diff --git a/.appveyor.yml b/.appveyor.yml index 67a71b8a..5ca48d45 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -20,8 +20,6 @@ image: - Visual Studio 2017 - Visual Studio 2015 - Visual Studio 2013 -- Visual Studio 2012 -- Visual Studio 2010 build: @@ -34,9 +32,9 @@ test_script: - cmd: >- msbuild /t:CopyCryptestToRoot cryptest.vcxproj - + cryptest.exe v - + cryptest.exe tv all # Right now, we have a few failures that we don't know how to workaround. @@ -53,3 +51,10 @@ matrix: configuration: Release - image: Visual Studio 2010 - image: Visual Studio 2017 + +notifications: + email: + recipients: + - cryptopp-build@googlegroups.com + on_success: always # default: change + on_failure: always # default: always diff --git a/.travis.yml b/.travis.yml index 9efb17f6..1f8e90e8 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,56 +1,70 @@ -language: cpp - -os: - - linux - - osx - -dist: trusty -sudo: false - -# OS X only supports one image. Us the latest. -osx_image: - - xcode8.2 -# - xcode7.3 -# - xcode6.4 - -git: - depth: 3 - -compiler: - - clang - - gcc - -env: - global: - - BUILD_JOBS=2 - - matrix: - - BUILD_MODE="shared" - - BUILD_MODE="static" - - BUILD_MODE="no-asm" - - BUILD_MODE="asan" - - BUILD_MODE="ubsan" - - BUILD_MODE="valgrind" - - exclude: - # Skip GCC on OS X entirely - - os: osx - compiler: gcc - - # The sanitizer builds under Clang run the tests very - # slowly and cause CI timeouts. - - - compiler: clang - env: BUILD_MODE="asan" - - compiler: clang - env: BUILD_MODE="ubsan" - - compiler: clang - env: BUILD_MODE="valgrind" - -# whitelist branches to avoid testing feature branches twice -branches: - only: - - master - -#notifications: -# email: jdoe@example.com +language: cpp + +os: + - linux + - osx + +dist: trusty +sudo: false + +# OS X only supports one image. Use the latest. +osx_image: xcode8.2 + +git: + depth: 3 + +compiler: + - clang + - gcc + +env: + global: + - BUILD_JOBS=2 + + matrix: + - BUILD_MODE="all" + - BUILD_MODE="no-asm" + - BUILD_MODE="asan" + - BUILD_MODE="ubsan" + - BUILD_MODE="codecov" + +matrix: + + exclude: + # Skip GCC on OS X entirely + - os: osx + compiler: gcc + # CodeCov crashes under Clang + - compiler: clang + env: BUILD_MODE="codecov" + + allow_failures: + # Ignore problems with old toolchains + - env: BUILD_MODE="ubsan" + - env: BUILD_MODE="asan" + +script: + - make "$BUILD_MODE" && ./cryptest.exe v && ./cryptest.exe tv all + +after_success: + - if [[ ( ("$BUILD_MODE" = "coverage") && ("$CC" = "gcc") ) ]]; then CODECOV_TOKEN="5c7bc59c-e95f-4594-82c3-33e7a1942592" bash <(curl -s https://codecov.io/bash); fi; + +# whitelist branches to avoid testing feature branches twice +branches: + only: + - master + +addons: + sonarqube: true + + coverity_scan: + project: + name: "cryptopp" + build_command: "make -j 2" + +notifications: + email: + recipients: + - cryptopp-build@googlegroups.com + on_success: always # default: change + on_failure: always # default: always \ No newline at end of file diff --git a/GNUmakefile b/GNUmakefile index 91633f7f..43ef267a 100755 --- a/GNUmakefile +++ b/GNUmakefile @@ -404,11 +404,27 @@ endif # ELF/ELF64 endif # CXXFLAGS endif # Gold -# GCC code coverage. Issue 'make coverage'. -ifneq ($(filter coverage,$(MAKECMDGOALS)),) +# lcov code coverage. Issue 'make coverage'. +ifneq ($(filter lcov coverage,$(MAKECMDGOALS)),) +CXXFLAGS := $(CXXFLAGS:-g%=-g3) +CXXFLAGS := $(CXXFLAGS:-O%=-O1) +CXXFLAGS := $(CXXFLAGS:-xO%=-xO1) ifeq ($(findstring -DCRYPTOPP_COVERAGE,$(CXXFLAGS)),) CXXFLAGS += -DCRYPTOPP_COVERAGE +endif # CRYPTOPP_COVERAGE +ifeq ($(findstring -coverage,$(CXXFLAGS)),) +CXXFLAGS += -coverage endif # -coverage +endif # GCC code coverage + +# gcov code coverage for Travis. Issue 'make codecov'. +ifneq ($(filter gcov codecov,$(MAKECMDGOALS)),) +CXXFLAGS := $(CXXFLAGS:-g%=-g3) +CXXFLAGS := $(CXXFLAGS:-O%=-O1) +CXXFLAGS := $(CXXFLAGS:-xO%=-xO1) +ifeq ($(findstring -DCRYPTOPP_COVERAGE,$(CXXFLAGS)),) +CXXFLAGS += -DCRYPTOPP_COVERAGE +endif # CRYPTOPP_COVERAGE ifeq ($(findstring -coverage,$(CXXFLAGS)),) CXXFLAGS += -coverage endif # -coverage @@ -547,8 +563,8 @@ no-asm asan ubsan: libcryptopp.a cryptest.exe lean: static dynamic cryptest.exe # May want to export CXXFLAGS="-g3 -O1" -.PHONY: coverage -coverage: libcryptopp.a cryptest.exe +.PHONY: lcov coverage +lcov coverage: libcryptopp.a cryptest.exe @-$(RM) -r ./TestCoverage/ lcov --base-directory . --directory . --zerocounters -q ./cryptest.exe v @@ -557,7 +573,15 @@ coverage: libcryptopp.a cryptest.exe lcov --remove cryptest.info "adhoc.cpp" "wait.*" "network.*" "socketft.*" "fips140.*" "*test.*" "bench*.cpp" "validat*.*" "/usr/*" -o cryptest.info genhtml -o ./TestCoverage/ -t "cryptest.exe test coverage" --num-spaces 4 cryptest.info -# SHould use CXXFLAGS="-g3 -O1" +# Travis CI and CodeCov rule +.PHONY: gcov codecov +gcov codecov: libcryptopp.a cryptest.exe + @-$(RM) -r ./TestCoverage/ + ./cryptest.exe v + ./cryptest.exe tv all + gcov -r $(SRCS) + +# Should use CXXFLAGS="-g3 -O1" .PHONY: valgrind valgrind: libcryptopp.a cryptest.exe valgrind ./cryptest.exe v @@ -599,7 +623,7 @@ clean: @-$(RM) libcryptopp.a libcryptopp.dylib cryptopp.dll libcryptopp.dll.a libcryptopp.import.a @-$(RM) libcryptopp.so libcryptopp.so$(SOLIB_COMPAT_SUFFIX) libcryptopp.so$(SOLIB_VERSION_SUFFIX) @-$(RM) cryptest.exe dlltest.exe cryptest.import.exe cryptest.info ct - @-$(RM) *.gcno *.gcda *.stackdump core-* + @-$(RM) *.gcov *.gcno *.gcda *.stackdump core-* @-$(RM) /tmp/adhoc.exe @-$(RM) -r /tmp/cryptopp_test/ @-$(RM) -r *.exe.dSYM/ @@ -725,22 +749,22 @@ endif .PHONY: trim trim: ifneq ($(IS_DARWIN),0) - sed -i '' -e's/[[:space:]]*$$//' *.sh *.h *.cpp *.asm *.s *.sln *.vcxproj *.filters GNUmakefile GNUmakefile-cross - sed -i '' -e's/[[:space:]]*$$//' TestData/*.dat TestVectors/*.txt TestScripts/*.sh + sed -i '' -e's/[[:space:]]*$$//' *.sh .*.yml *.h *.cpp *.asm *.s *.sln *.vcxproj *.filters GNUmakefile GNUmakefile-cross + sed -i '' -e's/[[:space:]]*$$//' TestData/*.dat TestVectors/*.txt TestScripts/*.* make convert else - sed -i -e's/[[:space:]]*$$//' *.sh *.h *.cpp *.asm *.s *.sln *.vcxproj *.filters GNUmakefile GNUmakefile-cross - sed -i -e's/[[:space:]]*$$//' TestData/*.dat TestVectors/*.txt TestScripts/*.sh + sed -i -e's/[[:space:]]*$$//' *.sh .*.yml *.h *.cpp *.asm *.s *.sln *.vcxproj *.filters GNUmakefile GNUmakefile-cross + sed -i -e's/[[:space:]]*$$//' TestData/*.dat TestVectors/*.txt TestScripts/*.* make convert endif .PHONY: convert convert: @-$(CHMOD) 0700 TestVectors/ TestData/ TestScripts/ - @-$(CHMOD) 0600 $(TEXT_FILES) *.asm *.s *.zip *.cmake TestVectors/*.txt TestData/*.dat + @-$(CHMOD) 0600 $(TEXT_FILES) .*.yml *.asm *.s *.zip *.cmake TestVectors/*.txt TestData/*.dat TestScripts/*.* @-$(CHMOD) 0700 $(EXEC_FILES) *.sh *.cmd TestScripts/*.sh TestScripts/*.pl TestScripts/*.cmd @-$(CHMOD) 0700 *.cmd *.sh GNUmakefile GNUmakefile-cross TestScripts/*.sh TestScripts/*.pl - -unix2dos --keepdate --quiet $(TEXT_FILES) *.asm *.cmd *.cmake TestScripts/*.pl TestScripts/*.cmd + -unix2dos --keepdate --quiet $(TEXT_FILES) .*.yml *.asm *.cmd *.cmake TestScripts/*.* -dos2unix --keepdate --quiet GNUmakefile GNUmakefile-cross *.s *.sh TestScripts/*.sh ifneq ($(IS_DARWIN),0) @-xattr -c * @@ -793,6 +817,13 @@ rdrand-%.o: ./rdrand-nasm.sh endif +# Don't build Threefish with UBsan on Travis CI. Timeouts cause the build to fail. +# Also see https://stackoverflow.com/q/12983137/608639. +ifeq ($(findstring true,$(CI)),true) +threefish.o : threefish.cpp + $(CXX) $(strip $(subst -fsanitize=undefined,,$(CXXFLAGS))) -c $< +endif + # Don't build Rijndael with UBsan. Too much noise due to unaligned data accesses. ifneq ($(findstring -fsanitize=undefined,$(CXXFLAGS)),) rijndael.o : rijndael.cpp diff --git a/GNUmakefile-cross b/GNUmakefile-cross index 31b47559..0a3717ae 100755 --- a/GNUmakefile-cross +++ b/GNUmakefile-cross @@ -1,8 +1,5 @@ -CXXFLAGS ?= -DNDEBUG -g2 -Os -fPIC -pipe - -# The following options reduce code size, but breaks link or makes link very slow on some systems -# CXXFLAGS += -ffunction-sections -fdata-sections -# LDFLAGS += -Wl,--gc-sections +# Default CXXFLAGS if none were provided +CXXFLAGS ?= -DNDEBUG -g2 -O3 -fPIC -pipe AR ?= ar ARFLAGS ?