A general spring-cleaning (in autumn) to fix up signed/unsigned warnings.

I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.

10 files changed, 25 insertions, 23 deletions

diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c
index 1d24dedc91..62e83afb35 100644
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -668,7 +668,7 @@ static int client_master_key(SSL *s)
 		sess->master_key_length=i;
 		if (i > 0)
 			{
-			if (i > sizeof sess->master_key)
+			if (i > (int)sizeof(sess->master_key))
 				{
 				ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
 				SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
@@ -688,7 +688,7 @@ static int client_master_key(SSL *s)
 		else
 			enc=i;
 
-		if (i < enc)
+		if ((int)i < enc)
 			{
 			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
 			SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_CIPHER_TABLE_SRC_ERROR);
@@ -717,7 +717,7 @@ static int client_master_key(SSL *s)
 		d+=enc;
 		karg=sess->key_arg_length;	
 		s2n(karg,p); /* key arg size */
-		if (karg > sizeof sess->key_arg)
+		if (karg > (int)sizeof(sess->key_arg))
 			{
 			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
 			SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
diff --git a/ssl/s2_enc.c b/ssl/s2_enc.c
index d3b144f1c5..12e17bf668 100644
--- a/ssl/s2_enc.c
+++ b/ssl/s2_enc.c
@@ -101,7 +101,7 @@ int ssl2_enc_init(SSL *s, int client)
 	if (ssl2_generate_key_material(s) <= 0)
 		return 0;
 
-	OPENSSL_assert(c->iv_len <= sizeof s->session->key_arg);
+	OPENSSL_assert(c->iv_len <= (int)sizeof(s->session->key_arg));
 	EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]),
 		s->session->key_arg);
 	EVP_DecryptInit_ex(rs,c,NULL,&(s->s2->key_material[(client)?0:num]),
diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c
index 910b9fe097..a0edfb8960 100644
--- a/ssl/s2_lib.c
+++ b/ssl/s2_lib.c
@@ -371,7 +371,7 @@ SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
 	static SSL_CIPHER *sorted[SSL2_NUM_CIPHERS];
 	SSL_CIPHER c,*cp= &c,**cpp;
 	unsigned long id;
-	int i;
+	unsigned int i;
 
 	if (init)
 		{
@@ -437,7 +437,8 @@ int ssl2_generate_key_material(SSL *s)
 	EVP_MD_CTX_init(&ctx);
 	km=s->s2->key_material;
 
- 	if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key)
+ 	if (s->session->master_key_length < 0 ||
+			s->session->master_key_length > (int)sizeof(s->session->master_key))
  		{
  		SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
  		return 0;
@@ -445,7 +446,8 @@ int ssl2_generate_key_material(SSL *s)
 
 	for (i=0; i<s->s2->key_material_length; i += EVP_MD_size(md5))
 		{
-		if (((km - s->s2->key_material) + EVP_MD_size(md5)) > sizeof s->s2->key_material)
+		if (((km - s->s2->key_material) + EVP_MD_size(md5)) >
+				(int)sizeof(s->s2->key_material))
 			{
 			/* EVP_DigestFinal_ex() below would write beyond buffer */
 			SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
@@ -456,7 +458,7 @@ int ssl2_generate_key_material(SSL *s)
 
 		OPENSSL_assert(s->session->master_key_length >= 0
 		    && s->session->master_key_length
-		    < sizeof s->session->master_key);
+		    < (int)sizeof(s->session->master_key));
 		EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
 		EVP_DigestUpdate(&ctx,&c,1);
 		c++;
@@ -495,7 +497,7 @@ void ssl2_write_error(SSL *s)
 
 	error=s->error; /* number of bytes left to write */
 	s->error=0;
-	OPENSSL_assert(error >= 0 && error <= sizeof buf);
+	OPENSSL_assert(error >= 0 && error <= (int)sizeof(buf));
 	i=ssl2_write(s,&(buf[3-error]),error);
 
