mirror of
https://github.com/oasislinux/oasis.git
synced 2026-05-12 21:34:47 +02:00
Michael Forney
921 lines
31 KiB
Diff
921 lines
31 KiB
Diff
From 44bc6dfcdd2581f64fc869c8863dd590ea947033 Mon Sep 17 00:00:00 2001
|
|
From: Michael Forney <mforney@mforney.org>
|
|
Date: Thu, 2 Apr 2026 23:52:53 -0700
|
|
Subject: [PATCH] Avoid implicit pointer sign conversions
|
|
|
|
s_client_options:
|
|
All option values for clr and off used here fit in a 32-bit int,
|
|
the largest being SSL_OP_NO_TLSv1_3=0x20000000L, so make these
|
|
fields int.
|
|
|
|
sm4_ctr_cipher:
|
|
CRYPTO_ctr128_encrypt expects an unsigned int *, but ctx->num is
|
|
an int. Use a local variable with the correct type to avoid aliasing
|
|
issues.
|
|
|
|
addr_validate_path_internal:
|
|
length is used twice, its address is passed to
|
|
IPAddressFamily_afi_length, expecting an int *, and addr_contains, also
|
|
expecting int, so change its type to int.
|
|
|
|
tls_decrypt_ticket:
|
|
hlen is used for the result of HMAC_size. Though the manual documents
|
|
this as returning a size_t, it actually returns an int since it
|
|
wraps EVP_MD_size, which can return a negative value. HMAC_Final
|
|
expects an unsigned int *, so we need a separate variable for the
|
|
final length.
|
|
|
|
tls13_new_session_ticket_recv:
|
|
session_id_length is used twice, its address is passed to EVP_Digest
|
|
which expects an unsigned int, and then it is saved in
|
|
SSL_SESSION.session_id_length, a size_t. So its type from int to
|
|
unsigned int.
|
|
|
|
All other changes simply make explicit the conversions among pointers
|
|
to character types already being done. These implicit conversions
|
|
are constraint violations in ISO C.
|
|
---
|
|
apps/openssl/ca.c | 7 ++++---
|
|
apps/openssl/cms.c | 2 +-
|
|
apps/openssl/s_client.c | 4 ++--
|
|
crypto/asn1/a_object.c | 12 ++++++------
|
|
crypto/asn1/a_time.c | 2 +-
|
|
crypto/asn1/a_time_tm.c | 22 ++++++++++++----------
|
|
crypto/bio/b_dump.c | 2 +-
|
|
crypto/bio/bss_mem.c | 4 ++--
|
|
crypto/bn/bn_convert.c | 8 ++++----
|
|
crypto/bn/bn_print.c | 2 +-
|
|
crypto/evp/e_sm4.c | 4 +++-
|
|
crypto/ocsp/ocsp_cl.c | 4 ++--
|
|
crypto/pkcs7/pk7_attr.c | 2 +-
|
|
crypto/x509/x509_addr.c | 2 +-
|
|
crypto/x509/x509_constraints.c | 18 +++++++++---------
|
|
crypto/x509/x509_obj.c | 10 +++++-----
|
|
crypto/x509/x509_utl.c | 8 ++++----
|
|
crypto/x509/x509_verify.c | 3 ++-
|
|
crypto/x509/x509name.c | 3 ++-
|
|
ssl/s3_lib.c | 2 +-
|
|
ssl/ssl_clnt.c | 2 +-
|
|
ssl/ssl_lib.c | 8 ++++----
|
|
ssl/ssl_srvr.c | 2 +-
|
|
ssl/ssl_tlsext.c | 3 ++-
|
|
ssl/ssl_txt.c | 4 ++--
|
|
ssl/t1_lib.c | 4 +++-
|
|
ssl/tls13_client.c | 8 ++++----
|
|
ssl/tls13_key_schedule.c | 12 ++++++------
|
|
ssl/tls13_legacy.c | 2 +-
|
|
ssl/tls13_lib.c | 3 ++-
|
|
ssl/tls13_record_layer.c | 2 +-
|
|
ssl/tls13_server.c | 10 +++++-----
|
|
32 files changed, 96 insertions(+), 85 deletions(-)
|
|
|
|
diff --git a/apps/openssl/ca.c b/apps/openssl/ca.c
|
|
index a2e8a6836..5505983ff 100644
|
|
--- a/apps/openssl/ca.c
|
|
+++ b/apps/openssl/ca.c
|
|
@@ -2197,7 +2197,7 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
|
|
|
|
if ((tm = X509_get_notAfter(ret)) == NULL)
|
|
goto err;
|
|
- row[DB_exp_date] = strndup(ASN1_STRING_get0_data(tm),
|
|
+ row[DB_exp_date] = strndup((char *)ASN1_STRING_get0_data(tm),
|
|
ASN1_STRING_length(tm));
|
|
if (row[DB_type] == NULL || row[DB_exp_date] == NULL) {
|
|
BIO_printf(bio_err, "Memory allocation failure\n");
|
|
@@ -2325,7 +2325,7 @@ do_revoke(X509 *x509, CA_DB *db, int type, char *value)
|
|
|
|
if ((tm = X509_get_notAfter(x509)) == NULL)
|
|
goto err;
|
|
- row[DB_exp_date] = strndup(ASN1_STRING_get0_data(tm),
|
|
+ row[DB_exp_date] = strndup((char *)ASN1_STRING_get0_data(tm),
|
|
ASN1_STRING_length(tm));
|
|
if (row[DB_type] == NULL || row[DB_exp_date] == NULL) {
|
|
BIO_printf(bio_err, "Memory allocation failure\n");
|
|
@@ -2489,7 +2489,8 @@ do_updatedb(CA_DB *db)
|
|
cnt = -1;
|
|
goto err;
|
|
}
|
|
- a_tm_s = strndup(ASN1_STRING_get0_data(a_tm), ASN1_STRING_length(a_tm));
|
|
+ a_tm_s = strndup((char *)ASN1_STRING_get0_data(a_tm),
|
|
+ ASN1_STRING_length(a_tm));
|
|
if (a_tm_s == NULL) {
|
|
cnt = -1;
|
|
goto err;
|
|
diff --git a/apps/openssl/cms.c b/apps/openssl/cms.c
|
|
index 7430f4c93..a63d6e453 100644
|
|
--- a/apps/openssl/cms.c
|
|
+++ b/apps/openssl/cms.c
|
|
@@ -1512,7 +1512,7 @@ cms_main(int argc, char **argv)
|
|
cfg.secret_keyid = NULL;
|
|
}
|
|
if (cfg.pwri_pass != NULL) {
|
|
- pwri_tmp = strdup(cfg.pwri_pass);
|
|
+ pwri_tmp = (unsigned char *)strdup((char *)cfg.pwri_pass);
|
|
if (pwri_tmp == NULL)
|
|
goto end;
|
|
if (CMS_add0_recipient_password(cms, -1, NID_undef,
|
|
diff --git a/apps/openssl/s_client.c b/apps/openssl/s_client.c
