7 files changed, 45 insertions, 44 deletions
diff --git a/src/lib/libssl/d1_srtp.c b/src/lib/libssl/d1_srtp.c
index 4b1b24a3c1..70e9a4f127 100644
--- a/src/lib/libssl/d1_srtp.c
+++ b/src/lib/libssl/d1_srtp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srtp.c,v 1.23 2018/11/09 04:35:09 tb Exp $ */
+/* $OpenBSD: d1_srtp.c,v 1.24 2020/03/16 15:25:13 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -140,7 +140,7 @@ static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
 int
 srtp_find_profile_by_name(char *profile_name, SRTP_PROTECTION_PROFILE **pptr,
-    unsigned len)
+    unsigned int len)
 {
        SRTP_PROTECTION_PROFILE *p;
@@ -159,7 +159,8 @@ srtp_find_profile_by_name(char *profile_name, SRTP_PROTECTION_PROFILE **pptr,
 }
 int
-srtp_find_profile_by_num(unsigned profile_num, SRTP_PROTECTION_PROFILE **pptr)
+srtp_find_profile_by_num(unsigned int profile_num,
+    SRTP_PROTECTION_PROFILE **pptr)
 {
        SRTP_PROTECTION_PROFILE *p;
diff --git a/src/lib/libssl/s3_cbc.c b/src/lib/libssl/s3_cbc.c
index 8ae87d7303..004b92118e 100644
--- a/src/lib/libssl/s3_cbc.c
+++ b/src/lib/libssl/s3_cbc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_cbc.c,v 1.20 2020/03/12 17:09:02 jsing Exp $ */
+/* $OpenBSD: s3_cbc.c,v 1.21 2020/03/16 15:25:13 tb Exp $ */
 /* ====================================================================
 * Copyright (c) 2012 The OpenSSL Project.  All rights reserved.
 *
@@ -73,20 +73,20 @@
 * bits. They use the fact that arithmetic shift shifts-in the sign bit.
 * However, this is not ensured by the C standard so you may need to replace
 * them with something else on odd CPUs. */
-#define DUPLICATE_MSB_TO_ALL(x) ((unsigned)((int)(x) >> (sizeof(int) * 8 - 1)))
+#define DUPLICATE_MSB_TO_ALL(x) ((unsigned int)((int)(x) >> (sizeof(int) * 8 - 1)))
 #define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x)))
 /* constant_time_lt returns 0xff if a<b and 0x00 otherwise. */
-static unsigned
+static unsigned int
-constant_time_lt(unsigned a, unsigned b)
+constant_time_lt(unsigned int a, unsigned int b)
 {
        a -= b;
        return DUPLICATE_MSB_TO_ALL(a);
 }
 /* constant_time_ge returns 0xff if a>=b and 0x00 otherwise. */
-static unsigned
+static unsigned int
-constant_time_ge(unsigned a, unsigned b)
+constant_time_ge(unsigned int a, unsigned int b)
 {
        a -= b;
        return DUPLICATE_MSB_TO_ALL(~a);
@@ -94,9 +94,9 @@ constant_time_ge(unsigned a, unsigned b)
 /* constant_time_eq_8 returns 0xff if a==b and 0x00 otherwise. */
 static unsigned char
-constant_time_eq_8(unsigned a, unsigned b)
+constant_time_eq_8(unsigned int a, unsigned int b)
 {
-        unsigned c = a ^ b;
+        unsigned int c = a ^ b;
        c--;
        return DUPLICATE_MSB_TO_ALL_8(c);
 }
@@ -114,10 +114,10 @@ constant_time_eq_8(unsigned a, unsigned b)
 *  -1: otherwise. */
 int
 tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD_INTERNAL *rec,
-    unsigned block_size, unsigned mac_size)
+    unsigned int block_size, unsigned int mac_size)
 {
-        unsigned padding_length, good, to_check, i;
+        unsigned int padding_length, good, to_check, i;
-        const unsigned overhead = 1 /* padding length byte */ + mac_size;
+        const unsigned int overhead = 1 /* padding length byte */ + mac_size;
        /* Check if version requires explicit IV */
        if (SSL_USE_EXPLICIT_IV(s)) {
@@ -195,7 +195,7 @@ tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD_INTERNAL *rec,
 void
 ssl3_cbc_copy_mac(unsigned char* out, const SSL3_RECORD_INTERNAL *rec,
-    unsigned md_size, unsigned orig_len)
+    unsigned int md_size, unsigned int orig_len)
 {
 #if defined(CBC_MAC_ROTATE_IN_PLACE)
        unsigned char rotated_mac_buf[64 + EVP_MAX_MD_SIZE];
@@ -205,14 +205,14 @@ ssl3_cbc_copy_mac(unsigned char* out, const SSL3_RECORD_INTERNAL *rec,
