arne
/
cryptopp
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

update

pull/397/head
RaptorFactor 2017-07-01 18:08:48 -07:00
parent bc2f1ff654 32f715f1d7
commit d2e4615337
51 changed files with 763 additions and 312 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
.appveyor.yml
View File

@ -20,8 +20,6 @@ image:
- Visual Studio 2017
- Visual Studio 2015
- Visual Studio 2013
- Visual Studio 2012
- Visual Studio 2010
build:
@ -34,9 +32,9 @@ test_script:
- cmd: >-
msbuild /t:CopyCryptestToRoot cryptest.vcxproj
cryptest.exe v
cryptest.exe tv all
# Right now, we have a few failures that we don't know how to workaround.
@ -53,3 +51,10 @@ matrix:
configuration: Release
- image: Visual Studio 2010
- image: Visual Studio 2017
notifications:
email:
recipients:
- cryptopp-build@googlegroups.com
on_success: always # default: change
on_failure: always # default: always

126
.travis.yml
View File

@ -1,56 +1,70 @@
language: cpp
os:
- linux
- osx
dist: trusty
sudo: false
# OS X only supports one image. Us the latest.
osx_image:
- xcode8.2
# - xcode7.3
# - xcode6.4
git:
depth: 3
compiler:
- clang
- gcc
env:
global:
- BUILD_JOBS=2
matrix:
- BUILD_MODE="shared"
- BUILD_MODE="static"
- BUILD_MODE="no-asm"
- BUILD_MODE="asan"
- BUILD_MODE="ubsan"
- BUILD_MODE="valgrind"
exclude:
# Skip GCC on OS X entirely
- os: osx
compiler: gcc
# The sanitizer builds under Clang run the tests very
# slowly and cause CI timeouts.
- compiler: clang
env: BUILD_MODE="asan"
- compiler: clang
env: BUILD_MODE="ubsan"
- compiler: clang
env: BUILD_MODE="valgrind"
# whitelist branches to avoid testing feature branches twice
branches:
only:
- master
#notifications:
# email: jdoe@example.com
language: cpp
os:
- linux
- osx
dist: trusty
sudo: false
# OS X only supports one image. Use the latest.
osx_image: xcode8.2
git:
depth: 3
compiler:
- clang
- gcc
env:
global:
- BUILD_JOBS=2
matrix:
- BUILD_MODE="all"
- BUILD_MODE="no-asm"
- BUILD_MODE="asan"
- BUILD_MODE="ubsan"
- BUILD_MODE="codecov"
matrix:
exclude:
# Skip GCC on OS X entirely
- os: osx
compiler: gcc
# CodeCov crashes under Clang
- compiler: clang
env: BUILD_MODE="codecov"
allow_failures:
# Ignore problems with old toolchains
- env: BUILD_MODE="ubsan"
- env: BUILD_MODE="asan"
script:
- make "$BUILD_MODE" && ./cryptest.exe v && ./cryptest.exe tv all
after_success:
- if [[ ( ("$BUILD_MODE" = "coverage") && ("$CC" = "gcc") ) ]]; then CODECOV_TOKEN="5c7bc59c-e95f-4594-82c3-33e7a1942592" bash <(curl -s https://codecov.io/bash); fi;
# whitelist branches to avoid testing feature branches twice
branches:
only:
- master
addons:
sonarqube: true
coverity_scan:
project:
name: "cryptopp"
build_command: "make -j 2"
notifications:
email:
recipients:
- cryptopp-build@googlegroups.com
on_success: always # default: change
on_failure: always # default: always

55
GNUmakefile
View File

@ -404,11 +404,27 @@ endif # ELF/ELF64
endif # CXXFLAGS
endif # Gold
# GCC code coverage. Issue 'make coverage'.
ifneq ($(filter coverage,$(MAKECMDGOALS)),)
# lcov code coverage. Issue 'make coverage'.
ifneq ($(filter lcov coverage,$(MAKECMDGOALS)),)
CXXFLAGS := $(CXXFLAGS:-g%=-g3)
CXXFLAGS := $(CXXFLAGS:-O%=-O1)
CXXFLAGS := $(CXXFLAGS:-xO%=-xO1)
ifeq ($(findstring -DCRYPTOPP_COVERAGE,$(CXXFLAGS)),)
CXXFLAGS += -DCRYPTOPP_COVERAGE
endif # CRYPTOPP_COVERAGE
ifeq ($(findstring -coverage,$(CXXFLAGS)),)
CXXFLAGS += -coverage
endif # -coverage
endif # GCC code coverage
# gcov code coverage for Travis. Issue 'make codecov'.
ifneq ($(filter gcov codecov,$(MAKECMDGOALS)),)
CXXFLAGS := $(CXXFLAGS:-g%=-g3)
CXXFLAGS := $(CXXFLAGS:-O%=-O1)
CXXFLAGS := $(CXXFLAGS:-xO%=-xO1)
ifeq ($(findstring -DCRYPTOPP_COVERAGE,$(CXXFLAGS)),)
CXXFLAGS += -DCRYPTOPP_COVERAGE
endif # CRYPTOPP_COVERAGE
ifeq ($(findstring -coverage,$(CXXFLAGS)),)
CXXFLAGS += -coverage
endif # -coverage
@ -547,8 +563,8 @@ no-asm asan ubsan: libcryptopp.a cryptest.exe
lean: static dynamic cryptest.exe
# May want to export CXXFLAGS="-g3 -O1"
.PHONY: coverage
coverage: libcryptopp.a cryptest.exe
.PHONY: lcov coverage
lcov coverage: libcryptopp.a cryptest.exe
@-$(RM) -r ./TestCoverage/
lcov --base-directory . --directory . --zerocounters -q
./cryptest.exe v
@ -557,7 +573,15 @@ coverage: libcryptopp.a cryptest.exe
lcov --remove cryptest.info "adhoc.cpp" "wait.*" "network.*" "socketft.*" "fips140.*" "*test.*" "bench*.cpp" "validat*.*" "/usr/*" -o cryptest.info
genhtml -o ./TestCoverage/ -t "cryptest.exe test coverage" --num-spaces 4 cryptest.info
# SHould use CXXFLAGS="-g3 -O1"
# Travis CI and CodeCov rule
.PHONY: gcov codecov
gcov codecov: libcryptopp.a cryptest.exe
@-$(RM) -r ./TestCoverage/
./cryptest.exe v
./cryptest.exe tv all
gcov -r $(SRCS)
# Should use CXXFLAGS="-g3 -O1"
.PHONY: valgrind
valgrind: libcryptopp.a cryptest.exe
valgrind ./cryptest.exe v
@ -599,7 +623,7 @@ clean:
@-$(RM) libcryptopp.a libcryptopp.dylib cryptopp.dll libcryptopp.dll.a libcryptopp.import.a
@-$(RM) libcryptopp.so libcryptopp.so$(SOLIB_COMPAT_SUFFIX) libcryptopp.so$(SOLIB_VERSION_SUFFIX)
@-$(RM) cryptest.exe dlltest.exe cryptest.import.exe cryptest.info ct
@-$(RM) *.gcno *.gcda *.stackdump core-*
@-$(RM) *.gcov *.gcno *.gcda *.stackdump core-*
@-$(RM) /tmp/adhoc.exe
@-$(RM) -r /tmp/cryptopp_test/
@-$(RM) -r *.exe.dSYM/
@ -725,22 +749,22 @@ endif
.PHONY: trim
trim:
ifneq ($(IS_DARWIN),0)
sed -i '' -e's/[[:space:]]*$$//' *.sh *.h *.cpp *.asm *.s *.sln *.vcxproj *.filters GNUmakefile GNUmakefile-cross
sed -i '' -e's/[[:space:]]*$$//' TestData/*.dat TestVectors/*.txt TestScripts/*.sh
sed -i '' -e's/[[:space:]]*$$//' *.sh .*.yml *.h *.cpp *.asm *.s *.sln *.vcxproj *.filters GNUmakefile GNUmakefile-cross
sed -i '' -e's/[[:space:]]*$$//' TestData/*.dat TestVectors/*.txt TestScripts/*.*
make convert
else
sed -i -e's/[[:space:]]*$$//' *.sh *.h *.cpp *.asm *.s *.sln *.vcxproj *.filters GNUmakefile GNUmakefile-cross
sed -i -e's/[[:space:]]*$$//' TestData/*.dat TestVectors/*.txt TestScripts/*.sh
sed -i -e's/[[:space:]]*$$//' *.sh .*.yml *.h *.cpp *.asm *.s *.sln *.vcxproj *.filters GNUmakefile GNUmakefile-cross
sed -i -e's/[[:space:]]*$$//' TestData/*.dat TestVectors/*.txt TestScripts/*.*
make convert
endif
.PHONY: convert
convert:
@-$(CHMOD) 0700 TestVectors/ TestData/ TestScripts/
@-$(CHMOD) 0600 $(TEXT_FILES) *.asm *.s *.zip *.cmake TestVectors/*.txt TestData/*.dat
@-$(CHMOD) 0600 $(TEXT_FILES) .*.yml *.asm *.s *.zip *.cmake TestVectors/*.txt TestData/*.dat TestScripts/*.*
@-$(CHMOD) 0700 $(EXEC_FILES) *.sh *.cmd TestScripts/*.sh TestScripts/*.pl TestScripts/*.cmd
@-$(CHMOD) 0700 *.cmd *.sh GNUmakefile GNUmakefile-cross TestScripts/*.sh TestScripts/*.pl
-unix2dos --keepdate --quiet $(TEXT_FILES) *.asm *.cmd *.cmake TestScripts/*.pl TestScripts/*.cmd
-unix2dos --keepdate --quiet $(TEXT_FILES) .*.yml *.asm *.cmd *.cmake TestScripts/*.*
-dos2unix --keepdate --quiet GNUmakefile GNUmakefile-cross *.s *.sh TestScripts/*.sh
ifneq ($(IS_DARWIN),0)
@-xattr -c *
@ -793,6 +817,13 @@ rdrand-%.o:
./rdrand-nasm.sh
endif
# Don't build Threefish with UBsan on Travis CI. Timeouts cause the build to fail.
# Also see https://stackoverflow.com/q/12983137/608639.
ifeq ($(findstring true,$(CI)),true)
threefish.o : threefish.cpp
$(CXX) $(strip $(subst -fsanitize=undefined,,$(CXXFLAGS))) -c $<
endif
# Don't build Rijndael with UBsan. Too much noise due to unaligned data accesses.
ifneq ($(findstring -fsanitize=undefined,$(CXXFLAGS)),)
rijndael.o : rijndael.cpp

