clang-tidy: fix bugprone-narrowing-conversions

Signed-off-by: Johannes Holland <[email protected]>

.clang-tidy

@@ -7,8 +7,6 @@
 #   want to turn into opaque or strong types. They are part of the API.
 # -bugprone-implicit-widening-of-multiplication-result
 #   [TODO]
-# -bugprone-narrowing-conversions
-#   [TODO]
 #
 # -clang-analyzer-optin.performance.Padding
 #   We prefer logical/semantic order over (potentially insignificant)
@@ -25,7 +23,6 @@ Checks: "\
   -bugprone-branch-clone, \
   -bugprone-easily-swappable-parameters, \
   -bugprone-implicit-widening-of-multiplication-result, \
-  -bugprone-narrowing-conversions, \
   \
   clang-analyzer, \
   -clang-analyzer-optin.performance.Padding, \

src/tss2-esys/esys_crypto.c

@@ -615,25 +615,28 @@ iesys_crypto_KDFa(ESYS_CRYPTO_CALLBACKS *crypto_cb,
                   "IESYS KDFa contextV key");
     BYTE *subKey = outKey;
     UINT32 counter = 0;
-    INT32 bytes = 0;
+    size_t bytes = 0;
     size_t hlen = 0;
     TSS2_RC r = iesys_crypto_hash_get_digest_size(hashAlg, &hlen);
     return_if_error(r, "Error");
     if (counterInOut != NULL)
         counter = *counterInOut;
     bytes = use_digest_size ? hlen : (bitLength + 7) / 8;
-    LOG_DEBUG("IESYS KDFa hmac key bytes: %i", bytes);
+    LOG_DEBUG("IESYS KDFa hmac key bytes: %zu", bytes);
 
      /* Fill outKey with results from KDFaHmac */
-    for (; bytes > 0; subKey = &subKey[hlen], bytes = bytes - hlen) {
-        LOG_TRACE("IESYS KDFa hmac key bytes: %i", bytes);
-        //if(bytes < (INT32)hlen)
-        //    hlen = bytes;
+    for (;; subKey = &subKey[hlen], bytes = bytes - hlen) {
+        LOG_TRACE("IESYS KDFa hmac key bytes: %zu", bytes);
         counter++;
         r = iesys_crypto_KDFaHmac(crypto_cb, hashAlg, hmacKey,
                                   hmacKeySize, counter, label, contextU,
                                   contextV, bitLength, &subKey[0], &hlen);
         return_if_error(r, "Error");
+
+        if (bytes <= hlen) {
+            /* no bytes remaining */
+            break;
+        }
     }
     if ((bitLength % 8) != 0)
         outKey[0] &= ((((BYTE)1) << (bitLength % 8)) - 1);
@@ -669,7 +672,7 @@ iesys_crypto_KDFe(ESYS_CRYPTO_CALLBACKS *crypto_cb,
 {
     TSS2_RC r = TSS2_RC_SUCCESS;
     size_t hash_len;
-    INT16 byte_size = (INT16)((bit_size +7) / 8);
+    size_t byte_size = ((bit_size +7) / 8);
     BYTE *stream = key;
     ESYS_CRYPTO_CONTEXT_BLOB *cryptoContext;
     BYTE counter_buffer[4];
@@ -691,7 +694,7 @@ iesys_crypto_KDFe(ESYS_CRYPTO_CALLBACKS *crypto_cb,
     }
 
     /* Fill seed key with hash of counter, Z, label, partyUInfo, and partyVInfo */
-    for (; byte_size > 0; stream = &stream[hash_len], byte_size = byte_size - hash_len)
+    for (;; stream = &stream[hash_len], byte_size = byte_size - hash_len)
         {
             counter ++;
             r = iesys_crypto_hash_start(crypto_cb,
@@ -730,6 +733,11 @@ iesys_crypto_KDFe(ESYS_CRYPTO_CALLBACKS *crypto_cb,
             r = iesys_crypto_hash_finish(crypto_cb,
                 &cryptoContext, (uint8_t *) stream, &hash_len);
             goto_if_error(r, "Error", error);
+
+            if (byte_size <= hash_len) {
+                /* no bytes remaining */
+                break;
+            }
         }
     LOGBLOB_DEBUG(key, bit_size/8, "Result KDFe");
     if((bit_size % 8) != 0)

src/tss2-esys/esys_crypto_ossl.c

@@ -752,7 +752,7 @@ iesys_cryptossl_pk_encrypt(TPM2B_PUBLIC * pub_tpm_key,
                    "Could not duplicate OAEP label", cleanup);
     }
 
