[openssl] master update

shane.lontis at oracle.com shane.lontis at oracle.com
Thu Sep 5 01:26:36 UTC 2019


The branch master has been updated
       via  1c3ace6898032b7b45d8106ba4e0d21d75b0997e (commit)
      from  bc5a80910dccbc1e417f96bb7f0a3814d3ad5a4d (commit)


- Log -----------------------------------------------------------------
commit 1c3ace6898032b7b45d8106ba4e0d21d75b0997e
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Thu Sep 5 11:23:57 2019 +1000

    Change provider params from int to size_t
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/9699)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/evp_enc.c                               | 32 +++++-----
 crypto/evp/evp_lib.c                               | 70 ++++++++++++----------
 crypto/evp/pmeth_lib.c                             |  3 +-
 doc/man3/EVP_PKEY_CTX_ctrl.pod                     |  2 +-
 doc/man7/provider-cipher.pod                       | 22 +++----
 doc/man7/provider-digest.pod                       |  6 +-
 doc/man7/provider-keyexch.pod                      |  2 +-
 include/openssl/core_names.h                       | 50 ++++++++--------
 include/openssl/mdc2.h                             |  2 +-
 providers/common/ciphers/cipher_ccm.c              |  4 +-
 providers/common/ciphers/cipher_common.c           | 58 +++++++++---------
 providers/common/ciphers/cipher_gcm.c              | 28 +++++----
 providers/common/ciphers/cipher_gcm_hw.c           |  2 +-
 providers/common/ciphers/cipher_locl.h             |  8 +--
 providers/common/digests/digest_common.c           | 13 ++--
 providers/common/exchange/dh_exch.c                | 10 ++--
 .../common/include/internal/ciphers/cipher_aead.h  |  2 +
 .../common/include/internal/ciphers/cipher_ccm.h   | 22 +++----
 .../common/include/internal/ciphers/cipher_gcm.h   | 30 +++++-----
 .../common/include/internal/ciphers/ciphercommon.h | 25 ++++----
 providers/common/include/internal/digestcommon.h   |  2 +-
 providers/legacy/digests/mdc2_prov.c               |  4 +-
 test/mdc2test.c                                    |  7 ++-
 23 files changed, 209 insertions(+), 195 deletions(-)

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 96dc83b2a0..466a03dbf3 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -986,8 +986,9 @@ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
 {
     int ok;
     OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
+    size_t len = keylen;
 
-    params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_KEYLEN, &keylen);
+    params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &len);
     ok = evp_do_ciph_ctx_setparams(c->cipher, c->provctx, params);
 
     if (ok != EVP_CTRL_RET_UNSUPPORTED)
@@ -1010,13 +1011,14 @@ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
 {
     int ok;
     OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
+    unsigned int pd = pad;
 
     if (pad)
         ctx->flags &= ~EVP_CIPH_NO_PADDING;
     else
         ctx->flags |= EVP_CIPH_NO_PADDING;
 
-    params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_PADDING, &pad);
+    params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_PADDING, &pd);
     ok = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params);
 
     return ok != 0;
@@ -1026,7 +1028,7 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
 {
     int ret = EVP_CTRL_RET_UNSUPPORTED;
     int set_params = 1;
-    size_t sz;
+    size_t sz = arg;
     OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
 
     if (ctx == NULL || ctx->cipher == NULL) {
@@ -1039,13 +1041,13 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
 
     switch (type) {
     case EVP_CTRL_SET_KEY_LENGTH:
-        params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_KEYLEN, &arg);
+        params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &sz);
         break;
     case EVP_CTRL_RAND_KEY:      /* Used by DES */
         set_params = 0;
         params[0] =
             OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_RANDOM_KEY,
-                                              ptr, (size_t)arg);
+                                              ptr, sz);
         break;
 
     case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS: /* Used by DASYNC */
@@ -1055,35 +1057,29 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
     case EVP_CTRL_GET_IV:
         set_params = 0;
         params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV,
-                                                      ptr, (size_t)arg);
+                                                      ptr, sz);
         break;
     case EVP_CTRL_AEAD_SET_IVLEN:
         if (arg < 0)
             return 0;
-        sz = (size_t)arg;
-        params[0] =
-            OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, &sz);
+        params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &sz);
         break;
     case EVP_CTRL_GCM_SET_IV_FIXED:
         params[0] =
             OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED,
-                                              ptr, (size_t)arg);
-        break;
-    case EVP_CTRL_AEAD_SET_TAG:
-        params[0] =
-            OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
-                                              ptr, (size_t)arg);
+                                              ptr, sz);
         break;
     case EVP_CTRL_AEAD_GET_TAG:
-        set_params = 0;
+        set_params = 0; /* Fall thru */
+    case EVP_CTRL_AEAD_SET_TAG:
         params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
-                                                      ptr, (size_t)arg);
+                                                      ptr, sz);
         break;
     case EVP_CTRL_AEAD_TLS1_AAD:
         /* This one does a set and a get - since it returns a padding size */
         params[0] =
             OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD,
-                                              ptr, (size_t)arg);
+                                              ptr, sz);
         ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params);
         if (ret <= 0)
             return ret;
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index b5b39a7f2d..acb90f222b 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -218,13 +218,14 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx)
 
 int EVP_CIPHER_block_size(const EVP_CIPHER *cipher)
 {
-    int ok, v = cipher->block_size;
+    int ok;
+    size_t v = cipher->block_size;
     OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
 
-    params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_BLOCK_SIZE, &v);
+    params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_BLOCK_SIZE, &v);
     ok = evp_do_ciph_getparams(cipher, params);
 
-    return ok != 0 ? v : EVP_CTRL_RET_UNSUPPORTED;
+    return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED;
 }
 
 int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
@@ -304,31 +305,33 @@ void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data)
 
 int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
 {
-    int ok, v = cipher->iv_len;
+    int ok;
+    size_t v = cipher->iv_len;
     OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
 
-    params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_IVLEN, &v);
+    params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &v);
     ok = evp_do_ciph_getparams(cipher, params);
 
-    return ok != 0 ? v : EVP_CTRL_RET_UNSUPPORTED;
+    return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED;
 }
 
 int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
 {
-    int len, rv, v = EVP_CIPHER_iv_length(ctx->cipher);
+    int rv;
+    size_t len, v = EVP_CIPHER_iv_length(ctx->cipher);
     OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
 
-    params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_IVLEN, &v);
+    params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &v);
     rv = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
     if (rv == EVP_CTRL_RET_UNSUPPORTED)
         goto legacy;
-    return rv != 0 ? v : -1;
+    return rv != 0 ? (int)v : -1;
     /* TODO (3.0) Remove legacy support */
 legacy:
     if ((EVP_CIPHER_flags(ctx->cipher) & EVP_CIPH_CUSTOM_IV_LENGTH) != 0) {
         rv = EVP_CIPHER_CTX_ctrl((EVP_CIPHER_CTX *)ctx, EVP_CTRL_GET_IVLEN,
                                  0, &len);
-        return (rv == 1) ? len : -1;
+        return (rv == 1) ? (int)len : -1;
     }
     return v;
 }
@@ -376,48 +379,52 @@ unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx)
 
 int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx)
 {
-    int ok, v = ctx->num;
+    int ok;
+    unsigned int v = (unsigned int)ctx->num;
     OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
 
