Changed length arguments and return to size_t

2018-01-17 08:12:54 +01:00 · 2018-01-17 08:12:54 +01:00 · dc3d536398
commit dc3d536398
parent dc48c42926
4 changed files with 124 additions and 101 deletions
--- a/include/freerdp/crypto/ber.h
+++ b/include/freerdp/crypto/ber.h
@ -53,39 +53,39 @@
 #define BER_PC(_pc)	(_pc ? BER_CONSTRUCT : BER_PRIMITIVE)
 #ifdef __cplusplus
- extern "C" {
+extern "C" {
 #endif
-FREERDP_API BOOL ber_read_length(wStream* s, int* length);
+FREERDP_API BOOL ber_read_length(wStream* s, size_t* length);
-FREERDP_API int ber_write_length(wStream* s, int length);
+FREERDP_API size_t ber_write_length(wStream* s, size_t length);
-FREERDP_API int _ber_sizeof_length(int length);
+FREERDP_API size_t _ber_sizeof_length(size_t length);
 FREERDP_API BOOL ber_read_universal_tag(wStream* s, BYTE tag, BOOL pc);
-FREERDP_API int ber_write_universal_tag(wStream* s, BYTE tag, BOOL pc);
+FREERDP_API size_t ber_write_universal_tag(wStream* s, BYTE tag, BOOL pc);
-FREERDP_API BOOL ber_read_application_tag(wStream* s, BYTE tag, int* length);
+FREERDP_API BOOL ber_read_application_tag(wStream* s, BYTE tag, size_t* length);
-FREERDP_API void ber_write_application_tag(wStream* s, BYTE tag, int length);
+FREERDP_API void ber_write_application_tag(wStream* s, BYTE tag, size_t length);
 FREERDP_API BOOL ber_read_enumerated(wStream* s, BYTE* enumerated, BYTE count);
 FREERDP_API void ber_write_enumerated(wStream* s, BYTE enumerated, BYTE count);
-FREERDP_API BOOL ber_read_contextual_tag(wStream* s, BYTE tag, int* length, BOOL pc);
+FREERDP_API BOOL ber_read_contextual_tag(wStream* s, BYTE tag, size_t* length, BOOL pc);
-FREERDP_API int ber_write_contextual_tag(wStream* s, BYTE tag, int length, BOOL pc);
+FREERDP_API size_t ber_write_contextual_tag(wStream* s, BYTE tag, size_t length, BOOL pc);
-FREERDP_API int ber_sizeof_contextual_tag(int length);
+FREERDP_API size_t ber_sizeof_contextual_tag(size_t length);
-FREERDP_API BOOL ber_read_sequence_tag(wStream* s, int* length);
+FREERDP_API BOOL ber_read_sequence_tag(wStream* s, size_t* length);
-FREERDP_API int ber_write_sequence_tag(wStream* s, int length);
+FREERDP_API size_t ber_write_sequence_tag(wStream* s, size_t length);
-FREERDP_API int ber_sizeof_sequence(int length);
+FREERDP_API size_t ber_sizeof_sequence(size_t length);
-FREERDP_API int ber_sizeof_sequence_tag(int length);
+FREERDP_API size_t ber_sizeof_sequence_tag(size_t length);
-FREERDP_API BOOL ber_read_bit_string(wStream* s, int* length, BYTE* padding);
+FREERDP_API BOOL ber_read_bit_string(wStream* s, size_t* length, BYTE* padding);
-FREERDP_API int ber_write_octet_string(wStream* s, const BYTE* oct_str, int length);
+FREERDP_API size_t ber_write_octet_string(wStream* s, const BYTE* oct_str, size_t length);
-FREERDP_API BOOL ber_read_octet_string_tag(wStream* s, int* length);
+FREERDP_API BOOL ber_read_octet_string_tag(wStream* s, size_t* length);
