bmcweb: Fix a bunch of warnings

bmcweb classically has not taken a strong opinion on warnings.  With
this commit, that policy is changing, and bmcweb will invoke the best
warnings we are able to enable, and turn on -Werror for all builds.

This is intended to reduce the likelihood of hard-to-debug situations
that the compiler coulve caught early on.

Change-Id: I57474410821e82666b3a108cfd0db7d070e8900a
Signed-off-by: Ed Tanous <ed@tanous.net>

7 files changed, 61 insertions, 70 deletions

diff --git a/include/dbus_monitor.hpp b/include/dbus_monitor.hpp
index 1b82697f7a..cddafc8c06 100644
--- a/include/dbus_monitor.hpp
+++ b/include/dbus_monitor.hpp
@@ -150,7 +150,7 @@ template <typename... Middlewares> void requestRoutes(Crow<Middlewares...>& app)
             nlohmann::json::iterator paths = j.find("paths");
             if (paths != j.end())
             {
-                int interfaceCount = thisSession.interfaces.size();
+                size_t interfaceCount = thisSession.interfaces.size();
                 if (interfaceCount == 0)
                 {
                     interfaceCount = 1;
diff --git a/include/dbus_utility.hpp b/include/dbus_utility.hpp
index e45bb9ac50..947bc86eaf 100644
--- a/include/dbus_utility.hpp
+++ b/include/dbus_utility.hpp
@@ -48,8 +48,8 @@ inline bool getNthStringFromPath(const std::string& path, int index,
                                  std::string& result)
 {
     int count = 0;
-    auto first = path.begin();
-    auto last = path.end();
+    std::string::const_iterator first = path.begin();
+    std::string::const_iterator last = path.end();
     for (auto it = path.begin(); it < path.end(); it++)
     {
         // skip first character as it's either a leading slash or the first
@@ -80,7 +80,8 @@ inline bool getNthStringFromPath(const std::string& path, int index,
     {
         first++;
     }
-    result = path.substr(first - path.begin(), last - first);
+    result = path.substr(static_cast<size_t>(first - path.begin()),
+                         static_cast<size_t>(last - first));
     return true;
 }
 
diff --git a/include/openbmc_dbus_rest.hpp b/include/openbmc_dbus_rest.hpp
index ab35bb2efc..e59692020b 100644
--- a/include/openbmc_dbus_rest.hpp
+++ b/include/openbmc_dbus_rest.hpp
@@ -570,8 +570,9 @@ int convertJsonToDbus(sd_bus_message *m, const std::string &arg_type,
             {
                 return -1;
             }
-            r = sd_bus_message_append_basic(m, argCode[0],
-                                            (void *)stringValue->c_str());
+            r = sd_bus_message_append_basic(
+                m, argCode[0],
+                reinterpret_cast<const void *>(stringValue->c_str()));
             if (r < 0)
             {
                 return r;
@@ -737,13 +738,13 @@ int convertJsonToDbus(sd_bus_message *m, const std::string &arg_type,
             }
 
             nlohmann::json::const_iterator it = j->begin();
-            for (const std::string &argCode : dbusArgSplit(arg_type))
+            for (const std::string &argCode2 : dbusArgSplit(arg_type))
             {
                 if (it == j->end())
                 {
                     return -1;
                 }
-                r = convertJsonToDbus(m, argCode, *it);
+                r = convertJsonToDbus(m, argCode2, *it);
                 if (r < 0)
                 {
                     return r;
diff --git a/include/pam_authenticate.hpp b/include/pam_authenticate.hpp
index f211a29ec7..1469aef728 100644
--- a/include/pam_authenticate.hpp
+++ b/include/pam_authenticate.hpp
@@ -25,7 +25,7 @@ inline int pamFunctionConversation(int numMsg, const struct pam_message** msg,
     std::strcpy(pass, appPass);
 