-    params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_NUM, &v);
+    params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_NUM, &v);
     ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
 
-    return ok != 0 ? v : EVP_CTRL_RET_UNSUPPORTED;
+    return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED;
 }
 
 int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num)
 {
     int ok;
+    unsigned int n = (unsigned int)num;
     OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
 
-    params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_NUM, &num);
+    params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_NUM, &n);
     ok = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params);
 
     if (ok != 0)
-        ctx->num = num;
+        ctx->num = (int)n;
     return ok != 0;
 }
 
 int EVP_CIPHER_key_length(const EVP_CIPHER *cipher)
 {
-    int ok, v = cipher->key_len;
+    int ok;
+    size_t v = cipher->key_len;
     OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
 
-    params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_KEYLEN, &v);
+    params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &v);
     ok = evp_do_ciph_getparams(cipher, params);
 
-    return ok != 0 ? v : EVP_CTRL_RET_UNSUPPORTED;
+    return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED;
 }
 
 int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
 {
-    int ok, v = ctx->key_len;
+    int ok;
+    size_t v = ctx->key_len;
     OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
 
-    params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_KEYLEN, &v);
+    params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &v);
     ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
 
-    return ok != 0 ? v : EVP_CTRL_RET_UNSUPPORTED;
+    return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED;
 }
 
 int EVP_CIPHER_nid(const EVP_CIPHER *cipher)
@@ -448,13 +455,14 @@ const OSSL_PROVIDER *EVP_CIPHER_provider(const EVP_CIPHER *cipher)
 
 int EVP_CIPHER_mode(const EVP_CIPHER *cipher)
 {
-    int ok, v = EVP_CIPHER_flags(cipher) & EVP_CIPH_MODE;
+    int ok;
+    unsigned int v = EVP_CIPHER_flags(cipher) & EVP_CIPH_MODE;
     OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
 
-    params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_MODE, &v);
+    params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_MODE, &v);
     ok = evp_do_ciph_getparams(cipher, params);
 
-    return ok != 0 ? v : 0;
+    return ok != 0 ? (int)v : 0;
 }
 
 const char *EVP_MD_name(const EVP_MD *md)
@@ -475,7 +483,8 @@ const OSSL_PROVIDER *EVP_MD_provider(const EVP_MD *md)
 
 int EVP_MD_block_size(const EVP_MD *md)
 {
-    int ok, v = md->block_size;
+    int ok;
+    size_t v = md->block_size;
     OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
 
     if (md == NULL) {
@@ -483,10 +492,10 @@ int EVP_MD_block_size(const EVP_MD *md)
         return -1;
     }
 
-    params[0] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_BLOCK_SIZE, &v);
+    params[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_BLOCK_SIZE, &v);
     ok = evp_do_md_getparams(md, params);
 
-    return ok != 0 ? v : -1;
+    return ok != 0 ? (int)v : -1;
 }
 
 int EVP_MD_type(const EVP_MD *md)
@@ -501,7 +510,8 @@ int EVP_MD_pkey_type(const EVP_MD *md)
 
 int EVP_MD_size(const EVP_MD *md)
 {
-    int ok, v = md->md_size;
+    int ok;
+    size_t v = md->md_size;
     OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
 
     if (md == NULL) {
@@ -509,10 +519,10 @@ int EVP_MD_size(const EVP_MD *md)
         return -1;
     }
 
-    params[0] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_SIZE, &v);
+    params[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_SIZE, &v);
     ok = evp_do_md_getparams(md, params);
 
-    return ok != 0 ? v : -1;
+    return ok != 0 ? (int)v : -1;
 }
 
 unsigned long EVP_MD_flags(const EVP_MD *md)
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 31b4ae4411..d2b28f825b 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -409,13 +409,14 @@ int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
 int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad)
 {
     OSSL_PARAM dh_pad_params[2];
+    unsigned int upad = pad;
 
     /* TODO(3.0): Remove this eventually when no more legacy */
     if (ctx->exchprovctx == NULL)
         return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_DERIVE,
                                  EVP_PKEY_CTRL_DH_PAD, pad, NULL);
 
-    dh_pad_params[0] = OSSL_PARAM_construct_int(OSSL_EXCHANGE_PARAM_PAD, &pad);
+    dh_pad_params[0] = OSSL_PARAM_construct_uint(OSSL_EXCHANGE_PARAM_PAD, &upad);
     dh_pad_params[1] = OSSL_PARAM_construct_end();
 
     return EVP_PKEY_CTX_set_params(ctx, dh_pad_params);
diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod
index 369fc0f9d0..1787e19ab7 100644
--- a/doc/man3/EVP_PKEY_CTX_ctrl.pod
+++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod
@@ -153,7 +153,7 @@ The parameters currently supported by the default provider are:
 
 =over 4
 
-=item OSSL_EXCHANGE_PARAM_PAD (int type)
+=item OSSL_EXCHANGE_PARAM_PAD (uint type)
 
 Sets the DH padding mode.
 If B<OSSL_EXCHANGE_PARAM_PAD> is 1 then the  shared secret is padded with zeroes
diff --git a/doc/man7/provider-cipher.pod b/doc/man7/provider-cipher.pod
index 040a34c126..1b7dff8f76 100644
--- a/doc/man7/provider-cipher.pod
+++ b/doc/man7/provider-cipher.pod
@@ -39,7 +39,7 @@ provider-cipher - The cipher library E<lt>-E<gt> provider functions
  /* Cipher parameter descriptors */
  const OSSL_PARAM *OP_cipher_gettable_params(void);
 
- /* Cipheroperation parameter descriptors */
+ /* Cipher operation parameter descriptors */
  const OSSL_PARAM *OP_cipher_gettable_ctx_params(void);
  const OSSL_PARAM *OP_cipher_settable_ctx_params(void);
 
@@ -111,7 +111,7 @@ OP_cipher_newctx() should create and return a pointer to a provider side
 structure for holding context information during a cipher operation.
 A pointer to this context will be passed back in a number of the other cipher
 operation function calls.
-The paramater B<provctx> is the provider context generated during provider
+The parameter B<provctx> is the provider context generated during provider
 initialisation (see L<provider(3)>).
 
 OP_cipher_freectx() is passed a pointer to the provider side cipher context in
@@ -124,7 +124,7 @@ B<cctx> parameter and return the duplicate copy.
 =head2 Encryption/Decryption Functions
 
 OP_cipher_encrypt_init() initialises a cipher operation for encryption given a
-newly created provider side cipher context in the B<cctx> paramter.
+newly created provider side cipher context in the B<cctx> parameter.
 The key to be used is given in B<key> which is B<keylen> bytes long.
 The IV to be used is given in B<iv> which is B<ivlen> bytes long.
 