-FREERDP_API int ber_write_octet_string_tag(wStream* s, int length);
+FREERDP_API size_t ber_write_octet_string_tag(wStream* s, size_t length);
-FREERDP_API int ber_sizeof_octet_string(int length);
+FREERDP_API size_t ber_sizeof_octet_string(size_t length);
 FREERDP_API BOOL ber_read_BOOL(wStream* s, BOOL* value);
 FREERDP_API void ber_write_BOOL(wStream* s, BOOL value);
 FREERDP_API BOOL ber_read_integer(wStream* s, UINT32* value);
-FREERDP_API int ber_write_integer(wStream* s, UINT32 value);
+FREERDP_API size_t ber_write_integer(wStream* s, UINT32 value);
-FREERDP_API BOOL ber_read_integer_length(wStream* s, int* length);
+FREERDP_API BOOL ber_read_integer_length(wStream* s, size_t* length);
-FREERDP_API int ber_sizeof_integer(UINT32 value);
+FREERDP_API size_t ber_sizeof_integer(UINT32 value);
 #ifdef __cplusplus
- }
+}
 #endif
 #endif /* FREERDP_CRYPTO_BER_H */
--- a/libfreerdp/core/mcs.c
+++ b/libfreerdp/core/mcs.c
@ -300,7 +300,7 @@ static BOOL mcs_init_domain_parameters(DomainParameters* domainParameters,
 static BOOL mcs_read_domain_parameters(wStream* s, DomainParameters* domainParameters)
 {
-	int length;
+	size_t length;
 	if (!s || !domainParameters)
 		return FALSE;
@ -508,7 +508,7 @@ BOOL mcs_merge_domain_parameters(DomainParameters* targetParameters,
 BOOL mcs_recv_connect_initial(rdpMcs* mcs, wStream* s)
 {
 	UINT16 li;
-	int length;
+	size_t length;
 	BOOL upwardFlag;
 	UINT16 tlength;
@ -575,7 +575,7 @@ BOOL mcs_recv_connect_initial(rdpMcs* mcs, wStream* s)
 BOOL mcs_write_connect_initial(wStream* s, rdpMcs* mcs, wStream* userData)
 {
-	int length;
+	size_t length;
 	wStream* tmps;
 	BOOL ret = FALSE;
@ -631,7 +631,7 @@ out:
 BOOL mcs_write_connect_response(wStream* s, rdpMcs* mcs, wStream* userData)
 {
-	int length;
+	size_t length;
 	wStream* tmps;
 	BOOL ret = FALSE;
@ -741,7 +741,7 @@ out:
 BOOL mcs_recv_connect_response(rdpMcs* mcs, wStream* s)
 {
-	int length;
+	size_t length;
 	UINT16 tlength;
 	BYTE result;
 	UINT16 li;
--- a/libfreerdp/core/nla.c
+++ b/libfreerdp/core/nla.c
@ -1072,8 +1072,8 @@ SECURITY_STATUS nla_encrypt_public_key_echo(rdpNla* nla)
 SECURITY_STATUS nla_decrypt_public_key_echo(rdpNla* nla)
 {
-	int length;
+	size_t length;
-	BYTE* buffer;
+	BYTE* buffer = NULL;
 	ULONG pfQOP = 0;
 	BYTE* public_key1 = NULL;
 	BYTE* public_key2 = NULL;
@ -1081,28 +1081,39 @@ SECURITY_STATUS nla_decrypt_public_key_echo(rdpNla* nla)
 	int signature_length;
 	SecBuffer Buffers[2] = { { 0 } };
 	SecBufferDesc Message;
-	SECURITY_STATUS status;
+	BOOL krb, ntlm, nego;
 	SECURITY_STATUS status = SEC_E_INVALID_TOKEN;
 	if (!nla)
 		goto fail;
 	krb = (strncmp(nla->packageName, KERBEROS_SSP_NAME, sizeof(KERBEROS_SSP_NAME)) == 0);
 	nego = (strncmp(nla->packageName, NEGO_SSP_NAME, sizeof(NEGO_SSP_NAME)) == 0);
 	ntlm = (strncmp(nla->packageName,  NTLM_SSP_NAME, sizeof(NTLM_SSP_NAME)) == 0);