75
GNUmakefile-cross
View File

@ -1,8 +1,5 @@
CXXFLAGS ?= -DNDEBUG -g2 -Os -fPIC -pipe
# The following options reduce code size, but breaks link or makes link very slow on some systems
# CXXFLAGS += -ffunction-sections -fdata-sections
# LDFLAGS += -Wl,--gc-sections
# Default CXXFLAGS if none were provided
CXXFLAGS ?= -DNDEBUG -g2 -O3 -fPIC -pipe
AR ?= ar
ARFLAGS ?= cr
@ -91,6 +88,70 @@ ifeq ($(IS_ARM_EMBEDDED),1)
CXXFLAGS += $(ARM_EMBEDDED_FLAGS) --sysroot=$(ARM_EMBEDDED_SYSROOT)
endif
# No ASM for Travis testing
ifeq ($(findstring no-asm,$(MAKECMDGOALS)),no-asm)
ifeq ($(findstring -DCRYPTOPP_DISABLE_ASM,$(CXXFLAGS)),)
CXXFLAGS += -DCRYPTOPP_DISABLE_ASM
endif # CXXFLAGS
endif # No ASM
# Undefined Behavior Sanitizer (UBsan) testing. Issue 'make ubsan'.
ifeq ($(findstring ubsan,$(MAKECMDGOALS)),ubsan)
ifeq ($(findstring -fsanitize=undefined,$(CXXFLAGS)),)
CXXFLAGS += -fsanitize=undefined
endif # CXXFLAGS
ifeq ($(findstring -DCRYPTOPP_COVERAGE,$(CXXFLAGS)),)
CXXFLAGS += -DCRYPTOPP_COVERAGE
endif # CXXFLAGS
endif # UBsan
# Address Sanitizer (Asan) testing. Issue 'make asan'.
ifeq ($(findstring asan,$(MAKECMDGOALS)),asan)
ifeq ($(findstring -fsanitize=address,$(CXXFLAGS)),)
CXXFLAGS += -fsanitize=address
endif # CXXFLAGS
ifeq ($(findstring -DCRYPTOPP_COVERAGE,$(CXXFLAGS)),)
CXXFLAGS += -DCRYPTOPP_COVERAGE
endif # CXXFLAGS
ifeq ($(findstring -fno-omit-frame-pointer,$(CXXFLAGS)),)
CXXFLAGS += -fno-omit-frame-pointer
endif # CXXFLAGS
endif # Asan
# LD gold linker testing. Triggered by 'LD=ld.gold'.
ifeq ($(findstring ld.gold,$(LD)),ld.gold)
ifeq ($(findstring -fuse-ld=gold,$(CXXFLAGS)),)
ELF_FORMAT := $(shell file `which ld.gold` 2>&1 | cut -d":" -f 2 | $(EGREP) -i -c "elf")
ifneq ($(ELF_FORMAT),0)
LDFLAGS += -fuse-ld=gold
endif # ELF/ELF64
endif # CXXFLAGS
endif # Gold
# Valgrind testing. Issue 'make valgrind'.
ifneq ($(filter valgrind,$(MAKECMDGOALS)),)
# Tune flags; see http://valgrind.org/docs/manual/quick-start.html
CXXFLAGS := $(CXXFLAGS:-g%=-g3)
CXXFLAGS := $(CXXFLAGS:-O%=-O1)
CXXFLAGS := $(CXXFLAGS:-xO%=-xO1)
ifeq ($(findstring -DCRYPTOPP_VALGRIND,$(CXXFLAGS)),)
CXXFLAGS += -DCRYPTOPP_VALGRIND
endif # -DCRYPTOPP_VALGRIND
endif # Valgrind
# Debug testing on GNU systems. Triggered by -DDEBUG.
# Newlib test due to http://sourceware.org/bugzilla/show_bug.cgi?id=20268
ifneq ($(filter -DDEBUG -DDEBUG=1,$(CXXFLAGS)),)
USING_GLIBCXX := $(shell $(CXX) -x c++ $(CXXFLAGS) -E adhoc.cpp.proto 2>&1 | $(EGREP) -i -c "__GLIBCXX__")
ifneq ($(USING_GLIBCXX),0)
ifeq ($(HAS_NEWLIB),0)
ifeq ($(findstring -D_GLIBCXX_DEBUG,$(CXXFLAGS)),)
CXXFLAGS += -D_GLIBCXX_DEBUG
endif # CXXFLAGS
endif # HAS_NEWLIB
endif # USING_GLIBCXX
endif # GNU Debug build
# Dead code stripping. Issue 'make lean'.
ifeq ($(findstring lean,$(MAKECMDGOALS)),lean)
ifeq ($(findstring -ffunction-sections,$(CXXFLAGS)),)
@ -99,7 +160,7 @@ ifeq ($(findstring lean,$(MAKECMDGOALS)),lean)
ifeq ($(findstring -fdata-sections,$(CXXFLAGS)),)
CXXFLAGS += -fdata-sections
endif # CXXFLAGS
ifeq ($(IS_IOS),1)
ifneq ($(IS_IOS),0)
ifeq ($(findstring -Wl,-dead_strip,$(LDFLAGS)),)
LDFLAGS += -Wl,-dead_strip
endif # CXXFLAGS
@ -111,7 +172,7 @@ ifeq ($(findstring lean,$(MAKECMDGOALS)),lean)
endif # Dead code stripping
# List cryptlib.cpp first, then cpu.cpp, then integer.cpp to tame C++ static initialization problems.
SRCS := cryptlib.cpp cpu.cpp integer.cpp $(filter-out cryptlib.cpp cpu.cpp integer.cpp pch.cpp simple.cpp winpipes.cpp cryptlib_bds.cpp,$(wildcard *.cpp))
SRCS := cryptlib.cpp cpu.cpp integer.cpp $(filter-out cryptlib.cpp cpu.cpp integer.cpp pch.cpp simple.cpp winpipes.cpp cryptlib_bds.cpp,$(sort $(wildcard *.cpp)))
# List cryptlib.cpp first, then cpu.cpp, then integer.cpp to tame C++ static initialization problems.
OBJS := $(SRCS:.cpp=.o)

64
TestScripts/coverity-linux.txt
View File

@ -1,32 +1,32 @@
# coverity-linux.txt - Scan build submission instructions for Unix and Linux.
# Written and placed in public domain by Jeffrey Walton and Uri Blumenthal.
# Copyright assigned to Crypto++ project.
#
# The following are copy/paste instructions for invoking cov-build, building the library and submitting the artifacts for a scan.
#
# For more information see http://cryptopp.com/wiki/Coverity_Scan.
##################################################################
reset
make distclean &>/dev/null
# Usually we test with these flags
# CXXFLAGS="-DNDEBUG -g3 -O2"
# Testing for Issue 302 (http://github.com/weidai11/cryptopp/issues/302)
CXXFLAGS="-DNDEBUG -g2 -O3 -march=i686 -msse -msse2 -msse3 -mssse3 -mno-aes" cov-build --dir cov-int make -j 2
tar czvf cryptopp.tgz cov-int
CRYPTOPP_COVERITY_TOKEN=XXXXXXXXXXXXXXXX
COVERITY_SCAN_NAME="Rijndael-AliasedTable-SSE2-Linux-i686"
curl
--form token="$CRYPTOPP_COVERITY_TOKEN" \
--form email=webmaster@cryptopp.com \
--form file=@cryptopp.tgz \
--form version="$COVERITY_SCAN_NAME" \
--form description="$COVERITY_SCAN_NAME" \
https://scan.coverity.com/builds?project=Cryptopp
# coverity-linux.txt - Scan build submission instructions for Unix and Linux.
# Written and placed in public domain by Jeffrey Walton and Uri Blumenthal.
# Copyright assigned to Crypto++ project.
#
# The following are copy/paste instructions for invoking cov-build, building the library and submitting the artifacts for a scan.
#
# For more information see http://cryptopp.com/wiki/Coverity_Scan.
##################################################################
reset
make distclean &>/dev/null
# Usually we test with these flags
# CXXFLAGS="-DNDEBUG -g3 -O2"
# Testing for Issue 302 (http://github.com/weidai11/cryptopp/issues/302)
CXXFLAGS="-DNDEBUG -g2 -O3 -march=i686 -msse -msse2 -msse3 -mssse3 -mno-aes" cov-build --dir cov-int make -j 2
tar czvf cryptopp.tgz cov-int
CRYPTOPP_COVERITY_TOKEN=XXXXXXXXXXXXXXXX
COVERITY_SCAN_NAME="Rijndael-AliasedTable-SSE2-Linux-i686"
curl
--form token="$CRYPTOPP_COVERITY_TOKEN" \
--form email=webmaster@cryptopp.com \
--form file=@cryptopp.tgz \
--form version="$COVERITY_SCAN_NAME" \
--form description="$COVERITY_SCAN_NAME" \
https://scan.coverity.com/builds?project=Cryptopp

72
TestScripts/coverity-macosx.txt
View File

@ -1,36 +1,36 @@
# coverity-linux.txt - Scan build submission instructions for Unix and Linux.
# Written and placed in public domain by Jeffrey Walton and Uri Blumenthal.
# Copyright assigned to Crypto++ project.
#
# The following are copy/paste instructions for invoking cov-build, building the library and submitting the artifacts for a scan.
#
# For more information see http://cryptopp.com/wiki/Coverity_Scan.
##################################################################
reset
make distclean &>/dev/null
# Usually we test with these flags
CXXFLAGS="-DNDEBUG -g3 -O2" cov-build --dir cov-int make -j 2
# Sometimes we need these flags (add COVERITY_UNSUPPORTED)
# COVERITY_UNSUPPORTED=1 CXXFLAGS="-DNDEBUG -g3 -O2" cov-build --dir cov-int make -j 2
# Sometimes we need these flags (alternate compile, C++11)
# CXX=/opt/local/bin/clang++-mp-3.7 COVERITY_UNSUPPORTED=1 CXXFLAGS="-DNDEBUG -g3 -O2 -std=c++11" cov-build --dir cov-int make -j 2
tar czvf cryptopp.tgz cov-int
CRYPTOPP_COVERITY_TOKEN=XXXXXXXXXXXXXXXX
COVERITY_SCAN_NAME="Cryptopp-MacOSX-x86_64"
curl
--form token="$CRYPTOPP_COVERITY_TOKEN" \
--form email=webmaster@cryptopp.com \
--form file=@cryptopp.tgz \
--form version="$COVERITY_SCAN_NAME" \
--form description="$COVERITY_SCAN_NAME" \
https://scan.coverity.com/builds?project=Cryptopp
# coverity-linux.txt - Scan build submission instructions for Unix and Linux.
# Written and placed in public domain by Jeffrey Walton and Uri Blumenthal.
# Copyright assigned to Crypto++ project.
#
# The following are copy/paste instructions for invoking cov-build, building the library and submitting the artifacts for a scan.
#
# For more information see http://cryptopp.com/wiki/Coverity_Scan.
##################################################################
reset
make distclean &>/dev/null
# Usually we test with these flags
CXXFLAGS="-DNDEBUG -g3 -O2" cov-build --dir cov-int make -j 2
# Sometimes we need these flags (add COVERITY_UNSUPPORTED)
# COVERITY_UNSUPPORTED=1 CXXFLAGS="-DNDEBUG -g3 -O2" cov-build --dir cov-int make -j 2
# Sometimes we need these flags (alternate compile, C++11)
# CXX=/opt/local/bin/clang++-mp-3.7 COVERITY_UNSUPPORTED=1 CXXFLAGS="-DNDEBUG -g3 -O2 -std=c++11" cov-build --dir cov-int make -j 2
tar czvf cryptopp.tgz cov-int
CRYPTOPP_COVERITY_TOKEN=XXXXXXXXXXXXXXXX
COVERITY_SCAN_NAME="Cryptopp-MacOSX-x86_64"
curl
--form token="$CRYPTOPP_COVERITY_TOKEN" \
--form email=webmaster@cryptopp.com \
--form file=@cryptopp.tgz \
--form version="$COVERITY_SCAN_NAME" \
--form description="$COVERITY_SCAN_NAME" \
https://scan.coverity.com/builds?project=Cryptopp