|
|
index 2b05facc1..d12423d0f 100644
|
|
--- a/apps/openssl/s_client.c
|
|
+++ b/apps/openssl/s_client.c
|
|
@@ -194,7 +194,7 @@ static struct {
|
|
char *cert_file;
|
|
int cert_format;
|
|
char *cipher;
|
|
- unsigned int clr;
|
|
+ int clr;
|
|
char *connect;
|
|
int crlf;
|
|
int debug;
|
|
@@ -215,7 +215,7 @@ static struct {
|
|
int nbio_test;
|
|
int no_servername;
|
|
char *npn_in;
|
|
- unsigned int off;
|
|
+ int off;
|
|
char *passarg;
|
|
int peekaboo;
|
|
char *port;
|
|
diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c
|
|
index 333ac6034..25e7a2ae6 100644
|
|
--- a/crypto/asn1/a_object.c
|
|
+++ b/crypto/asn1/a_object.c
|
|
@@ -182,7 +182,7 @@ oid_add_arc_txt(CBB *cbb, uint64_t arc, int first)
|
|
n = snprintf(s, sizeof(s), fmt, (unsigned long long)arc);
|
|
if (n < 0 || (size_t)n >= sizeof(s))
|
|
return 0;
|
|
- if (!CBB_add_bytes(cbb, s, n))
|
|
+ if (!CBB_add_bytes(cbb, (uint8_t *)s, n))
|
|
return 0;
|
|
|
|
return 1;
|
|
@@ -343,7 +343,7 @@ a2d_ASN1_OBJECT(unsigned char *out, int out_len, const char *in, int in_len)
|
|
if (in_len <= 0)
|
|
goto err;
|
|
|
|
- CBS_init(&cbs, in, in_len);
|
|
+ CBS_init(&cbs, (uint8_t *)in, in_len);
|
|
|
|
if (!CBB_init(&cbb, 0))
|
|
goto err;
|
|
@@ -401,7 +401,7 @@ i2t_ASN1_OBJECT_name(const ASN1_OBJECT *aobj, CBB *cbb, const char **out_name)
|
|
|
|
*out_name = name;
|
|
|
|
- if (!CBB_add_bytes(cbb, name, strlen(name)))
|
|
+ if (!CBB_add_bytes(cbb, (uint8_t *)name, strlen(name)))
|
|
return 0;
|
|
|
|
/* NUL terminate. */
|
|
@@ -448,7 +448,7 @@ i2t_ASN1_OBJECT_internal(const ASN1_OBJECT *aobj, char *buf, int buf_len, int no
|
|
if (!CBB_finish(&cbb, &data, &data_len))
|
|
goto err;
|
|
|
|
- ret = strlcpy(buf, data, buf_len);
|
|
+ ret = strlcpy(buf, (char *)data, buf_len);
|
|
err:
|
|
CBB_cleanup(&cbb);
|
|
free(data);
|
|
@@ -474,7 +474,7 @@ t2i_ASN1_OBJECT_internal(const char *oid)
|
|
|
|
memset(&cbb, 0, sizeof(cbb));
|
|
|
|
- CBS_init(&cbs, oid, strlen(oid));
|
|
+ CBS_init(&cbs, (uint8_t *)oid, strlen(oid));
|
|
|
|
if (!CBB_init(&cbb, 0))
|
|
goto err;
|
|
@@ -521,7 +521,7 @@ i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *aobj)
|
|
if (!CBB_finish(&cbb, &data, &data_len))
|
|
goto err;
|
|
|
|
- ret = BIO_write(bp, data, strlen(data));
|
|
+ ret = BIO_write(bp, data, strlen((char *)data));
|
|
|
|
err:
|
|
CBB_cleanup(&cbb);
|
|
diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c
|
|
index 3deff56ed..10634c067 100644
|
|
--- a/crypto/asn1/a_time.c
|
|
+++ b/crypto/asn1/a_time.c
|
|
@@ -99,7 +99,7 @@ ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm)
|
|
time_t now;
|
|
|
|
if (s != NULL)
|
|
- return ASN1_time_parse(s->data, s->length, tm, 0) != -1;
|
|
+ return ASN1_time_parse((char *)s->data, s->length, tm, 0) != -1;
|
|
|
|
time(&now);
|
|
memset(tm, 0, sizeof(*tm));
|
|
diff --git a/crypto/asn1/a_time_tm.c b/crypto/asn1/a_time_tm.c
|
|
index dd2893167..c0e0d6245 100644
|
|
--- a/crypto/asn1/a_time_tm.c
|
|
+++ b/crypto/asn1/a_time_tm.c
|
|
@@ -96,7 +96,7 @@ tm_to_gentime(struct tm *tm, ASN1_TIME *atime)
|
|
}
|
|
|
|
free(atime->data);
|
|
- atime->data = time_str;
|
|
+ atime->data = (unsigned char *)time_str;
|
|
atime->length = GENTIME_LENGTH;
|
|
atime->type = V_ASN1_GENERALIZEDTIME;
|
|
|
|
@@ -122,7 +122,7 @@ tm_to_utctime(struct tm *tm, ASN1_TIME *atime)
|
|
}
|
|
|
|
free(atime->data);
|
|
- atime->data = time_str;
|
|
+ atime->data = (unsigned char *)time_str;
|
|
atime->length = UTCTIME_LENGTH;
|
|
atime->type = V_ASN1_UTCTIME;
|
|
|
|
@@ -293,7 +293,7 @@ ASN1_time_parse(const char *bytes, size_t len, struct tm *tm, int mode)
|
|
if (bytes == NULL)
|
|
return -1;
|
|
|
|
- CBS_init(&cbs, bytes, len);
|
|
+ CBS_init(&cbs, (uint8_t *)bytes, len);
|
|
|
|
if (CBS_len(&cbs) == UTCTIME_LENGTH)
|
|
type = V_ASN1_UTCTIME;
|
|
@@ -401,7 +401,8 @@ ASN1_TIME_check(const ASN1_TIME *t)
|
|
{
|
|
if (t->type != V_ASN1_GENERALIZEDTIME && t->type != V_ASN1_UTCTIME)
|
|
return 0;
|
|
- return t->type == ASN1_time_parse(t->data, t->length, NULL, t->type);
|
|
+ return t->type == ASN1_time_parse((char *)t->data, t->length, NULL,
|
|
+ t->type);
|
|
}
|
|
LCRYPTO_ALIAS(ASN1_TIME_check);
|
|
|
|
@@ -414,7 +415,7 @@ ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
|
|
if (t->type != V_ASN1_GENERALIZEDTIME && t->type != V_ASN1_UTCTIME)
|
|
goto err;
|
|
|
|
- if (t->type != ASN1_time_parse(t->data, t->length, &tm, t->type))
|
|
+ if (t->type != ASN1_time_parse((char *)t->data, t->length, &tm, t->type))
|
|
goto err;
|
|
|
|
if (out == NULL || (agt = *out) == NULL)
|
|
@@ -460,7 +461,7 @@ ASN1_TIME_cmp_time_t_internal(const ASN1_TIME *s, time_t t2, int mode)
|
|
* one of those pervasive things from OpenSSL we must continue with.