 	signature_length = nla->pubKeyAuth.cbBuffer - nla->PublicKey.cbBuffer;
 	if (signature_length < 0 || signature_length > nla->ContextSizes.cbSecurityTrailer)
 	{
 		WLog_ERR(TAG, "unexpected pubKeyAuth buffer size: %"PRIu32"", nla->pubKeyAuth.cbBuffer);
-		return SEC_E_INVALID_TOKEN;
+		goto fail;
 	}
 	if ((nla->PublicKey.cbBuffer + nla->ContextSizes.cbSecurityTrailer) != nla->pubKeyAuth.cbBuffer)
 	{
 		WLog_ERR(TAG, "unexpected pubKeyAuth buffer size: %"PRIu32"", (int) nla->pubKeyAuth.cbBuffer);
-		return SEC_E_INVALID_TOKEN;
+		goto fail;
 	}
 	length = nla->pubKeyAuth.cbBuffer;
 	buffer = (BYTE*) malloc(length);
 	if (!buffer)
-		return SEC_E_INSUFFICIENT_MEMORY;
+	{
 		status = SEC_E_INSUFFICIENT_MEMORY;
 		goto fail;
 	}
-	if (strcmp(nla->packageName, KERBEROS_SSP_NAME) == 0)
+	if (krb)
 	{
 		CopyMemory(buffer, nla->pubKeyAuth.pvBuffer, length);
 		Buffers[0].BufferType = SECBUFFER_DATA; /* Wrapped and encrypted TLS Public Key */
@ -1112,8 +1123,7 @@ SECURITY_STATUS nla_decrypt_public_key_echo(rdpNla* nla)
 		Message.ulVersion = SECBUFFER_VERSION;
 		Message.pBuffers = (PSecBuffer) &Buffers;
 	}
-	else if ((strcmp(nla->packageName, NEGO_SSP_NAME) == 0) ||
+	else if (ntlm || nego)
 	         (strcmp(nla->packageName,  NTLM_SSP_NAME) == 0))
 	{
 		CopyMemory(buffer, nla->pubKeyAuth.pvBuffer, length);
 		public_key_length = nla->PublicKey.cbBuffer;
@ -1134,17 +1144,15 @@ SECURITY_STATUS nla_decrypt_public_key_echo(rdpNla* nla)
 	{
 		WLog_ERR(TAG, "DecryptMessage failure %s [%08"PRIX32"]",
 		         GetSecurityStatusString(status), status);
-		free(buffer);
+		goto fail;
 		return status;
 	}
-	if (strcmp(nla->packageName, KERBEROS_SSP_NAME) == 0)
+	if (krb)
 	{
 		public_key1 = public_key2 = (BYTE*) nla->pubKeyAuth.pvBuffer ;
 		public_key_length = length;
 	}
-	else if ((strcmp(nla->packageName, NEGO_SSP_NAME) == 0) ||
+	else if (ntlm || nego)
 	         (strcmp(nla->packageName, NTLM_SSP_NAME) == 0))
 	{
 		public_key1 = (BYTE*) nla->PublicKey.pvBuffer;
 		public_key2 = (BYTE*) Buffers[1].pvBuffer;
@ -1163,17 +1171,19 @@ SECURITY_STATUS nla_decrypt_public_key_echo(rdpNla* nla)
 		winpr_HexDump(TAG, WLOG_ERROR, public_key1, public_key_length);
 		WLog_ERR(TAG, "Actual (length = %d):", public_key_length);
 		winpr_HexDump(TAG, WLOG_ERROR, public_key2, public_key_length);
-		free(buffer);
+		status = SEC_E_MESSAGE_ALTERED; /* DO NOT SEND CREDENTIALS! */
-		return SEC_E_MESSAGE_ALTERED; /* DO NOT SEND CREDENTIALS! */
+		goto fail;
 	}
 	status = SEC_E_OK;
 fail:
 	free(buffer);
-	return SEC_E_OK;
+	return status;
 }
-int nla_sizeof_ts_password_creds(rdpNla* nla)
+static size_t nla_sizeof_ts_password_creds(rdpNla* nla)
 {
-	int length = 0;
+	size_t length = 0;
 	if (nla->identity)
 	{
@ -1185,9 +1195,9 @@ int nla_sizeof_ts_password_creds(rdpNla* nla)
 	return length;
 }
-static int nla_sizeof_ts_credentials(rdpNla* nla)
+static size_t nla_sizeof_ts_credentials(rdpNla* nla)
