Use uint16_t in TestConfig and enable -Wformat-signedness.

This silences a pile of -Wformat-signedness warnings. We still need
casts in a few places where the API gives int but really wanted
uint16_t. There I cast to unsigned instead of uint16_t for the sake of
not losing information.

With that, we should be -Wformat-signedness-clean on GCC, so enable the
warning.

Bug: 450
Change-Id: I3ab10348bb47d398b8b9b39acf360284a8ab04d7
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/50771
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>

CMakeLists.txt

@@ -149,6 +149,10 @@ if(CMAKE_COMPILER_IS_GNUCXX OR CLANG)
     set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wimplicit-fallthrough")
   endif()
 
+  if(CMAKE_COMPILER_IS_GNUCXX)
+    set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wformat-signedness")
+  endif()
+
   set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${C_CXX_FLAGS} -Wmissing-prototypes -Wold-style-definition -Wstrict-prototypes")
   set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${C_CXX_FLAGS} -Wmissing-declarations")
 

ssl/test/bssl_shim.cc

@@ -407,9 +407,9 @@ static bool CheckHandshakeProperties(SSL *ssl, bool is_resume,
   }
 
   if (config->expect_version != 0 &&
-      SSL_version(ssl) != config->expect_version) {
+      SSL_version(ssl) != int{config->expect_version}) {
     fprintf(stderr, "want version %04x, got %04x\n", config->expect_version,
-            SSL_version(ssl));
+            static_cast<uint16_t>(SSL_version(ssl)));
     return false;
   }
 
@@ -575,9 +575,9 @@ static bool CheckHandshakeProperties(SSL *ssl, bool is_resume,
 
   if (config->expect_curve_id != 0) {
     uint16_t curve_id = SSL_get_curve_id(ssl);
-    if (static_cast<uint16_t>(config->expect_curve_id) != curve_id) {
+    if (config->expect_curve_id != curve_id) {
       fprintf(stderr, "curve_id was %04x, wanted %04x\n", curve_id,
-              static_cast<uint16_t>(config->expect_curve_id));
+              config->expect_curve_id);
       return false;
     }
   }
@@ -585,24 +585,24 @@ static bool CheckHandshakeProperties(SSL *ssl, bool is_resume,
   uint16_t cipher_id = SSL_CIPHER_get_protocol_id(SSL_get_current_cipher(ssl));
   if (config->expect_cipher_aes != 0 &&
       EVP_has_aes_hardware() &&
-      static_cast<uint16_t>(config->expect_cipher_aes) != cipher_id) {
+      config->expect_cipher_aes != cipher_id) {
     fprintf(stderr, "Cipher ID was %04x, wanted %04x (has AES hardware)\n",
-            cipher_id, static_cast<uint16_t>(config->expect_cipher_aes));
+            cipher_id, config->expect_cipher_aes);
     return false;
   }
 
   if (config->expect_cipher_no_aes != 0 &&
       !EVP_has_aes_hardware() &&
-      static_cast<uint16_t>(config->expect_cipher_no_aes) != cipher_id) {
+      config->expect_cipher_no_aes != cipher_id) {
     fprintf(stderr, "Cipher ID was %04x, wanted %04x (no AES hardware)\n",
-            cipher_id, static_cast<uint16_t>(config->expect_cipher_no_aes));
+            cipher_id, config->expect_cipher_no_aes);
     return false;
   }
 
   if (config->expect_cipher != 0 &&
-      static_cast<uint16_t>(config->expect_cipher) != cipher_id) {
+      config->expect_cipher != cipher_id) {
     fprintf(stderr, "Cipher ID was %04x, wanted %04x\n", cipher_id,
-            static_cast<uint16_t>(config->expect_cipher));
+            config->expect_cipher);
     return false;
   }
 

ssl/test/test_config.cc

@@ -594,7 +594,8 @@ static void MessageCallback(int is_write, int version, int content_type,
   switch (content_type) {
     case 0:
       if (version != SSL2_VERSION) {
-        fprintf(stderr, "Incorrect version for V2ClientHello: %x.\n", version);
+        fprintf(stderr, "Incorrect version for V2ClientHello: %x.\n",
+                static_cast<unsigned>(version));
         state->msg_callback_ok = false;
         return;
       }
@@ -885,9 +886,8 @@ static bool GetCertificate(SSL *ssl, bssl::UniquePtr<X509> *out_x509,
   const TestConfig *config = GetTestConfig(ssl);
 
