From dddcc227dfe10de0abe3ea9147a3e2d145a9320c Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Thu, 29 Aug 2024 17:53:35 +1000 Subject: [PATCH] Type conversion fixes Changes to get compilation with -Wconversion passing on the files. --- examples/client/client.c | 2 +- examples/server/server.c | 2 +- src/ocsp.c | 2 +- wolfcrypt/src/asn.c | 36 +- wolfcrypt/src/pkcs7.c | 954 ++++++++++++++++++++------------------- wolfcrypt/test/test.c | 4 +- wolfssl/test.h | 4 +- wolfssl/wolfcrypt/asn.h | 2 +- 8 files changed, 524 insertions(+), 482 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index 698b92bcd1..243de9853d 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -3223,7 +3223,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \ defined(WOLFSSL_DTLS) if (dtlsMTU) - wolfSSL_CTX_dtls_set_mtu(ctx, dtlsMTU); + wolfSSL_CTX_dtls_set_mtu(ctx, (unsigned short)dtlsMTU); #endif #ifndef NO_DH diff --git a/examples/server/server.c b/examples/server/server.c index 336d9a705c..619e1b19ce 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -2682,7 +2682,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \ defined(WOLFSSL_DTLS) if (dtlsMTU) - wolfSSL_CTX_dtls_set_mtu(ctx, dtlsMTU); + wolfSSL_CTX_dtls_set_mtu(ctx, (unsigned short)dtlsMTU); #endif #ifdef WOLFSSL_SCTP diff --git a/src/ocsp.c b/src/ocsp.c index 7a8014b1a8..7c971e2dbd 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -1432,7 +1432,7 @@ WOLFSSL_OCSP_REQ_CTX* wolfSSL_OCSP_REQ_CTX_new(WOLFSSL_BIO *bio, int maxline) DYNAMIC_TYPE_OPENSSL); if (ret != NULL) { XMEMSET(ret, 0, sizeof(*ret)); - ret->buf = (byte*)XMALLOC(maxline, NULL, DYNAMIC_TYPE_OPENSSL); + ret->buf = (byte*)XMALLOC((word32)maxline, NULL, DYNAMIC_TYPE_OPENSSL); if (ret->buf == NULL) goto error; ret->reqResp = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 6df25d35b3..6ca40b3cac 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -5649,7 +5649,7 @@ int EncodeObjectId(const word16* in, word32 inSz, byte* out, word32* outSz) } /* compute length of encoded OID */ - d = (in[0] * 40) + in[1]; + d = ((word32)in[0] * 40) + in[1]; len = 0; for (i = 1; i < (int)inSz; i++) { x = 0; @@ -5672,7 +5672,7 @@ int EncodeObjectId(const word16* in, word32 inSz, byte* out, word32* outSz) } /* calc first byte */ - d = (in[0] * 40) + in[1]; + d = ((word32)in[0] * 40) + in[1]; /* encode bytes */ x = 0; @@ -5707,7 +5707,7 @@ int EncodeObjectId(const word16* in, word32 inSz, byte* out, word32* outSz) } /* return length */ - *outSz = len; + *outSz = (word32)len; return 0; } @@ -13473,12 +13473,12 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap) } if (i < tmpSize - 1) { - ret = XSNPRINTF(oidName + j, MAX_OID_SZ - j, "%d.", - tmpName[i]); + ret = XSNPRINTF(oidName + j, (word32)(MAX_OID_SZ - j), + "%d.", tmpName[i]); } else { - ret = XSNPRINTF(oidName + j, MAX_OID_SZ - j, "%d", - tmpName[i]); + ret = XSNPRINTF(oidName + j, (word32)(MAX_OID_SZ - j), + "%d", tmpName[i]); } if (ret >= 0) { @@ -13497,7 +13497,7 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap) if (ret == 0) { nameSz = (int)XSTRLEN((const char*)finalName); - entry->ridString = (char*)XMALLOC(nameSz + 1, heap, + entry->ridString = (char*)XMALLOC((word32)(nameSz + 1), heap, DYNAMIC_TYPE_ALTNAME); if (entry->ridString == NULL) { @@ -13505,7 +13505,7 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap) } if (ret == 0) { - XMEMCPY(entry->ridString, finalName, nameSz + 1); + XMEMCPY(entry->ridString, finalName, (word32)(nameSz + 1)); } } @@ -28110,9 +28110,9 @@ static int EncodeName(EncodedName* name, const char* nameStr, break; #ifdef WOLFSSL_CUSTOM_OID case ASN_CUSTOM_NAME: - nameSz = cname->custom.valSz; + nameSz = (word32)cname->custom.valSz; oid = cname->custom.oid; - oidSz = cname->custom.oidSz; + oidSz = (word32)cname->custom.oidSz; break; #endif #ifdef WOLFSSL_CERT_REQ @@ -28436,8 +28436,8 @@ static int SetNameRdnItems(ASNSetData* dataASN, ASNItem* namesASN, else if (type == ASN_CUSTOM_NAME) { #ifdef WOLFSSL_CUSTOM_OID SetRdnItems(namesASN + idx, dataASN + idx, name->custom.oid, - name->custom.oidSz, name->custom.enc, - name->custom.val, name->custom.valSz); + (word32)name->custom.oidSz, (byte)name->custom.enc, + name->custom.val, (word32)name->custom.valSz); #endif } else { @@ -32475,7 +32475,7 @@ int wc_SetExtKeyUsageOID(Cert *cert, const char *in, word32 sz, byte idx, } XMEMCPY(cert->extKeyUsageOID[idx], oid, oidSz); - cert->extKeyUsageOIDSz[idx] = oidSz; + cert->extKeyUsageOIDSz[idx] = (byte)oidSz; cert->extKeyUsage |= EXTKEYUSE_USER; return 0; @@ -32511,7 +32511,7 @@ int wc_SetCustomExtension(Cert *cert, int critical, const char *oid, ext->oid = (char*)oid; ext->crit = (critical == 0) ? 0 : 1; ext->val = (byte*)der; - ext->valSz = derSz; + ext->valSz = (int)derSz; cert->customCertExtCount++; return 0; @@ -38713,7 +38713,7 @@ int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl, const byte* buff, word32 sz, tbsParams = GetASNItem_Addr(dataASN[CRLASN_IDX_TBS_SIGALGO_PARAMS], buff); - tbsParamsSz = + tbsParamsSz =(int) GetASNItem_Length(dataASN[CRLASN_IDX_TBS_SIGALGO_PARAMS], buff); } @@ -38721,7 +38721,7 @@ int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl, const byte* buff, word32 sz, sigParams = GetASNItem_Addr(dataASN[CRLASN_IDX_SIGALGO_PARAMS], buff); - sigParamsSz = + sigParamsSz = (int) GetASNItem_Length(dataASN[CRLASN_IDX_SIGALGO_PARAMS], buff); dcrl->sigParamsIndex = @@ -38748,7 +38748,7 @@ int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl, const byte* buff, word32 sz, ret = ASN_PARSE_E; } else if ((tbsParamsSz > 0) && - (XMEMCMP(tbsParams, sigParams, tbsParamsSz) != 0)) { + (XMEMCMP(tbsParams, sigParams, (word32)tbsParamsSz) != 0)) { WOLFSSL_MSG("CRL TBS and signature parameter mismatch"); ret = ASN_PARSE_E; } diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 81b2890517..1b765adc6b 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -289,7 +289,7 @@ static int wc_PKCS7_AddDataToStream(PKCS7* pkcs7, byte* in, word32 inSz, /* try to store input data into stream buffer */ if (inSz - rdSz > 0 && pkcs7->stream->length < expected) { - int len = (int)min(inSz - rdSz, expected - pkcs7->stream->length); + word32 len = min(inSz - rdSz, expected - pkcs7->stream->length); /* sanity check that the input buffer is not internal buffer */ if (in == pkcs7->stream->buffer) { @@ -385,7 +385,7 @@ static int wc_PKCS7_SetMaxStream(PKCS7* pkcs7, byte* in, word32 defSz) } } #endif /* ASN_BER_TO_DER */ - pkcs7->stream->maxLen = length + idx; + pkcs7->stream->maxLen = (word32)length + idx; if (pkcs7->stream->maxLen == 0) { pkcs7->stream->maxLen = defSz; @@ -550,7 +550,7 @@ static int wc_SetContentType(int pkcs7TypeOID, byte* output, word32 outputSz) { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x05, 0x0C }; #endif - int idSz, idx = 0; + word32 idSz, idx = 0; word32 typeSz = 0; const byte* typeName = 0; byte ID_Length[MAX_LENGTH_SZ]; @@ -630,14 +630,14 @@ static int wc_SetContentType(int pkcs7TypeOID, byte* output, word32 outputSz) return BAD_FUNC_ARG; } - idSz = (int)SetLength(typeSz, ID_Length); + idSz = SetLength(typeSz, ID_Length); output[idx++] = ASN_OBJECT_ID; XMEMCPY(output + idx, ID_Length, idSz); idx += idSz; XMEMCPY(output + idx, typeName, typeSz); idx += typeSz; - return idx; + return (int)idx; } @@ -819,7 +819,7 @@ int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId) isDynamic = pkcs7->isDynamic; XMEMSET(pkcs7, 0, sizeof(PKCS7)); - pkcs7->isDynamic = isDynamic; + pkcs7->isDynamic = (isDynamic == 1); #ifdef WOLFSSL_HEAP_TEST pkcs7->heap = (void*)WOLFSSL_HEAP_TEST; #else @@ -887,7 +887,7 @@ static void wc_PKCS7_FreeCertSet(PKCS7* pkcs7) * Returns total size of recipients, or negative upon error */ static int wc_PKCS7_GetRecipientListSize(PKCS7* pkcs7) { - int totalSz = 0; + word32 totalSz = 0; Pkcs7EncodedRecip* tmp = NULL; if (pkcs7 == NULL) @@ -900,7 +900,7 @@ static int wc_PKCS7_GetRecipientListSize(PKCS7* pkcs7) tmp = tmp->next; } - return totalSz; + return (int)totalSz; } @@ -1165,7 +1165,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz) } /* verify extracted public key is valid before storing */ - ret = wc_PKCS7_CheckPublicKeyDer(pkcs7, dCert->keyOID, + ret = wc_PKCS7_CheckPublicKeyDer(pkcs7, (int)dCert->keyOID, dCert->publicKey, dCert->pubKeySize); if (ret != 0) { WOLFSSL_MSG("Invalid public key, check pkcs7->cert"); @@ -1192,7 +1192,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz) XMEMCPY(pkcs7->issuerHash, dCert->issuerHash, KEYID_SIZE); pkcs7->issuer = dCert->issuerRaw; pkcs7->issuerSz = (word32)dCert->issuerRawLen; - XMEMCPY(pkcs7->issuerSn, dCert->serial, dCert->serialSz); + XMEMCPY(pkcs7->issuerSn, dCert->serial, (word32)dCert->serialSz); pkcs7->issuerSnSz = (word32)dCert->serialSz; XMEMCPY(pkcs7->issuerSubjKeyId, dCert->extSubjKeyId, KEYID_SIZE); @@ -1314,12 +1314,12 @@ static int wc_PKCS7_SignerInfoSetSID(PKCS7* pkcs7, byte* in, int inSz) XFREE(pkcs7->signerInfo->sid, pkcs7->heap, DYNAMIC_TYPE_PKCS7); pkcs7->signerInfo->sid = NULL; - pkcs7->signerInfo->sid = (byte*)XMALLOC(inSz, pkcs7->heap, + pkcs7->signerInfo->sid = (byte*)XMALLOC((word32)inSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (pkcs7->signerInfo->sid == NULL) { return MEMORY_E; } - XMEMCPY(pkcs7->signerInfo->sid, in, inSz); + XMEMCPY(pkcs7->signerInfo->sid, in, (word32)inSz); pkcs7->signerInfo->sidSz = (word32)inSz; return 0; } @@ -1464,7 +1464,7 @@ int wc_PKCS7_GetAttributeValue(PKCS7* pkcs7, const byte* oid, word32 oidSz, } XMEMCPY(out, attrib->value, attrib->valueSz); - return attrib->valueSz; + return (int)attrib->valueSz; } @@ -1479,7 +1479,7 @@ int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output, word32 outputSz) word32 seqSz; word32 octetStrSz; word32 oidSz = (word32)sizeof(oid); - int idx = 0; + word32 idx = 0; if (pkcs7 == NULL || output == NULL) { return BAD_FUNC_ARG; @@ -1500,7 +1500,7 @@ int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output, word32 outputSz) XMEMCPY(output + idx, pkcs7->content, pkcs7->contentSz); idx += pkcs7->contentSz; - return idx; + return (int)idx; } @@ -1564,26 +1564,26 @@ static int EncodeAttributes(EncodedAttrib* ea, int eaSz, PKCS7Attrib* attribs, int attribsSz) { int i; - int maxSz = (int)min((word32)eaSz, attribsSz); + int maxSz = (int)min((word32)eaSz, (word32)attribsSz); int allAttribsSz = 0; for (i = 0; i < maxSz; i++) { - int attribSz = 0; + word32 attribSz = 0; ea[i].value = attribs[i].value; ea[i].valueSz = attribs[i].valueSz; attribSz += ea[i].valueSz; - ea[i].valueSetSz = SetSet((word32)attribSz, ea[i].valueSet); + ea[i].valueSetSz = SetSet(attribSz, ea[i].valueSet); attribSz += ea[i].valueSetSz; ea[i].oid = attribs[i].oid; ea[i].oidSz = attribs[i].oidSz; attribSz += ea[i].oidSz; - ea[i].valueSeqSz = SetSequence((word32)attribSz, ea[i].valueSeq); + ea[i].valueSeqSz = SetSequence(attribSz, ea[i].valueSeq); attribSz += ea[i].valueSeqSz; - ea[i].totalSz = (word32)attribSz; + ea[i].totalSz = attribSz; - allAttribsSz += attribSz; + allAttribsSz += (int)attribSz; } return allAttribsSz; } @@ -1672,7 +1672,8 @@ static int SortAttribArray(FlatAttrib** arr, int rows) static int FlattenEncodedAttribs(PKCS7* pkcs7, FlatAttrib** derArr, int rows, EncodedAttrib* ea, int eaSz) { - int i, idx, sz; + int i; + word32 idx, sz; byte* output = NULL; FlatAttrib* fa = NULL; @@ -1705,7 +1706,7 @@ static int FlattenEncodedAttribs(PKCS7* pkcs7, FlatAttrib** derArr, int rows, fa = derArr[i]; fa->data = output; - fa->dataSz = (word32)sz; + fa->dataSz = sz; } return 0; @@ -1716,7 +1717,8 @@ static int FlattenEncodedAttribs(PKCS7* pkcs7, FlatAttrib** derArr, int rows, static int FlattenAttributes(PKCS7* pkcs7, byte* output, EncodedAttrib* ea, int eaSz) { - int i, idx, ret; + int i, ret; + word32 idx; FlatAttrib** derArr = NULL; FlatAttrib* fa = NULL; @@ -2095,8 +2097,9 @@ static int wc_PKCS7_BuildSignedAttributes(PKCS7* pkcs7, ESD* esd, } esd->signedAttribsCount += cannedAttribsCount; - esd->signedAttribsSz += EncodeAttributes(&esd->signedAttribs[atrIdx], - (int)idx, cannedAttribs, cannedAttribsCount); + esd->signedAttribsSz += (word32)EncodeAttributes( + &esd->signedAttribs[atrIdx], (int)idx, cannedAttribs, + (int)cannedAttribsCount); atrIdx += idx; } else { esd->signedAttribsCount = 0; @@ -2106,9 +2109,9 @@ static int wc_PKCS7_BuildSignedAttributes(PKCS7* pkcs7, ESD* esd, /* add custom signed attributes if set */ if (pkcs7->signedAttribsSz > 0 && pkcs7->signedAttribs != NULL) { esd->signedAttribsCount += pkcs7->signedAttribsSz; - esd->signedAttribsSz += EncodeAttributes(&esd->signedAttribs[atrIdx], - esd->signedAttribsCount, - pkcs7->signedAttribs, pkcs7->signedAttribsSz); + esd->signedAttribsSz += (word32)EncodeAttributes( + &esd->signedAttribs[atrIdx], (int)esd->signedAttribsCount, + pkcs7->signedAttribs, (int)pkcs7->signedAttribsSz); } #ifdef NO_ASN_TIME @@ -2276,12 +2279,12 @@ static int wc_PKCS7_BuildDigestInfo(PKCS7* pkcs7, byte* flatSignedAttribs, word32 flatSignedAttribsSz, ESD* esd, byte* digestInfo, word32* digestInfoSz) { - int ret, hashSz, digIdx = 0; + int ret, digIdx = 0; byte digestInfoSeq[MAX_SEQ_SZ]; byte digestStr[MAX_OCTET_STR_SZ]; byte attribSet[MAX_SET_SZ]; byte algoId[MAX_ALGO_SZ]; - word32 digestInfoSeqSz, digestStrSz, algoIdSz; + word32 digestInfoSeqSz, digestStrSz, algoIdSz, dgstInfoSz, hashSz; word32 attribSetSz; if (pkcs7 == NULL || esd == NULL || digestInfo == NULL || @@ -2289,9 +2292,10 @@ static int wc_PKCS7_BuildDigestInfo(PKCS7* pkcs7, byte* flatSignedAttribs, return BAD_FUNC_ARG; } - hashSz = wc_HashGetDigestSize(esd->hashType); - if (hashSz < 0) - return hashSz; + ret = wc_HashGetDigestSize(esd->hashType); + if (ret < 0) + return ret; + hashSz = (word32)ret; if (flatSignedAttribsSz != 0) { @@ -2327,21 +2331,21 @@ static int wc_PKCS7_BuildDigestInfo(PKCS7* pkcs7, byte* flatSignedAttribs, 0, pkcs7->hashParamsAbsent); digestStrSz = SetOctetString(hashSz, digestStr); - digestInfoSeqSz = SetSequence(algoIdSz + digestStrSz + hashSz, - digestInfoSeq); + dgstInfoSz = algoIdSz + digestStrSz + hashSz; + digestInfoSeqSz = SetSequence(dgstInfoSz, digestInfoSeq); - if (*digestInfoSz < (digestInfoSeqSz + algoIdSz + digestStrSz + hashSz)) { + if (*digestInfoSz < (digestInfoSeqSz + dgstInfoSz)) { return BUFFER_E; } XMEMCPY(digestInfo + digIdx, digestInfoSeq, digestInfoSeqSz); - digIdx += digestInfoSeqSz; + digIdx += (int)digestInfoSeqSz; XMEMCPY(digestInfo + digIdx, algoId, algoIdSz); - digIdx += algoIdSz; + digIdx += (int)algoIdSz; XMEMCPY(digestInfo + digIdx, digestStr, digestStrSz); - digIdx += digestStrSz; + digIdx += (int)digestStrSz; XMEMCPY(digestInfo + digIdx, esd->contentAttribsDigest, hashSz); - digIdx += hashSz; + digIdx += (int)hashSz; *digestInfoSz = (word32)digIdx; @@ -2487,7 +2491,7 @@ static int wc_PKCS7_EncodeContentStreamHelper(PKCS7* pkcs7, int cipherType, switch (cipherType) { case WC_CIPHER_NONE: - XMEMCPY(encContentOut, contentData, contentDataSz); + XMEMCPY(encContentOut, contentData, (word32)contentDataSz); if (esd && esd->contentDigestSet != 1) { ret = wc_HashUpdate(&esd->hash, esd->hashType, contentData, (word32)contentDataSz); @@ -2524,7 +2528,7 @@ static int wc_PKCS7_EncodeContentStreamHelper(PKCS7* pkcs7, int cipherType, *outIdx += encContentOutOctSz; wc_PKCS7_WriteOut(pkcs7, (out)? out + *outIdx : NULL, encContentOut, (word32)contentDataSz); - *outIdx += contentDataSz; + *outIdx += (word32)contentDataSz; } return ret; @@ -2561,10 +2565,10 @@ static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes, byte* encContentOut; byte* contentData; word32 idx = 0, outIdx = 0; - int padSz = 0; + word32 padSz = 0; if (cipherType != WC_CIPHER_NONE) { - padSz = wc_PKCS7_GetPadSize(pkcs7->contentSz, + padSz = (word32)wc_PKCS7_GetPadSize(pkcs7->contentSz, (word32)wc_PKCS7_GetOIDBlockSize(pkcs7->encryptOID)); } @@ -2616,8 +2620,8 @@ static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes, return BAD_FUNC_ARG; } - if (szLeft + totalSz > (word32)inSz) - szLeft = inSz - totalSz; + if ((word32)szLeft + totalSz > (word32)inSz) + szLeft = inSz - (int)totalSz; contentDataRead = szLeft; buf = in + totalSz; @@ -2631,11 +2635,11 @@ static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes, /* check and handle octet boundary */ sz = contentDataRead; - if (idx + sz > BER_OCTET_LENGTH) { - sz = BER_OCTET_LENGTH - idx; + if ((int)idx + sz > BER_OCTET_LENGTH) { + sz = BER_OCTET_LENGTH - (int)idx; contentDataRead -= sz; - XMEMCPY(contentData + idx, buf, sz); + XMEMCPY(contentData + idx, buf, (word32)sz); ret = wc_PKCS7_EncodeContentStreamHelper(pkcs7, cipherType, aes, encContentOut, contentData, BER_OCTET_LENGTH, out, &outIdx, esd); @@ -2646,20 +2650,20 @@ static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes, } /* copy over any remaining data */ - XMEMCPY(contentData, buf + sz, contentDataRead); + XMEMCPY(contentData, buf + sz, (word32)contentDataRead); idx = (word32)contentDataRead; } else { /* was not on an octet boundary, copy full * amount over */ - XMEMCPY(contentData + idx, buf, sz); - idx += sz; + XMEMCPY(contentData + idx, buf, (word32)sz); + idx += (word32)sz; } } while (totalSz < pkcs7->contentSz); /* add in padding to the end */ if ((cipherType != WC_CIPHER_NONE) && (totalSz == pkcs7->contentSz)) { - int i; + word32 i; if (BER_OCTET_LENGTH < idx) { XFREE(encContentOut, heap, DYNAMIC_TYPE_PKCS7); @@ -2670,7 +2674,7 @@ static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes, for (i = 0; i < padSz; i++) { contentData[idx + i] = (byte)padSz; } - idx += padSz; + idx += (word32)padSz; } /* encrypt and flush out remainder of content data */ @@ -2696,7 +2700,7 @@ static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes, switch (cipherType) { case WC_CIPHER_NONE: if (!pkcs7->detached) { - XMEMCPY(out, in, inSz); + XMEMCPY(out, in, (word32)inSz); } if (esd && esd->contentDigestSet != 1) { ret = wc_HashInit(&esd->hash, esd->hashType); @@ -2918,9 +2922,11 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, } else if (pkcs7->sidType == CMS_SKID) { /* SubjectKeyIdentifier */ esd->issuerSKIDSz = SetOctetString((word32)keyIdSize, esd->issuerSKID); - esd->issuerSKIDSeqSz = SetExplicit(0, esd->issuerSKIDSz + keyIdSize, + esd->issuerSKIDSeqSz = SetExplicit(0, esd->issuerSKIDSz + + (word32)keyIdSize, esd->issuerSKIDSeq, 0); - signerInfoSz += (esd->issuerSKIDSz + esd->issuerSKIDSeqSz + keyIdSize); + signerInfoSz += (esd->issuerSKIDSz + esd->issuerSKIDSeqSz + + (word32)keyIdSize); /* version MUST be 3 */ esd->signerVersionSz = (word32)SetMyVersion(3, esd->signerVersion, 0); @@ -2971,8 +2977,8 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, flatSignedAttribsSz = esd->signedAttribsSz; - FlattenAttributes(pkcs7, flatSignedAttribs, - esd->signedAttribs, esd->signedAttribsCount); + FlattenAttributes(pkcs7, flatSignedAttribs, esd->signedAttribs, + (int)esd->signedAttribsCount); esd->signedAttribSetSz = SetImplicit(ASN_SET, 0, esd->signedAttribsSz, esd->signedAttribSet, 0); } else { @@ -3130,37 +3136,37 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, idx = 0; wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, esd->outerSeq, esd->outerSeqSz); - idx += esd->outerSeqSz; + idx += (int)esd->outerSeqSz; wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, signedDataOid, signedDataOidSz); - idx += signedDataOidSz; + idx += (int)signedDataOidSz; wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, esd->outerContent, esd->outerContentSz); - idx += esd->outerContentSz; + idx += (int)esd->outerContentSz; wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, esd->innerSeq, esd->innerSeqSz); - idx += esd->innerSeqSz; + idx += (int)esd->innerSeqSz; wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, esd->version, esd->versionSz); - idx += esd->versionSz; + idx += (int)esd->versionSz; wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, esd->digAlgoIdSet, esd->digAlgoIdSetSz); - idx += esd->digAlgoIdSetSz; + idx += (int)esd->digAlgoIdSetSz; wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, esd->singleDigAlgoId, esd->singleDigAlgoIdSz); - idx += esd->singleDigAlgoIdSz; + idx += (int)esd->singleDigAlgoIdSz; wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, esd->contentInfoSeq, esd->contentInfoSeqSz); - idx += esd->contentInfoSeqSz; + idx += (int)esd->contentInfoSeqSz; wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, pkcs7->contentType, pkcs7->contentTypeSz); - idx += pkcs7->contentTypeSz; + idx += (int)pkcs7->contentTypeSz; wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, esd->innerContSeq, esd->innerContSeqSz); - idx += esd->innerContSeqSz; + idx += (int)esd->innerContSeqSz; wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, esd->innerOctets, esd->innerOctetsSz); - idx += esd->innerOctetsSz; + idx += (int)esd->innerOctetsSz; /* support returning header and footer without content */ if (output2 && output2Sz) { @@ -3176,14 +3182,15 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, #endif && pkcs7->contentSz > 0) { wc_PKCS7_EncodeContentStream(pkcs7, esd, NULL, pkcs7->content, - pkcs7->contentSz, (output)? output + idx : NULL, WC_CIPHER_NONE); + (int)pkcs7->contentSz, (output)? output + idx : NULL, + WC_CIPHER_NONE); if (!pkcs7->detached) { #ifdef ASN_BER_TO_DER if (pkcs7->encodeStream) { byte indefEnd[ASN_INDEF_END_SZ * 3]; word32 localIdx = 0; - idx += streamSz; + idx += (int)streamSz; /* end of content octet string */ localIdx += SetIndefEnd(indefEnd + localIdx); @@ -3196,12 +3203,12 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, indefEnd, localIdx); - idx += localIdx; + idx += (int)localIdx; } else #endif { - idx += pkcs7->contentSz; + idx += (int)pkcs7->contentSz; } } } @@ -3211,14 +3218,14 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, /* certificates */ wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, esd->certsSet, esd->certsSetSz); - idx += esd->certsSetSz; + idx += (int)esd->certsSetSz; if (pkcs7->noCerts != 1) { certPtr = pkcs7->certList; while (certPtr != NULL) { wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, certPtr->der, certPtr->derSz); - idx += certPtr->derSz; + idx += (int)certPtr->derSz; certPtr = certPtr->next; } } @@ -3227,36 +3234,36 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, esd->signerInfoSet, esd->signerInfoSetSz); - idx += esd->signerInfoSetSz; + idx += (int)esd->signerInfoSetSz; wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, esd->signerInfoSeq, esd->signerInfoSeqSz); - idx += esd->signerInfoSeqSz; + idx += (int)esd->signerInfoSeqSz; wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, esd->signerVersion, esd->signerVersionSz); - idx += esd->signerVersionSz; + idx += (int)esd->signerVersionSz; /* SignerIdentifier */ if (pkcs7->sidType == CMS_ISSUER_AND_SERIAL_NUMBER) { /* IssuerAndSerialNumber */ wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, esd->issuerSnSeq, esd->issuerSnSeqSz); - idx += esd->issuerSnSeqSz; + idx += (int)esd->issuerSnSeqSz; wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, esd->issuerName, esd->issuerNameSz); - idx += esd->issuerNameSz; + idx += (int)esd->issuerNameSz; wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, pkcs7->issuer, pkcs7->issuerSz); - idx += pkcs7->issuerSz; + idx += (int)pkcs7->issuerSz; wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, esd->issuerSn, esd->issuerSnSz); - idx += esd->issuerSnSz; + idx += (int)esd->issuerSnSz; } else if (pkcs7->sidType == CMS_SKID) { /* SubjectKeyIdentifier */ wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, esd->issuerSKIDSeq, esd->issuerSKIDSeqSz); - idx += esd->issuerSKIDSeqSz; + idx += (int)esd->issuerSKIDSeqSz; wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, esd->issuerSKID, esd->issuerSKIDSz); - idx += esd->issuerSKIDSz; + idx += (int)esd->issuerSKIDSz; wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, pkcs7->issuerSubjKeyId, (word32)keyIdSize); idx += keyIdSize; @@ -3268,7 +3275,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, } wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, esd->signerDigAlgoId, esd->signerDigAlgoIdSz); - idx += esd->signerDigAlgoIdSz; + idx += (int)esd->signerDigAlgoIdSz; /* SignerInfo:Attributes */ if (flatSignedAttribsSz > 0) { @@ -3299,7 +3306,8 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, flatSignedAttribsSz = esd->signedAttribsSz; FlattenAttributes(pkcs7, flatSignedAttribs, - esd->signedAttribs, esd->signedAttribsCount); + esd->signedAttribs, + (int)esd->signedAttribsCount); } else { esd->signedAttribSetSz = 0; } @@ -3307,10 +3315,10 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, esd->signedAttribSet, esd->signedAttribSetSz); - idx += esd->signedAttribSetSz; + idx += (int)esd->signedAttribSetSz; wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, flatSignedAttribs, flatSignedAttribsSz); - idx += flatSignedAttribsSz; + idx += (int)flatSignedAttribsSz; } if (hashBuf == NULL && pkcs7->sidType != DEGENERATE_SID) { @@ -3326,14 +3334,14 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, esd->digEncAlgoId, esd->digEncAlgoIdSz); - idx += esd->digEncAlgoIdSz; + idx += (int)esd->digEncAlgoIdSz; wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, esd->signerDigest, esd->signerDigestSz); - idx += esd->signerDigestSz; + idx += (int)esd->signerDigestSz; wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, esd->encContentDigest, esd->encContentDigestSz); - idx += esd->encContentDigestSz; + idx += (int)esd->encContentDigestSz; #ifdef ASN_BER_TO_DER if (pkcs7->encodeStream) { @@ -3351,7 +3359,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, indefEnd, localIdx); - idx += localIdx; + idx += (int)localIdx; } #endif @@ -3428,7 +3436,7 @@ int wc_PKCS7_SetDetached(PKCS7* pkcs7, word16 flag) if (pkcs7 == NULL || (flag != 0 && flag != 1)) return BAD_FUNC_ARG; - pkcs7->detached = flag; + pkcs7->detached = (flag == 1); return 0; } @@ -3670,13 +3678,14 @@ int wc_PKCS7_EncodeSignedEncryptedFPD(PKCS7* pkcs7, byte* encryptKey, } /* save encryptedData, reset output buffer and struct */ - encrypted = (byte*)XMALLOC(encryptedSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + encrypted = (byte*)XMALLOC((word32)encryptedSz, pkcs7->heap, + DYNAMIC_TYPE_PKCS7); if (encrypted == NULL) { ForceZero(output, outputSz); return MEMORY_E; } - XMEMCPY(encrypted, output, encryptedSz); + XMEMCPY(encrypted, output, (word32)encryptedSz); ForceZero(output, outputSz); ret = wc_InitRng_ex(&rng, pkcs7->heap, pkcs7->devId); @@ -4337,15 +4346,15 @@ static int wc_PKCS7_BuildSignedDataDigest(PKCS7* pkcs7, byte* signedAttrib, digestInfoSeq); XMEMCPY(digestInfo + digIdx, digestInfoSeq, digestInfoSeqSz); - digIdx += digestInfoSeqSz; + digIdx += (int)digestInfoSeqSz; XMEMCPY(digestInfo + digIdx, algoId, algoIdSz); - digIdx += algoIdSz; + digIdx += (int)algoIdSz; XMEMCPY(digestInfo + digIdx, digestStr, digestStrSz); - digIdx += digestStrSz; + digIdx += (int)digestStrSz; XMEMCPY(digestInfo + digIdx, digest, hashSz); - digIdx += hashSz; + digIdx += (int)hashSz; - XMEMCPY(pkcs7Digest, digestInfo, digIdx); + XMEMCPY(pkcs7Digest, digestInfo, (word32)digIdx); *pkcs7DigestSz = (word32)digIdx; /* set plain digest pointer */ @@ -4739,7 +4748,7 @@ static int wc_PKCS7_SetPublicKeyOID(PKCS7* pkcs7, int sigOID) return ASN_SIG_KEY_E; } - return pkcs7->publicKeyOID; + return (int)pkcs7->publicKeyOID; } @@ -4771,7 +4780,7 @@ static int wc_PKCS7_ParseAttribs(PKCS7* pkcs7, byte* in, int inSz) while (idx < (word32)inSz) { int length = 0; - int oidIdx; + word32 oidIdx; PKCS7DecodedAttrib* attrib; if (GetSequence(in, &idx, &length, (word32)inSz) < 0) @@ -4784,7 +4793,7 @@ static int wc_PKCS7_ParseAttribs(PKCS7* pkcs7, byte* in, int inSz) } XMEMSET(attrib, 0, sizeof(PKCS7DecodedAttrib)); - oidIdx = (int)idx; + oidIdx = idx; if (GetObjectId(in, &idx, &oid, oidIgnoreType, (word32)inSz) < 0) { XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -4806,7 +4815,7 @@ static int wc_PKCS7_ParseAttribs(PKCS7* pkcs7, byte* in, int inSz) return ASN_PARSE_E; } - if ((inSz - idx) < (word32)length) { + if ((inSz - (int)idx) < length) { XFREE(attrib->oid, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return ASN_PARSE_E; @@ -4821,7 +4830,7 @@ static int wc_PKCS7_ParseAttribs(PKCS7* pkcs7, byte* in, int inSz) return MEMORY_E; } XMEMCPY(attrib->value, in + idx, attrib->valueSz); - idx += length; + idx += (word32)length; /* store attribute in linked list */ if (pkcs7->decodedAttrib != NULL) { @@ -4911,7 +4920,7 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz, if (ret == 0) { ret = wc_PKCS7_SignerInfoSetSID(pkcs7, in + idx, length); - idx += length; + idx += (word32)length; } } else if (ret == 0 && version == 3) { @@ -4967,7 +4976,7 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz, if (ret == 0) { ret = wc_PKCS7_SignerInfoSetSID(pkcs7, in + idx, length); - idx += length; + idx += (word32)length; } } else { @@ -4981,7 +4990,7 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz, ret = ASN_PARSE_E; } pkcs7->hashOID = (int)hashOID; - pkcs7->hashParamsAbsent = absentParams; + pkcs7->hashParamsAbsent = (absentParams == 1); /* Get the IMPLICIT[0] SET OF signedAttributes */ localIdx = idx; @@ -5002,7 +5011,7 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz, ret = ASN_PARSE_E; } - idx += length; + idx += (word32)length; } /* Get digestEncryptionAlgorithm - key type or signature type */ @@ -5131,7 +5140,7 @@ static int wc_PKCS7_HandleOctetStrings(PKCS7* pkcs7, byte* in, word32 inSz, * number of indef is stored in pkcs7->stream->cntIdfCnt. */ pkcs7->stream->expected = (word32)(ASN_TAG_SZ + TRAILING_ZERO) * - pkcs7->stream->cntIdfCnt; + (word32)pkcs7->stream->cntIdfCnt; /* dec idx by one since already consumed to get ASN_EOC */ (*idx)--; @@ -5361,7 +5370,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, break; } if (ret == 0 && length > 0) - pkcs7->stream->maxLen = length + localIdx; + pkcs7->stream->maxLen = (word32)length + localIdx; else pkcs7->stream->maxLen = inSz; @@ -5503,7 +5512,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, ret = ASN_PARSE_E; } /* store hashType for later hashing */ - pkcs7->stream->hashType = hashType; + pkcs7->stream->hashType = (int)hashType; /* restore idx */ idx = localIdx; @@ -5513,10 +5522,10 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, #endif /* !NO_PKCS7_STREAM */ /* Skip the set. */ - idx += length; + idx += (word32)length; degenerate = (length == 0) ? 1 : 0; #ifndef NO_PKCS7_STREAM - pkcs7->stream->degenerate = degenerate; + pkcs7->stream->degenerate = (degenerate == 1); #endif /* !NO_PKCS7_STREAM */ if (pkcs7->noDegenerate == 1 && degenerate == 1) { ret = PKCS7_NO_SIGNER_E; @@ -5582,8 +5591,8 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, } if (GetASNObjectId(pkiMsg, &idx, &length, pkiMsgSz) == 0) { contentType = pkiMsg + tmpIdx; - contentTypeSz = length + (idx - tmpIdx); - idx += length; + contentTypeSz = (word32)length + (idx - tmpIdx); + idx += (word32)length; } else { ret = ASN_PARSE_E; @@ -5616,7 +5625,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, /* Set error state if no more data left in ContentInfo, meaning * no content - may be detached. Will recover from error below */ if ((encapContentInfoLen != 0) && - (encapContentInfoLen - contentTypeSz == 0)) { + ((word32)encapContentInfoLen - contentTypeSz == 0)) { ret = ASN_PARSE_E; #ifndef NO_PKCS7_STREAM pkcs7->stream->noContent = 1; @@ -5716,11 +5725,12 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, if (ret == 0) { /* Use single OCTET_STRING directly, or reset length. */ - if (localIdx - start + length == (word32)contentLen) { + if (localIdx - start + (word32)length == + (word32)contentLen) { multiPart = 0; } else { #ifndef NO_PKCS7_STREAM - pkcs7->stream->multi = multiPart; + pkcs7->stream->multi = (multiPart == 1); pkcs7->stream->currContIdx = localIdx; pkcs7->stream->currContSz = (word32)length; pkcs7->stream->currContRmnSz = (word32)length; @@ -5748,7 +5758,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, ret = ASN_PARSE_E; #ifndef NO_PKCS7_STREAM if (ret == 0) { - pkcs7->stream->multi = multiPart; + pkcs7->stream->multi = (multiPart == 1); pkcs7->stream->currContIdx = localIdx; pkcs7->stream->currContSz = (word32)length; pkcs7->stream->currContRmnSz = (word32)length; @@ -5800,7 +5810,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, #ifndef NO_PKCS7_STREAM /* save detached flag value */ - pkcs7->stream->detached = detached; + pkcs7->stream->detached = (detached == 1); /* save contentType */ pkcs7->stream->nonce = (byte*)XMALLOC(contentTypeSz, pkcs7->heap, @@ -6065,7 +6075,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, WOLFSSL_MSG("certificate set found"); /* adjust cert length */ - length += localIdx - certIdx; + length += (int)(localIdx - certIdx); idx = certIdx; } } @@ -6143,13 +6153,13 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, if (length > 0 && in2Sz == 0) { /* free tmpCert if not NULL */ XFREE(pkcs7->stream->tmpCert, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - pkcs7->stream->tmpCert = (byte*)XMALLOC(length, + pkcs7->stream->tmpCert = (byte*)XMALLOC((word32)length, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if ((pkiMsg2 == NULL) || (pkcs7->stream->tmpCert == NULL)) { ret = MEMORY_E; break; } - XMEMCPY(pkcs7->stream->tmpCert, pkiMsg2 + idx, length); + XMEMCPY(pkcs7->stream->tmpCert, pkiMsg2 + idx, (word32)length); pkiMsg2 = pkcs7->stream->tmpCert; pkiMsg2Sz = (word32)length; idx = 0; @@ -6180,7 +6190,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, ret = ASN_PARSE_E; cert = &pkiMsg2[idx]; - certSz += (certIdx - idx); + certSz += (int)(certIdx - idx); if (certSz > length) { ret = BUFFER_E; break; @@ -6202,7 +6212,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, /* Save dynamic content before freeing PKCS7 struct */ if (pkcs7->contentDynamic != NULL) { - contentDynamic = (byte*)XMALLOC(contentSz, + contentDynamic = (byte*)XMALLOC((word32)contentSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (contentDynamic == NULL) { #ifndef NO_PKCS7_STREAM @@ -6212,13 +6222,13 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, break; } XMEMCPY(contentDynamic, pkcs7->contentDynamic, - contentSz); + (word32)contentSz); } /* Free pkcs7 resources but not the structure itself */ pkcs7->isDynamic = 0; wc_PKCS7_Free(pkcs7); - pkcs7->isDynamic = isDynamic; + pkcs7->isDynamic = (isDynamic == 1); /* This will reset PKCS7 structure and then set the * certificate */ ret = wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz); @@ -6231,7 +6241,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, } /* Restore content is PKCS#7 flag */ - pkcs7->contentIsPkcs7Type = contentIsPkcs7Type; + pkcs7->contentIsPkcs7Type = (contentIsPkcs7Type == 1); #ifndef NO_PKCS7_STREAM pkcs7->stream = stream; @@ -6251,7 +6261,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, pkcs7->cert[0] = cert; pkcs7->certSz[0] = (word32)certSz; - certIdx = idx + certSz; + certIdx = idx + (word32)certSz; for (i = 1; i < MAX_PKCS7_CERTS && certIdx + 1 < pkiMsg2Sz && @@ -6273,21 +6283,22 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, } pkcs7->cert[i] = &pkiMsg2[localIdx]; - pkcs7->certSz[i] = sz + (certIdx - localIdx); - certIdx += sz; + pkcs7->certSz[i] = (word32)sz + + (certIdx - localIdx); + certIdx += (word32)sz; } } } } - idx += length; + idx += (word32)length; if (!detached) { /* set content and size after init of PKCS7 structure */ pkcs7->content = content; - pkcs7->contentSz = contentSz; + pkcs7->contentSz = (word32)contentSz; } - idx = certIdx2 + length; + idx = certIdx2 + (word32)length; if (ret != 0) { break; @@ -6313,7 +6324,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, /* if certificate set has indef-length, there maybe trailing zeros. * add expected size to include size of zeros. */ if (pkcs7->stream->cntIdfCnt > 0) { - pkcs7->stream->expected += pkcs7->stream->cntIdfCnt * 2; + pkcs7->stream->expected += (word32)pkcs7->stream->cntIdfCnt * 2; } if (pkcs7->stream->expected > (pkcs7->stream->maxLen - @@ -6373,10 +6384,10 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, /* prior to find set of crls, remove trailing zeros of * set of certificates */ if (ret == 0 && pkcs7->stream->cntIdfCnt > 0) { - int i; + word32 i; + word32 sz = (word32)pkcs7->stream->cntIdfCnt * ASN_INDEF_END_SZ; localIdx = idx; - for (i = 0; i < pkcs7->stream->cntIdfCnt * ASN_INDEF_END_SZ; - i++) { + for (i = 0; i < sz; i++) { if (pkiMsg2[localIdx + i] == 0) continue; else { @@ -6385,7 +6396,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, } } if (ret == 0) { - idx += pkcs7->stream->cntIdfCnt * ASN_INDEF_END_SZ; + idx += (word32)pkcs7->stream->cntIdfCnt * ASN_INDEF_END_SZ; pkcs7->stream->cntIdfCnt = 0; } } @@ -6402,7 +6413,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, ret = ASN_PARSE_E; /* Skip the set */ - idx += length; + idx += (word32)length; } /* Get the set of signerInfos */ @@ -6497,7 +6508,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, sig = &pkiMsg2[idx]; sigSz = length; - idx += length; + idx += (word32)length; } pkcs7->content = content; @@ -6514,7 +6525,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, /* make sure that terminating zero's follow */ if ((ret == WC_NO_ERR_TRACE(PKCS7_SIGNEEDS_CHECK) || ret >= 0) && pkcs7->stream->indefLen == 1) { - int i; + word32 i; for (i = 0; i < 3 * ASN_INDEF_END_SZ; i++) { if (pkiMsg2[idx + i] != 0) { ret = ASN_PARSE_E; @@ -7050,22 +7061,22 @@ static int wc_PKCS7_KariGenerateSharedInfo(WC_PKCS7_KARI* kari, int keyWrapOID) /* kekOctet */ kekOctetSz = (int)SetOctetString(sizeof(word32), kekOctet); - sharedInfoSz += (kekOctetSz + sizeof(word32)); + sharedInfoSz += (kekOctetSz + (int)sizeof(word32)); /* suppPubInfo */ - suppPubInfoSeqSz = SetImplicit(ASN_SEQUENCE, 2, - kekOctetSz + sizeof(word32), - suppPubInfoSeq, 0); + suppPubInfoSeqSz = (int)SetImplicit(ASN_SEQUENCE, 2, + (word32)kekOctetSz + sizeof(word32), + suppPubInfoSeq, 0); sharedInfoSz += suppPubInfoSeqSz; /* optional ukm/entityInfo */ if (kari->ukmSz > 0) { entityUInfoOctetSz = (int)SetOctetString(kari->ukmSz, entityUInfoOctet); - sharedInfoSz += (entityUInfoOctetSz + kari->ukmSz); + sharedInfoSz += (entityUInfoOctetSz + (int)kari->ukmSz); - entityUInfoExplicitSz = SetExplicit(0, entityUInfoOctetSz + - kari->ukmSz, - entityUInfoExplicitSeq, 0); + entityUInfoExplicitSz = (int)SetExplicit(0, + (word32)entityUInfoOctetSz + kari->ukmSz, + entityUInfoExplicitSeq, 0); sharedInfoSz += entityUInfoExplicitSz; } @@ -7077,29 +7088,30 @@ static int wc_PKCS7_KariGenerateSharedInfo(WC_PKCS7_KARI* kari, int keyWrapOID) sharedInfoSeqSz = (int)SetSequence((word32)sharedInfoSz, sharedInfoSeq); sharedInfoSz += sharedInfoSeqSz; - kari->sharedInfo = (byte*)XMALLOC(sharedInfoSz, kari->heap, + kari->sharedInfo = (byte*)XMALLOC((word32)sharedInfoSz, kari->heap, DYNAMIC_TYPE_PKCS7); if (kari->sharedInfo == NULL) return MEMORY_E; kari->sharedInfoSz = (word32)sharedInfoSz; - XMEMCPY(kari->sharedInfo + idx, sharedInfoSeq, sharedInfoSeqSz); + XMEMCPY(kari->sharedInfo + idx, sharedInfoSeq, (word32)sharedInfoSeqSz); idx += sharedInfoSeqSz; - XMEMCPY(kari->sharedInfo + idx, keyInfo, keyInfoSz); + XMEMCPY(kari->sharedInfo + idx, keyInfo, (word32)keyInfoSz); idx += keyInfoSz; if (kari->ukmSz > 0) { XMEMCPY(kari->sharedInfo + idx, entityUInfoExplicitSeq, - entityUInfoExplicitSz); + (word32)entityUInfoExplicitSz); idx += entityUInfoExplicitSz; - XMEMCPY(kari->sharedInfo + idx, entityUInfoOctet, entityUInfoOctetSz); + XMEMCPY(kari->sharedInfo + idx, entityUInfoOctet, + (word32)entityUInfoOctetSz); idx += entityUInfoOctetSz; XMEMCPY(kari->sharedInfo + idx, kari->ukm, kari->ukmSz); - idx += kari->ukmSz; + idx += (int)kari->ukmSz; } - XMEMCPY(kari->sharedInfo + idx, suppPubInfoSeq, suppPubInfoSeqSz); + XMEMCPY(kari->sharedInfo + idx, suppPubInfoSeq, (word32)suppPubInfoSeqSz); idx += suppPubInfoSeqSz; - XMEMCPY(kari->sharedInfo + idx, kekOctet, kekOctetSz); + XMEMCPY(kari->sharedInfo + idx, kekOctet, (word32)kekOctetSz); idx += kekOctetSz; kekBitSz = (kari->kekSz) * 8; /* convert to bits */ @@ -7132,7 +7144,7 @@ static int wc_PKCS7_KariGenerateKEK(WC_PKCS7_KARI* kari, WC_RNG* rng, if (kSz < 0) return kSz; - kari->kek = (byte*)XMALLOC(kSz, kari->heap, DYNAMIC_TYPE_PKCS7); + kari->kek = (byte*)XMALLOC((word32)kSz, kari->heap, DYNAMIC_TYPE_PKCS7); if (kari->kek == NULL) return MEMORY_E; @@ -7432,16 +7444,18 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz, /* Start of RecipientEncryptedKeys */ /* EncryptedKey */ - encryptedKeyOctetSz = (int)SetOctetString(encryptedKeySz, encryptedKeyOctet); - totalSz += (encryptedKeyOctetSz + encryptedKeySz); + encryptedKeyOctetSz = (int)SetOctetString(encryptedKeySz, + encryptedKeyOctet); + totalSz += (encryptedKeyOctetSz + (int)encryptedKeySz); /* SubjectKeyIdentifier */ subjKeyIdOctetSz = (int)SetOctetString((word32)keyIdSize, subjKeyIdOctet); totalSz += (subjKeyIdOctetSz + keyIdSize); /* RecipientKeyIdentifier IMPLICIT [0] */ - recipKeyIdSeqSz = SetImplicit(ASN_SEQUENCE, 0, subjKeyIdOctetSz + - keyIdSize, recipKeyIdSeq, 0); + recipKeyIdSeqSz = (int)SetImplicit(ASN_SEQUENCE, 0, + (word32)(subjKeyIdOctetSz + keyIdSize), + recipKeyIdSeq, 0); totalSz += recipKeyIdSeqSz; /* RecipientEncryptedKey */ @@ -7456,9 +7470,9 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz, if (kari->ukmSz > 0) { ukmOctetSz = (int)SetOctetString(kari->ukmSz, ukmOctetStr); - totalSz += (ukmOctetSz + kari->ukmSz); + totalSz += (ukmOctetSz + (int)kari->ukmSz); - ukmExplicitSz = SetExplicit(1, ukmOctetSz + kari->ukmSz, + ukmExplicitSz = (int)SetExplicit(1, (word32)ukmOctetSz + kari->ukmSz, ukmExplicitSeq, 0); totalSz += ukmExplicitSz; } @@ -7481,7 +7495,7 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz, origPubKeyStr[0] = ASN_BIT_STRING; origPubKeyStrSz = (int)SetLength(kari->senderKeyExportSz + 1, origPubKeyStr + 1) + 2; - totalSz += (origPubKeyStrSz + kari->senderKeyExportSz); + totalSz += (origPubKeyStrSz + (int)kari->senderKeyExportSz); /* Originator AlgorithmIdentifier, params set to NULL for interop compatibility */ @@ -7492,15 +7506,15 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz, /* outer OriginatorPublicKey IMPLICIT [1] */ origPubKeySeqSz = (int)SetImplicit(ASN_SEQUENCE, 1, - origAlgIdSz + origPubKeyStrSz + - kari->senderKeyExportSz, origPubKeySeq, 0); + (word32)(origAlgIdSz + origPubKeyStrSz + + (int)kari->senderKeyExportSz), origPubKeySeq, 0); totalSz += origPubKeySeqSz; /* outer OriginatorIdentifierOrKey IMPLICIT [0] */ origIdOrKeySeqSz = (int)SetImplicit(ASN_SEQUENCE, 0, - origPubKeySeqSz + origAlgIdSz + - origPubKeyStrSz + kari->senderKeyExportSz, - origIdOrKeySeq, 0); + (word32)(origPubKeySeqSz + origAlgIdSz + + origPubKeyStrSz + (int)kari->senderKeyExportSz), + origIdOrKeySeq, 0); totalSz += origIdOrKeySeqSz; /* version, always 3 */ @@ -7522,53 +7536,53 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz, return BUFFER_E; } - XMEMCPY(recip->recip + idx, kariSeq, kariSeqSz); - idx += kariSeqSz; - XMEMCPY(recip->recip + idx, ver, verSz); - idx += verSz; + XMEMCPY(recip->recip + idx, kariSeq, (word32)kariSeqSz); + idx += (word32)kariSeqSz; + XMEMCPY(recip->recip + idx, ver, (word32)verSz); + idx += (word32)verSz; - XMEMCPY(recip->recip + idx, origIdOrKeySeq, origIdOrKeySeqSz); - idx += origIdOrKeySeqSz; - XMEMCPY(recip->recip + idx, origPubKeySeq, origPubKeySeqSz); - idx += origPubKeySeqSz; + XMEMCPY(recip->recip + idx, origIdOrKeySeq, (word32)origIdOrKeySeqSz); + idx += (word32)origIdOrKeySeqSz; + XMEMCPY(recip->recip + idx, origPubKeySeq, (word32)origPubKeySeqSz); + idx += (word32)origPubKeySeqSz; /* AlgorithmIdentifier with NULL parameter */ - XMEMCPY(recip->recip + idx, origAlgId, origAlgIdSz); - idx += origAlgIdSz; + XMEMCPY(recip->recip + idx, origAlgId, (word32)origAlgIdSz); + idx += (word32)origAlgIdSz; - XMEMCPY(recip->recip + idx, origPubKeyStr, origPubKeyStrSz); - idx += origPubKeyStrSz; + XMEMCPY(recip->recip + idx, origPubKeyStr, (word32)origPubKeyStrSz); + idx += (word32)origPubKeyStrSz; /* ephemeral public key */ XMEMCPY(recip->recip + idx, kari->senderKeyExport, kari->senderKeyExportSz); idx += kari->senderKeyExportSz; if (kari->ukmSz > 0) { - XMEMCPY(recip->recip + idx, ukmExplicitSeq, ukmExplicitSz); - idx += ukmExplicitSz; - XMEMCPY(recip->recip + idx, ukmOctetStr, ukmOctetSz); - idx += ukmOctetSz; + XMEMCPY(recip->recip + idx, ukmExplicitSeq, (word32)ukmExplicitSz); + idx += (word32)ukmExplicitSz; + XMEMCPY(recip->recip + idx, ukmOctetStr, (word32)ukmOctetSz); + idx += (word32)ukmOctetSz; XMEMCPY(recip->recip + idx, kari->ukm, kari->ukmSz); idx += kari->ukmSz; } - XMEMCPY(recip->recip + idx, keyEncryptAlgoId, keyEncryptAlgoIdSz); - idx += keyEncryptAlgoIdSz; - XMEMCPY(recip->recip + idx, keyWrapAlg, keyWrapAlgSz); - idx += keyWrapAlgSz; + XMEMCPY(recip->recip + idx, keyEncryptAlgoId, (word32)keyEncryptAlgoIdSz); + idx += (word32)keyEncryptAlgoIdSz; + XMEMCPY(recip->recip + idx, keyWrapAlg, (word32)keyWrapAlgSz); + idx += (word32)keyWrapAlgSz; - XMEMCPY(recip->recip + idx, recipEncKeysSeq, recipEncKeysSeqSz); - idx += recipEncKeysSeqSz; - XMEMCPY(recip->recip + idx, recipEncKeySeq, recipEncKeySeqSz); - idx += recipEncKeySeqSz; - XMEMCPY(recip->recip + idx, recipKeyIdSeq, recipKeyIdSeqSz); - idx += recipKeyIdSeqSz; - XMEMCPY(recip->recip + idx, subjKeyIdOctet, subjKeyIdOctetSz); - idx += subjKeyIdOctetSz; + XMEMCPY(recip->recip + idx, recipEncKeysSeq, (word32)recipEncKeysSeqSz); + idx += (word32)recipEncKeysSeqSz; + XMEMCPY(recip->recip + idx, recipEncKeySeq, (word32)recipEncKeySeqSz); + idx += (word32)recipEncKeySeqSz; + XMEMCPY(recip->recip + idx, recipKeyIdSeq, (word32)recipKeyIdSeqSz); + idx += (word32)recipKeyIdSeqSz; + XMEMCPY(recip->recip + idx, subjKeyIdOctet, (word32)subjKeyIdOctetSz); + idx += (word32)subjKeyIdOctetSz; /* subject key id */ - XMEMCPY(recip->recip + idx, kari->decoded->extSubjKeyId, keyIdSize); - idx += keyIdSize; - XMEMCPY(recip->recip + idx, encryptedKeyOctet, encryptedKeyOctetSz); - idx += encryptedKeyOctetSz; + XMEMCPY(recip->recip + idx, kari->decoded->extSubjKeyId, (word32)keyIdSize); + idx += (word32)keyIdSize; + XMEMCPY(recip->recip + idx, encryptedKeyOctet, (word32)encryptedKeyOctetSz); + idx += (word32)encryptedKeyOctetSz; /* encrypted CEK */ XMEMCPY(recip->recip + idx, encryptedKey, encryptedKeySz); idx += encryptedKeySz; @@ -7783,8 +7797,8 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return -1; } - snSz = SetSerialNumber(decoded->serial, decoded->serialSz, serial, - MAX_SN_SZ, MAX_SN_SZ); + snSz = SetSerialNumber(decoded->serial, (word32)decoded->serialSz, + serial, MAX_SN_SZ, MAX_SN_SZ); if (snSz < 0) { WOLFSSL_MSG("Error setting the serial number"); FreeDecodedCert(decoded); @@ -7797,8 +7811,8 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return -1; } - issuerSerialSeqSz = SetSequence(issuerSeqSz + issuerSz + snSz, - issuerSerialSeq); + issuerSerialSeqSz = (int)SetSequence((word32)(issuerSeqSz + issuerSz + + snSz), issuerSerialSeq); } else if (sidType == CMS_SKID) { /* version, must be 2 for SubjectKeyIdentifier */ @@ -7833,7 +7847,8 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, return ALGO_ID_E; } - keyEncAlgSz = SetAlgoID(pkcs7->publicKeyOID, keyAlgArray, oidKeyType, 0); + keyEncAlgSz = (int)SetAlgoID((int)pkcs7->publicKeyOID, keyAlgArray, + oidKeyType, 0); if (keyEncAlgSz == 0) { FreeDecodedCert(decoded); #ifdef WOLFSSL_SMALL_STACK @@ -7945,12 +7960,12 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, /* RecipientInfo */ if (sidType == CMS_ISSUER_AND_SERIAL_NUMBER) { - recipSeqSz = (int)SetSequence(verSz + issuerSerialSeqSz + issuerSeqSz + - issuerSz + snSz + keyEncAlgSz + - encKeyOctetStrSz + encryptedKeySz, recipSeq); + int recipLen = verSz + (int)issuerSerialSeqSz + issuerSeqSz + + issuerSz + snSz + keyEncAlgSz + encKeyOctetStrSz + + (int)encryptedKeySz; + recipSeqSz = (int)SetSequence((word32)recipLen, recipSeq); - if (recipSeqSz + verSz + issuerSerialSeqSz + issuerSeqSz + snSz + - keyEncAlgSz + encKeyOctetStrSz + encryptedKeySz > MAX_RECIP_SZ) { + if ((recipSeqSz + recipLen) > MAX_RECIP_SZ) { WOLFSSL_MSG("RecipientInfo output buffer too small"); FreeDecodedCert(decoded); #ifdef WOLFSSL_SMALL_STACK @@ -7964,12 +7979,10 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, } } else { - recipSeqSz = SetSequence(verSz + ASN_TAG_SZ + issuerSKIDSz + - keyIdSize + keyEncAlgSz + encKeyOctetStrSz + - encryptedKeySz, recipSeq); - - if (recipSeqSz + verSz + ASN_TAG_SZ + issuerSKIDSz + keyIdSize + - keyEncAlgSz + encKeyOctetStrSz + encryptedKeySz > MAX_RECIP_SZ) { + int recipLen = verSz + ASN_TAG_SZ + (int)issuerSKIDSz + keyIdSize + + keyEncAlgSz + encKeyOctetStrSz + (int)encryptedKeySz; + recipSeqSz = (int)SetSequence((word32)recipLen, recipSeq); + if ((recipSeqSz + recipLen) > MAX_RECIP_SZ) { WOLFSSL_MSG("RecipientInfo output buffer too small"); FreeDecodedCert(decoded); #ifdef WOLFSSL_SMALL_STACK @@ -7984,31 +7997,31 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, } idx = 0; - XMEMCPY(recip->recip + idx, recipSeq, recipSeqSz); - idx += recipSeqSz; - XMEMCPY(recip->recip + idx, ver, verSz); - idx += verSz; + XMEMCPY(recip->recip + idx, recipSeq, (word32)recipSeqSz); + idx += (word32)recipSeqSz; + XMEMCPY(recip->recip + idx, ver, (word32)verSz); + idx += (word32)verSz; if (sidType == CMS_ISSUER_AND_SERIAL_NUMBER) { - XMEMCPY(recip->recip + idx, issuerSerialSeq, issuerSerialSeqSz); - idx += issuerSerialSeqSz; - XMEMCPY(recip->recip + idx, issuerSeq, issuerSeqSz); - idx += issuerSeqSz; - XMEMCPY(recip->recip + idx, decoded->issuerRaw, issuerSz); - idx += issuerSz; - XMEMCPY(recip->recip + idx, serial, snSz); - idx += snSz; + XMEMCPY(recip->recip + idx, issuerSerialSeq, (word32)issuerSerialSeqSz); + idx += (word32)issuerSerialSeqSz; + XMEMCPY(recip->recip + idx, issuerSeq, (word32)issuerSeqSz); + idx += (word32)issuerSeqSz; + XMEMCPY(recip->recip + idx, decoded->issuerRaw, (word32)issuerSz); + idx += (word32)issuerSz; + XMEMCPY(recip->recip + idx, serial, (word32)snSz); + idx += (word32)snSz; } else { recip->recip[idx] = ASN_CONTEXT_SPECIFIC; idx += ASN_TAG_SZ; XMEMCPY(recip->recip + idx, issuerSKID, issuerSKIDSz); idx += issuerSKIDSz; - XMEMCPY(recip->recip + idx, pkcs7->issuerSubjKeyId, keyIdSize); - idx += keyIdSize; + XMEMCPY(recip->recip + idx, pkcs7->issuerSubjKeyId, (word32)keyIdSize); + idx += (word32)keyIdSize; } - XMEMCPY(recip->recip + idx, keyAlgArray, keyEncAlgSz); - idx += keyEncAlgSz; - XMEMCPY(recip->recip + idx, encKeyOctetStr, encKeyOctetStrSz); - idx += encKeyOctetStrSz; + XMEMCPY(recip->recip + idx, keyAlgArray, (word32)keyEncAlgSz); + idx += (word32)keyEncAlgSz; + XMEMCPY(recip->recip + idx, encKeyOctetStr, (word32)encKeyOctetStrSz); + idx += (word32)encKeyOctetStrSz; XMEMCPY(recip->recip + idx, encryptedKey, encryptedKeySz); idx += encryptedKeySz; @@ -8194,13 +8207,15 @@ static int wc_PKCS7_EncryptContent(PKCS7* pkcs7, int encryptOID, byte* key, ret = wc_AesGcmEncrypt(aes, out, in, inSz, iv, ivSz, authTag, authTagSz, aad, aadSz); #ifdef WOLFSSL_ASYNC_CRYPT - /* async encrypt not available here, so block till done */ + /* async encrypt not available here, so block till done + */ ret = wc_AsyncWait(ret, &aes->asyncDev, WC_ASYNC_FLAG_NONE); #endif } #else - ret = wc_AesGcmEncryptInit(aes, key, (word32)keySz, iv, ivSz); + ret = wc_AesGcmEncryptInit(aes, key, (word32)keySz, iv, + (word32)ivSz); if (ret == 0) { ret = wc_AesGcmEncryptUpdate(aes, NULL, NULL, 0, aad, aadSz); @@ -8252,8 +8267,9 @@ static int wc_PKCS7_EncryptContent(PKCS7* pkcs7, int encryptOID, byte* key, if (ret == 0) { ret = wc_AesCcmSetKey(aes, key, (word32)keySz); if (ret == 0) { - ret = wc_AesCcmEncrypt(aes, out, in, (word32)inSz, iv, ivSz, - authTag, authTagSz, aad, aadSz); + ret = wc_AesCcmEncrypt(aes, out, in, (word32)inSz, iv, + (word32)ivSz, authTag, authTagSz, + aad, aadSz); #ifdef WOLFSSL_ASYNC_CRYPT /* async encrypt not available here, so block till done */ ret = wc_AsyncWait(ret, &aes->asyncDev, WC_ASYNC_FLAG_NONE); @@ -8423,8 +8439,9 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key, if (ret == 0) { ret = wc_AesGcmSetKey(aes, key, (word32)keySz); if (ret == 0) { - ret = wc_AesGcmDecrypt(aes, out, in, (word32)inSz, iv, ivSz, - authTag, authTagSz, aad, aadSz); + ret = wc_AesGcmDecrypt(aes, out, in, (word32)inSz, iv, + (word32)ivSz, authTag, authTagSz, + aad, aadSz); #ifdef WOLFSSL_ASYNC_CRYPT /* async decrypt not available here, so block till done */ ret = wc_AsyncWait(ret, &aes->asyncDev, WC_ASYNC_FLAG_NONE); @@ -8462,8 +8479,9 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key, if (ret == 0) { ret = wc_AesCcmSetKey(aes, key, (word32)keySz); if (ret == 0) { - ret = wc_AesCcmDecrypt(aes, out, in, (word32)inSz, iv, ivSz, - authTag, authTagSz, aad, aadSz); + ret = wc_AesCcmDecrypt(aes, out, in, (word32)inSz, iv, + (word32)ivSz, authTag, authTagSz, + aad, aadSz); #ifdef WOLFSSL_ASYNC_CRYPT /* async decrypt not available here, so block till done */ ret = wc_AsyncWait(ret, &aes->asyncDev, WC_ASYNC_FLAG_NONE); @@ -8617,14 +8635,14 @@ int wc_PKCS7_SetContentType(PKCS7* pkcs7, byte* contentType, word32 sz) /* return size of padded data, padded to blockSz chunks, or negative on error */ int wc_PKCS7_GetPadSize(word32 inputSz, word32 blockSz) { - int padSz; + word32 padSz; if (blockSz == 0) return BAD_FUNC_ARG; padSz = blockSz - (inputSz % blockSz); - return padSz; + return (int)padSz; } @@ -8633,15 +8651,17 @@ int wc_PKCS7_GetPadSize(word32 inputSz, word32 blockSz) int wc_PKCS7_PadData(byte* in, word32 inSz, byte* out, word32 outSz, word32 blockSz) { - int i, padSz; + int ret; + word32 i, padSz; if (in == NULL || inSz == 0 || out == NULL || outSz == 0) return BAD_FUNC_ARG; - padSz = wc_PKCS7_GetPadSize(inSz, blockSz); - if (padSz < 0) - return padSz; + ret = wc_PKCS7_GetPadSize(inSz, blockSz); + if (ret < 0) + return ret; + padSz = (word32)ret; if (outSz < (inSz + padSz)) return BAD_FUNC_ARG; @@ -8652,7 +8672,7 @@ int wc_PKCS7_PadData(byte* in, word32 inSz, byte* out, word32 outSz, out[inSz + i] = (byte)padSz; } - return inSz + padSz; + return (int)(inSz + padSz); } @@ -8713,8 +8733,8 @@ int wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt oriEncryptCb, oriTypeLenSz = (int)SetLength(oriTypeSz, oriTypeLen); - recipSeqSz = SetImplicit(ASN_SEQUENCE, 4, 1 + oriTypeLenSz + oriTypeSz + - oriValueSz, recipSeq, 0); + recipSeqSz = SetImplicit(ASN_SEQUENCE, 4, 1 + (word32)oriTypeLenSz + + oriTypeSz + oriValueSz, recipSeq, 0); idx = 0; XMEMCPY(recip->recip + idx, recipSeq, recipSeqSz); @@ -8722,8 +8742,8 @@ int wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt oriEncryptCb, /* oriType */ recip->recip[idx] = ASN_OBJECT_ID; idx += 1; - XMEMCPY(recip->recip + idx, oriTypeLen, oriTypeLenSz); - idx += oriTypeLenSz; + XMEMCPY(recip->recip + idx, oriTypeLen, (word32)oriTypeLenSz); + idx += (word32)oriTypeLenSz; XMEMCPY(recip->recip + idx, oriType, oriTypeSz); idx += oriTypeSz; /* oriValue, input MUST already be ASN.1 encoded */ @@ -8768,8 +8788,8 @@ static int wc_PKCS7_GenerateKEK_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen, case PBKDF2_OID: - ret = wc_PBKDF2(out, passwd, (int)pLen, salt, saltSz, iterations, - (int)outSz, prfOID); + ret = wc_PBKDF2(out, passwd, (int)pLen, salt, (int)saltSz, + iterations, (int)outSz, prfOID); if (ret != 0) { return ret; } @@ -8811,12 +8831,12 @@ static int wc_PKCS7_PwriKek_KeyWrap(PKCS7* pkcs7, const byte* kek, word32 kekSz, } /* get pad bytes needed to block boundary */ - padSz = blockSz - ((4 + cekSz) % blockSz); - outLen = 4 + cekSz + padSz; + padSz = (word32)blockSz - ((4 + cekSz) % (word32)blockSz); + outLen = (int)(4 + cekSz + padSz); /* must be at least two blocks long */ if (outLen < 2 * blockSz) - padSz += blockSz; + padSz += (word32)blockSz; /* if user set out to NULL, give back required length */ if (out == NULL) { @@ -8901,7 +8921,7 @@ static int wc_PKCS7_PwriKek_KeyUnWrap(PKCS7* pkcs7, const byte* kek, } /* input needs to be blockSz multiple and at least 2 * blockSz */ - if (((inSz % blockSz) != 0) || (inSz < (2 * (word32)blockSz))) { + if (((inSz % (word32)blockSz) != 0) || (inSz < (2 * (word32)blockSz))) { WOLFSSL_MSG("PWRI-KEK unwrap input must of block size and >= 2 " "times block size"); XFREE(outTmp, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -8921,15 +8941,15 @@ static int wc_PKCS7_PwriKek_KeyUnWrap(PKCS7* pkcs7, const byte* kek, /* using last decrypted block as IV, decrypt [0 ... n-1] blocks */ lastBlock = outTmp + inSz - blockSz; ret = wc_PKCS7_DecryptContent(pkcs7, algID, (byte*)kek, (int)kekSz, - lastBlock, blockSz, NULL, 0, NULL, 0, (byte*)in, inSz - blockSz, - outTmp, pkcs7->devId, pkcs7->heap); + lastBlock, blockSz, NULL, 0, NULL, 0, (byte*)in, + (int)inSz - blockSz, outTmp, pkcs7->devId, pkcs7->heap); } if (ret == 0) { /* decrypt using original kek and iv */ ret = wc_PKCS7_DecryptContent(pkcs7, algID, (byte*)kek, (int)kekSz, - (byte*)iv, ivSz, NULL, 0, NULL, 0, outTmp, inSz, outTmp, - pkcs7->devId, pkcs7->heap); + (byte*)iv, (int)ivSz, NULL, 0, NULL, 0, outTmp, (int)inSz, + outTmp, pkcs7->devId, pkcs7->heap); } if (ret != 0) { @@ -9064,7 +9084,7 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen, if (recip == NULL) return MEMORY_E; - kek = (byte*)XMALLOC(kekKeySz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + kek = (byte*)XMALLOC((word32)kekKeySz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (kek == NULL) { XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return MEMORY_E; @@ -9080,7 +9100,7 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen, encryptedKeySz = MAX_ENCRYPTED_KEY_SZ; XMEMSET(recip, 0, sizeof(Pkcs7EncodedRecip)); - XMEMSET(kek, 0, kekKeySz); + XMEMSET(kek, 0, (word32)kekKeySz); XMEMSET(encryptedKey, 0, encryptedKeySz); /* generate KEK: expand password into KEK */ @@ -9112,12 +9132,12 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen, /* put together IV OCTET STRING */ ivOctetStringSz = SetOctetString((word32)kekBlockSz, ivOctetString); - totalSz += (ivOctetStringSz + kekBlockSz); + totalSz += (ivOctetStringSz + (word32)kekBlockSz); /* set PWRIAlgorithms AlgorithmIdentifier, adding (ivOctetStringSz + blockKeySz) for IV OCTET STRING */ pwriEncAlgoIdSz = SetAlgoID(encryptOID, pwriEncAlgoId, - oidBlkType, ivOctetStringSz + kekBlockSz); + oidBlkType, (int)ivOctetStringSz + kekBlockSz); totalSz += pwriEncAlgoIdSz; /* set KeyEncryptionAlgorithms OID */ @@ -9133,7 +9153,7 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen, /* KeyEncryptionAlgorithm SEQ */ keyEncAlgoIdSeqSz = SetSequence(keyEncAlgoIdSz + pwriEncAlgoIdSz + - ivOctetStringSz + kekBlockSz, + ivOctetStringSz + (word32)kekBlockSz, keyEncAlgoIdSeq); totalSz += keyEncAlgoIdSeqSz; @@ -9209,8 +9229,8 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen, idx += pwriEncAlgoIdSz; XMEMCPY(recip->recip + idx, ivOctetString, ivOctetStringSz); idx += ivOctetStringSz; - XMEMCPY(recip->recip + idx, tmpIv, kekBlockSz); - idx += kekBlockSz; + XMEMCPY(recip->recip + idx, tmpIv, (word32)kekBlockSz); + idx += (word32)kekBlockSz; XMEMCPY(recip->recip + idx, encKeyOctetStr, encKeyOctetStrSz); idx += encKeyOctetStrSz; XMEMCPY(recip->recip + idx, encryptedKey, encryptedKeySz); @@ -9345,7 +9365,7 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek, } #endif encryptedKeySz = MAX_ENCRYPTED_KEY_SZ; - XMEMSET(encryptedKey, 0, encryptedKeySz); + XMEMSET(encryptedKey, 0, (word32)encryptedKeySz); #ifndef NO_AES direction = AES_ENCRYPTION; @@ -9373,7 +9393,7 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek, } encKeyOctetStrSz = SetOctetString((word32)encryptedKeySz, encKeyOctetStr); - totalSz += (encKeyOctetStrSz + encryptedKeySz); + totalSz += (encKeyOctetStrSz + (word32)encryptedKeySz); /* KeyEncryptionAlgorithmIdentifier */ encAlgoIdSz = SetAlgoID(keyWrapOID, encAlgoId, oidKeyWrapType, 0); @@ -9395,7 +9415,7 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek, #endif return timeSz; } - totalSz += timeSz; + totalSz += (word32)timeSz; } #endif @@ -9406,7 +9426,7 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek, } /* KEKIdentifier SEQ */ - kekIdSeqSz = SetSequence(kekIdOctetStrSz + keyIdSz + timeSz + + kekIdSeqSz = SetSequence(kekIdOctetStrSz + keyIdSz + (word32)timeSz + otherAttSeqSz + otherOIDSz + otherSz, kekIdSeq); totalSz += kekIdSeqSz; @@ -9439,8 +9459,8 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek, XMEMCPY(recip->recip + idx, keyId, keyIdSz); idx += keyIdSz; if (timePtr != NULL) { - XMEMCPY(recip->recip + idx, genTime, timeSz); - idx += timeSz; + XMEMCPY(recip->recip + idx, genTime, (word32)timeSz); + idx += (word32)timeSz; } if (other != NULL && otherSz > 0) { XMEMCPY(recip->recip + idx, otherAttSeq, otherAttSeqSz); @@ -9454,8 +9474,8 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek, idx += encAlgoIdSz; XMEMCPY(recip->recip + idx, encKeyOctetStr, encKeyOctetStrSz); idx += encKeyOctetStrSz; - XMEMCPY(recip->recip + idx, encryptedKey, encryptedKeySz); - idx += encryptedKeySz; + XMEMCPY(recip->recip + idx, encryptedKey, (word32)encryptedKeySz); + idx += (word32)encryptedKeySz; #ifdef WOLFSSL_SMALL_STACK XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -9683,20 +9703,21 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) return padSz; } - encryptedOutSz = pkcs7->contentSz + padSz; + encryptedOutSz = (int)pkcs7->contentSz + padSz; #ifdef ASN_BER_TO_DER if (pkcs7->getContentCb == NULL) #endif { - plain = (byte*)XMALLOC(encryptedOutSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + plain = (byte*)XMALLOC((word32)encryptedOutSz, pkcs7->heap, + DYNAMIC_TYPE_PKCS7); if (plain == NULL) { wc_PKCS7_FreeEncodedRecipientSet(pkcs7); return MEMORY_E; } ret = wc_PKCS7_PadData(pkcs7->content, pkcs7->contentSz, plain, - (word32)encryptedOutSz, blockSz); + (word32)encryptedOutSz, (word32)blockSz); if (ret < 0) { XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); wc_PKCS7_FreeEncodedRecipientSet(pkcs7); @@ -9709,7 +9730,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) if (pkcs7->streamOutCb == NULL) #endif { - encryptedContent = (byte*)XMALLOC(encryptedOutSz, pkcs7->heap, + encryptedContent = (byte*)XMALLOC((word32)encryptedOutSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (encryptedContent == NULL) { XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -9735,9 +9756,9 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) encContentOctetSz = (int)SetImplicit(ASN_OCTET_STRING, 0, (word32)encryptedOutSz, encContentOctet, pkcs7->encodeStream); - encContentSeqSz = (int)SetSequenceEx(contentTypeSz + contentEncAlgoSz + - ivOctetStringSz + blockSz + - encContentOctetSz + encryptedOutSz, + encContentSeqSz = (int)SetSequenceEx((word32)(contentTypeSz + + contentEncAlgoSz + ivOctetStringSz + blockSz + + encContentOctetSz + encryptedOutSz), encContentSeq, pkcs7->encodeStream); /* keep track of sizes for outer wrapper layering */ @@ -9757,8 +9778,9 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) totalSz += ASN_INDEF_END_SZ; /* account for asn1 syntax around octet strings */ - StreamOctetString(NULL, (word32)encryptedOutSz, NULL, &streamSz, &tmpIdx); - totalSz += (streamSz - encryptedOutSz); + StreamOctetString(NULL, (word32)encryptedOutSz, NULL, &streamSz, + &tmpIdx); + totalSz += ((int)streamSz - encryptedOutSz); /* resize encrypted content buffer */ if (encryptedContent != NULL) { @@ -9842,7 +9864,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) while (tmpRecip != NULL) { wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, tmpRecip->recip, tmpRecip->recipSz); - idx += tmpRecip->recipSz; + idx += (int)tmpRecip->recipSz; tmpRecip = tmpRecip->next; } wc_PKCS7_FreeEncodedRecipientSet(pkcs7); @@ -9868,7 +9890,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) /* encrypt content */ ret = wc_PKCS7_EncryptContent(pkcs7, pkcs7->encryptOID, pkcs7->cek, - pkcs7->cekSz, tmpIv, blockSz, NULL, 0, NULL, 0, plain, + (int)pkcs7->cekSz, tmpIv, blockSz, NULL, 0, NULL, 0, plain, encryptedOutSz, encryptedContent); if (ret != 0) { XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -9890,7 +9912,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) wc_PKCS7_WriteOut(pkcs7, (output)? output + idx : NULL, encryptedContent, streamSz); } - idx += streamSz; + idx += (int)streamSz; /* end of encrypted content */ localIdx += SetIndefEnd(indefEnd + localIdx); @@ -9909,13 +9931,13 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, indefEnd, localIdx); - idx += localIdx; + idx += (int)localIdx; } else #endif { wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, - encryptedContent, encryptedOutSz); + encryptedContent, (word32)encryptedOutSz); idx += encryptedOutSz; } @@ -10061,7 +10083,8 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz, return ASN_PARSE_E; /* if we found correct recipient, issuer hashes will match */ - if (XMEMCMP(issuerHash, pkcs7->issuerHash, keyIdSize) == 0) { + if (XMEMCMP(issuerHash, pkcs7->issuerHash, + (word32)keyIdSize) == 0) { *recipFound = 1; } @@ -10114,10 +10137,10 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz, /* if we found correct recipient, SKID will match */ if (XMEMCMP(pkiMsg + (*idx), pkcs7->issuerSubjKeyId, - keyIdSize) == 0) { + (word32)keyIdSize) == 0) { *recipFound = 1; } - (*idx) += keyIdSize; + (*idx) += (word32)keyIdSize; } if (GetAlgoId(pkiMsg, idx, &encOID, oidKeyType, pkiMsgSz) < 0) @@ -10178,14 +10201,14 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz, #endif /* Always allocate to ensure aligned use with RSA */ - encryptedKey = (byte*)XMALLOC(encryptedKeySz, pkcs7->heap, + encryptedKey = (byte*)XMALLOC((word32)encryptedKeySz, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT); if (encryptedKey == NULL) return MEMORY_E; if (*recipFound == 1) - XMEMCPY(encryptedKey, &pkiMsg[*idx], encryptedKeySz); - *idx += encryptedKeySz; + XMEMCPY(encryptedKey, &pkiMsg[*idx], (word32)encryptedKeySz); + *idx += (word32)encryptedKeySz; /* load private key */ #ifdef WOLFSSL_SMALL_STACK @@ -10300,7 +10323,7 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz, return keySz; } else { *decryptedKeySz = (word32)keySz; - XMEMCPY(decryptedKey, outKey, keySz); + XMEMCPY(decryptedKey, outKey, (word32)keySz); ForceZero(encryptedKey, (word32)encryptedKeySz); } @@ -10406,15 +10429,16 @@ static int wc_PKCS7_KariGetOriginatorIdentifierOrKey(WC_PKCS7_KARI* kari, kari->senderKeyInit = 1; /* length-1 for unused bits counter */ - ret = wc_ecc_import_x963_ex(pkiMsg + (*idx), length - 1, kari->senderKey, - curve_id); + ret = wc_ecc_import_x963_ex(pkiMsg + (*idx), (word32)length - 1, + kari->senderKey, curve_id); if (ret != 0) { - ret = wc_EccPublicKeyDecode(pkiMsg, idx, kari->senderKey, *idx + length - 1); + ret = wc_EccPublicKeyDecode(pkiMsg, idx, kari->senderKey, + *idx + (word32)length - 1); if (ret != 0) return ret; } else { - (*idx) += length - 1; + (*idx) += (word32)(length - 1); } return 0; @@ -10467,15 +10491,16 @@ static int wc_PKCS7_KariGetUserKeyingMaterial(WC_PKCS7_KARI* kari, kari->ukm = NULL; if (length > 0) { - kari->ukm = (byte*)XMALLOC(length, kari->heap, DYNAMIC_TYPE_PKCS7); + kari->ukm = (byte*)XMALLOC((word32)length, kari->heap, + DYNAMIC_TYPE_PKCS7); if (kari->ukm == NULL) return MEMORY_E; - XMEMCPY(kari->ukm, pkiMsg + (*idx), length); + XMEMCPY(kari->ukm, pkiMsg + (*idx), (word32)length); kari->ukmOwner = 1; } - (*idx) += length; + (*idx) += (word32)length; kari->ukmSz = (word32)length; return 0; @@ -10507,7 +10532,7 @@ static int wc_PKCS7_KariGetKeyEncryptionAlgorithmId(WC_PKCS7_KARI* kari, return ASN_PARSE_E; } - if (localIdx < *idx + length) { + if (localIdx < *idx + (word32)length) { *idx = localIdx; } /* remove KeyWrapAlgorithm, stored in parameter of KeyEncAlgoId */ @@ -10566,11 +10591,11 @@ static int wc_PKCS7_KariGetSubjectKeyIdentifier(WC_PKCS7_KARI* kari, if (length != keyIdSize) return ASN_PARSE_E; - XMEMCPY(rid, pkiMsg + (*idx), keyIdSize); - (*idx) += length; + XMEMCPY(rid, pkiMsg + (*idx), (word32)keyIdSize); + (*idx) += (word32)length; /* subject key id should match if recipient found */ - if (XMEMCMP(rid, kari->decoded->extSubjKeyId, keyIdSize) == 0) { + if (XMEMCMP(rid, kari->decoded->extSubjKeyId, (word32)keyIdSize) == 0) { *recipFound = 1; } @@ -10616,7 +10641,7 @@ static int wc_PKCS7_KariGetIssuerAndSerialNumber(WC_PKCS7_KARI* kari, /* if we found correct recipient, issuer hashes will match */ if (kari->decodedInit == 1) { - if (XMEMCMP(rid, kari->decoded->issuerHash, keyIdSize) == 0) { + if (XMEMCMP(rid, kari->decoded->issuerHash, (word32)keyIdSize) == 0) { *recipFound = 1; } } @@ -10651,7 +10676,7 @@ static int wc_PKCS7_KariGetIssuerAndSerialNumber(WC_PKCS7_KARI* kari, ret = mp_init(recipSerial); if (ret == MP_OKAY) ret = mp_read_unsigned_bin(recipSerial, kari->decoded->serial, - kari->decoded->serialSz); + (word32)kari->decoded->serialSz); if (ret != MP_OKAY) { mp_clear(serial); WOLFSSL_MSG("Failed to parse CMS recipient serial number"); @@ -10743,9 +10768,9 @@ static int wc_PKCS7_KariGetRecipientEncryptedKeys(WC_PKCS7_KARI* kari, if (length > *encryptedKeySz) return BUFFER_E; - XMEMCPY(encryptedKey, pkiMsg + (*idx), length); + XMEMCPY(encryptedKey, pkiMsg + (*idx), (word32)length); *encryptedKeySz = length; - (*idx) += length; + (*idx) += (word32)length; return 0; } @@ -10856,12 +10881,12 @@ static int wc_PKCS7_DecryptOri(PKCS7* pkcs7, byte* in, word32 inSz, if (GetASNObjectId(pkiMsg, idx, &oriOIDSz, pkiMsgSz) != 0) return ASN_PARSE_E; - XMEMCPY(oriOID, pkiMsg + *idx, oriOIDSz); - *idx += oriOIDSz; + XMEMCPY(oriOID, pkiMsg + *idx, (word32)oriOIDSz); + *idx += (word32)oriOIDSz; /* get oriValue, increment idx */ oriValue = pkiMsg + *idx; - oriValueSz = seqSz - (*idx - tmpIdx); + oriValueSz = (word32)seqSz - (*idx - tmpIdx); *idx += oriValueSz; /* pass oriOID and oriValue to user callback, expect back @@ -10969,12 +10994,13 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz, if (GetLength(pkiMsg, idx, &saltSz, pkiMsgSz) < 0) return ASN_PARSE_E; - salt = (byte*)XMALLOC(saltSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + salt = (byte*)XMALLOC((word32)saltSz, pkcs7->heap, + DYNAMIC_TYPE_PKCS7); if (salt == NULL) return MEMORY_E; - XMEMCPY(salt, pkiMsg + (*idx), saltSz); - *idx += saltSz; + XMEMCPY(salt, pkiMsg + (*idx), (word32)saltSz); + *idx += (word32)saltSz; /* get KDF iterations */ if (GetMyVersion(pkiMsg, idx, &iterations, pkiMsgSz) < 0) { @@ -10995,7 +11021,8 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz, } /* get pwriEncAlgoId */ - if (GetAlgoId(pkiMsg, idx, &pwriEncAlgoId, oidBlkType, pkiMsgSz) < 0) { + if (GetAlgoId(pkiMsg, idx, &pwriEncAlgoId, oidBlkType, + pkiMsgSz) < 0) { XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return ASN_PARSE_E; } @@ -11035,8 +11062,8 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz, return ASN_PARSE_E; } - XMEMCPY(tmpIv, pkiMsg + (*idx), length); - *idx += length; + XMEMCPY(tmpIv, pkiMsg + (*idx), (word32)length); + *idx += (word32)length; /* get EncryptedKey */ if (GetASNTag(pkiMsg, idx, &tag, pkiMsgSz) < 0) { @@ -11063,7 +11090,8 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz, } /* generate KEK */ - kek = (byte*)XMALLOC(kekKeySz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + kek = (byte*)XMALLOC((word32)kekKeySz, pkcs7->heap, + DYNAMIC_TYPE_PKCS7); if (kek == NULL) { XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(cek, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -11071,8 +11099,8 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz, } ret = wc_PKCS7_GenerateKEK_PWRI(pkcs7, pkcs7->pass, pkcs7->passSz, - salt, (word32)saltSz, kdfAlgoId, hashOID, - iterations, kek, (word32)kekKeySz); + salt, (word32)saltSz, (int)kdfAlgoId, hashOID, + iterations, kek, (word32)kekKeySz); if (ret < 0) { XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -11082,8 +11110,8 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz, /* decrypt CEK with KEK */ ret = wc_PKCS7_PwriKek_KeyUnWrap(pkcs7, kek, (word32)kekKeySz, - pkiMsg + (*idx), (word32)length, cek, - cekSz, tmpIv, (word32)blockSz, + pkiMsg + (*idx), (word32)length, + cek, cekSz, tmpIv, (word32)blockSz, (int)pwriEncAlgoId); if (ret < 0) { XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -11110,7 +11138,7 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz, /* mark recipFound, since we only support one RecipientInfo for now */ *recipFound = 1; - *idx += length; + *idx += (word32)length; #ifndef NO_PKCS7_STREAM if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, idx)) != 0) { break; @@ -11188,7 +11216,7 @@ static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz, &dateLen) != 0) { return ASN_PARSE_E; } - *idx += (dateLen + 1); + *idx += (word32)(dateLen + 1); } if (*idx > pkiMsgSz) { @@ -11204,7 +11232,7 @@ static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz, return ASN_PARSE_E; /* skip it */ - *idx += length; + *idx += (word32)length; } if (*idx > pkiMsgSz) { @@ -11250,7 +11278,7 @@ static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz, /* mark recipFound, since we only support one RecipientInfo for now */ *recipFound = 1; - *idx += length; + *idx += (word32)length; #ifndef NO_PKCS7_STREAM if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, idx)) != 0) { @@ -12297,8 +12325,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in, ret = 0; #endif - XMEMCPY(tmpIv, &pkiMsg[idx], length); - idx += length; + XMEMCPY(tmpIv, &pkiMsg[idx], (word32)length); + idx += (word32)length; explicitOctet = 0; localIdx = idx; @@ -12358,7 +12386,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in, * consecutive OCTET STRINGs, if so loop through * collecting and caching encrypted content bytes */ localIdx = idx; - while (idx < (localIdx + encryptedContentTotalSz)) { + while (idx < (localIdx + (word32)encryptedContentTotalSz)) { if (GetASNTag(pkiMsg, &idx, &tag, pkiMsgSz) < 0) { ret = ASN_PARSE_E; @@ -12383,7 +12411,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in, } /* advance idx past encrypted content */ - idx += encryptedContentSz; + idx += (word32)encryptedContentSz; } if (ret != 0) { @@ -12397,7 +12425,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in, if (ret != 0) { break; } - idx += encryptedContentTotalSz; + idx += (word32)encryptedContentTotalSz; } /* use cached content */ @@ -12421,7 +12449,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in, ret = BUFFER_E; break; } - XMEMCPY(output, encryptedContent, encryptedContentSz - padLen); + XMEMCPY(output, encryptedContent, + (word32)encryptedContentSz - padLen); /* free memory, zero out keys */ ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ); @@ -12729,17 +12758,18 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, contentTypeAttrib.valueSz = pkcs7->contentTypeSz; } - authAttribsSz += EncodeAttributes(authAttribs, 1, - &contentTypeAttrib, 1); + authAttribsSz += (word32)EncodeAttributes(authAttribs, 1, + &contentTypeAttrib, 1); authAttribsCount += 1; } /* authAttribs: add in user authenticated attributes */ if (pkcs7->authAttribs != NULL && pkcs7->authAttribsSz > 0) { - authAttribsSz += EncodeAttributes(authAttribs + authAttribsCount, - MAX_AUTH_ATTRIBS_SZ - authAttribsCount, + authAttribsSz += (word32)EncodeAttributes( + authAttribs + authAttribsCount, + (int)(MAX_AUTH_ATTRIBS_SZ - authAttribsCount), pkcs7->authAttribs, - pkcs7->authAttribsSz); + (int)pkcs7->authAttribsSz); authAttribsCount += pkcs7->authAttribsSz; } @@ -12787,10 +12817,11 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, /* build up unauthenticated attributes (unauthAttrs) */ if (pkcs7->unauthAttribsSz > 0) { - unauthAttribsSz = EncodeAttributes(unauthAttribs + unauthAttribsCount, - MAX_UNAUTH_ATTRIBS_SZ - unauthAttribsCount, - pkcs7->unauthAttribs, - pkcs7->unauthAttribsSz); + unauthAttribsSz = (word32)EncodeAttributes( + unauthAttribs + unauthAttribsCount, + (int)(MAX_UNAUTH_ATTRIBS_SZ - unauthAttribsCount), + pkcs7->unauthAttribs, + (int)pkcs7->unauthAttribsSz); unauthAttribsCount = pkcs7->unauthAttribsSz; flatUnauthAttribs = (byte*)XMALLOC(unauthAttribsSz, pkcs7->heap, @@ -12819,7 +12850,8 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, /* Copy content to plain buffer (zero-padded) to encrypt in full, * contiguous blocks */ - plain = (byte*)XMALLOC(encryptedAllocSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + plain = (byte*)XMALLOC((word32)encryptedAllocSz, pkcs7->heap, + DYNAMIC_TYPE_PKCS7); if (plain == NULL) { wc_PKCS7_FreeEncodedRecipientSet(pkcs7); XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -12830,10 +12862,11 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, XMEMCPY(plain, pkcs7->content, pkcs7->contentSz); if ((encryptedAllocSz - encryptedOutSz) > 0) { - XMEMSET(plain + encryptedOutSz, 0, encryptedAllocSz - encryptedOutSz); + XMEMSET(plain + encryptedOutSz, 0, + (word32)(encryptedAllocSz - encryptedOutSz)); } - encryptedContent = (byte*)XMALLOC(encryptedAllocSz, pkcs7->heap, + encryptedContent = (byte*)XMALLOC((word32)encryptedAllocSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (encryptedContent == NULL) { XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -12846,8 +12879,8 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, /* encrypt content */ ret = wc_PKCS7_EncryptContent(pkcs7, pkcs7->encryptOID, pkcs7->cek, - pkcs7->cekSz, nonce, nonceSz, aadBuffer, aadBufferSz, authTag, - sizeof(authTag), plain, encryptedOutSz, encryptedContent); + (int)pkcs7->cekSz, nonce, (int)nonceSz, aadBuffer, aadBufferSz, + authTag, sizeof(authTag), plain, encryptedOutSz, encryptedContent); XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); plain = NULL; @@ -12883,15 +12916,15 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, macIntSz = (word32)SetMyVersion(sizeof(authTag), macInt, 0); /* add nonce and icv len into parameters string RFC5084 */ - algoParamSeqSz = SetSequence(nonceOctetStringSz + nonceSz + macIntSz, - algoParamSeq); + algoParamSeqSz = SetSequence((word32)nonceOctetStringSz + nonceSz + + macIntSz, algoParamSeq); /* build up our ContentEncryptionAlgorithmIdentifier sequence, * adding (nonceOctetStringSz + blockSz + macIntSz) for nonce OCTET STRING * and tag size */ contentEncAlgoSz = (int)SetAlgoID(pkcs7->encryptOID, contentEncAlgo, - oidBlkType, nonceOctetStringSz + nonceSz + - macIntSz + algoParamSeqSz); + oidBlkType, nonceOctetStringSz + (int)nonceSz + + (int)macIntSz + (int)algoParamSeqSz); if (contentEncAlgoSz == 0) { wc_PKCS7_FreeEncodedRecipientSet(pkcs7); @@ -12903,19 +12936,21 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, encContentOctetSz = (int)SetImplicit(ASN_OCTET_STRING, 0, (word32)encryptedOutSz, encContentOctet, 0); - encContentSeqSz = (int)SetSequence(contentTypeSz + contentEncAlgoSz + - nonceOctetStringSz + nonceSz + macIntSz + - algoParamSeqSz + encContentOctetSz + - encryptedOutSz, encContentSeq); + encContentSeqSz = (int)SetSequence((word32)contentTypeSz + + (word32)contentEncAlgoSz + + (word32)nonceOctetStringSz + nonceSz + macIntSz + + algoParamSeqSz + (word32)encContentOctetSz + + (word32)encryptedOutSz, encContentSeq); macOctetStringSz = (int)SetOctetString(sizeof(authTag), macOctetString); /* keep track of sizes for outer wrapper layering */ - totalSz = verSz + recipSetSz + recipSz + encContentSeqSz + contentTypeSz + - contentEncAlgoSz + nonceOctetStringSz + nonceSz + macIntSz + - algoParamSeqSz + encContentOctetSz + encryptedOutSz + - authAttribsSz + authAttribsSetSz + macOctetStringSz + - sizeof(authTag) + unauthAttribsSz + unauthAttribsSetSz; + totalSz = verSz + recipSetSz + recipSz + encContentSeqSz + + contentTypeSz + contentEncAlgoSz + nonceOctetStringSz + + (int)nonceSz + (int)macIntSz + (int)algoParamSeqSz + + encContentOctetSz + encryptedOutSz + (int)authAttribsSz + + (int)authAttribsSetSz + macOctetStringSz + (int)sizeof(authTag) + + (int)unauthAttribsSz + (int)unauthAttribsSetSz; /* EnvelopedData */ envDataSeqSz = (int)SetSequence((word32)totalSz, envDataSeq); @@ -12939,67 +12974,67 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, return BUFFER_E; } - XMEMCPY(output + idx, contentInfoSeq, contentInfoSeqSz); + XMEMCPY(output + idx, contentInfoSeq, (word32)contentInfoSeqSz); idx += contentInfoSeqSz; - XMEMCPY(output + idx, outerContentType, outerContentTypeSz); + XMEMCPY(output + idx, outerContentType, (word32)outerContentTypeSz); idx += outerContentTypeSz; - XMEMCPY(output + idx, outerContent, outerContentSz); + XMEMCPY(output + idx, outerContent, (word32)outerContentSz); idx += outerContentSz; - XMEMCPY(output + idx, envDataSeq, envDataSeqSz); + XMEMCPY(output + idx, envDataSeq, (word32)envDataSeqSz); idx += envDataSeqSz; - XMEMCPY(output + idx, ver, verSz); + XMEMCPY(output + idx, ver, (word32)verSz); idx += verSz; - XMEMCPY(output + idx, recipSet, recipSetSz); + XMEMCPY(output + idx, recipSet, (word32)recipSetSz); idx += recipSetSz; /* copy in recipients from list */ tmpRecip = pkcs7->recipList; while (tmpRecip != NULL) { XMEMCPY(output + idx, tmpRecip->recip, tmpRecip->recipSz); - idx += tmpRecip->recipSz; + idx += (int)tmpRecip->recipSz; tmpRecip = tmpRecip->next; } wc_PKCS7_FreeEncodedRecipientSet(pkcs7); - XMEMCPY(output + idx, encContentSeq, encContentSeqSz); + XMEMCPY(output + idx, encContentSeq, (word32)encContentSeqSz); idx += encContentSeqSz; - XMEMCPY(output + idx, contentType, contentTypeSz); + XMEMCPY(output + idx, contentType, (word32)contentTypeSz); idx += contentTypeSz; - XMEMCPY(output + idx, contentEncAlgo, contentEncAlgoSz); + XMEMCPY(output + idx, contentEncAlgo, (word32)contentEncAlgoSz); idx += contentEncAlgoSz; XMEMCPY(output + idx, algoParamSeq, algoParamSeqSz); - idx += algoParamSeqSz; - XMEMCPY(output + idx, nonceOctetString, nonceOctetStringSz); + idx += (int)algoParamSeqSz; + XMEMCPY(output + idx, nonceOctetString, (word32)nonceOctetStringSz); idx += nonceOctetStringSz; XMEMCPY(output + idx, nonce, nonceSz); - idx += nonceSz; + idx += (int)nonceSz; XMEMCPY(output + idx, macInt, macIntSz); - idx += macIntSz; + idx += (int)macIntSz; - XMEMCPY(output + idx, encContentOctet, encContentOctetSz); + XMEMCPY(output + idx, encContentOctet, (word32)encContentOctetSz); idx += encContentOctetSz; - XMEMCPY(output + idx, encryptedContent, encryptedOutSz); + XMEMCPY(output + idx, encryptedContent, (word32)encryptedOutSz); idx += encryptedOutSz; /* authenticated attributes */ if (flatAuthAttribs && authAttribsSz > 0) { XMEMCPY(output + idx, authAttribSet, authAttribsSetSz); - idx += authAttribsSetSz; + idx += (int)authAttribsSetSz; XMEMCPY(output + idx, flatAuthAttribs, authAttribsSz); - idx += authAttribsSz; + idx += (int)authAttribsSz; XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); } - XMEMCPY(output + idx, macOctetString, macOctetStringSz); + XMEMCPY(output + idx, macOctetString, (word32)macOctetStringSz); idx += macOctetStringSz; XMEMCPY(output + idx, authTag, sizeof(authTag)); - idx += sizeof(authTag); + idx += (int)sizeof(authTag); /* unauthenticated attributes */ if (unauthAttribsSz > 0) { XMEMCPY(output + idx, unauthAttribSet, unauthAttribsSetSz); - idx += unauthAttribsSetSz; + idx += (int)unauthAttribsSetSz; XMEMCPY(output + idx, flatUnauthAttribs, unauthAttribsSz); - idx += unauthAttribsSz; + idx += (int)unauthAttribsSz; } XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -13246,8 +13281,8 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, } if (ret == 0) { - XMEMCPY(nonce, &pkiMsg[idx], nonceSz); - idx += nonceSz; + XMEMCPY(nonce, &pkiMsg[idx], (word32)nonceSz); + idx += (word32)nonceSz; } /* get mac size, also stored in OPTIONAL parameter of AlgoID */ @@ -13302,14 +13337,14 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, /* store nonce for later */ if (nonceSz > 0) { pkcs7->stream->nonceSz = (word32)nonceSz; - pkcs7->stream->nonce = (byte*)XMALLOC(nonceSz, pkcs7->heap, - DYNAMIC_TYPE_PKCS7); + pkcs7->stream->nonce = (byte*)XMALLOC((word32)nonceSz, + pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (pkcs7->stream->nonce == NULL) { ret = MEMORY_E; break; } else { - XMEMCPY(pkcs7->stream->nonce, nonce, nonceSz); + XMEMCPY(pkcs7->stream->nonce, nonce, (word32)nonceSz); } } @@ -13358,15 +13393,16 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, encryptedContentSz + expBlockSz - (encryptedContentSz % expBlockSz) : encryptedContentSz; - encryptedContent = (byte*)XMALLOC(encryptedAllocSz, pkcs7->heap, - DYNAMIC_TYPE_PKCS7); + encryptedContent = (byte*)XMALLOC((word32)encryptedAllocSz, + pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (ret == 0 && encryptedContent == NULL) { ret = MEMORY_E; } if (ret == 0) { - XMEMCPY(encryptedContent, &pkiMsg[idx], encryptedContentSz); - idx += encryptedContentSz; + XMEMCPY(encryptedContent, &pkiMsg[idx], + (word32)encryptedContentSz); + idx += (word32)encryptedContentSz; } #ifndef NO_PKCS7_STREAM pkcs7->stream->bufferPt = encryptedContent; @@ -13385,7 +13421,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, #ifndef NO_PKCS7_STREAM pkcs7->stream->expected = (word32)length; #endif - encodedAttribSz = length + (idx - encodedAttribIdx); + encodedAttribSz = (word32)length + (idx - encodedAttribIdx); if (ret != 0) break; @@ -13442,12 +13478,12 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, break; } - idx += length; + idx += (word32)length; #ifndef NO_PKCS7_STREAM if (encodedAttribSz > 0) { - XMEMCPY(pkcs7->stream->aad + (encodedAttribSz - length), - authAttrib, authAttribSz); + XMEMCPY(pkcs7->stream->aad + (encodedAttribSz - (word32)length), + authAttrib, (word32)authAttribSz); } if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, &idx)) != 0) { break; @@ -13491,8 +13527,8 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, } if (ret == 0) { - XMEMCPY(authTag, &pkiMsg[idx], authTagSz); - idx += authTagSz; + XMEMCPY(authTag, &pkiMsg[idx], (word32)authTagSz); + idx += (word32)authTagSz; } if (ret == 0 && authAttrib != NULL) { @@ -13517,14 +13553,14 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, /* store tag for later */ if (authTagSz > 0) { pkcs7->stream->tagSz = (word32)authTagSz; - pkcs7->stream->tag = (byte*)XMALLOC(authTagSz, pkcs7->heap, - DYNAMIC_TYPE_PKCS7); + pkcs7->stream->tag = (byte*)XMALLOC((word32)authTagSz, + pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (pkcs7->stream->tag == NULL) { ret = MEMORY_E; break; } else { - XMEMCPY(pkcs7->stream->tag, authTag, authTagSz); + XMEMCPY(pkcs7->stream->tag, authTag, (word32)authTagSz); } } @@ -13548,7 +13584,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, break; } else { - XMEMCPY(nonce, pkcs7->stream->nonce, nonceSz); + XMEMCPY(nonce, pkcs7->stream->nonce, (word32)nonceSz); } } @@ -13560,7 +13596,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, break; } else { - XMEMCPY(authTag, pkcs7->stream->tag, authTagSz); + XMEMCPY(authTag, pkcs7->stream->tag, (word32)authTagSz); } } @@ -13580,8 +13616,9 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, /* decrypt encryptedContent */ ret = wc_PKCS7_DecryptContent(pkcs7, (int)encOID, decryptedKey, blockKeySz, nonce, nonceSz, encodedAttribs, encodedAttribSz, - authTag, (word32)authTagSz, encryptedContent, encryptedContentSz, - encryptedContent, pkcs7->devId, pkcs7->heap); + authTag, (word32)authTagSz, encryptedContent, + encryptedContentSz, encryptedContent, pkcs7->devId, + pkcs7->heap); if (ret != 0) { XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return ret; @@ -13593,7 +13630,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, } /* copy plaintext to output */ - XMEMCPY(output, encryptedContent, encryptedContentSz); + XMEMCPY(output, encryptedContent, (word32)encryptedContentSz); /* free memory, zero out keys */ ForceZero(encryptedContent, (word32)encryptedContentSz); @@ -13736,21 +13773,21 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz) if (padSz < 0) return padSz; - encryptedOutSz = pkcs7->contentSz + padSz; + encryptedOutSz = (int)pkcs7->contentSz + padSz; - plain = (byte*)XMALLOC(encryptedOutSz, pkcs7->heap, + plain = (byte*)XMALLOC((word32)encryptedOutSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (plain == NULL) return MEMORY_E; ret = wc_PKCS7_PadData(pkcs7->content, pkcs7->contentSz, plain, - (word32)encryptedOutSz, blockSz); + (word32)encryptedOutSz, (word32)blockSz); if (ret < 0) { XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return ret; } - encryptedContent = (byte*)XMALLOC(encryptedOutSz, pkcs7->heap, + encryptedContent = (byte*)XMALLOC((word32)encryptedOutSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (encryptedContent == NULL) { XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -13780,8 +13817,8 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz) } ret = wc_PKCS7_EncryptContent(pkcs7, pkcs7->encryptOID, - pkcs7->encryptionKey, pkcs7->encryptionKeySz, tmpIv, blockSz, NULL, - 0, NULL, 0, plain, encryptedOutSz, encryptedContent); + pkcs7->encryptionKey, (int)pkcs7->encryptionKeySz, tmpIv, blockSz, + NULL, 0, NULL, 0, plain, encryptedOutSz, encryptedContent); if (ret != 0) { XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -13791,9 +13828,9 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz) encContentOctetSz = (int)SetImplicit(ASN_OCTET_STRING, 0, (word32)encryptedOutSz, encContentOctet, 0); - encContentSeqSz = (int)SetSequence(contentTypeSz + contentEncAlgoSz + - ivOctetStringSz + blockSz + - encContentOctetSz + encryptedOutSz, + encContentSeqSz = (int)SetSequence((word32)(contentTypeSz + + contentEncAlgoSz + ivOctetStringSz + blockSz + + encContentOctetSz + encryptedOutSz), encContentSeq); /* optional UnprotectedAttributes */ @@ -13815,11 +13852,13 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz) } attribsCount = pkcs7->unprotectedAttribsSz; - attribsSz = EncodeAttributes(attribs, pkcs7->unprotectedAttribsSz, + attribsSz = (word32)EncodeAttributes(attribs, + (int)pkcs7->unprotectedAttribsSz, pkcs7->unprotectedAttribs, - pkcs7->unprotectedAttribsSz); + (int)pkcs7->unprotectedAttribsSz); - flatAttribs = (byte*)XMALLOC(attribsSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + flatAttribs = (byte*)XMALLOC(attribsSz, pkcs7->heap, + DYNAMIC_TYPE_PKCS7); if (flatAttribs == NULL) { XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -13845,7 +13884,7 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz) /* keep track of sizes for outer wrapper layering */ totalSz = verSz + encContentSeqSz + contentTypeSz + contentEncAlgoSz + ivOctetStringSz + blockSz + encContentOctetSz + encryptedOutSz + - attribsSz + attribsSetSz; + (int)attribsSz + (int)attribsSetSz; /* EncryptedData */ encDataSeqSz = (int)SetSequence((word32)totalSz, encDataSeq); @@ -13873,36 +13912,36 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz) return BUFFER_E; } - XMEMCPY(output + idx, contentInfoSeq, contentInfoSeqSz); + XMEMCPY(output + idx, contentInfoSeq, (word32)contentInfoSeqSz); idx += contentInfoSeqSz; - XMEMCPY(output + idx, outerContentType, outerContentTypeSz); + XMEMCPY(output + idx, outerContentType, (word32)outerContentTypeSz); idx += outerContentTypeSz; - XMEMCPY(output + idx, outerContent, outerContentSz); + XMEMCPY(output + idx, outerContent, (word32)outerContentSz); idx += outerContentSz; - XMEMCPY(output + idx, encDataSeq, encDataSeqSz); + XMEMCPY(output + idx, encDataSeq, (word32)encDataSeqSz); idx += encDataSeqSz; - XMEMCPY(output + idx, ver, verSz); + XMEMCPY(output + idx, ver, (word32)verSz); idx += verSz; - XMEMCPY(output + idx, encContentSeq, encContentSeqSz); + XMEMCPY(output + idx, encContentSeq, (word32)encContentSeqSz); idx += encContentSeqSz; - XMEMCPY(output + idx, contentType, contentTypeSz); + XMEMCPY(output + idx, contentType, (word32)contentTypeSz); idx += contentTypeSz; - XMEMCPY(output + idx, contentEncAlgo, contentEncAlgoSz); + XMEMCPY(output + idx, contentEncAlgo, (word32)contentEncAlgoSz); idx += contentEncAlgoSz; - XMEMCPY(output + idx, ivOctetString, ivOctetStringSz); + XMEMCPY(output + idx, ivOctetString, (word32)ivOctetStringSz); idx += ivOctetStringSz; - XMEMCPY(output + idx, tmpIv, blockSz); + XMEMCPY(output + idx, tmpIv, (word32)blockSz); idx += blockSz; - XMEMCPY(output + idx, encContentOctet, encContentOctetSz); + XMEMCPY(output + idx, encContentOctet, (word32)encContentOctetSz); idx += encContentOctetSz; - XMEMCPY(output + idx, encryptedContent, encryptedOutSz); + XMEMCPY(output + idx, encryptedContent, (word32)encryptedOutSz); idx += encryptedOutSz; if (pkcs7->unprotectedAttribsSz != 0) { XMEMCPY(output + idx, attribSet, attribsSetSz); - idx += attribsSetSz; + idx += (int)attribsSetSz; XMEMCPY(output + idx, flatAttribs, attribsSz); - idx += attribsSz; + idx += (int)attribsSz; } XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -14167,8 +14206,8 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz, tmpIv = pkcs7->stream->tmpIv; length = (int)pkcs7->stream->expected; #endif - XMEMCPY(tmpIv, &pkiMsg[idx], length); - idx += length; + XMEMCPY(tmpIv, &pkiMsg[idx], (word32)length); + idx += (word32)length; /* read encryptedContent, cont[0] */ if (ret == 0 && GetASNTag(pkiMsg, &idx, &tag, pkiMsgSz) < 0) ret = ASN_PARSE_E; @@ -14188,7 +14227,7 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz, break; } - if (pkcs7->stream->totalRd + encryptedContentSz < + if (pkcs7->stream->totalRd + (word32)encryptedContentSz < pkcs7->stream->maxLen) { pkcs7->stream->flagOne = 1; } @@ -14217,21 +14256,23 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz, tmpIv = pkcs7->stream->tmpIv; #endif if (ret == 0 && (encryptedContent = (byte*)XMALLOC( - encryptedContentSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7)) == NULL) { + (unsigned int)encryptedContentSz, pkcs7->heap, + DYNAMIC_TYPE_PKCS7)) == NULL) { ret = MEMORY_E; break; } if (ret == 0) { - XMEMCPY(encryptedContent, &pkiMsg[idx], encryptedContentSz); - idx += encryptedContentSz; + XMEMCPY(encryptedContent, &pkiMsg[idx], + (unsigned int)encryptedContentSz); + idx += (word32)encryptedContentSz; /* decrypt encryptedContent */ ret = wc_PKCS7_DecryptContent(pkcs7, (int)encOID, - pkcs7->encryptionKey, pkcs7->encryptionKeySz, tmpIv, - expBlockSz, NULL, 0, NULL, 0, encryptedContent, - encryptedContentSz, encryptedContent, - pkcs7->devId, pkcs7->heap); + pkcs7->encryptionKey, (int)pkcs7->encryptionKeySz, + tmpIv, expBlockSz, NULL, 0, NULL, 0, + encryptedContent, encryptedContentSz, + encryptedContent, pkcs7->devId, pkcs7->heap); if (ret != 0) { XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); } @@ -14248,7 +14289,8 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz, } /* copy plaintext to output */ - XMEMCPY(output, encryptedContent, encryptedContentSz - padLen); + XMEMCPY(output, encryptedContent, + (unsigned int)(encryptedContentSz - padLen)); /* get implicit[1] unprotected attributes, optional */ wc_PKCS7_FreeDecodedAttrib(pkcs7->decodedAttrib, pkcs7->heap); @@ -14351,7 +14393,7 @@ int wc_PKCS7_SetStreamMode(PKCS7* pkcs7, byte flag, return BAD_FUNC_ARG; } #ifdef ASN_BER_TO_DER - pkcs7->encodeStream = flag; + pkcs7->encodeStream = (flag == 1); pkcs7->getContentCb = getContentCb; pkcs7->streamOutCb = streamOutCb; pkcs7->streamCtx = ctx; @@ -14387,7 +14429,7 @@ int wc_PKCS7_SetNoCerts(PKCS7* pkcs7, byte flag) if (pkcs7 == NULL) { return BAD_FUNC_ARG; } - pkcs7->noCerts = flag; + pkcs7->noCerts = (flag == 1); return 0; } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 2971be18ec..cd6c730110 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -2563,7 +2563,7 @@ static wc_test_ret_t _SaveDerAndPem(const byte* der, int derSz, return WC_TEST_RET_ENC(calling_line, 2, WC_TEST_RET_TAG_I); } #ifndef WOLFSSL_NO_MALLOC - pem = (byte*)XMALLOC(pemSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + pem = (byte*)XMALLOC((word32)pemSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (pem == NULL) { return WC_TEST_RET_ENC(calling_line, 3, WC_TEST_RET_TAG_I); } @@ -2572,7 +2572,7 @@ static wc_test_ret_t _SaveDerAndPem(const byte* der, int derSz, return BAD_FUNC_ARG; #endif /* Convert to PEM */ - pemSz = wc_DerToPem(der, (word32)derSz, pem, pemSz, pemType); + pemSz = wc_DerToPem(der, (word32)derSz, pem, (word32)pemSz, pemType); if (pemSz < 0) { XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return WC_TEST_RET_ENC(calling_line, 4, WC_TEST_RET_TAG_I); diff --git a/wolfssl/test.h b/wolfssl/test.h index 888d7f1ae4..0fb23c1962 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -1102,8 +1102,8 @@ static WC_INLINE void ShowX509Ex(WOLFSSL_X509* x509, const char* hdr, * message ready to write once */ strLen = XSNPRINTF(serialMsg, sizeof(serialMsg), " %s", words[3]); for (i = 0; i < sz; i++) - strLen = XSNPRINTF(serialMsg + strLen, sizeof(serialMsg) - strLen, - ":%02x ", serial[i]); + strLen = XSNPRINTF(serialMsg + strLen, + sizeof(serialMsg) - (size_t)strLen, ":%02x ", serial[i]); printf("%s\n", serialMsg); } diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index dd549696d8..219048aad5 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -558,7 +558,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType); #define SetASN_Buffer(dataASN, d, l) \ do { \ (dataASN)->data.buffer.data = d; \ - (dataASN)->data.buffer.length = l; \ + (dataASN)->data.buffer.length = (word32)l; \ } while (0) /* Setup an ASN data item to set the DER encode data in a buffer.