From 91ca6c117de7ce68526e96f4f75e4813c69577dc Mon Sep 17 00:00:00 2001 From: Jeffrey Walton Date: Fri, 16 Sep 2016 14:51:48 -0400 Subject: [PATCH] Change from NDEBUG to CRYPTOPP_DEBUG in source files to ensure all debug behavior pivots on CRYPTOPP_DEBUG, and not NDEBUG (Issue 277, CVE-2016-7420) --- 3way.cpp | 2 +- arc4.cpp | 2 +- chacha.cpp | 2 +- dh.cpp | 2 +- dh2.cpp | 2 +- eccrypto.cpp | 2 +- elgamal.cpp | 2 +- esign.cpp | 2 +- files.cpp | 2 +- gf2n.cpp | 2 +- gfpcrypt.cpp | 2 +- integer.cpp | 12 ++++++------ luc.cpp | 2 +- md5.cpp | 2 +- modes.cpp | 4 ++-- mqv.cpp | 2 +- rsa.cpp | 2 +- salsa.cpp | 2 +- seal.cpp | 2 +- validat1.cpp | 6 +++--- validat2.cpp | 2 +- validate.h | 2 +- wake.cpp | 2 +- whrlpool.cpp | 2 +- 24 files changed, 32 insertions(+), 32 deletions(-) diff --git a/3way.cpp b/3way.cpp index cd0d8a7b..f5a3d519 100644 --- a/3way.cpp +++ b/3way.cpp @@ -7,7 +7,7 @@ NAMESPACE_BEGIN(CryptoPP) -#if !defined(NDEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING) +#if CRYPTOPP_DEBUG && !defined(CRYPTOPP_DOXYGEN_PROCESSING) void ThreeWay_TestInstantiations() { ThreeWay::Encryption x1; diff --git a/arc4.cpp b/arc4.cpp index f2faec96..9a3e38c5 100644 --- a/arc4.cpp +++ b/arc4.cpp @@ -13,7 +13,7 @@ NAMESPACE_BEGIN(CryptoPP) namespace Weak1 { -#if !defined(NDEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING) +#if CRYPTOPP_DEBUG && !defined(CRYPTOPP_DOXYGEN_PROCESSING) void ARC4_TestInstantiations() { ARC4 x; diff --git a/chacha.cpp b/chacha.cpp index 58fbda26..2ed71118 100644 --- a/chacha.cpp +++ b/chacha.cpp @@ -18,7 +18,7 @@ NAMESPACE_BEGIN(CryptoPP) a += b; d ^= a; d = rotlFixed(d, 8); \ c += d; b ^= c; b = rotlFixed(b, 7); -#if !defined(NDEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING) +#if CRYPTOPP_DEBUG && !defined(CRYPTOPP_DOXYGEN_PROCESSING) void ChaCha_TestInstantiations() { ChaCha8::Encryption x1; diff --git a/dh.cpp b/dh.cpp index 1862f5df..f35649ca 100644 --- a/dh.cpp +++ b/dh.cpp @@ -8,7 +8,7 @@ NAMESPACE_BEGIN(CryptoPP) -#if !defined(NDEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING) +#if CRYPTOPP_DEBUG && !defined(CRYPTOPP_DOXYGEN_PROCESSING) void DH_TestInstantiations() { DH dh1; diff --git a/dh2.cpp b/dh2.cpp index 0bfb220a..ee802df9 100644 --- a/dh2.cpp +++ b/dh2.cpp @@ -5,7 +5,7 @@ NAMESPACE_BEGIN(CryptoPP) -#if !defined(NDEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING) +#if CRYPTOPP_DEBUG && !defined(CRYPTOPP_DOXYGEN_PROCESSING) void DH2_TestInstantiations() { DH2 dh(*(SimpleKeyAgreementDomain*)NULL); diff --git a/eccrypto.cpp b/eccrypto.cpp index dd58bf4d..4c2640b0 100644 --- a/eccrypto.cpp +++ b/eccrypto.cpp @@ -31,7 +31,7 @@ NAMESPACE_BEGIN(CryptoPP) #if 0 -#if !defined(NDEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING) +#if CRYPTOPP_DEBUG && !defined(CRYPTOPP_DOXYGEN_PROCESSING) static void ECDSA_TestInstantiations() { ECDSA::Signer t1; diff --git a/elgamal.cpp b/elgamal.cpp index 2deb6004..ca3dcccc 100644 --- a/elgamal.cpp +++ b/elgamal.cpp @@ -7,7 +7,7 @@ NAMESPACE_BEGIN(CryptoPP) -#if !defined(NDEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING) +#if CRYPTOPP_DEBUG && !defined(CRYPTOPP_DOXYGEN_PROCESSING) void ElGamal_TestInstantiations() { ElGamalEncryptor test1(1, 1, 1); diff --git a/esign.cpp b/esign.cpp index 7fef8082..5d5c4fc2 100644 --- a/esign.cpp +++ b/esign.cpp @@ -18,7 +18,7 @@ NAMESPACE_BEGIN(CryptoPP) -#if !defined(NDEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING) +#if CRYPTOPP_DEBUG && !defined(CRYPTOPP_DOXYGEN_PROCESSING) void ESIGN_TestInstantiations() { ESIGN::Verifier x1(1, 1); diff --git a/files.cpp b/files.cpp index ff25dc7e..9f34ef3b 100644 --- a/files.cpp +++ b/files.cpp @@ -10,7 +10,7 @@ NAMESPACE_BEGIN(CryptoPP) -#if !defined(NDEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING) +#if CRYPTOPP_DEBUG && !defined(CRYPTOPP_DOXYGEN_PROCESSING) void Files_TestInstantiations() { FileStore f0; diff --git a/gf2n.cpp b/gf2n.cpp index f27a5401..55aa4815 100644 --- a/gf2n.cpp +++ b/gf2n.cpp @@ -325,7 +325,7 @@ PolynomialMod2 PolynomialMod2::Modulo(const PolynomialMod2 &b) const PolynomialMod2& PolynomialMod2::operator<<=(unsigned int n) { -#if !defined(NDEBUG) +#if CRYPTOPP_DEBUG int x; CRYPTOPP_UNUSED(x); CRYPTOPP_ASSERT(SafeConvert(n,x)); #endif diff --git a/gfpcrypt.cpp b/gfpcrypt.cpp index 8edd8553..f49be2f9 100644 --- a/gfpcrypt.cpp +++ b/gfpcrypt.cpp @@ -20,7 +20,7 @@ NAMESPACE_BEGIN(CryptoPP) -#if !defined(NDEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING) +#if CRYPTOPP_DEBUG && !defined(CRYPTOPP_DOXYGEN_PROCESSING) void TestInstantiations_gfpcrypt() { GDSA::Signer test; diff --git a/integer.cpp b/integer.cpp index 457f3976..1785f93a 100644 --- a/integer.cpp +++ b/integer.cpp @@ -206,10 +206,10 @@ class DWord public: // Converity finding on default ctor. We've isntrumented the code, // and cannot uncover a case where it affects a result. -#if (defined(__COVERITY__) || !defined(NDEBUG)) && defined(CRYPTOPP_NATIVE_DWORD_AVAILABLE) +#if (defined(__COVERITY__) || CRYPTOPP_DEBUG) && defined(CRYPTOPP_NATIVE_DWORD_AVAILABLE) // Repeating pattern of 1010 for debug builds to break things... DWord() : m_whole(0) {memset(&m_whole, 0xa, sizeof(m_whole));} -#elif (defined(__COVERITY__) || !defined(NDEBUG)) && !defined(CRYPTOPP_NATIVE_DWORD_AVAILABLE) +#elif (defined(__COVERITY__) || CRYPTOPP_DEBUG) && !defined(CRYPTOPP_NATIVE_DWORD_AVAILABLE) // Repeating pattern of 1010 