From 9de64f5af12a37c87c3cd2212c0503d6fa7907bd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Wed, 1 Jul 2015 15:51:43 +0200
Subject: [PATCH] Fix MSVC warnings in library and programs

---
 library/ccm.c              |  6 ++++--
 library/net.c              | 12 ++++++++++--
 library/ssl_srv.c          | 20 +++++++++++++++-----
 library/ssl_tls.c          | 12 ++++++------
 programs/ssl/ssl_client2.c |  2 +-
 programs/ssl/ssl_server2.c |  2 +-
 programs/test/udp_proxy.c  |  2 +-
 7 files changed, 38 insertions(+), 18 deletions(-)

diff --git a/library/ccm.c b/library/ccm.c
index 0727a178b..97c3c2a22 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -143,7 +143,7 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
 {
     int ret;
     unsigned char i;
-    unsigned char q = 16 - 1 - iv_len;
+    unsigned char q;
     size_t len_left, olen;
     unsigned char b[16];
     unsigned char y[16];
@@ -166,6 +166,8 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
     if( add_len > 0xFF00 )
         return( MBEDTLS_ERR_CCM_BAD_INPUT );
 
+    q = 16 - 1 - (unsigned char) iv_len;
+
     /*
      * First block B_0:
      * 0        .. 0        flags
@@ -257,7 +259,7 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
 
     while( len_left > 0 )
     {
-        unsigned char use_len = len_left > 16 ? 16 : len_left;
+        size_t use_len = len_left > 16 ? 16 : len_left;
 
         if( mode == CCM_ENCRYPT )
         {
diff --git a/library/net.c b/library/net.c
index 57ac7cab3..2012aa6be 100644
--- a/library/net.c
+++ b/library/net.c
@@ -74,6 +74,14 @@ static int wsa_init_done = 0;
 
 #endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
 
+/* Some MS functions want int and MSVC warns if we pass size_t,
+ * but the standard fucntions use socklen_t, so cast only for MSVC */
+#if defined(_MSC_VER)
+#define MSVC_INT_CAST   (int)
+#else
+#define MSVC_INT_CAST
+#endif
+
 #include <stdlib.h>
 #include <stdio.h>
 
@@ -150,7 +158,7 @@ int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char
             continue;
         }
 
-        if( connect( ctx->fd, cur->ai_addr, cur->ai_addrlen ) == 0 )
+        if( connect( ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen ) == 0 )
         {
             ret = 0;
             break;
@@ -208,7 +216,7 @@ int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char
             continue;
         }
 
-        if( bind( ctx->fd, cur->ai_addr, cur->ai_addrlen ) != 0 )
+        if( bind( ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen ) != 0 )
         {
             close( ctx->fd );
             ret = MBEDTLS_ERR_NET_BIND_FAILED;
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 96c73d2ad..ea74ac97a 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1022,11 +1022,11 @@ have_ciphersuite_v2:
 static int ssl_parse_client_hello( mbedtls_ssl_context *ssl )
 {
     int ret, got_common_suite;
-    unsigned int i, j;
-    unsigned int ciph_offset, comp_offset, ext_offset;
-    unsigned int msg_len, ciph_len, sess_len, comp_len, ext_len;
+    size_t i, j;
+    size_t ciph_offset, comp_offset, ext_offset;
+    size_t msg_len, ciph_len, sess_len, comp_len, ext_len;
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    unsigned int cookie_offset, cookie_len;
+    size_t cookie_offset, cookie_len;
 #endif
     unsigned char *buf, *p, *ext;
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
@@ -3025,8 +3025,18 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl,
     }
     ssl->handshake->pmslen = 48;
 
-    /* mask = diff ? 0xff : 0x00 */
+    /* mask = diff ? 0xff : 0x00 using bit operations to avoid branches */
+    /* MSVC has a warning about unary minus on unsigned, but this is
+     * well-defined and precisely what we want to do here */
+#if defined(_MSC_VER)
+#pragma warning( push )
+#pragma warning( disable : 4146 )
+#endif
     mask = - ( ( diff | - diff ) >> ( sizeof( unsigned int ) * 8 - 1 ) );
+#if defined(_MSC_VER)
+#pragma warning( pop )
+#endif
+
     for( i = 0; i < ssl->handshake->pmslen; i++ )
         pms[i] = ( mask & fake_pms[i] ) | ( (~mask) & peer_pms[i] );
 
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 529cbeb4c..01fee4b9f 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1614,10 +1614,10 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
         unsigned char add_data[13];
         unsigned char taglen = ssl->transform_in->ciphersuite_info->flags &
                                MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
-        unsigned char explicit_iv_len =  ssl->transform_in->ivlen -
-                                         ssl->transform_in->fixed_ivlen;
+        size_t explicit_iv_len = ssl->transform_in->ivlen -
+                                 ssl->transform_in->fixed_ivlen;
 
-        if( ssl->in_msglen < (size_t) explicit_iv_len + taglen )
+        if( ssl->in_msglen < explicit_iv_len + taglen )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < explicit_iv_len (%d) "
                                 "+ taglen (%d)", ssl->in_msglen,
@@ -5793,7 +5793,7 @@ const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl )
 
 int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
 {
-    int transform_expansion;
+    size_t transform_expansion;
     const mbedtls_ssl_transform *transform = ssl->transform_out;
 
 #if defined(MBEDTLS_ZLIB_SUPPORT)
@@ -5802,7 +5802,7 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
 #endif
 
     if( transform == NULL )
-        return( mbedtls_ssl_hdr_len( ssl ) );
+        return( (int) mbedtls_ssl_hdr_len( ssl ) );
 
     switch( mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ) )
     {
@@ -5822,7 +5822,7 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
             return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
     }
 
-    return( mbedtls_ssl_hdr_len( ssl ) + transform_expansion );
+    return( (int)( mbedtls_ssl_hdr_len( ssl ) + transform_expansion ) );
 }
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 98f8528ae..2933ab32a 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1330,7 +1330,7 @@ send_request:
 
     len = mbedtls_snprintf( (char *) buf, sizeof(buf) - 1, GET_REQUEST,
                     opt.request_page );
-    tail_len = strlen( GET_REQUEST_END );
+    tail_len = (int) strlen( GET_REQUEST_END );
 
     /* Add padding to GET request to reach opt.request_size in length */
     if( opt.request_size != DFL_REQUEST_SIZE &&
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index fb5c42fd9..fdce82dce 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2049,7 +2049,7 @@ data_exchange:
                 unsigned char *larger_buf;
 
                 ori_len = ret;
-                extra_len = mbedtls_ssl_get_bytes_avail( &ssl );
+                extra_len = (int) mbedtls_ssl_get_bytes_avail( &ssl );
 
                 larger_buf = mbedtls_calloc( 1, ori_len + extra_len + 1 );
                 if( larger_buf == NULL )
diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index 76e3b31f8..f6e0cd074 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -491,7 +491,7 @@ int main( int argc, char *argv[] )
      */
     if( opt.seed == 0 )
     {
-        opt.seed = time( NULL );
+        opt.seed = (unsigned int) time( NULL );
         mbedtls_printf( "  . Pseudo-random seed: %u\n", opt.seed );
     }