= cr @@ -91,6 +88,70 @@ ifeq ($(IS_ARM_EMBEDDED),1) CXXFLAGS += $(ARM_EMBEDDED_FLAGS) --sysroot=$(ARM_EMBEDDED_SYSROOT) endif +# No ASM for Travis testing +ifeq ($(findstring no-asm,$(MAKECMDGOALS)),no-asm) + ifeq ($(findstring -DCRYPTOPP_DISABLE_ASM,$(CXXFLAGS)),) + CXXFLAGS += -DCRYPTOPP_DISABLE_ASM + endif # CXXFLAGS +endif # No ASM + +# Undefined Behavior Sanitizer (UBsan) testing. Issue 'make ubsan'. +ifeq ($(findstring ubsan,$(MAKECMDGOALS)),ubsan) + ifeq ($(findstring -fsanitize=undefined,$(CXXFLAGS)),) + CXXFLAGS += -fsanitize=undefined + endif # CXXFLAGS + ifeq ($(findstring -DCRYPTOPP_COVERAGE,$(CXXFLAGS)),) + CXXFLAGS += -DCRYPTOPP_COVERAGE + endif # CXXFLAGS +endif # UBsan + +# Address Sanitizer (Asan) testing. Issue 'make asan'. +ifeq ($(findstring asan,$(MAKECMDGOALS)),asan) + ifeq ($(findstring -fsanitize=address,$(CXXFLAGS)),) + CXXFLAGS += -fsanitize=address + endif # CXXFLAGS + ifeq ($(findstring -DCRYPTOPP_COVERAGE,$(CXXFLAGS)),) + CXXFLAGS += -DCRYPTOPP_COVERAGE + endif # CXXFLAGS + ifeq ($(findstring -fno-omit-frame-pointer,$(CXXFLAGS)),) + CXXFLAGS += -fno-omit-frame-pointer + endif # CXXFLAGS +endif # Asan + +# LD gold linker testing. Triggered by 'LD=ld.gold'. +ifeq ($(findstring ld.gold,$(LD)),ld.gold) + ifeq ($(findstring -fuse-ld=gold,$(CXXFLAGS)),) + ELF_FORMAT := $(shell file `which ld.gold` 2>&1 | cut -d":" -f 2 | $(EGREP) -i -c "elf") + ifneq ($(ELF_FORMAT),0) + LDFLAGS += -fuse-ld=gold + endif # ELF/ELF64 + endif # CXXFLAGS +endif # Gold + +# Valgrind testing. Issue 'make valgrind'. +ifneq ($(filter valgrind,$(MAKECMDGOALS)),) + # Tune flags; see http://valgrind.org/docs/manual/quick-start.html + CXXFLAGS := $(CXXFLAGS:-g%=-g3) + CXXFLAGS := $(CXXFLAGS:-O%=-O1) + CXXFLAGS := $(CXXFLAGS:-xO%=-xO1) + ifeq ($(findstring -DCRYPTOPP_VALGRIND,$(CXXFLAGS)),) + CXXFLAGS += -DCRYPTOPP_VALGRIND + endif # -DCRYPTOPP_VALGRIND +endif # Valgrind + +# Debug testing on GNU systems. Triggered by -DDEBUG. +# Newlib test due to http://sourceware.org/bugzilla/show_bug.cgi?id=20268 +ifneq ($(filter -DDEBUG -DDEBUG=1,$(CXXFLAGS)),) + USING_GLIBCXX := $(shell $(CXX) -x c++ $(CXXFLAGS) -E adhoc.cpp.proto 2>&1 | $(EGREP) -i -c "__GLIBCXX__") + ifneq ($(USING_GLIBCXX),0) + ifeq ($(HAS_NEWLIB),0) + ifeq ($(findstring -D_GLIBCXX_DEBUG,$(CXXFLAGS)),) + CXXFLAGS += -D_GLIBCXX_DEBUG + endif # CXXFLAGS + endif # HAS_NEWLIB + endif # USING_GLIBCXX +endif # GNU Debug build + # Dead code stripping. Issue 'make lean'. ifeq ($(findstring lean,$(MAKECMDGOALS)),lean) ifeq ($(findstring -ffunction-sections,$(CXXFLAGS)),) @@ -99,7 +160,7 @@ ifeq ($(findstring lean,$(MAKECMDGOALS)),lean) ifeq ($(findstring -fdata-sections,$(CXXFLAGS)),) CXXFLAGS += -fdata-sections endif # CXXFLAGS - ifeq ($(IS_IOS),1) + ifneq ($(IS_IOS),0) ifeq ($(findstring -Wl,-dead_strip,$(LDFLAGS)),) LDFLAGS += -Wl,-dead_strip endif # CXXFLAGS @@ -111,7 +172,7 @@ ifeq ($(findstring lean,$(MAKECMDGOALS)),lean) endif # Dead code stripping # List cryptlib.cpp first, then cpu.cpp, then integer.cpp to tame C++ static initialization problems. -SRCS := cryptlib.cpp cpu.cpp integer.cpp $(filter-out cryptlib.cpp cpu.cpp integer.cpp pch.cpp simple.cpp winpipes.cpp cryptlib_bds.cpp,$(wildcard *.cpp)) +SRCS := cryptlib.cpp cpu.cpp integer.cpp $(filter-out cryptlib.cpp cpu.cpp integer.cpp pch.cpp simple.cpp winpipes.cpp cryptlib_bds.cpp,$(sort $(wildcard *.cpp))) # List cryptlib.cpp first, then cpu.cpp, then integer.cpp to tame C++ static initialization problems. OBJS := $(SRCS:.cpp=.o) diff --git a/TestScripts/coverity-linux.txt b/TestScripts/coverity-linux.txt index b6805af6..3eedcb6c 100644 --- a/TestScripts/coverity-linux.txt +++ b/TestScripts/coverity-linux.txt @@ -1,32 +1,32 @@ -# coverity-linux.txt - Scan build submission instructions for Unix and Linux. -# Written and placed in public domain by Jeffrey Walton and Uri Blumenthal. -# Copyright assigned to Crypto++ project. -# -# The following are copy/paste instructions for invoking cov-build, building the library and submitting the artifacts for a scan. -# -# For more information see http://cryptopp.com/wiki/Coverity_Scan. - -################################################################## - -reset - -make distclean &>/dev/null - -# Usually we test with these flags -# CXXFLAGS="-DNDEBUG -g3 -O2" - -# Testing for Issue 302 (http://github.com/weidai11/cryptopp/issues/302) -CXXFLAGS="-DNDEBUG -g2 -O3 -march=i686 -msse -msse2 -msse3 -mssse3 -mno-aes" cov-build --dir cov-int make -j 2 - -tar czvf cryptopp.tgz cov-int - -CRYPTOPP_COVERITY_TOKEN=XXXXXXXXXXXXXXXX -COVERITY_SCAN_NAME="Rijndael-AliasedTable-SSE2-Linux-i686" - -curl - --form token="$CRYPTOPP_COVERITY_TOKEN" \ - --form email=webmaster@cryptopp.com \ - --form file=@cryptopp.tgz \ - --form version="$COVERITY_SCAN_NAME" \ - --form description="$COVERITY_SCAN_NAME" \ - https://scan.coverity.com/builds?project=Cryptopp +# coverity-linux.txt - Scan build submission instructions for Unix and Linux. +# Written and placed in public domain by Jeffrey Walton and Uri Blumenthal. +# Copyright assigned to Crypto++ project. +# +# The following are copy/paste instructions for invoking cov-build, building the library and submitting the artifacts for a scan. +# +# For more information see http://cryptopp.com/wiki/Coverity_Scan. + +################################################################## + +reset + +make distclean &>/dev/null + +# Usually we test with these flags +# CXXFLAGS="-DNDEBUG -g3 -O2" + +# Testing for Issue 302 (http://github.com/weidai11/cryptopp/issues/302) +CXXFLAGS="-DNDEBUG -g2 -O3 -march=i686 -msse -msse2 -msse3 -mssse3 -mno-aes" cov-build --dir cov-int make -j 2 + +tar czvf cryptopp.tgz cov-int + +CRYPTOPP_COVERITY_TOKEN=XXXXXXXXXXXXXXXX +COVERITY_SCAN_NAME="Rijndael-AliasedTable-SSE2-Linux-i686" + +curl + --form token="$CRYPTOPP_COVERITY_TOKEN" \ + --form email=webmaster@cryptopp.com \ + --form file=@cryptopp.tgz \ + --form version="$COVERITY_SCAN_NAME" \ + --form description="$COVERITY_SCAN_NAME" \ + https://scan.coverity.com/builds?project=Cryptopp diff --git a/TestScripts/coverity-macosx.txt b/TestScripts/coverity-macosx.txt index fe778240..d5df3f75 100644 --- a/TestScripts/coverity-macosx.txt +++ b/TestScripts/coverity-macosx.txt @@ -1,36 +1,36 @@ -# coverity-linux.txt - Scan build submission instructions for Unix and Linux. -# Written and placed in public domain by Jeffrey Walton and Uri Blumenthal. -# Copyright assigned to Crypto++ project. -# -# The following are copy/paste instructions for invoking cov-build, building the library and submitting the artifacts for a scan. -# -# For more information see http://cryptopp.com/wiki/Coverity_Scan. - -################################################################## - -reset - -make distclean &>/dev/null - -# Usually we test with these flags -CXXFLAGS="-DNDEBUG -g3 -O2" cov-build --dir cov-int make -j 2 - -# Sometimes we need these flags (add COVERITY_UNSUPPORTED) -# COVERITY_UNSUPPORTED=1 CXXFLAGS="-DNDEBUG -g3 -O2" cov-build --dir cov-int make -j 2 - -# Sometimes we need these flags (alternate compile, C++11) -# CXX=/opt/local/bin/clang++-mp-3.7 COVERITY_UNSUPPORTED=1 CXXFLAGS="-DNDEBUG -g3 -O2 -std=c++11" cov-build --dir cov-int make -j 2 - - -tar czvf cryptopp.tgz cov-int - -CRYPTOPP_COVERITY_TOKEN=XXXXXXXXXXXXXXXX -COVERITY_SCAN_NAME="Cryptopp-MacOSX-x86_64" - -curl - --form token="$CRYPTOPP_COVERITY_TOKEN" \ - --form email=webmaster@cryptopp.com \ - --form file=@cryptopp.tgz \ - --form version="$COVERITY_SCAN_NAME" \ - --form description="$COVERITY_SCAN_NAME" \ - https://scan.coverity.com/builds?project=Cryptopp +# coverity-linux.txt - Scan build submission instructions for Unix and Linux. +# Written and placed in public domain by Jeffrey Walton and Uri Blumenthal. +# Copyright assigned to Crypto++ project. +# +# The following are copy/paste instructions for invoking cov-build, building the library and submitting the artifacts for a scan. +# +# For more information see http://cryptopp.com/wiki/Coverity_Scan. + +################################################################## + +reset + +make distclean &>/dev/null + +# Usually we test with these flags +CXXFLAGS="-DNDEBUG -g3 -O2" cov-build --dir cov-int make -j 2 + +# Sometimes we need these flags (add COVERITY_UNSUPPORTED) +# COVERITY_UNSUPPORTED=1 CXXFLAGS="-DNDEBUG -g3 -O2" cov-build --dir cov-int make -j 2 + +# Sometimes we need these flags (alternate compile, C++11) +# CXX=/opt/local/bin/clang++-mp-3.7 COVERITY_UNSUPPORTED=1 CXXFLAGS="-DNDEBUG -g3 -O2 -std=c++11" cov-build --dir cov-int make -j 2 + + +tar czvf cryptopp.tgz