diff --git a/library/asn1parse.c b/library/asn1parse.c index e33fdf71da65..3962226f05ec 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -344,7 +344,7 @@ int mbedtls_asn1_get_sequence_of(unsigned char **p, asn1_get_sequence_of_cb_ctx_t cb_ctx = { tag, cur }; memset(cur, 0, sizeof(mbedtls_asn1_sequence)); return mbedtls_asn1_traverse_sequence_of( - p, end, 0xFF, tag, 0, 0, + p, end, 0xFF, (unsigned char) tag, 0, 0, asn1_get_sequence_of_cb, &cb_ctx); } diff --git a/library/asn1write.c b/library/asn1write.c index 775a9ef530fb..2b46a4307166 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -72,9 +72,12 @@ static int mbedtls_asn1_write_len_and_tag(unsigned char **p, unsigned char tag) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int tmp_len; - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, tag)); + tmp_len = (int) len; + MBEDTLS_ASN1_CHK_ADD(tmp_len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(tmp_len, mbedtls_asn1_write_tag(p, start, tag)); + len = (size_t) tmp_len; return (int) len; } @@ -149,9 +152,12 @@ int mbedtls_asn1_write_oid(unsigned char **p, const unsigned char *start, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; + int tmp_len; - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, + tmp_len = (int) len; + MBEDTLS_ASN1_CHK_ADD(tmp_len, mbedtls_asn1_write_raw_buffer(p, start, (const unsigned char *) oid, oid_len)); + len = (size_t) tmp_len; return mbedtls_asn1_write_len_and_tag(p, start, len, MBEDTLS_ASN1_OID); } @@ -168,17 +174,20 @@ int mbedtls_asn1_write_algorithm_identifier_ext(unsigned char **p, const unsigne { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; + int tmp_len; + tmp_len = (int) len; if (has_par) { if (par_len == 0) { - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_null(p, start)); + MBEDTLS_ASN1_CHK_ADD(tmp_len, mbedtls_asn1_write_null(p, start)); } else { - len += par_len; + tmp_len += (int) par_len; } } - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, oid_len)); + MBEDTLS_ASN1_CHK_ADD(tmp_len, mbedtls_asn1_write_oid(p, start, oid, oid_len)); + len = (size_t) tmp_len; return mbedtls_asn1_write_len_and_tag(p, start, len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); } @@ -218,7 +227,7 @@ static int asn1_write_tagged_int(unsigned char **p, const unsigned char *start, len += 1; } - return mbedtls_asn1_write_len_and_tag(p, start, len, tag); + return mbedtls_asn1_write_len_and_tag(p, start, len, (unsigned char) tag); } int mbedtls_asn1_write_int(unsigned char **p, const unsigned char *start, int val) @@ -236,12 +245,15 @@ int mbedtls_asn1_write_tagged_string(unsigned char **p, const unsigned char *sta { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; + int tmp_len; - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, + tmp_len = (int) len; + MBEDTLS_ASN1_CHK_ADD(tmp_len, mbedtls_asn1_write_raw_buffer(p, start, (const unsigned char *) text, text_len)); + len = (size_t) tmp_len; - return mbedtls_asn1_write_len_and_tag(p, start, len, tag); + return mbedtls_asn1_write_len_and_tag(p, start, len, (unsigned char) tag); } int mbedtls_asn1_write_utf8_string(unsigned char **p, const unsigned char *start, @@ -341,8 +353,11 @@ int mbedtls_asn1_write_octet_string(unsigned char **p, const unsigned char *star { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; + int tmp_len; - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, buf, size)); + tmp_len = (int) len; + MBEDTLS_ASN1_CHK_ADD(tmp_len, mbedtls_asn1_write_raw_buffer(p, start, buf, size)); + len = (size_t) tmp_len; return mbedtls_asn1_write_len_and_tag(p, start, len, MBEDTLS_ASN1_OCTET_STRING); } diff --git a/library/base64.c b/library/base64.c index 9677dee5b295..31d7c2811931 100644 --- a/library/base64.c +++ b/library/base64.c @@ -210,7 +210,7 @@ int mbedtls_base64_decode(unsigned char *dst, size_t dlen, size_t *olen, if (*src == '=') { ++equals; } else { - x |= mbedtls_ct_base64_dec_value(*src); + x |= (uint32_t) mbedtls_ct_base64_dec_value(*src); } if (++accumulated_digits == 4) { diff --git a/library/bignum.c b/library/bignum.c index 424490951d9e..91e74567efa8 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -48,7 +48,7 @@ static inline signed short mbedtls_ct_mpi_sign_if(mbedtls_ct_condition_t cond, signed short sign1, signed short sign2) { - return (signed short) mbedtls_ct_uint_if(cond, sign1 + 1, sign2 + 1) - 1; + return (signed short) mbedtls_ct_uint_if(cond, (unsigned) sign1 + 1, (unsigned) sign2 + 1) - 1; } /* @@ -164,7 +164,7 @@ int mbedtls_mpi_safe_cond_swap(mbedtls_mpi *X, s = X->s; X->s = mbedtls_ct_mpi_sign_if(do_swap, Y->s, X->s); - Y->s = mbedtls_ct_mpi_sign_if(do_swap, s, Y->s); + Y->s = mbedtls_ct_mpi_sign_if(do_swap, (signed short) s, Y->s); mbedtls_mpi_core_cond_swap(X->p, Y->p, X->n, do_swap); @@ -358,7 +358,7 @@ void mbedtls_mpi_swap(mbedtls_mpi *X, mbedtls_mpi *Y) static inline mbedtls_mpi_uint mpi_sint_abs(mbedtls_mpi_sint z) { if (z >= 0) { - return z; + return (mbedtls_mpi_uint) z; } /* Take care to handle the most negative value (-2^(biL-1)) correctly. * A naive -z would have undefined behavior. @@ -382,7 +382,7 @@ int mbedtls_mpi_lset(mbedtls_mpi *X, mbedtls_mpi_sint z) memset(X->p, 0, X->n * ciL); X->p[0] = mpi_sint_abs(z); - X->s = TO_SIGN(z); + X->s = (short) TO_SIGN(z); cleanup: @@ -450,7 +450,7 @@ size_t mbedtls_mpi_lsb(const mbedtls_mpi *X) #if defined(mbedtls_mpi_uint_ctz) for (i = 0; i < X->n; i++) { if (X->p[i] != 0) { - return i * biL + mbedtls_mpi_uint_ctz(X->p[i]); + return i * biL + (unsigned int) mbedtls_mpi_uint_ctz(X->p[i]); } } #else @@ -555,8 +555,8 @@ int mbedtls_mpi_read_string(mbedtls_mpi *X, int radix, const char *s) for (i = 0; i < slen; i++) { MBEDTLS_MPI_CHK(mpi_get_digit(&d, radix, s[i])); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(&T, X, radix)); - MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(X, &T, d)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(&T, X, (mbedtls_mpi_uint) radix)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(X, &T, (mbedtls_mpi_sint) d)); } } @@ -987,7 +987,7 @@ int mbedtls_mpi_cmp_int(const mbedtls_mpi *X, mbedtls_mpi_sint z) mbedtls_mpi_uint p[1]; *p = mpi_sint_abs(z); - Y.s = TO_SIGN(z); + Y.s = (short) TO_SIGN(z); Y.n = 1; Y.p = p; @@ -1123,15 +1123,15 @@ static int add_sub_mpi(mbedtls_mpi *X, /* If |A| = |B|, the result is 0 and we must set the sign bit * to +1 regardless of which of A or B was negative. Otherwise, * since |A| > |B|, the sign is the sign of A. */ - X->s = cmp == 0 ? 1 : s; + X->s = cmp == 0 ? 