-    if (1 != EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, label_copy, strlen(label_copy)+1)) {
+    if (1 != EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, label_copy, (int) strlen(label_copy)+1)) {
         OPENSSL_free(label_copy);
         goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE,
                    "Could not set RSA label.", cleanup);
@@ -989,12 +989,12 @@ iesys_cryptossl_get_ecdh_point(TPM2B_PUBLIC *key,
     }
 #endif
 
-    if (1 != iesys_bn2binpad(bn_x, &Q->x.buffer[0], key_size)) {
+    if (1 != iesys_bn2binpad(bn_x, &Q->x.buffer[0], (int) key_size)) {
         goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE,
                    "Write big num byte buffer", cleanup);
     }
 
-    if (1 != iesys_bn2binpad(bn_y, &Q->y.buffer[0], key_size)) {
+    if (1 != iesys_bn2binpad(bn_y, &Q->y.buffer[0], (int) key_size)) {
         goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE,
                    "Write big num byte buffer", cleanup);
     }
@@ -1024,7 +1024,7 @@ iesys_cryptossl_get_ecdh_point(TPM2B_PUBLIC *key,
                    "Get affine x coordinate", cleanup);
     }
 
-    if (1 != iesys_bn2binpad(bn_x, &Z->buffer[0], key_size)) {
+    if (1 != iesys_bn2binpad(bn_x, &Z->buffer[0], (int) key_size)) {
         goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE,
                    "Write big num byte buffer", cleanup);
     }
@@ -1120,7 +1120,7 @@ iesys_cryptossl_sym_aes_encrypt(uint8_t * key,
     }
 
     /* Perform the encryption */
-    if (1 != EVP_EncryptUpdate(ctx, buffer, &cipher_len, buffer, buffer_size)) {
+    if (1 != EVP_EncryptUpdate(ctx, buffer, &cipher_len, buffer, (int) buffer_size)) {
         goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE, "Encrypt update", cleanup);
     }
 
@@ -1203,7 +1203,7 @@ iesys_cryptossl_sym_aes_decrypt(uint8_t * key,
     }
 
     /* Perform the decryption */
-    if (1 != EVP_DecryptUpdate(ctx, buffer, &cipher_len, buffer, buffer_size)) {
+    if (1 != EVP_DecryptUpdate(ctx, buffer, &cipher_len, buffer, (int) buffer_size)) {
         goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE, "Encrypt update", cleanup);
     }
 
@@ -1282,7 +1282,7 @@ iesys_cryptossl_sym_sm4_encrypt(uint8_t * key,
     }
 
     /* Perform the encryption */
-    if (1 != EVP_EncryptUpdate(ctx, buffer, &cipher_len, buffer, buffer_size)) {
+    if (1 != EVP_EncryptUpdate(ctx, buffer, &cipher_len, buffer, (int) buffer_size)) {
         goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE, "Encrypt update", cleanup);
     }
 
@@ -1361,7 +1361,7 @@ iesys_cryptossl_sym_sm4_decrypt(uint8_t * key,
     }
 
     /* Perform the decryption */
-    if (1 != EVP_DecryptUpdate(ctx, buffer, &cipher_len, buffer, buffer_size)) {
+    if (1 != EVP_DecryptUpdate(ctx, buffer, &cipher_len, buffer, (int) buffer_size)) {
         goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE, "Encrypt update", cleanup);
     }
 

src/tss2-fapi/fapi_crypto.c

@@ -752,7 +752,7 @@ ifapi_ecc_der_sig_to_tpm(
     const BIGNUM *bnr;
     const BIGNUM *bns;
 