     *resp = reinterpret_cast<pam_response*>(
-        calloc(numMsg, sizeof(struct pam_response)));
+        calloc(static_cast<size_t>(numMsg), sizeof(struct pam_response)));
 
     if (resp == nullptr)
     {
diff --git a/include/persistent_data_middleware.hpp b/include/persistent_data_middleware.hpp
index b384f02304..4cd75e889d 100644
--- a/include/persistent_data_middleware.hpp
+++ b/include/persistent_data_middleware.hpp
@@ -24,7 +24,7 @@ class Middleware
 {
     // todo(ed) should read this from a fixed location somewhere, not CWD
     static constexpr const char* filename = "bmcweb_persistent_data.json";
-    int jsonRevision = 1;
+    uint64_t jsonRevision = 1;
 
   public:
     struct Context
@@ -58,7 +58,7 @@ class Middleware
     void readData()
     {
         std::ifstream persistentFile(filename);
-        int fileRevision = 0;
+        uint64_t fileRevision = 0;
         if (persistentFile.is_open())
         {
             // call with exceptions disabled
diff --git a/include/sessions.hpp b/include/sessions.hpp
index 6bc1c99f04..d55b1992d4 100644
--- a/include/sessions.hpp
+++ b/include/sessions.hpp
@@ -119,22 +119,22 @@ class SessionStore
         // https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Session_ID_Entropy
         std::string sessionToken;
         sessionToken.resize(20, '0');
-        std::uniform_int_distribution<int> dist(0, alphanum.size() - 1);
-        for (int i = 0; i < sessionToken.size(); ++i)
+        std::uniform_int_distribution<size_t> dist(0, alphanum.size() - 1);
+        for (size_t i = 0; i < sessionToken.size(); ++i)
         {
             sessionToken[i] = alphanum[dist(rd)];
         }
         // Only need csrf tokens for cookie based auth, token doesn't matter
         std::string csrfToken;
         csrfToken.resize(20, '0');
-        for (int i = 0; i < csrfToken.size(); ++i)
+        for (size_t i = 0; i < csrfToken.size(); ++i)
         {
             csrfToken[i] = alphanum[dist(rd)];
         }
 
         std::string uniqueId;
         uniqueId.resize(10, '0');
-        for (int i = 0; i < uniqueId.size(); ++i)
+        for (size_t i = 0; i < uniqueId.size(); ++i)
         {
             uniqueId[i] = alphanum[dist(rd)];
         }
@@ -205,7 +205,7 @@ class SessionStore
     {
         return needWrite;
     }
-    int getTimeoutInSeconds() const
+    long getTimeoutInSeconds() const
     {
         return std::chrono::seconds(timeoutInMinutes).count();
     };
diff --git a/include/ssl_key_handler.hpp b/include/ssl_key_handler.hpp
index 34a7c04409..133d40da5f 100644
--- a/include/ssl_key_handler.hpp
+++ b/include/ssl_key_handler.hpp
@@ -17,9 +17,7 @@
 namespace ensuressl
 {
 static void initOpenssl();
-static void cleanupOpenssl();
-static EVP_PKEY *createRsaKey();
-static EVP_PKEY *createEcKey();
+static EVP_PKEY *createKey();
 static void handleOpensslError();
 
 inline bool verifyOpensslKeyCert(const std::string &filepath)
@@ -110,7 +108,7 @@ inline void generateSslCertificate(const std::string &filepath)
     // EVP_PKEY *pRsaPrivKey = create_rsa_key();
 
     std::cerr << "Generating EC key\n";
-    EVP_PKEY *pRsaPrivKey = createEcKey();
+    EVP_PKEY *pRsaPrivKey = createKey();
     if (pRsaPrivKey != nullptr)
     {
         std::cerr << "Generating x509 Certificate\n";
@@ -177,9 +175,16 @@ inline void generateSslCertificate(const std::string &filepath)
 