|
|
*/
|
|
|
|
- if (ASN1_time_parse(s->data, s->length, &tm1, mode) == -1)
|
|
+ if (ASN1_time_parse((char *)s->data, s->length, &tm1, mode) == -1)
|
|
return -2;
|
|
|
|
if (!asn1_time_time_t_to_tm(&t2, &tm2))
|
|
@@ -480,10 +481,10 @@ ASN1_TIME_compare(const ASN1_TIME *t1, const ASN1_TIME *t2)
|
|
if (t2->type != V_ASN1_UTCTIME && t2->type != V_ASN1_GENERALIZEDTIME)
|
|
return -2;
|
|
|
|
- if (ASN1_time_parse(t1->data, t1->length, &tm1, t1->type) == -1)
|
|
+ if (ASN1_time_parse((char *)t1->data, t1->length, &tm1, t1->type) == -1)
|
|
return -2;
|
|
|
|
- if (ASN1_time_parse(t2->data, t2->length, &tm2, t2->type) == -1)
|
|
+ if (ASN1_time_parse((char *)t2->data, t2->length, &tm2, t2->type) == -1)
|
|
return -2;
|
|
|
|
return ASN1_time_tm_cmp(&tm1, &tm2);
|
|
@@ -511,7 +512,7 @@ ASN1_UTCTIME_check(const ASN1_UTCTIME *d)
|
|
{
|
|
if (d->type != V_ASN1_UTCTIME)
|
|
return 0;
|
|
- return d->type == ASN1_time_parse(d->data, d->length, NULL, d->type);
|
|
+ return d->type == ASN1_time_parse((char *)d->data, d->length, NULL, d->type);
|
|
}
|
|
LCRYPTO_ALIAS(ASN1_UTCTIME_check);
|
|
|
|
@@ -557,7 +558,8 @@ ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d)
|
|
{
|
|
if (d->type != V_ASN1_GENERALIZEDTIME)
|
|
return 0;
|
|
- return d->type == ASN1_time_parse(d->data, d->length, NULL, d->type);
|
|
+ return d->type == ASN1_time_parse((char *)d->data, d->length, NULL,
|
|
+ d->type);
|
|
}
|
|
LCRYPTO_ALIAS(ASN1_GENERALIZEDTIME_check);
|
|
|
|
diff --git a/crypto/bio/b_dump.c b/crypto/bio/b_dump.c
|
|
index 3f673205c..40b09dc23 100644
|
|
--- a/crypto/bio/b_dump.c
|
|
+++ b/crypto/bio/b_dump.c
|
|
@@ -86,7 +86,7 @@ BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
|
|
|
|
if (len < 0)
|
|
goto err;
|
|
- CBS_init(&cbs, s, len);
|
|
+ CBS_init(&cbs, (uint8_t *)s, len);
|
|
|
|
if (indent < 0)
|
|
indent = 0;
|
|
diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c
|
|
index 0fa6317a2..afcd6b216 100644
|
|
--- a/crypto/bio/bss_mem.c
|
|
+++ b/crypto/bio/bss_mem.c
|
|
@@ -84,7 +84,7 @@ bio_mem_pending(struct bio_mem *bm)
|
|
static uint8_t *
|
|
bio_mem_read_ptr(struct bio_mem *bm)
|
|
{
|
|
- return &bm->buf->data[bm->read_offset];
|
|
+ return (uint8_t *)&bm->buf->data[bm->read_offset];
|
|
}
|
|
|
|
static int mem_new(BIO *bio);
|
|
@@ -349,7 +349,7 @@ mem_gets(BIO *bio, char *out, int out_len)
|
|
return 0;
|
|
}
|
|
|
|
- p = bio_mem_read_ptr(bm);
|
|
+ p = (char *)bio_mem_read_ptr(bm);
|
|
for (i = 0; i < out_max; i++) {
|
|
if (p[i] == '\n') {
|
|
i++;
|
|
diff --git a/crypto/bn/bn_convert.c b/crypto/bn/bn_convert.c
|
|
index ab5bc519c..cb006a209 100644
|
|
--- a/crypto/bn/bn_convert.c
|
|
+++ b/crypto/bn/bn_convert.c
|
|
@@ -261,7 +261,7 @@ BN_asc2bn(BIGNUM **bnp, const char *s)
|
|
if ((s_len = strlen(s)) == 0)
|
|
return 0;
|
|
|
|
- CBS_init(&cbs, s, s_len);
|
|
+ CBS_init(&cbs, (uint8_t *)s, s_len);
|
|
|
|
/* Handle negative sign. */
|
|
if (!CBS_peek_u8(&cbs, &v))
|
|
@@ -373,7 +373,7 @@ BN_bn2dec(const BIGNUM *bn)
|
|
CBB_cleanup(&cbb);
|
|
freezero(data, data_len);
|
|
|
|
- return s;
|
|
+ return (char *)s;
|
|
}
|
|
LCRYPTO_ALIAS(BN_bn2dec);
|
|
|
|
@@ -476,7 +476,7 @@ BN_dec2bn(BIGNUM **bnp, const char *s)
|
|
if ((s_len = strlen(s)) == 0)
|
|
return 0;
|
|
|
|
- CBS_init(&cbs, s, s_len);
|
|
+ CBS_init(&cbs, (uint8_t *)s, s_len);
|
|
|
|
return bn_dec2bn_cbs(bnp, &cbs);
|
|
}
|
|
@@ -677,7 +677,7 @@ BN_hex2bn(BIGNUM **bnp, const char *s)
|
|
if ((s_len = strlen(s)) == 0)
|
|
return 0;
|
|
|
|
- CBS_init(&cbs, s, s_len);
|
|
+ CBS_init(&cbs, (uint8_t *)s, s_len);
|
|
|
|
return bn_hex2bn_cbs(bnp, &cbs);
|
|
}
|
|
diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c
|
|
index cd8b66360..655732413 100644
|
|
--- a/crypto/bn/bn_print.c
|
|
+++ b/crypto/bn/bn_print.c
|
|
@@ -82,7 +82,7 @@ bn_print_bignum(BIO *bio, const BIGNUM *bn, int indent)
|
|
if (!bn_bn2hex_nosign(bn, &hex, &hex_len))
|
|
goto err;
|
|
|
|
- CBS_init(&cbs, hex, hex_len);
|
|
+ CBS_init(&cbs, (uint8_t *)hex, hex_len);
|
|
|
|
if (BN_is_negative(bn)) {
|
|
if (BIO_printf(bio, " (Negative)") <= 0)
|
|
diff --git a/crypto/evp/e_sm4.c b/crypto/evp/e_sm4.c
|
|
