unsigned_bin(tmp1, lower_bound, nlen/16); + ret = mp_read_unsigned_bin(tmp1, lower_bound, (word32)nlen/16); if (ret != MP_OKAY) goto notOkay; ret = mp_cmp(prime, tmp1); if (ret == MP_LT) goto exit; @@ -4723,7 +4729,8 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) mp_int tmp2_buf, *tmp2 = &tmp2_buf; mp_int tmp3_buf, *tmp3 = &tmp3_buf; #endif /* WOLFSSL_SMALL_STACK */ - int i, failCount, primeSz, isPrime = 0; + int i, failCount, isPrime = 0; + word32 primeSz; byte* buf = NULL; #endif /* !WOLFSSL_CRYPTOCELL && !WOLFSSL_SE050 */ int err; @@ -4826,7 +4833,7 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) /* The failCount value comes from NIST FIPS 186-4, section B.3.3, * process steps 4.7 and 5.8. */ failCount = 5 * (size / 2); - primeSz = size / 16; /* size is the size of n in bits. + primeSz = (word32)size / 16; /* size is the size of n in bits. primeSz is in bytes. */ /* allocate buffer to work with */ diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index b6805a980..6bf666e71 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -943,7 +943,7 @@ static int InitSha256(wc_Sha256* sha256) S[i] = sha256->digest[i]; for (i = 0; i < 16; i++) - W[i] = *((const word32*)&data[i*sizeof(word32)]); + W[i] = *((const word32*)&data[i*(int)sizeof(word32)]); for (i = 16; i < WC_SHA256_BLOCK_SIZE; i++) W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15]) + W[i-16]; diff --git a/wolfcrypt/src/signature.c b/wolfcrypt/src/signature.c index 38a8d9814..f9c71926b 100644 --- a/wolfcrypt/src/signature.c +++ b/wolfcrypt/src/signature.c @@ -67,9 +67,9 @@ static int wc_SignatureDerEncode(enum wc_HashType hash_type, byte* hash_data, } oid = ret; - ret = wc_EncodeSignature(hash_data, hash_data, hash_len, oid); + ret = (int)wc_EncodeSignature(hash_data, hash_data, hash_len, oid); if (ret > 0) { - *hash_enc_len = ret; + *hash_enc_len = (word32)ret; ret = 0; } @@ -295,7 +295,7 @@ int wc_SignatureVerify( WOLFSSL_MSG("wc_SignatureVerify: Invalid hash type/len"); return ret; } - hash_enc_len = hash_len = ret; + hash_enc_len = hash_len = (word32)ret; #ifndef NO_RSA if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) { @@ -429,7 +429,7 @@ int wc_SignatureGenerateHash_ex( } while (ret == WC_PENDING_E); #endif /* WOLFSSL_CRYPTOCELL */ if (ret >= 0) { - *sig_len = ret; + *sig_len = (word32)ret; ret = 0; /* Success */ } #else @@ -494,7 +494,7 @@ int wc_SignatureGenerate_ex( WOLFSSL_MSG("wc_SignatureGenerate: Invalid hash type/len"); return ret; } - hash_enc_len = hash_len = ret; + hash_enc_len = hash_len = (word32)ret; #if !defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) { diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c index 99cec0760..19dd08ad7 100644 --- a/wolfcrypt/src/sp_int.c +++ b/wolfcrypt/src/sp_int.c @@ -178,7 +178,7 @@ This library provides single precision (SP) integer math functions. do { \ ALLOC_SP_INT(n, s, err, h); \ if ((err) == MP_OKAY) { \ - (n)->size = (s); \ + (n)->size = (unsigned int)(s); \ } \ } \ while (0) @@ -245,7 +245,7 @@ do { \ int n##ii; \ (n)[0] = n##d; \ (n)[0]->size = (s); \ - for (n##ii = 1; n##ii < (c); n##ii++) { \ + for (n##ii = 1; n##ii < (int)(c); n##ii++) { \ (n)[n##ii] = MP_INT_NEXT((n)[n##ii-1], s); \ (n)[n##ii]->size = (s); \ } \ @@ -4682,7 +4682,7 @@ static void _sp_zero(sp_int* a) * @param [out] a SP integer. * @param [in] size Number of words to say are available. */ -static void _sp_init_size(sp_int* a, int size) +static void _sp_init_size(sp_int* a, unsigned int size) { volatile sp_int_minimal* am = (sp_int_minimal *)a; @@ -4702,7 +4702,7 @@ static void _sp_init_size(sp_int* a, int size) * @return MP_OKAY on success. * @return MP_VAL when a is NULL. */ -int sp_init_size(sp_int* a, int size) +int sp_init_size(sp_int* a, unsigned int size) { int err = MP_OKAY; @@ -4998,8 +4998,8 @@ int sp_exch(sp_int* a, sp_int* b) ALLOC_SP_INT(t, a->used, err, NULL); if (err == MP_OKAY) { /* Cache allocated size of a and b. */ - int asize = a->size; - int bsize = b->size; + unsigned int asize = a->size; + unsigned int bsize = b->size; /* Copy all of SP int: t <= a, a <= b, b <= t. */ XMEMCPY(t, a, MP_INT_SIZEOF(a->used)); XMEMCPY(a, b, MP_INT_SIZEOF(b->used)); @@ -5030,16 +5030,16 @@ int sp_cond_swap_ct(sp_int* a, sp_int* b, int cnt, int swap) { unsigned int i; int err = MP_OKAY; - sp_int_digit mask = (sp_int_digit)0 - swap; + sp_int_digit mask = (sp_int_digit)0 - (sp_int_digit)swap; DECL_SP_INT(t, cnt); /* Allocate temporary to hold masked xor of a and b. */ ALLOC_SP_INT(t, cnt, err, NULL); if (err == MP_OKAY) { /* XOR other fields in sp_int into temp - mask set when swapping. */ - t->used = (int)((a->used ^ b->used) & mask); + t->used = (a->used ^ b->used) & (unsigned int)mask; #ifdef WOLFSSL_SP_INT_NEGATIVE - t->sign = (int)((a->sign ^ b->sign) & mask); + t->sign = (a->sign ^ b->sign) & (unsigned int)mask; #endif /* XOR requested words into temp - mask set when swapping. */ @@ -5430,13 +5430,13 @@ int sp_cnt_lsb(const sp_int* a) /* Done if not all 4 bits are zero. */ if (cnt != 4) { /* Add checked bits and count in last 4 bits checked. */ - bc += j + cnt; + bc += j + (unsigned int)cnt; break; } } } - return bc; + return (int)bc; } #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH || (HAVE_ECC && FP_ECC) */ @@ -6758,7 +6758,7 @@ static void _sp_div_2(const sp_int* a, sp_int* r) /* Last word only needs to be shifted down. */ r->dp[i] = a->dp[i] >> 1; /* Set used to be all words seen. */ - r->used = i + 1; + r->used = (unsigned int)i + 1; /* Remove leading zeros. */ sp_clamp(r); #ifdef WOLFSSL_SP_INT_NEGATIVE @@ -7267,8 +7267,8 @@ int sp_addmod(const sp_int* a, const sp_int* b, const sp_int* m, sp_int* r) { int err = MP_OKAY; /* Calculate used based on digits used in a and b. */ - int used = ((a == NULL) || (b == NULL)) ? 1 : - ((a->used >= b->used) ? a->used + 1 : b->used + 1); + unsigned int used = ((a == NULL) || (b == NULL)) ? 