0

Use size_t in crypto::SignatureVerifier.

Most places were already passing in a size_t and truncating. This should
fix the remainig which I found.

BUG=488553

Review-Url: https://codereview.chromium.org/2768033002
Cr-Commit-Position: refs/heads/master@{#459249}
This commit is contained in:
davidben
2017-03-23 15:14:32 -07:00
committed by Commit bot
parent cead650526
commit cfb6ad6afb
9 changed files with 36 additions and 34 deletions

@ -170,10 +170,9 @@ bool Ecdsa::ValidateResponse(const base::StringPiece& response_body,
// Initialize the signature verifier.
crypto::SignatureVerifier verifier;
if (!verifier.VerifyInit(
crypto::SignatureVerifier::ECDSA_SHA256, &signature.front(),
static_cast<int>(signature.size()), &public_key_.front(),
static_cast<int>(public_key_.size()))) {
if (!verifier.VerifyInit(crypto::SignatureVerifier::ECDSA_SHA256,
&signature.front(), signature.size(),
&public_key_.front(), public_key_.size())) {
DVLOG(1) << "Couldn't init SignatureVerifier.";
return false;
}
@ -184,7 +183,7 @@ bool Ecdsa::ValidateResponse(const base::StringPiece& response_body,
// client assembled -- implying that either request body or response body
// was modified, or a different nonce value was used.
verifier.VerifyUpdate(&signed_message_hash.front(),
static_cast<int>(signed_message_hash.size()));
signed_message_hash.size());
return verifier.VerifyFinal();
}

@ -160,8 +160,8 @@ CrxFile::ValidateError CrxFile::ValidateSignature(
crypto::SignatureVerifier verifier;
if (!verifier.VerifyInit(crypto::SignatureVerifier::RSA_PKCS1_SHA1,
signature.data(), static_cast<int>(signature.size()),
key.data(), static_cast<int>(key.size()))) {
signature.data(), signature.size(), key.data(),
key.size())) {
// Signature verification initialization failed. This is most likely
// caused by a public key in the wrong format (should encode algorithm).
return ValidateError::CRX_SIGNATURE_VERIFICATION_INITIALIZATION_FAILED;
@ -170,7 +170,7 @@ CrxFile::ValidateError CrxFile::ValidateSignature(
uint8_t buf[1 << 12] = {};
while ((len = ReadAndHash(buf, sizeof(buf[0]), arraysize(buf), file.get(),
hash.get())) > 0)
verifier.VerifyUpdate(buf, static_cast<int>(len));
verifier.VerifyUpdate(buf, len);
if (!verifier.VerifyFinal())
return ValidateError::CRX_SIGNATURE_VERIFICATION_FAILED;

@ -10,6 +10,7 @@
#include <vector>
#include "base/logging.h"
#include "base/numerics/safe_conversions.h"
#include "crypto/openssl_util.h"
#include "third_party/boringssl/src/include/openssl/bytestring.h"
#include "third_party/boringssl/src/include/openssl/digest.h"
@ -42,9 +43,9 @@ SignatureVerifier::~SignatureVerifier() {}
bool SignatureVerifier::VerifyInit(SignatureAlgorithm signature_algorithm,
const uint8_t* signature,
int signature_len,
size_t signature_len,
const uint8_t* public_key_info,
int public_key_info_len) {
size_t public_key_info_len) {
int pkey_type = EVP_PKEY_NONE;
const EVP_MD* digest = nullptr;
switch (signature_algorithm) {
@ -70,11 +71,11 @@ bool SignatureVerifier::VerifyInit(SignatureAlgorithm signature_algorithm,
bool SignatureVerifier::VerifyInitRSAPSS(HashAlgorithm hash_alg,
HashAlgorithm mask_hash_alg,
int salt_len,
size_t salt_len,
const uint8_t* signature,
int signature_len,
size_t signature_len,
const uint8_t* public_key_info,
int public_key_info_len) {
size_t public_key_info_len) {
OpenSSLErrStackTracer err_tracer(FROM_HERE);
const EVP_MD* const digest = ToOpenSSLDigest(hash_alg);
DCHECK(digest);
@ -97,15 +98,16 @@ bool SignatureVerifier::VerifyInitRSAPSS(HashAlgorithm hash_alg,
return false;
}
return EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, mgf_digest) &&
EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, salt_len);
EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx,
base::checked_cast<int>(salt_len));
}
void SignatureVerifier::VerifyUpdate(const uint8_t* data_part,
int data_part_len) {
size_t data_part_len) {
DCHECK(verify_context_);
OpenSSLErrStackTracer err_tracer(FROM_HERE);
int rv = EVP_DigestVerifyUpdate(verify_context_->ctx.get(),
data_part, data_part_len);
int rv = EVP_DigestVerifyUpdate(verify_context_->ctx.get(), data_part,
data_part_len);
DCHECK_EQ(rv, 1);
}
@ -122,9 +124,9 @@ bool SignatureVerifier::VerifyFinal() {
bool SignatureVerifier::CommonInit(int pkey_type,
const EVP_MD* digest,
const uint8_t* signature,
int signature_len,
size_t signature_len,
const uint8_t* public_key_info,
int public_key_info_len,
size_t public_key_info_len,
EVP_PKEY_CTX** pkey_ctx) {
if (verify_context_)
return false;

