widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Fix -Wshorten-64-to-32 errors in BoringSSL interactions"

Browse Source
This commit is contained in:
TreeHugger Robot
2021-10-06 21:54:09 +00:00
committed by Android (Google) Code Review
parent c554b30716 68187b9f02
commit fdea46d325
6 changed files with 47 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
libwvdrmengine/cdm/core/src/privacy_crypto_boringssl.cpp
View File

@@ -29,7 +29,7 @@ const int kRsaPkcs1OaepPaddingLength = 41;
RSA* GetKey(const std::string& serialized_key) { RSA* GetKey(const std::string& serialized_key) {
BIO* bio = BIO_new_mem_buf(const_cast<char*>(serialized_key.data()), BIO* bio = BIO_new_mem_buf(const_cast<char*>(serialized_key.data()),
serialized_key.size()); static_cast<int>(serialized_key.size()));
if (bio == nullptr) { if (bio == nullptr) {
LOGE("BIO_new_mem_buf failed: returned null"); LOGE("BIO_new_mem_buf failed: returned null");
return nullptr; return nullptr;
@@ -123,11 +123,11 @@ bool AesCbcKey::Encrypt(const std::string& in, std::string* out,
} }
out->resize(in.size() + AES_BLOCK_SIZE); out->resize(in.size() + AES_BLOCK_SIZE);
int out_length = out->size(); int out_length = static_cast<int>(out->size());
if (EVP_EncryptUpdate( if (EVP_EncryptUpdate(
evp_cipher_ctx, reinterpret_cast<uint8_t*>(&(*out)[0]), &out_length, evp_cipher_ctx, reinterpret_cast<uint8_t*>(&(*out)[0]), &out_length,
reinterpret_cast<uint8_t*>(const_cast<char*>(in.data())), reinterpret_cast<uint8_t*>(const_cast<char*>(in.data())),
in.size()) == 0) { static_cast<int>(in.size())) == 0) {
LOGE("AES CBC encryption failure: %s", LOGE("AES CBC encryption failure: %s",
ERR_error_string(ERR_get_error(), nullptr)); ERR_error_string(ERR_get_error(), nullptr));
EVP_CIPHER_CTX_free(evp_cipher_ctx); EVP_CIPHER_CTX_free(evp_cipher_ctx);
@@ -195,7 +195,7 @@ bool RsaPublicKey::Encrypt(const std::string& clear_message,
encrypted_message->assign(rsa_size, 0); encrypted_message->assign(rsa_size, 0);
if (RSA_public_encrypt( if (RSA_public_encrypt(
clear_message.size(), static_cast<int>(clear_message.size()),
const_cast<unsigned char*>( const_cast<unsigned char*>(
reinterpret_cast<const unsigned char*>(clear_message.data())), reinterpret_cast<const unsigned char*>(clear_message.data())),
reinterpret_cast<unsigned char*>(&(*encrypted_message)[0]), key, reinterpret_cast<unsigned char*>(&(*encrypted_message)[0]), key,
@@ -212,9 +212,9 @@ bool RsaPublicKey::Encrypt(const std::string& clear_message,
// LogBoringSSLError is a callback from BoringSSL which is called with each // LogBoringSSLError is a callback from BoringSSL which is called with each
// error in the thread's error queue. // error in the thread's error queue.
static int LogBoringSSLError(const char* msg, size_t /* len */, static int LogBoringSSLError(const char* msg, size_t /* length */,
void* /* ctx */) { void* /* user_data */) {
LOGE(" %s", msg); LOGE(" BoringSSL Error: %s", msg);
return 1; return 1;
} }
@@ -345,7 +345,8 @@ bool ExtractExtensionValueFromCertificate(const std::string& cert,
return false; return false;
} }
X509* const intermediate_cert = sk_X509_value(certs, cert_index); X509* const intermediate_cert =
sk_X509_value(certs, static_cast<int>(cert_index));
if (intermediate_cert == nullptr) { if (intermediate_cert == nullptr) {
LOGE("Unable to get intermediate cert"); LOGE("Unable to get intermediate cert");
return false; return false;

