widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix -Wshorten-64-to-32 errors in BoringSSL interactions

Browse Source 
(This is a merge from the Widevine Repo of http://go/wvgerrit/134310.)

This patch fixes code that would trigger -Wshorten-64-to-32 by
implicitly narrowing a variable from 64 to 32 bits. Most of the time, it
does this by making the implicit conversion explicit. The cause of most
of these is that OpenSSL uses "int" for the length of things rather than
size_t. (While BoringSSL sometimes uses int and sometimes uses size_t.)

One exception is LogBoringSSLError(). We have a couple copies of this
function around, and they varied slightly. This patch brings them all
in-line, which conveniently also removes any code in them that would
deal with integer variables.

GetRandBytes() now takes a size_t and downcasts to BoringSSL's native
int internally, so that callers can pass in a size_t value as they would
expect.

There's also an interesting case in oec_session_util.cpp. Because
BoringSSL and OpenSSL disagree about the width of an error code, we have
to use the "auto" type for a temporary variable that holds an error, in
order to retain compatibility with both.

Bug: 194971260
Test: x86-64
Test: x86-64-openssl
Change-Id: I88bc62b4cda396f8a1eabd1a3cb7d1b03f47a33f
This commit is contained in:
John W. Bruce
2021-09-27 18:17:04 -07:00
parent 1c4216fd28
commit 68187b9f02
6 changed files with 47 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
libwvdrmengine/oemcrypto/test/oec_session_util.cpp
View File

@@ -112,9 +112,9 @@ OEMCryptoResult DecryptCTR(OEMCrypto_SESSION session_id, const uint8_t* key,
} // namespace
int GetRandBytes(unsigned char* buf, int num) {
int GetRandBytes(unsigned char* buf, size_t num) {
// returns 1 on success, -1 if not supported, or 0 if other failure.
return RAND_bytes(buf, num);
return RAND_bytes(buf, static_cast<int>(num));
}
// Does the boilerplate to fill out sample and subsample descriptions for
@@ -162,7 +162,9 @@ void ctr128_inc64(int64_t increaseBy, uint8_t* iv) {
uint32_t htonl_fnc(uint32_t x) { return htonl(x); }
void dump_boringssl_error() {
while (unsigned long err = ERR_get_error()) {
// BoringSSL and OpenSSL disagree about what the type of an error code is, so
// we must use "auto" here.
while (auto err = ERR_get_error()) {
char buffer[120];
ERR_error_string_n(err, buffer, sizeof(buffer));
cout << "BoringSSL Error -- " << buffer << "\n";
@@ -1373,7 +1375,8 @@ void Session::GenerateDerivedKeysFromSessionKey() {
}
void Session::TestDecryptCTR(bool select_key_first,
OEMCryptoResult expected_result, int key_index) {
OEMCryptoResult expected_result,
size_t key_index) {
OEMCryptoResult select_result = OEMCrypto_SUCCESS;
if (select_key_first) {
// Select the key (from FillSimpleMessage)
@@ -1433,7 +1436,7 @@ void Session::TestDecryptResult(OEMCryptoResult expected_result,
}
}
void Session::TestSelectExpired(unsigned int key_index) {
void Session::TestSelectExpired(size_t key_index) {
if (global_features.api_version >= 13) {
OEMCryptoResult status = OEMCrypto_SelectKey(
session_id(), license().keys[key_index].key_id,
@@ -1477,7 +1480,7 @@ void Session::LoadOEMCert(bool verify_cert) {
// Load the public cert's key into public_rsa_ and verify, if requested
for (size_t i = 0; certs && i < static_cast<size_t>(sk_X509_num(certs));
++i) {
X509* x509_cert = sk_X509_value(certs, i);
X509* x509_cert = sk_X509_value(certs, static_cast<int>(i));
boringssl_ptr<EVP_PKEY, EVP_PKEY_free> pubkey(X509_get_pubkey(x509_cert));
ASSERT_TRUE(pubkey.NotNull());
if (i == 0) {
@@ -1493,7 +1496,8 @@ void Session::LoadOEMCert(bool verify_cert) {
X509_NAME* name = X509_get_subject_name(x509_cert);
printf(" OEM Certificate Name: %s\n",
X509_NAME_oneline(name, buffer.data(), buffer.size()));
X509_NAME_oneline(name, buffer.data(),
static_cast<int>(buffer.size())));
boringssl_ptr<X509_STORE, X509_STORE_free> store(X509_STORE_new());
ASSERT_TRUE(store.NotNull());
boringssl_ptr<X509_STORE_CTX, X509_STORE_CTX_free> store_ctx(
@@ -1523,7 +1527,8 @@ void Session::PreparePublicKey(const uint8_t* rsa_key, size_t rsa_key_length) {
rsa_key_length = sizeof(kTestRSAPKCS8PrivateKeyInfo2_2048);
}
uint8_t* p = const_cast<uint8_t*>(rsa_key);
boringssl_ptr<BIO, BIO_vfree> bio(BIO_new_mem_buf(p, rsa_key_length));
boringssl_ptr<BIO, BIO_vfree> bio(
BIO_new_mem_buf(p, static_cast<int>(rsa_key_length)));
ASSERT_TRUE(bio.NotNull());
boringssl_ptr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free> pkcs8_pki(
d2i_PKCS8_PRIV_KEY_INFO_bio(bio.get(), nullptr));
@@ -1621,8 +1626,9 @@ void Session::VerifyRSASignature(const vector<uint8_t>& message,
int size;
// RSA_public_decrypt decrypts the signature, and then verifies that
// it was padded with RSA PKCS1 padding.
size = RSA_public_decrypt(signature_length, signature, padded_digest.data(),
public_rsa_, RSA_PKCS1_PADDING);
size = RSA_public_decrypt(static_cast<int>(signature_length), signature,
padded_digest.data(), public_rsa_,
RSA_PKCS1_PADDING);
EXPECT_GT(size, 0);
padded_digest.resize(size);
EXPECT_EQ(message, padded_digest);
@@ -1639,9 +1645,9 @@ bool Session::GenerateRSASessionKey(vector<uint8_t>* session_key,
}
*session_key = wvcdm::a2b_hex("6fa479c731d2770b6a61a5d1420bb9d1");
enc_session_key->assign(RSA_size(public_rsa_), 0);
int status = RSA_public_encrypt(session_key->size(), &(session_key->front()),
&(enc_session_key->front()), public_rsa_,
RSA_PKCS1_OAEP_PADDING);
int status = RSA_public_encrypt(
static_cast<int>(session_key->size()), &(session_key->front()),
&(enc_session_key->front()), public_rsa_, RSA_PKCS1_OAEP_PADDING);
int size = static_cast<int>(RSA_size(public_rsa_));
if (status != size) {
cout << "GenerateRSASessionKey error encrypting session key.\n";