Fix various warnings. (open-quantum-safe#480)

* Fix various warnings.

Signed-off-by: Norman Ashley <nashley@cisco.com>

CMakeLists.txt

@@ -1,7 +1,7 @@
 if (WIN32)
 cmake_minimum_required(VERSION 3.20 FATAL_ERROR)
 else()
-cmake_minimum_required(VERSION 3.0 FATAL_ERROR)
+cmake_minimum_required(VERSION 3.5 FATAL_ERROR)
 endif()
 project(oqs-provider LANGUAGES C)
 set(OQSPROVIDER_VERSION_TEXT "0.6.2-dev")

oqsprov/oqs_encode_key2any.c

@@ -703,8 +703,8 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) {
                 nid =
                     oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->keytype;
                 if (nid == EVP_PKEY_RSA) { // get the RSA real key size
-                    unsigned char *enc_len =
-                        OPENSSL_strndup(oqsxkey->comp_privkey[i], 4);
+                    unsigned char *enc_len = (unsigned char *)OPENSSL_strndup(
+                        oqsxkey->comp_privkey[i], 4);
                     OPENSSL_cleanse(enc_len, 2);
                     DECODE_UINT32(buflen, enc_len);
                     buflen += 4;
@@ -1684,7 +1684,8 @@ static int oqsx_to_text(BIO *out, const void *key, int selection) {
                                    ->keytype ==
                                EVP_PKEY_RSA) { // get the RSA real key size
                         unsigned char *enc_len =
-                            OPENSSL_strndup(okey->comp_privkey[i], 4);
+                            (unsigned char *)OPENSSL_strndup(
+                                okey->comp_privkey[i], 4);
                         OPENSSL_cleanse(enc_len, 2);
                         DECODE_UINT32(privlen, enc_len);
                         privlen += 4;

oqsprov/oqs_sig.c

@@ -210,38 +210,101 @@ static int oqs_sig_verify_init(void *vpoqs_sigctx, void *voqssig,
 // this list need to be in order of the last number on the OID from the
 // composite, the len of each value is COMPOSITE_OID_PREFIX_LEN
 static const unsigned char *composite_OID_prefix[] = {
-    "060B6086480186FA6B50080101", // mldsa44_pss2048
-                                  // id-MLDSA44-RSA2048-PSS-SHA256
-    "060B6086480186FA6B50080102", // mldsa44_rsa2048
-                                  // id-MLDSA44-RSA2048-PKCS15-SHA256
-    "060B6086480186FA6B50080103", // mldsa44_ed25519
-                                  // id-MLDSA44-Ed25519-SHA512
-    "060B6086480186FA6B50080104", // mldsa44_p256
-                                  // id-MLDSA44-ECDSA-P256-SHA256
-    "060B6086480186FA6B50080105", // mldsa44_bp256
-                                  // id-MLDSA44-ECDSA-brainpoolP256r1-SHA256
-    "060B6086480186FA6B50080106", // mldsa65_pss3072
-                                  // id-MLDSA65-RSA3072-PSS-SHA512
-    "060B6086480186FA6B50080107", // mldsa65_rsa3072
-                                  // id-MLDSA65-RSA3072-PKCS15-SHA512
-    "060B6086480186FA6B50080108", // mldsa65_p256
-                                  // id-MLDSA65-ECDSA-P256-SHA512
-    "060B6086480186FA6B50080109", // mldsa65_bp256
-                                  // id-MLDSA65-ECDSA-brainpoolP256r1-SHA512
-    "060B6086480186FA6B5008010A", // mldsa65_ed25519
-                                  // id-MLDSA65-Ed25519-SHA512
-    "060B6086480186FA6B5008010B", // mldsa87_p384
-                                  // id-MLDSA87-ECDSA-P384-SHA512
-    "060B6086480186FA6B5008010C", // mldsa87_bp384
-                                  // id-MLDSA87-ECDSA-brainpoolP384r1-SHA512
-    "060B6086480186FA6B5008010D", // mldsa87_ed448 id-MLDSA87-Ed448-SHA512
-    "060B6086480186FA6B5008010E", // falcon512_p256
-                                  // id-Falon512-ECDSA-P256-SHA256
-    "060B6086480186FA6B5008010F", // falcon512_bp256
-                                  // id-Falcon512-ECDSA-brainpoolP256r1-SHA256
-    "060B6086480186FA6B50080110", // falcon512_ed25519
-                                  // id-Falcon512-Ed25519-SHA512
+    /*
+     * mldsa44_pss2048
+     * id-MLDSA44-RSA2048-PSS-SHA256
+     */
+    (const unsigned char *)"060B6086480186FA6B50080101",
+
+    /*
+     * mldsa44_rsa2048
+     * id-MLDSA44-RSA2048-PKCS15-SHA256
+     */
+    (const unsigned char *)"060B6086480186FA6B50080102",
+
+    /*
+     * mldsa44_ed25519
+     * id-MLDSA44-Ed25519-SHA512
+     */
+    (const unsigned char *)"060B6086480186FA6B50080103",
+
+    /*
+     * mldsa44_p256
+     * id-MLDSA44-ECDSA-P256-SHA256
+     */
+    (const unsigned char *)"060B6086480186FA6B50080104",
+
+    /*
+     * mldsa44_bp256
+     * id-MLDSA44-ECDSA-brainpoolP256r1-SHA256
+     */
+    (const unsigned char *)"060B6086480186FA6B50080105",
+
+    /*
+     * mldsa65_pss3072
+     * id-MLDSA65-RSA3072-PSS-SHA512
+     */
+    (const unsigned char *)"060B6086480186FA6B50080106",
+
+    /*
+     * mldsa65_rsa3072
+     * id-MLDSA65-RSA3072-PKCS15-SHA512
+     */
+    (const unsigned char *)"060B6086480186FA6B50080107",
+
+    /*
+     * mldsa65_p256
+     * id-MLDSA65-ECDSA-P256-SHA512
+     */
+    (const unsigned char *)"060B6086480186FA6B50080108",
 
