diff options
Diffstat (limited to 'src/lib/tls')
| -rw-r--r-- | src/lib/tls/msg_cert_verify.cpp | 2 | ||||
| -rw-r--r-- | src/lib/tls/msg_certificate.cpp | 4 | ||||
| -rw-r--r-- | src/lib/tls/tls_channel.cpp | 7 | ||||
| -rw-r--r-- | src/lib/tls/tls_extensions.cpp | 30 | ||||
| -rw-r--r-- | src/lib/tls/tls_handshake_io.cpp | 12 | ||||
| -rw-r--r-- | src/lib/tls/tls_handshake_state.cpp | 6 | ||||
| -rw-r--r-- | src/lib/tls/tls_policy.h | 2 | ||||
| -rw-r--r-- | src/lib/tls/tls_record.cpp | 26 | ||||
| -rw-r--r-- | src/lib/tls/tls_session.cpp | 5 |
9 files changed, 46 insertions, 48 deletions
diff --git a/src/lib/tls/msg_cert_verify.cpp b/src/lib/tls/msg_cert_verify.cpp index 0d157dc57..2598255eb 100644 --- a/src/lib/tls/msg_cert_verify.cpp +++ b/src/lib/tls/msg_cert_verify.cpp @@ -65,7 +65,7 @@ std::vector<byte> Certificate_Verify::serialize() const buf.push_back(Signature_Algorithms::sig_algo_code(m_sig_algo)); } - const u16bit sig_len = m_signature.size(); + const u16bit sig_len = static_cast<u16bit>(m_signature.size()); buf.push_back(get_byte(0, sig_len)); buf.push_back(get_byte(1, sig_len)); buf += m_signature; diff --git a/src/lib/tls/msg_certificate.cpp b/src/lib/tls/msg_certificate.cpp index dbf9dbe12..a83d32d11 100644 --- a/src/lib/tls/msg_certificate.cpp +++ b/src/lib/tls/msg_certificate.cpp @@ -101,14 +101,14 @@ std::vector<byte> Certificate::serialize() const const size_t cert_size = raw_cert.size(); for(size_t j = 0; j != 3; ++j) { - buf.push_back(get_byte<u32bit>(j+1, cert_size)); + buf.push_back(get_byte(j+1, static_cast<u32bit>(cert_size))); } buf += raw_cert; } const size_t buf_size = buf.size() - 3; for(size_t i = 0; i != 3; ++i) - buf[i] = get_byte<u32bit>(i+1, buf_size); + buf[i] = get_byte(i+1, static_cast<u32bit>(buf_size)); return buf; } diff --git a/src/lib/tls/tls_channel.cpp b/src/lib/tls/tls_channel.cpp index cfaeefeb8..4549470e2 100644 --- a/src/lib/tls/tls_channel.cpp +++ b/src/lib/tls/tls_channel.cpp @@ -122,7 +122,7 @@ Handshake_State& Channel::create_handshake_state(Protocol_Version version) io.reset(new Datagram_Handshake_IO( std::bind(&Channel::send_record_under_epoch, this, _1, _2, _3), sequence_numbers(), - m_policy.dtls_default_mtu(), + static_cast<u16bit>(m_policy.dtls_default_mtu()), m_policy.dtls_initial_timeout(), m_policy.dtls_maximum_timeout())); } @@ -632,8 +632,8 @@ SymmetricKey Channel::key_material_export(const std::string& label, size_t context_size = context.length(); if(context_size > 0xFFFF) throw Exception("key_material_export context is too long"); - salt.push_back(get_byte<u16bit>(0, context_size)); - salt.push_back(get_byte<u16bit>(1, context_size)); + salt.push_back(get_byte(0, static_cast<u16bit>(context_size))); + salt.push_back(get_byte(1, static_cast<u16bit>(context_size))); salt += to_byte_vector(context); } @@ -646,4 +646,3 @@ SymmetricKey Channel::key_material_export(const std::string& label, } } - diff --git a/src/lib/tls/tls_extensions.cpp b/src/lib/tls/tls_extensions.cpp index 76a4c8060..49b7355ab 100644 --- a/src/lib/tls/tls_extensions.cpp +++ b/src/lib/tls/tls_extensions.cpp @@ -102,13 +102,13 @@ std::vector<byte> Extensions::serialize() const buf.push_back(get_byte(0, extn_code)); buf.push_back(get_byte(1, extn_code)); - buf.push_back(get_byte<u16bit>(0, extn_val.size())); - buf.push_back(get_byte<u16bit>(1, extn_val.size())); + buf.push_back(get_byte(0, static_cast<u16bit>(extn_val.size()))); + buf.push_back(get_byte(1, static_cast<u16bit>(extn_val.size()))); buf += extn_val; } - const u16bit extn_size = buf.size() - 2; + const u16bit extn_size = static_cast<u16bit>(buf.size() - 2); buf[0] = get_byte(0, extn_size); buf[1] = get_byte(1, extn_size); @@ -150,7 +150,7 @@ Server_Name_Indicator::Server_Name_Indicator(TLS_Data_Reader& reader, if(name_type == 0) // DNS { m_sni_host_name = reader.get_string(2, 1, 65535); - name_bytes -= (2 + m_sni_host_name.size()); + name_bytes -= static_cast<u16bit>(2 + m_sni_host_name.size()); } else // some other unknown name type { @@ -166,12 +166,12 @@ std::vector<byte> Server_Name_Indicator::serialize() const size_t name_len = m_sni_host_name.size(); - buf.push_back(get_byte<u16bit>(0, name_len+3)); - buf.push_back(get_byte<u16bit>(1, name_len+3)); + buf.push_back(get_byte(0, static_cast<u16bit>(name_len+3))); + buf.push_back(get_byte(1, static_cast<u16bit>(name_len+3))); buf.push_back(0); // DNS - buf.push_back(get_byte<u16bit>(0, name_len)); - buf.push_back(get_byte<u16bit>(1, name_len)); + buf.push_back(get_byte(0, static_cast<u16bit>(name_len))); + buf.push_back(get_byte(1, static_cast<u16bit>(name_len))); buf += std::make_pair( reinterpret_cast<const byte*>(m_sni_host_name.data()), @@ -267,8 +267,8 @@ std::vector<byte> Application_Layer_Protocol_Notification::serialize() const 1); } - buf[0] = get_byte<u16bit>(0, buf.size()-2); - buf[1] = get_byte<u16bit>(1, buf.size()-2); + buf[0] = get_byte(0, static_cast<u16bit>(buf.size()-2)); + buf[1] = get_byte(1, static_cast<u16bit>(buf.size()-2)); return buf; } @@ -323,8 +323,8 @@ std::vector<byte> Supported_Elliptic_Curves::serialize() const buf.push_back(get_byte(1, id)); } - buf[0] = get_byte<u16bit>(0, buf.size()-2); - buf[1] = get_byte<u16bit>(1, buf.size()-2); + buf[0] = get_byte(0, static_cast<u16bit>(buf.size()-2)); + buf[1] = get_byte(1, static_cast<u16bit>(buf.size()-2)); return buf; } @@ -438,8 +438,8 @@ std::vector<byte> Signature_Algorithms::serialize() const {} } - buf[0] = get_byte<u16bit>(0, buf.size()-2); - buf[1] = get_byte<u16bit>(1, buf.size()-2); + buf[0] = get_byte(0, static_cast<u16bit>(buf.size()-2)); + buf[1] = get_byte(1, static_cast<u16bit>(buf.size()-2)); return buf; } @@ -495,7 +495,7 @@ std::vector<byte> SRTP_Protection_Profiles::serialize() const { std::vector<byte> buf; - const u16bit pp_len = m_pp.size() * 2; + const u16bit pp_len = static_cast<u16bit>(m_pp.size() * 2); buf.push_back(get_byte(0, pp_len)); buf.push_back(get_byte(1, pp_len)); diff --git a/src/lib/tls/tls_handshake_io.cpp b/src/lib/tls/tls_handshake_io.cpp index f39c9f84e..ed7b1487d 100644 --- a/src/lib/tls/tls_handshake_io.cpp +++ b/src/lib/tls/tls_handshake_io.cpp @@ -28,9 +28,9 @@ inline size_t load_be24(const byte q[3]) void store_be24(byte out[3], size_t val) { - out[0] = get_byte<u32bit>(1, val); - out[1] = get_byte<u32bit>(2, val); - out[2] = get_byte<u32bit>(3, val); + out[0] = get_byte(1, static_cast<u32bit>(val)); + out[1] = get_byte(2, static_cast<u32bit>(val)); + out[2] = get_byte(3, static_cast<u32bit>(val)); } u64bit steady_clock_ms() @@ -376,7 +376,7 @@ Datagram_Handshake_IO::format_w_seq(const std::vector<byte>& msg, Handshake_Type type, u16bit msg_sequence) const { - return format_fragment(msg.data(), msg.size(), 0, msg.size(), type, msg_sequence); + return format_fragment(msg.data(), msg.size(), 0, static_cast<u16bit>(msg.size()), type, msg_sequence); } std::vector<byte> @@ -441,8 +441,8 @@ std::vector<byte> Datagram_Handshake_IO::send_message(u16bit