@ -54,9 +54,9 @@ class CRYPTO_EXPORT SignatureVerifier {
// subjectPublicKey BIT STRING }
bool VerifyInit(SignatureAlgorithm signature_algorithm,
const uint8_t* signature,
int signature_len,
size_t signature_len,
const uint8_t* public_key_info,
int public_key_info_len);
size_t public_key_info_len);
// Initiates a RSA-PSS signature verification operation. This should be
// followed by one or more VerifyUpdate calls and a VerifyFinal call.
@ -76,14 +76,14 @@ class CRYPTO_EXPORT SignatureVerifier {
// subjectPublicKey BIT STRING }
bool VerifyInitRSAPSS(HashAlgorithm hash_alg,
HashAlgorithm mask_hash_alg,
int salt_len,
size_t salt_len,
const uint8_t* signature,
int signature_len,
size_t signature_len,
const uint8_t* public_key_info,
int public_key_info_len);
size_t public_key_info_len);
// Feeds a piece of the data to the signature verifier.
void VerifyUpdate(const uint8_t* data_part, int data_part_len);
void VerifyUpdate(const uint8_t* data_part, size_t data_part_len);
// Concludes a signature verification operation. Returns true if the
// signature is valid. Returns false if the signature is invalid or an
@ -94,9 +94,9 @@ class CRYPTO_EXPORT SignatureVerifier {
bool CommonInit(int pkey_type,
const EVP_MD* digest,
const uint8_t* signature,
int signature_len,
size_t signature_len,
const uint8_t* public_key_info,
int public_key_info_len,
size_t public_key_info_len,
EVP_PKEY_CTX** pkey_ctx);
void Reset();

@ -24,9 +24,10 @@ class Extension;
// A pointer to the bytes of a public key, and the number of bytes.
struct ContentVerifierKey {
const uint8_t* data;
int size;
size_t size;
ContentVerifierKey(const uint8_t* data, int size) : data(data), size(size) {}
ContentVerifierKey(const uint8_t* data, size_t size)
: data(data), size(size) {}
};
// This is an interface for clients that want to use a ContentVerifier.

@ -62,7 +62,7 @@ DictionaryValue* FindDictionaryWithValue(const ListValue* list,
namespace extensions {
VerifiedContents::VerifiedContents(const uint8_t* public_key,
int public_key_size)
size_t public_key_size)
: public_key_(public_key),
public_key_size_(public_key_size),
valid_signature_(false), // Guilty until proven innocent.

@ -24,7 +24,7 @@ namespace extensions {
class VerifiedContents {
public:
// Note: the public_key must remain valid for the lifetime of this object.
VerifiedContents(const uint8_t* public_key, int public_key_size);
VerifiedContents(const uint8_t* public_key, size_t public_key_size);
~VerifiedContents();
// Returns true if we successfully parsed the verified_contents.json file at
@ -59,7 +59,7 @@ class VerifiedContents {
// The public key we should use for signature verification.
const uint8_t* public_key_;
const int public_key_size_;
const size_t public_key_size_;
// Indicates whether the signature was successfully validated or not.
bool valid_signature_;

@ -80,7 +80,7 @@ const uint8_t kWebstoreSignaturesPublicKey[] = {
0x58, 0x34, 0xc8, 0x22, 0x2d, 0x2a, 0x65, 0x75, 0xa7, 0xd9, 0x08, 0x62,
0xcd, 0x02, 0x03, 0x01, 0x00, 0x01};
const int kWebstoreSignaturesPublicKeySize =
const size_t kWebstoreSignaturesPublicKeySize =
arraysize(kWebstoreSignaturesPublicKey);
const char kMimeTypeJpeg[] = "image/jpeg";

@ -111,7 +111,7 @@ extern const char kWebStoreAppId[];
// The key used for signing some pieces of data from the webstore.
extern const uint8_t kWebstoreSignaturesPublicKey[];
extern const int kWebstoreSignaturesPublicKeySize;
extern const size_t kWebstoreSignaturesPublicKeySize;
// Enumeration of possible app launch sources.
// This should be kept in sync with LaunchSource in