@@ -158,7 +158,7 @@ The same expectations apply to B<outsize> as documented for
 L<EVP_EncryptFinal(3)> and L<EVP_DecryptFinal(3)>.
 
 OP_cipher_cipher() performs encryption/decryption using the provider side cipher
-context in the B<cctx> paramter that should have been previously initialised via
+context in the B<cctx> parameter that should have been previously initialised via
 a call to OP_cipher_encrypt_init() or OP_cipher_decrypt_init.
 This should call the raw underlying cipher function without any padding.
 This will be invoked in the provider as a result of the application calling
@@ -197,18 +197,18 @@ parameters are relevant to, or are understood by all ciphers:
 
 =over 4
 
-=item B<OSSL_CIPHER_PARAM_PADDING> (int)
+=item B<OSSL_CIPHER_PARAM_PADDING> (uint)
 
 Sets the padding mode for the associated cipher ctx.
 Setting a value of 1 will turn padding on.
-Setting a vlue of 0 will turn padding off.
+Setting a value of 0 will turn padding off.
 
-=item B<OSSL_CIPHER_PARAM_MODE> (int)
+=item B<OSSL_CIPHER_PARAM_MODE> (uint)
 
 Gets the mode for the associated cipher algorithm.
 See L<EVP_CIPHER_mode(3)> for a list of valid modes.
 
-=item B<OSSL_CIPHER_PARAM_BLOCK_SIZE> (int)
+=item B<OSSL_CIPHER_PARAM_BLOCK_SIZE> (size_t)
 
 Gets the block size for the associated cipher algorithm.
 The block size should be 1 for stream ciphers.
@@ -223,13 +223,13 @@ Gets any flags for the associated cipher algorithm.
 See L<EVP_CIPHER_meth_set_flags(3)> for a list of currently defined cipher
 flags.
 
-=item B<OSSL_CIPHER_PARAM_KEYLEN> (int)
+=item B<OSSL_CIPHER_PARAM_KEYLEN> (size_t)
 
 Gets the key length for the associated cipher algorithm.
 This can also be used to get or set the key length for the associated cipher
 ctx.
 
-=item B<OSSL_CIPHER_PARAM_IVLEN> (int)
+=item B<OSSL_CIPHER_PARAM_IVLEN> (size_t)
 
 Gets the IV length for the associated cipher algorithm.
 
@@ -237,7 +237,7 @@ Gets the IV length for the associated cipher algorithm.
 
 Gets the IV for the associated cipher ctx.
 
-=item B<OSSL_CIPHER_PARAM_NUM> (int)
+=item B<OSSL_CIPHER_PARAM_NUM> (uint)
 
 Gets or sets the cipher specific "num" parameter for the associated cipher ctx.
 Built-in ciphers typically use this to track how much of the current underlying
diff --git a/doc/man7/provider-digest.pod b/doc/man7/provider-digest.pod
index 31d3516def..3d7808452c 100644
--- a/doc/man7/provider-digest.pod
+++ b/doc/man7/provider-digest.pod
@@ -164,11 +164,11 @@ by all digests:
 
 =over 4
 
-=item B<OSSL_DIGEST_PARAM_BLOCK_SIZE> (int)
+=item B<OSSL_DIGEST_PARAM_BLOCK_SIZE> (size_t)
 
 The digest block size.
 
-=item B<OSSL_DIGEST_PARAM_SIZE> (int)
+=item B<OSSL_DIGEST_PARAM_SIZE> (size_t)
 
 The digest output size.
 
@@ -243,7 +243,7 @@ section 5.6.8.
 The next call after setting this parameter will be OP_digest_final().
 This is only relevant for implementations of SHA1 or MD5_SHA1.
 
-=item B<OSSL_DIGEST_PARAM_PAD_TYPE> (int)
+=item B<OSSL_DIGEST_PARAM_PAD_TYPE> (uint)
 
 Sets the pad type to be used.
 The only built-in digest that uses this is MDC2.
diff --git a/doc/man7/provider-keyexch.pod b/doc/man7/provider-keyexch.pod
index 875d6e267e..71830c12c6 100644
--- a/doc/man7/provider-keyexch.pod
+++ b/doc/man7/provider-keyexch.pod
@@ -138,7 +138,7 @@ algorithms:
 
 =over 4
 
-=item B<OSSL_EXCHANGE_PARAM_PAD> (int)
+=item B<OSSL_EXCHANGE_PARAM_PAD> (uint)
 
 Sets the padding mode for the associated key exchange ctx.
 Setting a value of 1 will turn padding on.
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index 448bc50e8a..2fe06dc272 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -41,50 +41,50 @@ extern "C" {
 #define OSSL_PROV_PARAM_MODULE_FILENAME "module-filename"
 
 /* cipher parameters */
-#define OSSL_CIPHER_PARAM_PADDING   "padding"    /* int */
-#define OSSL_CIPHER_PARAM_MODE      "mode"       /* int */
-#define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize" /* int */
+#define OSSL_CIPHER_PARAM_PADDING   "padding"    /* uint */
+#define OSSL_CIPHER_PARAM_MODE      "mode"       /* uint */
+#define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize" /* size_t */
 #define OSSL_CIPHER_PARAM_FLAGS     "flags"      /* ulong */
-#define OSSL_CIPHER_PARAM_KEYLEN    "keylen"     /* int */
-#define OSSL_CIPHER_PARAM_IVLEN     "ivlen"      /* int */
+#define OSSL_CIPHER_PARAM_KEYLEN    "keylen"     /* size_t */
+#define OSSL_CIPHER_PARAM_IVLEN     "ivlen"      /* size_t */
 #define OSSL_CIPHER_PARAM_IV        "iv"         /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_NUM       "num"        /* int */
+#define OSSL_CIPHER_PARAM_NUM       "num"        /* uint */
 #define OSSL_CIPHER_PARAM_AEAD_TAG           "tag"        /* octet_string */
 #define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD      "tlsaad"     /* octet_string */
 #define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD  "tlsaadpad"  /* size_t */
 #define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed" /* octet_string */
-#define OSSL_CIPHER_PARAM_AEAD_IVLEN         "aeadivlen"  /* size_t */
+#define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN
 #define OSSL_CIPHER_PARAM_RANDOM_KEY         "randkey"    /* octet_string */
 
