Miscellaneous -Wshorten-64-to-32 fixes.

Bug: 516
Change-Id: Iba2014da414658c08e42e0993912fa73848832d3
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/54945
Reviewed-by: Bob Beck <bbe@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
fips-20230428
David Benjamin 2 years ago committed by Boringssl LUCI CQ
parent 671ccb1a98
commit 9d64d8d237
  1. 8
      crypto/bio/bio.c
  2. 4
      crypto/bio/fd.c
  3. 8
      crypto/bio/socket.c
  4. 15
      crypto/cipher_extra/aead_test.cc
  5. 2
      crypto/cipher_extra/e_chacha20poly1305.c
  6. 14
      crypto/dsa/dsa.c
  7. 25
      crypto/evp/sign.c
  8. 3
      crypto/hmac_extra/hmac_test.cc
  9. 11
      crypto/trust_token/trust_token.c
  10. 4
      crypto/trust_token/trust_token_test.cc
  11. 2
      crypto/x509/rsa_pss.c
  12. 4
      ssl/bio_ssl.cc
  13. 9
      ssl/extensions.cc
  14. 10
      ssl/test/mock_quic_transport.cc
  15. 4
      ssl/test/test_config.cc

@ -192,7 +192,13 @@ int BIO_write_all(BIO *bio, const void *data, size_t len) {
} }
int BIO_puts(BIO *bio, const char *in) { int BIO_puts(BIO *bio, const char *in) {
return BIO_write(bio, in, strlen(in)); size_t len = strlen(in);
if (len > INT_MAX) {
// |BIO_write| and the return value both assume the string fits in |int|.
OPENSSL_PUT_ERROR(BIO, ERR_R_OVERFLOW);
return -1;
}
return BIO_write(bio, in, (int)len);
} }
int BIO_flush(BIO *bio) { int BIO_flush(BIO *bio) {

@ -158,7 +158,7 @@ static int fd_free(BIO *bio) {
static int fd_read(BIO *b, char *out, int outl) { static int fd_read(BIO *b, char *out, int outl) {
int ret = 0; int ret = 0;
ret = BORINGSSL_READ(b->num, out, outl); ret = (int)BORINGSSL_READ(b->num, out, outl);
BIO_clear_retry_flags(b); BIO_clear_retry_flags(b);
if (ret <= 0) { if (ret <= 0) {
if (bio_fd_should_retry(ret)) { if (bio_fd_should_retry(ret)) {
@ -170,7 +170,7 @@ static int fd_read(BIO *b, char *out, int outl) {
} }
static int fd_write(BIO *b, const char *in, int inl) { static int fd_write(BIO *b, const char *in, int inl) {
int ret = BORINGSSL_WRITE(b->num, in, inl); int ret = (int)BORINGSSL_WRITE(b->num, in, inl);
BIO_clear_retry_flags(b); BIO_clear_retry_flags(b);
if (ret <= 0) { if (ret <= 0) {
if (bio_fd_should_retry(ret)) { if (bio_fd_should_retry(ret)) {

@ -101,7 +101,7 @@ static int sock_read(BIO *b, char *out, int outl) {
#if defined(OPENSSL_WINDOWS) #if defined(OPENSSL_WINDOWS)
int ret = recv(b->num, out, outl, 0); int ret = recv(b->num, out, outl, 0);
#else #else
int ret = read(b->num, out, outl); int ret = (int)read(b->num, out, outl);
#endif #endif
BIO_clear_retry_flags(b); BIO_clear_retry_flags(b);
if (ret <= 0) { if (ret <= 0) {
@ -113,13 +113,11 @@ static int sock_read(BIO *b, char *out, int outl) {
} }
static int sock_write(BIO *b, const char *in, int inl) { static int sock_write(BIO *b, const char *in, int inl) {
int ret;
bio_clear_socket_error(); bio_clear_socket_error();
#if defined(OPENSSL_WINDOWS) #if defined(OPENSSL_WINDOWS)
ret = send(b->num, in, inl, 0); int ret = send(b->num, in, inl, 0);
#else #else
ret = write(b->num, in, inl); int ret = (int)write(b->num, in, inl);
#endif #endif
BIO_clear_retry_flags(b); BIO_clear_retry_flags(b);
if (ret <= 0) { if (ret <= 0) {

