From 72c6429276aeb81a39f03c23e84864c79d6bda66 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Tue, 4 Apr 2023 14:26:18 -0700
Subject: [PATCH] Better fixes for pedantic to resolve (`error: comparison of
 unsigned expression >= 0 is always true`). Also overlong lines.

---
 wolfcrypt/src/aes.c           |  4 ++--
 wolfcrypt/src/asn.c           | 12 +++++++-----
 wolfcrypt/src/random.c        |  8 ++++----
 wolfssl/wolfcrypt/signature.h |  2 +-
 wolfssl/wolfcrypt/sp_int.h    |  2 +-
 5 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
index 2b3b038b3..d7d577607 100644
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -4563,8 +4563,8 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
 #if (defined(HAVE_AESGCM) && !defined(WC_NO_RNG)) || defined(HAVE_AESCCM)
 static WC_INLINE void IncCtr(byte* ctr, word32 ctrSz)
 {
-    word32 i;
-    for (i = ctrSz-1; i >= 0; i--) {
+    int i;
+    for (i = (int)ctrSz - 1; i >= 0; i--) {
         if (++ctr[i])
             break;
     }
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 16ffce309..6fa615be8 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -8185,7 +8185,8 @@ int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz,
         ret = GetAlgoV2(encAlgId, &encOid, &encOidSz, &pbeId, &blockSz);
     }
     if (ret == 0) {
-        padSz = (word32)((blockSz - ((int)keySz & (blockSz - 1))) & (blockSz - 1));
+        padSz = (word32)((blockSz - ((int)keySz & (blockSz - 1))) &
+            (blockSz - 1));
         /* inner = OCT salt INT itt */
         innerLen = 2 + saltSz + 2 + (itt < 256 ? 1 : 2);
 
@@ -17309,7 +17310,7 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
             }
             length -= (idx - lenStartIdx);
             /* check that strLen at index is not past input buffer */
-            if (strLen + (int)idx > sz) {
+            if (strLen + idx > sz) {
                 return BUFFER_E;
             }
 
@@ -17444,12 +17445,12 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
 
         cert->weOwnAltNames = 1;
 
-        if (length + (int)idx != sz) {
+        if (length + idx != sz) {
             ret = ASN_PARSE_E;
         }
     }
 
-    while ((ret == 0) && ((int)idx < sz)) {
+    while ((ret == 0) && (idx < sz)) {
         ASNGetData dataASN[altNameASN_Length];
 
         /* Clear dynamic data items. */
@@ -18583,7 +18584,8 @@ static int DecodeSubtree(const byte* input, word32 sz, Base_entry** head,
                 return MEMORY_E;
             }
 
-            entry->name = (char*)XMALLOC((word32)strLength+1, heap, DYNAMIC_TYPE_ALTNAME);
+            entry->name = (char*)XMALLOC((word32)strLength+1, heap,
+                DYNAMIC_TYPE_ALTNAME);
             if (entry->name == NULL) {
                 WOLFSSL_MSG("allocate error");
                 XFREE(entry, heap, DYNAMIC_TYPE_ALTNAME);
diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
index 0631efd95..ee807d33c 100644
--- a/wolfcrypt/src/random.c
+++ b/wolfcrypt/src/random.c
@@ -519,8 +519,8 @@ int wc_RNG_DRBG_Reseed(WC_RNG* rng, const byte* seed, word32 seedSz)
 
 static WC_INLINE void array_add_one(byte* data, word32 dataSz)
 {
-    word32 i;
-    for (i = dataSz - 1; i >= 0; i--) {
+    int i;
+    for (i = (int)dataSz - 1; i >= 0; i--) {
         data[i]++;
         if (data[i] != 0) break;
     }
@@ -618,11 +618,11 @@ static int Hash_gen(DRBG_internal* drbg, byte* out, word32 outSz, const byte* V)
 static WC_INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen)
 {
     if (dLen > 0 && sLen > 0 && dLen >= sLen) {
-        word32 sIdx, dIdx;
+        int sIdx, dIdx;
         word16 carry = 0;
 
         dIdx = dLen - 1;
-        for (sIdx = sLen - 1; sIdx >= 0; sIdx--) {
+        for (sIdx = (int)sLen - 1; sIdx >= 0; sIdx--) {
             carry += (word16)d[dIdx] + (word16)s[sIdx];
             d[dIdx] = (byte)carry;
             carry >>= 8;
diff --git a/wolfssl/wolfcrypt/signature.h b/wolfssl/wolfcrypt/signature.h
index 697e5b598..f712c0478 100644
--- a/wolfssl/wolfcrypt/signature.h
+++ b/wolfssl/wolfcrypt/signature.h
@@ -39,7 +39,7 @@ enum wc_SignatureType {
     WC_SIGNATURE_TYPE_NONE = 0,
     WC_SIGNATURE_TYPE_ECC = 1,
     WC_SIGNATURE_TYPE_RSA = 2,
-    WC_SIGNATURE_TYPE_RSA_W_ENC = 3  /* Adds DER header via wc_EncodeSignature */
+    WC_SIGNATURE_TYPE_RSA_W_ENC = 3 /* Adds DER header via wc_EncodeSignature */
 };
 
 WOLFSSL_API int wc_SignatureGetSize(enum wc_SignatureType sig_type,
diff --git a/wolfssl/wolfcrypt/sp_int.h b/wolfssl/wolfcrypt/sp_int.h
index 6d36248ff..413ad6c82 100644
--- a/wolfssl/wolfcrypt/sp_int.h
+++ b/wolfssl/wolfcrypt/sp_int.h
@@ -672,7 +672,7 @@ typedef struct sp_ecc_ctx {
         unsigned int ii;                                          \
         for (ii = (a)->used - 1; ii >= 0 && (a)->dp[ii] == 0; ii--) { \
         }                                                         \
-        (a)->used = ii + 1;                                       \
+        (a)->used = (unsigned int)ii + 1;                         \
     } while (0)
 
 /* Check the compiled and linked math implementation are the same.