Google Git
Sign in
boringssl / boringssl.git / 7ac94aa279bac74c3e486fce091e1f7a38577e68^! / . / ssl / ssl_lib.cc
commit7ac94aa279bac74c3e486fce091e1f7a38577e68[log] [tgz]
authorDavid Benjamin <davidben@google.com>Mon Oct 24 15:44:37 2022 -0400
committerBoringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>Mon Nov 14 20:24:08 2022 +0000
tree20dddb526e5b38f4c7b6cb5bd268d6504e0a9713
parentdd81bf770793e16352072cf397be030f0fd540e0 [diff] [blame]
More -Wshorten-64-to-32 fixes.

I had a rewrite of the decrepit ciphers (CAST and Blowfish) to use
CRYPTO_{load,store}_u32_be and drop the old macros, but this is probably
not worth the effort to review. Instead, just fix the type in the macro.

Bug: 516
Change-Id: I1cdecc16f6108a6235f90cf9c2198bc797c6716e
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/54985
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>

diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index 4d56d37..cfd1862 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc

@@ -143,6 +143,7 @@
 #include <algorithm>
 
 #include <assert.h>
+#include <limits.h>
 #include <stdlib.h>
 #include <string.h>
 
@@ -2199,8 +2200,10 @@
 
 void SSL_get0_next_proto_negotiated(const SSL *ssl, const uint8_t **out_data,
                                     unsigned *out_len) {
+  // NPN protocols have one-byte lengths, so they must fit in |unsigned|.
+  assert(ssl->s3->next_proto_negotiated.size() <= UINT_MAX);
   *out_data = ssl->s3->next_proto_negotiated.data();
-  *out_len = ssl->s3->next_proto_negotiated.size();
+  *out_len = static_cast<unsigned>(ssl->s3->next_proto_negotiated.size());
 }
 
 void SSL_CTX_set_next_protos_advertised_cb(
@@ -2220,7 +2223,7 @@
 }
 
 int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const uint8_t *protos,
-                            unsigned protos_len) {
+                            size_t protos_len) {
   // Note this function's return value is backwards.
   auto span = MakeConstSpan(protos, protos_len);
   if (!span.empty() && !ssl_is_valid_alpn_list(span)) {
@@ -2230,7 +2233,7 @@
   return ctx->alpn_client_proto_list.CopyFrom(span) ? 0 : 1;
 }
 
-int SSL_set_alpn_protos(SSL *ssl, const uint8_t *protos, unsigned protos_len) {
+int SSL_set_alpn_protos(SSL *ssl, const uint8_t *protos, size_t protos_len) {
   // Note this function's return value is backwards.
   if (!ssl->config) {
     return 1;
@@ -2254,13 +2257,16 @@
 
 void SSL_get0_alpn_selected(const SSL *ssl, const uint8_t **out_data,
                             unsigned *out_len) {
+  Span<const uint8_t> protocol;
   if (SSL_in_early_data(ssl) && !ssl->server) {
-    *out_data = ssl->s3->hs->early_session->early_alpn.data();
-    *out_len = ssl->s3->hs->early_session->early_alpn.size();
+    protocol = ssl->s3->hs->early_session->early_alpn;
   } else {
-    *out_data = ssl->s3->alpn_selected.data();
-    *out_len = ssl->s3->alpn_selected.size();
+    protocol = ssl->s3->alpn_selected;
   }
+  // ALPN protocols have one-byte lengths, so they must fit in |unsigned|.
+  assert(protocol.size() < UINT_MAX);
+  *out_data = protocol.data();
+  *out_len = static_cast<unsigned>(protocol.size());
 }
 
 void SSL_CTX_set_allow_unknown_alpn_protos(SSL_CTX *ctx, int enabled) {