13
libwvdrmengine/cdm/core/test/http_socket.cpp
View File

@@ -66,10 +66,10 @@ SSL_CTX* InitSslContext() {
return ctx; return ctx;
} }
static int LogBoringSslError(const char* message, size_t length, static int LogBoringSslError(const char* message, size_t /* length */,
void* /* user_data */) { void* /* user_data */) {
LOGE(" BoringSSL Error: %s", message); LOGE(" BoringSSL Error: %s", message);
return length; return 1;
} }
bool IsRetryableSslError(int ssl_error) { bool IsRetryableSslError(int ssl_error) {
@@ -433,7 +433,7 @@ int HttpSocket::Read(char* data, int len, int timeout_in_ms) {
if (secure_connect_) { if (secure_connect_) {
read = SSL_read(ssl_, data, to_read); read = SSL_read(ssl_, data, to_read);
} else { } else {
read = recv(socket_fd_, data, to_read, 0); read = static_cast<int>(recv(socket_fd_, data, to_read, 0));
} }
if (read > 0) { if (read > 0) {
@@ -490,10 +490,11 @@ int HttpSocket::Write(const char* data, int len, int timeout_in_ms) {
} }
while (to_send > 0) { while (to_send > 0) {
int sent; int sent;
if (secure_connect_) if (secure_connect_) {
sent = SSL_write(ssl_, data, to_send); sent = SSL_write(ssl_, data, to_send);
else } else {
sent = send(socket_fd_, data, to_send, 0); sent = static_cast<int>(send(socket_fd_, data, to_send, 0));
}
if (sent > 0) { if (sent > 0) {
to_send -= sent; to_send -= sent;

2
libwvdrmengine/cdm/core/test/test_base.cpp
View File

@@ -205,7 +205,7 @@ std::string WvCdmTestBase::SignHMAC(const std::string& message,
const std::vector<uint8_t>& key) { const std::vector<uint8_t>& key) {
uint8_t signature[SHA256_DIGEST_LENGTH]; uint8_t signature[SHA256_DIGEST_LENGTH];
unsigned int md_len = SHA256_DIGEST_LENGTH; unsigned int md_len = SHA256_DIGEST_LENGTH;
HMAC(EVP_sha256(), &key[0], key.size(), HMAC(EVP_sha256(), &key[0], static_cast<int>(key.size()),
reinterpret_cast<const uint8_t*>(message.data()), message.size(), reinterpret_cast<const uint8_t*>(message.data()), message.size(),
signature, &md_len); signature, &md_len);
std::string result(signature, signature + SHA256_DIGEST_LENGTH); std::string result(signature, signature + SHA256_DIGEST_LENGTH);