60
TestScripts/coverity-windows.txt
View File

@ -1,30 +1,30 @@
REM coverity-windows.txt - Scan build submission instructions for Windows using cryptest.nmake.
REM Written and placed in public domain by Jeffrey Walton and Uri Blumenthal.
REM Copyright assigned to Crypto++ project.
REM
REM The following are copy/paste instructions for invoking cov-build, building the library and
REM submitting the artifacts for a scan. Also see http://cryptopp.com/wiki/Coverity_Scan.
REM ################################################################
cls
del /f cryptopp.zip
rmdir /q /s cov-int
nmake /f cryptest.nmake clean
REM Uncomment CXXFLAGS in makefile. Pay attention to X86, X64 or ARM
cov-build.exe --dir cov-int nmake /f cryptest.nmake
7z.exe a -r -tzip -mx=9 cryptopp.zip cov-int
set CRYPTOPP_COVERITY_TOKEN=XXXXXXXXXXXXXXXX
set COVERITY_SCAN_NAME=Rijndael-AliasedTable-SSE2-Windows-X64
curl.exe ^
--form token="%CRYPTOPP_COVERITY_TOKEN%" ^
--form email=webmaster@cryptopp.com ^
--form file=@cryptopp.zip ^
--form version="%COVERITY_SCAN_NAME%" ^
--form description="%COVERITY_SCAN_NAME%" ^
https://scan.coverity.com/builds?project=Cryptopp
REM coverity-windows.txt - Scan build submission instructions for Windows using cryptest.nmake.
REM Written and placed in public domain by Jeffrey Walton and Uri Blumenthal.
REM Copyright assigned to Crypto++ project.
REM
REM The following are copy/paste instructions for invoking cov-build, building the library and
REM submitting the artifacts for a scan. Also see http://cryptopp.com/wiki/Coverity_Scan.
REM ################################################################
cls
del /f cryptopp.zip
rmdir /q /s cov-int
nmake /f cryptest.nmake clean
REM Uncomment CXXFLAGS in makefile. Pay attention to X86, X64 or ARM
cov-build.exe --dir cov-int nmake /f cryptest.nmake
7z.exe a -r -tzip -mx=9 cryptopp.zip cov-int
set CRYPTOPP_COVERITY_TOKEN=XXXXXXXXXXXXXXXX
set COVERITY_SCAN_NAME=Rijndael-AliasedTable-SSE2-Windows-X64
curl.exe ^
--form token="%CRYPTOPP_COVERITY_TOKEN%" ^
--form email=webmaster@cryptopp.com ^
--form file=@cryptopp.zip ^
--form version="%COVERITY_SCAN_NAME%" ^
--form description="%COVERITY_SCAN_NAME%" ^
https://scan.coverity.com/builds?project=Cryptopp

115
TestScripts/cryptest.sh
View File

@ -88,8 +88,12 @@ IS_FREEBSD=$(echo -n "$THIS_SYSTEM" | "$GREP" -i -c freebsd)
IS_NETBSD=$(echo -n "$THIS_SYSTEM" | "$GREP" -i -c netbsd)
IS_SOLARIS=$(echo -n "$THIS_SYSTEM" | "$GREP" -i -c sunos)
IS_DEBIAN=$(lsb_release -a 2>&1 | "$GREP" -i -c debian)
IS_FEDORA=$(lsb_release -a 2>&1 | "$GREP" -i -c fedora)
IS_UBUNTU=$(lsb_release -a 2>&1 | "$GREP" -i -c ubuntu)
THIS_MACHINE=$(uname -m 2>&1)
IS_X86=$(echo -n "$THIS_MACHINE" | "$EGREP" -i -c "(i386|i486|i586|i686)")
IS_X86=$(echo -n "$THIS_MACHINE" | "$EGREP" -i -c "(i386|i486|i686|i686)")
IS_X64=$(echo -n "$THIS_MACHINE" | "$EGREP" -i -c "(amd64|x86_64)")
IS_PPC=$(echo -n "$THIS_MACHINE" | "$EGREP" -i -c "(Power|PPC)")
IS_ARM32=$(echo -n "$THIS_MACHINE" | "$GREP" -v "64" | "$EGREP" -i -c "(arm|aarch32)")
@ -819,8 +823,8 @@ CPU_COUNT=1
MEM_SIZE=512
if [[ (-e "/proc/cpuinfo") && (-e "/proc/meminfo") ]]; then
CPU_COUNT=$(cat /proc/cpuinfo | "$GREP" -c '^processor')
MEM_SIZE=$(cat /proc/meminfo | "$GREP" "MemTotal" | "$AWK" '{print $2}')
CPU_COUNT=$(cat /proc/cpuinfo 2>&1 | "$GREP" -c '^processor')
MEM_SIZE=$(cat /proc/meminfo 2>&1 | "$GREP" "MemTotal" | "$AWK" '{print $2}')
MEM_SIZE=$(($MEM_SIZE/1024))
elif [[ "$IS_DARWIN" -ne "0" ]]; then
CPU_COUNT=$(sysctl -a 2>&1 | "$GREP" 'hw.availcpu' | "$AWK" '{print $3; exit}')
@ -837,7 +841,7 @@ if [[ (-e "/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq") ]]; then
CPU_FREQ=$(cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq)
CPU_FREQ=$("$AWK" "BEGIN {print $CPU_FREQ/1024/1024}")
elif [[ (-e "/proc/cpuinfo") ]]; then
CPU_FREQ=$(cat /proc/cpuinfo | "$GREP" 'MHz' | "$AWK" '{print $4; exit}')
CPU_FREQ=$(cat /proc/cpuinfo 2>&1 | "$GREP" 'MHz' | "$AWK" '{print $4; exit}')
if [[ -z "$CPU_FREQ" ]]; then CPU_FREQ=512; fi
CPU_FREQ=$("$AWK" "BEGIN {print $CPU_FREQ/1024}")
elif [[ "$IS_DARWIN" -ne "0" ]]; then
@ -853,7 +857,7 @@ fi
HAVE_SWAP=1
if [[ "$IS_LINUX" -ne "0" ]]; then
if [[ (-e "/proc/meminfo") ]]; then
SWAP_SIZE=$(cat /proc/meminfo | "$GREP" "SwapTotal" | "$AWK" '{print $2}')
SWAP_SIZE=$(cat /proc/meminfo 2>&1 | "$GREP" "SwapTotal" | "$AWK" '{print $2}')
if [[ "$SWAP_SIZE" -eq "0" ]]; then
HAVE_SWAP=0
fi
@ -1703,23 +1707,104 @@ if [[ ("${#PLATFORM_CXXFLAGS[@]}" -ne "0") ]]; then
fi
fi
############################################
# Debian specific.
if [[ ("$IS_DEBIAN" -ne "0" || "$IS_UBUNTU" -ne "0") ]]; then
# Flags taken from Debian's build logs
# https://buildd.debian.org/status/fetch.php?pkg=libcrypto%2b%2b&arch=i386&ver=5.6.4-6
# https://buildd.debian.org/status/fetch.php?pkg=libcrypto%2b%2b&arch=kfreebsd-amd64&ver=5.6.4-6&stamp=1482663138
DEBIAN_FLAGS=("-DHAVE_CONFIG_H" "-I." "-Wdate-time" "-D_FORTIFY_SOURCE=2" "-g" "-O2"
"-fstack-protector-strong" "-Wformat -Werror=format-security" "-DCRYPTOPP_INIT_PRIORITY=250"
"-DCRYPTOPP_NO_UNALIGNED_DATA_ACCESS" "-DNDEBUG" "-fPIC" "-DPIC")
echo
echo "************************************" | tee -a "$TEST_RESULTS"
echo "Testing: Debian standard build" | tee -a "$TEST_RESULTS"
echo
"$MAKE" clean > /dev/null 2>&1
rm -f adhoc.cpp > /dev/null 2>&1
CXX="g++" "$MAKE" "${MAKEARGS[@]}" CXXFLAGS="${DEBIAN_FLAGS[*]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to make cryptest.exe" | tee -a "$TEST_RESULTS"
else
./cryptest.exe v 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute validation suite" | tee -a "$TEST_RESULTS"
fi
./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute test vectors" | tee -a "$TEST_RESULTS"
fi
fi
fi
############################################
# Fedora specific.
if [[ ("$IS_FEDORA" -ne "0") ]]; then
# Flags taken from Fedora's build logs
# https://kojipkgs.fedoraproject.org//packages/cryptopp/5.6.3/8.fc27/data/logs/i686/build.log
# https://kojipkgs.fedoraproject.org//packages/cryptopp/5.6.3/8.fc27/data/logs/x86_64/build.log
if [[ ("$IS_X86" -ne "0") ]]; then
MARCH_OPT=(-m32 -march=i686)
elif [[ ("$IS_X64" -ne "0") ]]; then
MARCH_OPT=(-m64 -mtune=generic)
fi
FEDORA_FLAGS=("-DHAVE_CONFIG_H" "-I." "-O2" "-g" "-pipe" "-Wall" "-Werror=format-security" "-fPIC" "-DPIC"
"-Wp,-D_FORTIFY_SOURCE=2" "-fexceptions" "-fstack-protector-strong" "--param=ssp-buffer-size=4"
"-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1" "${MARCH_OPT[@]}" "-fasynchronous-unwind-tables")
echo
echo "************************************" | tee -a "$TEST_RESULTS"
echo "Testing: Fedora standard build" | tee -a "$TEST_RESULTS"
echo
if [[ ! -f /usr/lib/rpm/redhat/redhat-hardened-cc1 ]]; then
echo "ERROR: please install redhat-rpm-config package"
else
"$MAKE" clean > /dev/null 2>&1
rm -f adhoc.cpp > /dev/null 2>&1
CXX="g++" "$MAKE" "${MAKEARGS[@]}" CXXFLAGS="${FEDORA_FLAGS[*]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to make cryptest.exe" | tee -a "$TEST_RESULTS"
else
./cryptest.exe v 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute validation suite" | tee -a "$TEST_RESULTS"
fi
./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute test vectors" | tee -a "$TEST_RESULTS"
fi
fi
fi
fi
############################################
# Minimum platform
if [[ ("$GCC_COMPILER" -ne "0" || "$CLANG_COMPILER" -ne "0" || "$INTEL_COMPILER" -ne "0") ]]; then
# i586 (lacks MMX, SSE and SSE2)
# i686 (lacks MMX, SSE and SSE2)
if [[ "$IS_X86" -ne "0" ]]; then
############################################
# Debug build
echo
echo "************************************" | tee -a "$TEST_RESULTS"
echo "Testing: Debug, i586 minimum arch CXXFLAGS" | tee -a "$TEST_RESULTS"
echo "Testing: Debug, i686 minimum arch CXXFLAGS" | tee -a "$TEST_RESULTS"
echo
"$MAKE" clean > /dev/null 2>&1
rm -f adhoc.cpp > /dev/null 2>&1
CXXFLAGS="$DEBUG_CXXFLAGS -march=i586 $OPT_PIC"
CXXFLAGS="$DEBUG_CXXFLAGS -march=i686 $OPT_PIC"
CXX="$CXX" "$MAKE" "${MAKEARGS[@]}" CXXFLAGS="$CXXFLAGS" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
@ -1739,13 +1824,13 @@ if [[ ("$GCC_COMPILER" -ne "0" || "$CLANG_COMPILER" -ne "0" || "$INTEL_COMPILER"
# Release build
echo
echo "************************************" | tee -a "$TEST_RESULTS"
echo "Testing: Release, i586 minimum arch CXXFLAGS" | tee -a "$TEST_RESULTS"
echo "Testing: Release, i686 minimum arch CXXFLAGS" | tee -a "$TEST_RESULTS"
echo
"$MAKE" clean > /dev/null 2>&1
rm -f adhoc.cpp > /dev/null 2>&1
CXXFLAGS="$RELEASE_CXXFLAGS -march=i586 $OPT_PIC"
CXXFLAGS="$RELEASE_CXXFLAGS -march=i686 $OPT_PIC"
CXX="$CXX" "$MAKE" "${MAKEARGS[@]}" CXXFLAGS="$CXXFLAGS" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
@ -1822,7 +1907,7 @@ fi
# Mismatched arch capabilities
if [[ ( ("$IS_X86" -ne "0" || "$IS_X32" -ne "0" || "$IS_X64" -ne "0") && "$HAVE_NATIVE_ARCH" -ne "0") ]]; then
# i586 (lacks MMX, SSE and SSE2)
# i686 (lacks MMX, SSE and SSE2)
if [[ "$IS_X86" -ne "0" ]]; then
############################################
# Debug build
@ -1834,7 +1919,7 @@ if [[ ( ("$IS_X86" -ne "0" || "$IS_X32" -ne "0" || "$IS_X64" -ne "0") && "$HAVE_
"$MAKE" clean > /dev/null 2>&1
rm -f adhoc.cpp > /dev/null 2>&1
CXXFLAGS="$DEBUG_CXXFLAGS -march=i586 $OPT_PIC"
CXXFLAGS="$DEBUG_CXXFLAGS -march=i686 $OPT_PIC"
CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static 2>&1 | tee -a "$TEST_RESULTS"
# The makefile may add -DCRYPTOPP_DISABLE_XXX, so we can't add -march=native
@ -1864,7 +1949,7 @@ if [[ ( ("$IS_X86" -ne "0" || "$IS_X32" -ne "0" || "$IS_X64" -ne "0") && "$HAVE_
"$MAKE" clean > /dev/null 2>&1
rm -f adhoc.cpp > /dev/null 2>&1
CXXFLAGS="$RELEASE_CXXFLAGS -march=i586 $OPT_PIC"
CXXFLAGS="$RELEASE_CXXFLAGS -march=i686 $OPT_PIC"
CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static 2>&1 | tee -a "$TEST_RESULTS"
# The makefile may add -DCRYPTOPP_DISABLE_XXX, so we can't add -march=native
@ -5475,13 +5560,13 @@ echo | tee -a "$TEST_RESULTS"
# "Error" is from the GNU assembler
# "error" is from the sanitizers
# "Illegal", "Conditional", "0 errors" and "suppressed errors" are from Valgrind.
ECOUNT=$("$EGREP" '(Error|ERROR|error|FAILED|Illegal|Conditional|CryptoPP::Exception)' $TEST_RESULTS | "$EGREP" -v '( 0 errors|suppressed errors|error detector)' | wc -l | "$AWK" '{print $1}')
ECOUNT=$("$EGREP" '(Error|ERROR|error|FAILED|Illegal|Conditional|CryptoPP::Exception)' $TEST_RESULTS | "$EGREP" -v '( 0 errors|suppressed errors|error detector|format-security)' | wc -l | "$AWK" '{print $1}')
if (( "$ECOUNT" == "0" )); then
echo "No failures detected" | tee -a "$TEST_RESULTS"
else
echo "$ECOUNT errors detected. See $TEST_RESULTS for details" | tee -a "$TEST_RESULTS"
if (( "$ECOUNT" < 16 )); then
"$EGREP" -n '(Error|ERROR|error|FAILED|Illegal|Conditional|CryptoPP::Exception)' "$TEST_RESULTS" | "$EGREP" -v '( 0 errors|suppressed errors|error detector)'
"$EGREP" -n '(Error|ERROR|error|FAILED|Illegal|Conditional|CryptoPP::Exception)' "$TEST_RESULTS" | "$EGREP" -v '( 0 errors|suppressed errors|error detector|Assertion|format-security)'
fi
fi