index cde2f6c64..9f8b13ed1 100644
|
|
--- a/crypto/evp/e_sm4.c
|
|
+++ b/crypto/evp/e_sm4.c
|
|
@@ -237,9 +237,11 @@ sm4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
|
|
size_t len)
|
|
{
|
|
EVP_SM4_KEY *key = ((EVP_SM4_KEY *)(ctx)->cipher_data);
|
|
+ unsigned int num;
|
|
|
|
CRYPTO_ctr128_encrypt(in, out, len, &key->ks, ctx->iv, ctx->buf,
|
|
- &ctx->num, (block128_f)SM4_encrypt);
|
|
+ &num, (block128_f)SM4_encrypt);
|
|
+ ctx->num = num;
|
|
return 1;
|
|
}
|
|
|
|
diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c
|
|
index 460c1bce5..15a70b1c5 100644
|
|
--- a/crypto/ocsp/ocsp_cl.c
|
|
+++ b/crypto/ocsp/ocsp_cl.c
|
|
@@ -410,7 +410,7 @@ OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
|
|
* (such as UTCTIME permitted/required by RFC 5280 for certificates)
|
|
*/
|
|
/* Check that thisUpdate is valid. */
|
|
- if (ASN1_time_parse(thisupd->data, thisupd->length, &tm_this,
|
|
+ if (ASN1_time_parse((char *)thisupd->data, thisupd->length, &tm_this,
|
|
V_ASN1_GENERALIZEDTIME) != V_ASN1_GENERALIZEDTIME) {
|
|
OCSPerror(OCSP_R_ERROR_IN_THISUPDATE_FIELD);
|
|
return 0;
|
|
@@ -433,7 +433,7 @@ OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
|
|
return 1;
|
|
|
|
/* Check that nextUpdate is valid. */
|
|
- if (ASN1_time_parse(nextupd->data, nextupd->length, &tm_next,
|
|
+ if (ASN1_time_parse((char *)nextupd->data, nextupd->length, &tm_next,
|
|
V_ASN1_GENERALIZEDTIME) != V_ASN1_GENERALIZEDTIME) {
|
|
OCSPerror(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD);
|
|
return 0;
|
|
diff --git a/crypto/pkcs7/pk7_attr.c b/crypto/pkcs7/pk7_attr.c
|
|
index f2e17806d..cb6b2e84f 100644
|
|
--- a/crypto/pkcs7/pk7_attr.c
|
|
+++ b/crypto/pkcs7/pk7_attr.c
|
|
@@ -192,7 +192,7 @@ PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t)
|
|
}
|
|
|
|
/* RFC 5652, section 11.3 - UTCTime for the years 1950-2049. */
|
|
- if (ASN1_time_parse(tm->data, tm->length, NULL, tm->type) == -1)
|
|
+ if (ASN1_time_parse((char *)tm->data, tm->length, NULL, tm->type) == -1)
|
|
goto err;
|
|
if (!PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime, tm->type, tm))
|
|
goto err;
|
|
diff --git a/crypto/x509/x509_addr.c b/crypto/x509/x509_addr.c
|
|
index b4ee92a14..615375dd6 100644
|
|
--- a/crypto/x509/x509_addr.c
|
|
+++ b/crypto/x509/x509_addr.c
|
|
@@ -1875,7 +1875,7 @@ addr_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509) *chain,
|
|
X509 *cert = NULL;
|
|
int depth = -1;
|
|
int i;
|
|
- unsigned int length;
|
|
+ int length;
|
|
int ret = 1;
|
|
|
|
/* We need a non-empty chain to test against. */
|
|
diff --git a/crypto/x509/x509_constraints.c b/crypto/x509/x509_constraints.c
|
|
index c4f32c9cf..597fdde06 100644
|
|
--- a/crypto/x509/x509_constraints.c
|
|
+++ b/crypto/x509/x509_constraints.c
|
|
@@ -347,7 +347,7 @@ x509_constraints_parse_mailbox(CBS *candidate,
|
|
|
|
for (i = 0; i < len; i++) {
|
|
char c;
|
|
- if (!CBS_get_u8(©, &c))
|
|
+ if (!CBS_get_u8(©, (uint8_t *)&c))
|
|
goto bad;
|
|
/* non ascii, cr, lf, or nul is never allowed */
|
|
if (!isascii(c) || c == '\r' || c == '\n' || c == '\0')
|
|
@@ -445,7 +445,7 @@ x509_constraints_parse_mailbox(CBS *candidate,
|
|
}
|
|
if (candidate_local == NULL || candidate_domain == NULL)
|
|
goto bad;
|
|
- CBS_init(&domain_cbs, candidate_domain, strlen(candidate_domain));
|
|
+ CBS_init(&domain_cbs, (uint8_t *)candidate_domain, strlen(candidate_domain));
|
|
if (!x509_constraints_valid_host(&domain_cbs, 0))
|
|
goto bad;
|
|
|
|
@@ -549,7 +549,7 @@ x509_constraints_uri_host(uint8_t *uri, size_t len, char **hostpart)
|
|
if (host != NULL)
|
|
break;
|
|
/* start after the userinfo part */
|
|
- host = uri + i + 1;
|
|
+ host = (char *)uri + i + 1;
|
|
continue;
|
|
}
|
|
/* did we find the end? */
|
|
@@ -561,8 +561,8 @@ x509_constraints_uri_host(uint8_t *uri, size_t len, char **hostpart)
|
|
if (hostlen == 0)
|
|
return 0;
|
|
if (host == NULL)
|
|
- host = authority;
|
|
- CBS_init(&host_cbs, host, hostlen);
|
|
+ host = (char *)authority;
|
|
+ CBS_init(&host_cbs, (uint8_t *)host, hostlen);
|
|
if (!x509_constraints_valid_host(&host_cbs, 1))
|
|
return 0;
|
|