 #endif
        /* mac_end is the index of |rec->data| just after the end of the MAC. */
-        unsigned mac_end = rec->length;
+        unsigned int mac_end = rec->length;
-        unsigned mac_start = mac_end - md_size;
+        unsigned int mac_start = mac_end - md_size;
        /* scan_start contains the number of bytes that we can ignore because
         * the MAC's position can only vary by 255 bytes. */
-        unsigned scan_start = 0;
+        unsigned int scan_start = 0;
-        unsigned i, j;
+        unsigned int i, j;
-        unsigned div_spoiler;
+        unsigned int div_spoiler;
-        unsigned rotate_offset;
+        unsigned int rotate_offset;
        OPENSSL_assert(orig_len >= md_size);
        OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);
@@ -316,7 +316,7 @@ static void
 tls1_sha256_final_raw(void* ctx, unsigned char *md_out)
 {
        SHA256_CTX *sha256 = ctx;
-        unsigned i;
+        unsigned int i;
        for (i = 0; i < 8; i++) {
                l2n(sha256->h[i], md_out);
@@ -327,7 +327,7 @@ static void
 tls1_sha512_final_raw(void* ctx, unsigned char *md_out)
 {
        SHA512_CTX *sha512 = ctx;
-        unsigned i;
+        unsigned int i;
        for (i = 0; i < 8; i++) {
                l2n8(sha512->h[i], md_out);
@@ -382,7 +382,7 @@ ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out,
    size_t* md_out_size, const unsigned char header[13],
    const unsigned char *data, size_t data_plus_mac_size,
    size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret,
-    unsigned mac_secret_length)
+    unsigned int mac_secret_length)
 {
        union {
                /*
@@ -395,8 +395,8 @@ ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out,
        } md_state;
        void (*md_final_raw)(void *ctx, unsigned char *md_out);
        void (*md_transform)(void *ctx, const unsigned char *block);
-        unsigned md_size, md_block_size = 64;
+        unsigned int md_size, md_block_size = 64;
-        unsigned header_length, variance_blocks,
+        unsigned int header_length, variance_blocks,
        len, max_mac_bytes, num_blocks,
        num_starting_blocks, k, mac_end_offset, c, index_a, index_b;
        unsigned int bits;      /* at most 18 bits */
@@ -405,11 +405,11 @@ ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out,
        unsigned char hmac_pad[MAX_HASH_BLOCK_SIZE];
        unsigned char first_block[MAX_HASH_BLOCK_SIZE];
        unsigned char mac_out[EVP_MAX_MD_SIZE];
-        unsigned i, j, md_out_size_u;
+        unsigned int i, j, md_out_size_u;
        EVP_MD_CTX md_ctx;
        /* mdLengthSize is the number of bytes in the length field that terminates
        * the hash. */
-        unsigned md_length_size = 8;
+        unsigned int md_length_size = 8;
        char length_is_big_endian = 1;
        /* This is a, hopefully redundant, check that allows us to forget about
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 39aa25356c..4370c84cd7 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.170 2020/01/22 07:49:33 beck Exp $ */
+/* $OpenBSD: ssl.h,v 1.171 2020/03/16 15:25:13 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -403,7 +403,7 @@ struct ssl_method_internal_st;
 struct ssl_method_st {
        int (*ssl_dispatch_alert)(SSL *s);
        int (*num_ciphers)(void);
-        const SSL_CIPHER *(*get_cipher)(unsigned ncipher);
+        const SSL_CIPHER *(*get_cipher)(unsigned int ncipher);
        const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
        int (*put_cipher_by_char)(const SSL_CIPHER *cipher, unsigned char *ptr);
@@ -766,7 +766,7 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
    const unsigned char *in, unsigned int inlen, const unsigned char *client,
    unsigned int client_len);