13
libwvdrmengine/oemcrypto/test/oec_key_deriver.cpp
View File

@@ -147,8 +147,9 @@ void KeyDeriver::ServerSignBuffer(const uint8_t* data, size_t data_length,
ASSERT_EQ(mac_key_server_.size(), MAC_KEY_SIZE); ASSERT_EQ(mac_key_server_.size(), MAC_KEY_SIZE);
signature->assign(SHA256_DIGEST_LENGTH, 0); signature->assign(SHA256_DIGEST_LENGTH, 0);
unsigned int sig_len = SHA256_DIGEST_LENGTH; unsigned int sig_len = SHA256_DIGEST_LENGTH;
ASSERT_TRUE(HMAC(EVP_sha256(), mac_key_server_.data(), mac_key_server_.size(), ASSERT_TRUE(HMAC(EVP_sha256(), mac_key_server_.data(),
data, data_length, signature->data(), &sig_len)); static_cast<int>(mac_key_server_.size()), data, data_length,
signature->data(), &sig_len));
} }
void KeyDeriver::ClientSignBuffer(const vector<uint8_t>& buffer, void KeyDeriver::ClientSignBuffer(const vector<uint8_t>& buffer,
@@ -156,8 +157,9 @@ void KeyDeriver::ClientSignBuffer(const vector<uint8_t>& buffer,
ASSERT_EQ(mac_key_client_.size(), MAC_KEY_SIZE); ASSERT_EQ(mac_key_client_.size(), MAC_KEY_SIZE);
signature->assign(SHA256_DIGEST_LENGTH, 0); signature->assign(SHA256_DIGEST_LENGTH, 0);
unsigned int sig_len = SHA256_DIGEST_LENGTH; unsigned int sig_len = SHA256_DIGEST_LENGTH;
ASSERT_TRUE(HMAC(EVP_sha256(), mac_key_client_.data(), mac_key_client_.size(), ASSERT_TRUE(HMAC(EVP_sha256(), mac_key_client_.data(),
buffer.data(), buffer.size(), signature->data(), &sig_len)); static_cast<int>(mac_key_client_.size()), buffer.data(),
buffer.size(), signature->data(), &sig_len));
} }
void KeyDeriver::ClientSignPstReport(const vector<uint8_t>& pst_report_buffer, void KeyDeriver::ClientSignPstReport(const vector<uint8_t>& pst_report_buffer,
@@ -165,7 +167,8 @@ void KeyDeriver::ClientSignPstReport(const vector<uint8_t>& pst_report_buffer,
ASSERT_EQ(mac_key_client_.size(), MAC_KEY_SIZE); ASSERT_EQ(mac_key_client_.size(), MAC_KEY_SIZE);
signature->assign(SHA_DIGEST_LENGTH, 0); signature->assign(SHA_DIGEST_LENGTH, 0);
unsigned int sig_len = SHA_DIGEST_LENGTH; unsigned int sig_len = SHA_DIGEST_LENGTH;
ASSERT_TRUE(HMAC(EVP_sha1(), mac_key_client_.data(), mac_key_client_.size(), ASSERT_TRUE(HMAC(EVP_sha1(), mac_key_client_.data(),
static_cast<int>(mac_key_client_.size()),
&pst_report_buffer[SHA_DIGEST_LENGTH], &pst_report_buffer[SHA_DIGEST_LENGTH],
pst_report_buffer.size() - SHA_DIGEST_LENGTH, pst_report_buffer.size() - SHA_DIGEST_LENGTH,
signature->data(), &sig_len)); signature->data(), &sig_len));