 {
-	int size = 0;
+	size_t size = 0;
 	size += ber_sizeof_integer(1);
 	size += ber_sizeof_contextual_tag(ber_sizeof_integer(1));
 	size += ber_sizeof_sequence_octet_string(ber_sizeof_sequence(nla_sizeof_ts_password_creds(nla)));
@ -1196,7 +1206,7 @@ static int nla_sizeof_ts_credentials(rdpNla* nla)
 BOOL nla_read_ts_password_creds(rdpNla* nla, wStream* s)
 {
-	int length;
+	size_t length;
 	if (!nla->identity)
 	{
@ -1290,8 +1300,8 @@ BOOL nla_read_ts_password_creds(rdpNla* nla, wStream* s)
 static int nla_write_ts_password_creds(rdpNla* nla, wStream* s)
 {
-	int size = 0;
+	size_t size = 0;
-	int innerSize = nla_sizeof_ts_password_creds(nla);
+	size_t innerSize = nla_sizeof_ts_password_creds(nla);
 	/* TSPasswordCreds (SEQUENCE) */
 	size += ber_write_sequence_tag(s, innerSize);
@ -1317,8 +1327,8 @@ static int nla_write_ts_password_creds(rdpNla* nla, wStream* s)
 static BOOL nla_read_ts_credentials(rdpNla* nla, PSecBuffer ts_credentials)
 {
 	wStream* s;
-	int length;
+	size_t length;
-	int ts_password_creds_length = 0;
+	size_t ts_password_creds_length = 0;
 	BOOL ret;
 	if (!ts_credentials || !ts_credentials->pvBuffer)
@ -1540,14 +1550,14 @@ static SECURITY_STATUS nla_decrypt_ts_credentials(rdpNla* nla)
 	return SEC_E_OK;
 }
-static int nla_sizeof_nego_token(int length)
+static size_t nla_sizeof_nego_token(size_t length)
 {
 	length = ber_sizeof_octet_string(length);
 	length += ber_sizeof_contextual_tag(length);
 	return length;
 }
-static int nla_sizeof_nego_tokens(int length)
+static size_t nla_sizeof_nego_tokens(size_t length)
 {
 	length = nla_sizeof_nego_token(length);
 	length += ber_sizeof_sequence_tag(length);
@ -1556,21 +1566,21 @@ static int nla_sizeof_nego_tokens(int length)
 	return length;
 }
-static int nla_sizeof_pub_key_auth(int length)
+static size_t nla_sizeof_pub_key_auth(size_t length)
 {
 	length = ber_sizeof_octet_string(length);
 	length += ber_sizeof_contextual_tag(length);
 	return length;
 }
-static int nla_sizeof_auth_info(int length)
+static size_t nla_sizeof_auth_info(size_t length)
 {
 	length = ber_sizeof_octet_string(length);
 	length += ber_sizeof_contextual_tag(length);
 	return length;
 }
-static int nla_sizeof_ts_request(int length)
+static size_t nla_sizeof_ts_request(size_t length)
 {
 	length += ber_sizeof_integer(2);
 	length += ber_sizeof_contextual_tag(3);
@ -1585,13 +1595,13 @@ static int nla_sizeof_ts_request(int length)
 BOOL nla_send(rdpNla* nla)
 {
 	wStream* s;
-	int length;
+	size_t length;
-	int ts_request_length;
+	size_t ts_request_length;
-	int nego_tokens_length = 0;
+	size_t nego_tokens_length = 0;
-	int pub_key_auth_length = 0;
+	size_t pub_key_auth_length = 0;
-	int auth_info_length = 0;
+	size_t auth_info_length = 0;
-	int error_code_context_length = 0;
+	size_t error_code_context_length = 0;
-	int error_code_length = 0;
+	size_t error_code_length = 0;