if (hostpart != NULL && !CBS_strdup(&host_cbs, hostpart))
|
|
@@ -667,8 +667,8 @@ x509_constraints_uri(uint8_t *uri, size_t ulen, uint8_t *constraint,
|
|
*error = X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX;
|
|
goto err;
|
|
}
|
|
- ret = x509_constraints_domain(hostpart, strlen(hostpart), constraint,
|
|
- len);
|
|
+ ret = x509_constraints_domain(hostpart, strlen(hostpart),
|
|
+ (char *)constraint, len);
|
|
err:
|
|
free(hostpart);
|
|
return ret;
|
|
@@ -1018,7 +1018,7 @@ x509_constraints_validate(GENERAL_NAME *constraint,
|
|
case GEN_DNS:
|
|
if (!x509_constraints_valid_domain_constraint(&cbs))
|
|
goto err;
|
|
- if ((name->name = strndup(bytes, len)) == NULL) {
|
|
+ if ((name->name = strndup((char *)bytes, len)) == NULL) {
|
|
error = X509_V_ERR_OUT_OF_MEM;
|
|
goto err;
|
|
}
|
|
@@ -1064,7 +1064,7 @@ x509_constraints_validate(GENERAL_NAME *constraint,
|
|
case GEN_URI:
|
|
if (!x509_constraints_valid_domain_constraint(&cbs))
|
|
goto err;
|
|
- if ((name->name = strndup(bytes, len)) == NULL) {
|
|
+ if ((name->name = strndup((char *)bytes, len)) == NULL) {
|
|
error = X509_V_ERR_OUT_OF_MEM;
|
|
goto err;
|
|
}
|
|
diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c
|
|
index db1741cc9..43afeb8cf 100644
|
|
--- a/crypto/x509/x509_obj.c
|
|
+++ b/crypto/x509/x509_obj.c
|
|
@@ -78,13 +78,13 @@ X509_NAME_ENTRY_add_object_cbb(CBB *cbb, const ASN1_OBJECT *aobj)
|
|
/* Prefer SN over LN, and fall back to textual representation of OID. */
|
|
if ((nid = OBJ_obj2nid(aobj)) != NID_undef) {
|
|
if ((str = OBJ_nid2sn(nid)) != NULL)
|
|
- return CBB_add_bytes(cbb, str, strlen(str));
|
|
+ return CBB_add_bytes(cbb, (uint8_t *)str, strlen(str));
|
|
if ((str = OBJ_nid2ln(nid)) != NULL)
|
|
- return CBB_add_bytes(cbb, str, strlen(str));
|
|
+ return CBB_add_bytes(cbb, (uint8_t *)str, strlen(str));
|
|
}
|
|
if (OBJ_obj2txt(buf, sizeof(buf), aobj, 1) == 0)
|
|
return 0;
|
|
- return CBB_add_bytes(cbb, buf, strlen(buf));
|
|
+ return CBB_add_bytes(cbb, (uint8_t *)buf, strlen(buf));
|
|
}
|
|
|
|
static int
|
|
@@ -183,9 +183,9 @@ X509_NAME_oneline(const X509_NAME *a, char *buf, int len)
|
|
goto err;
|
|
|
|
if (buf == NULL)
|
|
- return line;
|
|
+ return (char *)line;
|
|
|
|
- strlcpy(buf, line, len);
|
|
+ strlcpy(buf, (char *)line, len);
|
|
free(line);
|
|
|
|
return buf;
|
|
diff --git a/crypto/x509/x509_utl.c b/crypto/x509/x509_utl.c
|
|
index 2e60834ed..0746ac0c5 100644
|
|
--- a/crypto/x509/x509_utl.c
|
|
+++ b/crypto/x509/x509_utl.c
|
|
@@ -504,7 +504,7 @@ hex_to_string(const unsigned char *buffer, long len)
|
|
err:
|
|
CBB_cleanup(&cbb);
|
|
|
|
- return out;
|
|
+ return (char *)out;
|
|
}
|
|
LCRYPTO_ALIAS(hex_to_string);
|
|
|
|
@@ -569,7 +569,7 @@ string_to_hex(const char *str, long *len)
|
|
goto err;
|
|
}
|
|
|
|
- CBS_init(&cbs, str, strlen(str));
|
|
+ CBS_init(&cbs, (uint8_t *)str, strlen(str));
|
|
while (CBS_len(&cbs) > 0) {
|
|
/*
|
|
* Skipping only a single colon between two pairs of digits
|
|
@@ -813,7 +813,7 @@ equal_nocase(const unsigned char *pattern, size_t pattern_len,
|
|
skip_prefix(&pattern, &pattern_len, subject, subject_len, flags);
|
|
if (pattern_len != subject_len)
|
|
return 0;
|
|
- return (strncasecmp(pattern, subject, pattern_len) == 0);
|
|
+ return (strncasecmp((char *)pattern, (char *)subject, pattern_len) == 0);
|
|
}
|
|
|
|
/* Compare using strncmp. */
|
|
@@ -828,7 +828,7 @@ equal_case(const unsigned char *pattern, size_t pattern_len,
|
|
skip_prefix(&pattern, &pattern_len, subject, subject_len, flags);
|
|
if (pattern_len != subject_len)
|
|
return 0;
|
|
- return (strncmp(pattern, subject, pattern_len) == 0);
|
|
+ return (strncmp((char *)pattern, (char *)subject, pattern_len) == 0);
|
|
}
|
|
|
|
/*
|
|
diff --git a/crypto/x509/x509_verify.c b/crypto/x509/x509_verify.c
|
|
index fc3fbc14d..95c6cf359 100644
|
|
--- a/crypto/x509/x509_verify.c
|
|
+++ b/crypto/x509/x509_verify.c
|
|
@@ -55,7 +55,8 @@ x509_verify_asn1_time_to_time_t(const ASN1_TIME *atime, int notAfter,
|
|
if (atime == NULL)
|
|
return 0;
|
|
|
|
- type = ASN1_time_parse(atime->data, atime->length, &tm, atime->type);
|
|
