diff --git a/src/internal.c b/src/internal.c index c491ed015a..7b39f4bb8c 100644 --- a/src/internal.c +++ b/src/internal.c @@ -6680,8 +6680,8 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) * then we possibly already have a side defined. Don't overwrite unless * the context has a well defined role. */ if (newSSL || ctx->method->side != WOLFSSL_NEITHER_END) - ssl->options.side = ctx->method->side; - ssl->options.downgrade = ctx->method->downgrade; + ssl->options.side = (word16)(ctx->method->side); + ssl->options.downgrade = (word16)(ctx->method->downgrade); ssl->options.minDowngrade = ctx->minDowngrade; ssl->options.haveRSA = ctx->haveRSA; @@ -6693,7 +6693,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->options.haveDilithiumSig = ctx->haveDilithiumSig; #ifndef NO_PSK - ssl->options.havePSK = ctx->havePSK; + ssl->options.havePSK = (word16)(ctx->havePSK); ssl->options.client_psk_cb = ctx->client_psk_cb; ssl->options.server_psk_cb = ctx->server_psk_cb; ssl->options.psk_ctx = ctx->psk_ctx; @@ -10070,10 +10070,10 @@ int HashRaw(WOLFSSL* ssl, const byte* data, int sz) #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \ defined(WOLFSSL_ALLOW_TLS_SHA1)) - wc_ShaUpdate(&ssl->hsHashes->hashSha, data, sz); + wc_ShaUpdate(&ssl->hsHashes->hashSha, data, (word32)(sz)); #endif #if !defined(NO_MD5) && !defined(NO_OLD_TLS) - wc_Md5Update(&ssl->hsHashes->hashMd5, data, sz); + wc_Md5Update(&ssl->hsHashes->hashMd5, data, (word32)(sz)); #endif if (IsAtLeastTLSv1_2(ssl)) { @@ -10393,7 +10393,7 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz, if (!ssl->options.buildingMsg) { /* Hash it before the loop as we modify the input with * encryption on */ - ret = HashRaw(ssl, input + rHdrSz, inputSz + hsHdrSz); + ret = HashRaw(ssl, input + rHdrSz, (int)(inputSz) + hsHdrSz); if (ret != 0) return ret; #ifdef WOLFSSL_DTLS @@ -10653,7 +10653,7 @@ void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree) if (!forcedFree && usedLength > 0) { XMEMCPY(ssl->buffers.inputBuffer.staticBuffer, ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx, - usedLength); + (size_t)(usedLength)); } ForceZero(ssl->buffers.inputBuffer.buffer, @@ -10961,7 +10961,7 @@ int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength) if (usedLength) XMEMCPY(tmp, ssl->buffers.inputBuffer.buffer + - ssl->buffers.inputBuffer.idx, usedLength); + ssl->buffers.inputBuffer.idx, (size_t)(usedLength)); if (ssl->buffers.inputBuffer.dynamicFlag) { if (IsEncryptionOn(ssl, 1)) { @@ -13777,7 +13777,7 @@ int SetupStoreCtxCallback(WOLFSSL_X509_STORE_CTX** store_pt, if (subjectCNLen > ASN_NAME_MAX-1) subjectCNLen = ASN_NAME_MAX-1; if (subjectCNLen > 0) { - XMEMCPY(domain, args->dCert->subjectCN, subjectCNLen); + XMEMCPY(domain, args->dCert->subjectCN, (size_t)(subjectCNLen)); domain[subjectCNLen] = '\0'; } } @@ -15623,7 +15623,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, WOLFSSL_MSG( "\tCallback override available, will continue"); /* check if fatal error */ - args->fatal = (args->verifyErr) ? 1 : 0; + args->fatal = (args->verifyErr) ? (word16)(1) + : (word16)(0); if (args->fatal) DoCertFatalAlert(ssl, ret); } @@ -19279,7 +19280,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, additionalSz = writeAeadAuthData(ssl, /* Length of the plain text minus the explicit * IV length minus the authentication tag size. */ - sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, type, + sz - (word16)(AESGCM_EXP_IV_SZ) - ssl->specs.aead_mac_size, type, ssl->encrypt.additional, 0, NULL, CUR_ORDER); if (additionalSz < 0) { ret = additionalSz; @@ -19303,19 +19304,19 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, ssl->encrypt.nonce, AESGCM_NONCE_SZ, out + sz - ssl->specs.aead_mac_size, ssl->specs.aead_mac_size, - ssl->encrypt.additional, additionalSz); + ssl->encrypt.additional, (word32)(additionalSz)); } if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) #endif /* HAVE_PK_CALLBACKS */ { ret = aes_auth_fn(ssl->encrypt.aes, - out + AESGCM_EXP_IV_SZ, input + AESGCM_EXP_IV_SZ, - sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, - ssl->encrypt.nonce, AESGCM_NONCE_SZ, - out + sz - ssl->specs.aead_mac_size, - ssl->specs.aead_mac_size, - ssl->encrypt.additional, additionalSz); + out + AESGCM_EXP_IV_SZ, input + AESGCM_EXP_IV_SZ, + sz - (word16)(AESGCM_EXP_IV_SZ) - ssl->specs.aead_mac_size, + ssl->encrypt.nonce, AESGCM_NONCE_SZ, + out + sz - ssl->specs.aead_mac_size, + ssl->specs.aead_mac_size, + ssl->encrypt.additional, (word32)(additionalSz)); } #ifdef WOLFSSL_ASYNC_CRYPT @@ -19771,24 +19772,24 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input, ret = ssl->ctx->PerformTlsRecordProcessingCb(ssl, 0, plain + AESGCM_EXP_IV_SZ, input + AESGCM_EXP_IV_SZ, - sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, + sz - (word16)(AESGCM_EXP_IV_SZ) - ssl->specs.aead_mac_size, ssl->decrypt.nonce, AESGCM_NONCE_SZ, (byte *)(input + sz - ssl->specs.aead_mac_size), ssl->specs.aead_mac_size, - ssl->decrypt.additional, additionalSz); + ssl->decrypt.additional, (word32)(additionalSz)); } if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) #endif /* HAVE_PK_CALLBACKS */ { if ((ret = aes_auth_fn(ssl->decrypt.aes, - plain + AESGCM_EXP_IV_SZ, - input + AESGCM_EXP_IV_SZ, - sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, - ssl->decrypt.nonce, AESGCM_NONCE_SZ, - input + sz - ssl->specs.aead_mac_size, - ssl->specs.aead_mac_size, - ssl->decrypt.additional, additionalSz)) < 0) { + plain + AESGCM_EXP_IV_SZ, + input + AESGCM_EXP_IV_SZ, + sz - (word16)(AESGCM_EXP_IV_SZ) - ssl->specs.aead_mac_size, + ssl->decrypt.nonce, AESGCM_NONCE_SZ, + input + sz - ssl->specs.aead_mac_size, + ssl->specs.aead_mac_size, + ssl->decrypt.additional, (word32)(additionalSz))) < 0) { #ifdef WOLFSSL_ASYNC_CRYPT if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, @@ -20549,7 +20550,7 @@ static byte MaskMac(const byte* data, int sz, int macSz, byte* expMac) r = (macSz - (scanStart - macStart)) % WC_SHA384_DIGEST_SIZE; #endif - XMEMSET(mac, 0, macSz); + XMEMSET(mac, 0, (size_t)(macSz)); for (i = scanStart; i < sz; i += macSz) { for (j = 0; j < macSz && j + i < sz; j++) { started = ctMaskGTE(i + j, macStart); @@ -20700,7 +20701,7 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff) } #endif - dataSz = msgSz - ssl->keys.padSz; + dataSz = (int)(msgSz - ssl->keys.padSz); if (dataSz < 0) { WOLFSSL_MSG("App data buffer error, malicious input?"); if (sniff == NO_SNIFF) { @@ -21078,7 +21079,7 @@ static int GetInputData(WOLFSSL *ssl, word32 size) if (usedLength > 0 && ssl->buffers.inputBuffer.idx != 0) XMEMMOVE(ssl->buffers.inputBuffer.buffer, ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx, - usedLength); + (size_t)(usedLength)); /* remove processed data */ ssl->buffers.inputBuffer.idx = 0; @@ -23137,7 +23138,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, min(args->ivSz, MAX_IV_SZ)); args->idx += min(args->ivSz, MAX_IV_SZ); } - XMEMCPY(output + args->idx, input, inSz); + XMEMCPY(output + args->idx, input, (size_t)(inSz)); args->idx += (word32)inSz; #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) if (ssl->options.dtls && DtlsGetCidTxSize(ssl) > 0) { @@ -23907,12 +23908,12 @@ int SendCertificate(WOLFSSL* ssl) else { fragSz = maxFragment - HANDSHAKE_HEADER_SZ; } - sendSz += fragSz + HANDSHAKE_HEADER_SZ; + sendSz += (int)(fragSz) + HANDSHAKE_HEADER_SZ; i += HANDSHAKE_HEADER_SZ; } else { fragSz = min(length, maxFragment); - sendSz += fragSz; + sendSz += (int)(fragSz); } if (IsEncryptionOn(ssl, 1)) @@ -24041,7 +24042,7 @@ int SendCertificate(WOLFSSL* ssl) DYNAMIC_TYPE_IN_BUFFER); if (input == NULL) return MEMORY_E; - XMEMCPY(input, output + recordHeaderSz, inputSz); + XMEMCPY(input, output + recordHeaderSz, (size_t)(inputSz)); } #ifndef WOLFSSL_DTLS @@ -24268,7 +24269,7 @@ int SendCertificateRequest(WOLFSSL* ssl) if (input == NULL) return MEMORY_E; - XMEMCPY(input, output + recordHeaderSz, inputSz); + XMEMCPY(input, output + recordHeaderSz, (size_t)(inputSz)); #ifdef WOLFSSL_DTLS if (IsDtlsNotSctpMode(ssl) && (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, @@ -25399,7 +25400,7 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek) size = (int)min((word32)sz, ssl->buffers.clearOutputBuffer.length); - XMEMCPY(output, ssl->buffers.clearOutputBuffer.buffer, size); + XMEMCPY(output, ssl->buffers.clearOutputBuffer.buffer, (size_t)(size)); if (peek == 0) { ssl->buffers.clearOutputBuffer.length -= (word32)size; @@ -28790,7 +28791,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length) (ssl->buffers.keyType == dilithium_level3_sa_algo) || (ssl->buffers.keyType == dilithium_level5_sa_algo)) ssl->hsType = DYNAMIC_TYPE_DILITHIUM; - ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); + ret = AllocKey(ssl, (int)(ssl->hsType), &ssl->hsKey); if (ret != 0) { goto exit_dpk; } @@ -28804,9 +28805,10 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length) } else if (ssl->buffers.keyId) { ret = wc_InitRsaKey_Id((RsaKey*)ssl->hsKey, - ssl->buffers.key->buffer, - ssl->buffers.key->length, ssl->heap, - ssl->buffers.keyDevId); + (ssl->buffers.key->buffer), + (int)(ssl->buffers.key->length), + ssl->heap, + ssl->buffers.keyDevId); } if (ret == 0) { if (ssl->buffers.keySz < ssl->options.minRsaKeySz) { @@ -28830,7 +28832,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length) } else if (ssl->buffers.keyId) { ret = wc_ecc_init_id((ecc_key*)ssl->hsKey, - ssl->buffers.key->buffer, + (ssl->buffers.key->buffer), ssl->buffers.key->length, ssl->heap, ssl->buffers.keyDevId); } @@ -30100,7 +30102,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, (void)idx; /* suppress analyzer warning, keep idx current */ #else if (extSz != 0) { - c16toa(extSz, output + idx); + c16toa((word16)(extSz), output + idx); idx += HELLO_EXT_SZ_SZ; if (IsAtLeastTLSv1_2(ssl)) { @@ -30145,7 +30147,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, if (input == NULL) return MEMORY_E; - XMEMCPY(input, output + recordHeaderSz, inputSz); + XMEMCPY(input, output + recordHeaderSz, (size_t)(inputSz)); #ifdef WOLFSSL_DTLS if (IsDtlsNotSctpMode(ssl) && (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, @@ -30645,7 +30647,9 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, else i += extSz; - totalExtSz -= OPAQUE16_LEN + OPAQUE16_LEN + extSz; + totalExtSz -= (word16)(OPAQUE16_LEN) + + (word16)(OPAQUE16_LEN) + + extSz; } *inOutIdx = i; @@ -30957,7 +30961,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, #endif *inOutIdx += dnSz; - len -= OPAQUE16_LEN + dnSz; + len -= (word16)(OPAQUE16_LEN) + dnSz; } #ifdef OPENSSL_EXTRA @@ -31469,7 +31473,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, /* get PSK server hint from the wire */ srvHintLen = (int)min(length, MAX_PSK_ID_LEN); XMEMCPY(ssl->arrays->server_hint, input + args->idx, - srvHintLen); + (size_t)(srvHintLen)); ssl->arrays->server_hint[srvHintLen] = '\0'; /* null term */ args->idx += length; break; @@ -31689,7 +31693,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, /* get PSK