 /* digest parameters */
-#define OSSL_DIGEST_PARAM_XOFLEN    "xoflen"
-#define OSSL_DIGEST_PARAM_SSL3_MS   "ssl3-ms"
-#define OSSL_DIGEST_PARAM_PAD_TYPE  "pad_type"
-#define OSSL_DIGEST_PARAM_MICALG    "micalg"
-#define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize" /* OSSL_PARAM_INTEGER */
-#define OSSL_DIGEST_PARAM_SIZE      "size" /* OSSL_PARAM_INTEGER */
-#define OSSL_DIGEST_PARAM_FLAGS     "flags" /* OSSL_PARAM_UNSIGNED_INTEGER */
+#define OSSL_DIGEST_PARAM_XOFLEN     "xoflen"    /* size_t */
+#define OSSL_DIGEST_PARAM_SSL3_MS    "ssl3-ms"   /* octet string */
+#define OSSL_DIGEST_PARAM_PAD_TYPE   "pad_type"  /* uint */
+#define OSSL_DIGEST_PARAM_MICALG     "micalg"    /* utf8 string */
+#define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize" /* size_t */
+#define OSSL_DIGEST_PARAM_SIZE       "size"      /* size_t */
+#define OSSL_DIGEST_PARAM_FLAGS      "flags"     /* ulong */
 
 /* Known DIGEST names (not a complete list) */
 #define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK_KMAC128"
 #define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK_KMAC256"
 
 /* MAC parameters */
-#define OSSL_MAC_PARAM_KEY          "key"       /* octet string */
-#define OSSL_MAC_PARAM_IV           "iv"        /* octet string */
-#define OSSL_MAC_PARAM_CUSTOM       "custom"    /* utf8 string */
-#define OSSL_MAC_PARAM_SALT         "salt"      /* octet string */
-#define OSSL_MAC_PARAM_XOF          "xof"       /* int, 0 or 1 */
-#define OSSL_MAC_PARAM_FLAGS        "flags"     /* int */
+#define OSSL_MAC_PARAM_KEY          "key"        /* octet string */
+#define OSSL_MAC_PARAM_IV           "iv"         /* octet string */
+#define OSSL_MAC_PARAM_CUSTOM       "custom"     /* utf8 string */
+#define OSSL_MAC_PARAM_SALT         "salt"       /* octet string */
+#define OSSL_MAC_PARAM_XOF          "xof"        /* int, 0 or 1 */
+#define OSSL_MAC_PARAM_FLAGS        "flags"      /* int */
 /*
  * If "engine" or "properties" are specified, they should always be paired
  * with "cipher" or "digest".
  */
-#define OSSL_MAC_PARAM_CIPHER       "cipher"    /* utf8 string */
-#define OSSL_MAC_PARAM_DIGEST       "digest"    /* utf8 string */
-#define OSSL_MAC_PARAM_ENGINE       "engine"    /* utf8 string */
+#define OSSL_MAC_PARAM_CIPHER       "cipher"     /* utf8 string */
+#define OSSL_MAC_PARAM_DIGEST       "digest"     /* utf8 string */
+#define OSSL_MAC_PARAM_ENGINE       "engine"     /* utf8 string */
 #define OSSL_MAC_PARAM_PROPERTIES   "properties" /* utf8 string */
-#define OSSL_MAC_PARAM_SIZE         "size"      /* size_t */
+#define OSSL_MAC_PARAM_SIZE         "size"       /* size_t */
 
 /* Known MAC names (not a complete list) */
 #define OSSL_MAC_NAME_CMAC          "CMAC"
@@ -103,7 +103,7 @@ extern "C" {
 
 /* Key Exchange parameters */
 
-#define OSSL_EXCHANGE_PARAM_PAD           "exchange-pad"
+#define OSSL_EXCHANGE_PARAM_PAD      "exchange-pad" /* uint */
 
 # ifdef __cplusplus
 }
diff --git a/include/openssl/mdc2.h b/include/openssl/mdc2.h
index a26a3c0f06..576695cf7b 100644
--- a/include/openssl/mdc2.h
+++ b/include/openssl/mdc2.h
@@ -26,7 +26,7 @@ typedef struct mdc2_ctx_st {
     unsigned int num;
     unsigned char data[MDC2_BLOCK];
     DES_cblock h, hh;
-    int pad_type;               /* either 1 or 2, default 1 */
+    unsigned int pad_type;   /* either 1 or 2, default 1 */
 } MDC2_CTX;
 
 int MDC2_Init(MDC2_CTX *c);
diff --git a/providers/common/ciphers/cipher_ccm.c b/providers/common/ciphers/cipher_ccm.c
index 211b64f768..8970b02670 100644
--- a/providers/common/ciphers/cipher_ccm.c
+++ b/providers/common/ciphers/cipher_ccm.c
@@ -143,7 +143,7 @@ int ccm_get_ctx_params(void *vctx, OSSL_PARAM params[])
     OSSL_PARAM *p;
 
     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
-    if (p != NULL && !OSSL_PARAM_set_int(p, ccm_get_ivlen(ctx))) {
+    if (p != NULL && !OSSL_PARAM_set_size_t(p, ccm_get_ivlen(ctx))) {
         ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
         return 0;
     }
@@ -161,7 +161,7 @@ int ccm_get_ctx_params(void *vctx, OSSL_PARAM params[])
     }
 
     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
-    if (p != NULL && !OSSL_PARAM_set_int(p, ctx->keylen)) {
+    if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->keylen)) {
         ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
         return 0;
     }
diff --git a/providers/common/ciphers/cipher_common.c b/providers/common/ciphers/cipher_common.c
index 5abd2c0010..de67fc1341 100644
--- a/providers/common/ciphers/cipher_common.c
+++ b/providers/common/ciphers/cipher_common.c
@@ -19,10 +19,11 @@
  * Generic cipher functions for OSSL_PARAM gettables and settables
  */
 static const OSSL_PARAM cipher_known_gettable_params[] = {
-    OSSL_PARAM_int(OSSL_CIPHER_PARAM_MODE, NULL),
-    OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL),
-    OSSL_PARAM_int(OSSL_CIPHER_PARAM_IVLEN, NULL),
-    OSSL_PARAM_int(OSSL_CIPHER_PARAM_BLOCK_SIZE, NULL),
+    OSSL_PARAM_uint(OSSL_CIPHER_PARAM_MODE, NULL),
+    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
+    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
+    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_BLOCK_SIZE, NULL),
+    OSSL_PARAM_ulong(OSSL_CIPHER_PARAM_FLAGS, NULL),
     OSSL_PARAM_END
 };
 const OSSL_PARAM *cipher_generic_gettable_params(void)
@@ -30,13 +31,14 @@ const OSSL_PARAM *cipher_generic_gettable_params(void)
     return cipher_known_gettable_params;
 }
 
-int cipher_generic_get_params(OSSL_PARAM params[], int md, unsigned long flags,
-                              int kbits, int blkbits, int ivbits)
+int cipher_generic_get_params(OSSL_PARAM params[], unsigned int md,
+                              unsigned long flags,
+                              size_t kbits, size_t blkbits, size_t ivbits)
 {
     OSSL_PARAM *p;
 
