diff --git a/changes/ticket40824 b/changes/ticket40824
new file mode 100644
index 0000000000..a4d389ddc2
--- /dev/null
+++ b/changes/ticket40824
@@ -0,0 +1,4 @@
+  o Minor bugfixes (compilation):
+    - Fix all -Werror=enum-int-mismatch warnings. No behavior change. Fixes bug
+      40824; bugfix on 0.3.5.1-alpha.
+
diff --git a/src/core/proto/proto_socks.c b/src/core/proto/proto_socks.c
index 07177c418a..78767a94ff 100644
--- a/src/core/proto/proto_socks.c
+++ b/src/core/proto/proto_socks.c
@@ -944,7 +944,7 @@ static const char SOCKS_PROXY_IS_NOT_AN_HTTP_PROXY_MSG[] =
  * buffer should be cleared).  Instead of pulling more data into the first
  * chunk of the buffer, we set *<b>want_length_out</b> to the number of bytes
  * we'd like to see in the input buffer, if they're available. */
-static int
+static socks_result_t
 parse_socks(const char *data, size_t datalen, socks_request_t *req,
             int log_sockstype, int safe_socks, size_t *drain_out)
 {
@@ -952,7 +952,7 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req,
 
   if (datalen < 2) {
     /* We always need at least 2 bytes. */
-    return 0;
+    return SOCKS_RESULT_TRUNCATED;
   }
 
   first_octet = get_uint8(data);
@@ -985,11 +985,11 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req,
                                     escaped(tmp));
         tor_free(tmp);
       }
-      return -1;
+      return SOCKS_RESULT_INVALID;
   }
 
   tor_assert_unreached();
-  return -1;
+  return SOCKS_RESULT_INVALID;
 }
 
 /** Inspect a reply from SOCKS server stored in <b>buf</b> according
diff --git a/src/feature/hs/hs_descriptor.c b/src/feature/hs/hs_descriptor.c
index 15ad9d8efb..d61ce237fa 100644
--- a/src/feature/hs/hs_descriptor.c
+++ b/src/feature/hs/hs_descriptor.c
@@ -2162,7 +2162,7 @@ desc_decode_superencrypted_v3(const hs_descriptor_t *desc,
                               hs_desc_superencrypted_data_t *
                               desc_superencrypted_out)
 {
-  int ret = HS_DESC_DECODE_SUPERENC_ERROR;
+  hs_desc_decode_status_t ret = HS_DESC_DECODE_SUPERENC_ERROR;
   char *message = NULL;
   size_t message_len;
   memarea_t *area = NULL;
@@ -2276,7 +2276,7 @@ desc_decode_encrypted_v3(const hs_descriptor_t *desc,
                          const curve25519_secret_key_t *client_auth_sk,
                          hs_desc_encrypted_data_t *desc_encrypted_out)
 {
-  int ret = HS_DESC_DECODE_ENCRYPTED_ERROR;
+  hs_desc_decode_status_t ret = HS_DESC_DECODE_ENCRYPTED_ERROR;
   char *message = NULL;
   size_t message_len;
   memarea_t *area = NULL;
@@ -2423,7 +2423,7 @@ hs_desc_decode_encrypted(const hs_descriptor_t *desc,
                          const curve25519_secret_key_t *client_auth_sk,
                          hs_desc_encrypted_data_t *desc_encrypted)
 {
-  int ret = HS_DESC_DECODE_ENCRYPTED_ERROR;
+  hs_desc_decode_status_t ret = HS_DESC_DECODE_ENCRYPTED_ERROR;
   uint32_t version;
 
   tor_assert(desc);
@@ -2473,7 +2473,7 @@ hs_desc_decode_superencrypted(const hs_descriptor_t *desc,
                               hs_desc_superencrypted_data_t *
                               desc_superencrypted)
 {
-  int ret = HS_DESC_DECODE_SUPERENC_ERROR;
+  hs_desc_decode_status_t ret = HS_DESC_DECODE_SUPERENC_ERROR;
   uint32_t version;
 
   tor_assert(desc);
@@ -2523,7 +2523,8 @@ hs_desc_decode_status_t
 hs_desc_decode_plaintext(const char *encoded,
                          hs_desc_plaintext_data_t *plaintext)
 {
-  int ok = 0, ret = HS_DESC_DECODE_PLAINTEXT_ERROR;
+  int ok = 0;
+  hs_desc_decode_status_t ret = HS_DESC_DECODE_PLAINTEXT_ERROR;
   memarea_t *area = NULL;
   smartlist_t *tokens = NULL;
   size_t encoded_len;
diff --git a/src/feature/hs/hs_descriptor.h b/src/feature/hs/hs_descriptor.h
index 8f42b2138b..8ae16825d2 100644
--- a/src/feature/hs/hs_descriptor.h
+++ b/src/feature/hs/hs_descriptor.h
@@ -281,17 +281,18 @@ MOCK_DECL(int,
                                      const uint8_t *descriptor_cookie,
                                      char **encoded_out));
 
-int hs_desc_decode_descriptor(const char *encoded,
+hs_desc_decode_status_t hs_desc_decode_descriptor(const char *encoded,
                               const hs_subcredential_t *subcredential,
                               const curve25519_secret_key_t *client_auth_sk,
                               hs_descriptor_t **desc_out);
-int hs_desc_decode_plaintext(const char *encoded,
+hs_desc_decode_status_t hs_desc_decode_plaintext(const char *encoded,
                              hs_desc_plaintext_data_t *plaintext);
-int hs_desc_decode_superencrypted(const hs_descriptor_t *desc,
-                                 hs_desc_superencrypted_data_t *desc_out);
-int hs_desc_decode_encrypted(const hs_descriptor_t *desc,
-                             const curve25519_secret_key_t *client_auth_sk,
-                             hs_desc_encrypted_data_t *desc_out);
+hs_desc_decode_status_t hs_desc_decode_superencrypted(
+                                const hs_descriptor_t *desc,
+                                hs_desc_superencrypted_data_t *desc_out);
+hs_desc_decode_status_t hs_desc_decode_encrypted(const hs_descriptor_t *desc,
+                           const curve25519_secret_key_t *client_auth_sk,
+                           hs_desc_encrypted_data_t *desc_out);
 
 size_t hs_desc_obj_size(const hs_descriptor_t *data);
 size_t hs_desc_plaintext_obj_size(const hs_desc_plaintext_data_t *data);