diff options
author | David Benjamin <davidben@chromium.org> | 2014-09-30 21:00:38 -0400 |
---|---|---|
committer | Adam Langley <agl@google.com> | 2014-10-01 02:17:38 +0000 |
commit | fb3ff2c66cc873150022a4ab87ac72dd9d78b549 (patch) | |
tree | 1a1c9e5afda5354c6e3a4f0442699703c9141301 | |
parent | 5e77bd449e9d7050d59271db157e3fc8957e23e9 (diff) | |
download | boringssl-fb3ff2c66cc873150022a4ab87ac72dd9d78b549.zip boringssl-fb3ff2c66cc873150022a4ab87ac72dd9d78b549.tar.gz boringssl-fb3ff2c66cc873150022a4ab87ac72dd9d78b549.tar.bz2 |
Don't compare signed vs. unsigned.
This resolves a pile of MSVC warnings in Chromium.
Change-Id: Ib9a29cb88d8ed8ec4118d153260f775be059a803
Reviewed-on: https://boringssl-review.googlesource.com/1865
Reviewed-by: Adam Langley <agl@google.com>
-rw-r--r-- | crypto/aes/aes.c | 2 | ||||
-rw-r--r-- | crypto/bn/convert.c | 2 | ||||
-rw-r--r-- | crypto/ex_data.c | 2 | ||||
-rw-r--r-- | crypto/rsa/padding.c | 5 | ||||
-rw-r--r-- | crypto/x509/by_dir.c | 15 | ||||
-rw-r--r-- | ssl/d1_srtp.c | 4 | ||||
-rw-r--r-- | ssl/s3_lib.c | 7 | ||||
-rw-r--r-- | ssl/s3_pkt.c | 2 | ||||
-rw-r--r-- | ssl/s3_srvr.c | 8 | ||||
-rw-r--r-- | ssl/ssl_cert.c | 9 | ||||
-rw-r--r-- | ssl/ssl_lib.c | 20 | ||||
-rw-r--r-- | ssl/t1_enc.c | 2 | ||||
-rw-r--r-- | ssl/t1_lib.c | 6 |
13 files changed, 47 insertions, 37 deletions
diff --git a/crypto/aes/aes.c b/crypto/aes/aes.c index c47fe88..2f428b1 100644 --- a/crypto/aes/aes.c +++ b/crypto/aes/aes.c @@ -682,7 +682,7 @@ int AES_set_decrypt_key(const uint8_t *key, unsigned bits, AES_KEY *aeskey) { } /* apply the inverse MixColumn transform to all round keys but the first and * the last: */ - for (i = 1; i < aeskey->rounds; i++) { + for (i = 1; i < (int)aeskey->rounds; i++) { rk += 4; rk[0] = Td0[Te1[(rk[0] >> 24)] & 0xff] ^ Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^ diff --git a/crypto/bn/convert.c b/crypto/bn/convert.c index 048ac73..1ba7cb6 100644 --- a/crypto/bn/convert.c +++ b/crypto/bn/convert.c @@ -163,7 +163,7 @@ int BN_bn2bin_padded(uint8_t *out, size_t len, const BIGNUM *in) { /* Check if the integer is too big. This case can exit early in non-constant * time. */ - if (in->top > (len + (BN_BYTES - 1)) / BN_BYTES) { + if ((size_t)in->top > (len + (BN_BYTES - 1)) / BN_BYTES) { return 0; } if ((len % BN_BYTES) != 0) { diff --git a/crypto/ex_data.c b/crypto/ex_data.c index 820f48d..0c2503e 100644 --- a/crypto/ex_data.c +++ b/crypto/ex_data.c @@ -177,7 +177,7 @@ int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int index, void *val) { } void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx) { - if (ad->sk == NULL || idx >= sk_void_num(ad->sk)) { + if (ad->sk == NULL || idx < 0 || (size_t)idx >= sk_void_num(ad->sk)) { return NULL; } return sk_void_value(ad->sk, idx); diff --git a/crypto/rsa/padding.c b/crypto/rsa/padding.c index 3631424..4d29b07 100644 --- a/crypto/rsa/padding.c +++ b/crypto/rsa/padding.c @@ -55,6 +55,8 @@ #include <openssl/rsa.h> +#include <assert.h> + #include <openssl/digest.h> #include <openssl/err.h> #include <openssl/mem.h> @@ -659,7 +661,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, int sLen) { int i; int ret = 0; - int maskedDBLen, MSBits, emLen; + size_t maskedDBLen, MSBits, emLen; size_t hLen; unsigned char *H, *salt = NULL, *p; EVP_MD_CTX ctx; @@ -693,6 +695,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, MSBits = (BN_num_bits(rsa->n) - 1) & 0x7; emLen = RSA_size(rsa); if (MSBits == 0) { + assert(emLen >= 1); *EM++ = 0; emLen--; } diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index ecfb33c..659bc44 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -199,7 +199,7 @@ static void free_dir(X509_LOOKUP *lu) static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) { - int j,len; + size_t j,len; const char *s,*ss,*p; if (dir == NULL || !