     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_MODE);
-    if (p != NULL && !OSSL_PARAM_set_int(p, md)) {
+    if (p != NULL && !OSSL_PARAM_set_uint(p, md)) {
         ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
         return 0;
     }
@@ -46,17 +48,17 @@ int cipher_generic_get_params(OSSL_PARAM params[], int md, unsigned long flags,
         return 0;
     }
     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
-    if (p != NULL && !OSSL_PARAM_set_int(p, kbits / 8)) {
+    if (p != NULL && !OSSL_PARAM_set_size_t(p, kbits / 8)) {
         ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
         return 0;
     }
     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_BLOCK_SIZE);
-    if (p != NULL && !OSSL_PARAM_set_int(p, blkbits / 8)) {
+    if (p != NULL && !OSSL_PARAM_set_size_t(p, blkbits / 8)) {
         ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
         return 0;
     }
     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
-    if (p != NULL && !OSSL_PARAM_set_int(p, ivbits / 8)) {
+    if (p != NULL && !OSSL_PARAM_set_size_t(p, ivbits / 8)) {
         ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
         return 0;
     }
@@ -67,9 +69,9 @@ CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(cipher_generic)
 CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(cipher_generic)
 
 static const OSSL_PARAM cipher_known_settable_ctx_params[] = {
-    OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL),
-    OSSL_PARAM_int(OSSL_CIPHER_PARAM_PADDING, NULL),
-    OSSL_PARAM_int(OSSL_CIPHER_PARAM_NUM, NULL),
+    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
+    OSSL_PARAM_uint(OSSL_CIPHER_PARAM_PADDING, NULL),
+    OSSL_PARAM_uint(OSSL_CIPHER_PARAM_NUM, NULL),
     OSSL_PARAM_END
 };
 const OSSL_PARAM *cipher_generic_settable_ctx_params(void)
@@ -81,8 +83,8 @@ const OSSL_PARAM *cipher_generic_settable_ctx_params(void)
  * AEAD cipher functions for OSSL_PARAM gettables and settables
  */
 static const OSSL_PARAM cipher_aead_known_gettable_ctx_params[] = {
-    OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL),
-    OSSL_PARAM_int(OSSL_CIPHER_PARAM_IVLEN, NULL),
+    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
+    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
     OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
     OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
     OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL),
@@ -94,7 +96,7 @@ const OSSL_PARAM *cipher_aead_gettable_ctx_params(void)
 }
 
 static const OSSL_PARAM cipher_aead_known_settable_ctx_params[] = {
-    OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL),
+    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
     OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, NULL),
     OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
     OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, NULL, 0),
@@ -111,7 +113,7 @@ static int cipher_generic_init_internal(PROV_CIPHER_CTX *ctx,
                                         const unsigned char *iv, size_t ivlen,
                                         int enc)
 {
-    ctx->enc = enc;
+    ctx->enc = enc ? 1 : 0;
 
     if (iv != NULL && ctx->mode != EVP_CIPH_ECB_MODE) {
         if (ivlen != ctx->ivlen) {
@@ -312,12 +314,12 @@ int cipher_generic_get_ctx_params(void *vctx, OSSL_PARAM params[])
     OSSL_PARAM *p;
 
     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
-    if (p != NULL && !OSSL_PARAM_set_int(p, ctx->ivlen)) {
+    if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->ivlen)) {
         ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
         return 0;
     }
     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_PADDING);
-    if (p != NULL && !OSSL_PARAM_set_int(p, ctx->pad)) {
+    if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->pad)) {
         ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
         return 0;
     }
@@ -329,12 +331,12 @@ int cipher_generic_get_ctx_params(void *vctx, OSSL_PARAM params[])
         return 0;
     }
     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_NUM);
-    if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->num)) {
+    if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->num)) {
         ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
         return 0;
     }
     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
-    if (p != NULL && !OSSL_PARAM_set_int(p, ctx->keylen)) {
+    if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->keylen)) {
         ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
         return 0;
     }
@@ -349,9 +351,9 @@ int cipher_generic_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 
     p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_PADDING);
     if (p != NULL) {
-        int pad;
+        unsigned int pad;
 
-        if (!OSSL_PARAM_get_int(p, &pad)) {
+        if (!OSSL_PARAM_get_uint(p, &pad)) {
             ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
             return 0;
         }
@@ -359,9 +361,9 @@ int cipher_generic_set_ctx_params(void *vctx, const OSSL_PARAM params[])
     }
     p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_NUM);
     if (p != NULL) {
-        int num;
+        unsigned int num;
 
-        if (!OSSL_PARAM_get_int(p, &num)) {
+        if (!OSSL_PARAM_get_uint(p, &num)) {
             ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
             return 0;
         }
@@ -369,9 +371,9 @@ int cipher_generic_set_ctx_params(void *vctx, const OSSL_PARAM params[])
     }
     p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
     if (p != NULL) {
-        int keylen;
+        size_t keylen;
 
-        if (!OSSL_PARAM_get_int(p, &keylen)) {
+        if (!OSSL_PARAM_get_size_t(p, &keylen)) {
             ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
             return 0;
         }
@@ -381,7 +383,7 @@ int cipher_generic_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 }
 
 void cipher_generic_initkey(void *vctx, size_t kbits, size_t blkbits,
-                            size_t ivbits, int mode,
+                            size_t ivbits, unsigned int mode,
                             const PROV_CIPHER_HW *hw, void *provctx)
 {
     PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
diff --git a/providers/common/ciphers/cipher_gcm.c b/providers/common/ciphers/cipher_gcm.c
index 7d0e47b823..4247319091 100644
--- a/providers/common/ciphers/cipher_gcm.c
+++ b/providers/common/ciphers/cipher_gcm.c
@@ -29,8 +29,8 @@ void gcm_initctx(void *provctx, PROV_GCM_CTX *ctx, size_t keybits,
 {
     ctx->pad = 1;
     ctx->mode = EVP_CIPH_GCM_MODE;
-    ctx->taglen = -1;
-    ctx->tls_aad_len = -1;
+    ctx->taglen = UNINITIALISED_SIZET;
+    ctx->tls_aad_len = UNINITIALISED_SIZET;
     ctx->ivlen_min = ivlen_min;
     ctx->ivlen = (EVP_GCM_TLS_FIXED_IV_LEN + EVP_GCM_TLS_EXPLICIT_IV_LEN);
     ctx->keylen = keybits / 8;
@@ -89,12 +89,12 @@ int gcm_get_ctx_params(void *vctx, OSSL_PARAM params[])
     size_t sz;
 