for debug builds to break things... DWord() : m_halfs() {memset(&m_halfs, 0xaa, sizeof(m_halfs));} #else @@ -346,7 +346,7 @@ public: // and cannot uncover a case where it affects a result. #if defined(__COVERITY__) Word() : m_whole(0) {} -#elif !defined(NDEBUG) +#elif CRYPTOPP_DEBUG // Repeating pattern of 1010 for debug builds to break things... Word() : m_whole(0) {memset(&m_whole, 0xaa, sizeof(m_whole));} #else @@ -2076,7 +2076,7 @@ static void SetFunctionPointers() #if CRYPTOPP_INTEGER_SSE2 if (HasSSE2()) { -#if _MSC_VER != 1200 || defined(NDEBUG) +#if _MSC_VER != 1200 || !(CRYPTOPP_DEBUG) if (IsP4()) { s_pAdd = &SSE2_Add; @@ -2614,7 +2614,7 @@ static inline void AtomicDivide(word *Q, const word *A, const word *B) Q[1] = SubatomicDivide(T+1, B[0], B[1]); Q[0] = SubatomicDivide(T, B[0], B[1]); -#ifndef NDEBUG +#if CRYPTOPP_DEBUG // multiply quotient and divisor and add remainder, make sure it equals dividend CRYPTOPP_ASSERT(!T[2] && !T[3] && (T[1] < B[1] || (T[1]==B[1] && T[0]::Signer t1; diff --git a/md5.cpp b/md5.cpp index c7015f14..a5758d17 100644 --- a/md5.cpp +++ b/md5.cpp @@ -9,7 +9,7 @@ NAMESPACE_BEGIN(CryptoPP) namespace Weak1 { -#if !defined(NDEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING) +#if CRYPTOPP_DEBUG && !defined(CRYPTOPP_DOXYGEN_PROCESSING) void MD5_TestInstantiations() { MD5 x; diff --git a/modes.cpp b/modes.cpp index 09d6fd13..5937588e 100644 --- a/modes.cpp +++ b/modes.cpp @@ -7,13 +7,13 @@ #include "modes.h" #include "misc.h" -//#ifndef NDEBUG +//#if CRYPTOPP_DEBUG #include "des.h" //#endif NAMESPACE_BEGIN(CryptoPP) -#if !defined(NDEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING) +#if CRYPTOPP_DEBUG && !defined(CRYPTOPP_DOXYGEN_PROCESSING) void Modes_TestInstantiations() { CFB_Mode::Encryption m0; diff --git a/mqv.cpp b/mqv.cpp index 71c185c7..6232ea83 100644 --- a/mqv.cpp +++ b/mqv.cpp @@ -9,7 +9,7 @@ NAMESPACE_BEGIN(CryptoPP) -#if !defined(NDEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING) +#if CRYPTOPP_DEBUG && !defined(CRYPTOPP_DOXYGEN_PROCESSING) void TestInstantiations_MQV() { MQV mqv; diff --git a/rsa.cpp b/rsa.cpp index fd0a17d8..f151b403 100644 --- a/rsa.cpp +++ b/rsa.cpp @@ -10,7 +10,7 @@ #include "algparam.h" #include "fips140.h" -#if !defined(NDEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING) && !defined(CRYPTOPP_IS_DLL) +#if CRYPTOPP_DEBUG && !defined(CRYPTOPP_DOXYGEN_PROCESSING) && !defined(CRYPTOPP_IS_DLL) #include "pssr.h" NAMESPACE_BEGIN(CryptoPP) void RSA_TestInstantiations() diff --git a/salsa.cpp b/salsa.cpp index 85c33545..0196627a 100644 --- a/salsa.cpp +++ b/salsa.cpp @@ -32,7 +32,7 @@ NAMESPACE_BEGIN(CryptoPP) -#if !defined(NDEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING) +#if