1 : + ((a->used >= b->used) ? a->used + 1 : b->used + 1); DECL_SP_INT(t, used); /* Validate parameters. */ @@ -7749,7 +7749,7 @@ int sp_lshd(sp_int* a, int s) /* Move up digits. */ XMEMMOVE(a->dp + s, a->dp, a->used * SP_WORD_SIZEOF); /* Back fill with zeros. */ - XMEMSET(a->dp, 0, s * SP_WORD_SIZEOF); + XMEMSET(a->dp, 0, (size_t)s * SP_WORD_SIZEOF); /* Update used. */ a->used += (unsigned int)s; /* Remove leading zeros. */ @@ -7780,7 +7780,7 @@ static int sp_lshb(sp_int* a, int n) if (a->used != 0) { /* Calculate number of digits to shift. */ - unsigned int s = n >> SP_WORD_SHIFT; + unsigned int s = (unsigned int)n >> SP_WORD_SHIFT; /* Ensure number has enough digits for result. */ if (a->used + s >= a->size) { @@ -8597,7 +8597,7 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r) } for (; k <= (a->used - 1) + (b->used - 1); k++) { j = (int)(b->used - 1); - i = k - j; + i = k - (unsigned int)j; for (; (i < a->used) && (j >= 0); i++, j--) { SP_ASM_MUL_ADD(l, h, o, a->dp[i], b->dp[j]); } @@ -8757,11 +8757,11 @@ static int _sp_mul_4(const sp_int* a, const sp_int* b, sp_int* r) w[14] = (sp_int_word)da[3] * db[2]; w[15] = (sp_int_word)da[3] * db[3]; - r->dp[0] = w[0]; + r->dp[0] = (sp_int_digit)w[0]; w[0] >>= SP_WORD_SIZE; w[0] += (sp_int_digit)w[1]; w[0] += (sp_int_digit)w[2]; - r->dp[1] = w[0]; + r->dp[1] = (sp_int_digit)w[0]; w[0] >>= SP_WORD_SIZE; w[1] >>= SP_WORD_SIZE; w[0] += (sp_int_digit)w[1]; @@ -8770,7 +8770,7 @@ static int _sp_mul_4(const sp_int* a, const sp_int* b, sp_int* r) w[0] += (sp_int_digit)w[3]; w[0] += (sp_int_digit)w[4]; w[0] += (sp_int_digit)w[5]; - r->dp[2] = w[0]; + r->dp[2] = (sp_int_digit)w[0]; w[0] >>= SP_WORD_SIZE; w[3] >>= SP_WORD_SIZE; w[0] += (sp_int_digit)w[3]; @@ -8782,7 +8782,7 @@ static int _sp_mul_4(const sp_int* a, const sp_int* b, sp_int* r) w[0] += (sp_int_digit)w[7]; w[0] += (sp_int_digit)w[8]; w[0] += (sp_int_digit)w[9]; - r->dp[3] = w[0]; + r->dp[3] = (sp_int_digit)w[0]; w[0] >>= SP_WORD_SIZE; w[6] >>= SP_WORD_SIZE; w[0] += (sp_int_digit)w[6]; @@ -8795,7 +8795,7 @@ static int _sp_mul_4(const sp_int* a, const sp_int* b, sp_int* r) w[0] += (sp_int_digit)w[10]; w[0] += (sp_int_digit)w[11]; w[0] += (sp_int_digit)w[12]; - r->dp[4] = w[0]; + r->dp[4] = (sp_int_digit)w[0]; w[0] >>= SP_WORD_SIZE; w[10] >>= SP_WORD_SIZE; w[0] += (sp_int_digit)w[10]; @@ -8805,18 +8805,18 @@ static int _sp_mul_4(const sp_int* a, const sp_int* b, sp_int* r) w[0] += (sp_int_digit)w[12]; w[0] += (sp_int_digit)w[13]; w[0] += (sp_int_digit)w[14]; - r->dp[5] = w[0]; + r->dp[5] = (sp_int_digit)w[0]; w[0] >>= SP_WORD_SIZE; w[13] >>= SP_WORD_SIZE; w[0] += (sp_int_digit)w[13]; w[14] >>= SP_WORD_SIZE; w[0] += (sp_int_digit)w[14]; w[0] += (sp_int_digit)w[15]; - r->dp[6] = w[0]; + r->dp[6] = (sp_int_digit)w[0]; w[0] >>= SP_WORD_SIZE; w[15] >>= SP_WORD_SIZE; w[0] += (sp_int_digit)w[15]; - r->dp[7] = w[0]; + r->dp[7] = (sp_int_digit)w[0]; r->used = 8; sp_clamp(r); @@ -12094,9 +12094,10 @@ int sp_invmod_mont_ct(const sp_int* a, const sp_int* m, sp_int* r, * One or more of the top bits is 1 so count. */ for (i = sp_count_bits(e)-2, j = 1; i >= 0; i--, j++) { - if ((!sp_is_bit_set(e, i)) || (j == CT_INV_MOD_PRE_CNT)) { - break; - } + if ((!sp_is_bit_set(e, (unsigned