Make SIZE_T_CEILING unsigned; add a signed SSIZE_T_CEILING

None of the comparisons were _broken_ previously, but avoiding
signed/unsigned comparisons makes everybody happier.

Fixes bug2475.

changes/bug2475

@@ -0,0 +1,5 @@
+  o Minor bugfixes:
+    - Avoid signed/unsigned comparisons by making SIZE_T_CEILING unsigned.
+      (None of the cases where we did this before were wrong, but by making
+      this change we can avoid warnings.)  Fixes bug2475; bugfix on
+      Tor 0.2.1.28.

src/common/crypto.c

@@ -452,7 +452,7 @@ crypto_pk_read_private_key_from_string(crypto_pk_env_t *env,
 
   tor_assert(env);
   tor_assert(s);
-  tor_assert(len < INT_MAX && len < SIZE_T_CEILING);
+  tor_assert(len < INT_MAX && len < SSIZE_T_CEILING);
 
   /* Create a read-only memory BIO, backed by the string 's' */
   b = BIO_new_mem_buf((char*)s, (int)len);

src/common/torint.h

@@ -330,8 +330,10 @@ typedef uint32_t uintptr_t;
 #endif
 #endif
 
+/* Any ssize_t larger than this amount is likely to be an underflow. */
+#define SSIZE_T_CEILING ((ssize_t)(SSIZE_T_MAX-16))
 /* Any size_t larger than this amount is likely to be an underflow. */
-#define SIZE_T_CEILING (SSIZE_T_MAX-16)
+#define SIZE_T_CEILING  ((size_t)(SSIZE_T_MAX-16))
 
 #endif /* __TORINT_H */