 	if (nla->version < 3 || nla->errorCode == 0)
 	{
@ -1673,7 +1683,7 @@ BOOL nla_send(rdpNla* nla)
 static int nla_decode_ts_request(rdpNla* nla, wStream* s)
 {
-	int length;
+	size_t length;
 	/* TSRequest */
 	if (!ber_read_sequence_tag(s, &length) ||
--- a/libfreerdp/crypto/ber.c
+++ b/libfreerdp/crypto/ber.c
@ -29,12 +29,13 @@
 #define TAG FREERDP_TAG("crypto")
-BOOL ber_read_length(wStream* s, int* length)
+BOOL ber_read_length(wStream* s, size_t* length)
 {
 	BYTE byte;
 	if (Stream_GetRemainingLength(s) < 1)
 		return FALSE;
 	Stream_Read_UINT8(s, byte);
 	if (byte & 0x80)
@ -55,6 +56,7 @@ BOOL ber_read_length(wStream* s, int* length)
 	{
 		*length = byte;
 	}
 	return TRUE;
 }
@ -64,7 +66,7 @@ BOOL ber_read_length(wStream* s, int* length)
 * @param length length
 */
-int ber_write_length(wStream* s, int length)
+size_t ber_write_length(wStream* s, size_t length)
 {
 	if (length > 0xFF)
 	{
@ -72,22 +74,26 @@ int ber_write_length(wStream* s, int length)
 		Stream_Write_UINT16_BE(s, length);
 		return 3;
 	}
 	if (length > 0x7F)
 	{
 		Stream_Write_UINT8(s, 0x80 ^ 1);
 		Stream_Write_UINT8(s, length);
 		return 2;
 	}
 	Stream_Write_UINT8(s, length);
 	return 1;
 }
-int _ber_sizeof_length(int length)
+size_t _ber_sizeof_length(size_t length)
 {
 	if (length > 0xFF)
 		return 3;
 	if (length > 0x7F)
 		return 2;
 	return 1;
 }
@ -104,6 +110,7 @@ BOOL ber_read_universal_tag(wStream* s, BYTE tag, BOOL pc)
 	if (Stream_GetRemainingLength(s) < 1)
 		return FALSE;
 	Stream_Read_UINT8(s, byte);
 	if (byte != (BER_CLASS_UNIV | BER_PC(pc) | (BER_TAG_MASK & tag)))
@ -119,7 +126,7 @@ BOOL ber_read_universal_tag(wStream* s, BYTE tag, BOOL pc)
 * @param pc primitive (FALSE) or constructed (TRUE)
 */
-int ber_write_universal_tag(wStream* s, BYTE tag, BOOL pc)
+size_t ber_write_universal_tag(wStream* s, BYTE tag, BOOL pc)
 {
 	Stream_Write_UINT8(s, (BER_CLASS_UNIV | BER_PC(pc)) | (BER_TAG_MASK & tag));
 	return 1;
@ -132,7 +139,7 @@ int ber_write_universal_tag(wStream* s, BYTE tag, BOOL pc)
 * @param length length
 */
-BOOL ber_read_application_tag(wStream* s, BYTE tag, int* length)
+BOOL ber_read_application_tag(wStream* s, BYTE tag, size_t* length)
 {
 	BYTE byte;
@ -140,6 +147,7 @@ BOOL ber_read_application_tag(wStream* s, BYTE tag, int* length)
 	{
 		if (Stream_GetRemainingLength(s) < 1)
 			return FALSE;
 		Stream_Read_UINT8(s, byte);
 		if (byte != ((BER_CLASS_APPL | BER_CONSTRUCT) | BER_TAG_MASK))
@ -147,6 +155,7 @@ BOOL ber_read_application_tag(wStream* s, BYTE tag, int* length)
 		if (Stream_GetRemainingLength(s) < 1)
 			return FALSE;
 		Stream_Read_UINT8(s, byte);
 		if (byte != tag)
@ -158,6 +167,7 @@ BOOL ber_read_application_tag(wStream* s, BYTE tag, int* length)
 	{
 		if (Stream_GetRemainingLength(s) < 1)
 			return FALSE;
 		Stream_Read_UINT8(s, byte);
 		if (byte != ((BER_CLASS_APPL | BER_CONSTRUCT) | (BER_TAG_MASK & tag)))