-    d2i_ECDSA_SIG(&ecdsaSignature, &signature, signatureSize);
+    d2i_ECDSA_SIG(&ecdsaSignature, &signature, (long) signatureSize);
     return_if_null(ecdsaSignature, "Invalid DER signature",
                    TSS2_FAPI_RC_GENERAL_FAILURE);
 
@@ -1188,12 +1188,12 @@ get_ecc_tpm2b_public_from_evp(
     tpmPublic->publicArea.unique.ecc.x.size = ecKeySize;
     tpmPublic->publicArea.unique.ecc.y.size = ecKeySize;
     if (1 != ifapi_bn2binpad(bnX, &tpmPublic->publicArea.unique.ecc.x.buffer[0],
-                             ecKeySize)) {
+                             (int) ecKeySize)) {
         goto_error(r, TSS2_FAPI_RC_GENERAL_FAILURE,
                    "Write big num byte buffer", cleanup);
     }
     if (1 != ifapi_bn2binpad(bnY, &tpmPublic->publicArea.unique.ecc.y.buffer[0],
-                             ecKeySize)) {
+                             (int) ecKeySize)) {
         goto_error(r, TSS2_FAPI_RC_GENERAL_FAILURE,
                    "Write big num byte buffer", cleanup);
     }
@@ -1253,7 +1253,7 @@ ifapi_get_evp_from_pem(const char *pemKey, EVP_PKEY **publicKey) {
     BIO *bufio = NULL;
 
     /* Use BIO for conversion */
-    bufio = BIO_new_mem_buf((void *)pemKey, strlen(pemKey));
+    bufio = BIO_new_mem_buf((void *)pemKey, (int) strlen(pemKey));
     goto_if_null(bufio, "BIO buffer could not be allocated.",
                  TSS2_FAPI_RC_MEMORY, cleanup);
 
@@ -1418,7 +1418,7 @@ ifapi_verify_signature_quote(
 
     /* Create an OpenSSL object for the key */
     bufio = BIO_new_mem_buf((void *)public_pem_key,
-                            strlen(public_pem_key));
+                            (int) strlen(public_pem_key));
     goto_if_null(bufio, "BIO buffer could not be allocated.",
                  TSS2_FAPI_RC_MEMORY, error_cleanup);
 
@@ -1549,7 +1549,7 @@ ifapi_verify_signature(
 
     /* Convert the key to an OpenSSL object */
     bufio = BIO_new_mem_buf((void *)public_pem_key,
-                                strlen(public_pem_key));
+                                (int) strlen(public_pem_key));
     goto_if_null(bufio, "Out of memory.", TSS2_FAPI_RC_MEMORY, error_cleanup);
     publicKey = PEM_read_bio_PUBKEY(bufio, NULL, NULL, NULL);
     goto_if_null(publicKey, "PEM format could not be decoded.",
@@ -1823,7 +1823,7 @@ ifapi_cert_to_pem(
     EVP_PKEY *publicKey = NULL;
     int pemCertSize;
 
-    if (!d2i_X509(&cert, (const unsigned char **)&certBuffer, certBufferSize)) {
+    if (!d2i_X509(&cert, (const unsigned char **)&certBuffer, (long) certBufferSize)) {
         LOGBLOB_ERROR(certBuffer, certBufferSize, "Bad certificate data");
         return_error(TSS2_FAPI_RC_GENERAL_FAILURE, "Invalid certificate.");
     }
@@ -1939,7 +1939,7 @@ static X509
 
     /* Use BIO for conversion */
     size_t pem_length = strlen(pem_cert);
-    bufio = BIO_new_mem_buf((void *)pem_cert, pem_length);
+    bufio = BIO_new_mem_buf((void *)pem_cert, (int) pem_length);
     if (!bufio)
         return NULL;
     /* Convert the certificate */
@@ -2096,7 +2096,7 @@ ifapi_base64encode(uint8_t *buffer, size_t buffer_size, char** b64_data) {
     bio = BIO_push(bio64, bio);
 
     BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL);
-    bytes_written = BIO_write(bio, buffer, buffer_size);
+    bytes_written = BIO_write(bio, buffer, (int) buffer_size);
     if (bytes_written != (int)buffer_size) {
         goto_error(r, TSS2_FAPI_RC_GENERAL_FAILURE, "Invalid BIO_write",
                    cleanup);
@@ -2149,7 +2149,7 @@ ifapi_rsa_encrypt(const char *pem_key,
     const EVP_MD *evp_md;
 
     /* Convert the pem key to an OpenSSL object */
-    bufio = BIO_new_mem_buf((void *)pem_key, strlen(pem_key));
+    bufio = BIO_new_mem_buf((void *)pem_key, (int) strlen(pem_key));
     goto_if_null(bufio, "Out of memory.", TSS2_FAPI_RC_MEMORY, cleanup);
 
     publicKey = PEM_read_bio_PUBKEY(bufio, NULL, NULL, NULL);
@@ -2332,7 +2332,7 @@ load_private_ECC_from_key(EVP_PKEY *key,
         goto out;
     }
 
-    p->size = BN_bn2binpad(b, p->buffer, priv_bytes);
+    p->size = BN_bn2binpad(b, p->buffer, (int) priv_bytes);
     if (p->size != priv_bytes) {
         goto out;
     }

src/tss2-fapi/ifapi_curl.c

@@ -37,7 +37,7 @@ static X509
     unsigned const char* tmp_ptr1 = buffer;
     unsigned const char** tmp_ptr2 = &tmp_ptr1;
 
-    if (!d2i_X509(&cert, tmp_ptr2, cert_buffer_size))
+    if (!d2i_X509(&cert, tmp_ptr2, (long) cert_buffer_size))
         return NULL;
     return cert;
 }
@@ -59,7 +59,7 @@ static X509
 
     /* Use BIO for conversion */
     size_t pem_length = strlen(pem_cert);
-    bufio = BIO_new_mem_buf((void *)pem_cert, pem_length);
+    bufio = BIO_new_mem_buf((void *)pem_cert, (int) pem_length);
     if (!bufio)
         return NULL;
     /* Convert the certificate */
@@ -119,7 +119,7 @@ get_crl_from_cert(X509 *cert, X509_CRL **crl)
     unsigned const char** tmp_ptr2 = &tmp_ptr1;
 
     if (crl_buffer_size > 0) {
-        if (!d2i_X509_CRL(crl, tmp_ptr2, crl_buffer_size)) {
+        if (!d2i_X509_CRL(crl, tmp_ptr2, (long) crl_buffer_size)) {
             goto_error(r, TSS2_FAPI_RC_BAD_VALUE, "Can't convert crl.", cleanup);
         }
     }

src/tss2-fapi/ifapi_eventlog_system.c

@@ -65,7 +65,7 @@ get_number(const char *token, int64_t *num)
  * @retval the position of the sub string after the prefix.
  * @retval 0 if no prefix is found.
  */
-static int
+static unsigned int
 get_token_start_idx(const char *token)
 {
     uint itoken = 0;
@@ -552,7 +552,7 @@ ifapi_json_TCG_EVENT_TYPE_deserialize_txt(json_object *jso,
         return TSS2_RC_SUCCESS;
 
     } else {
-        int itoken = get_token_start_idx(token);
+        unsigned int itoken = get_token_start_idx(token);
         size_t i;
         size_t n = sizeof(deserialize_TCG_EVENT_TYPE_tab) /
                    sizeof(deserialize_TCG_EVENT_TYPE_tab[0]);

src/tss2-fapi/ifapi_get_web_cert.c

@@ -261,7 +261,7 @@ base64_encode(const unsigned char* buffer)
 
     CURL *curl = curl_easy_init();
     if (curl) {
-        char *output = curl_easy_escape(curl, b64text, len);
+        char *output = curl_easy_escape(curl, b64text, (int) len);
         if (output) {
             final_string = strdup(output);
             curl_free(output);
@@ -310,7 +310,7 @@ base64_decode(unsigned char* buffer, size_t len, size_t *new_len)
     if (curl) {
         /* Convert URL encoded string to a "plain string" */
         char *output = curl_easy_unescape(curl, (char *)buffer,
-                                          len, &unescape_len);
+                                          (int) len, &unescape_len);
         if (output) {
             unescaped_string = strdup(output);
             curl_free(output);

src/tss2-fapi/ifapi_ima_eventlog.c

@@ -589,7 +589,7 @@ static TSS2_RC
 read_event_buffer(IFAPI_IMA_TEMPLATE *template, FILE *fp)
 {
     bool old_ima_format;
-    int size, rsize;
+    size_t size, rsize;
 