     // cleanup_openssl();
 }
-
-EVP_PKEY *createRsaKey()
+EVP_PKEY *createKey()
 {
+    EVP_PKEY *pKey = NULL;
+    pKey = EVP_PKEY_new();
+    if (pKey == nullptr)
+    {
+        handleOpensslError();
+        return nullptr;
+    }
+#if BMCWEB_RSA_KEY
     RSA *pRSA = NULL;
 #if OPENSSL_VERSION_NUMBER < 0x00908000L
     pRSA = RSA_generate_key(2048, RSA_3, NULL, NULL);
@@ -187,60 +192,54 @@ EVP_PKEY *createRsaKey()
     RSA_generate_key_ex(pRSA, 2048, NULL, NULL);
 #endif
 
-    EVP_PKEY *pKey = EVP_PKEY_new();
-    if ((pRSA != nullptr) && (pKey != nullptr) &&
-        EVP_PKEY_assign_RSA(pKey, pRSA))
-    {
-        /* pKey owns pRSA from now */
-        if (RSA_check_key(pRSA) <= 0)
-        {
-            fprintf(stderr, "RSA_check_key failed.\n");
-            handleOpensslError();
-            EVP_PKEY_free(pKey);
-            pKey = NULL;
-        }
-    }
-    else
+    if ((pRSA != nullptr) || EVP_PKEY_assign_RSA(pKey, pRSA) != 1)
     {
         handleOpensslError();
         if (pRSA != nullptr)
         {
             RSA_free(pRSA);
-            pRSA = NULL;
         }
         if (pKey != nullptr)
         {
             EVP_PKEY_free(pKey);
-            pKey = NULL;
         }
+        return nullptr;
     }
-    return pKey;
-}
 
-EVP_PKEY *createEcKey()
-{
-    EVP_PKEY *pKey = NULL;
-    int eccgrp = 0;
-    eccgrp = OBJ_txt2nid("prime256v1");
+    /* pKey owns pRSA from now */
+    if (RSA_check_key(pRSA) != 1)
+    {
+        fprintf(stderr, "RSA_check_key failed.\n");
+        handleOpensslError();
+        EVP_PKEY_free(pKey);
+        return nullptr;
+    }
 
+#else
+    int eccgrp = OBJ_txt2nid("prime256v1");
     EC_KEY *myecc = EC_KEY_new_by_curve_name(eccgrp);
-    if (myecc != nullptr)
+    if (myecc == nullptr)
     {
-        EC_KEY_set_asn1_flag(myecc, OPENSSL_EC_NAMED_CURVE);
-        EC_KEY_generate_key(myecc);
-        pKey = EVP_PKEY_new();
-        if (pKey != nullptr)
-        {
-            if (EVP_PKEY_assign_EC_KEY(pKey, myecc))
-            {
-                /* pKey owns pRSA from now */
-                if (EC_KEY_check_key(myecc) <= 0)
-                {
-                    fprintf(stderr, "EC_check_key failed.\n");
-                }
-            }
-        }
+        handleOpensslError();
+        return nullptr;
+    }
+
+    EC_KEY_set_asn1_flag(myecc, OPENSSL_EC_NAMED_CURVE);
+    if (EC_KEY_generate_key(myecc) != 1)
+    {
+        handleOpensslError();
+        EC_KEY_free(myecc);
+        return nullptr;
+    }
+
+    if (EVP_PKEY_assign_EC_KEY(pKey, myecc) != 1)
+    {
+        handleOpensslError();
+        EC_KEY_free(myecc);
+        return nullptr;
     }
+
+#endif
     return pKey;
 }
 
@@ -253,16 +252,6 @@ void initOpenssl()
 #endif
 }
 
-void cleanupOpenssl()
-{
-    CRYPTO_cleanup_all_ex_data();
-    ERR_free_strings();
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-    ERR_remove_thread_state(0);
-#endif
-    EVP_cleanup();
-}
-
 void handleOpensslError()
 {
     ERR_print_errors_fp(stderr);