From e4a6f5a7ecceb603cfdc7a2be99693f0bd0aa1eb Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sat, 4 Nov 2023 12:20:09 +0000 Subject: [PATCH] Use size_t cast for pointer subtractions Signed-off-by: Dave Rodgman --- library/aesce.c | 2 +- library/base64.c | 4 ++-- library/bignum.c | 2 +- library/debug.c | 2 +- library/dhm.c | 4 ++-- library/ecdh.c | 4 ++-- library/ecjpake.c | 20 ++++++++++---------- library/lms.c | 8 ++++---- library/oid.c | 2 +- library/pem.c | 8 ++++---- library/pkcs7.c | 2 +- library/pkparse.c | 4 ++-- library/psa_crypto.c | 2 +- library/rsa.c | 6 +++--- library/ssl_client.c | 14 +++++++------- library/ssl_msg.c | 27 ++++++++++++++------------- library/ssl_ticket.c | 4 ++-- library/ssl_tls.c | 12 ++++++------ library/ssl_tls12_client.c | 10 +++++----- library/ssl_tls12_server.c | 28 ++++++++++++++-------------- library/x509_create.c | 8 ++++---- library/x509_crl.c | 4 ++-- library/x509_crt.c | 10 +++++----- library/x509_csr.c | 4 ++-- library/x509write_crt.c | 2 +- library/x509write_csr.c | 4 ++-- 26 files changed, 99 insertions(+), 98 deletions(-) diff --git a/library/aesce.c b/library/aesce.c index f2bdce2db7..1a0db163da 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -300,7 +300,7 @@ static void aesce_setkey_enc(unsigned char *rk, rki + key_len_in_words < rko_end; rki += key_len_in_words) { - size_t iteration = (rki - (uint32_t *) rk) / key_len_in_words; + size_t iteration = (size_t) (rki - (uint32_t *) rk) / key_len_in_words; uint32_t *rko; rko = rki + key_len_in_words; rko[0] = aes_rot_word(aes_sub_word(rki[key_len_in_words - 1])); diff --git a/library/base64.c b/library/base64.c index a58717d6b3..9677dee5b2 100644 --- a/library/base64.c +++ b/library/base64.c @@ -116,7 +116,7 @@ int mbedtls_base64_encode(unsigned char *dst, size_t dlen, size_t *olen, *p++ = '='; } - *olen = p - dst; + *olen = (size_t) (p - dst); *p = 0; return 0; @@ -225,7 +225,7 @@ int mbedtls_base64_decode(unsigned char *dst, size_t dlen, size_t *olen, } } - *olen = p - dst; + *olen = (size_t) (p - dst); return 0; } diff --git a/library/bignum.c b/library/bignum.c index 09ce0301f0..1b7ff58634 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -701,7 +701,7 @@ int mbedtls_mpi_write_string(const mbedtls_mpi *X, int radix, } *p++ = '\0'; - *olen = p - buf; + *olen = (size_t) (p - buf); cleanup: diff --git a/library/debug.c b/library/debug.c index c7bbd41bd0..a9d58e55b1 100644 --- a/library/debug.c +++ b/library/debug.c @@ -366,7 +366,7 @@ static void debug_print_line_by_line(const mbedtls_ssl_context *ssl, int level, start = text; for (cur = text; *cur != '\0'; cur++) { if (*cur == '\n') { - size_t len = cur - start + 1; + size_t len = (size_t) (cur - start) + 1; if (len > DEBUG_BUF_SIZE - 1) { len = DEBUG_BUF_SIZE - 1; } diff --git a/library/dhm.c b/library/dhm.c index 3daf0c2d43..e423657c10 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -51,7 +51,7 @@ static int dhm_read_bignum(mbedtls_mpi *X, n = ((*p)[0] << 8) | (*p)[1]; (*p) += 2; - if ((int) (end - *p) < n) { + if ((size_t) (end - *p) < (size_t) n) { return MBEDTLS_ERR_DHM_BAD_INPUT_DATA; } @@ -257,7 +257,7 @@ int mbedtls_dhm_make_params(mbedtls_dhm_context *ctx, int x_size, DHM_MPI_EXPORT(&ctx->G, n2); DHM_MPI_EXPORT(&ctx->GX, n3); - *olen = p - output; + *olen = (size_t) (p - output); cleanup: if (ret != 0 && ret > -128) { diff --git a/library/ecdh.c b/library/ecdh.c index e060b18834..52b1617062 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -363,7 +363,7 @@ static int ecdh_read_params_internal(mbedtls_ecdh_context_mbed *ctx, const unsigned char *end) { return mbedtls_ecp_tls_read_point(&ctx->grp, &ctx->Qp, buf, - end - *buf); + (size_t) (end - *buf)); } /* @@ -379,7 +379,7 @@ int mbedtls_ecdh_read_params(mbedtls_ecdh_context *ctx, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_group_id grp_id; - if ((ret = mbedtls_ecp_tls_read_group_id(&grp_id, buf, end - *buf)) + if ((ret = mbedtls_ecp_tls_read_group_id(&grp_id, buf, (size_t) (end - *buf))) != 0) { return ret; } diff --git a/library/ecjpake.c b/library/ecjpake.c index fb13a395b5..cdf5d7ea46 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -168,7 +168,7 @@ static int ecjpake_write_len_point(unsigned char **p, } ret = mbedtls_ecp_point_write_binary(grp, P, pf, - &len, *p + 4, end - (*p + 4)); + &len, *p + 4, (size_t) (end - (*p + 4))); if (ret != 0) { return ret; } @@ -226,7 +226,7 @@ static int ecjpake_hash(const mbedtls_md_type_t md_type, /* Compute hash */ MBEDTLS_MPI_CHK(mbedtls_ecjpake_compute_hash(md_type, - buf, p - buf, hash)); + buf, (size_t) (p - buf), hash)); /* Turn it into an integer mod n */ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(h, hash, @@ -269,7 +269,7 @@ static int ecjpake_zkp_read(const mbedtls_md_type_t md_type, return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } - MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_point(grp, &V, p, end - *p)); + MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_point(grp, &V, p, (size_t) (end - *p))); if (end < *p || (size_t) (end - *p) < 1) { ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; @@ -346,7 +346,7 @@ static int ecjpake_zkp_write(const mbedtls_md_type_t md_type, /* Write it out */ MBEDTLS_MPI_CHK(mbedtls_ecp_tls_write_point(grp, &V, - pf, &len, *p, end - *p)); + pf, &len, *p, (size_t) (end - *p))); *p += len; len = mbedtls_mpi_size(&h); /* actually r */ @@ -392,7 +392,7 @@ static int ecjpake_kkp_read(const mbedtls_md_type_t md_type, * ECSchnorrZKP zkp; * } ECJPAKEKeyKP; */ - MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_point(grp, X, p, end - *p)); + MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_point(grp, X, p, (size_t) (end - *p))); if (mbedtls_ecp_is_zero(X)) { ret = MBEDTLS_ERR_ECP_INVALID_KEY; goto cleanup; @@ -431,7 +431,7 @@ static int ecjpake_kkp_write(const mbedtls_md_type_t md_type, MBEDTLS_MPI_CHK(mbedtls_ecp_gen_keypair_base((mbedtls_ecp_group *) grp, G, x, X, f_rng, p_rng)); MBEDTLS_MPI_CHK(mbedtls_ecp_tls_write_point(grp, X, - pf, &len, *p, end - *p)); + pf, &len, *p, (size_t) (end - *p))); *p += len; /* Generate and write proof */ @@ -504,7 +504,7 @@ static int ecjpake_kkpp_write(const mbedtls_md_type_t md_type, MBEDTLS_MPI_CHK(ecjpake_kkp_write(md_type, grp, pf, G, xm2, Xb, id, &p, end, f_rng, p_rng)); - *olen = p - buf; + *olen = (size_t) (p - buf); cleanup: return ret; @@ -693,7 +693,7 @@ int mbedtls_ecjpake_write_round_two(mbedtls_ecjpake_context *ctx, goto cleanup; } MBEDTLS_MPI_CHK(mbedtls_ecp_tls_write_group(&ctx->grp, &ec_len, - p, end - p)); + p, (size_t) (end - p))); p += ec_len; } @@ -702,7 +702,7 @@ int mbedtls_ecjpake_write_round_two(mbedtls_ecjpake_context *ctx, goto cleanup; } MBEDTLS_MPI_CHK(mbedtls_ecp_tls_write_point(&ctx->grp, &Xm, - ctx->point_format, &ec_len, p, end - p)); + ctx->point_format, &ec_len, p, (size_t) (end - p))); p += ec_len; MBEDTLS_MPI_CHK(ecjpake_zkp_write(ctx->md_type, &ctx->grp, @@ -710,7 +710,7 @@ int mbedtls_ecjpake_write_round_two(mbedtls_ecjpake_context *ctx, &G, &xm, &Xm, ID_MINE, &p, end, f_rng, p_rng)); - *olen = p - buf; + *olen = (size_t) (p - buf); cleanup: mbedtls_ecp_point_free(&G); diff --git a/library/lms.c b/library/lms.c index 0c470a0c34..00525bb74e 100644 --- a/library/lms.c +++ b/library/lms.c @@ -505,7 +505,7 @@ static int get_merkle_path(mbedtls_lms_private_t *ctx, unsigned int height; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - tree = mbedtls_calloc(MERKLE_TREE_NODE_AM(ctx->params.type), + tree = mbedtls_calloc((size_t) MERKLE_TREE_NODE_AM(ctx->params.type), node_bytes); if (tree == NULL) { return MBEDTLS_ERR_LMS_ALLOC_FAILED; @@ -530,7 +530,7 @@ static int get_merkle_path(mbedtls_lms_private_t *ctx, exit: mbedtls_zeroize_and_free(tree, node_bytes * - MERKLE_TREE_NODE_AM(ctx->params.type)); + (size_t) MERKLE_TREE_NODE_AM(ctx->params.type)); return ret; } @@ -669,7 +669,7 @@ int mbedtls_lms_calculate_public_key(mbedtls_lms_public_t *ctx, return MBEDTLS_ERR_LMS_BAD_INPUT_DATA; } - tree = mbedtls_calloc(MERKLE_TREE_NODE_AM(priv_ctx->params.type), + tree = mbedtls_calloc((size_t) MERKLE_TREE_NODE_AM(priv_ctx->params.type), node_bytes); if (tree == NULL) { return MBEDTLS_ERR_LMS_ALLOC_FAILED; @@ -692,7 +692,7 @@ int mbedtls_lms_calculate_public_key(mbedtls_lms_public_t *ctx, exit: mbedtls_zeroize_and_free(tree, node_bytes * - MERKLE_TREE_NODE_AM(priv_ctx->params.type)); + (size_t) MERKLE_TREE_NODE_AM(priv_ctx->params.type)); return ret; } diff --git a/library/oid.c b/library/oid.c index 6184abe402..d8339c1383 100644 --- a/library/oid.c +++ b/library/oid.c @@ -1129,7 +1129,7 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, } } - encoded_len = out_ptr - oid->p; + encoded_len = (size_t) (out_ptr - oid->p); resized_mem = mbedtls_calloc(encoded_len, 1); if (resized_mem == NULL) { ret = MBEDTLS_ERR_ASN1_ALLOC_FAILED; diff --git a/library/pem.c b/library/pem.c index 9500ffcf7f..539134c29b 100644 --- a/library/pem.c +++ b/library/pem.c @@ -298,7 +298,7 @@ int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const if (*end == '\n') { end++; } - *use_len = end - data; + *use_len = (size_t) (end - data); enc = 0; @@ -383,7 +383,7 @@ int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const return MBEDTLS_ERR_PEM_INVALID_DATA; } - ret = mbedtls_base64_decode(NULL, 0, &len, s1, s2 - s1); + ret = mbedtls_base64_decode(NULL, 0, &len, s1, (size_t) (s2 - s1)); if (ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER) { return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, ret); @@ -393,7 +393,7 @@ int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const return MBEDTLS_ERR_PEM_ALLOC_FAILED; } - if ((ret = mbedtls_base64_decode(buf, len, &len, s1, s2 - s1)) != 0) { + if ((ret = mbedtls_base64_decode(buf, len, &len, s1, (size_t) (s2 - s1))) != 0) { mbedtls_zeroize_and_free(buf, len); return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, ret); } @@ -508,7 +508,7 @@ int mbedtls_pem_write_buffer(const char *header, const char *footer, p += strlen(footer); *p++ = '\0'; - *olen = p - buf; + *olen = (size_t) (p - buf); /* Clean any remaining data previously written to the buffer */ memset(buf + *olen, 0, buf_len - *olen); diff --git a/library/pkcs7.c b/library/pkcs7.c index 36b49f53b5..0869c2e077 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -316,7 +316,7 @@ static int pkcs7_get_signer_info(unsigned char **p, unsigned char *end, goto out; } - signer->issuer_raw.len = *p - signer->issuer_raw.p; + signer->issuer_raw.len = (size_t) (*p - signer->issuer_raw.p); ret = mbedtls_x509_get_serial(p, end_issuer_and_sn, &signer->serial); if (ret != 0) { diff --git a/library/pkparse.c b/library/pkparse.c index 3bb5f7be2e..edebf92ff7 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -928,7 +928,7 @@ int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end, ret = pk_use_ecparams(&alg_params, pk); } if (ret == 0) { - ret = pk_ecc_set_pubkey(pk, *p, end - *p); + ret = pk_ecc_set_pubkey(pk, *p, (size_t) (end - *p)); *p += end - *p; } } else @@ -1233,7 +1233,7 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); } - if ((ret = pk_ecc_set_pubkey(pk, p, end2 - p)) == 0) { + if ((ret = pk_ecc_set_pubkey(pk, p, (size_t) (end2 - p))) == 0) { pubkey_done = 1; } else { /* diff --git a/library/psa_crypto.c b/library/psa_crypto.c index bbd6b24ed4..06840140df 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6625,7 +6625,7 @@ static psa_status_t psa_tls12_prf_psk_to_ms_set_key( memcpy(cur, data, data_length); cur += data_length; - status = psa_tls12_prf_set_key(prf, pms, cur - pms); + status = psa_tls12_prf_set_key(prf, pms, (size_t) (cur - pms)); mbedtls_zeroize_and_free(pms, pms_len); return status; diff --git a/library/rsa.c b/library/rsa.c index 38c3dd6be7..1bf5d13ca6 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1620,12 +1620,12 @@ int mbedtls_rsa_rsaes_oaep_decrypt(mbedtls_rsa_context *ctx, goto cleanup; } - if (ilen - (p - buf) > output_max_len) { + if (ilen - ((size_t) (p - buf)) > output_max_len) { ret = MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE; goto cleanup; } - *olen = ilen - (p - buf); + *olen = ilen - ((size_t) (p - buf)); if (*olen != 0) { memcpy(output, p, *olen); } @@ -2191,7 +2191,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext(mbedtls_rsa_context *ctx, return MBEDTLS_ERR_RSA_INVALID_PADDING; } - observed_salt_len = hash_start - p; + observed_salt_len = (size_t) (hash_start - p); if (expected_salt_len != MBEDTLS_RSA_SALT_LEN_ANY && observed_salt_len != (size_t) expected_salt_len) { diff --git a/library/ssl_client.c b/library/ssl_client.c index 0e87d86073..7284ee2d56 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -155,7 +155,7 @@ static int ssl_write_alpn_ext(mbedtls_ssl_context *ssl, p += protocol_name_len; } - *out_len = p - buf; + *out_len = (size_t) (p - buf); /* List length = *out_len - 2 (ext_type) - 2 (ext_len) - 2 (list_len) */ MBEDTLS_PUT_UINT16_BE(*out_len - 6, buf, 4); @@ -285,7 +285,7 @@ static int ssl_write_supported_groups_ext(mbedtls_ssl_context *ssl, } /* Length of named_group_list */ - named_group_list_len = p - named_group_list; + named_group_list_len = (size_t) (p - named_group_list); if (named_group_list_len == 0) { MBEDTLS_SSL_DEBUG_MSG(1, ("No group available.")); return MBEDTLS_ERR_SSL_INTERNAL_ERROR; @@ -301,7 +301,7 @@ static int ssl_write_supported_groups_ext(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF(3, "Supported groups extension", buf + 4, named_group_list_len + 2); - *out_len = p - buf; + *out_len = (size_t) (p - buf); #if defined(MBEDTLS_SSL_PROTO_TLS1_3) mbedtls_ssl_tls13_set_hs_sent_ext_mask( @@ -391,14 +391,14 @@ static int ssl_write_client_hello_cipher_suites( } /* Write the cipher_suites length in number of bytes */ - cipher_suites_len = p - cipher_suites; + cipher_suites_len = (size_t) (p - cipher_suites); MBEDTLS_PUT_UINT16_BE(cipher_suites_len, buf, 0); MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, got %" MBEDTLS_PRINTF_SIZET " cipher suites", cipher_suites_len/2)); /* Output the total length of cipher_suites field. */ - *out_len = p - buf; + *out_len = (size_t) (p - buf); return 0; } @@ -679,7 +679,7 @@ static int ssl_write_client_hello_body(mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ /* Write the length of the list of extensions. */ - extensions_len = p - p_extensions_len - 2; + extensions_len = (size_t) (p - p_extensions_len) - 2; if (extensions_len == 0) { p = p_extensions_len; @@ -696,7 +696,7 @@ static int ssl_write_client_hello_body(mbedtls_ssl_context *ssl, 3, MBEDTLS_SSL_HS_CLIENT_HELLO, handshake->sent_extensions); #endif - *out_len = p - buf; + *out_len = (size_t) (p - buf); return 0; } diff --git a/library/ssl_msg.c b/library/ssl_msg.c index cffd1c90f4..0d7188406f 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -848,7 +848,7 @@ static void ssl_extract_add_data_from_record(unsigned char *add_data, cur += 2; } - *add_data_len = cur - add_data; + *add_data_len = (size_t) (cur - add_data); } #if defined(MBEDTLS_SSL_HAVE_AEAD) @@ -1212,7 +1212,7 @@ hmac_failed_etm_disabled: iv, transform->ivlen, add_data, add_data_len, data, rec->data_len, /* src */ - data, rec->buf_len - (data - rec->buf), /* dst */ + data, rec->buf_len - (size_t) (data - rec->buf), /* dst */ &rec->data_len, transform->taglen)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_auth_encrypt_ext", ret); @@ -1635,12 +1635,13 @@ int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, return