Fix -Wshorten-64-to-32 errors in BoringSSL interactions

(This is a merge from the Widevine Repo of http://go/wvgerrit/134310.) This patch fixes code that would trigger -Wshorten-64-to-32 by implicitly narrowing a variable from 64 to 32 bits. Most of the time, it does this by making the implicit conversion explicit. The cause of most of these is that OpenSSL uses "int" for the length of things rather than size_t. (While BoringSSL sometimes uses int and sometimes uses size_t.) One exception is LogBoringSSLError(). We have a couple copies of this function around, and they varied slightly. This patch brings them all in-line, which conveniently also removes any code in them that would deal with integer variables. GetRandBytes() now takes a size_t and downcasts to BoringSSL's native int internally, so that callers can pass in a size_t value as they would expect. There's also an interesting case in oec_session_util.cpp. Because BoringSSL and OpenSSL disagree about the width of an error code, we have to use the "auto" type for a temporary variable that holds an error, in order to retain compatibility with both. Bug: 194971260 Test: x86-64 Test: x86-64-openssl Change-Id: I88bc62b4cda396f8a1eabd1a3cb7d1b03f47a33f
2021-09-27 18:17:04 -07:00
parent 1c4216fd28
commit 68187b9f02
6 changed files with 47 additions and 36 deletions
--- a/libwvdrmengine/cdm/core/src/privacy_crypto_boringssl.cpp
+++ b/libwvdrmengine/cdm/core/src/privacy_crypto_boringssl.cpp
@@ -29,7 +29,7 @@ const int kRsaPkcs1OaepPaddingLength = 41;

 RSA* GetKey(const std::string& serialized_key) {
  BIO* bio = BIO_new_mem_buf(const_cast<char*>(serialized_key.data()),
-                             serialized_key.size());
+                             static_cast<int>(serialized_key.size()));
  if (bio == nullptr) {
    LOGE("BIO_new_mem_buf failed: returned null");
    return nullptr;
@@ -123,11 +123,11 @@ bool AesCbcKey::Encrypt(const std::string& in, std::string* out,
  }

  out->resize(in.size() + AES_BLOCK_SIZE);
-  int out_length = out->size();
+  int out_length = static_cast<int>(out->size());
  if (EVP_EncryptUpdate(
          evp_cipher_ctx, reinterpret_cast<uint8_t*>(&(*out)[0]), &out_length,
          reinterpret_cast<uint8_t*>(const_cast<char*>(in.data())),
-          in.size()) == 0) {
+          static_cast<int>(in.size())) == 0) {
    LOGE("AES CBC encryption failure: %s",
         ERR_error_string(ERR_get_error(), nullptr));
    EVP_CIPHER_CTX_free(evp_cipher_ctx);
@@ -195,7 +195,7 @@ bool RsaPublicKey::Encrypt(const std::string& clear_message,

  encrypted_message->assign(rsa_size, 0);
  if (RSA_public_encrypt(
-          clear_message.size(),
+          static_cast<int>(clear_message.size()),
          const_cast<unsigned char*>(
              reinterpret_cast<const unsigned char*>(clear_message.data())),
          reinterpret_cast<unsigned char*>(&(*encrypted_message)[0]), key,
@@ -212,9 +212,9 @@ bool RsaPublicKey::Encrypt(const std::string& clear_message,

 // LogBoringSSLError is a callback from BoringSSL which is called with each
 // error in the thread's error queue.
-static int LogBoringSSLError(const char* msg, size_t /* len */,
-                             void* /* ctx */) {
-  LOGE("  %s", msg);
+static int LogBoringSSLError(const char* msg, size_t /* length */,
+                             void* /* user_data */) {
+  LOGE("  BoringSSL Error: %s", msg);
  return 1;
 }

@@ -345,7 +345,8 @@ bool ExtractExtensionValueFromCertificate(const std::string& cert,
    return false;
  }

-  X509* const intermediate_cert = sk_X509_value(certs, cert_index);
+  X509* const intermediate_cert =
+      sk_X509_value(certs, static_cast<int>(cert_index));
  if (intermediate_cert == nullptr) {
    LOGE("Unable to get intermediate cert");
    return false;
--- a/libwvdrmengine/cdm/core/test/http_socket.cpp
+++ b/libwvdrmengine/cdm/core/test/http_socket.cpp
@@ -66,10 +66,10 @@ SSL_CTX* InitSslContext() {
  return ctx;
 }

-static int LogBoringSslError(const char* message, size_t length,
+static int LogBoringSslError(const char* message, size_t /* length */,
                             void* /* user_data */) {
  LOGE("  BoringSSL Error: %s", message);
-  return length;
+  return 1;
 }

 bool IsRetryableSslError(int ssl_error) {
@@ -433,7 +433,7 @@ int HttpSocket::Read(char* data, int len, int timeout_in_ms) {
    if (secure_connect_) {
      read = SSL_read(ssl_, data, to_read);
    } else {
-      read = recv(socket_fd_, data, to_read, 0);
+      read = static_cast<int>(recv(socket_fd_, data, to_read, 0));
    }

    if (read > 0) {
@@ -490,10 +490,11 @@ int HttpSocket::Write(const char* data, int len, int timeout_in_ms) {
  }
  while (to_send > 0) {
    int sent;
-    if (secure_connect_)
+    if (secure_connect_) {
      sent = SSL_write(ssl_, data, to_send);
-    else
-      sent = send(socket_fd_, data, to_send, 0);
+    } else {
+      sent = static_cast<int>(send(socket_fd_, data, to_send, 0));
+    }

    if (sent > 0) {
      to_send -= sent;
--- a/libwvdrmengine/cdm/core/test/test_base.cpp
+++ b/libwvdrmengine/cdm/core/test/test_base.cpp
@@ -199,7 +199,7 @@ std::string WvCdmTestBase::SignHMAC(const std::string& message,
                                    const std::vector<uint8_t>& key) {
  uint8_t signature[SHA256_DIGEST_LENGTH];
  unsigned int md_len = SHA256_DIGEST_LENGTH;
-  HMAC(EVP_sha256(), &key[0], key.size(),
+  HMAC(EVP_sha256(), &key[0], static_cast<int>(key.size()),
       reinterpret_cast<const uint8_t*>(message.data()), message.size(),
       signature, &md_len);
  std::string result(signature, signature + SHA256_DIGEST_LENGTH);