1 : (short) s; } else { MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(X, B, A)); /* Since |A| < |B|, the sign is the opposite of A. */ - X->s = -s; + X->s = (short) -s; } } else { MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(X, A, B)); - X->s = s; + X->s = (short) s; } cleanup: @@ -1164,7 +1164,7 @@ int mbedtls_mpi_add_int(mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b mbedtls_mpi_uint p[1]; p[0] = mpi_sint_abs(b); - B.s = TO_SIGN(b); + B.s = (short) TO_SIGN(b); B.n = 1; B.p = p; @@ -1180,7 +1180,7 @@ int mbedtls_mpi_sub_int(mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b mbedtls_mpi_uint p[1]; p[0] = mpi_sint_abs(b); - B.s = TO_SIGN(b); + B.s = (short) TO_SIGN(b); B.n = 1; B.p = p; @@ -1521,7 +1521,7 @@ int mbedtls_mpi_div_int(mbedtls_mpi *Q, mbedtls_mpi *R, mbedtls_mpi_uint p[1]; p[0] = mpi_sint_abs(b); - B.s = TO_SIGN(b); + B.s = (short) TO_SIGN(b); B.n = 1; B.p = p; @@ -1589,13 +1589,13 @@ int mbedtls_mpi_mod_int(mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_s for (i = A->n, y = 0; i > 0; i--) { x = A->p[i - 1]; y = (y << biH) | (x >> biH); - z = y / b; - y -= z * b; + z = y / (mbedtls_mpi_uint) b; + y -= z * (mbedtls_mpi_uint) b; x <<= biH; y = (y << biH) | (x >> biH); - z = y / b; - y -= z * b; + z = y / (mbedtls_mpi_uint) b; + y -= z * (mbedtls_mpi_uint) b; } /* @@ -1603,7 +1603,7 @@ int mbedtls_mpi_mod_int(mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_s * Flipping it to the positive side. */ if (A->s < 0 && y != 0) { - y = b - y; + y = (mbedtls_mpi_uint) b - y; } *r = y; @@ -1895,7 +1895,7 @@ int mbedtls_mpi_random(mbedtls_mpi *X, return ret; } - return mbedtls_mpi_core_random(X->p, min, N->p, X->n, f_rng, p_rng); + return mbedtls_mpi_core_random(X->p, (mbedtls_mpi_uint) min, N->p, X->n, f_rng, p_rng); } /* @@ -2035,9 +2035,9 @@ static int mpi_check_small_factors(const mbedtls_mpi *X) } for (i = 0; i < sizeof(small_prime_gaps); p += small_prime_gaps[i], i++) { - MBEDTLS_MPI_CHK(mbedtls_mpi_mod_int(&r, X, p)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_int(&r, X, (mbedtls_mpi_sint) p)); if (r == 0) { - if (mbedtls_mpi_cmp_int(X, p) == 0) { + if (mbedtls_mpi_cmp_int(X, (mbedtls_mpi_sint) p) == 0) { return 1; } else { return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE; @@ -2169,7 +2169,7 @@ int mbedtls_mpi_is_prime_ext(const mbedtls_mpi *X, int rounds, return ret; } - return mpi_miller_rabin(&XX, rounds, f_rng, p_rng); + return mpi_miller_rabin(&XX, (size_t) rounds, f_rng, p_rng); } /* @@ -2268,9 +2268,9 @@ int mbedtls_mpi_gen_prime(mbedtls_mpi *X, size_t nbits, int flags, */ if ((ret = mpi_check_small_factors(X)) == 0 && (ret = mpi_check_small_factors(&Y)) == 0 && - (ret = mpi_miller_rabin(X, rounds, f_rng, p_rng)) + (ret = mpi_miller_rabin(X, (size_t) rounds, f_rng, p_rng)) == 0 && - (ret = mpi_miller_rabin(&Y, rounds, f_rng, p_rng)) + (ret = mpi_miller_rabin(&Y, (size_t) rounds, f_rng, p_rng)) == 0) { goto cleanup; } diff --git a/library/bignum_core.c b/library/bignum_core.c index 4231554b8417..2ce52da64061 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -58,7 +58,7 @@ size_t mbedtls_mpi_core_bitlen(const mbedtls_mpi_uint *A, size_t A_limbs) for (i = ((int) A_limbs) - 1; i >= 0; i--) { if (A[i] != 0) { j = biL - mbedtls_mpi_core_clz(A[i]); - return (i * biL) + j; + return ((unsigned int) i * biL) + j; } } diff --git a/library/constant_time.c b/library/constant_time.c index 539fb215ab30..8e3421a09019 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -159,9 +159,9 @@ void mbedtls_ct_memmove_left(void *start, size_t total, size_t offset) for (size_t n = 0; n < total - 1; n++) { unsigned char current = buf[n]; unsigned char next = buf[n+1]; - buf[n] = mbedtls_ct_uint_if(no_op, current, next); + buf[n] = (unsigned char) mbedtls_ct_uint_if(no_op, current, next); } - buf[total-1] = mbedtls_ct_uint_if_else_0(no_op, buf[total-1]); + buf[total-1] = (unsigned char) mbedtls_ct_uint_if_else_0(no_op, buf[total-1]); } } diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index 