Resolve some outstanding size_t related TODOs

Reviewed-by: Rich Salz <rsalz@openssl.org>

ssl/record/rec_layer_s3.c

@@ -418,6 +418,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
         unsigned char aad[13];
         EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
         size_t packlen;
+        int packleni;
 
         /* minimize address aliasing conflicts */
         if ((max_send_fragment & 0xfff) == 0)
@@ -476,12 +477,11 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
             mb_param.inp = aad;
             mb_param.len = nw;
 
-            /* TODO: CHECK ME - CAN THIS EVER BE NEGATIVE???? */
-            packlen = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
+            packleni = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
                                           EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
                                           sizeof(mb_param), &mb_param);
-
-            if (packlen <= 0 || packlen > wb->len) { /* never happens */
+            packlen = (size_t)packleni;
+            if (packleni <= 0 || packlen > wb->len) { /* never happens */
                 /* free jumbo buffer */
                 ssl3_release_write_buffer(s);
                 break;

ssl/record/ssl3_record.c

@@ -202,7 +202,6 @@ int ssl3_get_record(SSL *s)
                 ssl_minor = *(p++);
                 version = (ssl_major << 8) | ssl_minor;
                 rr[num_recs].rec_version = version;
-                /* TODO(size_t): CHECK ME */
                 n2s(p, rr[num_recs].length);
 
                 /* Lets check version */
@@ -1108,7 +1107,6 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
  *   1: if the padding was valid
  *  -1: otherwise.
  */
- /* TODO(size_t): Convert me */
 int ssl3_cbc_remove_padding(SSL3_RECORD *rec,
                             size_t block_size, size_t mac_size)
 {
@@ -1123,7 +1121,6 @@ int ssl3_cbc_remove_padding(SSL3_RECORD *rec,
         return 0;
 
     padding_length = rec->data[rec->length - 1];
-    /* TODO(size_t): size_t constant_time ? */
     good = constant_time_ge(rec->length, padding_length + overhead);
     /* SSLv3 requires that the padding is minimal. */
     good &= constant_time_ge(block_size, padding_length + 1);
@@ -1176,7 +1173,6 @@ int tls1_cbc_remove_padding(const SSL *s,
         return 1;
     }
 
-    /* TODO(size_t): size_t constant_time?? */
     good = constant_time_ge(rec->length, overhead + padding_length);
     /*
      * The padding consists of a length byte at the end of the record and
@@ -1279,7 +1275,6 @@ void ssl3_cbc_copy_mac(unsigned char *out,
 
     memset(rotated_mac, 0, md_size);
     for (i = scan_start, j = 0; i < rec->orig_len; i++) {
-        /* TODO(size_t): should we have constant_time variants for size_t? */
         unsigned char mac_started = constant_time_ge_8(i, mac_start);
         unsigned char mac_ended = constant_time_ge_8(i, mac_end);
         unsigned char b = rec->data[i];
@@ -1587,7 +1582,6 @@ int dtls1_get_record(SSL *s)
         memcpy(&(RECORD_LAYER_get_read_sequence(&s->rlayer)[2]), p, 6);
         p += 6;
 
-        /* TODO(size_t): CHECK ME */
         n2s(p, rr->length);
 
         /* Lets check version */

ssl/statem/statem_dtls.c

@@ -214,11 +214,6 @@ int dtls1_do_write(SSL *s, int type)
         else
             len = s->init_num;
 
-        /* Shouldn't ever happen */
-        /* TODO(size_t): can this go now? */
-        if (len > INT_MAX)
-            len = INT_MAX;
-
         /*
          * XDTLS: this function is too long.  split out the CCS part
          */