+    /*
+     * mldsa65_bp256
+     * id-MLDSA65-ECDSA-brainpoolP256r1-SHA512
+     */
+    (const unsigned char *)"060B6086480186FA6B50080109",
+
+    /*
+     * mldsa65_ed25519
+     * id-MLDSA65-Ed25519-SHA512
+     */
+    (const unsigned char *)"060B6086480186FA6B5008010A",
+
+    /*
+     * mldsa87_p384
+     * id-MLDSA87-ECDSA-P384-SHA512
+     */
+    (const unsigned char *)"060B6086480186FA6B5008010B",
+
+    /*
+     * mldsa87_bp384
+     * id-MLDSA87-ECDSA-brainpoolP384r1-SHA512
+     */
+    (const unsigned char *)"060B6086480186FA6B5008010C",
+
+    /*
+     * mldsa87_ed448
+     * id-MLDSA87-Ed448-SHA512
+     */
+    (const unsigned char *)"060B6086480186FA6B5008010D",
+
+    /*
+     * falcon512_p256
+     * id-Falon512-ECDSA-P256-SHA256
+     */
+    (const unsigned char *)"060B6086480186FA6B5008010E",
+
+    /*
+     * falcon512_p256
+     * id-Falcon512-ECDSA-brainpoolP256r1-SHA256
+     */
+    (const unsigned char *)"060B6086480186FA6B5008010F",
+
+    /*
+     * falcon512_ed25519
+     * id-Falcon512-Ed25519-SHA512
+     */
+    (const unsigned char *)"060B6086480186FA6B50080110",
 };
 
 /*put the chars on in into memory on out*/
@@ -454,8 +517,8 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen,
                 oqs_sig_len = oqsxkey->oqsx_provider_ctx.oqsx_qs_ctx.sig
                                   ->length_signature;
                 buf = OPENSSL_malloc(oqs_sig_len);
-                if (OQS_SIG_sign(oqs_key, buf, &oqs_sig_len, final_tbs,
-                                 final_tbslen,
+                if (OQS_SIG_sign(oqs_key, buf, &oqs_sig_len,
+                                 (const unsigned char *)final_tbs, final_tbslen,
                                  oqsxkey->comp_privkey[i]) != OQS_SUCCESS) {
                     ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED);
                     CompositeSignature_free(compsig);
@@ -478,7 +541,8 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen,
                     EVP_MD_CTX *evp_ctx = EVP_MD_CTX_new();
                     if ((EVP_DigestSignInit(evp_ctx, NULL, NULL, NULL,
                                             oqs_key_classic) <= 0) ||
-                        (EVP_DigestSign(evp_ctx, buf, &oqs_sig_len, final_tbs,
+                        (EVP_DigestSign(evp_ctx, buf, &oqs_sig_len,
+                                        (const unsigned char *)final_tbs,
                                         final_tbslen) <= 0)) {
                         ERR_raise(ERR_LIB_USER, ERR_R_FATAL);
                         CompositeSignature_free(compsig);
@@ -549,12 +613,12 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen,
                     if (comp_idx < 6) {
                         classical_md = EVP_sha256();
                         digest_len = SHA256_DIGEST_LENGTH;
-                        SHA256(final_tbs, final_tbslen,
+                        SHA256((const unsigned char *)final_tbs, final_tbslen,
                                (unsigned char *)&digest);
                     } else {
                         classical_md = EVP_sha512();
                         digest_len = SHA512_DIGEST_LENGTH;
-                        SHA512(final_tbs, final_tbslen,
+                        SHA512((const unsigned char *)final_tbs, final_tbslen,
                                (unsigned char *)&digest);
                     }
 