@ -12,6 +12,7 @@
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
#include <assert.h>
#include <stdint.h> #include <stdint.h>
#include <string.h> #include <string.h>
@ -48,13 +49,8 @@ constexpr uint32_t kNondeterministic = 1 << 7;
// RequiresADLength encodes an AD length requirement into flags. // RequiresADLength encodes an AD length requirement into flags.
constexpr uint32_t RequiresADLength(size_t length) { constexpr uint32_t RequiresADLength(size_t length) {
// If we had a more recent C++ version we could assert that the length is assert(length < 16);
// sufficiently small with: return static_cast<uint32_t>((length & 0xf) << 3);
//
// if (length >= 16) {
// __builtin_unreachable();
// }
return (length & 0xf) << 3;
} }
// RequiredADLength returns the AD length requirement encoded in |flags|, or // RequiredADLength returns the AD length requirement encoded in |flags|, or
@ -64,9 +60,8 @@ constexpr size_t RequiredADLength(uint32_t flags) {
} }
constexpr uint32_t RequiresMinimumTagLength(size_t length) { constexpr uint32_t RequiresMinimumTagLength(size_t length) {
// See above for statically checking the size at compile time with future C++ assert(length < 16);
// versions. return static_cast<uint32_t>((length & 0xf) << 8);
return (length & 0xf) << 8;
} }
constexpr size_t MinimumTagLength(uint32_t flags) { constexpr size_t MinimumTagLength(uint32_t flags) {

@ -145,7 +145,7 @@ static int chacha20_poly1305_seal_scatter(
// encrypted byte-by-byte first. // encrypted byte-by-byte first.
if (extra_in_len) { if (extra_in_len) {
static const size_t kChaChaBlockSize = 64; static const size_t kChaChaBlockSize = 64;
uint32_t block_counter = 1 + (in_len / kChaChaBlockSize); uint32_t block_counter = (uint32_t)(1 + (in_len / kChaChaBlockSize));
size_t offset = in_len % kChaChaBlockSize; size_t offset = in_len % kChaChaBlockSize;
uint8_t block[64 /* kChaChaBlockSize */]; uint8_t block[64 /* kChaChaBlockSize */];

@ -217,16 +217,14 @@ int DSA_generate_parameters_ex(DSA *dsa, unsigned bits, const uint8_t *seed_in,
BIGNUM *g = NULL, *q = NULL, *p = NULL; BIGNUM *g = NULL, *q = NULL, *p = NULL;
BN_MONT_CTX *mont = NULL; BN_MONT_CTX *mont = NULL;
int k, n = 0, m = 0; int k, n = 0, m = 0;
unsigned i;
int counter = 0; int counter = 0;
int r = 0; int r = 0;
BN_CTX *ctx = NULL; BN_CTX *ctx = NULL;
unsigned int h = 2; unsigned int h = 2;
unsigned qsize;
const EVP_MD *evpmd; const EVP_MD *evpmd;
evpmd = (bits >= 2048) ? EVP_sha256() : EVP_sha1(); evpmd = (bits >= 2048) ? EVP_sha256() : EVP_sha1();
qsize = EVP_MD_size(evpmd); size_t qsize = EVP_MD_size(evpmd);
if (bits < 512) { if (bits < 512) {
bits = 512; bits = 512;
@ -235,10 +233,10 @@ int DSA_generate_parameters_ex(DSA *dsa, unsigned bits, const uint8_t *seed_in,
bits = (bits + 63) / 64 * 64; bits = (bits + 63) / 64 * 64;
if (seed_in != NULL) { if (seed_in != NULL) {
if (seed_len < (size_t)qsize) { if (seed_len < qsize) {
return 0; return 0;
} }
if (seed_len > (size_t)qsize) { if (seed_len > qsize) {
// Only consume as much seed as is expected. // Only consume as much seed as is expected.
seed_len = qsize; seed_len = qsize;
} }
@ -284,7 +282,7 @@ int DSA_generate_parameters_ex(DSA *dsa, unsigned bits, const uint8_t *seed_in,
OPENSSL_memcpy(buf, seed, qsize); OPENSSL_memcpy(buf, seed, qsize);
OPENSSL_memcpy(buf2, seed, qsize); OPENSSL_memcpy(buf2, seed, qsize);
// precompute "SEED + 1" for step 7: // precompute "SEED + 1" for step 7:
for (i = qsize - 1; i < qsize; i--) { for (size_t i = qsize - 1; i < qsize; i--) {
buf[i]++; buf[i]++;
if (buf[i] != 0) { if (buf[i] != 0) {
break; break;
@ -296,7 +294,7 @@ int DSA_generate_parameters_ex(DSA *dsa, unsigned bits, const uint8_t *seed_in,
!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL)) { !EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL)) {
goto err; goto err;
} }
for (i = 0; i < qsize; i++) { for (size_t i = 0; i < qsize; i++) {
md[i] ^= buf2[i]; md[i] ^= buf2[i];
} }
@ -340,7 +338,7 @@ int DSA_generate_parameters_ex(DSA *dsa, unsigned bits, const uint8_t *seed_in,
// now 'buf' contains "SEED + offset - 1" // now 'buf' contains "SEED + offset - 1"
for (k = 0; k <= n; k++) { for (k = 0; k <= n; k++) {
// obtain "SEED + offset + k" by incrementing: // obtain "SEED + offset + k" by incrementing:
for (i = qsize - 1; i < qsize; i--) { for (size_t i = qsize - 1; i < qsize; i--) {
buf[i]++; buf[i]++;
if (buf[i] != 0) { if (buf[i] != 0) {
break; break;

