Use size_t in crypto::SignatureVerifier.

Most places were already passing in a size_t and truncating. This should
fix the remainig which I found.

BUG=488553

Review-Url: https://codereview.chromium.org/2768033002
Cr-Commit-Position: refs/heads/master@{#459249}

components/client_update_protocol/ecdsa.cc

@@ -170,10 +170,9 @@ bool Ecdsa::ValidateResponse(const base::StringPiece& response_body,
 
   // Initialize the signature verifier.
   crypto::SignatureVerifier verifier;
-  if (!verifier.VerifyInit(
+  if (!verifier.VerifyInit(crypto::SignatureVerifier::ECDSA_SHA256,
-          crypto::SignatureVerifier::ECDSA_SHA256, &signature.front(),
+                           &signature.front(), signature.size(),
-          static_cast<int>(signature.size()), &public_key_.front(),
+                           &public_key_.front(), public_key_.size())) {
-          static_cast<int>(public_key_.size()))) {
     DVLOG(1) << "Couldn't init SignatureVerifier.";
     return false;
   }
@@ -184,7 +183,7 @@ bool Ecdsa::ValidateResponse(const base::StringPiece& response_body,
   //   client assembled -- implying that either request body or response body
   //   was modified, or a different nonce value was used.
   verifier.VerifyUpdate(&signed_message_hash.front(),
-                        static_cast<int>(signed_message_hash.size()));
+                        signed_message_hash.size());
   return verifier.VerifyFinal();
 }
 

components/crx_file/crx_file.cc

@@ -160,8 +160,8 @@ CrxFile::ValidateError CrxFile::ValidateSignature(
 
   crypto::SignatureVerifier verifier;
   if (!verifier.VerifyInit(crypto::SignatureVerifier::RSA_PKCS1_SHA1,
-                           signature.data(), static_cast<int>(signature.size()),
+                           signature.data(), signature.size(), key.data(),
-                           key.data(), static_cast<int>(key.size()))) {
+                           key.size())) {
     // Signature verification initialization failed. This is most likely
     // caused by a public key in the wrong format (should encode algorithm).
     return ValidateError::CRX_SIGNATURE_VERIFICATION_INITIALIZATION_FAILED;
@@ -170,7 +170,7 @@ CrxFile::ValidateError CrxFile::ValidateSignature(
   uint8_t buf[1 << 12] = {};
   while ((len = ReadAndHash(buf, sizeof(buf[0]), arraysize(buf), file.get(),
                             hash.get())) > 0)
-    verifier.VerifyUpdate(buf, static_cast<int>(len));
+    verifier.VerifyUpdate(buf, len);
 
   if (!verifier.VerifyFinal())
     return ValidateError::CRX_SIGNATURE_VERIFICATION_FAILED;

crypto/signature_verifier.cc

@@ -10,6 +10,7 @@
 #include <vector>
 
 #include "base/logging.h"
+#include "base/numerics/safe_conversions.h"
 #include "crypto/openssl_util.h"
 #include "third_party/boringssl/src/include/openssl/bytestring.h"
 #include "third_party/boringssl/src/include/openssl/digest.h"
@@ -42,9 +43,9 @@ SignatureVerifier::~SignatureVerifier() {}
 
 bool SignatureVerifier::VerifyInit(SignatureAlgorithm signature_algorithm,
                                    const uint8_t* signature,
-                                   int signature_len,
+                                   size_t signature_len,
                                    const uint8_t* public_key_info,
-                                   int public_key_info_len) {
+                                   size_t public_key_info_len) {
   int pkey_type = EVP_PKEY_NONE;
   const EVP_MD* digest = nullptr;
   switch (signature_algorithm) {
@@ -70,11 +71,11 @@ bool SignatureVerifier::VerifyInit(SignatureAlgorithm signature_algorithm,
 
 bool SignatureVerifier::VerifyInitRSAPSS(HashAlgorithm hash_alg,
                                          HashAlgorithm mask_hash_alg,
-                                         int salt_len,
+                                         size_t salt_len,
                                          const uint8_t* signature,
-                                         int signature_len,
+                                         size_t signature_len,
                                          const uint8_t* public_key_info,
-                                         int public_key_info_len) {
+                                         size_t public_key_info_len) {
   OpenSSLErrStackTracer err_tracer(FROM_HERE);
   const EVP_MD* const digest = ToOpenSSLDigest(hash_alg);
   DCHECK(digest);
@@ -97,15 +98,16 @@ bool SignatureVerifier::VerifyInitRSAPSS(HashAlgorithm hash_alg,
     return false;
   }
   return EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, mgf_digest) &&
-         EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, salt_len);
+         EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx,
+                                          base::checked_cast<int>(salt_len));
 }
 
 void SignatureVerifier::VerifyUpdate(const uint8_t* data_part,
-                                     int data_part_len) {
+                                     size_t data_part_len) {
   DCHECK(verify_context_);
   OpenSSLErrStackTracer err_tracer(FROM_HERE);
-  int rv = EVP_DigestVerifyUpdate(verify_context_->ctx.get(),
+  int rv = EVP_DigestVerifyUpdate(verify_context_->ctx.get(), data_part,
-                                  data_part, data_part_len);
+                                  data_part_len);
   DCHECK_EQ(rv, 1);
 }
 