ret; } #else - if ((ret = mbedtls_cipher_auth_decrypt_ext(&transform->cipher_ctx_dec, - iv, transform->ivlen, - add_data, add_data_len, - data, rec->data_len + transform->taglen, /* src */ - data, rec->buf_len - (data - rec->buf), &olen, /* dst */ - transform->taglen)) != 0) { + if ((ret = mbedtls_cipher_auth_decrypt_ext + (&transform->cipher_ctx_dec, + iv, transform->ivlen, + add_data, add_data_len, + data, rec->data_len + transform->taglen, /* src */ + data, rec->buf_len - (size_t) (data - rec->buf), &olen, /* dst */ + transform->taglen)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_auth_decrypt_ext", ret); if (ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED) { @@ -2228,7 +2229,7 @@ int mbedtls_ssl_fetch_input(mbedtls_ssl_context *ssl, size_t nb_want) MBEDTLS_SSL_DEBUG_MSG(2, ("timer has expired")); ret = MBEDTLS_ERR_SSL_TIMEOUT; } else { - len = in_buf_len - (ssl->in_hdr - ssl->in_buf); + len = in_buf_len - (size_t) (ssl->in_hdr - ssl->in_buf); if (mbedtls_ssl_is_handshake_over(ssl) == 0) { timeout = ssl->handshake->retransmit_timeout; @@ -2592,7 +2593,7 @@ int mbedtls_ssl_flight_transmit(mbedtls_ssl_context *ssl) } else { const unsigned char * const p = ssl->handshake->cur_msg_p; const size_t hs_len = cur->len - 12; - const size_t frag_off = p - (cur->p + 12); + const size_t frag_off = (size_t) (p - (cur->p + 12)); const size_t rem_len = hs_len - frag_off; size_t cur_hs_frag_len, max_hs_frag_len; @@ -2969,9 +2970,9 @@ int mbedtls_ssl_write_record(mbedtls_ssl_context *ssl, int force_flush) mbedtls_record rec; rec.buf = ssl->out_iv; - rec.buf_len = out_buf_len - (ssl->out_iv - ssl->out_buf); + rec.buf_len = out_buf_len - (size_t) (ssl->out_iv - ssl->out_buf); rec.data_len = ssl->out_msglen; - rec.data_offset = ssl->out_msg - rec.buf; + rec.data_offset = (size_t) (ssl->out_msg - rec.buf); memcpy(&rec.ctr[0], ssl->out_ctr, sizeof(rec.ctr)); mbedtls_ssl_write_version(rec.ver, ssl->conf->transport, tls_ver); @@ -3594,7 +3595,7 @@ int mbedtls_ssl_check_dtls_clihlo_cookie( return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - *olen = p - obuf; + *olen = (size_t) (p - obuf); /* Go back and fill length fields */ obuf[27] = (unsigned char) (*olen - 28); diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 61c87bed9e..0908982ede 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -341,7 +341,7 @@ int mbedtls_ssl_ticket_write(void *p_ticket, /* Dump session state */ if ((ret = mbedtls_ssl_session_save(session, - state, end - state, + state, (size_t) (end - state), &clear_len)) != 0 || (unsigned long) clear_len > 65535) { goto cleanup; @@ -364,7 +364,7 @@ int mbedtls_ssl_ticket_write(void *p_ticket, /* Additional data: key name, IV and length */ key_name, TICKET_ADD_DATA_LEN, state, clear_len, - state, end - state, &ciph_len, + state, (size_t) (end - state), &ciph_len, TICKET_AUTH_TAG_BYTES)) != 0) { goto cleanup; } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 944caa09cc..50f3a6161a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3755,7 +3755,7 @@ static int ssl_session_load(mbedtls_ssl_session *session, session->tls_version = (mbedtls_ssl_protocol_version) (0x0300 | *p++); /* Dispatch according to TLS version. */ - remaining_len = (end - p); + remaining_len = (size_t) (end - p); switch (session->tls_version) { #if defined(MBEDTLS_SSL_PROTO_TLS1_2) case MBEDTLS_SSL_VERSION_TLS1_2: @@ -6795,7 +6795,7 @@ int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl, mbedtls_key_excha /* Write length only when we know the actual value */ if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx, - p + 2, end - (p + 2), &len, + p + 2, (size_t) (end - (p + 2)), &len, ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret); return ret; @@ -6812,7 +6812,7 @@ int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl, mbedtls_key_excha size_t