Don't compare signed vs. unsigned.

This resolves a pile of MSVC warnings in Chromium. Change-Id: Ib9a29cb88d8ed8ec4118d153260f775be059a803 Reviewed-on: https://boringssl-review.googlesource.com/1865 Reviewed-by: Adam Langley <agl@google.com>
author: David Benjamin <davidben@chromium.org> 2014-09-30 21:00:38 -0400
committer: Adam Langley <agl@google.com> 2014-10-01 02:17:38 +0000
commit: fb3ff2c66cc873150022a4ab87ac72dd9d78b549 (patch)
tree: 1a1c9e5afda5354c6e3a4f0442699703c9141301
parent: 5e77bd449e9d7050d59271db157e3fc8957e23e9 (diff)
download: boringssl-fb3ff2c66cc873150022a4ab87ac72dd9d78b549.zip
boringssl-fb3ff2c66cc873150022a4ab87ac72dd9d78b549.tar.gz
boringssl-fb3ff2c66cc873150022a4ab87ac72dd9d78b549.tar.bz2
13 files changed, 47 insertions, 37 deletions
diff --git a/crypto/aes/aes.c b/crypto/aes/aes.c
index c47fe88..2f428b1 100644
--- a/crypto/aes/aes.c
+++ b/crypto/aes/aes.c
@@ -682,7 +682,7 @@ int AES_set_decrypt_key(const uint8_t *key, unsigned bits, AES_KEY *aeskey) {
   }
   /* apply the inverse MixColumn transform to all round keys but the first and
    * the last: */
-  for (i = 1; i < aeskey->rounds; i++) {
+  for (i = 1; i < (int)aeskey->rounds; i++) {
     rk += 4;
     rk[0] =
         Td0[Te1[(rk[0] >> 24)] & 0xff] ^ Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^
diff --git a/crypto/bn/convert.c b/crypto/bn/convert.c
index 048ac73..1ba7cb6 100644
--- a/crypto/bn/convert.c
+++ b/crypto/bn/convert.c
@@ -163,7 +163,7 @@ int BN_bn2bin_padded(uint8_t *out, size_t len, const BIGNUM *in) {
 
   /* Check if the integer is too big. This case can exit early in non-constant
    * time. */
-  if (in->top > (len + (BN_BYTES - 1)) / BN_BYTES) {
+  if ((size_t)in->top > (len + (BN_BYTES - 1)) / BN_BYTES) {
     return 0;
   }
   if ((len % BN_BYTES) != 0) {
diff --git a/crypto/ex_data.c b/crypto/ex_data.c
index 820f48d..0c2503e 100644
--- a/crypto/ex_data.c
+++ b/crypto/ex_data.c
@@ -177,7 +177,7 @@ int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int index, void *val) {
 }
 
 void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx) {
-  if (ad->sk == NULL || idx >= sk_void_num(ad->sk)) {
+  if (ad->sk == NULL || idx < 0 || (size_t)idx >= sk_void_num(ad->sk)) {
     return NULL;
   }
   return sk_void_value(ad->sk, idx);
diff --git a/crypto/rsa/padding.c b/crypto/rsa/padding.c
index 3631424..4d29b07 100644
--- a/crypto/rsa/padding.c
+++ b/crypto/rsa/padding.c
@@ -55,6 +55,8 @@
 
 #include <openssl/rsa.h>
 
+#include <assert.h>
+
 #include <openssl/digest.h>
 #include <openssl/err.h>
 #include <openssl/mem.h>
@@ -659,7 +661,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
                                    int sLen) {
   int i;
   int ret = 0;
-  int maskedDBLen, MSBits, emLen;
+  size_t maskedDBLen, MSBits, emLen;
   size_t hLen;
   unsigned char *H, *salt = NULL, *p;
   EVP_MD_CTX ctx;
@@ -693,6 +695,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
   MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
   emLen = RSA_size(rsa);
   if (MSBits == 0) {
+    assert(emLen >= 1);
     *EM++ = 0;
     emLen--;
   }
diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
index ecfb33c..659bc44 100644
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -199,7 +199,7 @@ static void free_dir(X509_LOOKUP *lu)
 
 static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
 	{
-	int j,len;
+	size_t j,len;
 	const char *s,*ss,*p;
 