2a4574ba68f4..b9ef3cc563b0 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -204,7 +204,8 @@ static inline mbedtls_ct_condition_t mbedtls_ct_bool(mbedtls_ct_uint_t x) #pragma warning( disable : 4146 ) #endif // y is negative (i.e., top bit set) iff x is non-zero - mbedtls_ct_int_t y = (-xo) | -(xo >> 1); + mbedtls_ct_int_t y; + y = (mbedtls_ct_int_t) ((-xo) | -(xo >> 1)); // extract only the sign bit of y so that y == 1 (if x is non-zero) or 0 (if x is zero) y = (((mbedtls_ct_uint_t) y) >> (MBEDTLS_CT_SIZE - 1)); @@ -498,7 +499,7 @@ static inline int mbedtls_ct_error_if(mbedtls_ct_condition_t condition, int if1, static inline int mbedtls_ct_error_if_else_0(mbedtls_ct_condition_t condition, int if1) { - return -((int) (condition & (-if1))); + return -((int) (condition & (mbedtls_ct_condition_t) (-if1))); } static inline mbedtls_ct_condition_t mbedtls_ct_uint_eq(mbedtls_ct_uint_t x, diff --git a/library/ecdsa.c b/library/ecdsa.c index 2f7a996a7e73..88eec8978947 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -614,14 +614,18 @@ static int ecdsa_signature_to_asn1(const mbedtls_mpi *r, const mbedtls_mpi *s, unsigned char buf[MBEDTLS_ECDSA_MAX_LEN] = { 0 }; unsigned char *p = buf + sizeof(buf); size_t len = 0; + int tmp_len; - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_mpi(&p, buf, s)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_mpi(&p, buf, r)); + tmp_len = (int) len; + MBEDTLS_ASN1_CHK_ADD(tmp_len, mbedtls_asn1_write_mpi(&p, buf, s)); + MBEDTLS_ASN1_CHK_ADD(tmp_len, mbedtls_asn1_write_mpi(&p, buf, r)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&p, buf, + len = (size_t) tmp_len; + MBEDTLS_ASN1_CHK_ADD(tmp_len, mbedtls_asn1_write_len(&p, buf, len)); + MBEDTLS_ASN1_CHK_ADD(tmp_len, mbedtls_asn1_write_tag(&p, buf, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); + len = (size_t) tmp_len; if (len > sig_size) { return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; diff --git a/library/lmots.c b/library/lmots.c index c51cb41ece88..e79f9b989b43 100644 --- a/library/lmots.c +++ b/library/lmots.c @@ -90,7 +90,7 @@ static unsigned short lmots_checksum_calculate(const mbedtls_lmots_parameters_t sum += DIGIT_MAX_VALUE - digest[idx]; } - return sum; + return (unsigned short) sum; } /* Create the string of digest digits (in the base determined by the Winternitz diff --git a/library/pk.c b/library/pk.c index 3fe51ea34fae..2c990cb9a026 100644 --- a/library/pk.c +++ b/library/pk.c @@ -662,7 +662,8 @@ static int import_pair_into_psa(const mbedtls_pk_context *pk, if (ret < 0) { return ret; } - size_t key_length = key_end - key_data; + size_t key_length; + key_length = (size_t) (key_end - key_data); ret = PSA_PK_TO_MBEDTLS_ERR(psa_import_key(attributes, key_data, key_length, key_id)); diff --git a/library/pkcs12.c b/library/pkcs12.c index a3467b982089..2bda054ba337 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -189,7 +189,7 @@ int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode, iv_len = mbedtls_cipher_info_get_iv_size(cipher_info); if ((ret = pkcs12_pbe_derive_key_iv(pbe_params, md_type, pwd, pwdlen, - key, keylen, + key, (size_t) keylen, iv, iv_len)) != 0) { return ret; } diff --git a/library/pkcs5.c b/library/pkcs5.c index c6c53054b621..2b7945e87fa1 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -217,8 +217,8 @@ int mbedtls_pkcs5_pbes2_ext(const mbedtls_asn1_buf *pbe_params, int mode, memcpy(iv, enc_scheme_params.p, enc_scheme_params.len); if ((ret = mbedtls_pkcs5_pbkdf2_hmac_ext(md_type, pwd, pwdlen, salt.p, - salt.len, iterations, keylen, - key)) != 0) { + salt.len, (unsigned int) iterations, + (uint32_t) keylen, key)) != 0) { goto exit; } diff --git a/library/pkwrite.c b/library/pkwrite.c index 2a698448bee6..d801cfb8ea02 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -234,14 +234,16 @@ static int pk_write_ec_param(unsigned char **p, unsigned char *start, size_t len = 0; const char *oid; size_t oid_len; + int tmp_len; if ((ret = mbedtls_oid_get_oid_by_ec_grp(grp_id, &oid, &oid_len)) != 0) { return ret; } - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, oid_len)); + tmp_len = (int) len; + MBEDTLS_ASN1_CHK_ADD(tmp_len, mbedtls_asn1_write_oid(p, start, oid, oid_len)); - return (int) len; + return tmp_len; } #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) @@ -310,10 +312,12 @@ static int pk_write_ec_der(unsigned char **p, unsigned char *buf, int ret; size_t pub_len = 0, par_len = 0; mbedtls_ecp_group_id grp_id; + int tmp_len; + tmp_len = (int) pub_len; /* publicKey */ - MBEDTLS_ASN1_CHK_ADD(pub_len, pk_write_ec_pubkey(p, buf, pk)); - + MBEDTLS_ASN1_CHK_ADD(tmp_len, pk_write_ec_pubkey(p, buf, pk)); + pub_len = (size_t) tmp_len; if (*p - buf < 1) { return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; } @@ -321,33 +325,39 @@ static int pk_write_ec_der(unsigned char **p, unsigned char *buf, **p = 0; pub_len += 1; - MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(p, buf, pub_len)); - MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_BIT_STRING)); + tmp_len = (int) pub_len; + MBEDTLS_ASN1_CHK_ADD(tmp_len, mbedtls_asn1_write_len(p, buf, (size_t) tmp_len)); + MBEDTLS_ASN1_CHK_ADD(tmp_len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_BIT_STRING)); - MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(p, buf, pub_len)); - MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(p, buf, + MBEDTLS_ASN1_CHK_ADD(tmp_len, mbedtls_asn1_write_len(p, buf, (size_t) tmp_len)); + MBEDTLS_ASN1_CHK_ADD(tmp_len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1)); + pub_len = (size_t) tmp_len; len += pub_len; /* parameters */ grp_id = mbedtls_pk_get_ec_group_id(pk); - MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(p, buf, grp_id)); - MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_len(p, buf, par_len)); - MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_tag(p, buf, + tmp_len = (int) par_len; + MBEDTLS_ASN1_CHK_ADD(tmp_len, pk_write_ec_param(p, buf, grp_id)); + MBEDTLS_ASN1_CHK_ADD(tmp_len, mbedtls_asn1_write_len(p, buf, (size_t) tmp_len)); + MBEDTLS_ASN1_CHK_ADD(tmp_len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0)); + par_len = (size_t) tmp_len; len += par_len; + tmp_len = (int) len; /* privateKey */ - MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(p, buf, pk)); + MBEDTLS_ASN1_CHK_ADD(tmp_len, pk_write_ec_private(p, buf, pk)); /* version */ - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(p, buf, 1)); + MBEDTLS_ASN1_CHK_ADD(tmp_len, mbedtls_asn1_write_int(p, buf, 1)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_CHK_ADD(tmp_len, mbedtls_asn1_write_len(p, buf, (size_t) tmp_len)); + MBEDTLS_ASN1_CHK_ADD(tmp_len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); + len = (size_t) tmp_len; return (int) len; } @@ -421,23 +431,26 @@ int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; + int tmp_len; + tmp_len = (int) len; #if