     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
-    if (p != NULL && !OSSL_PARAM_set_int(p, ctx->ivlen)) {
+    if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->ivlen)) {
         ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
         return 0;
     }
     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
-    if (p != NULL && !OSSL_PARAM_set_int(p, ctx->keylen)) {
+    if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->keylen)) {
         ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
         return 0;
     }
@@ -103,7 +103,7 @@ int gcm_get_ctx_params(void *vctx, OSSL_PARAM params[])
     if (p != NULL) {
         if (ctx->iv_gen != 1 && ctx->iv_gen_rand != 1)
             return 0;
-        if (ctx->ivlen != (int)p->data_size) {
+        if (ctx->ivlen != p->data_size) {
             ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
             return 0;
         }
@@ -121,7 +121,10 @@ int gcm_get_ctx_params(void *vctx, OSSL_PARAM params[])
     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAG);
     if (p != NULL) {
         sz = p->data_size;
-        if (sz == 0 || sz > EVP_GCM_TLS_TAG_LEN || !ctx->enc || ctx->taglen < 0) {
+        if (sz == 0
+            || sz > EVP_GCM_TLS_TAG_LEN
+            || !ctx->enc
+            || ctx->taglen == UNINITIALISED_SIZET) {
             ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG);
             return 0;
         }
@@ -201,14 +204,14 @@ int gcm_set_ctx_params(void *vctx, const OSSL_PARAM params[])
      */
     p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
     if (p != NULL) {
-        int keylen;
+        size_t keylen;
 
-        if (!OSSL_PARAM_get_int(p, &keylen)) {
+        if (!OSSL_PARAM_get_size_t(p, &keylen)) {
             ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
             return 0;
         }
         /* The key length can not be modified for gcm mode */
-        if (keylen != (int)ctx->keylen)
+        if (keylen != ctx->keylen)
             return 0;
     }
 
@@ -296,7 +299,7 @@ static int gcm_cipher_internal(PROV_GCM_CTX *ctx, unsigned char *out,
     int rv = 0;
     const PROV_GCM_HW *hw = ctx->hw;
 
-    if (ctx->tls_aad_len >= 0)
+    if (ctx->tls_aad_len != UNINITIALISED_SIZET)
         return gcm_tls_cipher(ctx, out, padlen, in, len);
 
     if (!ctx->key_set || ctx->iv_state == IV_STATE_FINISHED)
@@ -425,7 +428,8 @@ static void ctr64_inc(unsigned char *counter)
 static int gcm_tls_cipher(PROV_GCM_CTX *ctx, unsigned char *out, size_t *padlen,
                           const unsigned char *in, size_t len)
 {
-    int rv = 0, arg = EVP_GCM_TLS_EXPLICIT_IV_LEN;
+    int rv = 0;
+    size_t arg = EVP_GCM_TLS_EXPLICIT_IV_LEN;
     size_t plen = 0;
     unsigned char *tag = NULL;
 
@@ -491,7 +495,7 @@ static int gcm_tls_cipher(PROV_GCM_CTX *ctx, unsigned char *out, size_t *padlen,
     rv = 1;
 err:
     ctx->iv_state = IV_STATE_FINISHED;
-    ctx->tls_aad_len = -1;
+    ctx->tls_aad_len = UNINITIALISED_SIZET;
     *padlen = plen;
     return rv;
 }
diff --git a/providers/common/ciphers/cipher_gcm_hw.c b/providers/common/ciphers/cipher_gcm_hw.c
index 4ef5190b5f..e2587f2e5e 100644
--- a/providers/common/ciphers/cipher_gcm_hw.c
+++ b/providers/common/ciphers/cipher_gcm_hw.c
@@ -90,7 +90,7 @@ int gcm_cipher_final(PROV_GCM_CTX *ctx, unsigned char *tag)
         CRYPTO_gcm128_tag(&ctx->gcm, tag, GCM_TAG_MAX_SIZE);
         ctx->taglen = GCM_TAG_MAX_SIZE;
     } else {
-        if (ctx->taglen < 0
+        if (ctx->taglen == UNINITIALISED_SIZET
             || CRYPTO_gcm128_finish(&ctx->gcm, tag, ctx->taglen) != 0)
             return 0;
     }
diff --git a/providers/common/ciphers/cipher_locl.h b/providers/common/ciphers/cipher_locl.h
index 8313498e5e..7e0aaad438 100644
--- a/providers/common/ciphers/cipher_locl.h
+++ b/providers/common/ciphers/cipher_locl.h
@@ -11,10 +11,10 @@
 
 #define CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(name)                         \
 static const OSSL_PARAM name##_known_gettable_ctx_params[] = {                 \
-    OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL),                            \
-    OSSL_PARAM_int(OSSL_CIPHER_PARAM_IVLEN, NULL),                             \
-    OSSL_PARAM_int(OSSL_CIPHER_PARAM_PADDING, NULL),                           \
-    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_NUM, NULL),                            \
+    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),                         \
+    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),                          \
+    OSSL_PARAM_uint(OSSL_CIPHER_PARAM_PADDING, NULL),                          \
+    OSSL_PARAM_uint(OSSL_CIPHER_PARAM_NUM, NULL),                              \
     OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
 
 #define CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(name)                           \
diff --git a/providers/common/digests/digest_common.c b/providers/common/digests/digest_common.c
index de135b0a94..062209f329 100644
--- a/providers/common/digests/digest_common.c
+++ b/providers/common/digests/digest_common.c
@@ -11,18 +11,18 @@
 #include "internal/digestcommon.h"
 #include "internal/providercommonerr.h"
 
-int digest_default_get_params(OSSL_PARAM params[], int blksz, int paramsz,
+int digest_default_get_params(OSSL_PARAM params[], size_t blksz, size_t paramsz,
                               unsigned long flags)
 {
     OSSL_PARAM *p = NULL;
 
     p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_BLOCK_SIZE);
-    if (p != NULL && !OSSL_PARAM_set_int(p, blksz)) {
+    if (p != NULL && !OSSL_PARAM_set_size_t(p, blksz)) {
         ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
         return 0;
     }
     p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_SIZE);
-    if (p != NULL && !OSSL_PARAM_set_int(p, paramsz)) {
+    if (p != NULL && !OSSL_PARAM_set_size_t(p, paramsz)) {
         ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
         return 0;
     }
@@ -35,10 +35,9 @@ int digest_default_get_params(OSSL_PARAM params[], int blksz, int paramsz,
 }
 
 static const OSSL_PARAM digest_default_known_gettable_params[] = {
-    { OSSL_DIGEST_PARAM_BLOCK_SIZE, OSSL_PARAM_INTEGER, NULL, sizeof(int), 0},
-    { OSSL_DIGEST_PARAM_SIZE, OSSL_PARAM_INTEGER, NULL, sizeof(int), 0},
-    { OSSL_DIGEST_PARAM_FLAGS, OSSL_PARAM_INTEGER, NULL,
-      sizeof(unsigned long), 0},
+    OSSL_PARAM_size_t(OSSL_DIGEST_PARAM_BLOCK_SIZE, NULL),
+    OSSL_PARAM_size_t(OSSL_DIGEST_PARAM_SIZE, NULL),
+    OSSL_PARAM_ulong(OSSL_DIGEST_PARAM_FLAGS, NULL),
     OSSL_PARAM_END
 };
 const OSSL_PARAM *digest_default_gettable_params(void)
diff --git a/providers/common/exchange/dh_exch.c b/providers/common/exchange/dh_exch.c
index 69980d8e97..5ff8318725 100644
--- a/providers/common/exchange/dh_exch.c
+++ b/providers/common/exchange/dh_exch.c
@@ -30,7 +30,7 @@ static OSSL_OP_keyexch_dupctx_fn dh_dupctx;
 typedef struct {
     DH *dh;
     DH *dhpeer;
-    int pad;
+    unsigned int pad : 1;
 } PROV_DH_CTX;
 