int)i)) || + (j == CT_INV_MOD_PRE_CNT)) { + break; + } } /* 3. Set tmp to product of leading bits. */ err = sp_copy(pre[j-1], t); @@ -12110,7 +12111,7 @@ int sp_invmod_mont_ct(const sp_int* a, const sp_int* m, sp_int* r, */ for (; (err == MP_OKAY) && (i >= 0); i--) { /* 6.1. bit = e[i] */ - int bit = sp_is_bit_set(e, i); + int bit = sp_is_bit_set(e, (unsigned int)i); /* 6.2. j += bit * Update count of consequitive 1 bits. @@ -13231,7 +13232,7 @@ static int _sp_exptmod_nct(const sp_int* b, const sp_int* e, const sp_int* m, /* Top bit of exponent fixed as 1 for pre-calculated window. */ preCnt = 1 << (winBits - 1); /* Mask for calculating index into pre-computed table. */ - mask = preCnt - 1; + mask = (sp_int_digit)preCnt - 1; /* Allocate sp_ints for: * - pre-computation table @@ -13239,9 +13240,9 @@ static int _sp_exptmod_nct(const sp_int* b, const sp_int* e, const sp_int* m, * - Montgomery form of base */ #ifndef WOLFSSL_SP_NO_MALLOC - ALLOC_DYN_SP_INT_ARRAY(t, m->used * 2 + 1, preCnt + 2, err, NULL); + ALLOC_DYN_SP_INT_ARRAY(t, m->used * 2 + 1, (size_t)preCnt + 2, err, NULL); #else - ALLOC_SP_INT_ARRAY(t, m->used * 2 + 1, preCnt + 2, err, NULL); + ALLOC_SP_INT_ARRAY(t, m->used * 2 + 1, (size_t)preCnt + 2, err, NULL); #endif if (err == MP_OKAY) { /* Set variables to use allocate memory. */ @@ -13411,7 +13412,7 @@ static int _sp_exptmod_nct(const sp_int* b, const sp_int* e, const sp_int* m, n <<= winBits; c -= winBits; } - y &= mask; + y &= (int)mask; } /* 4.5. Montgomery multiply result by table entry. */ @@ -14109,11 +14110,11 @@ static int _sp_sqr_4(const sp_int* a, sp_int* r) w[8] = (sp_int_word)da[2] * da[3]; w[9] = (sp_int_word)da[3] * da[3]; - r->dp[0] = w[0]; + r->dp[0] = (sp_int_digit)w[0]; w[0] >>= SP_WORD_SIZE; w[0] += (sp_int_digit)w[1]; w[0] += (sp_int_digit)w[1]; - r->dp[1] = w[0]; + r->dp[1] = (sp_int_digit)w[0]; w[0] >>= SP_WORD_SIZE; w[1] >>= SP_WORD_SIZE; w[0] += (sp_int_digit)w[1]; @@ -14121,7 +14122,7 @@ static int _sp_sqr_4(const sp_int* a, sp_int* r) w[0] += (sp_int_digit)w[2]; w[0] += (sp_int_digit)w[2]; w[0] += (sp_int_digit)w[3]; - r->dp[2] = w[0]; + r->dp[2] = (sp_int_digit)w[0]; w[0] >>= SP_WORD_SIZE; w[2] >>= SP_WORD_SIZE; w[0] += (sp_int_digit)w[2]; @@ -14132,7 +14133,7 @@ static int _sp_sqr_4(const sp_int* a, sp_int* r) w[0] += (sp_int_digit)w[4]; w[0] += (sp_int_digit)w[5]; w[0] += (sp_int_digit)w[5]; - r->dp[3] = w[0]; + r->dp[3] = (sp_int_digit)w[0]; w[0] >>= SP_WORD_SIZE; w[4] >>= SP_WORD_SIZE; w[0] += (sp_int_digit)w[4]; @@ -14143,7 +14144,7 @@ static int _sp_sqr_4(const sp_int* a, sp_int* r) w[0] += (sp_int_digit)w[6]; w[0] += (sp_int_digit)w[6]; w[0] += (sp_int_digit)w[7]; - r->dp[4] = w[0]; + r->dp[4] = (sp_int_digit)w[0]; w[0] >>= SP_WORD_SIZE; w[6] >>= SP_WORD_SIZE; w[0] += (sp_int_digit)w[6]; @@ -14152,17 +14153,17 @@ static int _sp_sqr_4(const