msg_seq, HANDSHAKE, format_fragment(&msg_bits[frag_offset], frag_len, - frag_offset, - msg_bits.size(), + static_cast<u16bit>(frag_offset), + static_cast<u16bit>(msg_bits.size()), msg_type, msg_seq)); diff --git a/src/lib/tls/tls_handshake_state.cpp b/src/lib/tls/tls_handshake_state.cpp index 67ba43265..afc32ba87 100644 --- a/src/lib/tls/tls_handshake_state.cpp +++ b/src/lib/tls/tls_handshake_state.cpp @@ -287,7 +287,7 @@ void Handshake_State::confirm_transition_to(Handshake_Type handshake_msg) m_hand_received_mask |= mask; - const bool ok = (m_hand_expecting_mask & mask); // overlap? + const bool ok = (m_hand_expecting_mask & mask) != 0; // overlap? if(!ok) throw Unexpected_Message("Unexpected state transition in handshake, got type " + @@ -311,14 +311,14 @@ bool Handshake_State::received_handshake_msg(Handshake_Type handshake_msg) const { const u32bit mask = bitmask_for_handshake_type(handshake_msg); - return (m_hand_received_mask & mask); + return (m_hand_received_mask & mask) != 0; } std::pair<Handshake_Type, std::vector<byte>> Handshake_State::get_next_handshake_msg() { const bool expecting_ccs = - (bitmask_for_handshake_type(HANDSHAKE_CCS) & m_hand_expecting_mask); + (bitmask_for_handshake_type(HANDSHAKE_CCS) & m_hand_expecting_mask) != 0; return m_handshake_io->get_next_record(expecting_ccs); } diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h index dc24d73e2..3a09a1747 100644 --- a/src/lib/tls/tls_policy.h +++ b/src/lib/tls/tls_policy.h @@ -362,7 +362,7 @@ class BOTAN_DLL Text_Policy : public Policy { return get_bool("hide_unknown_users", Policy::hide_unknown_users()); } u32bit session_ticket_lifetime() const override - { return get_len("session_ticket_lifetime", Policy::session_ticket_lifetime()); } + { return static_cast<u32bit>(get_len("session_ticket_lifetime", Policy::session_ticket_lifetime())); } bool send_fallback_scsv(Protocol_Version version) const override { return get_bool("send_fallback_scsv", false) ? Policy::send_fallback_scsv(version) : false; } diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp index 438dce178..16dfecc6a 100644 --- a/src/lib/tls/tls_record.cpp +++ b/src/lib/tls/tls_record.cpp @@ -174,8 +174,8 @@ void write_record(secure_vector<byte>& output, if(!cs) // initial unencrypted handshake records { - output.push_back(get_byte<u16bit>(0, msg_length)); - output.push_back(get_byte<u16bit>(1, msg_length)); + output.push_back(get_byte(0, static_cast<u16bit>(msg_length))); + output.push_back(get_byte(1, static_cast<u16bit>(msg_length))); output.insert(output.end(), msg, msg + msg_length); @@ -192,10 +192,10 @@ void write_record(secure_vector<byte>& output, const size_t rec_size = ctext_size + cs->nonce_bytes_from_record(); BOTAN_ASSERT(rec_size <= 0xFFFF, "Ciphertext length fits in field"); - output.push_back(get_byte<u16bit>(0, rec_size)); - output.push_back(get_byte<u16bit>(1, rec_size)); + output.push_back(get_byte(0, static_cast<u16bit>(rec_size))); + output.push_back(get_byte(1, static_cast<u16bit>(rec_size))); - aead->set_ad(cs->format_ad(seq, msg_type, version, msg_length)); + aead->set_ad(cs->format_ad(seq, msg_type, version, static_cast<u16bit>(msg_length))); if(cs->nonce_bytes_from_record() > 0) { @@ -221,7 +221,7 @@ void write_record(secure_vector<byte>& output, if(!cs->uses_encrypt_then_mac()) { - cs->mac()->update(cs->format_ad(seq, msg_type, version, msg_length)); + cs->mac()->update(cs->format_ad(seq, msg_type, version, static_cast<u16bit>(msg_length))); cs->mac()->update(msg, msg_length); const