@ -176,7 +186,7 @@ BOOL ber_read_application_tag(wStream* s, BYTE tag, int* length)
 * @param length length
 */
-void ber_write_application_tag(wStream* s, BYTE tag, int length)
+void ber_write_application_tag(wStream* s, BYTE tag, size_t length)
 {
 	if (tag > 30)
 	{
@ -191,12 +201,13 @@ void ber_write_application_tag(wStream* s, BYTE tag, int length)
 	}
 }
-BOOL ber_read_contextual_tag(wStream* s, BYTE tag, int* length, BOOL pc)
+BOOL ber_read_contextual_tag(wStream* s, BYTE tag, size_t* length, BOOL pc)
 {
 	BYTE byte;
 	if (Stream_GetRemainingLength(s) < 1)
 		return FALSE;
 	Stream_Read_UINT8(s, byte);
 	if (byte != ((BER_CLASS_CTXT | BER_PC(pc)) | (BER_TAG_MASK & tag)))
@ -208,23 +219,24 @@ BOOL ber_read_contextual_tag(wStream* s, BYTE tag, int* length, BOOL pc)
 	return ber_read_length(s, length);
 }
-int ber_write_contextual_tag(wStream* s, BYTE tag, int length, BOOL pc)
+size_t ber_write_contextual_tag(wStream* s, BYTE tag, size_t length, BOOL pc)
 {
 	Stream_Write_UINT8(s, (BER_CLASS_CTXT | BER_PC(pc)) | (BER_TAG_MASK & tag));
 	return 1 + ber_write_length(s, length);
 }
-int ber_sizeof_contextual_tag(int length)
+size_t ber_sizeof_contextual_tag(size_t length)
 {
 	return 1 + _ber_sizeof_length(length);
 }
-BOOL ber_read_sequence_tag(wStream* s, int* length)
+BOOL ber_read_sequence_tag(wStream* s, size_t* length)
 {
 	BYTE byte;
 	if (Stream_GetRemainingLength(s) < 1)
 		return FALSE;
 	Stream_Read_UINT8(s, byte);
 	if (byte != ((BER_CLASS_UNIV | BER_CONSTRUCT) | (BER_TAG_SEQUENCE_OF)))
@ -239,28 +251,28 @@ BOOL ber_read_sequence_tag(wStream* s, int* length)
 * @param length length
 */
-int ber_write_sequence_tag(wStream* s, int length)
+size_t ber_write_sequence_tag(wStream* s, size_t length)
 {
 	Stream_Write_UINT8(s, (BER_CLASS_UNIV | BER_CONSTRUCT) | (BER_TAG_MASK & BER_TAG_SEQUENCE));
 	return 1 + ber_write_length(s, length);
 }
-int ber_sizeof_sequence(int length)
+size_t ber_sizeof_sequence(size_t length)
 {
 	return 1 + _ber_sizeof_length(length) + length;
 }
-int ber_sizeof_sequence_tag(int length)
+size_t ber_sizeof_sequence_tag(size_t length)
 {
 	return 1 + _ber_sizeof_length(length);
 }
 BOOL ber_read_enumerated(wStream* s, BYTE* enumerated, BYTE count)
 {
-	int length;
+	size_t length;
 	if (!ber_read_universal_tag(s, BER_TAG_ENUMERATED, FALSE) ||
-		!ber_read_length(s, &length))
+	    !ber_read_length(s, &length))
 		return FALSE;
 	if (length != 1 || Stream_GetRemainingLength(s) < 1)
@ -282,14 +294,15 @@ void ber_write_enumerated(wStream* s, BYTE enumerated, BYTE count)
 	Stream_Write_UINT8(s, enumerated);
 }
-BOOL ber_read_bit_string(wStream* s, int* length, BYTE* padding)
+BOOL ber_read_bit_string(wStream* s, size_t* length, BYTE* padding)
 {
 	if (!ber_read_universal_tag(s, BER_TAG_BIT_STRING, FALSE) ||
-		!ber_read_length(s, length))
+	    !ber_read_length(s, length))
 		return FALSE;
 	if (Stream_GetRemainingLength(s) < 1)