@@ -814,8 +878,8 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig,
             }
 
             if (get_oqsname_fromtls(name)) {
-                if (OQS_SIG_verify(oqs_key, final_tbs, final_tbslen, buf,
-                                   buf_len,
+                if (OQS_SIG_verify(oqs_key, (const unsigned char *)final_tbs,
+                                   final_tbslen, buf, buf_len,
                                    oqsxkey->comp_pubkey[i]) != OQS_SUCCESS) {
                     ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR);
                     OPENSSL_free(name);
@@ -834,7 +898,8 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig,
                     EVP_MD_CTX *evp_ctx = EVP_MD_CTX_new();
                     if ((EVP_DigestVerifyInit(evp_ctx, NULL, NULL, NULL,
                                               oqsxkey->classical_pkey) <= 0) ||
-                        (EVP_DigestVerify(evp_ctx, buf, buf_len, final_tbs,
+                        (EVP_DigestVerify(evp_ctx, buf, buf_len,
+                                          (const unsigned char *)final_tbs,
                                           final_tbslen) <= 0)) {
                         ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR);
                         OPENSSL_free(name);
@@ -898,12 +963,12 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig,
                     if (comp_idx < 6) {
                         classical_md = EVP_sha256();
                         digest_len = SHA256_DIGEST_LENGTH;
-                        SHA256(final_tbs, final_tbslen,
+                        SHA256((const unsigned char *)final_tbs, final_tbslen,
                                (unsigned char *)&digest);
                     } else {
                         classical_md = EVP_sha512();
                         digest_len = SHA512_DIGEST_LENGTH;
-                        SHA512(final_tbs, final_tbslen,
+                        SHA512((const unsigned char *)final_tbs, final_tbslen,
                                (unsigned char *)&digest);
                     }
 

oqsprov/oqsprov_keys.c

@@ -397,10 +397,10 @@ EVP_PKEY *setECParams(EVP_PKEY *eck, int nid) {
                                         0x04, 0x00, 0x22};
     const unsigned char p521params[] = {0x06, 0x05, 0x2b, 0x81,
                                         0x04, 0x00, 0x23};
-    const char bp256params[] = {0x06, 0x09, 0x2b, 0x24, 0x03, 0x03,
-                                0x02, 0x08, 0x01, 0x01, 0x07};
-    const char bp384params[] = {0x06, 0x09, 0x2b, 0x24, 0x03, 0x03,
-                                0x02, 0x08, 0x01, 0x01, 0x0b};
+    const unsigned char bp256params[] = {0x06, 0x09, 0x2b, 0x24, 0x03, 0x03,
+                                         0x02, 0x08, 0x01, 0x01, 0x07};
+    const unsigned char bp384params[] = {0x06, 0x09, 0x2b, 0x24, 0x03, 0x03,
+                                         0x02, 0x08, 0x01, 0x01, 0x0b};
 
     const unsigned char *params;
     switch (nid) {
@@ -702,8 +702,11 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p,
                             ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING);
                             goto err_key_op;
                         }
-                        unsigned char *enc_len = OPENSSL_strndup(
-                            p + previous_privlen + previous_publen, 4);
+                        unsigned char *enc_len =
+                            (unsigned char *)OPENSSL_strndup(
+                                (const char *)(p + previous_privlen +
+                                               previous_publen),
+                                4);
                         OPENSSL_cleanse(enc_len, 2);
                         DECODE_UINT32(privlen, enc_len);
                         privlen += 4;