@ -56,6 +56,8 @@
#include <openssl/evp.h> #include <openssl/evp.h>
#include <limits.h>
#include <openssl/digest.h> #include <openssl/digest.h>
#include <openssl/err.h> #include <openssl/err.h>
@ -74,15 +76,20 @@ int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *data, size_t len) {
return EVP_DigestUpdate(ctx, data, len); return EVP_DigestUpdate(ctx, data, len);
} }
int EVP_SignFinal(const EVP_MD_CTX *ctx, uint8_t *sig, int EVP_SignFinal(const EVP_MD_CTX *ctx, uint8_t *sig, unsigned *out_sig_len,
unsigned int *out_sig_len, EVP_PKEY *pkey) { EVP_PKEY *pkey) {
uint8_t m[EVP_MAX_MD_SIZE]; uint8_t m[EVP_MAX_MD_SIZE];
unsigned int m_len; unsigned m_len;
int ret = 0; int ret = 0;
EVP_MD_CTX tmp_ctx; EVP_MD_CTX tmp_ctx;
EVP_PKEY_CTX *pkctx = NULL; EVP_PKEY_CTX *pkctx = NULL;
size_t sig_len = EVP_PKEY_size(pkey); size_t sig_len = EVP_PKEY_size(pkey);
// Ensure the final result will fit in |unsigned|.
if (sig_len > UINT_MAX) {
sig_len = UINT_MAX;
}
*out_sig_len = 0; *out_sig_len = 0;
EVP_MD_CTX_init(&tmp_ctx); EVP_MD_CTX_init(&tmp_ctx);
if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx) || if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx) ||
@ -92,19 +99,17 @@ int EVP_SignFinal(const EVP_MD_CTX *ctx, uint8_t *sig,
EVP_MD_CTX_cleanup(&tmp_ctx); EVP_MD_CTX_cleanup(&tmp_ctx);
pkctx = EVP_PKEY_CTX_new(pkey, NULL); pkctx = EVP_PKEY_CTX_new(pkey, NULL);
if (!pkctx || !EVP_PKEY_sign_init(pkctx) || if (!pkctx || //
!EVP_PKEY_sign_init(pkctx) ||
!EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) || !EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) ||
!EVP_PKEY_sign(pkctx, sig, &sig_len, m, m_len)) { !EVP_PKEY_sign(pkctx, sig, &sig_len, m, m_len)) {
goto out; goto out;
} }
*out_sig_len = sig_len; *out_sig_len = (unsigned)sig_len;
ret = 1; ret = 1;
out: out:
if (pkctx) { EVP_PKEY_CTX_free(pkctx);
EVP_PKEY_CTX_free(pkctx);
}
return ret; return ret;
} }
@ -123,7 +128,7 @@ int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t len) {
int EVP_VerifyFinal(EVP_MD_CTX *ctx, const uint8_t *sig, size_t sig_len, int EVP_VerifyFinal(EVP_MD_CTX *ctx, const uint8_t *sig, size_t sig_len,
EVP_PKEY *pkey) { EVP_PKEY *pkey) {
uint8_t m[EVP_MAX_MD_SIZE]; uint8_t m[EVP_MAX_MD_SIZE];
unsigned int m_len; unsigned m_len;
int ret = 0; int ret = 0;
EVP_MD_CTX tmp_ctx; EVP_MD_CTX tmp_ctx;
EVP_PKEY_CTX *pkctx = NULL; EVP_PKEY_CTX *pkctx = NULL;

