Don't compare signed vs. unsigned.
This resolves a pile of MSVC warnings in Chromium.
Change-Id: Ib9a29cb88d8ed8ec4118d153260f775be059a803
Reviewed-on: https://boringssl-review.googlesource.com/1865
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/aes/aes.c b/crypto/aes/aes.c
index c47fe88..2f428b1 100644
--- a/crypto/aes/aes.c
+++ b/crypto/aes/aes.c
@@ -682,7 +682,7 @@
}
/* apply the inverse MixColumn transform to all round keys but the first and
* the last: */
- for (i = 1; i < aeskey->rounds; i++) {
+ for (i = 1; i < (int)aeskey->rounds; i++) {
rk += 4;
rk[0] =
Td0[Te1[(rk[0] >> 24)] & 0xff] ^ Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^
diff --git a/crypto/bn/convert.c b/crypto/bn/convert.c
index 048ac73..1ba7cb6 100644
--- a/crypto/bn/convert.c
+++ b/crypto/bn/convert.c
@@ -163,7 +163,7 @@
/* Check if the integer is too big. This case can exit early in non-constant
* time. */
- if (in->top > (len + (BN_BYTES - 1)) / BN_BYTES) {
+ if ((size_t)in->top > (len + (BN_BYTES - 1)) / BN_BYTES) {
return 0;
}
if ((len % BN_BYTES) != 0) {
diff --git a/crypto/ex_data.c b/crypto/ex_data.c
index 820f48d..0c2503e 100644
--- a/crypto/ex_data.c
+++ b/crypto/ex_data.c
@@ -177,7 +177,7 @@
}
void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx) {
- if (ad->sk == NULL || idx >= sk_void_num(ad->sk)) {
+ if (ad->sk == NULL || idx < 0 || (size_t)idx >= sk_void_num(ad->sk)) {
return NULL;
}
return sk_void_value(ad->sk, idx);
diff --git a/crypto/rsa/padding.c b/crypto/rsa/padding.c
index 3631424..4d29b07 100644
--- a/crypto/rsa/padding.c
+++ b/crypto/rsa/padding.c
@@ -55,6 +55,8 @@
#include <openssl/rsa.h>
+#include <assert.h>
+
#include <openssl/digest.h>
#include <openssl/err.h>
#include <openssl/mem.h>
@@ -659,7 +661,7 @@
int sLen) {
int i;
int ret = 0;
- int maskedDBLen, MSBits, emLen;
+ size_t maskedDBLen, MSBits, emLen;
size_t hLen;
unsigned char *H, *salt = NULL, *p;
EVP_MD_CTX ctx;
@@ -693,6 +695,7 @@
MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
emLen = RSA_size(rsa);
if (MSBits == 0) {
+ assert(emLen >= 1);
*EM++ = 0;
emLen--;
}
diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
index ecfb33c..659bc44 100644
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -199,7 +199,7 @@
static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
{
- int j,len;
+ size_t j,len;
const char *s,*ss,*p;
if (dir == NULL || !*dir)
@@ -217,13 +217,13 @@
BY_DIR_ENTRY *ent;
ss=s;
s=p+1;
- len=(int)(p-ss);
+ len=p-ss;
if (len == 0) continue;
for (j=0; j < sk_BY_DIR_ENTRY_num(ctx->dirs); j++)
{
ent = sk_BY_DIR_ENTRY_value(ctx->dirs, j);
- if (strlen(ent->dir) == (size_t)len &&
- strncmp(ent->dir,ss,(unsigned int)len) == 0)
+ if (strlen(ent->dir) == len &&
+ strncmp(ent->dir,ss,len) == 0)
break;
}
if (j < sk_BY_DIR_ENTRY_num(ctx->dirs))
@@ -242,13 +242,13 @@
return 0;
ent->dir_type = type;
ent->hashes = sk_BY_DIR_HASH_new(by_dir_hash_cmp);
- ent->dir = OPENSSL_malloc((unsigned int)len+1);
+ ent->dir = OPENSSL_malloc(len+1);
if (!ent->dir || !ent->hashes)
{
by_dir_entry_free(ent);
return 0;
}
- strncpy(ent->dir,ss,(unsigned int)len);
+ strncpy(ent->dir,ss,len);
ent->dir[len] = '\0';
if (!sk_BY_DIR_ENTRY_push(ctx->dirs, ent))
{
@@ -275,7 +275,8 @@
} crl;
} data;
int ok=0;
- int i,j,k;
+ size_t i;
+ int j,k;
unsigned long h;
unsigned long hash_array[2];
int hash_index;
diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c
index 1f909de..bc278c3 100644
--- a/ssl/d1_srtp.c
+++ b/ssl/d1_srtp.c
@@ -312,7 +312,7 @@
CBS profile_ids, srtp_mki;
SRTP_PROTECTION_PROFILE *cprof, *sprof;
STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0,*srvr;
- int i,j;
+ size_t i,j;
int ret = 0;
if (!CBS_get_u16_length_prefixed(cbs, &profile_ids) ||
@@ -405,7 +405,7 @@
{
CBS profile_ids, srtp_mki;
uint16_t profile_id;
- int i;
+ size_t i;
STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;
SRTP_PROTECTION_PROFILE *prof;
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 73c0e08..03997c9 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -1780,7 +1780,8 @@
{
const SSL_CIPHER *c,*ret=NULL;
STACK_OF(SSL_CIPHER) *srvr = server_pref->ciphers, *prio, *allow;
- int i,ok;
+ size_t i;
+ int ok;
size_t cipher_index;
CERT *cert;
unsigned long alg_k,alg_a,mask_k,mask_a;
@@ -1880,12 +1881,12 @@
/* This element of |prio| is in a group. Update
* the minimum index found so far and continue
* looking. */
- if (group_min == -1 || group_min > cipher_index)