 static void *dh_newctx(void *provctx)
@@ -128,17 +128,15 @@ static int dh_set_params(void *vpdhctx, const OSSL_PARAM params[])
 {
     PROV_DH_CTX *pdhctx = (PROV_DH_CTX *)vpdhctx;
     const OSSL_PARAM *p;
-    int pad;
+    unsigned int pad;
 
     if (pdhctx == NULL || params == NULL)
         return 0;
 
     p = OSSL_PARAM_locate_const(params, OSSL_EXCHANGE_PARAM_PAD);
-    if (p == NULL || !OSSL_PARAM_get_int(p, &pad))
+    if (p == NULL || !OSSL_PARAM_get_uint(p, &pad))
         return 0;
-
-    pdhctx->pad = pad;
-
+    pdhctx->pad = pad ? 1 : 0;
     return 1;
 }
 
diff --git a/providers/common/include/internal/ciphers/cipher_aead.h b/providers/common/include/internal/ciphers/cipher_aead.h
index a2fe87e967..1ddba1c325 100644
--- a/providers/common/include/internal/ciphers/cipher_aead.h
+++ b/providers/common/include/internal/ciphers/cipher_aead.h
@@ -7,6 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
+#define UNINITIALISED_SIZET ((size_t)-1)
+
 /* TODO(3.0) Figure out what flags are really needed */
 #define AEAD_FLAGS (EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1     \
                        | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER      \
diff --git a/providers/common/include/internal/ciphers/cipher_ccm.h b/providers/common/include/internal/ciphers/cipher_ccm.h
index 503d077def..08a2d46858 100644
--- a/providers/common/include/internal/ciphers/cipher_ccm.h
+++ b/providers/common/include/internal/ciphers/cipher_ccm.h
@@ -28,24 +28,24 @@ typedef struct S390X_kmac_params_st {
 
 /* Base structure that is shared by AES & ARIA for CCM MODE */
 typedef struct prov_ccm_st {
-    int enc;
-    int key_set;                /* Set if key initialised */
-    int iv_set;                 /* Set if an iv is set */
-    int tag_set;                /* Set if tag is valid */
-    int len_set;                /* Set if message length set */
-    size_t l, m;                /* L and M parameters from RFC3610 */
+    unsigned int enc : 1;
+    unsigned int key_set : 1;  /* Set if key initialised */
+    unsigned int iv_set : 1;   /* Set if an iv is set */
+    unsigned int tag_set : 1;  /* Set if tag is valid */
+    unsigned int len_set : 1;  /* Set if message length set */
+    size_t l, m;               /* L and M parameters from RFC3610 */
     size_t keylen;
-    int tls_aad_len;            /* TLS AAD length */
-    int tls_aad_pad_sz;
+    int tls_aad_len;           /* TLS AAD length */
+    size_t tls_aad_pad_sz;
     unsigned char iv[AES_BLOCK_SIZE];
     unsigned char buf[AES_BLOCK_SIZE];
     CCM128_CONTEXT ccm_ctx;
     ccm128_f str;
-    const PROV_CCM_HW *hw;      /* hardware specific methods  */
+    const PROV_CCM_HW *hw;     /* hardware specific methods  */
 } PROV_CCM_CTX;
 
 typedef struct prov_aes_ccm_ctx_st {
-    PROV_CCM_CTX base;          /* Must be first */
+    PROV_CCM_CTX base;         /* Must be first */
     union {
         OSSL_UNION_ALIGN;
         /*-
@@ -71,7 +71,7 @@ typedef struct prov_aes_ccm_ctx_st {
                 unsigned char b[AES_BLOCK_SIZE];
             } buf;
             unsigned char dummy_pad[168];
-            unsigned int fc;    /* fc has same offset as ks.ks.rounds */
+            unsigned int fc;   /* fc has same offset as ks.ks.rounds */
         } s390x;
 #endif /* defined(OPENSSL_CPUID_OBJ) && defined(__s390__) */
     } ccm;
diff --git a/providers/common/include/internal/ciphers/cipher_gcm.h b/providers/common/include/internal/ciphers/cipher_gcm.h
index 63600c38e7..f4e2894fe2 100644
--- a/providers/common/include/internal/ciphers/cipher_gcm.h
+++ b/providers/common/include/internal/ciphers/cipher_gcm.h
@@ -13,7 +13,7 @@
 
 typedef struct prov_gcm_hw_st PROV_GCM_HW;
 
-#define GCM_IV_DEFAULT_SIZE 12/* IV's for AES_GCM should normally be 12 bytes */
+#define GCM_IV_DEFAULT_SIZE 12 /* IV's for AES_GCM should normally be 12 bytes */
 #define GCM_IV_MAX_SIZE     64
 #define GCM_TAG_MAX_SIZE    16
 
@@ -45,18 +45,13 @@ typedef struct S390X_kma_params_st {
 #endif
 
 typedef struct prov_gcm_ctx_st {
-    int enc;                /* Set to 1 if we are encrypting or 0 otherwise */
-    int mode;               /* The mode that we are using */
+    unsigned int mode;          /* The mode that we are using */
     size_t keylen;
-    int ivlen;
+    size_t ivlen;
     size_t ivlen_min;
-    int taglen;
-    int key_set;            /* Set if key initialised */
-    int iv_state;           /* set to one of IV_STATE_XXX */
-    int iv_gen_rand;        /* No IV was specified, so generate a rand IV */
-    int iv_gen;             /* It is OK to generate IVs */
-    int tls_aad_pad_sz;
-    int tls_aad_len;        /* TLS AAD length */
+    size_t taglen;
+    size_t tls_aad_pad_sz;
+    size_t tls_aad_len;         /* TLS AAD length */
     uint64_t tls_enc_records;   /* Number of TLS records encrypted */
 
     /*
@@ -64,13 +59,18 @@ typedef struct prov_gcm_ctx_st {
      * manage partial blocks themselves.
      */
     size_t num;
-    size_t bufsz;           /* Number of bytes in buf */
+    size_t bufsz;               /* Number of bytes in buf */
     uint64_t flags;
 
-    unsigned int pad : 1;   /* Whether padding should be used or not */
+    unsigned int iv_state;      /* set to one of IV_STATE_XXX */
+    unsigned int enc:1;         /* Set to 1 if we are encrypting or 0 otherwise */
+    unsigned int pad:1;         /* Whether padding should be used or not */
+    unsigned int key_set:1;     /* Set if key initialised */
+    unsigned int iv_gen_rand:1; /* No IV was specified, so generate a rand IV */
+    unsigned int iv_gen:1;      /* It is OK to generate IVs */
 
     unsigned char iv[GCM_IV_MAX_SIZE]; /* Buffer to use for IV's */
-    unsigned char buf[AES_BLOCK_SIZE];     /* Buffer of partial blocks processed via update calls */
+    unsigned char buf[AES_BLOCK_SIZE]; /* Buffer of partial blocks processed via update calls */
 
