Miscellaneous -Wshorten-64-to-32 fixes.

Bug: 516
Change-Id: Iba2014da414658c08e42e0993912fa73848832d3
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/54945
Reviewed-by: Bob Beck <bbe@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
fips-20230428
David Benjamin 2 years ago committed by Boringssl LUCI CQ
parent 671ccb1a98
commit 9d64d8d237
  1. 8
      crypto/bio/bio.c
  2. 4
      crypto/bio/fd.c
  3. 8
      crypto/bio/socket.c
  4. 15
      crypto/cipher_extra/aead_test.cc
  5. 2
      crypto/cipher_extra/e_chacha20poly1305.c
  6. 14
      crypto/dsa/dsa.c
  7. 23
      crypto/evp/sign.c
  8. 3
      crypto/hmac_extra/hmac_test.cc
  9. 11
      crypto/trust_token/trust_token.c
  10. 4
      crypto/trust_token/trust_token_test.cc
  11. 2
      crypto/x509/rsa_pss.c
  12. 4
      ssl/bio_ssl.cc
  13. 9
      ssl/extensions.cc
  14. 10
      ssl/test/mock_quic_transport.cc
  15. 4
      ssl/test/test_config.cc

@ -192,7 +192,13 @@ int BIO_write_all(BIO *bio, const void *data, size_t len) {
}
int BIO_puts(BIO *bio, const char *in) {
return BIO_write(bio, in, strlen(in));
size_t len = strlen(in);
if (len > INT_MAX) {
// |BIO_write| and the return value both assume the string fits in |int|.
OPENSSL_PUT_ERROR(BIO, ERR_R_OVERFLOW);
return -1;
}
return BIO_write(bio, in, (int)len);
}
int BIO_flush(BIO *bio) {

@ -158,7 +158,7 @@ static int fd_free(BIO *bio) {
static int fd_read(BIO *b, char *out, int outl) {
int ret = 0;
ret = BORINGSSL_READ(b->num, out, outl);
ret = (int)BORINGSSL_READ(b->num, out, outl);
BIO_clear_retry_flags(b);
if (ret <= 0) {
if (bio_fd_should_retry(ret)) {
@ -170,7 +170,7 @@ static int fd_read(BIO *b, char *out, int outl) {
}
static int fd_write(BIO *b, const char *in, int inl) {
int ret = BORINGSSL_WRITE(b->num, in, inl);
int ret = (int)BORINGSSL_WRITE(b->num, in, inl);
BIO_clear_retry_flags(b);
if (ret <= 0) {
if (bio_fd_should_retry(ret)) {

@ -101,7 +101,7 @@ static int sock_read(BIO *b, char *out, int outl) {
#if defined(OPENSSL_WINDOWS)
int ret = recv(b->num, out, outl, 0);
#else
int ret = read(b->num, out, outl);
int ret = (int)read(b->num, out, outl);
#endif
BIO_clear_retry_flags(b);
if (ret <= 0) {
@ -113,13 +113,11 @@ static int sock_read(BIO *b, char *out, int outl) {
}
static int sock_write(BIO *b, const char *in, int inl) {
int ret;
bio_clear_socket_error();
#if defined(OPENSSL_WINDOWS)
ret = send(b->num, in, inl, 0);
int ret = send(b->num, in, inl, 0);
#else
ret = write(b->num, in, inl);
int ret = (int)write(b->num, in, inl);
#endif
BIO_clear_retry_flags(b);
if (ret <= 0) {

@ -12,6 +12,7 @@
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
#include <assert.h>
#include <stdint.h>
#include <string.h>
@ -48,13 +49,8 @@ constexpr uint32_t kNondeterministic = 1 << 7;
// RequiresADLength encodes an AD length requirement into flags.
constexpr uint32_t RequiresADLength(size_t length) {
// If we had a more recent C++ version we could assert that the length is
// sufficiently small with:
//
// if (length >= 16) {
// __builtin_unreachable();
// }
return (length & 0xf) << 3;
assert(length < 16);
return static_cast<uint32_t>((length & 0xf) << 3);
}
// RequiredADLength returns the AD length requirement encoded in |flags|, or
@ -64,9 +60,8 @@ constexpr size_t RequiredADLength(uint32_t flags) {
}
constexpr uint32_t RequiresMinimumTagLength(size_t length) {
// See above for statically checking the size at compile time with future C++
// versions.
return (length & 0xf) << 8;
assert(length < 16);
return static_cast<uint32_t>((length & 0xf) << 8);
}
constexpr size_t MinimumTagLength(uint32_t flags) {