 	if (dir == NULL || !*dir)
@@ -217,13 +217,13 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
 			BY_DIR_ENTRY *ent;
 			ss=s;
 			s=p+1;
-			len=(int)(p-ss);
+			len=p-ss;
 			if (len == 0) continue;
 			for (j=0; j < sk_BY_DIR_ENTRY_num(ctx->dirs); j++)
 				{
 				ent = sk_BY_DIR_ENTRY_value(ctx->dirs, j);
-				if (strlen(ent->dir) == (size_t)len &&
-				    strncmp(ent->dir,ss,(unsigned int)len) == 0)
+				if (strlen(ent->dir) == len &&
+				    strncmp(ent->dir,ss,len) == 0)
 					break;
 				}
 			if (j < sk_BY_DIR_ENTRY_num(ctx->dirs))
@@ -242,13 +242,13 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
 				return 0;
 			ent->dir_type = type;
 			ent->hashes = sk_BY_DIR_HASH_new(by_dir_hash_cmp);
-			ent->dir = OPENSSL_malloc((unsigned int)len+1);
+			ent->dir = OPENSSL_malloc(len+1);
 			if (!ent->dir || !ent->hashes)
 				{
 				by_dir_entry_free(ent);
 				return 0;
 				}
-			strncpy(ent->dir,ss,(unsigned int)len);
+			strncpy(ent->dir,ss,len);
 			ent->dir[len] = '\0';
 			if (!sk_BY_DIR_ENTRY_push(ctx->dirs, ent))
 				{
@@ -275,7 +275,8 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
 			} crl;
 		} data;
 	int ok=0;
-	int i,j,k;
+	size_t i;
+	int j,k;
 	unsigned long h;
 	unsigned long hash_array[2];
 	int hash_index;
diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c
index 1f909de..bc278c3 100644
--- a/ssl/d1_srtp.c
+++ b/ssl/d1_srtp.c
@@ -312,7 +312,7 @@ int ssl_parse_clienthello_use_srtp_ext(SSL *s, CBS *cbs, int *out_alert)
 	CBS profile_ids, srtp_mki;
 	SRTP_PROTECTION_PROFILE *cprof, *sprof;
 	STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0,*srvr;
-	int i,j;
+	size_t i,j;
 	int ret = 0;
 
 	if (!CBS_get_u16_length_prefixed(cbs, &profile_ids) ||
@@ -405,7 +405,7 @@ int ssl_parse_serverhello_use_srtp_ext(SSL *s, CBS *cbs, int *out_alert)
 	{
 	CBS profile_ids, srtp_mki;
 	uint16_t profile_id;
-	int i;
+	size_t i;
 
 	STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;
 	SRTP_PROTECTION_PROFILE *prof;
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 73c0e08..03997c9 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -1780,7 +1780,8 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 	{
 	const SSL_CIPHER *c,*ret=NULL;
 	STACK_OF(SSL_CIPHER) *srvr = server_pref->ciphers, *prio, *allow;
-	int i,ok;
+	size_t i;
+	int ok;
 	size_t cipher_index;
 	CERT *cert;
 	unsigned long alg_k,alg_a,mask_k,mask_a;
@@ -1880,12 +1881,12 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 				/* This element of |prio| is in a group. Update
 				 * the minimum index found so far and continue
 				 * looking. */
-				if (group_min == -1 || group_min > cipher_index)
+				if (group_min == -1 || (size_t)group_min > cipher_index)
 					group_min = cipher_index;
 				}
 			else
 				{
-				if (group_min != -1 && group_min < cipher_index)
+				if (group_min != -1 && (size_t)group_min < cipher_index)
 					cipher_index = group_min;
 				ret=sk_SSL_CIPHER_value(allow,cipher_index);
 				break;
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index f5079a1..0df6a3c 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -574,7 +574,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
 	 * buffer ... so we trap and report the error in a way the user
 	 * will notice
 	 */
-	if (len < tot)
+	if (len < 0 || (size_t)len < tot)
 		{
 		OPENSSL_PUT_ERROR(SSL, ssl3_write_bytes, SSL_R_BAD_LENGTH);
 		return(-1);
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index b355f5b..4b814f3 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1001,12 +1001,13 @@ int ssl3_get_client_hello(SSL *s)
 	/* If it is a hit, check that the cipher is in the list */
 	if (s->hit && CBS_len(&cipher_suites) > 0)
 		{
+		size_t j;
 		int found_cipher = 0;
 		unsigned long id = s->session->cipher->id;
 
-		for (i=0; i<sk_SSL_CIPHER_num(ciphers); i++)
+		for (j = 0; j < sk_SSL_CIPHER_num(ciphers); j++)
 			{
-			c=sk_SSL_CIPHER_value(ciphers,i);
+			c = sk_SSL_CIPHER_value(ciphers, j);
 			if (c->id == id)
 				{
 				found_cipher = 1;
@@ -1683,7 +1684,8 @@ err:
 int ssl3_send_certificate_request(SSL *s)
 	{
 	unsigned char *p,*d;
-	int i,j,nl,off,n;
+	size_t i;
+	int j,nl,off,n;
 	STACK_OF(X509_NAME) *sk=NULL;
 	X509_NAME *name;
 	BUF_MEM *buf;
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 5e9d41d..33f3fd8 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -664,7 +664,7 @@ static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME)
 
 STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
 	{
-	int i;
+	size_t i;
 	STACK_OF(X509_NAME) *ret;
 	X509_NAME *name;
 
