Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: fix int conversion lint #15070

Merged
merged 4 commits into from
Feb 20, 2023
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion crypto/armor.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ const (
// than what they see, which is a significantly cheaper attack then breaking
// a bcrypt hash. (Recall that the nonce still exists to break rainbow tables)
// For further notes on security parameter choice, see README.md
var BcryptSecurityParameter = 12
var BcryptSecurityParameter uint32 = 12

//-----------------------------------------------------------------
// add armor
Expand Down
2 changes: 1 addition & 1 deletion crypto/armor_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -169,7 +169,7 @@ func TestUnarmorInfoBytesErrors(t *testing.T) {

func BenchmarkBcryptGenerateFromPassword(b *testing.B) {
passphrase := []byte("passphrase")
for securityParam := 9; securityParam < 16; securityParam++ {
for securityParam := uint32(9); securityParam < 16; securityParam++ {
param := securityParam
b.Run(fmt.Sprintf("benchmark-security-param-%d", param), func(b *testing.B) {
b.ReportAllocs()
Expand Down
24 changes: 12 additions & 12 deletions crypto/keys/bcrypt/bcrypt.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,9 @@ import (
)

const (
MinCost int = 4 // the minimum allowable cost as passed in to GenerateFromPassword
MaxCost int = 31 // the maximum allowable cost as passed in to GenerateFromPassword
DefaultCost int = 10 // the cost that will actually be set if a cost below MinCost is passed into GenerateFromPassword
MinCost uint32 = 4 // the minimum allowable cost as passed in to GenerateFromPassword
MaxCost uint32 = 31 // the maximum allowable cost as passed in to GenerateFromPassword
DefaultCost uint32 = 10 // the cost that will actually be set if a cost below MinCost is passed into GenerateFromPassword
)

// ErrMismatchedHashAndPassword is returned from CompareHashAndPassword when a password and hash do
Expand Down Expand Up @@ -76,7 +76,7 @@ var magicCipherData = []byte{
type hashed struct {
hash []byte
salt []byte
cost int // allowed range is MinCost to MaxCost
cost uint32 // allowed range is MinCost to MaxCost
major byte
minor byte
}
Expand All @@ -85,7 +85,7 @@ type hashed struct {
// cost. If the cost given is less than MinCost, the cost will be set to
// DefaultCost, instead. Use CompareHashAndPassword, as defined in this package,
// to compare the returned hashed password with its cleartext version.
func GenerateFromPassword(salt []byte, password []byte, cost int) ([]byte, error) {
func GenerateFromPassword(salt []byte, password []byte, cost uint32) ([]byte, error) {
if len(salt) != maxSaltSize {
return nil, fmt.Errorf("salt len must be %v", maxSaltSize)
}
Expand Down Expand Up @@ -121,15 +121,15 @@ func CompareHashAndPassword(hashedPassword, password []byte) error {
// password. When, in the future, the hashing cost of a password system needs
// to be increased in order to adjust for greater computational power, this
// function allows one to establish which passwords need to be updated.
func Cost(hashedPassword []byte) (int, error) {
func Cost(hashedPassword []byte) (uint32, error) {
p, err := newFromHash(hashedPassword)
if err != nil {
return 0, err
}
return p.cost, nil
}

func newFromPassword(salt []byte, password []byte, cost int) (*hashed, error) {
func newFromPassword(salt []byte, password []byte, cost uint32) (*hashed, error) {
if cost < MinCost {
cost = DefaultCost
}
Expand Down Expand Up @@ -180,11 +180,11 @@ func newFromHash(hashedSecret []byte) (*hashed, error) {
return p, nil
}

func bcrypt(password []byte, cost int, salt []byte) ([]byte, error) {
func bcrypt(password []byte, cost uint32, salt []byte) ([]byte, error) {
cipherData := make([]byte, len(magicCipherData))
copy(cipherData, magicCipherData)

c, err := expensiveBlowfishSetup(password, uint32(cost), salt)
c, err := expensiveBlowfishSetup(password, cost, salt)
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -271,19 +271,19 @@ func (p *hashed) decodeCost(sbytes []byte) (int, error) {
if err != nil {
return -1, err
}
err = checkCost(cost)
err = checkCost(uint32(cost))

Check failure

Code scanning / CodeQL

Incorrect conversion between integer types

Incorrect conversion of an integer with architecture-dependent bit size from [strconv.Atoi](1) to a lower bit size type uint32 without an upper bound check.
if err != nil {
return -1, err
}
p.cost = cost
p.cost = uint32(cost)

Check failure

Code scanning / CodeQL

Incorrect conversion between integer types

Incorrect conversion of an integer with architecture-dependent bit size from [strconv.Atoi](1) to a lower bit size type uint32 without an upper bound check.
return 3, nil
}

func (p *hashed) String() string {
return fmt.Sprintf("&{hash: %#v, salt: %#v, cost: %d, major: %c, minor: %c}", string(p.hash), p.salt, p.cost, p.major, p.minor)
}

func checkCost(cost int) error {
func checkCost(cost uint32) error {
if cost < MinCost || cost > MaxCost {
return InvalidCostError(cost)
}
Expand Down