zlen; if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx, &zlen, - p + 2, end - (p + 2), + p + 2, (size_t) (end - (p + 2)), ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_calc_secret", ret); return ret; @@ -6845,7 +6845,7 @@ int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl, mbedtls_key_excha memcpy(p, psk, psk_len); p += psk_len; - ssl->handshake->pmslen = p - ssl->handshake->premaster; + ssl->handshake->pmslen = (size_t) (p - ssl->handshake->premaster); return 0; } @@ -9328,7 +9328,7 @@ int mbedtls_ssl_write_sig_alg_ext(mbedtls_ssl_context *ssl, unsigned char *buf, } /* Length of supported_signature_algorithms */ - supported_sig_alg_len = p - supported_sig_alg; + supported_sig_alg_len = (size_t) (p - supported_sig_alg); if (supported_sig_alg_len == 0) { MBEDTLS_SSL_DEBUG_MSG(1, ("No signature algorithms defined.")); return MBEDTLS_ERR_SSL_INTERNAL_ERROR; @@ -9338,7 +9338,7 @@ int mbedtls_ssl_write_sig_alg_ext(mbedtls_ssl_context *ssl, unsigned char *buf, MBEDTLS_PUT_UINT16_BE(supported_sig_alg_len + 2, buf, 2); MBEDTLS_PUT_UINT16_BE(supported_sig_alg_len, buf, 4); - *out_len = p - buf; + *out_len = (size_t) (p - buf); #if defined(MBEDTLS_SSL_PROTO_TLS1_3) mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_SIG_ALG); diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 9aa46bd154..78297e89e1 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -607,7 +607,7 @@ int mbedtls_ssl_tls12_write_client_hello_exts(mbedtls_ssl_context *ssl, p += ext_len; #endif - *out_len = p - buf; + *out_len = (size_t) (p - buf); return 0; } @@ -2174,7 +2174,7 @@ start_processing: #endif p = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); end = ssl->in_msg + ssl->in_hslen; - MBEDTLS_SSL_DEBUG_BUF(3, "server key exchange", p, end - p); + MBEDTLS_SSL_DEBUG_BUF(3, "server key exchange", p, (size_t) (end - p)); #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || @@ -2299,7 +2299,7 @@ start_processing: mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); - size_t params_len = p - params; + size_t params_len = (size_t) (p - params); void *rs_ctx = NULL; uint16_t sig_alg; @@ -3252,9 +3252,9 @@ static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl) size_t hashlen; void *rs_ctx = NULL; #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - size_t out_buf_len = ssl->out_buf_len - (ssl->out_msg - ssl->out_buf); + size_t out_buf_len = ssl->out_buf_len - (size_t) (ssl->out_msg - ssl->out_buf); #else - size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN - (ssl->out_msg - ssl->out_buf); + size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN - (size_t) (ssl->out_msg - ssl->out_buf); #endif MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate verify")); diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index b007e5c66e..c2e08146bc 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -1858,7 +1858,7 @@ static void ssl_write_renegotiation_ext(mbedtls_ssl_context *ssl, *p++ = 0x00; } - *olen = p - buf; + *olen = (size_t) (p - buf); } #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) @@ -1950,7 +1950,7 @@ static void ssl_write_ecjpake_kkpp_ext(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_USE_PSA_CRYPTO) ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx, - p + 2, end - p - 2, &kkpp_len, + p + 2, (size_t) (end - p - 2), &kkpp_len, MBEDTLS_ECJPAKE_ROUND_ONE); if (ret != 0) { psa_destroy_key(ssl->handshake->psa_pake_password); @@ -1960,7 +1960,7 @@ static void ssl_write_ecjpake_kkpp_ext(mbedtls_ssl_context *ssl, } #else ret = mbedtls_ecjpake_write_round_one(&ssl->handshake->ecjpake_ctx, - p + 2, end - p - 2, &kkpp_len, + p + 2, (size_t) (end - p - 2), &kkpp_len, ssl->conf->f_rng, ssl->conf->p_rng); if (ret != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_write_round_one", ret); @@ -2081,7 +2081,7 @@ static int ssl_write_hello_verify_request(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_BUF(3, "cookie sent", cookie_len_byte + 1, *cookie_len_byte); - ssl->out_msglen = p - ssl->out_msg; + ssl->out_msglen = (size_t) (p - ssl->out_msg); ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST; @@ -2386,7 +2386,7 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl) p += 2 + ext_len; } - ssl->out_msglen = p - buf; + ssl->out_msglen = (size_t) (p - buf); ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO; @@ -2570,12 +2570,12 @@ static int ssl_write_certificate_request(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_BUF(3, "requested DN", p - dn_size, dn_size); - total_dn_size += 2 + dn_size; + total_dn_size += (unsigned short) (2 + dn_size); crt = crt->next; } } - ssl->out_msglen = p - buf; + ssl->out_msglen = (size_t) (p - buf); ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_REQUEST; MBEDTLS_PUT_UINT16_BE(total_dn_size, ssl->out_msg, 4 + ct_len + sa_len); @@ -2779,9 +2779,9 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - size_t out_buf_len = ssl->out_buf_len - (ssl->out_msg - ssl->out_buf); + size_t out_buf_len = ssl->out_buf_len - (size_t) (ssl->out_msg - ssl->out_buf); #else - size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN - (ssl->out_msg - ssl->out_buf); + size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN - (size_t) (ssl->out_msg - ssl->out_buf); #endif #endif @@ -3086,7 +3086,7 @@ curve_matching_done: return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - size_t dig_signed_len = ssl->out_msg + ssl->out_msglen - dig_signed; + size_t dig_signed_len = (size_t) (ssl->out_msg + ssl->out_msglen - dig_signed); size_t hashlen = 0; unsigned char hash[MBEDTLS_MD_MAX_SIZE]; @@ -3763,7 +3763,7 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; #else if ((ret = mbedtls_ecdh_read_public(&ssl->handshake->ecdh_ctx, - p, end - p)) != 0) { + p, (size_t) (end - p))) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_read_public", ret); return MBEDTLS_ERR_SSL_DECODE_ERROR; } @@ -3976,7 +3976,7 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) } if ((ret = mbedtls_ecdh_read_public(&ssl->handshake->ecdh_ctx, - p, end - p)) != 0) { + p, (size_t) (end - p))) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_read_public", ret); return MBEDTLS_ERR_SSL_DECODE_ERROR; } @@ -4005,7 +4005,7 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { #if defined(MBEDTLS_USE_PSA_CRYPTO) if ((ret = mbedtls_psa_ecjpake_read_round( - &ssl->handshake->psa_pake_ctx, p, end - p, + &ssl->handshake->psa_pake_ctx, p, (size_t) (end - p), MBEDTLS_ECJPAKE_ROUND_TWO)) != 0) { psa_destroy_key(ssl->handshake->psa_pake_password); psa_pake_abort(&ssl->handshake->psa_pake_ctx); @@ -4015,7 +4015,7 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) } #else ret = mbedtls_ecjpake_read_round_two(&ssl->handshake->ecjpake_ctx, - p, end - p); + p, (size_t) (end - p)); if (ret != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_read_round_two", ret); return MBEDTLS_ERR_SSL_INTERNAL_ERROR; diff --git a/library/x509_create.c b/library/x509_create.c index 424cce1d9a..8f31c3beab 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -169,7 +169,7 @@ static int parse_attribute_value_string(const char *s, return MBEDTLS_ERR_X509_INVALID_NAME; } } - *data_len = d - data; + *data_len = (size_t) (d - data); return 0; } @@ -297,8 +297,8 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam while (c <= end) { if (in_attr_type && *c == '=') { - if ((attr_descr = x509_attr_descr_from_name(s, c - s)) == NULL) { - if ((mbedtls_oid_from_numeric_string(&oid, s, c - s)) != 0) { + if ((attr_descr = x509_attr_descr_from_name(s, (size_t) (c - s))) == NULL) { + if ((mbedtls_oid_from_numeric_string(&oid, s, (size_t) (c - s))) != 0) { return MBEDTLS_ERR_X509_INVALID_NAME; } else { numericoid = 1; @@ -322,7 +322,7 