@@ -965,7 +965,7 @@ int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l)
 	{
 	BUF_MEM *buf = s->init_buf;
 	int no_chain;
-	int i;
+	size_t i;
 
 	X509 *x;
 	STACK_OF(X509) *extra_certs;
@@ -1060,12 +1060,13 @@ int ssl_build_cert_chain(CERT *c, X509_STORE *chain_store, int flags)
 	/* Rearranging and check the chain: add everything to a store */
 	if (flags & SSL_BUILD_CHAIN_FLAG_CHECK)
 		{
+		size_t j;
 		chain_store = X509_STORE_new();
 		if (!chain_store)
 			goto err;
-		for (i = 0; i < sk_X509_num(cpk->chain); i++)
+		for (j = 0; j < sk_X509_num(cpk->chain); j++)
 			{
-			x = sk_X509_value(cpk->chain, i);
+			x = sk_X509_value(cpk->chain, j);
 			if (!X509_STORE_add_cert(chain_store, x))
 				{
 				error = ERR_peek_last_error();
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 5562e20..952fd78 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1381,18 +1381,20 @@ STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
 	}
 
 /** The old interface to get the same thing as SSL_get_ciphers() */
-const char *SSL_get_cipher_list(const SSL *s,int n)
+const char *SSL_get_cipher_list(const SSL *s, int n)
 	{
 	const SSL_CIPHER *c;
 	STACK_OF(SSL_CIPHER) *sk;
 
-	if (s == NULL) return(NULL);
-	sk=SSL_get_ciphers(s);
-	if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
-		return(NULL);
-	c=sk_SSL_CIPHER_value(sk,n);
-	if (c == NULL) return(NULL);
-	return(c->name);
+	if (s == NULL)
+		return NULL;
+	sk = SSL_get_ciphers(s);
+	if (sk == NULL || n < 0 || (size_t)n >= sk_SSL_CIPHER_num(sk))
+		return NULL;
+	c = sk_SSL_CIPHER_value(sk, n);
+	if (c == NULL)
+		return NULL;
+	return c->name;
 	}
 
 /** specify the ciphers to be used by default by the SSL_CTX */
@@ -1458,7 +1460,7 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
 	char *p;
 	STACK_OF(SSL_CIPHER) *sk;
 	const SSL_CIPHER *c;
-	int i;
+	size_t i;
 
 	if ((s->session == NULL) || (s->session->ciphers == NULL) ||
 		(len < 2))
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index ca6bf6c..48fcd87 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -603,7 +603,7 @@ int tls1_setup_key_block(SSL *s)
 		/* For "stateful" AEADs (i.e. compatibility with pre-AEAD
 		 * cipher suites) the key length reported by
 		 * |EVP_AEAD_key_length| will include the MAC key bytes. */
-		if (key_len < mac_secret_size)
+		if (key_len < (size_t)mac_secret_size)
 			{
 			OPENSSL_PUT_ERROR(SSL, tls1_change_cipher_state, ERR_R_INTERNAL_ERROR);
 			return 0;
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 5993ffd..a14ce5a 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -894,7 +894,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
 	int using_ecc = 0;
 	if (s->version >= TLS1_VERSION || SSL_IS_DTLS(s))
 		{
-		int i;
+		size_t i;
 		unsigned long alg_k, alg_a;
 		STACK_OF(SSL_CIPHER) *cipher_stack = SSL_get_ciphers(s);
 
@@ -2883,7 +2883,7 @@ static int tls1_check_sig_alg(CERT *c, X509 *x, int default_nid)
 static int ssl_check_ca_name(STACK_OF(X509_NAME) *names, X509 *x)
 	{
 	X509_NAME *nm;
-	int i;
+	size_t i;
 	nm = X509_get_issuer_name(x);
 	for (i = 0; i < sk_X509_NAME_num(names); i++)
 		{
@@ -2911,7 +2911,7 @@ static int ssl_check_ca_name(STACK_OF(X509_NAME) *names, X509 *x)
 int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
 									int idx)
 	{
-	int i;
+	size_t i;
 	int rv = 0;
 	int check_flags = 0, strict_mode;
 	CERT_PKEY *cpk = NULL;
author	David Benjamin <davidben@chromium.org>	2014-09-30 21:00:38 -0400
committer	Adam Langley <agl@google.com>	2014-10-01 02:17:38 +0000
commit	fb3ff2c66cc873150022a4ab87ac72dd9d78b549 (patch)
tree	1a1c9e5afda5354c6e3a4f0442699703c9141301
parent	5e77bd449e9d7050d59271db157e3fc8957e23e9 (diff)
download	boringssl-fb3ff2c66cc873150022a4ab87ac72dd9d78b549.zip boringssl-fb3ff2c66cc873150022a4ab87ac72dd9d78b549.tar.gz boringssl-fb3ff2c66cc873150022a4ab87ac72dd9d78b549.tar.bz2