 		return FALSE;
 	Stream_Read_UINT8(s, *padding);
 	return TRUE;
 }
@ -301,9 +314,9 @@ BOOL ber_read_bit_string(wStream* s, int* length, BYTE* padding)
 * @param length string length
 */
-int ber_write_octet_string(wStream* s, const BYTE* oct_str, int length)
+size_t ber_write_octet_string(wStream* s, const BYTE* oct_str, size_t length)
 {
-	int size = 0;
+	size_t size = 0;
 	size += ber_write_universal_tag(s, BER_TAG_OCTET_STRING, FALSE);
 	size += ber_write_length(s, length);
 	Stream_Write(s, oct_str, length);
@ -311,21 +324,21 @@ int ber_write_octet_string(wStream* s, const BYTE* oct_str, int length)
 	return size;
 }
-BOOL ber_read_octet_string_tag(wStream* s, int* length)
+BOOL ber_read_octet_string_tag(wStream* s, size_t* length)
 {
 	return
-		ber_read_universal_tag(s, BER_TAG_OCTET_STRING, FALSE) &&
+	    ber_read_universal_tag(s, BER_TAG_OCTET_STRING, FALSE) &&
-		ber_read_length(s, length);
+	    ber_read_length(s, length);
 }
-int ber_write_octet_string_tag(wStream* s, int length)
+size_t ber_write_octet_string_tag(wStream* s, size_t length)
 {
 	ber_write_universal_tag(s, BER_TAG_OCTET_STRING, FALSE);
 	ber_write_length(s, length);
 	return 1 + _ber_sizeof_length(length);
 }
-int ber_sizeof_octet_string(int length)
+size_t ber_sizeof_octet_string(size_t length)
 {
 	return 1 + _ber_sizeof_length(length) + length;
 }
@ -338,11 +351,11 @@ int ber_sizeof_octet_string(int length)
 BOOL ber_read_BOOL(wStream* s, BOOL* value)
 {
-	int length;
+	size_t length;
 	BYTE v;
 	if (!ber_read_universal_tag(s, BER_TAG_BOOLEAN, FALSE) ||
-		!ber_read_length(s, &length))
+	    !ber_read_length(s, &length))
 		return FALSE;
 	if (length != 1 || Stream_GetRemainingLength(s) < 1)
@ -368,11 +381,11 @@ void ber_write_BOOL(wStream* s, BOOL value)
 BOOL ber_read_integer(wStream* s, UINT32* value)
 {
-	int length;
+	size_t length;
 	if (!ber_read_universal_tag(s, BER_TAG_INTEGER, FALSE) ||
-		!ber_read_length(s, &length) ||
+	    !ber_read_length(s, &length) ||
-		((int) Stream_GetRemainingLength(s)) < length)
+	    (Stream_GetRemainingLength(s) < length))
 		return FALSE;
 	if (value == NULL)
@ -420,7 +433,7 @@ BOOL ber_read_integer(wStream* s, UINT32* value)
 * @param value
 */
-int ber_write_integer(wStream* s, UINT32 value)
+size_t ber_write_integer(wStream* s, UINT32 value)
 {
 	if (value <  0x80)
 	{
@ -463,7 +476,7 @@ int ber_write_integer(wStream* s, UINT32 value)
 	return 0;
 }
-int ber_sizeof_integer(UINT32 value)
+size_t ber_sizeof_integer(UINT32 value)
 {
 	if (value < 0x80)
 	{
@ -490,9 +503,9 @@ int ber_sizeof_integer(UINT32 value)
 	return 0;
 }
-BOOL ber_read_integer_length(wStream* s, int* length)
+BOOL ber_read_integer_length(wStream* s, size_t* length)
 {
 	return
-		ber_read_universal_tag(s, BER_TAG_INTEGER, FALSE) &&
+	    ber_read_universal_tag(s, BER_TAG_INTEGER, FALSE) &&
-		ber_read_length(s, length);
+	    ber_read_length(s, length);
 }