+ type = ASN1_time_parse((char *)atime->data, atime->length, &tm,
|
|
+ atime->type);
|
|
if (type == -1)
|
|
return 0;
|
|
|
|
diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c
|
|
index e60d8b7a3..5fc4d2ee0 100644
|
|
--- a/crypto/x509/x509name.c
|
|
+++ b/crypto/x509/x509name.c
|
|
@@ -107,7 +107,8 @@ X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, char *buf,
|
|
goto err;
|
|
/* We still support the "pass NULL to find out how much" API */
|
|
if (buf != NULL) {
|
|
- if (len <= 0 || !CBS_write_bytes(&cbs, buf, len - 1, NULL))
|
|
+ if (len <= 0 || !CBS_write_bytes(&cbs, (uint8_t *)buf,
|
|
+ len - 1, NULL))
|
|
goto err;
|
|
/* It must be a C string */
|
|
buf[text_len] = '\0';
|
|
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
|
|
index bcf26bec4..431af32f2 100644
|
|
--- a/ssl/s3_lib.c
|
|
+++ b/ssl/s3_lib.c
|
|
@@ -1551,7 +1551,7 @@ _SSL_set_tlsext_host_name(SSL *s, const char *name)
|
|
if (name == NULL)
|
|
return 1;
|
|
|
|
- CBS_init(&cbs, name, strlen(name));
|
|
+ CBS_init(&cbs, (uint8_t *)name, strlen(name));
|
|
|
|
if (!tlsext_sni_is_valid_hostname(&cbs, &is_ip)) {
|
|
SSLerror(s, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
|
|
diff --git a/ssl/ssl_clnt.c b/ssl/ssl_clnt.c
|
|
index 6ef81a170..ffc55e5f9 100644
|
|
--- a/ssl/ssl_clnt.c
|
|
+++ b/ssl/ssl_clnt.c
|
|
@@ -2337,7 +2337,7 @@ ssl3_send_client_change_cipher_spec(SSL *s)
|
|
memset(&cbb, 0, sizeof(cbb));
|
|
|
|
if (s->s3->hs.state == SSL3_ST_CW_CHANGE_A) {
|
|
- if (!CBB_init_fixed(&cbb, s->init_buf->data,
|
|
+ if (!CBB_init_fixed(&cbb, (uint8_t *)s->init_buf->data,
|
|
s->init_buf->length))
|
|
goto err;
|
|
if (!CBB_add_u8(&cbb, SSL3_MT_CCS))
|
|
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
|
|
index 630724e67..32ab5332a 100644
|
|
--- a/ssl/ssl_lib.c
|
|
+++ b/ssl/ssl_lib.c
|
|
@@ -2004,12 +2004,12 @@ SSL_export_keying_material(SSL *s, unsigned char *out, size_t out_len,
|
|
context = NULL;
|
|
context_len = 0;
|
|
}
|
|
- return tls13_exporter(s->tls13, label, label_len, context,
|
|
- context_len, out, out_len);
|
|
+ return tls13_exporter(s->tls13, (uint8_t *)label, label_len,
|
|
+ context, context_len, out, out_len);
|
|
}
|
|
|
|
- return tls12_exporter(s, label, label_len, context, context_len,
|
|
- use_context, out, out_len);
|
|
+ return tls12_exporter(s, (uint8_t *)label, label_len, context,
|
|
+ context_len, use_context, out, out_len);
|
|
}
|
|
LSSL_ALIAS(SSL_export_keying_material);
|
|
|
|
diff --git a/ssl/ssl_srvr.c b/ssl/ssl_srvr.c
|
|
index af4b20f6c..e877bb3f9 100644
|
|
--- a/ssl/ssl_srvr.c
|
|
+++ b/ssl/ssl_srvr.c
|
|
@@ -2378,7 +2378,7 @@ ssl3_send_server_change_cipher_spec(SSL *s)
|
|
memset(&cbb, 0, sizeof(cbb));
|
|
|
|
if (s->s3->hs.state == SSL3_ST_SW_CHANGE_A) {
|
|
- if (!CBB_init_fixed(&cbb, s->init_buf->data,
|
|
+ if (!CBB_init_fixed(&cbb, (uint8_t *)s->init_buf->data,
|
|
s->init_buf->length))
|
|
goto err;
|
|
if (!CBB_add_u8(&cbb, SSL3_MT_CCS))
|
|
diff --git a/ssl/ssl_tlsext.c b/ssl/ssl_tlsext.c
|
|
index d879b3304..2b75b0fbb 100644
|
|
--- a/ssl/ssl_tlsext.c
|
|
+++ b/ssl/ssl_tlsext.c
|
|
@@ -808,7 +808,8 @@ tlsext_sni_server_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
|
|
*alert = SSL_AD_UNRECOGNIZED_NAME;
|
|
goto err;
|
|
}
|
|
- if (!CBS_mem_equal(&host_name, s->session->tlsext_hostname,
|
|
+ if (!CBS_mem_equal(&host_name,
|
|
+ (uint8_t *)s->session->tlsext_hostname,
|
|
strlen(s->session->tlsext_hostname))) {
|
|
*alert = SSL_AD_UNRECOGNIZED_NAME;
|
|
goto err;
|
|
diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c
|
|
index 4ed76c95a..1ad3b9255 100644
|
|
--- a/ssl/ssl_txt.c
|
|
+++ b/ssl/ssl_txt.c
|
|
@@ -170,8 +170,8 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
|
|
if (x->tlsext_tick != NULL) {
|
|
if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0)
|
|
goto err;
|
|
- if (BIO_dump_indent(bp, x->tlsext_tick, x->tlsext_ticklen,
|
|
- 4) <= 0)
|
|
+ if (BIO_dump_indent(bp, (char *)x->tlsext_tick,
|
|
+ x->tlsext_ticklen, 4) <= 0)
|
|
goto err;
|
|
}
|
|
|
|
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
|
|
index 912bea592..c93107383 100644
|
|
--- a/ssl/t1_lib.c
|
|
+++ b/ssl/t1_lib.c