@ -145,7 +145,7 @@ static int chacha20_poly1305_seal_scatter(
// encrypted byte-by-byte first.
if (extra_in_len) {
static const size_t kChaChaBlockSize = 64;
uint32_t block_counter = 1 + (in_len / kChaChaBlockSize);
uint32_t block_counter = (uint32_t)(1 + (in_len / kChaChaBlockSize));
size_t offset = in_len % kChaChaBlockSize;
uint8_t block[64 /* kChaChaBlockSize */];

@ -217,16 +217,14 @@ int DSA_generate_parameters_ex(DSA *dsa, unsigned bits, const uint8_t *seed_in,
BIGNUM *g = NULL, *q = NULL, *p = NULL;
BN_MONT_CTX *mont = NULL;
int k, n = 0, m = 0;
unsigned i;
int counter = 0;
int r = 0;
BN_CTX *ctx = NULL;
unsigned int h = 2;
unsigned qsize;
const EVP_MD *evpmd;
evpmd = (bits >= 2048) ? EVP_sha256() : EVP_sha1();
qsize = EVP_MD_size(evpmd);
size_t qsize = EVP_MD_size(evpmd);
if (bits < 512) {
bits = 512;
@ -235,10 +233,10 @@ int DSA_generate_parameters_ex(DSA *dsa, unsigned bits, const uint8_t *seed_in,
bits = (bits + 63) / 64 * 64;
if (seed_in != NULL) {
if (seed_len < (size_t)qsize) {
if (seed_len < qsize) {
return 0;
}
if (seed_len > (size_t)qsize) {
if (seed_len > qsize) {
// Only consume as much seed as is expected.
seed_len = qsize;
}
@ -284,7 +282,7 @@ int DSA_generate_parameters_ex(DSA *dsa, unsigned bits, const uint8_t *seed_in,
OPENSSL_memcpy(buf, seed, qsize);
OPENSSL_memcpy(buf2, seed, qsize);
// precompute "SEED + 1" for step 7:
for (i = qsize - 1; i < qsize; i--) {
for (size_t i = qsize - 1; i < qsize; i--) {
buf[i]++;
if (buf[i] != 0) {
break;
@ -296,7 +294,7 @@ int DSA_generate_parameters_ex(DSA *dsa, unsigned bits, const uint8_t *seed_in,
!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL)) {
goto err;
}
for (i = 0; i < qsize; i++) {
for (size_t i = 0; i < qsize; i++) {
md[i] ^= buf2[i];
}
@ -340,7 +338,7 @@ int DSA_generate_parameters_ex(DSA *dsa, unsigned bits, const uint8_t *seed_in,
// now 'buf' contains "SEED + offset - 1"
for (k = 0; k <= n; k++) {
// obtain "SEED + offset + k" by incrementing:
for (i = qsize - 1; i < qsize; i--) {
for (size_t i = qsize - 1; i < qsize; i--) {
buf[i]++;
if (buf[i] != 0) {
break;