size_t buf_size = round_up( @@ -231,8 +231,8 @@ void write_record(secure_vector<byte>& output, if(buf_size > MAX_CIPHERTEXT_SIZE) throw Internal_Error("Output record is larger than allowed by protocol"); - output.push_back(get_byte<u16bit>(0, buf_size)); - output.push_back(get_byte<u16bit>(1, buf_size)); + output.push_back(get_byte(0, static_cast<u16bit>(buf_size))); + output.push_back(get_byte(1, static_cast<u16bit>(buf_size))); const size_t header_size = output.size(); @@ -253,7 +253,7 @@ void write_record(secure_vector<byte>& output, buf_size - (iv_size + msg_length + mac_size + 1); for(size_t i = 0; i != pad_val + 1; ++i) - output.push_back(pad_val); + output.push_back(static_cast<byte>(pad_val)); } if(buf_size > MAX_CIPHERTEXT_SIZE) @@ -407,7 +407,7 @@ u16bit tls_padding_check(const byte record[], size_t record_len) for(size_t i = 0; i != record_len; ++i) { const size_t left = record_len - i - 2; - const byte delim_mask = CT::is_less<u16bit>(left, pad_byte) & 0xFF; + const byte delim_mask = CT::is_less<u16bit>(static_cast<u16bit>(left), pad_byte) & 0xFF; pad_invalid |= (delim_mask & (record[i] ^ pad_byte)); } @@ -465,7 +465,7 @@ void decrypt_record(secure_vector<byte>& output, const size_t ptext_size = aead->output_length(msg_length); aead->set_associated_data_vec( - cs.format_ad(record_sequence, record_type, record_version, ptext_size) + cs.format_ad(record_sequence, record_type, record_version, static_cast<u16bit>(ptext_size)) ); output += aead->start(nonce); @@ -501,7 +501,7 @@ void decrypt_record(secure_vector<byte>& output, // This mask is zero if there is not enough room in the packet to get // a valid MAC. We have to accept empty packets, since otherwise we // are not compatible with the BEAST countermeasure (thus record_len+1). - const u16bit size_ok_mask = CT::is_less<u16bit>(mac_size + pad_size + iv_size, record_len + 1); + const u16bit size_ok_mask = CT::is_lte<u16bit>(static_cast<u16bit>(mac_size + pad_size + iv_size), static_cast<u16bit>(record_len + 1)); pad_size &= size_ok_mask; CT::unpoison(record_contents, record_len); @@ -513,7 +513,7 @@ void decrypt_record(secure_vector<byte>& output, CT::unpoison(pad_size); const byte* plaintext_block = &record_contents[iv_size]; - const u16bit plaintext_length = record_len - mac_size - iv_size - pad_size; + const u16bit plaintext_length = static_cast<u16bit>(record_len - mac_size - iv_size - pad_size); cs.mac()->update(cs.format_ad(record_sequence, record_type, record_version, plaintext_length)); cs.mac()->update(plaintext_block, plaintext_length); diff --git a/src/lib/tls/tls_session.cpp b/src/lib/tls/tls_session.cpp index c02bbd9ab..d6b52846f 100644 --- a/src/lib/tls/tls_session.cpp +++ b/src/lib/tls/tls_session.cpp @@ -109,11 +109,11 @@ Session::Session(const byte ber[], size_t ber_len) m_version = Protocol_Version(major_version, minor_version); m_start_time = std::chrono::system_clock::from_time_t(start_time); m_connection_side = static_cast<Connection_Side>(side_code); - m_srtp_profile = srtp_profile; + m_srtp_profile = static_cast<u16bit>(srtp_profile); m_server_info = Server_Information(server_hostname.value(), server_service.value(), - server_port); + static_cast<u16bit>(server_port)); m_srp_identifier = srp_identifier_str.value(); @@ -222,4 +222,3 @@ Session Session::decrypt(const byte in[], size_t in_len, const SymmetricKey& key } } - |