defined(MBEDTLS_RSA_C) if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) { - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_rsa_write_pubkey(mbedtls_pk_rsa(*key), start, p)); + MBEDTLS_ASN1_CHK_ADD(tmp_len, mbedtls_rsa_write_pubkey(mbedtls_pk_rsa(*key), start, p)); } else #endif #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) { - MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_pubkey(p, start, key)); + MBEDTLS_ASN1_CHK_ADD(tmp_len, pk_write_ec_pubkey(p, start, key)); } else #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) if (mbedtls_pk_get_type(key) == MBEDTLS_PK_OPAQUE) { - MBEDTLS_ASN1_CHK_ADD(len, pk_write_opaque_pubkey(p, start, key)); + MBEDTLS_ASN1_CHK_ADD(tmp_len, pk_write_opaque_pubkey(p, start, key)); } else #endif /* MBEDTLS_USE_PSA_CRYPTO */ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; + len = (size_t) tmp_len; return (int) len; } @@ -450,6 +463,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu size_t len = 0, par_len = 0, oid_len = 0; mbedtls_pk_type_t pk_type; const char *oid = NULL; + int tmp_len; if (size == 0) { return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; @@ -457,7 +471,9 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu c = buf + size; - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_pk_write_pubkey(&c, buf, key)); + tmp_len = (int) len; + MBEDTLS_ASN1_CHK_ADD(tmp_len, mbedtls_pk_write_pubkey(&c, buf, key)); + len = (size_t) tmp_len; if (c - buf < 1) { return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; @@ -471,8 +487,10 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu *--c = 0; len += 1; - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_BIT_STRING)); + tmp_len = (int) len; + MBEDTLS_ASN1_CHK_ADD(tmp_len, mbedtls_asn1_write_len(&c, buf, (size_t) tmp_len)); + MBEDTLS_ASN1_CHK_ADD(tmp_len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_BIT_STRING)); + len = (size_t) tmp_len; pk_type = pk_get_type_ext(key); @@ -486,7 +504,9 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu } has_par = 0; } else { - MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(&c, buf, ec_grp_id)); + tmp_len = (int) par_len; + MBEDTLS_ASN1_CHK_ADD(tmp_len, pk_write_ec_param(&c, buf, ec_grp_id)); + par_len = (size_t) tmp_len;; } } #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ @@ -499,12 +519,14 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu } } - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_algorithm_identifier_ext(&c, buf, oid, oid_len, + tmp_len = (int) len; + MBEDTLS_ASN1_CHK_ADD(tmp_len, mbedtls_asn1_write_algorithm_identifier_ext(&c, buf, oid, oid_len, par_len, has_par)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_CHK_ADD(tmp_len, mbedtls_asn1_write_len(&c, buf, (size_t) tmp_len)); + MBEDTLS_ASN1_CHK_ADD(tmp_len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); + len = (size_t) tmp_len;; return (int) len; } @@ -566,7 +588,7 @@ int mbedtls_pk_write_pubkey_pem(const mbedtls_pk_context *key, unsigned char *bu if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_PUBLIC_KEY "\n", PEM_END_PUBLIC_KEY "\n", output_buf + PUB_DER_MAX_BYTES - ret, - ret, buf, size, &olen)) != 0) { + (size_t) ret, buf, size, &olen)) != 0) { goto cleanup; } @@ -615,7 +637,7 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, if ((ret = mbedtls_pem_write_buffer(begin, end, output_buf + PRV_DER_MAX_BYTES - ret, - ret, buf, size, &olen)) != 0) { + (size_t) ret, buf, size, &olen)) != 0) { goto cleanup; } diff --git a/library/psa_crypto.c b/library/psa_crypto.c index bb89a34146bf..008f5f65df31 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2605,7 +2605,7 @@ static psa_status_t psa_mac_finalize_alg_and_key_validation( } /* Get the output length for the algorithm and key combination */ - *mac_size = PSA_MAC_LENGTH(key_type, key_bits, alg); + *mac_size = (uint8_t) PSA_MAC_LENGTH(key_type, key_bits, alg); if (*mac_size < 4) { /* A very short MAC is too short for security since it can be @@ -2668,7 +2668,7 @@ static psa_status_t psa_mac_setup(psa_mac_operation_t *operation, goto exit; } - operation->is_sign = is_sign; + operation->is_sign = (unsigned int) is_sign; /* Dispatch the MAC setup call with validated input */ if (is_sign) { status = psa_driver_wrapper_mac_sign_setup(operation, @@ -4340,7 +4340,7 @@ static psa_status_t psa_cipher_setup(psa_cipher_operation_t *operation, } else { operation->iv_required = 1; } - operation->default_iv_length = PSA_CIPHER_IV_LENGTH(slot->attr.type, alg); + operation->default_iv_length = (uint8_t) PSA_CIPHER_IV_LENGTH(slot->attr.type, alg); /* Try doing the operation through a driver before using software fallback. */ if (cipher_operation == MBEDTLS_ENCRYPT) { @@ -5016,7 +5016,7 @@ static psa_status_t psa_aead_setup(psa_aead_operation_t *operation, if (status == PSA_SUCCESS) { status = unlock_status; operation->alg = psa_aead_get_base_algorithm(alg); - operation->is_encrypt = is_encrypt; + operation->is_encrypt = (unsigned int) is_encrypt; } else { psa_aead_abort(operation); } @@ -6261,7 +6261,8 @@ static psa_status_t psa_generate_derived_ecc_key_weierstrass_helper( * (8 * ceiling(m/8) - m) bits of the first byte in * the string to zero. */ - uint8_t clear_bit_mask = (1 << (m % 8)) - 1; + uint8_t clear_bit_mask; + clear_bit_mask = (uint8_t) (1 << (m % 8)) - 1; (*data)[0] &= clear_bit_mask; } diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c index 32a6b1f2c58e..adcf1d8e5254 100644 --- a/library/psa_crypto_cipher.c +++ b/library/psa_crypto_cipher.c @@ -384,8 +384,8 @@ static psa_status_t psa_cipher_setup( MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 */ operation->block_length = (PSA_ALG_IS_STREAM_CIPHER(alg) ? 1 : - PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type)); - operation->iv_length = PSA_CIPHER_IV_LENGTH(key_type, alg); + (uint8_t) PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type)); + operation->iv_length = (uint8_t) PSA_CIPHER_IV_LENGTH(key_type, alg); exit: return mbedtls_to_psa_error(ret); diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index f2e20fe4bba3..8337cf52bcc4 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -96,7 +96,9 @@ psa_status_t mbedtls_psa_ecp_load_representation( psa_status_t status; mbedtls_ecp_keypair *ecp = NULL; size_t curve_bytes = data_length; +#if !(defined (MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C) && defined(MBEDTLS_ECP_ALT)) int explicit_bits = (curve_bits != 0); +#endif if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type) && PSA_KEY_TYPE_ECC_GET_FAMILY(type) != PSA_ECC_FAMILY_MONTGOMERY) { diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 15d3cd2becfd..226dd95c9902 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -188,14 +188,14 @@ psa_status_t mbedtls_psa_rsa_export_key(psa_key_type_t type, * Move the data to the beginning and erase remaining data * at the original location. */ if (2 * (size_t) ret <= data_size) { - memcpy(data, data + data_size - ret, ret); - memset(data + data_size - ret, 0, ret); + memcpy(data, data + data_size - ret, (unsigned int) ret); + memset(data + data_size - ret, 0, (unsigned int) ret); } else