CRYPTOPP_DEBUG && !defined(CRYPTOPP_DOXYGEN_PROCESSING) void Salsa20_TestInstantiations() { Salsa20::Encryption x1; diff --git a/seal.cpp b/seal.cpp index d827c1d6..ccc8af19 100644 --- a/seal.cpp +++ b/seal.cpp @@ -10,7 +10,7 @@ NAMESPACE_BEGIN(CryptoPP) -#if !defined(NDEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING) +#if CRYPTOPP_DEBUG && !defined(CRYPTOPP_DOXYGEN_PROCESSING) void SEAL_TestInstantiations() { SEAL<>::Encryption x; diff --git a/validat1.cpp b/validat1.cpp index 9f382e33..e8de3b11 100644 --- a/validat1.cpp +++ b/validat1.cpp @@ -82,7 +82,7 @@ bool ValidateAll(bool thorough) pass=TestRDSEED() && pass; #endif -#if !defined(NDEBUG) && !defined(CRYPTOPP_IMPORTS) +#if CRYPTOPP_DEBUG && !defined(CRYPTOPP_IMPORTS) // http://github.com/weidai11/cryptopp/issues/92 pass=TestSecBlock() && pass; // http://github.com/weidai11/cryptopp/issues/64 @@ -334,7 +334,7 @@ bool TestSettings() return pass; } -#if !defined(NDEBUG) && !defined(CRYPTOPP_IMPORTS) +#if CRYPTOPP_DEBUG && !defined(CRYPTOPP_IMPORTS) bool TestSecBlock() { cout << "\nTesting SecBlock...\n\n"; @@ -1268,7 +1268,7 @@ bool TestSecBlock() } #endif -#if !defined(NDEBUG) && !defined(CRYPTOPP_IMPORTS) +#if CRYPTOPP_DEBUG && !defined(CRYPTOPP_IMPORTS) bool TestHuffmanCodes() { cout << "\nTesting Huffman codes...\n\n"; diff --git a/validat2.cpp b/validat2.cpp index 307a19ad..f0c98a52 100644 --- a/validat2.cpp +++ b/validat2.cpp @@ -799,7 +799,7 @@ bool ValidateBlumGoldwasser() } */ -#if !defined(NDEBUG) && !defined(CRYPTOPP_IMPORTS) +#if CRYPTOPP_DEBUG && !defined(CRYPTOPP_IMPORTS) // Issue 64: "PolynomialMod2::operator<<=", http://github.com/weidai11/cryptopp/issues/64 bool TestPolynomialMod2() { diff --git a/validate.h b/validate.h index 14472835..3c9ac617 100644 --- a/validate.h +++ b/validate.h @@ -90,7 +90,7 @@ bool ValidateEC2N(); bool ValidateECDSA(); bool ValidateESIGN(); -#if !defined(NDEBUG) +#if CRYPTOPP_DEBUG bool TestSecBlock(); bool TestPolynomialMod2(); bool TestHuffmanCodes(); diff --git a/wake.cpp b/wake.cpp index 888b2e09..bdcee981 100644 --- a/wake.cpp +++ b/wake.cpp @@ -7,7 +7,7 @@ NAMESPACE_BEGIN(CryptoPP) -#if !defined(NDEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING) +#if CRYPTOPP_DEBUG && !defined(CRYPTOPP_DOXYGEN_PROCESSING) void WAKE_TestInstantiations() { WAKE_OFB<>::Encryption x2; diff --git a/whrlpool.cpp b/whrlpool.cpp index c2223f91..853e1bc4 100644 --- a/whrlpool.cpp +++ b/whrlpool.cpp @@ -85,7 +85,7 @@ NAMESPACE_BEGIN(CryptoPP) -#if !defined(NDEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING) +#if CRYPTOPP_DEBUG && !defined(CRYPTOPP_DOXYGEN_PROCESSING) void Whirlpool_TestInstantiations() { Whirlpool x;