 /*	if (i == error) s->rwstate=state; */
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index b27a1deaa7..6b29f04701 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -582,7 +582,7 @@ static int ssl3_client_hello(SSL *s)
 		*(p++)=i;
 		if (i != 0)
 			{
-			if (i > sizeof s->session->session_id)
+			if (i > (int)sizeof(s->session->session_id))
 				{
 				SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
 				goto err;
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 559924d368..56e274fe2a 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -139,7 +139,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
 	EVP_MD_CTX s1;
 	unsigned char buf[16],smd[SHA_DIGEST_LENGTH];
 	unsigned char c='A';
-	int i,j,k;
+	unsigned int i,j,k;
 
 #ifdef CHARSET_EBCDIC
 	c = os_toascii[c]; /*'A' in ASCII */
@@ -147,7 +147,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
 	k=0;
 	EVP_MD_CTX_init(&m5);
 	EVP_MD_CTX_init(&s1);
-	for (i=0; i<num; i+=MD5_DIGEST_LENGTH)
+	for (i=0; (int)i<num; i+=MD5_DIGEST_LENGTH)
 		{
 		k++;
 		if (k > sizeof buf)
@@ -172,7 +172,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
 		EVP_DigestUpdate(&m5,s->session->master_key,
 			s->session->master_key_length);
 		EVP_DigestUpdate(&m5,smd,SHA_DIGEST_LENGTH);
-		if ((i+MD5_DIGEST_LENGTH) > num)
+		if ((int)(i+MD5_DIGEST_LENGTH) > num)
 			{
 			EVP_DigestFinal_ex(&m5,smd,NULL);
 			memcpy(km,smd,(num-i));
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 2145385ccd..6c208ccfc1 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -1914,7 +1914,7 @@ SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
 	static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS];
 	SSL_CIPHER c,*cp= &c,**cpp;
 	unsigned long id;
-	int i;
+	unsigned int i;
 
 	if (init)
 		{
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index bd0624be38..abb03ca585 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1016,7 +1016,7 @@ static int ssl3_send_server_hello(SSL *s)
 			s->session->session_id_length=0;
 
 		sl=s->session->session_id_length;
-		if (sl > sizeof s->session->session_id)
+		if (sl > (int)sizeof(s->session->session_id))
 			{
 			SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
 			return -1;
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 16bc11b559..f5d3c135bb 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -295,11 +295,11 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
 
 	if (os.length > i)
 		os.length = i;
-	if (os.length > sizeof ret->session_id) /* can't happen */
-		os.length = sizeof ret->session_id;
+	if (os.length > (int)sizeof(ret->session_id)) /* can't happen */
+		os.length = sizeof(ret->session_id);
 
 	ret->session_id_length=os.length;
-	OPENSSL_assert(os.length <= sizeof ret->session_id);
+	OPENSSL_assert(os.length <= (int)sizeof(ret->session_id));
 	memcpy(ret->session_id,os.data,os.length);
 
 	M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 144b90dd17..ad56b7bf70 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -794,7 +794,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
 			}
 		
 		r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,dstruct->d_name);
-		if (r <= 0 || r >= sizeof buf)
+		if (r <= 0 || r >= (int)sizeof(buf))
 			goto err;
 		if(!SSL_add_file_cert_subjects_to_stack(stack,buf))
 			goto err;
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index 82c3b8d89c..5aadfa51d0 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -1350,8 +1350,8 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count)
 			{
 			if (c_write)
 				{
-				j=(cw_num > (long)sizeof(cbuf))
-					?sizeof(cbuf):(int)cw_num;
+				j = (cw_num > (long)sizeof(cbuf)) ?
+					(int)sizeof(cbuf) : (int)cw_num;
 				i=BIO_write(c_bio,cbuf,j);
 				if (i < 0)
 					{
@@ -1481,8 +1481,8 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count)
 				}
 			else
 				{
-				j=(sw_num > (long)sizeof(sbuf))?
-					sizeof(sbuf):(int)sw_num;
+				j = (sw_num > (long)sizeof(sbuf)) ?
+					(int)sizeof(sbuf) : (int)sw_num;
 				i=BIO_write(s_bio,sbuf,j);
 				if (i < 0)
 					{