cov-int + +CRYPTOPP_COVERITY_TOKEN=XXXXXXXXXXXXXXXX +COVERITY_SCAN_NAME="Cryptopp-MacOSX-x86_64" + +curl + --form token="$CRYPTOPP_COVERITY_TOKEN" \ + --form email=webmaster@cryptopp.com \ + --form file=@cryptopp.tgz \ + --form version="$COVERITY_SCAN_NAME" \ + --form description="$COVERITY_SCAN_NAME" \ + https://scan.coverity.com/builds?project=Cryptopp diff --git a/TestScripts/coverity-windows.txt b/TestScripts/coverity-windows.txt index b289920d..c8f2f381 100644 --- a/TestScripts/coverity-windows.txt +++ b/TestScripts/coverity-windows.txt @@ -1,30 +1,30 @@ -REM coverity-windows.txt - Scan build submission instructions for Windows using cryptest.nmake. -REM Written and placed in public domain by Jeffrey Walton and Uri Blumenthal. -REM Copyright assigned to Crypto++ project. -REM -REM The following are copy/paste instructions for invoking cov-build, building the library and -REM submitting the artifacts for a scan. Also see http://cryptopp.com/wiki/Coverity_Scan. - -REM ################################################################ - -cls - -del /f cryptopp.zip -rmdir /q /s cov-int -nmake /f cryptest.nmake clean - -REM Uncomment CXXFLAGS in makefile. Pay attention to X86, X64 or ARM -cov-build.exe --dir cov-int nmake /f cryptest.nmake - -7z.exe a -r -tzip -mx=9 cryptopp.zip cov-int - -set CRYPTOPP_COVERITY_TOKEN=XXXXXXXXXXXXXXXX -set COVERITY_SCAN_NAME=Rijndael-AliasedTable-SSE2-Windows-X64 - -curl.exe ^ - --form token="%CRYPTOPP_COVERITY_TOKEN%" ^ - --form email=webmaster@cryptopp.com ^ - --form file=@cryptopp.zip ^ - --form version="%COVERITY_SCAN_NAME%" ^ - --form description="%COVERITY_SCAN_NAME%" ^ - https://scan.coverity.com/builds?project=Cryptopp +REM coverity-windows.txt - Scan build submission instructions for Windows using cryptest.nmake. +REM Written and placed in public domain by Jeffrey Walton and Uri Blumenthal. +REM Copyright assigned to Crypto++ project. +REM +REM The following are copy/paste instructions for invoking cov-build, building the library and +REM submitting the artifacts for a scan. Also see http://cryptopp.com/wiki/Coverity_Scan. + +REM ################################################################ + +cls + +del /f cryptopp.zip +rmdir /q /s cov-int +nmake /f cryptest.nmake clean + +REM Uncomment CXXFLAGS in makefile. Pay attention to X86, X64 or ARM +cov-build.exe --dir cov-int nmake /f cryptest.nmake + +7z.exe a -r -tzip -mx=9 cryptopp.zip cov-int + +set CRYPTOPP_COVERITY_TOKEN=XXXXXXXXXXXXXXXX +set COVERITY_SCAN_NAME=Rijndael-AliasedTable-SSE2-Windows-X64 + +curl.exe ^ + --form token="%CRYPTOPP_COVERITY_TOKEN%" ^ + --form email=webmaster@cryptopp.com ^ + --form file=@cryptopp.zip ^ + --form version="%COVERITY_SCAN_NAME%" ^ + --form description="%COVERITY_SCAN_NAME%" ^ + https://scan.coverity.com/builds?project=Cryptopp diff --git a/TestScripts/cryptest.sh b/TestScripts/cryptest.sh index 51ad51c6..e2a058d6 100755 --- a/TestScripts/cryptest.sh +++ b/TestScripts/cryptest.sh @@ -88,8 +88,12 @@ IS_FREEBSD=$(echo -n "$THIS_SYSTEM" | "$GREP" -i -c freebsd) IS_NETBSD=$(echo -n "$THIS_SYSTEM" | "$GREP" -i -c netbsd) IS_SOLARIS=$(echo -n "$THIS_SYSTEM" | "$GREP" -i -c sunos) +IS_DEBIAN=$(lsb_release -a 2>&1 | "$GREP" -i -c debian) +IS_FEDORA=$(lsb_release -a 2>&1 | "$GREP" -i -c fedora) +IS_UBUNTU=$(lsb_release -a 2>&1 | "$GREP" -i -c ubuntu) + THIS_MACHINE=$(uname -m 2>&1) -IS_X86=$(echo -n "$THIS_MACHINE" | "$EGREP" -i -c "(i386|i486|i586|i686)") +IS_X86=$(echo -n "$THIS_MACHINE" | "$EGREP" -i -c "(i386|i486|i686|i686)") IS_X64=$(echo -n "$THIS_MACHINE" | "$EGREP" -i -c "(amd64|x86_64)") IS_PPC=$(echo -n "$THIS_MACHINE" | "$EGREP" -i -c "(Power|PPC)") IS_ARM32=$(echo -n "$THIS_MACHINE" | "$GREP" -v "64" | "$EGREP" -i -c "(arm|aarch32)") @@ -819,8 +823,8 @@ CPU_COUNT=1 MEM_SIZE=512 if [[ (-e "/proc/cpuinfo") && (-e "/proc/meminfo") ]]; then - CPU_COUNT=$(cat /proc/cpuinfo | "$GREP" -c '^processor') - MEM_SIZE=$(cat /proc/meminfo | "$GREP" "MemTotal" | "$AWK" '{print $2}') + CPU_COUNT=$(cat /proc/cpuinfo 2>&1 | "$GREP" -c '^processor') + MEM_SIZE=$(cat /proc/meminfo 2>&1 | "$GREP" "MemTotal" | "$AWK" '{print $2}') MEM_SIZE=$(($MEM_SIZE/1024)) elif [[ "$IS_DARWIN" -ne "0" ]]; then CPU_COUNT=$(sysctl -a 2>&1 | "$GREP" 'hw.availcpu' | "$AWK" '{print $3; exit}') @@ -837,7 +841,7 @@ if [[ (-e "/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq") ]]; then CPU_FREQ=$(cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq) CPU_FREQ=$("$AWK" "BEGIN {print $CPU_FREQ/1024/1024}") elif [[ (-e "/proc/cpuinfo") ]]; then - CPU_FREQ=$(cat /proc/cpuinfo | "$GREP" 'MHz' | "$AWK" '{print $4; exit}') + CPU_FREQ=$(cat /proc/cpuinfo 2>&1 | "$GREP" 'MHz' | "$AWK" '{print $4; exit}') if [[ -z "$CPU_FREQ" ]]; then CPU_FREQ=512; fi CPU_FREQ=$("$AWK" "BEGIN {print $CPU_FREQ/1024}") elif [[ "$IS_DARWIN" -ne "0" ]]; then @@ -853,7 +857,7 @@ fi HAVE_SWAP=1 if [[ "$IS_LINUX" -ne "0" ]]; then if [[ (-e "/proc/meminfo") ]]; then - SWAP_SIZE=$(cat /proc/meminfo | "$GREP" "SwapTotal" | "$AWK" '{print $2}') + SWAP_SIZE=$(cat /proc/meminfo 2>&1 | "$GREP" "SwapTotal" | "$AWK" '{print $2}') if [[ "$SWAP_SIZE" -eq "0" ]]; then HAVE_SWAP=0 fi @@ -1703,23 +1707,104 @@ if [[ ("${#PLATFORM_CXXFLAGS[@]}" -ne "0") ]]; then fi fi +############################################ +# Debian specific. +if [[ ("$IS_DEBIAN" -ne "0" || "$IS_UBUNTU" -ne "0") ]]; then + + # Flags taken from Debian's build logs + # https://buildd.debian.org/status/fetch.php?pkg=libcrypto%2b%2b&arch=i386&ver=5.6.4-6 + # https://buildd.debian.org/status/fetch.php?pkg=libcrypto%2b%2b&arch=kfreebsd-amd64&ver=5.6.4-6&stamp=1482663138 + + DEBIAN_FLAGS=("-DHAVE_CONFIG_H" "-I." "-Wdate-time" "-D_FORTIFY_SOURCE=2" "-g" "-O2" + "-fstack-protector-strong" "-Wformat -Werror=format-security" "-DCRYPTOPP_INIT_PRIORITY=250" + "-DCRYPTOPP_NO_UNALIGNED_DATA_ACCESS" "-DNDEBUG" "-fPIC" "-DPIC") + + echo + echo "************************************" | tee -a "$TEST_RESULTS" + echo "Testing: Debian standard build" | tee -a "$TEST_RESULTS" + echo + + "$MAKE" clean > /dev/null 2>&1 + rm -f adhoc.cpp > /dev/null 2>&1 + + CXX="g++" "$MAKE" "${MAKEARGS[@]}" CXXFLAGS="${DEBIAN_FLAGS[*]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS" + + if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then + echo "ERROR: failed to make cryptest.exe" | tee -a "$TEST_RESULTS" + else + ./cryptest.exe v 2>&1 | tee -a "$TEST_RESULTS" + if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then + echo "ERROR: failed to execute validation suite" | tee -a "$TEST_RESULTS" + fi + ./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS" + if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then + echo "ERROR: failed to execute test vectors" | tee -a "$TEST_RESULTS" + fi + fi +fi + +############################################ +# Fedora specific. +if [[ ("$IS_FEDORA" -ne "0") ]]; then + + # Flags taken from Fedora's build logs + # https://kojipkgs.fedoraproject.org//packages/cryptopp/5.6.3/8.fc27/data/logs/i686/build.log + # https://kojipkgs.fedoraproject.org//packages/cryptopp/5.6.3/8.fc27/data/logs/x86_64/build.log + if [[ ("$IS_X86" -ne "0") ]]; then + MARCH_OPT=(-m32 -march=i686) + elif [[ ("$IS_X64" -ne "0") ]]; then + MARCH_OPT=(-m64 -mtune=generic) + fi + + FEDORA_FLAGS=("-DHAVE_CONFIG_H" "-I." "-O2" "-g" "-pipe" "-Wall" "-Werror=format-security" "-fPIC" "-DPIC" + "-Wp,-D_FORTIFY_SOURCE=2" "-fexceptions" "-fstack-protector-strong" "--param=ssp-buffer-size=4" + "-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1" "${MARCH_OPT[@]}" "-fasynchronous-unwind-tables") + + echo + echo "************************************" | tee -a "$TEST_RESULTS" + echo "Testing: Fedora standard build" | tee -a "$TEST_RESULTS" + echo + + if [[ ! -f /usr/lib/rpm/redhat/redhat-hardened-cc1 ]]; then + echo "ERROR: please install redhat-rpm-config package" + else + "$MAKE" clean > /dev/null 2>&1 + rm -f adhoc.cpp > /dev/null 2>&1 + + CXX="g++" "$MAKE" "${MAKEARGS[@]}" CXXFLAGS="${FEDORA_FLAGS[*]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS" + + if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then + echo "ERROR: failed to make cryptest.exe" | tee -a "$TEST_RESULTS" + else + ./cryptest.exe v 2>&1 | tee -a "$TEST_RESULTS" + if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then + echo "ERROR: failed to execute validation suite" | tee -a "$TEST_RESULTS" + fi + ./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS" + if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then + echo "ERROR: failed to execute test vectors" | tee -a "$TEST_RESULTS" + fi + fi + fi +fi + ############################################ # Minimum platform if [[ ("$GCC_COMPILER" -ne "0" || "$CLANG_COMPILER" -ne "0" || "$INTEL_COMPILER" -ne "0") ]]; then - # i586 (lacks MMX, SSE and SSE2) + # i686 (lacks MMX, SSE and SSE2) if [[ "$IS_X86" -ne "0" ]]; then ############################################ # Debug build echo echo "************************************" | tee -a "$TEST_RESULTS" - echo "Testing: Debug, i586 minimum arch CXXFLAGS" | tee -a "$TEST_RESULTS" + echo "Testing: Debug, i686 minimum arch CXXFLAGS" | tee -a "$TEST_RESULTS" echo "$MAKE" clean > /dev/null 2>&1 rm -f adhoc.cpp > /dev/null 2>&1 - CXXFLAGS="$DEBUG_CXXFLAGS -march=i586 $OPT_PIC" + CXXFLAGS="$DEBUG_CXXFLAGS -march=i686 $OPT_PIC" CXX="$CXX" "$MAKE" "${MAKEARGS[@]}" CXXFLAGS="$CXXFLAGS" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS" if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then @@ -1739,13 +1824,13 @@ if [[ ("$GCC_COMPILER" -ne "0" || "$CLANG_COMPILER" -ne "0" || "$INTEL_COMPILER" # Release build echo echo "************************************" | tee -a "$TEST_RESULTS" - echo "Testing: Release, i586 minimum arch CXXFLAGS" | tee -a "$TEST_RESULTS" + echo "Testing: Release, i686 minimum arch CXXFLAGS" | tee -a "$TEST_RESULTS" echo "$MAKE" clean > /dev/null 2>&1 rm -f adhoc.cpp > /dev/null 2>&1 - CXXFLAGS="$RELEASE_CXXFLAGS -march=i586 $OPT_PIC" + CXXFLAGS="$RELEASE_CXXFLAGS -march=i686 $OPT_PIC" CXX="$CXX" "$MAKE" "${MAKEARGS[@]}" CXXFLAGS="$CXXFLAGS" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS" if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then @@ -1822,7 +1907,7 @@ fi # Mismatched arch capabilities if [[ ( ("$IS_X86" -ne "0" || "$IS_X32" -ne "0" || "$IS_X64" -ne "0") && "$HAVE_NATIVE_ARCH" -ne "0") ]]; then - # i586 (lacks MMX, SSE and SSE2) + # i686 (lacks MMX, SSE and SSE2) if [[ "$IS_X86" -ne "0" ]]; then ############################################ # Debug build @@ -1834,7 +1919,7 @@ if [[ ( ("$IS_X86" -ne "0" || "$IS_X32" -ne "0" || "$IS_X64" -ne "0") && "$HAVE_ "$MAKE" clean > /dev/null 2>&1 rm -f adhoc.cpp > /dev/null 2>&1 - CXXFLAGS="$DEBUG_CXXFLAGS -march=i586 $OPT_PIC" + CXXFLAGS="$DEBUG_CXXFLAGS -march=i686 $OPT_PIC" CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static 2>&1 | tee -a "$TEST_RESULTS" # The makefile may add -DCRYPTOPP_DISABLE_XXX, so we can't add -march=native @@ -1864,7 +1949,7 @@ if [[ ( ("$IS_X86" -ne "0" || "$IS_X32" -ne "0" || "$IS_X64" -ne "0") && "$HAVE_ "$MAKE" clean > /dev/null 2>&1 rm -f adhoc.cpp > /dev/null 2>&1 - CXXFLAGS="$RELEASE_CXXFLAGS -march=i586 $OPT_PIC" + CXXFLAGS="$RELEASE_CXXFLAGS -march=i686 $OPT_PIC" CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static 2>&1 | tee -a "$TEST_RESULTS" # The makefile may add -DCRYPTOPP_DISABLE_XXX, so we can't add -march=native @@ -5475,13 +5560,13 @@ echo | tee -a "$TEST_RESULTS" # "Error" is from the GNU assembler # "error" is from the sanitizers # "Illegal", "Conditional", "0 errors" and "suppressed errors" are from Valgrind. -ECOUNT=$("$EGREP" '(Error|ERROR|error|FAILED|Illegal|Conditional|CryptoPP::Exception)' $TEST_RESULTS | "$EGREP" -v '( 0 errors|suppressed errors|error detector)' | wc -l | "$AWK" '{print $1}') +ECOUNT=$("$EGREP" '(Error|ERROR|error|FAILED|Illegal|Conditional|CryptoPP::Exception)' $TEST_RESULTS | "$EGREP" -v '( 0 errors|suppressed errors|error detector|format-security)' | wc -l | "$AWK" '{print $1}') if (( "$ECOUNT" == "0" )); then echo "No failures detected" | tee -a "$TEST_RESULTS" else echo "$ECOUNT errors detected. See $TEST_RESULTS for details" | tee -a "$TEST_RESULTS" if (( "$ECOUNT" < 16 )); then - "$EGREP" -n '(Error|ERROR|error|FAILED|Illegal|Conditional|CryptoPP::Exception)' "$TEST_RESULTS" | "$EGREP" -v '( 0 errors|suppressed errors|error detector)' + "$EGREP" -n '(Error|ERROR|error|FAILED|Illegal|Conditional|CryptoPP::Exception)' "$TEST_RESULTS" | "$EGREP" -v '( 0 errors|suppressed errors|error detector|Assertion|format-security)' fi fi diff --git a/TestScripts/reset-fork.sh b/TestScripts/reset-fork.sh new file mode 100644 index 00000000..ab25b9fe --- /dev/null +++ b/TestScripts/reset-fork.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env bash + +# Use this script to reset a fork to Wei Dai's master +# https://stackoverflow.com/questions/9646167/clean-up-a-fork-and-restart-it-from-the-upstream + +git remote add upstream https://github.com/weidai11/cryptopp 2>/dev/null +git fetch upstream +git checkout master +git reset --hard upstream/master +git push origin master --force diff --git a/algparam.h b/algparam.h index c66fe984..95399615 100644 --- a/algparam.h +++ b/algparam.h @@ -11,10 +11,12 @@ #include "config.h" #include "cryptlib.h" -// TODO: fix 6011 when the API/ABI can change -#if (CRYPTOPP_MSC_VERSION >= 1400) +#if CRYPTOPP_MSC_VERSION # pragma warning(push) -# pragma warning(disable: 6011 28193) +# pragma warning(disable: 4231 4275) +# if (CRYPTOPP_MSC_VERSION >= 1400) +# pragma warning(disable: 6011 6386 28193) +# endif #endif #include "smartptr.h" @@ -301,7 +303,7 @@ AssignFromHelperClass AssignFromHelper(T *pObject, const NameValuePairs &s #ifndef CRYPTOPP_NO_ASSIGN_TO_INTEGER // Allow the linker to discard Integer code if not needed. // Also see http://github.com/weidai11/cryptopp/issues/389. -bool AssignIntToInteger(const std::type_info &valueType, void *pInteger, const void *pInt); +CRYPTOPP_DLL bool AssignIntToInteger(const std::type_info &valueType, void *pInteger, const void *pInt); #endif CRYPTOPP_DLL const std::type_info & CRYPTOPP_API IntegerTypeId(); diff --git a/bench1.cpp b/bench1.cpp index d288cdc7..2d128648 100644 --- a/bench1.cpp +++ b/bench1.cpp @@ -16,6 +16,14 @@ #include "cpu.h" #include "drbg.h" +#if CRYPTOPP_MSC_VERSION +# pragma warning(disable: 4355) +#endif + +#if CRYPTOPP_MSC_VERSION +# pragma warning(disable: 4505 4355) +#endif + NAMESPACE_BEGIN(CryptoPP) NAMESPACE_BEGIN(Test) @@ -235,7 +243,7 @@ void BenchMark(const char *name, NIST_DRBG &rng, double timeTotal) Test::GlobalRNG().GenerateBlock(buf, BUF_SIZE); buf.SetMark(16); - rng.IncorporateEntropy(buf, rng.GetMinEntropy()); + rng.IncorporateEntropy(buf, rng.MinEntropyLength()); unsigned long long blocks = 1; double timeTaken; diff --git a/bench2.cpp b/bench2.cpp index e0853c4a..3d07b2d0 100644 --- a/bench2.cpp +++ b/bench2.cpp @@ -30,6 +30,10 @@ #include "oids.h" #include "randpool.h" +#if CRYPTOPP_MSC_VERSION +# pragma warning(disable: 4505 4355) +#endif + NAMESPACE_BEGIN(CryptoPP) NAMESPACE_BEGIN(Test) diff --git a/channels.cpp b/channels.cpp index 62419fdd..ec7a98a0 100644 --- a/channels.cpp +++ b/channels.cpp @@ -8,6 +8,10 @@ #include "cryptlib.h" #include "channels.h" +#if CRYPTOPP_MSC_VERSION +# pragma warning(disable: 4355) +#endif + NAMESPACE_BEGIN(CryptoPP) #if 0 diff --git a/channels.h b/channels.h index deacca0d..9af4b461 100644 --- a/channels.h +++ b/channels.h @@ -12,6 +12,11 @@ #include "smartptr.h" #include "stdcpp.h" +#if CRYPTOPP_MSC_VERSION +# pragma warning(push) +# pragma warning(disable: 4355) +#endif + NAMESPACE_BEGIN(CryptoPP) #if 0 @@ -131,4 +136,8 @@ private: NAMESPACE_END +#if CRYPTOPP_MSC_VERSION +# pragma warning(pop) +#endif + #endif diff --git a/config.h b/config.h index 444e35f9..9d2d38e0 100644 --- a/config.h +++ b/config.h @@ -44,10 +44,10 @@ // This macro will be ignored if NO_OS_DEPENDENCE is defined. // #define USE_MS_CNGAPI -// If the user did not make a choice, then select CryptoNG if either -// Visual Studio 2015 is available, or Windows 10 or above is available. +// If the user did not make a choice, then select CryptoNG if +// targeting Windows 8 or above. #if !defined(USE_MS_CRYPTOAPI) && !defined(USE_MS_CNGAPI) -# if (_MSC_VER >= 1900) || ((WINVER >= 0x0A00 /*_WIN32_WINNT_WIN10*/) || (_WIN32_WINNT >= 0x0A00 /*_WIN32_WINNT_WIN10*/)) +# if !defined(_USING_V110_SDK71_) && ((WINVER >= 0x0602 /*_WIN32_WINNT_WIN8*/) || (_WIN32_WINNT >= 0x0602 /*_WIN32_WINNT_WIN8*/)) # define USE_MS_CNGAPI # else # define USE_MS_CRYPTOAPI diff --git a/crc.cpp b/crc.cpp index d0086827..ccc3fe62 100644 --- a/crc.cpp +++ b/crc.cpp @@ -13,7 +13,7 @@ NAMESPACE_BEGIN(CryptoPP) # undef CRYPTOPP_BOOL_SSE4_INTRINSICS_AVAILABLE #endif -// Use inline ASM to provide the instructions when the user omits -march=native or -msse4.2 +#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64 #if (CRYPTOPP_GCC_VERSION >= 40300 || __INTEL_COMPILER >= 1000 || __SUNPRO_CC >= 0x5110 || CRYPTOPP_LLVM_CLANG_VERSION >= 20300 || CRYPTOPP_APPLE_CLANG_VERSION >= 40000) && !defined(__SSE4_2__) && !defined(_MSC_VER) GCC_INLINE unsigned int GCC_INLINE_ATTRIB MM_CRC32_U8(unsigned int crc, unsigned char val) @@ -38,6 +38,7 @@ MM_CRC32_U32(unsigned int crc, unsigned int val) #define MM_CRC32_U16(a,b) _mm_crc32_u16(a,b) #define MM_CRC32_U32(a,b) _mm_crc32_u32(a,b) #endif +#endif // X86/X32/X64 /* Table of CRC-32's of all single byte values (made by makecrc.c) */ const word32 CRC32::m_tab[] = { diff --git a/cryptest.sh b/cryptest.sh index 51ad51c6..e2a058d6 100755 --- a/cryptest.sh +++ b/cryptest.sh @@ -88,8 +88,12 @@ IS_FREEBSD=$(echo -n "$THIS_SYSTEM" | "$GREP" -i -c freebsd) IS_NETBSD=$(echo -n "$THIS_SYSTEM" | "$GREP" -i -c netbsd) IS_SOLARIS=$(echo -n "$THIS_SYSTEM" | "$GREP" -i -c sunos) +IS_DEBIAN=$(lsb_release -a 2>&1 | "$GREP" -i -c debian) +IS_FEDORA=$(lsb_release -a 2>&1 | "$GREP" -i -c fedora) +IS_UBUNTU=$(lsb_release -a 2>&1 | "$GREP" -i -c ubuntu) + THIS_MACHINE=$(uname -m 2>&1) -IS_X86=$(echo -n "$THIS_MACHINE" | "$EGREP" -i -c "(i386|i486|i586|i686)") +IS_X86=$(echo -n "$THIS_MACHINE" | "$EGREP" -i -c "(i386|i486|i686|i686)") IS_X64=$(echo -n "$THIS_MACHINE" | "$EGREP" -i -c "(amd64|x86_64)") IS_PPC=$(echo -n "$THIS_MACHINE" | "$EGREP" -i -c "(Power|PPC)") IS_ARM32=$(echo -n "$THIS_MACHINE" | "$GREP" -v "64" | "$EGREP" -i -c "(arm|aarch32)") @@ -819,8 +823,8 @@ CPU_COUNT=1 MEM_SIZE=512 if [[ (-e "/proc/cpuinfo") && (-e "/proc/meminfo") ]]; then - CPU_COUNT=$(cat /proc/cpuinfo | "$GREP" -c '^processor') - MEM_SIZE=$(cat /proc/meminfo | "$GREP" "MemTotal" | "$AWK" '{print $2}') + CPU_COUNT=$(cat /proc/cpuinfo 2>&1 | "$GREP" -c '^processor') + MEM_SIZE=$(cat /proc/meminfo 2>&1 | "$GREP" "MemTotal" | "$AWK" '{print $2}') MEM_SIZE=$(($MEM_SIZE/1024)) elif [[ "$IS_DARWIN" -ne "0" ]]; then CPU_COUNT=$(sysctl -a 2>&1 | "$GREP" 'hw.availcpu' | "$AWK" '{print $3; exit}') @@ -837,7 +841,7 @@ if [[ (-e "/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq") ]]; then CPU_FREQ=$(cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq) CPU_FREQ=$("$AWK" "BEGIN {print $CPU_FREQ/1024/1024}") elif [[ (-e "/proc/cpuinfo") ]]; then - CPU_FREQ=$(cat /proc/cpuinfo | "$GREP" 'MHz' | "$AWK" '{print $4; exit}') + CPU_FREQ=$(cat /proc/cpuinfo 2>&1 | "$GREP" 'MHz' | "$AWK" '{print $4; exit}') if [[ -z "$CPU_FREQ" ]]; then CPU_FREQ=512; fi CPU_FREQ=$("$AWK" "BEGIN {print $CPU_FREQ/1024}") elif [[ "$IS_DARWIN" -ne "0" ]]; then @@ -853,7 +857,7 @@ fi HAVE_SWAP=1 if [[ "$IS_LINUX" -ne "0" ]]; then if [[ (-e "/proc/meminfo") ]]; then - SWAP_SIZE=$(cat /proc/meminfo | "$GREP" "SwapTotal" | "$AWK" '{print $2}') + SWAP_SIZE=$(cat /proc/meminfo 2>&1 | "$GREP" "SwapTotal" | "$AWK" '{print $2}') if [[ "$SWAP_SIZE" -eq "0" ]]; then HAVE_SWAP=0 fi @@ -1703,23 +1707,104 @@ if [[ ("${#PLATFORM_CXXFLAGS[@]}" -ne "0") ]]; then fi fi +############################################ +# Debian specific. +if [[ ("$IS_DEBIAN" -ne "0" || "$IS_UBUNTU" -ne "0") ]]; then + + # Flags taken from Debian's build logs + # https://buildd.debian.org/status/fetch.php?pkg=libcrypto%2b%2b&arch=i386&ver=5.6.4-6 + # https://buildd.debian.org/status/fetch.php?pkg=libcrypto%2b%2b&arch=kfreebsd-amd64&ver=5.6.4-6&stamp=1482663138 + + DEBIAN_FLAGS=("-DHAVE_CONFIG_H" "-I." "-Wdate-time" "-D_FORTIFY_SOURCE=2" "-g" "-O2" + "-fstack-protector-strong" "-Wformat -Werror=format-security" "-DCRYPTOPP_INIT_PRIORITY=250" + "-DCRYPTOPP_NO_UNALIGNED_DATA_ACCESS" "-DNDEBUG" "-fPIC" "-DPIC") + + echo + echo "************************************" | tee -a "$TEST_RESULTS" + echo "Testing: Debian standard build" | tee -a "$TEST_RESULTS" + echo + + "$MAKE" clean > /dev/null 2>&1 + rm -f adhoc.cpp > /dev/null 2>&1 + + CXX="g++" "$MAKE" "${MAKEARGS[@]}" CXXFLAGS="${DEBIAN_FLAGS[*]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS" + + if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then + echo "ERROR: failed to make cryptest.exe" | tee -a "$TEST_RESULTS" + else + ./cryptest.exe v 2>&1 | tee -a "$TEST_RESULTS" + if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then + echo "ERROR: failed to execute validation suite" | tee -a "$TEST_RESULTS" + fi + ./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS" + if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then + echo "ERROR: failed to execute test vectors" | tee -a "$TEST_RESULTS" + fi + fi +fi + +############################################ +# Fedora specific. +if [[ ("$IS_FEDORA" -ne "0") ]]; then + + # Flags taken from Fedora's build logs + # https://kojipkgs.fedoraproject.org//packages/cryptopp/5.6.3/8.fc27/data/logs/i686/build.log + # https://kojipkgs.fedoraproject.org//packages/cryptopp/5.6.3/8.fc27/data/logs/x86_64/build.log + if [[ ("$IS_X86" -ne "0") ]]; then + MARCH_OPT=(-m32 -march=i686) + elif [[ ("$IS_X64" -ne "0") ]]; then + MARCH_OPT=(-m64 -mtune=generic) + fi + + FEDORA_FLAGS=("-DHAVE_CONFIG_H" "-I." "-O2" "-g" "-pipe" "-Wall" "-Werror=format-security" "-fPIC" "-DPIC" + "-Wp,-D_FORTIFY_SOURCE=2" "-fexceptions" "-fstack-protector-strong" "--param=ssp-buffer-size=4" + "-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1" "${MARCH_OPT[@]}" "-fasynchronous-unwind-tables") + + echo + echo "************************************" | tee -a "$TEST_RESULTS" + echo "Testing: Fedora standard build" | tee -a "$TEST_RESULTS" + echo + + if [[ ! -f /usr/lib/rpm/redhat/redhat-hardened-cc1 ]]; then + echo "ERROR: please install redhat-rpm-config package" + else + "$MAKE" clean > /dev/null 2>&1 + rm -f adhoc.cpp > /dev/null 2>&1 + + CXX="g++" "$MAKE" "${MAKEARGS[@]}" CXXFLAGS="${FEDORA_FLAGS[*]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS" + + if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then + echo "ERROR: failed to make cryptest.exe" | tee -a "$TEST_RESULTS" + else + ./cryptest.exe v 2>&1 | tee -a "$TEST_RESULTS" + if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then + echo "ERROR: failed to execute validation suite" | tee -a "$TEST_RESULTS" + fi + ./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS" + if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then + echo "ERROR: failed to execute test vectors" | tee -a "$TEST_RESULTS" + fi + fi + fi +fi + ############################################ # Minimum platform if [[ ("$GCC_COMPILER" -ne "0" || "$CLANG_COMPILER" -ne "0" || "$INTEL_COMPILER" -ne "0") ]]; then - # i586 (lacks MMX, SSE and SSE2) + # i686 (lacks MMX, SSE and SSE2) if [[ "$IS_X86" -ne "0" ]]; then ############################################ # Debug build echo echo "************************************" | tee -a "$TEST_RESULTS" - echo "Testing: Debug, i586 minimum arch CXXFLAGS" | tee -a "$TEST_RESULTS" + echo "Testing: Debug, i686 minimum arch CXXFLAGS" | tee -a "$TEST_RESULTS" echo "$MAKE" clean > /dev/null 2>&1 rm -f adhoc.cpp > /dev/null 2>&1 - CXXFLAGS="$DEBUG_CXXFLAGS -march=i586 $OPT_PIC" + CXXFLAGS="$DEBUG_CXXFLAGS -march=i686 $OPT_PIC" CXX="$CXX" "$MAKE" "${MAKEARGS[@]}" CXXFLAGS="$CXXFLAGS" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS" if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then @@ -1739,13 +1824,13 @@ if [[ ("$GCC_COMPILER" -ne "0" || "$CLANG_COMPILER" -ne "0" || "$INTEL_COMPILER" # Release build echo echo "************************************" | tee -a "$TEST_RESULTS" - echo "Testing: Release, i586 minimum arch CXXFLAGS" | tee -a "$TEST_RESULTS" + echo "Testing: Release, i686 minimum arch CXXFLAGS" | tee -a "$TEST_RESULTS" echo "$MAKE" clean > /dev/null 2>&1 rm -f adhoc.cpp > /dev/null 2>&1 - CXXFLAGS="$RELEASE_CXXFLAGS -march=i586 $OPT_PIC" + CXXFLAGS="$RELEASE_CXXFLAGS -march=i686 $OPT_PIC" CXX="$CXX" "$MAKE" "${MAKEARGS[@]}" CXXFLAGS="$CXXFLAGS" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS" if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then @@ -1822,7 +1907,7 @@ fi # Mismatched arch capabilities if [[ ( ("$IS_X86" -ne "0" || "$IS_X32" -ne "0" || "$IS_X64" -ne "0") && "$HAVE_NATIVE_ARCH" -ne "0") ]]; then - # i586 (lacks MMX, SSE and SSE2) + # i686 (lacks MMX, SSE and SSE2) if [[ "$IS_X86" -ne "0" ]]; then ############################################ # Debug build @@ -1834,7 +1919,7 @@ if [[ ( ("$IS_X86" -ne "0" || "$IS_X32" -ne "0" || "$IS_X64" -ne "0") && "$HAVE_ "$MAKE" clean > /dev/null 2>&1 rm -f adhoc.cpp > /dev/null 2>&1 - CXXFLAGS="$DEBUG_CXXFLAGS -march=i586 $OPT_PIC" + CXXFLAGS="$DEBUG_CXXFLAGS -march=i686 $OPT_PIC" CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static 2>&1 | tee -a "$TEST_RESULTS" # The makefile may add -DCRYPTOPP_DISABLE_XXX, so we can't add -march=native @@ -1864,7 +1949,7 @@ if [[ ( ("$IS_X86" -ne "0" || "$IS_X32" -ne "0" || "$IS_X64" -ne "0") && "$HAVE_ "$MAKE" clean > /dev/null 2>&1 rm -f adhoc.cpp > /dev/null 2>&1 - CXXFLAGS="$RELEASE_CXXFLAGS -march=i586 $OPT_PIC" + CXXFLAGS="$RELEASE_CXXFLAGS -march=i686 $OPT_PIC" CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static 2>&1 | tee -a "$TEST_RESULTS" # The makefile may add -DCRYPTOPP_DISABLE_XXX, so we can't add -march=native @@ -5475,13 +5560,13 @@ echo | tee -a "$TEST_RESULTS" # "Error" is from the GNU assembler # "error" is from the sanitizers # "Illegal", "Conditional", "0 errors" and "suppressed errors" are from Valgrind. -ECOUNT=$("$EGREP" '(Error|ERROR|error|FAILED|Illegal|Conditional|CryptoPP::Exception)' $TEST_RESULTS | "$EGREP" -v '( 0 errors|suppressed errors|error detector)' | wc -l | "$AWK" '{print $1}') +ECOUNT=$("$EGREP" '(Error|ERROR|error|FAILED|Illegal|Conditional|CryptoPP::Exception)' $TEST_RESULTS | "$EGREP" -v '( 0 errors|suppressed errors|error detector|format-security)' | wc -l | "$AWK" '{print $1}') if (( "$ECOUNT" == "0" )); then echo "No failures detected" | tee -a "$TEST_RESULTS" else echo "$ECOUNT errors detected. See $TEST_RESULTS for details" | tee -a "$TEST_RESULTS" if (( "$ECOUNT" < 16 )); then - "$EGREP" -n '(Error|ERROR|error|FAILED|Illegal|Conditional|CryptoPP::Exception)' "$TEST_RESULTS" | "$EGREP" -v '( 0 errors|suppressed errors|error detector)' + "$EGREP" -n '(Error|ERROR|error|FAILED|Illegal|Conditional|CryptoPP::Exception)' "$TEST_RESULTS" | "$EGREP" -v '( 0 errors|suppressed errors|error detector|Assertion|format-security)' fi fi diff --git a/cryptlib.h b/cryptlib.h index f2c04267..b855784d 100644 --- a/cryptlib.h +++ b/cryptlib.h @@ -99,7 +99,7 @@ and getting us started on the manual. #if CRYPTOPP_MSC_VERSION # pragma warning(push) -# pragma warning(disable: 4127 4189 4702) +# pragma warning(disable: 4127 4189 4505 4702) #endif NAMESPACE_BEGIN(CryptoPP) diff --git a/datatest.cpp b/datatest.cpp index 805fcd03..2f9bcb5f 100644 --- a/datatest.cpp +++ b/datatest.cpp @@ -25,8 +25,8 @@ # pragma strict_gs_check (on) #endif -#if defined(__COVERITY__) -extern "C" void __coverity_tainted_data_sanitize__(void *); +#if CRYPTOPP_MSC_VERSION +# pragma warning(disable: 4505 4355) #endif NAMESPACE_BEGIN(CryptoPP) diff --git a/dlltest.cpp b/dlltest.cpp index 27def6f0..e46ccdd5 100644 --- a/dlltest.cpp +++ b/dlltest.cpp @@ -6,24 +6,27 @@ #include "cryptlib.h" #include "filters.h" +#if CRYPTOPP_MSC_VERSION +# pragma warning(disable: 4505 4355) +#endif + USING_NAMESPACE(CryptoPP) -USING_NAMESPACE(std) void FIPS140_SampleApplication() { if (!FIPS_140_2_ComplianceEnabled()) { - cerr << "FIPS 140-2 compliance was turned off at compile time.\n"; + std::cerr << "FIPS 140-2 compliance was turned off at compile time.\n"; abort(); } // check self test status if (GetPowerUpSelfTestStatus() != POWER_UP_SELF_TEST_PASSED) { - cerr << "Automatic power-up self test failed.\n"; + std::cerr << "Automatic power-up self test failed.\n"; abort(); } - cout << "0. Automatic power-up self test passed.\n"; + std::cout << "0. Automatic power-up self test passed.\n"; // simulate a power-up self test error SimulatePowerUpSelfTestFailure(); @@ -33,23 +36,23 @@ void FIPS140_SampleApplication() AES::Encryption aes; // should not be here - cerr << "Use of AES failed to cause an exception after power-up self test error.\n"; + std::cerr << "Use of AES failed to cause an exception after power-up self test error.\n"; abort(); } catch (SelfTestFailure &e) { - cout << "1. Caught expected exception when simulating self test failure. Exception message follows: "; - cout << e.what() << endl; + std::cout << "1. Caught expected exception when simulating self test failure. Exception message follows: "; + std::cout << e.what() << std::endl; } // clear the self test error state and redo power-up self test DoDllPowerUpSelfTest(); if (GetPowerUpSelfTestStatus() != POWER_UP_SELF_TEST_PASSED) { - cerr << "Re-do power-up self test failed.\n"; + std::cerr << "Re-do power-up self test failed.\n"; abort(); } - cout << "2. Re-do power-up self test passed.\n"; + std::cout << "2. Re-do power-up self test passed.\n"; // encrypt and decrypt const byte key[] = {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}; @@ -71,10 +74,10 @@ void FIPS140_SampleApplication() if (memcmp(plaintext, decrypted, 24) != 0) { - cerr << "DES-EDE3-CFB Encryption/decryption failed.\n"; + std::cerr << "DES-EDE3-CFB Encryption/decryption failed.\n"; abort(); } - cout << "3. DES-EDE3-CFB Encryption/decryption succeeded.\n"; + std::cout << "3. DES-EDE3-CFB Encryption/decryption succeeded.\n"; // hash const byte message[] = {'a', 'b', 'c'}; @@ -87,10 +90,10 @@ void FIPS140_SampleApplication() if (memcmp(digest, expectedDigest, 20) != 0) { - cerr << "SHA-1 hash failed.\n"; + std::cerr << "SHA-1 hash failed.\n"; abort(); } - cout << "4. SHA-1 hash succeeded.\n"; + std::cout << "4. SHA-1 hash succeeded.\n"; // create auto-seeded X9.17 RNG object, if available #ifdef OS_RNG_AVAILABLE @@ -107,10 +110,10 @@ void FIPS140_SampleApplication() dsaPublicKey.AssignFrom(dsaPrivateKey); if (!dsaPrivateKey.Validate(rng, 3) || !dsaPublicKey.Validate(rng, 3)) { - cerr << "DSA key generation failed.\n"; + std::cerr << "DSA key generation failed.\n"; abort(); } - cout << "5. DSA key generation succeeded.\n"; + std::cout << "5. DSA key generation succeeded.\n"; // encode DSA key std::string encodedDsaPublicKey, encodedDsaPrivateKey; @@ -125,10 +128,10 @@ void FIPS140_SampleApplication() if (!decodedDsaPrivateKey.Validate(rng, 3) || !decodedDsaPublicKey.Validate(rng, 3)) { - cerr << "DSA key encode/decode failed.\n"; + std::cerr << "DSA key encode/decode failed.\n"; abort(); } - cout << "6. DSA key encode/decode succeeded.\n"; + std::cout << "6. DSA key encode/decode succeeded.\n"; // sign and verify byte signature[40]; @@ -139,20 +142,20 @@ void FIPS140_SampleApplication() DSA::Verifier verifier(dsaPublicKey); if (!verifier.VerifyMessage(message, 3, signature, sizeof(signature))) { - cerr << "DSA signature and verification failed.\n"; + std::cerr << "DSA signature and verification failed.\n"; abort(); } - cout << "7. DSA signature and verification succeeded.\n"; + std::cout << "7. DSA signature and verification succeeded.\n"; // try to verify an invalid signature signature[0] ^= 1; if (verifier.VerifyMessage(message, 3, signature, sizeof(signature))) { - cerr << "DSA signature verification failed to detect bad signature.\n"; + std::cerr << "DSA signature verification failed to detect bad signature.\n"; abort(); } - cout << "8. DSA signature verification successfully detected bad signature.\n"; + std::cout << "8. DSA signature verification successfully detected bad signature.\n"; // try to use an invalid key length try @@ -161,16 +164,16 @@ void FIPS140_SampleApplication() encryption_DES_EDE3_ECB.SetKey(key, 5); // should not be here - cerr << "DES-EDE3 implementation did not detect use of invalid key length.\n"; + std::cerr << "DES-EDE3 implementation did not detect use of invalid key length.\n"; abort(); } catch (InvalidArgument &e) { - cout << "9. Caught expected exception when using invalid key length. Exception message follows: "; - cout << e.what() << endl; + std::cout << "9. Caught expected exception when using invalid key length. Exception message follows: "; + std::cout << e.what() << std::endl; } - cout << "\nFIPS 140-2 Sample Application completed normally.\n"; + std::cout << "\nFIPS 140-2 Sample Application completed normally.