10
TestScripts/reset-fork.sh Normal file
View File

@ -0,0 +1,10 @@
#!/usr/bin/env bash
# Use this script to reset a fork to Wei Dai's master
# https://stackoverflow.com/questions/9646167/clean-up-a-fork-and-restart-it-from-the-upstream
git remote add upstream https://github.com/weidai11/cryptopp 2>/dev/null
git fetch upstream
git checkout master
git reset --hard upstream/master
git push origin master --force

10
algparam.h
View File

@ -11,10 +11,12 @@
#include "config.h"
#include "cryptlib.h"
// TODO: fix 6011 when the API/ABI can change
#if (CRYPTOPP_MSC_VERSION >= 1400)
#if CRYPTOPP_MSC_VERSION
# pragma warning(push)
# pragma warning(disable: 6011 28193)
# pragma warning(disable: 4231 4275)
# if (CRYPTOPP_MSC_VERSION >= 1400)
# pragma warning(disable: 6011 6386 28193)
# endif
#endif
#include "smartptr.h"
@ -301,7 +303,7 @@ AssignFromHelperClass<T, T> AssignFromHelper(T *pObject, const NameValuePairs &s
#ifndef CRYPTOPP_NO_ASSIGN_TO_INTEGER
// Allow the linker to discard Integer code if not needed.
// Also see http://github.com/weidai11/cryptopp/issues/389.
bool AssignIntToInteger(const std::type_info &valueType, void *pInteger, const void *pInt);
CRYPTOPP_DLL bool AssignIntToInteger(const std::type_info &valueType, void *pInteger, const void *pInt);
#endif
CRYPTOPP_DLL const std::type_info & CRYPTOPP_API IntegerTypeId();

10
bench1.cpp
View File

@ -16,6 +16,14 @@
#include "cpu.h"
#include "drbg.h"
#if CRYPTOPP_MSC_VERSION
# pragma warning(disable: 4355)
#endif
#if CRYPTOPP_MSC_VERSION
# pragma warning(disable: 4505 4355)
#endif
NAMESPACE_BEGIN(CryptoPP)
NAMESPACE_BEGIN(Test)
@ -235,7 +243,7 @@ void BenchMark(const char *name, NIST_DRBG &rng, double timeTotal)
Test::GlobalRNG().GenerateBlock(buf, BUF_SIZE);
buf.SetMark(16);
rng.IncorporateEntropy(buf, rng.GetMinEntropy());
rng.IncorporateEntropy(buf, rng.MinEntropyLength());
unsigned long long blocks = 1;
double timeTaken;

4
bench2.cpp
View File

@ -30,6 +30,10 @@
#include "oids.h"
#include "randpool.h"
#if CRYPTOPP_MSC_VERSION
# pragma warning(disable: 4505 4355)
#endif
NAMESPACE_BEGIN(CryptoPP)
NAMESPACE_BEGIN(Test)

4
channels.cpp
View File

@ -8,6 +8,10 @@
#include "cryptlib.h"
#include "channels.h"
#if CRYPTOPP_MSC_VERSION
# pragma warning(disable: 4355)
#endif
NAMESPACE_BEGIN(CryptoPP)
#if 0

9
channels.h
View File

@ -12,6 +12,11 @@
#include "smartptr.h"
#include "stdcpp.h"
#if CRYPTOPP_MSC_VERSION
# pragma warning(push)
# pragma warning(disable: 4355)
#endif
NAMESPACE_BEGIN(CryptoPP)
#if 0
@ -131,4 +136,8 @@ private:
NAMESPACE_END
#if CRYPTOPP_MSC_VERSION
# pragma warning(pop)
#endif
#endif

6
config.h
View File

@ -44,10 +44,10 @@
// This macro will be ignored if NO_OS_DEPENDENCE is defined.
// #define USE_MS_CNGAPI
// If the user did not make a choice, then select CryptoNG if either
// Visual Studio 2015 is available, or Windows 10 or above is available.
// If the user did not make a choice, then select CryptoNG if
// targeting Windows 8 or above.
#if !defined(USE_MS_CRYPTOAPI) && !defined(USE_MS_CNGAPI)
# if (_MSC_VER >= 1900) || ((WINVER >= 0x0A00 /*_WIN32_WINNT_WIN10*/) || (_WIN32_WINNT >= 0x0A00 /*_WIN32_WINNT_WIN10*/))
# if !defined(_USING_V110_SDK71_) && ((WINVER >= 0x0602 /*_WIN32_WINNT_WIN8*/) || (_WIN32_WINNT >= 0x0602 /*_WIN32_WINNT_WIN8*/))
# define USE_MS_CNGAPI
# else
# define USE_MS_CRYPTOAPI

3
crc.cpp
View File

@ -13,7 +13,7 @@ NAMESPACE_BEGIN(CryptoPP)
# undef CRYPTOPP_BOOL_SSE4_INTRINSICS_AVAILABLE
#endif
// Use inline ASM to provide the instructions when the user omits -march=native or -msse4.2
#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64
#if (CRYPTOPP_GCC_VERSION >= 40300 || __INTEL_COMPILER >= 1000 || __SUNPRO_CC >= 0x5110 || CRYPTOPP_LLVM_CLANG_VERSION >= 20300 || CRYPTOPP_APPLE_CLANG_VERSION >= 40000) && !defined(__SSE4_2__) && !defined(_MSC_VER)
GCC_INLINE unsigned int GCC_INLINE_ATTRIB
MM_CRC32_U8(unsigned int crc, unsigned char val)
@ -38,6 +38,7 @@ MM_CRC32_U32(unsigned int crc, unsigned int val)
#define MM_CRC32_U16(a,b) _mm_crc32_u16(a,b)
#define MM_CRC32_U32(a,b) _mm_crc32_u32(a,b)
#endif
#endif // X86/X32/X64
/* Table of CRC-32's of all single byte values (made by makecrc.c) */
const word32 CRC32::m_tab[] = {

115
cryptest.sh
View File

@ -88,8 +88,12 @@ IS_FREEBSD=$(echo -n "$THIS_SYSTEM" | "$GREP" -i -c freebsd)
IS_NETBSD=$(echo -n "$THIS_SYSTEM" | "$GREP" -i -c netbsd)
IS_SOLARIS=$(echo -n "$THIS_SYSTEM" | "$GREP" -i -c sunos)
IS_DEBIAN=$(lsb_release -a 2>&1 | "$GREP" -i -c debian)
IS_FEDORA=$(lsb_release -a 2>&1 | "$GREP" -i -c fedora)
IS_UBUNTU=$(lsb_release -a 2>&1 | "$GREP" -i -c ubuntu)
THIS_MACHINE=$(uname -m 2>&1)
IS_X86=$(echo -n "$THIS_MACHINE" | "$EGREP" -i -c "(i386|i486|i586|i686)")
IS_X86=$(echo -n "$THIS_MACHINE" | "$EGREP" -i -c "(i386|i486|i686|i686)")
IS_X64=$(echo -n "$THIS_MACHINE" | "$EGREP" -i -c "(amd64|x86_64)")
IS_PPC=$(echo -n "$THIS_MACHINE" | "$EGREP" -i -c "(Power|PPC)")
IS_ARM32=$(echo -n "$THIS_MACHINE" | "$GREP" -v "64" | "$EGREP" -i -c "(arm|aarch32)")
@ -819,8 +823,8 @@ CPU_COUNT=1
MEM_SIZE=512
if [[ (-e "/proc/cpuinfo") && (-e "/proc/meminfo") ]]; then
CPU_COUNT=$(cat /proc/cpuinfo | "$GREP" -c '^processor')
MEM_SIZE=$(cat /proc/meminfo | "$GREP" "MemTotal" | "$AWK" '{print $2}')
CPU_COUNT=$(cat /proc/cpuinfo 2>&1 | "$GREP" -c '^processor')
MEM_SIZE=$(cat /proc/meminfo 2>&1 | "$GREP" "MemTotal" | "$AWK" '{print $2}')
MEM_SIZE=$(($MEM_SIZE/1024))
elif [[ "$IS_DARWIN" -ne "0" ]]; then
CPU_COUNT=$(sysctl -a 2>&1 | "$GREP" 'hw.availcpu' | "$AWK" '{print $3; exit}')
@ -837,7 +841,7 @@ if [[ (-e "/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq") ]]; then
CPU_FREQ=$(cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq)
CPU_FREQ=$("$AWK" "BEGIN {print $CPU_FREQ/1024/1024}")
elif [[ (-e "/proc/cpuinfo") ]]; then
CPU_FREQ=$(cat /proc/cpuinfo | "$GREP" 'MHz' | "$AWK" '{print $4; exit}')
CPU_FREQ=$(cat /proc/cpuinfo 2>&1 | "$GREP" 'MHz' | "$AWK" '{print $4; exit}')
if [[ -z "$CPU_FREQ" ]]; then CPU_FREQ=512; fi
CPU_FREQ=$("$AWK" "BEGIN {print $CPU_FREQ/1024}")
elif [[ "$IS_DARWIN" -ne "0" ]]; then
@ -853,7 +857,7 @@ fi
HAVE_SWAP=1
if [[ "$IS_LINUX" -ne "0" ]]; then
if [[ (-e "/proc/meminfo") ]]; then
SWAP_SIZE=$(cat /proc/meminfo | "$GREP" "SwapTotal" | "$AWK" '{print $2}')
SWAP_SIZE=$(cat /proc/meminfo 2>&1 | "$GREP" "SwapTotal" | "$AWK" '{print $2}')
if [[ "$SWAP_SIZE" -eq "0" ]]; then
HAVE_SWAP=0
fi
@ -1703,23 +1707,104 @@ if [[ ("${#PLATFORM_CXXFLAGS[@]}" -ne "0") ]]; then
fi
fi
############################################
# Debian specific.
if [[ ("$IS_DEBIAN" -ne "0" || "$IS_UBUNTU" -ne "0") ]]; then
# Flags taken from Debian's build logs
# https://buildd.debian.org/status/fetch.php?pkg=libcrypto%2b%2b&arch=i386&ver=5.6.4-6
# https://buildd.debian.org/status/fetch.php?pkg=libcrypto%2b%2b&arch=kfreebsd-amd64&ver=5.6.4-6&stamp=1482663138
DEBIAN_FLAGS=("-DHAVE_CONFIG_H" "-I." "-Wdate-time" "-D_FORTIFY_SOURCE=2" "-g" "-O2"
"-fstack-protector-strong" "-Wformat -Werror=format-security" "-DCRYPTOPP_INIT_PRIORITY=250"
"-DCRYPTOPP_NO_UNALIGNED_DATA_ACCESS" "-DNDEBUG" "-fPIC" "-DPIC")
echo
echo "************************************" | tee -a "$TEST_RESULTS"
echo "Testing: Debian standard build" | tee -a "$TEST_RESULTS"
echo
"$MAKE" clean > /dev/null 2>&1
rm -f adhoc.cpp > /dev/null 2>&1
CXX="g++" "$MAKE" "${MAKEARGS[@]}" CXXFLAGS="${DEBIAN_FLAGS[*]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to make cryptest.exe" | tee -a "$TEST_RESULTS"
else
./cryptest.exe v 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute validation suite" | tee -a "$TEST_RESULTS"
fi
./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute test vectors" | tee -a "$TEST_RESULTS"
fi
fi
fi
############################################
# Fedora specific.
if [[ ("$IS_FEDORA" -ne "0") ]]; then
# Flags taken from Fedora's build logs
# https://kojipkgs.fedoraproject.org//packages/cryptopp/5.6.3/8.fc27/data/logs/i686/build.log
# https://kojipkgs.fedoraproject.org//packages/cryptopp/5.6.3/8.fc27/data/logs/x86_64/build.log
if [[ ("$IS_X86" -ne "0") ]]; then
MARCH_OPT=(-m32 -march=i686)
elif [[ ("$IS_X64" -ne "0") ]]; then
MARCH_OPT=(-m64 -mtune=generic)
fi
FEDORA_FLAGS=("-DHAVE_CONFIG_H" "-I." "-O2" "-g" "-pipe" "-Wall" "-Werror=format-security" "-fPIC" "-DPIC"
"-Wp,-D_FORTIFY_SOURCE=2" "-fexceptions" "-fstack-protector-strong" "--param=ssp-buffer-size=4"
"-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1" "${MARCH_OPT[@]}" "-fasynchronous-unwind-tables")
echo
echo "************************************" | tee -a "$TEST_RESULTS"
echo "Testing: Fedora standard build" | tee -a "$TEST_RESULTS"
echo
if [[ ! -f /usr/lib/rpm/redhat/redhat-hardened-cc1 ]]; then
echo "ERROR: please install redhat-rpm-config package"
else
"$MAKE" clean > /dev/null 2>&1
rm -f adhoc.cpp > /dev/null 2>&1
CXX="g++" "$MAKE" "${MAKEARGS[@]}" CXXFLAGS="${FEDORA_FLAGS[*]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to make cryptest.exe" | tee -a "$TEST_RESULTS"
else
./cryptest.exe v 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute validation suite" | tee -a "$TEST_RESULTS"
fi
./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
echo "ERROR: failed to execute test vectors" | tee -a "$TEST_RESULTS"
fi
fi
fi
fi
############################################
# Minimum platform
if [[ ("$GCC_COMPILER" -ne "0" || "$CLANG_COMPILER" -ne "0" || "$INTEL_COMPILER" -ne "0") ]]; then
# i586 (lacks MMX, SSE and SSE2)
# i686 (lacks MMX, SSE and SSE2)
if [[ "$IS_X86" -ne "0" ]]; then
############################################
# Debug build
echo
echo "************************************" | tee -a "$TEST_RESULTS"
echo "Testing: Debug, i586 minimum arch CXXFLAGS" | tee -a "$TEST_RESULTS"
echo "Testing: Debug, i686 minimum arch CXXFLAGS" | tee -a "$TEST_RESULTS"
echo
"$MAKE" clean > /dev/null 2>&1
rm -f adhoc.cpp > /dev/null 2>&1
CXXFLAGS="$DEBUG_CXXFLAGS -march=i586 $OPT_PIC"
CXXFLAGS="$DEBUG_CXXFLAGS -march=i686 $OPT_PIC"
CXX="$CXX" "$MAKE" "${MAKEARGS[@]}" CXXFLAGS="$CXXFLAGS" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
@ -1739,13 +1824,13 @@ if [[ ("$GCC_COMPILER" -ne "0" || "$CLANG_COMPILER" -ne "0" || "$INTEL_COMPILER"
# Release build
echo
echo "************************************" | tee -a "$TEST_RESULTS"
echo "Testing: Release, i586 minimum arch CXXFLAGS" | tee -a "$TEST_RESULTS"
echo "Testing: Release, i686 minimum arch CXXFLAGS" | tee -a "$TEST_RESULTS"
echo
"$MAKE" clean > /dev/null 2>&1
rm -f adhoc.cpp > /dev/null 2>&1
CXXFLAGS="$RELEASE_CXXFLAGS -march=i586 $OPT_PIC"
CXXFLAGS="$RELEASE_CXXFLAGS -march=i686 $OPT_PIC"
CXX="$CXX" "$MAKE" "${MAKEARGS[@]}" CXXFLAGS="$CXXFLAGS" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then
@ -1822,7 +1907,7 @@ fi
# Mismatched arch capabilities
if [[ ( ("$IS_X86" -ne "0" || "$IS_X32" -ne "0" || "$IS_X64" -ne "0") && "$HAVE_NATIVE_ARCH" -ne "0") ]]; then
# i586 (lacks MMX, SSE and SSE2)
# i686 (lacks MMX, SSE and SSE2)
if [[ "$IS_X86" -ne "0" ]]; then
############################################
# Debug build
@ -1834,7 +1919,7 @@ if [[ ( ("$IS_X86" -ne "0" || "$IS_X32" -ne "0" || "$IS_X64" -ne "0") && "$HAVE_
"$MAKE" clean > /dev/null 2>&1
rm -f adhoc.cpp > /dev/null 2>&1
CXXFLAGS="$DEBUG_CXXFLAGS -march=i586 $OPT_PIC"
CXXFLAGS="$DEBUG_CXXFLAGS -march=i686 $OPT_PIC"
CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static 2>&1 | tee -a "$TEST_RESULTS"
# The makefile may add -DCRYPTOPP_DISABLE_XXX, so we can't add -march=native
@ -1864,7 +1949,7 @@ if [[ ( ("$IS_X86" -ne "0" || "$IS_X32" -ne "0" || "$IS_X64" -ne "0") && "$HAVE_
"$MAKE" clean > /dev/null 2>&1
rm -f adhoc.cpp > /dev/null 2>&1
CXXFLAGS="$RELEASE_CXXFLAGS -march=i586 $OPT_PIC"
CXXFLAGS="$RELEASE_CXXFLAGS -march=i686 $OPT_PIC"
CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static 2>&1 | tee -a "$TEST_RESULTS"
# The makefile may add -DCRYPTOPP_DISABLE_XXX, so we can't add -march=native
@ -5475,13 +5560,13 @@ echo | tee -a "$TEST_RESULTS"
# "Error" is from the GNU assembler
# "error" is from the sanitizers
# "Illegal", "Conditional", "0 errors" and "suppressed errors" are from Valgrind.
ECOUNT=$("$EGREP" '(Error|ERROR|error|FAILED|Illegal|Conditional|CryptoPP::Exception)' $TEST_RESULTS | "$EGREP" -v '( 0 errors|suppressed errors|error detector)' | wc -l | "$AWK" '{print $1}')
ECOUNT=$("$EGREP" '(Error|ERROR|error|FAILED|Illegal|Conditional|CryptoPP::Exception)' $TEST_RESULTS | "$EGREP" -v '( 0 errors|suppressed errors|error detector|format-security)' | wc -l | "$AWK" '{print $1}')
if (( "$ECOUNT" == "0" )); then
echo "No failures detected" | tee -a "$TEST_RESULTS"
else
echo "$ECOUNT errors detected. See $TEST_RESULTS for details" | tee -a "$TEST_RESULTS"
if (( "$ECOUNT" < 16 )); then
"$EGREP" -n '(Error|ERROR|error|FAILED|Illegal|Conditional|CryptoPP::Exception)' "$TEST_RESULTS" | "$EGREP" -v '( 0 errors|suppressed errors|error detector)'
"$EGREP" -n '(Error|ERROR|error|FAILED|Illegal|Conditional|CryptoPP::Exception)' "$TEST_RESULTS" | "$EGREP" -v '( 0 errors|suppressed errors|error detector|Assertion|format-security)'
fi
fi

2
cryptlib.h
View File

@ -99,7 +99,7 @@ and getting us started on the manual.
#if CRYPTOPP_MSC_VERSION
# pragma warning(push)
# pragma warning(disable: 4127 4189 4702)
# pragma warning(disable: 4127 4189 4505 4702)
#endif
NAMESPACE_BEGIN(CryptoPP)

4
datatest.cpp
View File

@ -25,8 +25,8 @@
# pragma strict_gs_check (on)
#endif
#if defined(__COVERITY__)
extern "C" void __coverity_tainted_data_sanitize__(void *);
#if CRYPTOPP_MSC_VERSION
# pragma warning(disable: 4505 4355)
#endif
NAMESPACE_BEGIN(CryptoPP)