     OPENSSL_CTX *libctx;    /* needed for rand calls */
     const PROV_GCM_HW *hw;  /* hardware specific methods */
@@ -153,7 +153,7 @@ int gcm_one_shot(PROV_GCM_CTX *ctx, unsigned char *aad, size_t aad_len,
 int gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in,
                       size_t len, unsigned char *out);
 
-#define GCM_HW_SET_KEY_CTR_FN(ks, fn_set_enc_key, fn_block, fn_ctr)     \
+#define GCM_HW_SET_KEY_CTR_FN(ks, fn_set_enc_key, fn_block, fn_ctr)            \
     ctx->ks = ks;                                                              \
     fn_set_enc_key(key, keylen * 8, ks);                                       \
     CRYPTO_gcm128_init(&ctx->gcm, ks, (block128_f)fn_block);                   \
diff --git a/providers/common/include/internal/ciphers/ciphercommon.h b/providers/common/include/internal/ciphers/ciphercommon.h
index 38d0396902..5593447264 100644
--- a/providers/common/include/internal/ciphers/ciphercommon.h
+++ b/providers/common/include/internal/ciphers/ciphercommon.h
@@ -39,20 +39,20 @@ struct prov_cipher_ctx_st {
         ctr128_f ctr;
     } stream;
 
+    unsigned int mode;
+    size_t keylen;        /* key size (in bytes) */
+    size_t ivlen;
+    size_t blocksize;
+    size_t bufsz;         /* Number of bytes in buf */
+    unsigned int pad : 1; /* Whether padding should be used or not */
+    unsigned int enc : 1; /* Set to 1 for encrypt, or 0 otherwise */
+
     /*
      * num contains the number of bytes of |iv| which are valid for modes that
      * manage partial blocks themselves.
      */
-    size_t num;
-
-    int mode;
-    int enc;              /* Set to 1 for encrypt, or 0 otherwise */
-    size_t bufsz;         /* Number of bytes in buf */
-    size_t keylen;        /* key size (in bytes) */
-    size_t ivlen;
-    size_t blocksize;
+    unsigned int num;
     uint64_t flags;
-    unsigned int pad : 1; /* Whether padding should be used or not */
 
     /* Buffer of partial blocks processed via update calls */
     unsigned char buf[GENERIC_BLOCK_SIZE];
@@ -81,10 +81,11 @@ OSSL_OP_cipher_gettable_ctx_params_fn cipher_generic_gettable_ctx_params;
 OSSL_OP_cipher_settable_ctx_params_fn cipher_generic_settable_ctx_params;
 OSSL_OP_cipher_gettable_ctx_params_fn cipher_aead_gettable_ctx_params;
 OSSL_OP_cipher_settable_ctx_params_fn cipher_aead_settable_ctx_params;
-int cipher_generic_get_params(OSSL_PARAM params[], int md, unsigned long flags,
-                              int kbits, int blkbits, int ivbits);
+int cipher_generic_get_params(OSSL_PARAM params[], unsigned int md,
+                              unsigned long flags,
+                              size_t kbits, size_t blkbits, size_t ivbits);
 void cipher_generic_initkey(void *vctx, size_t kbits, size_t blkbits,
-                            size_t ivbits, int mode,
+                            size_t ivbits, unsigned int mode,
                             const PROV_CIPHER_HW *hw, void *provctx);
 
 #define IMPLEMENT_generic_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits,     \
diff --git a/providers/common/include/internal/digestcommon.h b/providers/common/include/internal/digestcommon.h
index 533e854e30..88caccf7cd 100644
--- a/providers/common/include/internal/digestcommon.h
+++ b/providers/common/include/internal/digestcommon.h
@@ -93,7 +93,7 @@ PROV_DISPATCH_FUNC_DIGEST_CONSTRUCT_END
 
 
 const OSSL_PARAM *digest_default_gettable_params(void);
-int digest_default_get_params(OSSL_PARAM params[], int blksz, int paramsz,
+int digest_default_get_params(OSSL_PARAM params[], size_t blksz, size_t paramsz,
                               unsigned long flags);
 
 # ifdef __cplusplus
diff --git a/providers/legacy/digests/mdc2_prov.c b/providers/legacy/digests/mdc2_prov.c
index b30d50327d..cf37b528e7 100644
--- a/providers/legacy/digests/mdc2_prov.c
+++ b/providers/legacy/digests/mdc2_prov.c
@@ -20,7 +20,7 @@ static OSSL_OP_digest_set_ctx_params_fn mdc2_set_ctx_params;
 static OSSL_OP_digest_settable_ctx_params_fn mdc2_settable_ctx_params;
 
 static const OSSL_PARAM known_mdc2_settable_ctx_params[] = {
-    {OSSL_DIGEST_PARAM_PAD_TYPE, OSSL_PARAM_INTEGER, NULL, sizeof(int), 0},
+    OSSL_PARAM_uint(OSSL_DIGEST_PARAM_PAD_TYPE, NULL),
     OSSL_PARAM_END
 };
 
@@ -36,7 +36,7 @@ static int mdc2_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 
     if (ctx != NULL && params != NULL) {
         p = OSSL_PARAM_locate_const(params, OSSL_DIGEST_PARAM_PAD_TYPE);
-        if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->pad_type)) {
+        if (p != NULL && !OSSL_PARAM_get_uint(p, &ctx->pad_type)) {
             ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
             return 0;
         }
diff --git a/test/mdc2test.c b/test/mdc2test.c
index 5b54f1038b..d1c2f26bdc 100644
--- a/test/mdc2test.c
+++ b/test/mdc2test.c
@@ -39,7 +39,8 @@ static unsigned char pad2[16] = {
 
 static int test_mdc2(void)
 {
-    int testresult = 0, pad_type = 2;
+    int testresult = 0;
+    unsigned int pad_type = 2;
     unsigned char md[MDC2_DIGEST_LENGTH];
     EVP_MD_CTX *c;
     static char text[] = "Now is the time for all ";
@@ -47,8 +48,8 @@ static int test_mdc2(void)
     OSSL_PROVIDER *prov = NULL;
     OSSL_PARAM params[2];
 
-    params[i++] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_PAD_TYPE,
-                                           &pad_type),
+    params[i++] = OSSL_PARAM_construct_uint(OSSL_DIGEST_PARAM_PAD_TYPE,
+                                            &pad_type),
     params[i++] = OSSL_PARAM_construct_end();
 
     prov = OSSL_PROVIDER_load(NULL, "legacy");


More information about the openssl-commits mailing list