@ -56,6 +56,8 @@
#include <openssl/evp.h>
#include <limits.h>
#include <openssl/digest.h>
#include <openssl/err.h>
@ -74,15 +76,20 @@ int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *data, size_t len) {
return EVP_DigestUpdate(ctx, data, len);
}
int EVP_SignFinal(const EVP_MD_CTX *ctx, uint8_t *sig,
unsigned int *out_sig_len, EVP_PKEY *pkey) {
int EVP_SignFinal(const EVP_MD_CTX *ctx, uint8_t *sig, unsigned *out_sig_len,
EVP_PKEY *pkey) {
uint8_t m[EVP_MAX_MD_SIZE];
unsigned int m_len;
unsigned m_len;
int ret = 0;
EVP_MD_CTX tmp_ctx;
EVP_PKEY_CTX *pkctx = NULL;
size_t sig_len = EVP_PKEY_size(pkey);
// Ensure the final result will fit in |unsigned|.
if (sig_len > UINT_MAX) {
sig_len = UINT_MAX;
}
*out_sig_len = 0;
EVP_MD_CTX_init(&tmp_ctx);
if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx) ||
@ -92,19 +99,17 @@ int EVP_SignFinal(const EVP_MD_CTX *ctx, uint8_t *sig,
EVP_MD_CTX_cleanup(&tmp_ctx);
pkctx = EVP_PKEY_CTX_new(pkey, NULL);
if (!pkctx || !EVP_PKEY_sign_init(pkctx) ||
if (!pkctx || //
!EVP_PKEY_sign_init(pkctx) ||
!EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) ||
!EVP_PKEY_sign(pkctx, sig, &sig_len, m, m_len)) {
goto out;
}
*out_sig_len = sig_len;
*out_sig_len = (unsigned)sig_len;
ret = 1;
out:
if (pkctx) {
EVP_PKEY_CTX_free(pkctx);
}
return ret;
}
@ -123,7 +128,7 @@ int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t len) {
int EVP_VerifyFinal(EVP_MD_CTX *ctx, const uint8_t *sig, size_t sig_len,
EVP_PKEY *pkey) {
uint8_t m[EVP_MAX_MD_SIZE];
unsigned int m_len;
unsigned m_len;
int ret = 0;
EVP_MD_CTX tmp_ctx;
EVP_PKEY_CTX *pkctx = NULL;

@ -99,8 +99,7 @@ TEST(HMACTest, TestVectors) {
ASSERT_EQ(EVP_MD_size(digest), output.size());
// Test using the one-shot API.
unsigned expected_mac_len = EVP_MD_size(digest);
std::unique_ptr<uint8_t[]> mac(new uint8_t[expected_mac_len]);
std::unique_ptr<uint8_t[]> mac(new uint8_t[EVP_MD_size(digest)]);
unsigned mac_len;
ASSERT_TRUE(HMAC(digest, key.data(), key.size(), input.data(), input.size(),
mac.get(), &mac_len));

@ -612,16 +612,19 @@ err:
static int add_cbor_int_with_type(CBB *cbb, uint8_t major_type,
uint64_t value) {
if (value <= 23) {
return CBB_add_u8(cbb, value | major_type);
return CBB_add_u8(cbb, (uint8_t)value | major_type);
}
if (value <= 0xff) {
return CBB_add_u8(cbb, 0x18 | major_type) && CBB_add_u8(cbb, value);
return CBB_add_u8(cbb, 0x18 | major_type) &&
CBB_add_u8(cbb, (uint8_t)value);
}
if (value <= 0xffff) {
return CBB_add_u8(cbb, 0x19 | major_type) && CBB_add_u16(cbb, value);
return CBB_add_u8(cbb, 0x19 | major_type) &&
CBB_add_u16(cbb, (uint16_t)value);
}
if (value <= 0xffffffff) {
return CBB_add_u8(cbb, 0x1a | major_type) && CBB_add_u32(cbb, value);
return CBB_add_u8(cbb, 0x1a | major_type) &&
CBB_add_u32(cbb, (uint32_t)value);
}
if (value <= 0xffffffffffffffff) {
return CBB_add_u8(cbb, 0x1b | major_type) && CBB_add_u64(cbb, value);

@ -12,6 +12,7 @@
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
#include <assert.h>
#include <stdio.h>
#include <string.h>
#include <time.h>
@ -304,8 +305,9 @@ class TrustTokenProtocolTestBase : public ::testing::Test {
// KeyID returns the key ID associated with key index |i|.
static uint32_t KeyID(size_t i) {
assert(i <= UINT32_MAX);
// Use a different value from the indices to that we do not mix them up.
return 7 + i;
return static_cast<uint32_t>(7 + i);
}
const TRUST_TOKEN_METHOD *method() { return method_; }

@ -202,7 +202,7 @@ int x509_rsa_ctx_to_pss(EVP_MD_CTX *ctx, X509_ALGOR *algor) {
OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS);
return 0;
}
int md_len = EVP_MD_size(sigmd);
int md_len = (int)EVP_MD_size(sigmd);
if (saltlen == -1) {
saltlen = md_len;
} else if (saltlen != md_len) {