@ -99,8 +99,7 @@ TEST(HMACTest, TestVectors) {
ASSERT_EQ(EVP_MD_size(digest), output.size()); ASSERT_EQ(EVP_MD_size(digest), output.size());
// Test using the one-shot API. // Test using the one-shot API.
unsigned expected_mac_len = EVP_MD_size(digest); std::unique_ptr<uint8_t[]> mac(new uint8_t[EVP_MD_size(digest)]);
std::unique_ptr<uint8_t[]> mac(new uint8_t[expected_mac_len]);
unsigned mac_len; unsigned mac_len;
ASSERT_TRUE(HMAC(digest, key.data(), key.size(), input.data(), input.size(), ASSERT_TRUE(HMAC(digest, key.data(), key.size(), input.data(), input.size(),
mac.get(), &mac_len)); mac.get(), &mac_len));

@ -612,16 +612,19 @@ err:
static int add_cbor_int_with_type(CBB *cbb, uint8_t major_type, static int add_cbor_int_with_type(CBB *cbb, uint8_t major_type,
uint64_t value) { uint64_t value) {
if (value <= 23) { if (value <= 23) {
return CBB_add_u8(cbb, value | major_type); return CBB_add_u8(cbb, (uint8_t)value | major_type);
} }
if (value <= 0xff) { if (value <= 0xff) {
return CBB_add_u8(cbb, 0x18 | major_type) && CBB_add_u8(cbb, value); return CBB_add_u8(cbb, 0x18 | major_type) &&
CBB_add_u8(cbb, (uint8_t)value);
} }
if (value <= 0xffff) { if (value <= 0xffff) {
return CBB_add_u8(cbb, 0x19 | major_type) && CBB_add_u16(cbb, value); return CBB_add_u8(cbb, 0x19 | major_type) &&
CBB_add_u16(cbb, (uint16_t)value);
} }
if (value <= 0xffffffff) { if (value <= 0xffffffff) {
return CBB_add_u8(cbb, 0x1a | major_type) && CBB_add_u32(cbb, value); return CBB_add_u8(cbb, 0x1a | major_type) &&
CBB_add_u32(cbb, (uint32_t)value);
} }
if (value <= 0xffffffffffffffff) { if (value <= 0xffffffffffffffff) {
return CBB_add_u8(cbb, 0x1b | major_type) && CBB_add_u64(cbb, value); return CBB_add_u8(cbb, 0x1b | major_type) && CBB_add_u64(cbb, value);

@ -12,6 +12,7 @@
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
#include <assert.h>
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
#include <time.h> #include <time.h>
@ -304,8 +305,9 @@ class TrustTokenProtocolTestBase : public ::testing::Test {
// KeyID returns the key ID associated with key index |i|. // KeyID returns the key ID associated with key index |i|.
static uint32_t KeyID(size_t i) { static uint32_t KeyID(size_t i) {
assert(i <= UINT32_MAX);
// Use a different value from the indices to that we do not mix them up. // Use a different value from the indices to that we do not mix them up.
return 7 + i; return static_cast<uint32_t>(7 + i);
} }
const TRUST_TOKEN_METHOD *method() { return method_; } const TRUST_TOKEN_METHOD *method() { return method_; }

@ -202,7 +202,7 @@ int x509_rsa_ctx_to_pss(EVP_MD_CTX *ctx, X509_ALGOR *algor) {
OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS); OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS);
return 0; return 0;
} }
int md_len = EVP_MD_size(sigmd); int md_len = (int)EVP_MD_size(sigmd);
if (saltlen == -1) { if (saltlen == -1) {
saltlen = md_len; saltlen = md_len;
} else if (saltlen != md_len) { } else if (saltlen != md_len) {

@ -109,7 +109,7 @@ static long ssl_ctrl(BIO *bio, int cmd, long num, void *ptr) {
// |bio->next_bio| with |ssl|'s rbio here, and on |BIO_CTRL_PUSH|. We call // |bio->next_bio| with |ssl|'s rbio here, and on |BIO_CTRL_PUSH|. We call
// into the corresponding |BIO| directly. (We can implement the upstream // into the corresponding |BIO| directly. (We can implement the upstream
// behavior if it ends up necessary.) // behavior if it ends up necessary.)
bio->shutdown = num; bio->shutdown = static_cast<int>(num);
bio->ptr = ptr; bio->ptr = ptr;
bio->init = 1; bio->init = 1;
return 1; return 1;
@ -118,7 +118,7 @@ static long ssl_ctrl(BIO *bio, int cmd, long num, void *ptr) {
return bio->shutdown; return bio->shutdown;
case BIO_CTRL_SET_CLOSE: case BIO_CTRL_SET_CLOSE:
bio->shutdown = num; bio->shutdown = static_cast<int>(num);
return 1; return 1;
case BIO_CTRL_WPENDING: case BIO_CTRL_WPENDING:

@ -1248,10 +1248,12 @@ static bool ext_npn_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
} }
} }
// |orig_len| fits in |unsigned| because TLS extensions use 16-bit lengths.
uint8_t *selected; uint8_t *selected;
uint8_t selected_len; uint8_t selected_len;
if (ssl->ctx->next_proto_select_cb( if (ssl->ctx->next_proto_select_cb(
ssl, &selected, &selected_len, orig_contents, orig_len, ssl, &selected, &selected_len, orig_contents,
static_cast<unsigned>(orig_len),
ssl->ctx->next_proto_select_cb_arg) != SSL_TLSEXT_ERR_OK || ssl->ctx->next_proto_select_cb_arg) != SSL_TLSEXT_ERR_OK ||
!ssl->s3->next_proto_negotiated.CopyFrom( !ssl->s3->next_proto_negotiated.CopyFrom(
MakeConstSpan(selected, selected_len))) { MakeConstSpan(selected, selected_len))) {
@ -1564,11 +1566,14 @@ bool ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert,
return false; return false;
} }
// |protocol_name_list| fits in |unsigned| because TLS extensions use 16-bit
// lengths.
const uint8_t *selected; const uint8_t *selected;
uint8_t selected_len; uint8_t selected_len;
int ret = ssl->ctx->alpn_select_cb( int ret = ssl->ctx->alpn_select_cb(
ssl, &selected, &selected_len, CBS_data(&protocol_name_list), ssl, &selected, &selected_len, CBS_data(&protocol_name_list),
CBS_len(&protocol_name_list), ssl->ctx->alpn_select_cb_arg); static_cast<unsigned>(CBS_len(&protocol_name_list)),
ssl->ctx->alpn_select_cb_arg);
// ALPN is required when QUIC is used. // ALPN is required when QUIC is used.
if (ssl->quic_method && if (ssl->quic_method &&
(ret == SSL_TLSEXT_ERR_NOACK || ret == SSL_TLSEXT_ERR_ALERT_WARNING)) { (ret == SSL_TLSEXT_ERR_NOACK || ret == SSL_TLSEXT_ERR_ALERT_WARNING)) {

@ -16,8 +16,9 @@
#include <openssl/span.h> #include <openssl/span.h>
#include <algorithm>
#include <climits>
#include <cstring> #include <cstring>
#include <limits>
MockQuicTransport::MockQuicTransport(bssl::UniquePtr<BIO> bio, SSL *ssl) MockQuicTransport::MockQuicTransport(bssl::UniquePtr<BIO> bio, SSL *ssl)
: bio_(std::move(bio)), : bio_(std::move(bio)),
@ -51,11 +52,8 @@ bool ReadAll(BIO *bio, bssl::Span<uint8_t> out) {
size_t len = out.size(); size_t len = out.size();
uint8_t *buf = out.data(); uint8_t *buf = out.data();
while (len > 0) { while (len > 0) {
int chunk_len = std::numeric_limits<int>::max(); size_t chunk_len = std::min(len, size_t{INT_MAX});
if (len <= static_cast<unsigned int>(std::numeric_limits<int>::max())) { int ret = BIO_read(bio, buf, static_cast<int>(chunk_len));
chunk_len = len;
}
int ret = BIO_read(bio, buf, chunk_len);
if (ret <= 0) { if (ret <= 0) {
return false; return false;
} }

@ -1619,7 +1619,7 @@ static unsigned PskClientCallback(SSL *ssl, const char *hint,
OPENSSL_strlcpy(out_identity, config->psk_identity.c_str(), max_identity_len); OPENSSL_strlcpy(out_identity, config->psk_identity.c_str(), max_identity_len);
OPENSSL_memcpy(out_psk, config->psk.data(), config->psk.size()); OPENSSL_memcpy(out_psk, config->psk.data(), config->psk.size());
return config->psk.size(); return static_cast<unsigned>(config->psk.size());
} }
static unsigned PskServerCallback(SSL *ssl, const char *identity, static unsigned PskServerCallback(SSL *ssl, const char *identity,
@ -1637,7 +1637,7 @@ static unsigned PskServerCallback(SSL *ssl, const char *identity,
} }
OPENSSL_memcpy(out_psk, config->psk.data(), config->psk.size()); OPENSSL_memcpy(out_psk, config->psk.data(), config->psk.size());
return config->psk.size(); return static_cast<unsigned>(config->psk.size());
} }
static ssl_verify_result_t CustomVerifyCallback(SSL *ssl, uint8_t *out_alert) { static ssl_verify_result_t CustomVerifyCallback(SSL *ssl, uint8_t *out_alert) {

Loading…
Cancel
Save