if ((size_t) ret < data_size) { - memmove(data, data + data_size - ret, ret); - memset(data + ret, 0, data_size - ret); + memmove(data, data + data_size - ret, (unsigned int) ret); + memset(data + ret, 0, data_size - (unsigned int) ret); } - *data_length = ret; + *data_length = (size_t) ret; return PSA_SUCCESS; } @@ -245,7 +245,7 @@ psa_status_t psa_rsa_read_exponent(const uint8_t *e_bytes, if (acc > INT_MAX) { return PSA_ERROR_NOT_SUPPORTED; } - *exponent = acc; + *exponent = (int) acc; return PSA_SUCCESS; } diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index a28b723d0ff9..41d07c2cfce6 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -665,7 +665,7 @@ psa_status_t psa_reserve_free_key_slot(psa_key_id_t *volatile_key_id, if (volatile_key_id != NULL) { /* Refresh slot_idx, for when the slot is not the original * selected_slot but rather unused_persistent_key_slot. */ - slot_idx = selected_slot - global_data.key_slots; + slot_idx = (size_t) (selected_slot - global_data.key_slots); *volatile_key_id = PSA_KEY_ID_VOLATILE_MIN + slot_idx; } #endif diff --git a/library/psa_util.c b/library/psa_util.c index 679d00ea9b90..76b183c60513 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -412,7 +412,7 @@ static int convert_raw_to_der_single_int(const unsigned char *raw_buf, size_t ra return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; } p -= len; - memcpy(p, raw_buf, len); + memcpy(p, raw_buf, (unsigned int) len); /* If MSb is 1, ASN.1 requires that we prepend a 0. */ if (*p & 0x80) { @@ -424,7 +424,7 @@ static int convert_raw_to_der_single_int(const unsigned char *raw_buf, size_t ra ++len; } - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, der_buf_start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, der_buf_start, (size_t) len)); MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&p, der_buf_start, MBEDTLS_ASN1_INTEGER)); return len; @@ -439,6 +439,7 @@ int mbedtls_ecdsa_raw_to_der(size_t bits, const unsigned char *raw, size_t raw_l size_t len = 0; unsigned char *p = der + der_size; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int tmp_len; if (raw_len != (2 * coordinate_len)) { return MBEDTLS_ERR_ASN1_INVALID_DATA; @@ -459,20 +460,22 @@ int mbedtls_ecdsa_raw_to_der(size_t bits, const unsigned char *raw, size_t raw_l return ret; } p -= ret; - len += ret; + len += (size_t) ret; ret = convert_raw_to_der_single_int(r, coordinate_len, der, p); if (ret < 0) { return ret; } p -= ret; - len += ret; + len += (size_t) ret; + tmp_len = (int) len; /* Add ASN.1 header (len + tag). */ - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, der, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&p, der, + MBEDTLS_ASN1_CHK_ADD(tmp_len, mbedtls_asn1_write_len(&p, der, len)); + MBEDTLS_ASN1_CHK_ADD(tmp_len, mbedtls_asn1_write_tag(&p, der, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); + len = (size_t) tmp_len; /* memmove the content of der buffer to its beginnig. */ memmove(der, p, len); @@ -583,7 +586,7 @@ int mbedtls_ecdsa_der_to_raw(size_t bits, const unsigned char *der, size_t der_l return ret; } p += ret; - data_len -= ret; + data_len -= (size_t) ret; /* Extract s */ ret = convert_der_to_raw_single_int(p, data_len, raw_tmp + coordinate_size, @@ -592,7 +595,7 @@ int mbedtls_ecdsa_der_to_raw(size_t bits, const unsigned char *der, size_t der_l return ret; } p += ret; - data_len -= ret; + data_len -= (size_t) ret; /* Check that we consumed all the input der data. */ if ((size_t) (p - der) != der_len) {