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam /* We know that c >= s (loop invariant) and c != s (in this * else branch), hence c - s - 1 >= 0. */ parse_ret = parse_attribute_value_hex_der_encoded( - s + 1, c - s - 1, + s + 1, (size_t) (c - s) - 1, data, sizeof(data), &data_len, &tag); if (parse_ret != 0) { mbedtls_free(oid.p); diff --git a/library/x509_crl.c b/library/x509_crl.c index cad784eeb6..fdbad238a6 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -367,7 +367,7 @@ int mbedtls_x509_crl_parse_der(mbedtls_x509_crl *chain, } end = p + len; - crl->tbs.len = end - crl->tbs.p; + crl->tbs.len = (size_t) (end - crl->tbs.p); /* * Version ::= INTEGER OPTIONAL { v1(0), v2(1) } @@ -411,7 +411,7 @@ int mbedtls_x509_crl_parse_der(mbedtls_x509_crl *chain, return ret; } - crl->issuer_raw.len = p - crl->issuer_raw.p; + crl->issuer_raw.len = (size_t) (p - crl->issuer_raw.p); /* * thisUpdate Time diff --git a/library/x509_crt.c b/library/x509_crt.c index f41eb47d72..1fe4448e4c 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1108,7 +1108,7 @@ static int x509_crt_parse_der_core(mbedtls_x509_crt *crt, } end = crt_end = p + len; - crt->raw.len = crt_end - buf; + crt->raw.len = (size_t) (crt_end - buf); if (make_copy != 0) { /* Create and populate a new buffer for the raw field. */ crt->raw.p = p = mbedtls_calloc(1, crt->raw.len); @@ -1138,7 +1138,7 @@ static int x509_crt_parse_der_core(mbedtls_x509_crt *crt, } end = p + len; - crt->tbs.len = end - crt->tbs.p; + crt->tbs.len = (size_t) (end - crt->tbs.p); /* * Version ::= INTEGER { v1(0), v2(1), v3(2) } @@ -1185,7 +1185,7 @@ static int x509_crt_parse_der_core(mbedtls_x509_crt *crt, return ret; } - crt->issuer_raw.len = p - crt->issuer_raw.p; + crt->issuer_raw.len = (size_t) (p - crt->issuer_raw.p); /* * Validity ::= SEQUENCE { @@ -1215,7 +1215,7 @@ static int x509_crt_parse_der_core(mbedtls_x509_crt *crt, return ret; } - crt->subject_raw.len = p - crt->subject_raw.p; + crt->subject_raw.len = (size_t) (p - crt->subject_raw.p); /* * SubjectPublicKeyInfo @@ -1225,7 +1225,7 @@ static int x509_crt_parse_der_core(mbedtls_x509_crt *crt, mbedtls_x509_crt_free(crt); return ret; } - crt->pk_raw.len = p - crt->pk_raw.p; + crt->pk_raw.len = (size_t) (p - crt->pk_raw.p); /* * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, diff --git a/library/x509_csr.c b/library/x509_csr.c index a293ec0174..79b1589644 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -328,7 +328,7 @@ static int mbedtls_x509_csr_parse_der_internal(mbedtls_x509_csr *csr, } end = p + len; - csr->cri.len = end - csr->cri.p; + csr->cri.len = (size_t) (end - csr->cri.p); /* * Version ::= INTEGER { v1(0) } @@ -361,7 +361,7 @@ static int mbedtls_x509_csr_parse_der_internal(mbedtls_x509_csr *csr, return ret; } - csr->subject_raw.len = p - csr->subject_raw.p; + csr->subject_raw.len = (size_t) (p - csr->subject_raw.p); /* * subjectPKInfo SubjectPublicKeyInfo diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 4c019eee4e..44b6b1781e 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -481,7 +481,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, */ MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_pk_write_pubkey_der(ctx->subject_key, - buf, c - buf)); + buf, (size_t) (c - buf))); c -= pub_len; len += pub_len; diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 4e397553a4..254da69a9f 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -185,7 +185,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC)); MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_pk_write_pubkey_der(ctx->key, - buf, c - buf)); + buf, (size_t) (c - buf))); c -= pub_len; len += pub_len; @@ -276,7 +276,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); /* Zero the unused bytes at the start of buf */ - memset(buf, 0, c2 - buf); + memset(buf, 0, (size_t) (c2 - buf)); return (int) len; }