@ -109,7 +109,7 @@ static long ssl_ctrl(BIO *bio, int cmd, long num, void *ptr) {
// |bio->next_bio| with |ssl|'s rbio here, and on |BIO_CTRL_PUSH|. We call
// into the corresponding |BIO| directly. (We can implement the upstream
// behavior if it ends up necessary.)
bio->shutdown = num;
bio->shutdown = static_cast<int>(num);
bio->ptr = ptr;
bio->init = 1;
return 1;
@ -118,7 +118,7 @@ static long ssl_ctrl(BIO *bio, int cmd, long num, void *ptr) {
return bio->shutdown;
case BIO_CTRL_SET_CLOSE:
bio->shutdown = num;
bio->shutdown = static_cast<int>(num);
return 1;
case BIO_CTRL_WPENDING:

@ -1248,10 +1248,12 @@ static bool ext_npn_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
}
}
// |orig_len| fits in |unsigned| because TLS extensions use 16-bit lengths.
uint8_t *selected;
uint8_t selected_len;
if (ssl->ctx->next_proto_select_cb(
ssl, &selected, &selected_len, orig_contents, orig_len,
ssl, &selected, &selected_len, orig_contents,
static_cast<unsigned>(orig_len),
ssl->ctx->next_proto_select_cb_arg) != SSL_TLSEXT_ERR_OK ||
!ssl->s3->next_proto_negotiated.CopyFrom(
MakeConstSpan(selected, selected_len))) {
@ -1564,11 +1566,14 @@ bool ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert,
return false;
}
// |protocol_name_list| fits in |unsigned| because TLS extensions use 16-bit
// lengths.
const uint8_t *selected;
uint8_t selected_len;
int ret = ssl->ctx->alpn_select_cb(
ssl, &selected, &selected_len, CBS_data(&protocol_name_list),
CBS_len(&protocol_name_list), ssl->ctx->alpn_select_cb_arg);
static_cast<unsigned>(CBS_len(&protocol_name_list)),
ssl->ctx->alpn_select_cb_arg);
// ALPN is required when QUIC is used.
if (ssl->quic_method &&
(ret == SSL_TLSEXT_ERR_NOACK || ret == SSL_TLSEXT_ERR_ALERT_WARNING)) {

@ -16,8 +16,9 @@
#include <openssl/span.h>
#include <algorithm>
#include <climits>
#include <cstring>
#include <limits>
MockQuicTransport::MockQuicTransport(bssl::UniquePtr<BIO> bio, SSL *ssl)
: bio_(std::move(bio)),
@ -51,11 +52,8 @@ bool ReadAll(BIO *bio, bssl::Span<uint8_t> out) {
size_t len = out.size();
uint8_t *buf = out.data();
while (len > 0) {
int chunk_len = std::numeric_limits<int>::max();
if (len <= static_cast<unsigned int>(std::numeric_limits<int>::max())) {
chunk_len = len;
}
int ret = BIO_read(bio, buf, chunk_len);
size_t chunk_len = std::min(len, size_t{INT_MAX});
int ret = BIO_read(bio, buf, static_cast<int>(chunk_len));
if (ret <= 0) {
return false;
}

@ -1619,7 +1619,7 @@ static unsigned PskClientCallback(SSL *ssl, const char *hint,
OPENSSL_strlcpy(out_identity, config->psk_identity.c_str(), max_identity_len);
OPENSSL_memcpy(out_psk, config->psk.data(), config->psk.size());
return config->psk.size();
return static_cast<unsigned>(config->psk.size());
}
static unsigned PskServerCallback(SSL *ssl, const char *identity,
@ -1637,7 +1637,7 @@ static unsigned PskServerCallback(SSL *ssl, const char *identity,
}
OPENSSL_memcpy(out_psk, config->psk.data(), config->psk.size());
return config->psk.size();
return static_cast<unsigned>(config->psk.size());
}
static ssl_verify_result_t CustomVerifyCallback(SSL *ssl, uint8_t *out_alert) {

Loading…
Cancel
Save