     /* Check IMA  legacy format. */
     if (strcmp(template->ima_type, "ima") == 0) {

src/tss2-fapi/ifapi_json_deserialize.c

@@ -59,10 +59,10 @@ static char *tss_const_prefixes[] = { "TPM2_ALG_", "TPM2_", "TPM_", "TPMA_", "PO
  * @retval the position of the sub string after the prefix.
  * @retval 0 if no prefix is found.
  */
-static int
+static unsigned int
 get_token_start_idx(const char *token)
 {
-    int itoken = 0;
+    unsigned int itoken = 0;
     char *entry;
     int i;
 
@@ -830,7 +830,7 @@ ifapi_json_IFAPI_EVENT_TYPE_deserialize_txt(json_object *jso,
         return TSS2_RC_SUCCESS;
 
     } else {
-        int itoken = get_token_start_idx(token);
+        int unsigned itoken = get_token_start_idx(token);
         size_t i;
         size_t n = sizeof(deserialize_IFAPI_EVENT_TYPE_tab) /
                    sizeof(deserialize_IFAPI_EVENT_TYPE_tab[0]);

src/tss2-fapi/ifapi_json_eventlog_serialize.c

@@ -297,7 +297,7 @@ TSS2_RC trace_unicodename(
     const char16_t *UnicodeName,
     UINT64 UnicodeNameLength)
 {
-    int ret = 0;
+    size_t ret = 0;
     char *mbstr = NULL, *tmp = NULL;
     mbstate_t st;
 
@@ -311,7 +311,7 @@ TSS2_RC trace_unicodename(
 
     for(size_t i = 0; i < UnicodeNameLength; ++i, tmp += ret) {
         ret = c16rtomb(tmp, UnicodeName[i], &st);
-        if (ret < 0) {
+        if (ret == (size_t) -1) {
             LOG_ERROR("c16rtomb failed: %s", strerror(errno));
             free(mbstr);
             return TSS2_FAPI_RC_BAD_VALUE;
@@ -528,7 +528,7 @@ TSS2_RC ifapi_json_TCG_EVENT_HEADER2_serialize(
     }
     jso2 = NULL;
 
-    jso2 = json_object_new_int64(recnum);
+    jso2 = json_object_new_int64((int64_t) recnum);
     return_if_null(jso2, "Out of memory.", TSS2_FAPI_RC_MEMORY);
     if (json_object_object_add(*jso, "recnum", jso2)) {
         return_error(TSS2_FAPI_RC_GENERAL_FAILURE, "Could not add json object.");
@@ -632,7 +632,7 @@ TSS2_RC ifapi_json_TCG_EVENT_serialize(const TCG_EVENT *in, size_t recnum, json_
     if (json_object_object_add(*jso, "pcr", jso2)) {
         return_error(TSS2_FAPI_RC_GENERAL_FAILURE, "Could not add json object.");
     }
-    jso2 = json_object_new_int64(recnum);
+    jso2 = json_object_new_int64((int64_t) recnum);
     return_if_null(jso2, "Out of memory.", TSS2_FAPI_RC_MEMORY);
 
     if (json_object_object_add(*jso, "recnum", jso2)) {

src/tss2-fapi/ifapi_json_serialize.c

@@ -596,7 +596,7 @@ TSS2_RC
 ifapi_json_IFAPI_OBJECT_TYPE_CONSTANT_serialize(const IFAPI_OBJECT_TYPE_CONSTANT
         in, json_object **jso)
 {
-    *jso = json_object_new_int(in);
+    *jso = json_object_new_int64((int64_t) in);
     if (*jso == NULL) {
         LOG_ERROR("Bad value %"PRIx32 "", in);
         return TSS2_FAPI_RC_BAD_VALUE;