sp_int* a, sp_int* r) w[0] += (sp_int_digit)w[7]; w[0] += (sp_int_digit)w[8]; w[0] += (sp_int_digit)w[8]; - r->dp[5] = w[0]; + r->dp[5] = (sp_int_digit)w[0]; w[0] >>= SP_WORD_SIZE; w[8] >>= SP_WORD_SIZE; w[0] += (sp_int_digit)w[8]; w[0] += (sp_int_digit)w[8]; w[0] += (sp_int_digit)w[9]; - r->dp[6] = w[0]; + r->dp[6] = (sp_int_digit)w[0]; w[0] >>= SP_WORD_SIZE; w[9] >>= SP_WORD_SIZE; w[0] += (sp_int_digit)w[9]; - r->dp[7] = w[0]; + r->dp[7] = (sp_int_digit)w[0]; r->used = 8; sp_clamp(r); @@ -16846,7 +16847,7 @@ static void _sp_mont_setup(const sp_int* m, sp_int_digit* rho) x *= 1 + y; /* rho = -1/m mod d, subtract x (unsigned) from 0, assign negative */ - *rho = (sp_int_digit)((sp_int_digit)0 - (sp_int_sdigit)x); + *rho = (sp_int_digit)((sp_int_sdigit)0 - (sp_int_sdigit)x); } /* Calculate the bottom digit of the inverse of negative m. @@ -16916,7 +16917,7 @@ int sp_mont_norm(sp_int* norm, const sp_int* m) } /* Smallest number greater than m of form 2^n. */ _sp_zero(norm); - err = sp_set_bit(norm, bits); + err = sp_set_bit(norm, (int)bits); } if (err == MP_OKAY) { /* norm = 2^n % m */ @@ -17292,7 +17293,7 @@ static int _sp_read_radix_10(sp_int* a, const char* in) break; } /* Add character value. */ - err = _sp_add_d(a, ch, a); + err = _sp_add_d(a, (sp_int_digit)ch, a); if (err != MP_OKAY) { break; } @@ -17467,7 +17468,7 @@ int sp_tohex(const sp_int* a, char* str) d = a->dp[i]; /* Write out all nibbles of digit. */ for (j = SP_WORD_SIZE - 4; j >= 0; j -= 4) { - *(str++) = (byte)ByteToHex((byte)(d >> j)); + *(str++) = (char)ByteToHex((byte)(d >> j)); } } } @@ -17750,7 +17751,7 @@ int sp_rand_prime(sp_int* r, int len, WC_RNG* rng, void* heap) } /* Get number of digits required to handle required number of bytes. */ - digits = (len + SP_WORD_SIZEOF - 1) / SP_WORD_SIZEOF; + digits = ((unsigned int)len + SP_WORD_SIZEOF - 1) / SP_WORD_SIZEOF; /* Ensure result has space. */ if (r->size < digits) { err = MP_VAL; @@ -17811,7 +17812,7 @@ int sp_rand_prime(sp_int* r, int len, WC_RNG* rng, void* heap) fflush(stdout); #endif /* SHOW_GEN */ /* Generate bytes into digit array. */ - err = wc_RNG_GenerateBlock(rng, (byte*)r->dp, len); + err = wc_RNG_GenerateBlock(rng, (byte*)r->dp, (word32)len); if (err != 0) { err = MP_VAL; break; @@ -18265,7 +18266,7 @@ int sp_prime_is_prime_ex(const sp_int* a, int trials, int* result, WC_RNG* rng) * give a (1/4)^t chance of a false prime. */ if ((err == MP_OKAY) && (!haveRes)) { int bits = sp_count_bits(a); - word32 baseSz = (bits + 7) / 8; + word32 baseSz = ((word32)bits + 7) / 8; DECL_SP_INT_ARRAY(ds, a->used + 1, 2); DECL_SP_INT_ARRAY(d, a->used * 2 + 1, 2); @@ -18378,7 +18379,7 @@ static WC_INLINE int _sp_gcd(const sp_int* a, const sp_int* b, sp_int* r) /* Used for swapping sp_ints. */ sp_int* s; /* Determine maximum digit length numbers will reach. */ - int used = (a->used >= b->used) ? a->used + 1 : b->used + 1; + unsigned int used = (a->used >= b->used) ? a->used + 1 : b->used + 1; DECL_SP_INT_ARRAY(d, used, 3); SAVE_VECTOR_REGISTERS(err = _svr_ret;); diff --git a/wolfcrypt/src/wolfmath.c b/wolfcrypt/src/wolfmath.c index bb86781bd..11e85cd74 100644 --- a/wolfcrypt/src/wolfmath.c +++ b/wolfcrypt/src/wolfmath.c @@ -96,7 +96,7 @@ int get_digit_count(const mp_int* a) if (a == NULL) return 0; - return a->used; + return (int)a->used; } mp_digit get_digit(const mp_int* a, int n) @@ -122,7 +122,7 @@ int mp_cond_copy(mp_int* a, int copy, mp_int* b) #if defined(SP_WORD_SIZE) && SP_WORD_SIZE == 8 unsigned int mask = (unsigned int)0 - copy; #else - mp_digit mask = (mp_digit)0 - copy; + mp_digit mask = (mp_digit)0 - (mp_digit)copy; #endif if (a == NULL || b == NULL) @@ -130,7 +130,7 @@ int mp_cond_copy(mp_int* a, int copy, mp_int* b) /* Ensure b has enough space to copy a into */ if (err == MP_OKAY) - err = mp_grow(b, a->used + 1); + err = mp_grow(b, (int)a->used + 1); if (err == MP_OKAY) { #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) unsigned int i; @@ -144,15 +144,15 @@ int mp_cond_copy(mp_int* a, int copy, mp_int* b) * get_digit() returns 0 when index greater than available digit. */ for (i = 0; i < a->used; i++) { - b->dp[i] ^= (get_digit(a, i) ^ get_digit(b, i)) & mask; + b->dp[i] ^= (get_digit(a, (int)i) ^ get_digit(b, (int)i)) & mask; } for (; i < b->used; i++) { - b->dp[i] ^= (get_digit(a, i) ^ get_digit(b, i)) & mask; + b->dp[i] ^= (get_digit(a, (int)i) ^ get_digit(b, (int)i)) & mask; } - b->used ^= (a->used ^ b->used) & (int)mask; + b->used ^= (a->used ^ b->used) & (unsigned int)mask; #if (!defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL)) || \ defined(WOLFSSL_SP_INT_NEGATIVE) - b->sign ^= (a->sign ^ b->sign) & (int)mask; + b->sign ^= (a->sign ^ b->sign) & (unsigned int)mask; #endif } @@ -171,7 +171,7 @@ int get_rand_digit(WC_RNG* rng, mp_digit* d) int mp_rand(mp_int* a, int digits, WC_RNG* rng) { int ret = 0; - int cnt = digits * sizeof(mp_digit); + int cnt = digits * (int)sizeof(mp_digit); if (rng == NULL) { ret = MISSING_RNG_E; @@ -195,12 +195,12 @@ int mp_rand(mp_int* a, int digits, WC_RNG* rng) ret = BAD_FUNC_ARG; } if (ret == MP_OKAY) { - a->used = digits; + a->used = (word32)digits; } #endif /* fill the data with random bytes */ if (ret == MP_OKAY) { - ret = wc_RNG_GenerateBlock(rng, (byte*)a->dp, cnt); + ret = wc_RNG_GenerateBlock(rng, (byte*)a->dp, (word32)cnt); } if (ret == MP_OKAY) { #ifdef USE_INTEGER_HEAP_MATH @@ -264,7 +264,8 @@ int wc_export_int(mp_int* mp, byte* buf, word32* len, word32 keySz, } *len = keySz; XMEMSET(buf, 0, *len); - err = mp_to_unsigned_bin(mp, buf + (keySz - mp_unsigned_bin_size(mp))); + err = mp_to_unsigned_bin(mp, buf + + (keySz - (word32)mp_unsigned_bin_size(mp))); } return err; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 4caa02156..9f432d939 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -4845,7 +4845,7 @@ WOLFSSL_TEST_SUBROUTINE int hash_test(void) for (i = 0; i < (int)(sizeof(typesHashBad)/sizeof(*typesHashBad)); i++) { ret = wc_Hash(typesHashBad[i], data, sizeof(data), out, sizeof(out)); - if (ret != BAD_FUNC_ARG && ret != BUFFER_E) + if ((ret != BAD_FUNC_ARG) && (ret != BUFFER_E) && (ret != HASH_TYPE_E)) return WC_TEST_RET_ENC_I(i); } diff --git a/wolfssl/wolfcrypt/kdf.h b/wolfssl/wolfcrypt/kdf.h index 76c574e6a..b1a64fe5d 100644 --- a/wolfssl/wolfcrypt/kdf.h +++ b/wolfssl/wolfcrypt/kdf.h @@ -76,8 +76,8 @@ enum { MAX_TLS13_HKDF_LABEL_SZ = 47 + WC_MAX_DIGEST_SIZE }; -WOLFSSL_API int wc_Tls13_HKDF_Extract(byte* prk, const byte* salt, int saltLen, - byte* ikm, int ikmLen, int digest); +WOLFSSL_API int wc_Tls13_HKDF_Extract(byte* prk, const byte* salt, + word32 saltLen, byte* ikm, word32 ikmLen, int digest); WOLFSSL_API int wc_Tls13_HKDF_Expand_Label(byte* okm, word32 okmLen, const byte* prk, word32 prkLen, diff --git a/wolfssl/wolfcrypt/misc.h b/wolfssl/wolfcrypt/misc.h index 0e9ff9869..f39352826 100644 --- a/wolfssl/wolfcrypt/misc.h +++ b/wolfssl/wolfcrypt/misc.h @@ -128,6 +128,7 @@ WOLFSSL_LOCAL word16 ctMask16Eq(int a, int b); WOLFSSL_LOCAL byte ctMaskNotEq(int a, int b); WOLFSSL_LOCAL byte ctMaskSel(byte m, byte a, byte b); WOLFSSL_LOCAL int ctMaskSelInt(byte m, int a, int b); +WOLFSSL_LOCAL word32 ctMaskSelWord32(byte m, word32 a, word32 b); WOLFSSL_LOCAL byte ctSetLTE(int a, int b); WOLFSSL_LOCAL void ctMaskCopy(byte mask, byte* dst, byte* src, word16 size); WOLFSSL_LOCAL word32 MakeWordFromHash(const byte* hashID); diff --git a/wolfssl/wolfcrypt/sp_int.h b/wolfssl/wolfcrypt/sp_int.h index c21224f2c..7d70a9c52 100644 --- a/wolfssl/wolfcrypt/sp_int.h +++ b/wolfssl/wolfcrypt/sp_int.h @@ -667,12 +667,12 @@ typedef struct sp_ecc_ctx { * * @param [in] a SP integer to update. */ -#define sp_clamp(a) \ - do { \ - int ii; \ - for (ii = (a)->used - 1; ii >= 0 && (a)->dp[ii] == 0; ii--) { \ - } \ - (a)->used = ii + 1; \ +#define sp_clamp(a) \ + do { \ + int ii; \ + for (ii = (int)(a)->used - 1; ii >= 0 && (a)->dp[ii] == 0; ii--) { \ + } \ + (a)->used = (unsigned int)ii + 1; \ } while (0) /* Check the compiled and linked math implementation are the same. @@ -759,7 +759,7 @@ typedef struct sp_ecc_ctx { /* Calculate the number of words required to support a number of bits. */ #define MP_BITS_CNT(bits) \ - (((bits + SP_WORD_SIZE - 1) / SP_WORD_SIZE) * 2 + 1) + ((((bits) + SP_WORD_SIZE - 1) / SP_WORD_SIZE) * 2 + 1) #ifdef WOLFSSL_SMALL_STACK /* @@ -772,13 +772,13 @@ typedef struct sp_ecc_ctx { #define DECL_MP_INT_SIZE(name, bits) \ sp_int* name = NULL /* Allocate an mp_int of minimal size and zero out. */ -#define NEW_MP_INT_SIZE(name, bits, heap, type) \ -do { \ - name = (mp_int*)XMALLOC(MP_INT_SIZEOF(MP_BITS_CNT(bits)), heap, type); \ - if (name != NULL) { \ - XMEMSET(name, 0, MP_INT_SIZEOF(MP_BITS_CNT(bits))); \ - } \ -} \ +#define NEW_MP_INT_SIZE(name, bits, heap, type) \ +do { \ + (name) = (mp_int*)XMALLOC(MP_INT_SIZEOF(MP_BITS_CNT(bits)), heap, type); \ + if ((name) != NULL) { \ + XMEMSET(name, 0, MP_INT_SIZEOF(MP_BITS_CNT(bits))); \ + } \ +} \ while (0) /* Dispose of dynamically allocated mp_int. */ #define FREE_MP_INT_SIZE(name, heap, type) \ @@ -891,7 +891,7 @@ typedef sp_int_digit mp_digit; */ MP_API int sp_init(sp_int* a); -MP_API int sp_init_size(sp_int* a, int size); +MP_API int sp_init_size(sp_int* a, unsigned int size); MP_API int sp_init_multi(sp_int* n1, sp_int* n2, sp_int* n3, sp_int* n4, sp_int* n5, sp_int* n6); MP_API void sp_free(sp_int* a);