53
dlltest.cpp
View File

@ -6,24 +6,27 @@
#include "cryptlib.h"
#include "filters.h"
#if CRYPTOPP_MSC_VERSION
# pragma warning(disable: 4505 4355)
#endif
USING_NAMESPACE(CryptoPP)
USING_NAMESPACE(std)
void FIPS140_SampleApplication()
{
if (!FIPS_140_2_ComplianceEnabled())
{
cerr << "FIPS 140-2 compliance was turned off at compile time.\n";
std::cerr << "FIPS 140-2 compliance was turned off at compile time.\n";
abort();
}
// check self test status
if (GetPowerUpSelfTestStatus() != POWER_UP_SELF_TEST_PASSED)
{
cerr << "Automatic power-up self test failed.\n";
std::cerr << "Automatic power-up self test failed.\n";
abort();
}
cout << "0. Automatic power-up self test passed.\n";
std::cout << "0. Automatic power-up self test passed.\n";
// simulate a power-up self test error
SimulatePowerUpSelfTestFailure();
@ -33,23 +36,23 @@ void FIPS140_SampleApplication()
AES::Encryption aes;
// should not be here
cerr << "Use of AES failed to cause an exception after power-up self test error.\n";
std::cerr << "Use of AES failed to cause an exception after power-up self test error.\n";
abort();
}
catch (SelfTestFailure &e)
{
cout << "1. Caught expected exception when simulating self test failure. Exception message follows: ";
cout << e.what() << endl;
std::cout << "1. Caught expected exception when simulating self test failure. Exception message follows: ";
std::cout << e.what() << std::endl;
}
// clear the self test error state and redo power-up self test
DoDllPowerUpSelfTest();
if (GetPowerUpSelfTestStatus() != POWER_UP_SELF_TEST_PASSED)
{
cerr << "Re-do power-up self test failed.\n";
std::cerr << "Re-do power-up self test failed.\n";
abort();
}
cout << "2. Re-do power-up self test passed.\n";
std::cout << "2. Re-do power-up self test passed.\n";
// encrypt and decrypt
const byte key[] = {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
@ -71,10 +74,10 @@ void FIPS140_SampleApplication()
if (memcmp(plaintext, decrypted, 24) != 0)
{
cerr << "DES-EDE3-CFB Encryption/decryption failed.\n";
std::cerr << "DES-EDE3-CFB Encryption/decryption failed.\n";
abort();
}
cout << "3. DES-EDE3-CFB Encryption/decryption succeeded.\n";
std::cout << "3. DES-EDE3-CFB Encryption/decryption succeeded.\n";
// hash
const byte message[] = {'a', 'b', 'c'};
@ -87,10 +90,10 @@ void FIPS140_SampleApplication()
if (memcmp(digest, expectedDigest, 20) != 0)
{
cerr << "SHA-1 hash failed.\n";
std::cerr << "SHA-1 hash failed.\n";
abort();
}
cout << "4. SHA-1 hash succeeded.\n";
std::cout << "4. SHA-1 hash succeeded.\n";
// create auto-seeded X9.17 RNG object, if available
#ifdef OS_RNG_AVAILABLE
@ -107,10 +110,10 @@ void FIPS140_SampleApplication()
dsaPublicKey.AssignFrom(dsaPrivateKey);
if (!dsaPrivateKey.Validate(rng, 3) || !dsaPublicKey.Validate(rng, 3))
{
cerr << "DSA key generation failed.\n";
std::cerr << "DSA key generation failed.\n";
abort();
}
cout << "5. DSA key generation succeeded.\n";
std::cout << "5. DSA key generation succeeded.\n";
// encode DSA key
std::string encodedDsaPublicKey, encodedDsaPrivateKey;
@ -125,10 +128,10 @@ void FIPS140_SampleApplication()
if (!decodedDsaPrivateKey.Validate(rng, 3) || !decodedDsaPublicKey.Validate(rng, 3))
{
cerr << "DSA key encode/decode failed.\n";
std::cerr << "DSA key encode/decode failed.\n";
abort();
}
cout << "6. DSA key encode/decode succeeded.\n";
std::cout << "6. DSA key encode/decode succeeded.\n";
// sign and verify
byte signature[40];
@ -139,20 +142,20 @@ void FIPS140_SampleApplication()
DSA::Verifier verifier(dsaPublicKey);
if (!verifier.VerifyMessage(message, 3, signature, sizeof(signature)))
{
cerr << "DSA signature and verification failed.\n";
std::cerr << "DSA signature and verification failed.\n";
abort();
}
cout << "7. DSA signature and verification succeeded.\n";
std::cout << "7. DSA signature and verification succeeded.\n";
// try to verify an invalid signature
signature[0] ^= 1;
if (verifier.VerifyMessage(message, 3, signature, sizeof(signature)))
{
cerr << "DSA signature verification failed to detect bad signature.\n";
std::cerr << "DSA signature verification failed to detect bad signature.\n";
abort();
}
cout << "8. DSA signature verification successfully detected bad signature.\n";
std::cout << "8. DSA signature verification successfully detected bad signature.\n";
// try to use an invalid key length
try
@ -161,16 +164,16 @@ void FIPS140_SampleApplication()
encryption_DES_EDE3_ECB.SetKey(key, 5);
// should not be here
cerr << "DES-EDE3 implementation did not detect use of invalid key length.\n";
std::cerr << "DES-EDE3 implementation did not detect use of invalid key length.\n";
abort();
}
catch (InvalidArgument &e)
{
cout << "9. Caught expected exception when using invalid key length. Exception message follows: ";
cout << e.what() << endl;
std::cout << "9. Caught expected exception when using invalid key length. Exception message follows: ";
std::cout << e.what() << std::endl;
}
cout << "\nFIPS 140-2 Sample Application completed normally.\n";
std::cout << "\nFIPS 140-2 Sample Application completed normally.\n";
}
#ifdef CRYPTOPP_IMPORTS

56
drbg.h
View File

@ -86,13 +86,13 @@ public:
//! \brief Provides the security strength
//! \returns The security strength of the generator, in bytes
//! \details The equivalent class constant is <tt>SECURITY_STRENGTH</tt>
virtual unsigned int GetSecurityStrength() const=0;
virtual unsigned int SecurityStrength() const=0;
//! \brief Provides the seed length
//! \returns The seed size of the generator, in bytes
//! \details The equivalent class constant is <tt>SEED_LENGTH</tt>. The size is
//! used to maintain internal state of <tt>V</tt> and <tt>C</tt>.
virtual unsigned int GetSeedLength() const=0;
virtual unsigned int SeedLength() const=0;
//! \brief Provides the minimum entropy size
//! \returns The minimum entropy size required by the generator, in bytes
@ -100,7 +100,7 @@ public:
//! be instaniated with at least <tt>MINIMUM_ENTROPY</tt> bytes of entropy. The bytes must
//! meet <A HREF="http://csrc.nist.gov/publications/PubsSPs.html">NIST SP 800-90B or
//! SP 800-90C</A> requirements.
virtual unsigned int GetMinEntropy() const=0;
virtual unsigned int MinEntropyLength() const=0;
//! \brief Provides the maximum entropy size
//! \returns The maximum entropy size that can be consumed by the generator, in bytes
@ -108,14 +108,14 @@ public:
//! meet <A HREF="http://csrc.nist.gov/publications/PubsSPs.html">NIST SP 800-90B or
//! SP 800-90C</A> requirements. <tt>MAXIMUM_ENTROPY</tt> has been reduced from
//! 2<sup>35</sup> to <tt>INT_MAX</tt> to fit the underlying C++ datatype.
virtual unsigned int GetMaxEntropy() const=0;
virtual unsigned int MaxEntropyLength() const=0;
//! \brief Provides the minimum nonce size
//! \returns The minimum nonce size recommended for the generator, in bytes
//! \details The equivalent class constant is <tt>MINIMUM_NONCE</tt>. If a nonce is not
//! required then <tt>MINIMUM_NONCE</tt> is 0. <tt>Hash_DRBG</tt> does not require a
//! nonce, while <tt>HMAC_DRBG</tt> and <tt>CTR_DRBG</tt> require a nonce.
virtual unsigned int GetMinNonce() const=0;
virtual unsigned int MinNonceLength() const=0;
//! \brief Provides the maximum nonce size
//! \returns The maximum nonce that can be consumed by the generator, in bytes
@ -123,19 +123,19 @@ public:
//! has been reduced from 2<sup>35</sup> to <tt>INT_MAX</tt> to fit the underlying C++ datatype.
//! If a nonce is not required then <tt>MINIMUM_NONCE</tt> is 0. <tt>Hash_DRBG</tt> does not
//! require a nonce, while <tt>HMAC_DRBG</tt> and <tt>CTR_DRBG</tt> require a nonce.
virtual unsigned int GetMaxNonce() const=0;
virtual unsigned int MaxNonceLength() const=0;
//! \brief Provides the maximum size of a request to GenerateBlock
//! \returns The the maximum size of a request to GenerateBlock(), in bytes
//! \details The equivalent class constant is <tt>MAXIMUM_BYTES_PER_REQUEST</tt>
virtual unsigned int GetMaxBytesPerRequest() const=0;
virtual unsigned int MaxBytesPerRequest() const=0;
//! \brief Provides the maximum number of requests before a reseed
//! \returns The the maximum number of requests before a reseed, in bytes
//! \details The equivalent class constant is <tt>MAXIMUM_REQUESTS_BEFORE_RESEED</tt>.
//! <tt>MAXIMUM_REQUESTS_BEFORE_RESEED</tt> has been reduced from 2<sup>48</sup> to <tt>INT_MAX</tt>
//! to fit the underlying C++ datatype.
virtual unsigned int GetMaxRequestBeforeReseed() const=0;
virtual unsigned int MaxRequestBeforeReseed() const=0;
protected:
virtual void DRBG_Instantiate(const byte* entropy, size_t entropyLength,
@ -213,14 +213,14 @@ public:
DRBG_Instantiate(entropy, entropyLength, nonce, nonceLength, personalization, personalizationLength);
}
unsigned int GetSecurityStrength() const {return SECURITY_STRENGTH;}
unsigned int GetSeedLength() const {return SEED_LENGTH;}
unsigned int GetMinEntropy() const {return MINIMUM_ENTROPY;}
unsigned int GetMaxEntropy() const {return MAXIMUM_ENTROPY;}
unsigned int GetMinNonce() const {return MINIMUM_NONCE;}
unsigned int GetMaxNonce() const {return MAXIMUM_NONCE;}
unsigned int GetMaxBytesPerRequest() const {return MAXIMUM_BYTES_PER_REQUEST;}
unsigned int GetMaxRequestBeforeReseed() const {return MAXIMUM_REQUESTS_BEFORE_RESEED;}
unsigned int SecurityStrength() const {return SECURITY_STRENGTH;}
unsigned int SeedLength() const {return SEED_LENGTH;}
unsigned int MinEntropyLength() const {return MINIMUM_ENTROPY;}
unsigned int MaxEntropyLength() const {return MAXIMUM_ENTROPY;}
unsigned int MinNonceLength() const {return MINIMUM_NONCE;}
unsigned int MaxNonceLength() const {return MAXIMUM_NONCE;}
unsigned int MaxBytesPerRequest() const {return MAXIMUM_BYTES_PER_REQUEST;}
unsigned int MaxRequestBeforeReseed() const {return MAXIMUM_REQUESTS_BEFORE_RESEED;}
void IncorporateEntropy(const byte *input, size_t length)
{return DRBG_Reseed(input, length, NULLPTR, 0);}
@ -327,14 +327,14 @@ public:
DRBG_Instantiate(entropy, entropyLength, nonce, nonceLength, personalization, personalizationLength);
}
unsigned int GetSecurityStrength() const {return SECURITY_STRENGTH;}
unsigned int GetSeedLength() const {return SEED_LENGTH;}
unsigned int GetMinEntropy() const {return MINIMUM_ENTROPY;}
unsigned int GetMaxEntropy() const {return MAXIMUM_ENTROPY;}
unsigned int GetMinNonce() const {return MINIMUM_NONCE;}
unsigned int GetMaxNonce() const {return MAXIMUM_NONCE;}
unsigned int GetMaxBytesPerRequest() const {return MAXIMUM_BYTES_PER_REQUEST;}
unsigned int GetMaxRequestBeforeReseed() const {return MAXIMUM_REQUESTS_BEFORE_RESEED;}
unsigned int SecurityStrength() const {return SECURITY_STRENGTH;}
unsigned int SeedLength() const {return SEED_LENGTH;}
unsigned int MinEntropyLength() const {return MINIMUM_ENTROPY;}
unsigned int MaxEntropyLength() const {return MAXIMUM_ENTROPY;}
unsigned int MinNonceLength() const {return MINIMUM_NONCE;}
unsigned int MaxNonceLength() const {return MAXIMUM_NONCE;}
unsigned int MaxBytesPerRequest() const {return MAXIMUM_BYTES_PER_REQUEST;}
unsigned int MaxRequestBeforeReseed() const {return MAXIMUM_REQUESTS_BEFORE_RESEED;}
void IncorporateEntropy(const byte *input, size_t length)
{return DRBG_Reseed(input, length, NULLPTR, 0);}
@ -435,10 +435,10 @@ template <typename HASH, unsigned int STRENGTH, unsigned int SEEDLENGTH>
void Hash_DRBG<HASH, STRENGTH, SEEDLENGTH>::Hash_Generate(const byte* additional, size_t additionaLength, byte *output, size_t size)
{
// Step 1
if (static_cast<word64>(m_reseed) >= static_cast<word64>(GetMaxRequestBeforeReseed()))
if (static_cast<word64>(m_reseed) >= static_cast<word64>(MaxRequestBeforeReseed()))
throw NIST_DRBG::Err("Hash_DRBG", "Reseed required");
if (size > GetMaxBytesPerRequest())
if (size > MaxBytesPerRequest())
throw NIST_DRBG::Err("Hash_DRBG", "Request size exceeds limit");
// SP 800-90A, Section 9, says we should throw if we have too much entropy, too large a nonce,
@ -658,10 +658,10 @@ template <typename HASH, unsigned int STRENGTH, unsigned int SEEDLENGTH>
void HMAC_DRBG<HASH, STRENGTH, SEEDLENGTH>::HMAC_Generate(const byte* additional, size_t additionaLength, byte *output, size_t size)
{
// Step 1
if (static_cast<word64>(m_reseed) >= static_cast<word64>(GetMaxRequestBeforeReseed()))
if (static_cast<word64>(m_reseed) >= static_cast<word64>(MaxRequestBeforeReseed()))
throw NIST_DRBG::Err("HMAC_DRBG", "Reseed required");
if (size > GetMaxBytesPerRequest())
if (size > MaxBytesPerRequest())
throw NIST_DRBG::Err("HMAC_DRBG", "Request size exceeds limit");
// SP 800-90A, Section 9, says we should throw if we have too much entropy, too large a nonce,