@@ -122,9 +124,9 @@ bool SignatureVerifier::VerifyFinal() {
 bool SignatureVerifier::CommonInit(int pkey_type,
                                    const EVP_MD* digest,
                                    const uint8_t* signature,
-                                   int signature_len,
+                                   size_t signature_len,
                                    const uint8_t* public_key_info,
-                                   int public_key_info_len,
+                                   size_t public_key_info_len,
                                    EVP_PKEY_CTX** pkey_ctx) {
   if (verify_context_)
     return false;

crypto/signature_verifier.h

@@ -54,9 +54,9 @@ class CRYPTO_EXPORT SignatureVerifier {
   //       subjectPublicKey     BIT STRING  }
   bool VerifyInit(SignatureAlgorithm signature_algorithm,
                   const uint8_t* signature,
-                  int signature_len,
+                  size_t signature_len,
                   const uint8_t* public_key_info,
-                  int public_key_info_len);
+                  size_t public_key_info_len);
 
   // Initiates a RSA-PSS signature verification operation.  This should be
   // followed by one or more VerifyUpdate calls and a VerifyFinal call.
@@ -76,14 +76,14 @@ class CRYPTO_EXPORT SignatureVerifier {
   //       subjectPublicKey     BIT STRING  }
   bool VerifyInitRSAPSS(HashAlgorithm hash_alg,
                         HashAlgorithm mask_hash_alg,
-                        int salt_len,
+                        size_t salt_len,
                         const uint8_t* signature,
-                        int signature_len,
+                        size_t signature_len,
                         const uint8_t* public_key_info,
-                        int public_key_info_len);
+                        size_t public_key_info_len);
 
   // Feeds a piece of the data to the signature verifier.
-  void VerifyUpdate(const uint8_t* data_part, int data_part_len);
+  void VerifyUpdate(const uint8_t* data_part, size_t data_part_len);
 
   // Concludes a signature verification operation.  Returns true if the
   // signature is valid.  Returns false if the signature is invalid or an
@@ -94,9 +94,9 @@ class CRYPTO_EXPORT SignatureVerifier {
   bool CommonInit(int pkey_type,
                   const EVP_MD* digest,
                   const uint8_t* signature,
-                  int signature_len,
+                  size_t signature_len,
                   const uint8_t* public_key_info,
-                  int public_key_info_len,
+                  size_t public_key_info_len,
                   EVP_PKEY_CTX** pkey_ctx);
 
   void Reset();

extensions/browser/content_verifier_delegate.h

@@ -24,9 +24,10 @@ class Extension;
 // A pointer to the bytes of a public key, and the number of bytes.
 struct ContentVerifierKey {
   const uint8_t* data;
-  int size;
+  size_t size;
 
-  ContentVerifierKey(const uint8_t* data, int size) : data(data), size(size) {}
+  ContentVerifierKey(const uint8_t* data, size_t size)
+      : data(data), size(size) {}
 };
 
 // This is an interface for clients that want to use a ContentVerifier.

extensions/browser/verified_contents.cc

@@ -62,7 +62,7 @@ DictionaryValue* FindDictionaryWithValue(const ListValue* list,
 namespace extensions {
 
 VerifiedContents::VerifiedContents(const uint8_t* public_key,
-                                   int public_key_size)
+                                   size_t public_key_size)
     : public_key_(public_key),
       public_key_size_(public_key_size),
       valid_signature_(false),  // Guilty until proven innocent.

extensions/browser/verified_contents.h

@@ -24,7 +24,7 @@ namespace extensions {
 class VerifiedContents {
  public:
   // Note: the public_key must remain valid for the lifetime of this object.
-  VerifiedContents(const uint8_t* public_key, int public_key_size);
+  VerifiedContents(const uint8_t* public_key, size_t public_key_size);
   ~VerifiedContents();
 
   // Returns true if we successfully parsed the verified_contents.json file at
@@ -59,7 +59,7 @@ class VerifiedContents {
 
   // The public key we should use for signature verification.
   const uint8_t* public_key_;
-  const int public_key_size_;
+  const size_t public_key_size_;
 
   // Indicates whether the signature was successfully validated or not.
   bool valid_signature_;

extensions/common/constants.cc

@@ -80,7 +80,7 @@ const uint8_t kWebstoreSignaturesPublicKey[] = {
     0x58, 0x34, 0xc8, 0x22, 0x2d, 0x2a, 0x65, 0x75, 0xa7, 0xd9, 0x08, 0x62,
     0xcd, 0x02, 0x03, 0x01, 0x00, 0x01};
 
-const int kWebstoreSignaturesPublicKeySize =
+const size_t kWebstoreSignaturesPublicKeySize =
     arraysize(kWebstoreSignaturesPublicKey);
 
 const char kMimeTypeJpeg[] = "image/jpeg";

extensions/common/constants.h

@@ -111,7 +111,7 @@ extern const char kWebStoreAppId[];
 
 // The key used for signing some pieces of data from the webstore.
 extern const uint8_t kWebstoreSignaturesPublicKey[];
-extern const int kWebstoreSignaturesPublicKeySize;
+extern const size_t kWebstoreSignaturesPublicKeySize;
 
 // Enumeration of possible app launch sources.
 // This should be kept in sync with LaunchSource in