|
|
@@ -1014,6 +1014,7 @@ tls_decrypt_ticket(SSL *s, CBS *ticket, int *alert, SSL_SESSION **psess)
|
|
EVP_CIPHER_CTX *cctx = NULL;
|
|
SSL_CTX *tctx = s->initial_ctx;
|
|
int slen, hlen, iv_len;
|
|
+ unsigned int hlenu;
|
|
int alert_desc = SSL_AD_INTERNAL_ERROR;
|
|
int ret = TLS1_TICKET_FATAL_ERROR;
|
|
|
|
@@ -1108,8 +1109,9 @@ tls_decrypt_ticket(SSL *s, CBS *ticket, int *alert, SSL_SESSION **psess)
|
|
if (HMAC_Update(hctx, CBS_data(&ticket_encdata),
|
|
CBS_len(&ticket_encdata)) <= 0)
|
|
goto err;
|
|
- if (HMAC_Final(hctx, hmac, &hlen) <= 0)
|
|
+ if (HMAC_Final(hctx, hmac, &hlenu) <= 0)
|
|
goto err;
|
|
+ hlen = hlenu;
|
|
|
|
if (!CBS_mem_equal(&ticket_hmac, hmac, hlen))
|
|
goto derr;
|
|
diff --git a/ssl/tls13_client.c b/ssl/tls13_client.c
|
|
index 21d396079..a837b85fe 100644
|
|
--- a/ssl/tls13_client.c
|
|
+++ b/ssl/tls13_client.c
|
|
@@ -668,7 +668,7 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs)
|
|
sizeof(tls13_cert_verify_pad)))
|
|
goto err;
|
|
if (!CBB_add_bytes(&cbb, tls13_cert_server_verify_context,
|
|
- strlen(tls13_cert_server_verify_context)))
|
|
+ strlen((char *)tls13_cert_server_verify_context)))
|
|
goto err;
|
|
if (!CBB_add_u8(&cbb, 0))
|
|
goto err;
|
|
@@ -722,7 +722,7 @@ int
|
|
tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs)
|
|
{
|
|
struct tls13_secrets *secrets = ctx->hs->tls13.secrets;
|
|
- struct tls13_secret context = { .data = "", .len = 0 };
|
|
+ struct tls13_secret context = { .data = (uint8_t *)"", .len = 0 };
|
|
struct tls13_secret finished_key;
|
|
uint8_t transcript_hash[EVP_MAX_MD_SIZE];
|
|
size_t transcript_hash_len;
|
|
@@ -944,7 +944,7 @@ tls13_client_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb)
|
|
sizeof(tls13_cert_verify_pad)))
|
|
goto err;
|
|
if (!CBB_add_bytes(&sig_cbb, tls13_cert_client_verify_context,
|
|
- strlen(tls13_cert_client_verify_context)))
|
|
+ strlen((char *)tls13_cert_client_verify_context)))
|
|
goto err;
|
|
if (!CBB_add_u8(&sig_cbb, 0))
|
|
goto err;
|
|
@@ -1005,7 +1005,7 @@ int
|
|
tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb)
|
|
{
|
|
struct tls13_secrets *secrets = ctx->hs->tls13.secrets;
|
|
- struct tls13_secret context = { .data = "", .len = 0 };
|
|
+ struct tls13_secret context = { .data = (uint8_t *)"", .len = 0 };
|
|
struct tls13_secret finished_key = { .data = NULL, .len = 0 };
|
|
uint8_t transcript_hash[EVP_MAX_MD_SIZE];
|
|
size_t transcript_hash_len;
|
|
diff --git a/ssl/tls13_key_schedule.c b/ssl/tls13_key_schedule.c
|
|
index 05bcf0f00..19afc7999 100644
|
|
--- a/ssl/tls13_key_schedule.c
|
|
+++ b/ssl/tls13_key_schedule.c
|
|
@@ -160,8 +160,8 @@ tls13_hkdf_expand_label(struct tls13_secret *out, const EVP_MD *digest,
|
|
const struct tls13_secret *secret, const char *label,
|
|
const struct tls13_secret *context)
|
|
{
|
|
- return tls13_hkdf_expand_label_with_length(out, digest, secret, label,
|
|
- strlen(label), context);
|
|
+ return tls13_hkdf_expand_label_with_length(out, digest, secret,
|
|
+ (uint8_t *)label, strlen(label), context);
|
|
}
|
|
|
|
int
|
|
@@ -185,7 +185,7 @@ tls13_hkdf_expand_label_with_length(struct tls13_secret *out,
|
|
goto err;
|
|
if (!CBB_add_u8_length_prefixed(&cbb, &child))
|
|
goto err;
|
|
- if (!CBB_add_bytes(&child, tls13_plabel, strlen(tls13_plabel)))
|
|
+ if (!CBB_add_bytes(&child, (uint8_t *)tls13_plabel, strlen(tls13_plabel)))
|
|
goto err;
|
|
if (!CBB_add_bytes(&child, label, label_len))
|
|
goto err;
|
|
@@ -362,7 +362,7 @@ tls13_derive_application_secrets(struct tls13_secrets *secrets,
|
|
int
|
|
tls13_update_client_traffic_secret(struct tls13_secrets *secrets)
|
|
{
|
|
- struct tls13_secret context = { .data = "", .len = 0 };
|
|
+ struct tls13_secret context = { .data = (uint8_t *)"", .len = 0 };
|
|
|
|
if (!secrets->init_done || !secrets->early_done ||
|
|
!secrets->handshake_done || !secrets->schedule_done)
|
|
@@ -376,7 +376,7 @@ tls13_update_client_traffic_secret(struct tls13_secrets *secrets)
|
|
int
|
|
tls13_update_server_traffic_secret(struct tls13_secrets *secrets)
|
|
{
|
|
- struct tls13_secret context = { .data = "", .len = 0 };
|
|