9
ec2n.h
View File

@ -17,6 +17,11 @@
#include "smartptr.h"
#include "pubkey.h"
#if CRYPTOPP_MSC_VERSION
# pragma warning(push)
# pragma warning(disable: 4231 4275)
#endif
NAMESPACE_BEGIN(CryptoPP)
//! \class EC2N
@ -123,4 +128,8 @@ private:
NAMESPACE_END
#if CRYPTOPP_MSC_VERSION
# pragma warning(pop)
#endif
#endif

2
eccrypto.cpp
View File

@ -6,7 +6,7 @@
#if CRYPTOPP_MSC_VERSION
# pragma warning(push)
# pragma warning(disable: 4127 4189)
# pragma warning(disable: 4127 4189 4505)
#endif
#if CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE

9
eccrypto.h
View File

@ -22,6 +22,11 @@
#include "ecp.h"
#include "ec2n.h"
#if CRYPTOPP_MSC_VERSION
# pragma warning(push)
# pragma warning(disable: 4231 4275)
#endif
NAMESPACE_BEGIN(CryptoPP)
//! \brief Elliptic Curve Parameters
@ -665,4 +670,8 @@ CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_WithSignaturePairwiseConsistencyTest<D
NAMESPACE_END
#if CRYPTOPP_MSC_VERSION
# pragma warning(pop)
#endif
#endif

9
ecp.h
View File

@ -15,6 +15,11 @@
#include "smartptr.h"
#include "pubkey.h"
#if CRYPTOPP_MSC_VERSION
# pragma warning(push)
# pragma warning(disable: 4231 4275)
#endif
NAMESPACE_BEGIN(CryptoPP)
//! \class ECP
@ -140,4 +145,8 @@ private:
NAMESPACE_END
#if CRYPTOPP_MSC_VERSION
# pragma warning(pop)
#endif
#endif

2
filters.cpp
View File

@ -4,7 +4,7 @@
#include "config.h"
#if CRYPTOPP_MSC_VERSION
# pragma warning(disable: 4100 4189)
# pragma warning(disable: 4100 4189 4355)
#endif
#if CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE

2
filters.h
View File

@ -10,7 +10,7 @@
#if CRYPTOPP_MSC_VERSION
# pragma warning(push)
# pragma warning(disable: 4127 4189 4514)
# pragma warning(disable: 4127 4189 4231 4275 4514)
#endif
#include "cryptlib.h"

9
gf2n.h
View File

@ -14,6 +14,11 @@
#include <iosfwd>
#if CRYPTOPP_MSC_VERSION
# pragma warning(push)
# pragma warning(disable: 4231 4275)
#endif
NAMESPACE_BEGIN(CryptoPP)
//! \brief Polynomial with Coefficients in GF(2)
@ -375,4 +380,8 @@ template<> inline void swap(CryptoPP::PolynomialMod2 &a, CryptoPP::PolynomialMod
NAMESPACE_END
#endif
#if CRYPTOPP_MSC_VERSION
# pragma warning(pop)
#endif
#endif

2
gfpcrypt.h
View File

@ -12,7 +12,7 @@
#if CRYPTOPP_MSC_VERSION
# pragma warning(push)
# pragma warning(disable: 4189)
# pragma warning(disable: 4189 4231 4275)
#endif
#include "cryptlib.h"

4
hrtimer.cpp
View File

@ -30,8 +30,6 @@
NAMESPACE_BEGIN(CryptoPP)
#ifndef CRYPTOPP_IMPORTS
#if defined(CRYPTOPP_WIN32_AVAILABLE)
static TimerWord InitializePerformanceCounterFrequency()
{
@ -48,6 +46,8 @@ inline TimerWord PerformanceCounterFrequency()
}
#endif
#ifndef CRYPTOPP_IMPORTS
double TimerBase::ConvertTo(TimerWord t, Unit unit)
{
static unsigned long unitsPerSecondTable[] = {1, 1000, 1000*1000, 1000*1000*1000};

4
iterhash.cpp
View File

@ -6,6 +6,7 @@
#include "iterhash.h"
#include "misc.h"
#include "cpu.h"
NAMESPACE_BEGIN(CryptoPP)
@ -82,9 +83,6 @@ template <class T, class BASE> byte * IteratedHashBase<T, BASE>::CreateUpdateSpa
template <class T, class BASE> size_t IteratedHashBase<T, BASE>::HashMultipleBlocks(const T *input, size_t length)
{
// Hardware based SHA1 and SHA256 correct blocks themselves due to hardware requirements.
// For Intel, SHA1 will effectively call ByteReverse(). SHA256 formats data to Intel
// requirements, which means eight words ABCD EFGH are transformed to ABEF CDGH.
unsigned int blockSize = this->BlockSize();
bool noReverse = NativeByteOrderIs(this->GetByteOrder());
T* dataBuf = this->DataBuf();

14
iterhash.h
View File

@ -1,3 +1,5 @@
// iterhash.h - originally written and placed in the public domain by Wei Dai
#ifndef CRYPTOPP_ITERHASH_H
#define CRYPTOPP_ITERHASH_H
@ -6,6 +8,14 @@
#include "misc.h"
#include "simple.h"
#if CRYPTOPP_MSC_VERSION
# pragma warning(push)
# pragma warning(disable: 4231 4275)
# if (CRYPTOPP_MSC_VERSION >= 1400)
# pragma warning(disable: 6011 6386 28193)
# endif
#endif
NAMESPACE_BEGIN(CryptoPP)
//! \class HashInputTooLong
@ -179,4 +189,8 @@ protected:
NAMESPACE_END
#if CRYPTOPP_MSC_VERSION
# pragma warning(pop)
#endif
#endif

8
kalyna.cpp
View File

@ -70,14 +70,14 @@ inline void MakeOddKey(const word64 evenkey[NB], word64 oddkey[NB])
CRYPTOPP_ASSERT(0);
}
#else
static const unsigned int S = (NB == 2) ? 16 : (NB == 4) ? 32 : (NB == 8) ? 64 : -1;
static const unsigned int T = (NB == 2) ? 7 : (NB == 4) ? 11 : (NB == 8) ? 19 : -1;
static const unsigned int U = (NB == 2) ? 16 : (NB == 4) ? 32 : (NB == 8) ? 64 : -1;
static const unsigned int V = (NB == 2) ? 7 : (NB == 4) ? 11 : (NB == 8) ? 19 : -1;
const byte* even = reinterpret_cast<const byte*>(evenkey);
byte* odd = reinterpret_cast<byte*>(oddkey);
memcpy(odd, even + T, S - T);
memcpy(odd + S - T, even, T);
memcpy(odd, even + V, U - V);
memcpy(odd + U - V, even, V);
#endif
}

9
modarith.h
View File

@ -14,6 +14,11 @@
#include "secblock.h"
#include "misc.h"
#if CRYPTOPP_MSC_VERSION
# pragma warning(push)
# pragma warning(disable: 4231 4275)
#endif
NAMESPACE_BEGIN(CryptoPP)
CRYPTOPP_DLL_TEMPLATE_CLASS AbstractGroup<Integer>;
@ -313,4 +318,8 @@ private:
NAMESPACE_END
#if CRYPTOPP_MSC_VERSION
# pragma warning(pop)
#endif
#endif

12
modes.h
View File

@ -20,6 +20,14 @@
# pragma GCC diagnostic ignored "-Wsign-conversion"
#endif
#if CRYPTOPP_MSC_VERSION
# pragma warning(push)
# pragma warning(disable: 4231 4275)
# if (CRYPTOPP_MSC_VERSION >= 1400)
# pragma warning(disable: 6011 6386 28193)
# endif
#endif
NAMESPACE_BEGIN(CryptoPP)
//! \class CipherModeDocumentation
@ -475,6 +483,10 @@ struct CBC_CTS_Mode_ExternalCipher : public CipherModeDocumentation
NAMESPACE_END
// Issue 340
#if CRYPTOPP_MSC_VERSION
# pragma warning(pop)
#endif
#if CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE
# pragma GCC diagnostic pop
#endif

9
modexppc.h
View File

@ -9,6 +9,11 @@
#include "smartptr.h"
#include "pubkey.h"
#if CRYPTOPP_MSC_VERSION
# pragma warning(push)
# pragma warning(disable: 4231 4275)
#endif
NAMESPACE_BEGIN(CryptoPP)
CRYPTOPP_DLL_TEMPLATE_CLASS DL_FixedBasePrecomputationImpl<Integer>;
@ -36,4 +41,8 @@ private:
NAMESPACE_END
#if CRYPTOPP_MSC_VERSION
# pragma warning(pop)
#endif
#endif