32
libwvdrmengine/oemcrypto/test/oec_session_util.cpp
View File

@@ -112,9 +112,9 @@ OEMCryptoResult DecryptCTR(OEMCrypto_SESSION session_id, const uint8_t* key,
} // namespace } // namespace
int GetRandBytes(unsigned char* buf, int num) { int GetRandBytes(unsigned char* buf, size_t num) {
// returns 1 on success, -1 if not supported, or 0 if other failure. // returns 1 on success, -1 if not supported, or 0 if other failure.
return RAND_bytes(buf, num); return RAND_bytes(buf, static_cast<int>(num));
} }
// Does the boilerplate to fill out sample and subsample descriptions for // Does the boilerplate to fill out sample and subsample descriptions for
@@ -162,7 +162,9 @@ void ctr128_inc64(int64_t increaseBy, uint8_t* iv) {
uint32_t htonl_fnc(uint32_t x) { return htonl(x); } uint32_t htonl_fnc(uint32_t x) { return htonl(x); }
void dump_boringssl_error() { void dump_boringssl_error() {
while (unsigned long err = ERR_get_error()) { // BoringSSL and OpenSSL disagree about what the type of an error code is, so
// we must use "auto" here.
while (auto err = ERR_get_error()) {
char buffer[120]; char buffer[120];
ERR_error_string_n(err, buffer, sizeof(buffer)); ERR_error_string_n(err, buffer, sizeof(buffer));
cout << "BoringSSL Error -- " << buffer << "\n"; cout << "BoringSSL Error -- " << buffer << "\n";
@@ -1373,7 +1375,8 @@ void Session::GenerateDerivedKeysFromSessionKey() {
} }
void Session::TestDecryptCTR(bool select_key_first, void Session::TestDecryptCTR(bool select_key_first,
OEMCryptoResult expected_result, int key_index) { OEMCryptoResult expected_result,
size_t key_index) {
OEMCryptoResult select_result = OEMCrypto_SUCCESS; OEMCryptoResult select_result = OEMCrypto_SUCCESS;
if (select_key_first) { if (select_key_first) {
// Select the key (from FillSimpleMessage) // Select the key (from FillSimpleMessage)
@@ -1433,7 +1436,7 @@ void Session::TestDecryptResult(OEMCryptoResult expected_result,
} }
} }
void Session::TestSelectExpired(unsigned int key_index) { void Session::TestSelectExpired(size_t key_index) {
if (global_features.api_version >= 13) { if (global_features.api_version >= 13) {
OEMCryptoResult status = OEMCrypto_SelectKey( OEMCryptoResult status = OEMCrypto_SelectKey(
session_id(), license().keys[key_index].key_id, session_id(), license().keys[key_index].key_id,
@@ -1477,7 +1480,7 @@ void Session::LoadOEMCert(bool verify_cert) {
// Load the public cert's key into public_rsa_ and verify, if requested // Load the public cert's key into public_rsa_ and verify, if requested
for (size_t i = 0; certs && i < static_cast<size_t>(sk_X509_num(certs)); for (size_t i = 0; certs && i < static_cast<size_t>(sk_X509_num(certs));
++i) { ++i) {
X509* x509_cert = sk_X509_value(certs, i); X509* x509_cert = sk_X509_value(certs, static_cast<int>(i));
boringssl_ptr<EVP_PKEY, EVP_PKEY_free> pubkey(X509_get_pubkey(x509_cert)); boringssl_ptr<EVP_PKEY, EVP_PKEY_free> pubkey(X509_get_pubkey(x509_cert));
ASSERT_TRUE(pubkey.NotNull()); ASSERT_TRUE(pubkey.NotNull());
if (i == 0) { if (i == 0) {
@@ -1493,7 +1496,8 @@ void Session::LoadOEMCert(bool verify_cert) {
X509_NAME* name = X509_get_subject_name(x509_cert); X509_NAME* name = X509_get_subject_name(x509_cert);
printf(" OEM Certificate Name: %s\n", printf(" OEM Certificate Name: %s\n",
X509_NAME_oneline(name, buffer.data(), buffer.size())); X509_NAME_oneline(name, buffer.data(),
static_cast<int>(buffer.size())));
boringssl_ptr<X509_STORE, X509_STORE_free> store(X509_STORE_new()); boringssl_ptr<X509_STORE, X509_STORE_free> store(X509_STORE_new());
ASSERT_TRUE(store.NotNull()); ASSERT_TRUE(store.NotNull());
boringssl_ptr<X509_STORE_CTX, X509_STORE_CTX_free> store_ctx( boringssl_ptr<X509_STORE_CTX, X509_STORE_CTX_free> store_ctx(
@@ -1523,7 +1527,8 @@ void Session::PreparePublicKey(const uint8_t* rsa_key, size_t rsa_key_length) {
rsa_key_length = sizeof(kTestRSAPKCS8PrivateKeyInfo2_2048); rsa_key_length = sizeof(kTestRSAPKCS8PrivateKeyInfo2_2048);
} }
uint8_t* p = const_cast<uint8_t*>(rsa_key); uint8_t* p = const_cast<uint8_t*>(rsa_key);
boringssl_ptr<BIO, BIO_vfree> bio(BIO_new_mem_buf(p, rsa_key_length)); boringssl_ptr<BIO, BIO_vfree> bio(
BIO_new_mem_buf(p, static_cast<int>(rsa_key_length)));
ASSERT_TRUE(bio.NotNull()); ASSERT_TRUE(bio.NotNull());
boringssl_ptr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free> pkcs8_pki( boringssl_ptr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free> pkcs8_pki(
d2i_PKCS8_PRIV_KEY_INFO_bio(bio.get(), nullptr)); d2i_PKCS8_PRIV_KEY_INFO_bio(bio.get(), nullptr));
@@ -1621,8 +1626,9 @@ void Session::VerifyRSASignature(const vector<uint8_t>& message,
int size; int size;
// RSA_public_decrypt decrypts the signature, and then verifies that // RSA_public_decrypt decrypts the signature, and then verifies that
// it was padded with RSA PKCS1 padding. // it was padded with RSA PKCS1 padding.
size = RSA_public_decrypt(signature_length, signature, padded_digest.data(), size = RSA_public_decrypt(static_cast<int>(signature_length), signature,
public_rsa_, RSA_PKCS1_PADDING); padded_digest.data(), public_rsa_,
RSA_PKCS1_PADDING);
EXPECT_GT(size, 0); EXPECT_GT(size, 0);
padded_digest.resize(size); padded_digest.resize(size);
EXPECT_EQ(message, padded_digest); EXPECT_EQ(message, padded_digest);
@@ -1639,9 +1645,9 @@ bool Session::GenerateRSASessionKey(vector<uint8_t>* session_key,
} }
*session_key = wvcdm::a2b_hex("6fa479c731d2770b6a61a5d1420bb9d1"); *session_key = wvcdm::a2b_hex("6fa479c731d2770b6a61a5d1420bb9d1");
enc_session_key->assign(RSA_size(public_rsa_), 0); enc_session_key->assign(RSA_size(public_rsa_), 0);
int status = RSA_public_encrypt(session_key->size(), &(session_key->front()), int status = RSA_public_encrypt(
&(enc_session_key->front()), public_rsa_, static_cast<int>(session_key->size()), &(session_key->front()),
RSA_PKCS1_OAEP_PADDING); &(enc_session_key->front()), public_rsa_, RSA_PKCS1_OAEP_PADDING);
int size = static_cast<int>(RSA_size(public_rsa_)); int size = static_cast<int>(RSA_size(public_rsa_));
if (status != size) { if (status != size) {
cout << "GenerateRSASessionKey error encrypting session key.\n"; cout << "GenerateRSASessionKey error encrypting session key.\n";