\n"; } #ifdef CRYPTOPP_IMPORTS diff --git a/drbg.h b/drbg.h index e7262138..468b8b1c 100644 --- a/drbg.h +++ b/drbg.h @@ -86,13 +86,13 @@ public: //! \brief Provides the security strength //! \returns The security strength of the generator, in bytes //! \details The equivalent class constant is SECURITY_STRENGTH - virtual unsigned int GetSecurityStrength() const=0; + virtual unsigned int SecurityStrength() const=0; //! \brief Provides the seed length //! \returns The seed size of the generator, in bytes //! \details The equivalent class constant is SEED_LENGTH. The size is //! used to maintain internal state of V and C. - virtual unsigned int GetSeedLength() const=0; + virtual unsigned int SeedLength() const=0; //! \brief Provides the minimum entropy size //! \returns The minimum entropy size required by the generator, in bytes @@ -100,7 +100,7 @@ public: //! be instaniated with at least MINIMUM_ENTROPY bytes of entropy. The bytes must //! meet NIST SP 800-90B or //! SP 800-90C requirements. - virtual unsigned int GetMinEntropy() const=0; + virtual unsigned int MinEntropyLength() const=0; //! \brief Provides the maximum entropy size //! \returns The maximum entropy size that can be consumed by the generator, in bytes @@ -108,14 +108,14 @@ public: //! meet NIST SP 800-90B or //! SP 800-90C requirements. MAXIMUM_ENTROPY has been reduced from //! 235 to INT_MAX to fit the underlying C++ datatype. - virtual unsigned int GetMaxEntropy() const=0; + virtual unsigned int MaxEntropyLength() const=0; //! \brief Provides the minimum nonce size //! \returns The minimum nonce size recommended for the generator, in bytes //! \details The equivalent class constant is MINIMUM_NONCE. If a nonce is not //! required then MINIMUM_NONCE is 0. Hash_DRBG does not require a //! nonce, while HMAC_DRBG and CTR_DRBG require a nonce. - virtual unsigned int GetMinNonce() const=0; + virtual unsigned int MinNonceLength() const=0; //! \brief Provides the maximum nonce size //! \returns The maximum nonce that can be consumed by the generator, in bytes @@ -123,19 +123,19 @@ public: //! has been reduced from 235 to INT_MAX to fit the underlying C++ datatype. //! If a nonce is not required then MINIMUM_NONCE is 0. Hash_DRBG does not //! require a nonce, while HMAC_DRBG and CTR_DRBG require a nonce. - virtual unsigned int GetMaxNonce() const=0; + virtual unsigned int MaxNonceLength() const=0; //! \brief Provides the maximum size of a request to GenerateBlock //! \returns The the maximum size of a request to GenerateBlock(), in bytes //! \details The equivalent class constant is MAXIMUM_BYTES_PER_REQUEST - virtual unsigned int GetMaxBytesPerRequest() const=0; + virtual unsigned int MaxBytesPerRequest() const=0; //! \brief Provides the maximum number of requests before a reseed //! \returns The the maximum number of requests before a reseed, in bytes //! \details The equivalent class constant is MAXIMUM_REQUESTS_BEFORE_RESEED. //! MAXIMUM_REQUESTS_BEFORE_RESEED has been reduced from 248 to INT_MAX //! to fit the underlying C++ datatype. - virtual unsigned int GetMaxRequestBeforeReseed() const=0; + virtual unsigned int MaxRequestBeforeReseed() const=0; protected: virtual void DRBG_Instantiate(const byte* entropy, size_t entropyLength, @@ -213,14 +213,14 @@ public: DRBG_Instantiate(entropy, entropyLength, nonce, nonceLength, personalization, personalizationLength); } - unsigned int GetSecurityStrength() const {return SECURITY_STRENGTH;} - unsigned int GetSeedLength() const {return SEED_LENGTH;} - unsigned int GetMinEntropy() const {return MINIMUM_ENTROPY;} - unsigned int GetMaxEntropy() const {return MAXIMUM_ENTROPY;} - unsigned int GetMinNonce() const {return MINIMUM_NONCE;} - unsigned int GetMaxNonce() const {return MAXIMUM_NONCE;} - unsigned int GetMaxBytesPerRequest() const {return MAXIMUM_BYTES_PER_REQUEST;} - unsigned int GetMaxRequestBeforeReseed() const {return MAXIMUM_REQUESTS_BEFORE_RESEED;} + unsigned int SecurityStrength() const {return SECURITY_STRENGTH;} + unsigned int SeedLength() const {return SEED_LENGTH;} + unsigned int MinEntropyLength() const {return MINIMUM_ENTROPY;} + unsigned int MaxEntropyLength() const {return MAXIMUM_ENTROPY;} + unsigned int MinNonceLength() const {return MINIMUM_NONCE;} + unsigned int MaxNonceLength() const {return MAXIMUM_NONCE;} + unsigned int MaxBytesPerRequest() const {return MAXIMUM_BYTES_PER_REQUEST;} + unsigned int MaxRequestBeforeReseed() const {return MAXIMUM_REQUESTS_BEFORE_RESEED;} void IncorporateEntropy(const byte *input, size_t length) {return DRBG_Reseed(input, length, NULLPTR, 0);} @@ -327,14 +327,14 @@ public: DRBG_Instantiate(entropy, entropyLength, nonce, nonceLength, personalization, personalizationLength); } - unsigned int GetSecurityStrength() const {return SECURITY_STRENGTH;} - unsigned int GetSeedLength() const {return SEED_LENGTH;} - unsigned int GetMinEntropy() const {return MINIMUM_ENTROPY;} - unsigned int GetMaxEntropy() const {return MAXIMUM_ENTROPY;} - unsigned int GetMinNonce() const {return MINIMUM_NONCE;} - unsigned int GetMaxNonce() const {return MAXIMUM_NONCE;} - unsigned int GetMaxBytesPerRequest() const {return MAXIMUM_BYTES_PER_REQUEST;} - unsigned int GetMaxRequestBeforeReseed() const {return MAXIMUM_REQUESTS_BEFORE_RESEED;} + unsigned int SecurityStrength() const {return SECURITY_STRENGTH;} + unsigned int SeedLength() const {return SEED_LENGTH;} + unsigned int MinEntropyLength() const {return MINIMUM_ENTROPY;} + unsigned int MaxEntropyLength() const {return MAXIMUM_ENTROPY;} + unsigned int MinNonceLength() const {return MINIMUM_NONCE;} + unsigned int MaxNonceLength() const {return MAXIMUM_NONCE;} + unsigned int MaxBytesPerRequest() const {return MAXIMUM_BYTES_PER_REQUEST;} + unsigned int MaxRequestBeforeReseed() const {return MAXIMUM_REQUESTS_BEFORE_RESEED;} void IncorporateEntropy(const byte *input, size_t length) {return DRBG_Reseed(input, length, NULLPTR, 0);} @@ -435,10 +435,10 @@ template void Hash_DRBG::Hash_Generate(const byte* additional, size_t additionaLength, byte *output, size_t size) { // Step 1 - if (static_cast(m_reseed) >= static_cast(GetMaxRequestBeforeReseed())) + if (static_cast(m_reseed) >= static_cast(MaxRequestBeforeReseed())) throw NIST_DRBG::Err("Hash_DRBG", "Reseed required"); - if (size > GetMaxBytesPerRequest()) + if (size > MaxBytesPerRequest()) throw NIST_DRBG::Err("Hash_DRBG", "Request size exceeds limit"); // SP 800-90A, Section 9, says we should throw if we have too much entropy, too large a nonce, @@ -658,10 +658,10 @@ template void HMAC_DRBG::HMAC_Generate(const byte* additional, size_t additionaLength, byte *output, size_t size) { // Step 1 - if (static_cast(m_reseed) >= static_cast(GetMaxRequestBeforeReseed())) + if (static_cast(m_reseed) >= static_cast(MaxRequestBeforeReseed())) throw NIST_DRBG::Err("HMAC_DRBG", "Reseed required"); - if (size > GetMaxBytesPerRequest()) + if (size > MaxBytesPerRequest()) throw NIST_DRBG::Err("HMAC_DRBG", "Request size exceeds limit"); // SP 800-90A, Section 9, says we should throw if we have too much entropy, too large a nonce, diff --git a/ec2n.h b/ec2n.h index 1d4c9824..cc4c0462 100644 --- a/ec2n.h +++ b/ec2n.h @@ -17,6 +17,11 @@ #include "smartptr.h" #include "pubkey.h" +#if CRYPTOPP_MSC_VERSION +# pragma warning(push) +# pragma warning(disable: 4231 4275) +#endif + NAMESPACE_BEGIN(CryptoPP) //! \class EC2N @@ -123,4 +128,8 @@ private: NAMESPACE_END +#if CRYPTOPP_MSC_VERSION +# pragma warning(pop) +#endif + #endif diff --git a/eccrypto.cpp b/eccrypto.cpp index 6c384597..92106052 100644 --- a/eccrypto.cpp +++ b/eccrypto.cpp @@ -6,7 +6,7 @@ #if CRYPTOPP_MSC_VERSION # pragma warning(push) -# pragma warning(disable: 4127 4189) +# pragma warning(disable: 4127 4189 4505) #endif #if CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE diff --git a/eccrypto.h b/eccrypto.h index 2a1836c2..a4bf3e75 100644 --- a/eccrypto.h +++ b/eccrypto.h @@ -22,6 +22,11 @@ #include "ecp.h" #include "ec2n.h" +#if CRYPTOPP_MSC_VERSION +# pragma warning(push) +# pragma warning(disable: 4231 4275) +#endif + NAMESPACE_BEGIN(CryptoPP) //! \brief Elliptic Curve Parameters @@ -665,4 +670,8 @@ CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_WithSignaturePairwiseConsistencyTest +#if CRYPTOPP_MSC_VERSION +# pragma warning(push) +# pragma warning(disable: 4231 4275) +#endif + NAMESPACE_BEGIN(CryptoPP) //! \brief Polynomial with Coefficients in GF(2) @@ -375,4 +380,8 @@ template<> inline void swap(CryptoPP::PolynomialMod2 &a, CryptoPP::PolynomialMod NAMESPACE_END #endif +#if CRYPTOPP_MSC_VERSION +# pragma warning(pop) +#endif + #endif diff --git a/gfpcrypt.h b/gfpcrypt.h index 974886fa..5addf8ed 100644 --- a/gfpcrypt.h +++ b/gfpcrypt.h @@ -12,7 +12,7 @@ #if CRYPTOPP_MSC_VERSION # pragma warning(push) -# pragma warning(disable: 4189) +# pragma warning(disable: 4189 4231 4275) #endif #include "cryptlib.h" diff --git a/hrtimer.cpp b/hrtimer.cpp