+ if (group_min == -1 || (size_t)group_min > cipher_index)
group_min = cipher_index;
}
else
{
- if (group_min != -1 && group_min < cipher_index)
+ if (group_min != -1 && (size_t)group_min < cipher_index)
cipher_index = group_min;
ret=sk_SSL_CIPHER_value(allow,cipher_index);
break;
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index f5079a1..0df6a3c 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -574,7 +574,7 @@
* buffer ... so we trap and report the error in a way the user
* will notice
*/
- if (len < tot)
+ if (len < 0 || (size_t)len < tot)
{
OPENSSL_PUT_ERROR(SSL, ssl3_write_bytes, SSL_R_BAD_LENGTH);
return(-1);
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index b355f5b..4b814f3 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1001,12 +1001,13 @@
/* If it is a hit, check that the cipher is in the list */
if (s->hit && CBS_len(&cipher_suites) > 0)
{
+ size_t j;
int found_cipher = 0;
unsigned long id = s->session->cipher->id;
- for (i=0; i<sk_SSL_CIPHER_num(ciphers); i++)
+ for (j = 0; j < sk_SSL_CIPHER_num(ciphers); j++)
{
- c=sk_SSL_CIPHER_value(ciphers,i);
+ c = sk_SSL_CIPHER_value(ciphers, j);
if (c->id == id)
{
found_cipher = 1;
@@ -1683,7 +1684,8 @@
int ssl3_send_certificate_request(SSL *s)
{
unsigned char *p,*d;
- int i,j,nl,off,n;
+ size_t i;
+ int j,nl,off,n;
STACK_OF(X509_NAME) *sk=NULL;
X509_NAME *name;
BUF_MEM *buf;
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 5e9d41d..33f3fd8 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -664,7 +664,7 @@
STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
{
- int i;
+ size_t i;
STACK_OF(X509_NAME) *ret;
X509_NAME *name;
@@ -965,7 +965,7 @@
{
BUF_MEM *buf = s->init_buf;
int no_chain;
- int i;
+ size_t i;
X509 *x;
STACK_OF(X509) *extra_certs;
@@ -1060,12 +1060,13 @@
/* Rearranging and check the chain: add everything to a store */
if (flags & SSL_BUILD_CHAIN_FLAG_CHECK)
{
+ size_t j;
chain_store = X509_STORE_new();
if (!chain_store)
goto err;
- for (i = 0; i < sk_X509_num(cpk->chain); i++)
+ for (j = 0; j < sk_X509_num(cpk->chain); j++)
{
- x = sk_X509_value(cpk->chain, i);
+ x = sk_X509_value(cpk->chain, j);
if (!X509_STORE_add_cert(chain_store, x))
{
error = ERR_peek_last_error();
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 5562e20..952fd78 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1381,18 +1381,20 @@
}
/** The old interface to get the same thing as SSL_get_ciphers() */
-const char *SSL_get_cipher_list(const SSL *s,int n)
+const char *SSL_get_cipher_list(const SSL *s, int n)
{
const SSL_CIPHER *c;
STACK_OF(SSL_CIPHER) *sk;
- if (s == NULL) return(NULL);
- sk=SSL_get_ciphers(s);
- if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
- return(NULL);
- c=sk_SSL_CIPHER_value(sk,n);
- if (c == NULL) return(NULL);
- return(c->name);
+ if (s == NULL)
+ return NULL;
+ sk = SSL_get_ciphers(s);
+ if (sk == NULL || n < 0 || (size_t)n >= sk_SSL_CIPHER_num(sk))
+ return NULL;
+ c = sk_SSL_CIPHER_value(sk, n);
+ if (c == NULL)
+ return NULL;
+ return c->name;
}
/** specify the ciphers to be used by default by the SSL_CTX */
@@ -1458,7 +1460,7 @@
char *p;
STACK_OF(SSL_CIPHER) *sk;
const SSL_CIPHER *c;
- int i;
+ size_t i;
if ((s->session == NULL) || (s->session->ciphers == NULL) ||
(len < 2))
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index ca6bf6c..48fcd87 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -603,7 +603,7 @@
/* For "stateful" AEADs (i.e. compatibility with pre-AEAD
* cipher suites) the key length reported by
* |EVP_AEAD_key_length| will include the MAC key bytes. */
- if (key_len < mac_secret_size)
+ if (key_len < (size_t)mac_secret_size)
{
OPENSSL_PUT_ERROR(SSL, tls1_change_cipher_state, ERR_R_INTERNAL_ERROR);
return 0;
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 5993ffd..a14ce5a 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -894,7 +894,7 @@
int using_ecc = 0;
if (s->version >= TLS1_VERSION || SSL_IS_DTLS(s))
{
- int i;
+ size_t i;
unsigned long alg_k, alg_a;
STACK_OF(SSL_CIPHER) *cipher_stack = SSL_get_ciphers(s);
@@ -2883,7 +2883,7 @@
static int ssl_check_ca_name(STACK_OF(X509_NAME) *names, X509 *x)
{
X509_NAME *nm;
- int i;
+ size_t i;
nm = X509_get_issuer_name(x);
for (i = 0; i < sk_X509_NAME_num(names); i++)
{
@@ -2911,7 +2911,7 @@
int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
int idx)
{
- int i;
+ size_t i;
int rv = 0;
int check_flags = 0, strict_mode;
CERT_PKEY *cpk = NULL;