server hint from the wire */ srvHintLen = (int)min(length, MAX_PSK_ID_LEN); XMEMCPY(ssl->arrays->server_hint, input + args->idx, - srvHintLen); + (size_t)(srvHintLen)); ssl->arrays->server_hint[srvHintLen] = '\0'; /* null term */ args->idx += length; @@ -32595,7 +32599,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) /* create private key */ ssl->hsType = DYNAMIC_TYPE_CURVE25519; - ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); + ret = AllocKey(ssl, (int)(ssl->hsType), &ssl->hsKey); if (ret != 0) { goto exit_scke; } @@ -32646,7 +32650,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) /* create ephemeral private key */ ssl->hsType = DYNAMIC_TYPE_ECC; - ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); + ret = AllocKey(ssl, (int)(ssl->hsType), &ssl->hsKey); if (ret != 0) { goto exit_scke; } @@ -32697,7 +32701,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) /* create private key */ ssl->hsType = DYNAMIC_TYPE_CURVE25519; - ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); + ret = AllocKey(ssl, (int)(ssl->hsType), &ssl->hsKey); if (ret != 0) { goto exit_scke; } @@ -34745,7 +34749,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (input == NULL) return MEMORY_E; - XMEMCPY(input, output + recordHeaderSz, inputSz); + XMEMCPY(input, output + recordHeaderSz, (size_t)(inputSz)); #ifdef WOLFSSL_DTLS if (IsDtlsNotSctpMode(ssl) && (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, server_hello)) != 0) { @@ -37200,8 +37204,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_3_MINOR) pv.minor = TLSv1_2_MINOR; - lesserVersion = !ssl->options.dtls && ssl->version.minor > pv.minor; - lesserVersion |= ssl->options.dtls && ssl->version.minor < pv.minor; + lesserVersion = (byte)(!ssl->options.dtls && + ssl->version.minor > pv.minor); + lesserVersion |= ssl->options.dtls &&ssl->version.minor < pv.minor; if (lesserVersion) { byte belowMinDowngrade; @@ -37661,7 +37666,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, else i += extSz; - totalExtSz -= OPAQUE16_LEN + OPAQUE16_LEN + extSz; + totalExtSz -= (word16)(OPAQUE16_LEN + OPAQUE16_LEN) + extSz; } #endif *inOutIdx = i; @@ -38286,7 +38291,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (input == NULL) return MEMORY_E; - XMEMCPY(input, output + recordHeaderSz, inputSz); + XMEMCPY(input, output + recordHeaderSz, (size_t)(inputSz)); #ifdef WOLFSSL_DTLS if (IsDtlsNotSctpMode(ssl) && (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, server_hello_done)) != 0) { @@ -41099,7 +41104,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], ret = args->lastErr; args->lastErr = 0; /* reset */ /* On error 'ret' will be negative */ - mask = ((unsigned int)ret >> + mask = ((byte)ret >> ((sizeof(ret) * 8) - 1)) - 1; /* build PreMasterSecret */ diff --git a/src/ssl_load.c b/src/ssl_load.c index 617c5c7cc2..96ad5d5a94 100644 --- a/src/ssl_load.c +++ b/src/ssl_load.c @@ -132,7 +132,7 @@ static int DataToDerBuffer(const unsigned char* buff, word32 len, int format, /* Data in buffer has PEM format - extract DER data. */ if (format == WOLFSSL_FILETYPE_PEM) { #ifdef WOLFSSL_PEM_TO_DER - ret = PemToDer(buff, len, type, der, heap, info, algId); + ret = PemToDer(buff, (long)(len), type, der, heap, info, algId); if (ret != 0) { FreeDer(der); } diff --git a/src/tls.c b/src/tls.c index 87aedb4ef7..96b050ee11 100644 --- a/src/tls.c +++ b/src/tls.c @@ -1349,8 +1349,9 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz, } #else - ret = Hmac_UpdateFinal(&hmac, digest, in, sz + hashSz + padSz + 1, - myInner, innerSz); + ret = Hmac_UpdateFinal(&hmac, digest, in, sz + hashSz + + (word32)(padSz) + 1, + myInner, innerSz); #endif } else {