diff --git a/crypto/ec/ec.c b/crypto/ec/ec.c index 570f27e7..ec017667 100644 --- a/crypto/ec/ec.c +++ b/crypto/ec/ec.c @@ -564,7 +564,7 @@ int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *out_p, BIGNUM *out_a, int EC_GROUP_get_curve_name(const EC_GROUP *group) { return group->curve_name; } -int EC_GROUP_get_degree(const EC_GROUP *group) { +unsigned EC_GROUP_get_degree(const EC_GROUP *group) { return ec_GFp_simple_group_get_degree(group); } diff --git a/crypto/ec/internal.h b/crypto/ec/internal.h index 6fdaf41a..459bab59 100644 --- a/crypto/ec/internal.h +++ b/crypto/ec/internal.h @@ -178,7 +178,7 @@ int ec_GFp_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); int ec_GFp_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); -int ec_GFp_simple_group_get_degree(const EC_GROUP *); +unsigned ec_GFp_simple_group_get_degree(const EC_GROUP *); int ec_GFp_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *); int ec_GFp_simple_point_init(EC_POINT *); void ec_GFp_simple_point_finish(EC_POINT *); diff --git a/crypto/ec/simple.c b/crypto/ec/simple.c index 2695fda0..7e611ebf 100644 --- a/crypto/ec/simple.c +++ b/crypto/ec/simple.c @@ -245,7 +245,7 @@ err: return ret; } -int ec_GFp_simple_group_get_degree(const EC_GROUP *group) { +unsigned ec_GFp_simple_group_get_degree(const EC_GROUP *group) { return BN_num_bits(&group->field); } diff --git a/include/openssl/ec.h b/include/openssl/ec.h index b6326461..fe1c89e3 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -144,7 +144,7 @@ OPENSSL_EXPORT int EC_GROUP_get_curve_name(const EC_GROUP *group); /* EC_GROUP_get_degree returns the number of bits needed to represent an * element of the field underlying |group|. */ -OPENSSL_EXPORT int EC_GROUP_get_degree(const EC_GROUP *group); +OPENSSL_EXPORT unsigned EC_GROUP_get_degree(const EC_GROUP *group); /* EC_GROUP_precompute_mult precomputes multiplies of the generator in order to * speed up operations that involve calculating generator multiples. It returns diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 07ce9f3e..13bc0e82 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1566,6 +1566,8 @@ int ssl3_get_server_done(SSL *s) { return 1; } +OPENSSL_COMPILE_ASSERT(sizeof(size_t) >= sizeof(unsigned), + SIZE_T_IS_SMALLER_THAN_UNSIGNED); int ssl3_send_client_key_exchange(SSL *s) { uint8_t *p; @@ -1739,7 +1741,7 @@ int ssl3_send_client_key_exchange(SSL *s) { } else if (alg_k & SSL_kECDHE) { const EC_GROUP *srvr_group = NULL; EC_KEY *tkey; - int field_size = 0, ecdh_len; + int ecdh_len; if (s->s3->tmp.peer_ecdh_tmp == NULL) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); @@ -1772,8 +1774,8 @@ int ssl3_send_client_key_exchange(SSL *s) { goto err; } - field_size = EC_GROUP_get_degree(srvr_group); - if (field_size <= 0) { + unsigned field_size = EC_GROUP_get_degree(srvr_group); + if (field_size == 0) { OPENSSL_PUT_ERROR(SSL, ERR_R_ECDH_LIB); goto err; } diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index c9b81722..fad2d0a9 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1854,7 +1854,7 @@ int ssl3_get_client_key_exchange(SSL *s) { premaster_secret_len = dh_len; } else if (alg_k & SSL_kECDHE) { - int field_size = 0, ecdh_len; + int ecdh_len; const EC_KEY *tkey; const EC_GROUP *group; const BIGNUM *priv_key; @@ -1909,8 +1909,8 @@ int ssl3_get_client_key_exchange(SSL *s) { } /* Allocate a buffer for both the secret and the PSK. */ - field_size = EC_GROUP_get_degree(group); - if (field_size <= 0) { + unsigned field_size = EC_GROUP_get_degree(group); + if (field_size == 0) { OPENSSL_PUT_ERROR(SSL, ERR_R_ECDH_LIB); goto err; }