   if (!config->signing_prefs.empty()) {
-    std::vector<uint16_t> u16s(config->signing_prefs.begin(),
-                               config->signing_prefs.end());
-    if (!SSL_set_signing_algorithm_prefs(ssl, u16s.data(), u16s.size())) {
+    if (!SSL_set_signing_algorithm_prefs(ssl, config->signing_prefs.data(),
+                                         config->signing_prefs.size())) {
       return false;
     }
   }
@@ -1018,8 +1018,7 @@ static bool CheckPeerVerifyPrefs(SSL *ssl) {
       return false;
     }
     for (size_t i = 0; i < num_peer_sigalgs; i++) {
-      if (static_cast<int>(peer_sigalgs[i]) !=
-          config->expect_peer_verify_prefs[i]) {
+      if (peer_sigalgs[i] != config->expect_peer_verify_prefs[i]) {
         fprintf(stderr,
                 "peer verify preference %zu mismatch (got %04x, wanted %04x\n",
                 i, peer_sigalgs[i], config->expect_peer_verify_prefs[i]);
@@ -1475,9 +1474,8 @@ bssl::UniquePtr<SSL_CTX> TestConfig::SetupCtx(SSL_CTX *old_ctx) const {
   }
 
   if (!verify_prefs.empty()) {
-    std::vector<uint16_t> u16s(verify_prefs.begin(), verify_prefs.end());
-    if (!SSL_CTX_set_verify_algorithm_prefs(ssl_ctx.get(), u16s.data(),
-                                            u16s.size())) {
+    if (!SSL_CTX_set_verify_algorithm_prefs(ssl_ctx.get(), verify_prefs.data(),
+                                            verify_prefs.size())) {
       return nullptr;
     }
   }
@@ -1841,11 +1839,11 @@ bssl::UniquePtr<SSL> TestConfig::NewSSL(
     SSL_enable_signed_cert_timestamps(ssl.get());
   }
   if (min_version != 0 &&
-      !SSL_set_min_proto_version(ssl.get(), (uint16_t)min_version)) {
+      !SSL_set_min_proto_version(ssl.get(), min_version)) {
     return nullptr;
   }
   if (max_version != 0 &&
-      !SSL_set_max_proto_version(ssl.get(), (uint16_t)max_version)) {
+      !SSL_set_max_proto_version(ssl.get(), max_version)) {
     return nullptr;
   }
   if (mtu != 0) {

ssl/test/test_config.h

@@ -32,9 +32,9 @@ struct TestConfig {
   int resume_count = 0;
   std::string write_settings;
   bool fallback_scsv = false;
-  std::vector<int> signing_prefs;
-  std::vector<int> verify_prefs;
-  std::vector<int> expect_peer_verify_prefs;
+  std::vector<uint16_t> signing_prefs;
+  std::vector<uint16_t> verify_prefs;
+  std::vector<uint16_t> expect_peer_verify_prefs;
   std::vector<int> curves;
   std::string key_file;
   std::string cert_file;
@@ -93,9 +93,9 @@ struct TestConfig {
   std::string expect_ocsp_response;
   bool enable_signed_cert_timestamps = false;
   std::string expect_signed_cert_timestamps;
-  int min_version = 0;
-  int max_version = 0;
-  int expect_version = 0;
+  uint16_t min_version = 0;
+  uint16_t max_version = 0;
+  uint16_t expect_version = 0;
   int mtu = 0;
   bool implicit_handshake = false;
   bool use_early_callback = false;
@@ -133,8 +133,8 @@ struct TestConfig {
   bool renegotiate_ignore = false;
   bool renegotiate_explicit = false;
   bool forbid_renegotiation_after_handshake = false;
-  int expect_peer_signature_algorithm = 0;
-  int expect_curve_id = 0;
+  uint16_t expect_peer_signature_algorithm = 0;
+  uint16_t expect_curve_id = 0;
   bool use_old_client_cert_callback = false;
   int initial_timeout_duration_ms = 0;
   std::string use_client_ca_list;
@@ -146,9 +146,9 @@ struct TestConfig {
   int max_cert_list = 0;
   std::string ticket_key;
   bool use_exporter_between_reads = false;
-  int expect_cipher_aes = 0;
-  int expect_cipher_no_aes = 0;
-  int expect_cipher = 0;
+  uint16_t expect_cipher_aes = 0;
+  uint16_t expect_cipher_no_aes = 0;
+  uint16_t expect_cipher = 0;
   std::string expect_peer_cert_file;
   int resumption_delay = 0;
   bool retain_only_sha256_client_cert = false;