*dir) @@ -217,13 +217,13 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) BY_DIR_ENTRY *ent; ss=s; s=p+1; - len=(int)(p-ss); + len=p-ss; if (len == 0) continue; for (j=0; j < sk_BY_DIR_ENTRY_num(ctx->dirs); j++) { ent = sk_BY_DIR_ENTRY_value(ctx->dirs, j); - if (strlen(ent->dir) == (size_t)len && - strncmp(ent->dir,ss,(unsigned int)len) == 0) + if (strlen(ent->dir) == len && + strncmp(ent->dir,ss,len) == 0) break; } if (j < sk_BY_DIR_ENTRY_num(ctx->dirs)) @@ -242,13 +242,13 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) return 0; ent->dir_type = type; ent->hashes = sk_BY_DIR_HASH_new(by_dir_hash_cmp); - ent->dir = OPENSSL_malloc((unsigned int)len+1); + ent->dir = OPENSSL_malloc(len+1); if (!ent->dir || !ent->hashes) { by_dir_entry_free(ent); return 0; } - strncpy(ent->dir,ss,(unsigned int)len); + strncpy(ent->dir,ss,len); ent->dir[len] = '\0'; if (!sk_BY_DIR_ENTRY_push(ctx->dirs, ent)) { @@ -275,7 +275,8 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, } crl; } data; int ok=0; - int i,j,k; + size_t i; + int j,k; unsigned long h; unsigned long hash_array[2]; int hash_index; diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c index 1f909de..bc278c3 100644 --- a/ssl/d1_srtp.c +++ b/ssl/d1_srtp.c @@ -312,7 +312,7 @@ int ssl_parse_clienthello_use_srtp_ext(SSL *s, CBS *cbs, int *out_alert) CBS profile_ids, srtp_mki; SRTP_PROTECTION_PROFILE *cprof, *sprof; STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0,*srvr; - int i,j; + size_t i,j; int ret = 0; if (!CBS_get_u16_length_prefixed(cbs, &profile_ids) || @@ -405,7 +405,7 @@ int ssl_parse_serverhello_use_srtp_ext(SSL *s, CBS *cbs, int *out_alert) { CBS profile_ids, srtp_mki; uint16_t profile_id; - int i; + size_t i; STACK_OF(SRTP_PROTECTION_PROFILE) *clnt; SRTP_PROTECTION_PROFILE *prof; diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 73c0e08..03997c9 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -1780,7 +1780,8 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, { const SSL_CIPHER *c,*ret=NULL; STACK_OF(SSL_CIPHER) *srvr = server_pref->ciphers, *prio, *allow; - int i,ok; + size_t i; + int ok; size_t cipher_index; CERT *cert; unsigned long alg_k,alg_a,mask_k,mask_a; @@ -1880,12 +1881,12 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, /* This element of |prio| is in a group. Update * the minimum index found so far and continue * looking. */ - if (group_min == -1 || group_min > cipher_index) + if (group_min == -1 || (size_t)group_min > cipher_index) group_min = cipher_index; } else { - if (group_min != -1 && group_min < cipher_index) + if (group_min != -1 && (size_t)group_min < cipher_index) cipher_index = group_min; ret=sk_SSL_CIPHER_value(allow,cipher_index); break; diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index f5079a1..0df6a3c 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -574,7 +574,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) * buffer ... so we trap and report the error in a way the user * will notice */ - if (len < tot) + if (len < 0 || (size_t)len < tot) { OPENSSL_PUT_ERROR(SSL, ssl3_write_bytes, SSL_R_BAD_LENGTH); return(-1); diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index b355f5b..4b814f3 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1001,12 +1001,13 @@ int ssl3_get_client_hello(SSL *s) /* If it is a hit, check that the cipher is in the list */ if (s->hit && CBS_len(&cipher_suites) > 0) { + size_t j; int found_cipher = 0; unsigned long id = s->session->cipher->id; - for (i=0; i<sk_SSL_CIPHER_num(ciphers); i++) + for (j = 0; j < sk_SSL_CIPHER_num(ciphers); j++) { - c=sk_SSL_CIPHER_value(ciphers,i); + c = sk_SSL_CIPHER_value(ciphers, j); if (c->id == id) { found_cipher = 1; @@ -1683,7 +1684,8 @@ err: int ssl3_send_certificate_request(SSL *s) { unsigned char *p,*d; - int i,j,nl,off,n; + size_t i; + int j,nl,off,n; STACK_OF(X509_NAME) *sk=NULL; X509_NAME *name; BUF_MEM *buf; diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 5e9d41d..33f3fd8 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -664,7 +664,7 @@ static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk) { - int i; + size_t i; STACK_OF(X509_NAME) *ret; X509_NAME *name; @@ -965,7 +965,7 @@ int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l) { BUF_MEM *buf = s->init_buf; int no_chain; - int i; + size_t i; X509 *x; STACK_OF(X509) *extra_certs; @@ -1060,12 +1060,13 @@ int ssl_build_cert_chain(CERT *c, X509_STORE *chain_store, int flags) /* Rearranging and check the chain: add everything to a store */ if (flags & SSL_BUILD_CHAIN_FLAG_CHECK) { + size_t j; chain_store = X509_STORE_new(); if (!chain_store) goto err; - for (i = 0; i < sk_X509_num(cpk->chain); i++) + for (j = 0; j < sk_X509_num(cpk->chain); j++) { - x = sk_X509_value(cpk->chain, i); + x = sk_X509_value(cpk->chain, j); if (!X509_STORE_add_cert(chain_store, x)) { error = ERR_peek_last_error(); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 5562e20..952fd78 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1381,18 +1381,20 @@ STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) } /** The old interface to get the same thing as SSL_get_ciphers() */ -const char *SSL_get_cipher_list(const SSL *s,int n) +const char *SSL_get_cipher_list(const SSL *s, int n) { const SSL_CIPHER *c; STACK_OF(SSL_CIPHER) *sk; - if (s == NULL) return(NULL); - sk=SSL_get_ciphers(s); - if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n)) - return(NULL); - c=sk_SSL_CIPHER_value(sk,n); - if (c == NULL) return(NULL); - return(c->name); + if (s == NULL) + return NULL; + sk = SSL_get_ciphers(s); + if (sk == NULL || n < 0 || (size_t)n >= sk_SSL_CIPHER_num(sk)) + return NULL; + c = sk_SSL_CIPHER_value(sk, n); + if (c == NULL) + return NULL; + return c->name; } /** specify the ciphers to be used by default by the SSL_CTX */ @@ -1458,7 +1460,7 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) char *p; STACK_OF(SSL_CIPHER) *sk; const SSL_CIPHER *c; - int i; + size_t i; if ((s->session == NULL) || (s->session->ciphers == NULL) || (len < 2)) diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index ca6bf6c..48fcd87 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -603,7 +603,7 @@ int tls1_setup_key_block(SSL *s) /* For "stateful" AEADs (i.e. compatibility with pre-AEAD * cipher suites) the key length reported by * |EVP_AEAD_key_length| will include the MAC key bytes. */ - if (key_len < mac_secret_size) + if (key_len < (size_t)mac_secret_size) { OPENSSL_PUT_ERROR(SSL, tls1_change_cipher_state, ERR_R_INTERNAL_ERROR); return 0; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 5993ffd..a14ce5a 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -894,7 +894,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c int using_ecc = 0; if (s->version >= TLS1_VERSION || SSL_IS_DTLS(s)) { - int i; + size_t i; unsigned long alg_k, alg_a; STACK_OF(SSL_CIPHER) *cipher_stack = SSL_get_ciphers(s); @@ -2883,7 +2883,7 @@ static int tls1_check_sig_alg(CERT *c, X509 *x, int default_nid) static int ssl_check_ca_name(STACK_OF(X509_NAME) *names, X509 *x) { X509_NAME *nm; - int i; + size_t i; nm = X509_get_issuer_name(x); for (i = 0; i < sk_X509_NAME_num(names); i++) { @@ -2911,7 +2911,7 @@ static int ssl_check_ca_name(STACK_OF(X509_NAME) *names, X509 *x) int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, int idx) { - int i; + size_t i; int rv = 0; int check_flags = 0, strict_mode; CERT_PKEY *cpk = NULL; |