6
libwvdrmengine/oemcrypto/test/oec_session_util.h
View File

@@ -117,7 +117,7 @@ struct EntitledContentKeyData {
}; };
// returns 1 on success, -1 if not supported, or 0 if other failure. // returns 1 on success, -1 if not supported, or 0 if other failure.
int GetRandBytes(unsigned char* buf, int num); int GetRandBytes(unsigned char* buf, size_t num);
void GenerateSimpleSampleDescription(const std::vector<uint8_t>& in, void GenerateSimpleSampleDescription(const std::vector<uint8_t>& in,
std::vector<uint8_t>& out, std::vector<uint8_t>& out,
@@ -534,10 +534,10 @@ class Session {
// Encrypt some data and pass to OEMCrypto_DecryptCENC to verify decryption. // Encrypt some data and pass to OEMCrypto_DecryptCENC to verify decryption.
void TestDecryptCTR(bool select_key_first = true, void TestDecryptCTR(bool select_key_first = true,
OEMCryptoResult expected_result = OEMCrypto_SUCCESS, OEMCryptoResult expected_result = OEMCrypto_SUCCESS,
int key_index = 0); size_t key_index = 0);
// Verify that an attempt to select an expired key either succeeds, or gives // Verify that an attempt to select an expired key either succeeds, or gives
// an actionable error code. // an actionable error code.
void TestSelectExpired(unsigned int key_index); void TestSelectExpired(size_t key_index);
// Calls OEMCrypto_GetOEMPublicCertificate and OEMCrypto_LoadOEMPrivateKey and // Calls OEMCrypto_GetOEMPublicCertificate and OEMCrypto_LoadOEMPrivateKey and
// loads the OEM cert's public rsa key into public_rsa_. // loads the OEM cert's public rsa key into public_rsa_.
void LoadOEMCert(bool verify_cert = false); void LoadOEMCert(bool verify_cert = false);