4
regtest1.cpp
View File

@ -34,6 +34,10 @@
# pragma strict_gs_check (on)
#endif
#if CRYPTOPP_MSC_VERSION
# pragma warning(disable: 4505 4355)
#endif
USING_NAMESPACE(CryptoPP)
// Unkeyed ciphers

4
regtest2.cpp
View File

@ -61,6 +61,10 @@
# pragma strict_gs_check (on)
#endif
#if CRYPTOPP_MSC_VERSION
# pragma warning(disable: 4505 4355)
#endif
USING_NAMESPACE(CryptoPP)
// Shared key ciphers

4
regtest3.cpp
View File

@ -26,6 +26,10 @@
# pragma strict_gs_check (on)
#endif
#if CRYPTOPP_MSC_VERSION
# pragma warning(disable: 4505 4355)
#endif
USING_NAMESPACE(CryptoPP)
void RegisterFactories3()

8
seal.cpp
View File

@ -4,6 +4,7 @@
#include "pch.h"
#include "seal.h"
#include "cpu.h"
#include "sha.h"
#include "misc.h"
#include "secblock.h"
@ -37,11 +38,16 @@ word32 SEAL_Gamma::Apply(word32 i)
word32 shaIndex = i/5;
if (shaIndex != lastIndex)
{
memcpy(Z, H, 20);
#if CRYPTOPP_BOOL_SSE_SHA_INTRINSICS_AVAILABLE
D[0] = ConditionalByteReverse(HasSHA() ? BIG_ENDIAN_ORDER : LITTLE_ENDIAN_ORDER, shaIndex);
#else
D[0] = shaIndex;
#endif
memcpy(Z, H, 20);
SHA1::Transform(Z, D);
lastIndex = shaIndex;
}
return Z[i%5];
}

4
secblock.h
View File

@ -12,9 +12,9 @@
#if CRYPTOPP_MSC_VERSION
# pragma warning(push)
# pragma warning(disable: 4700)
# pragma warning(disable: 4231 4275 4700)
# if (CRYPTOPP_MSC_VERSION >= 1400)
# pragma warning(disable: 6386)
# pragma warning(disable: 6011 6386 28193)
# endif
#endif

28
sha.cpp
View File

@ -112,7 +112,7 @@ static void SHA1_SSE_SHA_Transform(word32 *state, const word32 *data)
ABCD = _mm_loadu_si128((__m128i*) state);
E0 = _mm_set_epi32(state[4], 0, 0, 0);
ABCD = _mm_shuffle_epi32(ABCD, 0x1B);
MASK = _mm_set_epi8(3,2,1,0, 7,6,5,4, 11,10,9,8, 15,14,13,12);
MASK = _mm_set_epi8(0,1,2,3, 4,5,6,7, 8,9,10,11, 12,13,14,15);
// Save current hash
ABCD_SAVE = ABCD;
@ -498,6 +498,30 @@ void SHA1::Transform(word32 *state, const word32 *data)
s_pfn(state, data);
}
#if CRYPTOPP_BOOL_SSE_SHA_INTRINSICS_AVAILABLE
size_t SHA1::HashMultipleBlocks(const word32 *input, size_t length)
{
static const bool noReverse = HasSHA() || NativeByteOrderIs(this->GetByteOrder());
const unsigned int blockSize = this->BlockSize();
word32* dataBuf = this->DataBuf();
do
{
if (noReverse)
this->HashEndianCorrectedBlock(input);
else
{
ByteReverse(dataBuf, input, this->BlockSize());
this->HashEndianCorrectedBlock(dataBuf);
}
input += blockSize/sizeof(word32);
length -= blockSize;
}
while (length >= blockSize);
return length;
}
#endif
// *************************************************************
void SHA224::InitState(HashWordType *state)
@ -1641,7 +1665,7 @@ CRYPTOPP_NAKED static void CRYPTOPP_FASTCALL SHA512_SSE2_Transform(word64 *state
// first 16 rounds
ASL(0)
AS2( movq mm0, [edx+eax*8])
AS2( movq mm0, [edx+eax*8])
AS2( movq [esi+eax*8], mm0)
AS2( movq [esi+eax*8+16*8], mm0)
AS2( paddq mm0, [ebx+eax*8])

3
sha.h
View File

@ -25,6 +25,9 @@ NAMESPACE_BEGIN(CryptoPP)
class CRYPTOPP_DLL SHA1 : public IteratedHashWithStaticTransform<word32, BigEndian, 64, 20, SHA1>
{
public:
#if CRYPTOPP_BOOL_SSE_SHA_INTRINSICS_AVAILABLE
size_t HashMultipleBlocks(const word32 *input, size_t length);
#endif
static void CRYPTOPP_API InitState(HashWordType *state);
static void CRYPTOPP_API Transform(word32 *digest, const word32 *data);
CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "SHA-1";}

2
strciphr.h
View File

@ -32,7 +32,7 @@
#if CRYPTOPP_MSC_VERSION
# pragma warning(push)
# pragma warning(disable: 4127 4189)
# pragma warning(disable: 4127 4189 4231 4275)
#endif
#include "cryptlib.h"

1
test.cpp
View File

@ -392,7 +392,6 @@ int CRYPTOPP_API main(int argc, char *argv[])
{
FileSource usage(CRYPTOPP_DATA_DIR "TestData/usage.dat", true, new FileSink(std::cout));
return 1;
return 1;
}
else if (command == "V")
{

7
trap.h
View File

@ -23,9 +23,8 @@
# if defined(UNIX_SIGNALS_AVAILABLE)
# include "ossig.h"
# elif defined(CRYPTOPP_WIN32_AVAILABLE) && !defined(__CYGWIN__)
# if (_MSC_VER >= 1400)
# include <intrin.h>
# endif
extern "C" __declspec(dllimport) void __stdcall DebugBreak();
extern "C" __declspec(dllimport) int __stdcall IsDebuggerPresent();
# endif
#endif // CRYPTOPP_DEBUG
@ -80,7 +79,7 @@
<< (int)(__LINE__) << "): " << (char*)(__FUNCTION__) \
<< std::endl; \
std::cerr << oss.str(); \
__debugbreak(); \
if (IsDebuggerPresent()) {DebugBreak();} \
} \
}
#endif // DEBUG and Unix or Windows

15
validat0.cpp
View File

@ -31,6 +31,10 @@
# pragma strict_gs_check (on)
#endif
#if CRYPTOPP_MSC_VERSION
# pragma warning(disable: 4505 4355)
#endif
NAMESPACE_BEGIN(CryptoPP)
NAMESPACE_BEGIN(Test)
@ -141,9 +145,6 @@ bool TestPolynomialMod2()
std::cout << (!pass2 ? "FAILED" : "passed") << ": " << "0x" << std::hex << word(SIZE_MAX) << std::dec << " shifted over range [" << start << "," << stop << "]" << "\n";
std::cout << (!pass3 ? "FAILED" : "passed") << ": " << "random values shifted over range [" << std::dec << start << "," << stop << "]" << "\n";
if (!(pass1 && pass2 && pass3))
std::cout.flush();
return pass1 && pass2 && pass3;
}
#endif
@ -428,7 +429,6 @@ bool TestCompressors()
// **************************************************************
std::cout.flush();
return !fail1 && !fail2 && !fail3;
}
@ -684,6 +684,7 @@ bool TestSharing()
vector_member_ptrs<StringSource> strSources(threshold);
channel.resize(CHID_LENGTH);
for (unsigned int i=0; i<threshold; i++)
{
strSources[i].reset(new StringSource(strShares[i], false));
@ -717,6 +718,7 @@ bool TestSharing()
for (unsigned int shares=3; shares<SECRET_SHARES; ++shares)
{
std::string message;
unsigned int len = GlobalRNG().GenerateWord32(0, 0xff);
unsigned int threshold = GlobalRNG().GenerateWord32(2, shares-1);
@ -1226,7 +1228,6 @@ bool TestRounding()
std::cout << (fail ? "FAILED:" : "passed:") << " RoundUpToMultipleOf, word128, overflow\n";
#endif
std::cout.flush();
return pass;
}
#endif
@ -1305,7 +1306,6 @@ bool RunASN1TestSet(const ASN1_TestTuple asnTuples[], size_t count)
pass = !fail && pass;
}
std::cout.flush();
return pass;
}
@ -1479,7 +1479,6 @@ bool TestASN1Parse()
pass = RunASN1TestSet(integerValues, COUNTOF(integerValues)) && pass;
std::cout.flush();
return pass;
}
#endif
@ -2444,7 +2443,6 @@ bool TestSecBlock()
std::cout << " FixedSizeAllocator Grow with word128\n";
#endif
std::cout.flush();
return pass1 && pass2 && pass3 && pass4 && pass5 && pass6 && pass7;
}
#endif
@ -3212,7 +3210,6 @@ bool TestIntegerBitops()
std::cout << "FAILED:";
std::cout << " Bitwise XOR over 32-bits to 1024-bits\n";
std::cout.flush();
return opa && opo && opx;
}
#endif

14
validat1.cpp
View File

@ -64,6 +64,10 @@
# pragma strict_gs_check (on)
#endif
#if CRYPTOPP_MSC_VERSION
# pragma warning(disable: 4505 4355)
#endif
NAMESPACE_BEGIN(CryptoPP)
NAMESPACE_BEGIN(Test)
@ -79,9 +83,10 @@ bool ValidateAll(bool thorough)
#if defined(CRYPTOPP_EXTENDED_VALIDATION)
pass=TestMersenne() && pass;
#endif
#if (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64)
pass=TestRDRAND() && pass;
pass=TestRDSEED() && pass;
#endif
#if defined(CRYPTOPP_EXTENDED_VALIDATION)
// http://github.com/weidai11/cryptopp/issues/92
pass=TestSecBlock() && pass;
@ -714,7 +719,6 @@ bool TestRandomPool()
}
#endif
std::cout.flush();
return pass;
}
@ -809,7 +813,6 @@ bool TestAutoSeededX917()
std::cout << "passed:";
std::cout << " GenerateWord32 and Crop\n";
std::cout.flush();
return pass;
}
#endif
@ -920,11 +923,11 @@ bool TestMersenne()
std::cout << "passed:";
std::cout << " GenerateWord32 and Crop\n";
std::cout.flush();
return pass;
}
#endif
#if (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64)
bool TestRDRAND()
{
std::cout << "\nTesting RDRAND generator...\n\n";
@ -1024,7 +1027,6 @@ bool TestRDRAND()
else
std::cout << "RDRAND generator not available, skipping test.\n";
std::cout.flush();
return pass;
}
@ -1127,9 +1129,9 @@ bool TestRDSEED()
else
std::cout << "RDSEED generator not available, skipping test.\n";
std::cout.flush();
return pass;
}
#endif
bool ValidateHashDRBG()
{

4
validat2.cpp
View File

@ -51,6 +51,10 @@
# pragma strict_gs_check (on)
#endif
#if CRYPTOPP_MSC_VERSION
# pragma warning(disable: 4505 4355)
#endif
NAMESPACE_BEGIN(CryptoPP)
NAMESPACE_BEGIN(Test)

4
validat3.cpp
View File

@ -44,6 +44,10 @@
# pragma strict_gs_check (on)
#endif
#if CRYPTOPP_MSC_VERSION
# pragma warning(disable: 4505 4355)
#endif
NAMESPACE_BEGIN(CryptoPP)
NAMESPACE_BEGIN(Test)

3
validate.h
View File

@ -25,9 +25,10 @@ bool TestRandomPool();
#if !defined(NO_OS_DEPENDENCE)
bool TestAutoSeededX917();
#endif
#if (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64)
bool TestRDRAND();
bool TestRDSEED();
#endif
bool ValidateBaseCode();
bool ValidateCRC32();
bool ValidateCRC32C();