 void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
-    unsigned *len);
+    unsigned int *len);
 #define OPENSSL_NPN_UNSUPPORTED 0
 #define OPENSSL_NPN_NEGOTIATED  1
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index a5a79d76bc..0c9b90be85 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.211 2020/01/26 07:24:47 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.212 2020/03/16 15:25:14 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1530,7 +1530,7 @@ found:
 /* SSL_get0_next_proto_negotiated is deprecated. */
 void
 SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
-    unsigned *len)
+    unsigned int *len)
 {
        *data = NULL;
        *len = 0;
@@ -1637,7 +1637,7 @@ SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx,
 */
 void
 SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
-    unsigned *len)
+    unsigned int *len)
 {
        *data = NULL;
        *len = 0;
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index f7b3868cd6..07240e31a2 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.270 2020/03/13 16:40:42 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.271 2020/03/16 15:25:14 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1372,15 +1372,15 @@ int tls1_check_ec_server_key(SSL *s);
 /* s3_cbc.c */
 void ssl3_cbc_copy_mac(unsigned char *out, const SSL3_RECORD_INTERNAL *rec,
-    unsigned md_size, unsigned orig_len);
+    unsigned int md_size, unsigned int orig_len);
 int tls1_cbc_remove_padding(const SSL *s, SSL3_RECORD_INTERNAL *rec,
-    unsigned block_size, unsigned mac_size);
+    unsigned int block_size, unsigned int mac_size);
 char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
 int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char *md_out,
    size_t *md_out_size, const unsigned char header[13],
    const unsigned char *data, size_t data_plus_mac_size,
    size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret,
-    unsigned mac_secret_length);
+    unsigned int mac_secret_length);
 int SSL_state_func_code(int _state);
 #define SSLerror(s, r) SSL_error_internal(s, r, __FILE__, __LINE__)
@@ -1390,8 +1390,8 @@ void SSL_error_internal(const SSL *s, int r, char *f, int l);
 #ifndef OPENSSL_NO_SRTP
 int srtp_find_profile_by_name(char *profile_name,
-    SRTP_PROTECTION_PROFILE **pptr, unsigned len);
+    SRTP_PROTECTION_PROFILE **pptr, unsigned int len);
-int srtp_find_profile_by_num(unsigned profile_num,
+int srtp_find_profile_by_num(unsigned int profile_num,
    SRTP_PROTECTION_PROFILE **pptr);
 #endif /* OPENSSL_NO_SRTP */
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index 0d1d4f78c7..157dd9895b 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_pkt.c,v 1.23 2020/03/12 17:09:02 jsing Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.24 2020/03/16 15:25:14 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -332,7 +332,7 @@ ssl3_get_record(SSL *s)
        SSL3_RECORD_INTERNAL *rr;
        SSL_SESSION *sess;
        unsigned char md[EVP_MAX_MD_SIZE];
-        unsigned mac_size, orig_len;
+        unsigned int mac_size, orig_len;
        rr = &(S3I(s)->rrec);
        sess = s->session;
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 177ee061ed..2893e1d4dc 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.121 2020/03/13 16:40:42 jsing Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.122 2020/03/16 15:25:14 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -336,7 +336,7 @@ tls1_aead_ctx_init(SSL_AEAD_CTX **aead_ctx)
 static int
 tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key,
-    unsigned key_len, const unsigned char *iv, unsigned iv_len)
+    unsigned int key_len, const unsigned char *iv, unsigned int iv_len)
 {
        const EVP_AEAD *aead = S3I(s)->tmp.new_aead;
        SSL_AEAD_CTX *aead_ctx;