+ struct tls13_secret context = { .data = (uint8_t *)"", .len = 0 };
|
|
|
|
if (!secrets->init_done || !secrets->early_done ||
|
|
!secrets->handshake_done || !secrets->schedule_done)
|
|
@@ -423,7 +423,7 @@ tls13_exporter(struct tls13_ctx *ctx, const uint8_t *label, size_t label_len,
|
|
|
|
/* In TLSv1.3 no context is equivalent to an empty context. */
|
|
if (context_value == NULL) {
|
|
- context_value = "";
|
|
+ context_value = (uint8_t *)"";
|
|
context_value_len = 0;
|
|
}
|
|
|
|
diff --git a/ssl/tls13_legacy.c b/ssl/tls13_legacy.c
|
|
index 6a06330b2..220999745 100644
|
|
--- a/ssl/tls13_legacy.c
|
|
+++ b/ssl/tls13_legacy.c
|
|
@@ -359,7 +359,7 @@ tls13_use_legacy_stack(struct tls13_ctx *ctx)
|
|
tls13_handshake_msg_data(ctx->hs_msg, &cbs);
|
|
if (!BUF_MEM_grow_clean(s->init_buf, CBS_len(&cbs)))
|
|
goto err;
|
|
- if (!CBS_write_bytes(&cbs, s->init_buf->data,
|
|
+ if (!CBS_write_bytes(&cbs, (uint8_t *)s->init_buf->data,
|
|
s->init_buf->length, NULL))
|
|
goto err;
|
|
|
|
diff --git a/ssl/tls13_lib.c b/ssl/tls13_lib.c
|
|
index c3470b293..5d9f15950 100644
|
|
--- a/ssl/tls13_lib.c
|
|
+++ b/ssl/tls13_lib.c
|
|
@@ -378,7 +378,8 @@ tls13_new_session_ticket_recv(struct tls13_ctx *ctx, CBS *cbs)
|
|
uint32_t ticket_lifetime, ticket_age_add;
|
|
CBS ticket_nonce, ticket;
|
|
SSL_SESSION *sess = NULL;
|
|
- int alert, session_id_length;
|
|
+ int alert;
|
|
+ unsigned int session_id_length;
|
|
ssize_t ret = 0;
|
|
|
|
memset(&nonce, 0, sizeof(nonce));
|
|
diff --git a/ssl/tls13_record_layer.c b/ssl/tls13_record_layer.c
|
|
index f5604adbe..9bdd61c91 100644
|
|
--- a/ssl/tls13_record_layer.c
|
|
+++ b/ssl/tls13_record_layer.c
|
|
@@ -467,7 +467,7 @@ static int
|
|
tls13_record_layer_set_traffic_key(const EVP_AEAD *aead, const EVP_MD *hash,
|
|
struct tls13_record_protection *rp, struct tls13_secret *traffic_key)
|
|
{
|
|
- struct tls13_secret context = { .data = "", .len = 0 };
|
|
+ struct tls13_secret context = { .data = (uint8_t *)"", .len = 0 };
|
|
struct tls13_secret key = { .data = NULL, .len = 0 };
|
|
int ret = 0;
|
|
|
|
diff --git a/ssl/tls13_server.c b/ssl/tls13_server.c
|
|
index 604dab4cb..2beb72636 100644
|
|
--- a/ssl/tls13_server.c
|
|
+++ b/ssl/tls13_server.c
|
|
@@ -728,7 +728,7 @@ tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb)
|
|
sizeof(tls13_cert_verify_pad)))
|
|
goto err;
|
|
if (!CBB_add_bytes(&sig_cbb, tls13_cert_server_verify_context,
|
|
- strlen(tls13_cert_server_verify_context)))
|
|
+ strlen((char *)tls13_cert_server_verify_context)))
|
|
goto err;
|
|
if (!CBB_add_u8(&sig_cbb, 0))
|
|
goto err;
|
|
@@ -783,7 +783,7 @@ int
|
|
tls13_server_finished_send(struct tls13_ctx *ctx, CBB *cbb)
|
|
{
|
|
struct tls13_secrets *secrets = ctx->hs->tls13.secrets;
|
|
- struct tls13_secret context = { .data = "", .len = 0 };
|
|
+ struct tls13_secret context = { .data = (uint8_t *)"", .len = 0 };
|
|
struct tls13_secret finished_key = { .data = NULL, .len = 0 } ;
|
|
uint8_t transcript_hash[EVP_MAX_MD_SIZE];
|
|
size_t transcript_hash_len;
|
|
@@ -840,7 +840,7 @@ int
|
|
tls13_server_finished_sent(struct tls13_ctx *ctx)
|
|
{
|
|
struct tls13_secrets *secrets = ctx->hs->tls13.secrets;
|
|
- struct tls13_secret context = { .data = "", .len = 0 };
|
|
+ struct tls13_secret context = { .data = (uint8_t *)"", .len = 0 };
|
|
|
|
/*
|
|
* Derive application traffic keys.
|
|
@@ -959,7 +959,7 @@ tls13_client_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs)
|
|
sizeof(tls13_cert_verify_pad)))
|
|
goto err;
|
|
if (!CBB_add_bytes(&cbb, tls13_cert_client_verify_context,
|
|
- strlen(tls13_cert_client_verify_context)))
|
|
+ strlen((char *)tls13_cert_client_verify_context)))
|
|
goto err;
|
|
if (!CBB_add_u8(&cbb, 0))
|
|
goto err;
|
|
@@ -1020,7 +1020,7 @@ int
|
|
tls13_client_finished_recv(struct tls13_ctx *ctx, CBS *cbs)
|
|
{
|
|
struct tls13_secrets *secrets = ctx->hs->tls13.secrets;
|
|
- struct tls13_secret context = { .data = "", .len = 0 };
|
|
+ struct tls13_secret context = { .data = (uint8_t *)"", .len = 0 };
|
|
struct tls13_secret finished_key;
|
|
uint8_t *verify_data = NULL;
|
|
size_t verify_data_len;
|
|
--
|
|
2.49.0
|
|
|