index 1b89dcb2..f9b8a7cd 100644 --- a/hrtimer.cpp +++ b/hrtimer.cpp @@ -30,8 +30,6 @@ NAMESPACE_BEGIN(CryptoPP) -#ifndef CRYPTOPP_IMPORTS - #if defined(CRYPTOPP_WIN32_AVAILABLE) static TimerWord InitializePerformanceCounterFrequency() { @@ -48,6 +46,8 @@ inline TimerWord PerformanceCounterFrequency() } #endif +#ifndef CRYPTOPP_IMPORTS + double TimerBase::ConvertTo(TimerWord t, Unit unit) { static unsigned long unitsPerSecondTable[] = {1, 1000, 1000*1000, 1000*1000*1000}; diff --git a/iterhash.cpp b/iterhash.cpp index dbd7412e..bf287164 100644 --- a/iterhash.cpp +++ b/iterhash.cpp @@ -6,6 +6,7 @@ #include "iterhash.h" #include "misc.h" +#include "cpu.h" NAMESPACE_BEGIN(CryptoPP) @@ -82,9 +83,6 @@ template byte * IteratedHashBase::CreateUpdateSpa template size_t IteratedHashBase::HashMultipleBlocks(const T *input, size_t length) { - // Hardware based SHA1 and SHA256 correct blocks themselves due to hardware requirements. - // For Intel, SHA1 will effectively call ByteReverse(). SHA256 formats data to Intel - // requirements, which means eight words ABCD EFGH are transformed to ABEF CDGH. unsigned int blockSize = this->BlockSize(); bool noReverse = NativeByteOrderIs(this->GetByteOrder()); T* dataBuf = this->DataBuf(); diff --git a/iterhash.h b/iterhash.h index d1a84d93..d51e155b 100644 --- a/iterhash.h +++ b/iterhash.h @@ -1,3 +1,5 @@ +// iterhash.h - originally written and placed in the public domain by Wei Dai + #ifndef CRYPTOPP_ITERHASH_H #define CRYPTOPP_ITERHASH_H @@ -6,6 +8,14 @@ #include "misc.h" #include "simple.h" +#if CRYPTOPP_MSC_VERSION +# pragma warning(push) +# pragma warning(disable: 4231 4275) +# if (CRYPTOPP_MSC_VERSION >= 1400) +# pragma warning(disable: 6011 6386 28193) +# endif +#endif + NAMESPACE_BEGIN(CryptoPP) //! \class HashInputTooLong @@ -179,4 +189,8 @@ protected: NAMESPACE_END +#if CRYPTOPP_MSC_VERSION +# pragma warning(pop) +#endif + #endif diff --git a/kalyna.cpp b/kalyna.cpp index eba64846..f4c3cc0e 100644 --- a/kalyna.cpp +++ b/kalyna.cpp @@ -70,14 +70,14 @@ inline void MakeOddKey(const word64 evenkey[NB], word64 oddkey[NB]) CRYPTOPP_ASSERT(0); } #else - static const unsigned int S = (NB == 2) ? 16 : (NB == 4) ? 32 : (NB == 8) ? 64 : -1; - static const unsigned int T = (NB == 2) ? 7 : (NB == 4) ? 11 : (NB == 8) ? 19 : -1; + static const unsigned int U = (NB == 2) ? 16 : (NB == 4) ? 32 : (NB == 8) ? 64 : -1; + static const unsigned int V = (NB == 2) ? 7 : (NB == 4) ? 11 : (NB == 8) ? 19 : -1; const byte* even = reinterpret_cast(evenkey); byte* odd = reinterpret_cast(oddkey); - memcpy(odd, even + T, S - T); - memcpy(odd + S - T, even, T); + memcpy(odd, even + V, U - V); + memcpy(odd + U - V, even, V); #endif } diff --git a/modarith.h b/modarith.h index 5fff4275..1a78f535 100644 --- a/modarith.h +++ b/modarith.h @@ -14,6 +14,11 @@ #include "secblock.h" #include "misc.h" +#if CRYPTOPP_MSC_VERSION +# pragma warning(push) +# pragma warning(disable: 4231 4275) +#endif + NAMESPACE_BEGIN(CryptoPP) CRYPTOPP_DLL_TEMPLATE_CLASS AbstractGroup; @@ -313,4 +318,8 @@ private: NAMESPACE_END +#if CRYPTOPP_MSC_VERSION +# pragma warning(pop) +#endif + #endif diff --git a/modes.h b/modes.h index 0955c3bd..05be7b52 100644 --- a/modes.h +++ b/modes.h @@ -20,6 +20,14 @@ # pragma GCC diagnostic ignored "-Wsign-conversion" #endif +#if CRYPTOPP_MSC_VERSION +# pragma warning(push) +# pragma warning(disable: 4231 4275) +# if (CRYPTOPP_MSC_VERSION >= 1400) +# pragma warning(disable: 6011 6386 28193) +# endif +#endif + NAMESPACE_BEGIN(CryptoPP) //! \class CipherModeDocumentation @@ -475,6 +483,10 @@ struct CBC_CTS_Mode_ExternalCipher : public CipherModeDocumentation NAMESPACE_END // Issue 340 +#if CRYPTOPP_MSC_VERSION +# pragma warning(pop) +#endif + #if CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE # pragma GCC diagnostic pop #endif diff --git a/modexppc.h b/modexppc.h index c2978871..5e8dd676 100644 --- a/modexppc.h +++ b/modexppc.h @@ -9,6 +9,11 @@ #include "smartptr.h" #include "pubkey.h" +#if CRYPTOPP_MSC_VERSION +# pragma warning(push) +# pragma warning(disable: 4231 4275) +#endif + NAMESPACE_BEGIN(CryptoPP) CRYPTOPP_DLL_TEMPLATE_CLASS DL_FixedBasePrecomputationImpl; @@ -36,4 +41,8 @@ private: NAMESPACE_END +#if CRYPTOPP_MSC_VERSION +# pragma warning(pop) +#endif + #endif diff --git a/regtest1.cpp b/regtest1.cpp index c4eb7380..86780e69 100644 --- a/regtest1.cpp +++ b/regtest1.cpp @@ -34,6 +34,10 @@ # pragma strict_gs_check (on) #endif +#if CRYPTOPP_MSC_VERSION +# pragma warning(disable: 4505 4355) +#endif + USING_NAMESPACE(CryptoPP) // Unkeyed ciphers diff --git a/regtest2.cpp b/regtest2.cpp index d7a1d58c..8779c113 100644 --- a/regtest2.cpp +++ b/regtest2.cpp @@ -61,6 +61,10 @@ # pragma strict_gs_check (on) #endif +#if CRYPTOPP_MSC_VERSION +# pragma warning(disable: 4505 4355) +#endif + USING_NAMESPACE(CryptoPP) // Shared key ciphers diff --git a/regtest3.cpp b/regtest3.cpp index 292bd544..7949c846 100644 --- a/regtest3.cpp +++ b/regtest3.cpp @@ -26,6 +26,10 @@ # pragma strict_gs_check (on) #endif +#if CRYPTOPP_MSC_VERSION +# pragma warning(disable: 4505 4355) +#endif + USING_NAMESPACE(CryptoPP) void RegisterFactories3() diff --git a/seal.cpp b/seal.cpp index acc4e4e5..4108feb5 100644 --- a/seal.cpp +++ b/seal.cpp @@ -4,6 +4,7 @@ #include "pch.h" #include "seal.h" +#include "cpu.h" #include "sha.h" #include "misc.h" #include "secblock.h" @@ -37,11 +38,16 @@ word32 SEAL_Gamma::Apply(word32 i) word32 shaIndex = i/5; if (shaIndex != lastIndex) { - memcpy(Z, H, 20); +#if CRYPTOPP_BOOL_SSE_SHA_INTRINSICS_AVAILABLE + D[0] = ConditionalByteReverse(HasSHA() ? BIG_ENDIAN_ORDER : LITTLE_ENDIAN_ORDER, shaIndex); +#else D[0] = shaIndex; +#endif + memcpy(Z, H, 20); SHA1::Transform(Z, D); lastIndex = shaIndex; } + return Z[i%5]; } diff --git a/secblock.h b/secblock.h index 73706897..8f5aa71a 100644 --- a/secblock.h +++ b/secblock.h @@ -12,9 +12,9 @@ #if CRYPTOPP_MSC_VERSION # pragma warning(push) -# pragma warning(disable: 4700) +# pragma warning(disable: 4231 4275 4700) # if (CRYPTOPP_MSC_VERSION >= 1400) -# pragma warning(disable: 6386) +# pragma warning(disable: 6011 6386 28193) # endif #endif diff --git a/sha.cpp b/sha.cpp index f64ff33d..9c691eb6 100644 --- a/sha.cpp +++ b/sha.cpp @@ -112,7 +112,7 @@ static void SHA1_SSE_SHA_Transform(word32 *state, const word32 *data) ABCD = _mm_loadu_si128((__m128i*) state); E0 = _mm_set_epi32(state[4], 0, 0, 0); ABCD = _mm_shuffle_epi32(ABCD, 0x1B); - MASK = _mm_set_epi8(3,2,1,0, 7,6,5,4, 11,10,9,8, 15,14,13,12); + MASK = _mm_set_epi8(0,1,2,3, 4,5,6,7, 8,9,10,11, 12,13,14,15); // Save current hash ABCD_SAVE = ABCD; @@ -498,6 +498,30 @@ void SHA1::Transform(word32 *state, const word32 *data) s_pfn(state, data); } +#if CRYPTOPP_BOOL_SSE_SHA_INTRINSICS_AVAILABLE +size_t SHA1::HashMultipleBlocks(const word32 *input, size_t length) +{ + static const bool noReverse = HasSHA() || NativeByteOrderIs(this->GetByteOrder()); + const unsigned int blockSize = this->BlockSize(); + word32* dataBuf = this->DataBuf(); + do + { + if (noReverse) + this->HashEndianCorrectedBlock(input); + else + { + ByteReverse(dataBuf, input, this->BlockSize()); + this->HashEndianCorrectedBlock(dataBuf); + } + + input += blockSize/sizeof(word32); + length -= blockSize; + } + while (length >= blockSize); + return length; +} +#endif + // ************************************************************* void SHA224::InitState(HashWordType *state) @@ -1641,7 +1665,7 @@ CRYPTOPP_NAKED static void CRYPTOPP_FASTCALL SHA512_SSE2_Transform(word64 *state // first 16 rounds ASL(0) - AS2( movq mm0, [edx+eax*8]) + AS2( movq mm0, [edx+eax*8]) AS2( movq [esi+eax*8], mm0) AS2( movq [esi+eax*8+16*8], mm0) AS2( paddq mm0, [ebx+eax*8]) diff --git a/sha.h b/sha.h index 806317d4..7660909e 100644 --- a/sha.h +++ b/sha.h @@ -25,6 +25,9 @@ NAMESPACE_BEGIN(CryptoPP) class CRYPTOPP_DLL SHA1 : public IteratedHashWithStaticTransform { public: +#if CRYPTOPP_BOOL_SSE_SHA_INTRINSICS_AVAILABLE + size_t HashMultipleBlocks(const word32 *input, size_t length); +#endif static void CRYPTOPP_API InitState(HashWordType *state); static void CRYPTOPP_API Transform(word32 *digest, const word32 *data); CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "SHA-1";} diff --git a/strciphr.h b/strciphr.h index 83be614c..ff7cca67 100644 --- a/strciphr.h +++ b/strciphr.h @@ -32,7 +32,7 @@ #if CRYPTOPP_MSC_VERSION # pragma warning(push) -# pragma warning(disable: 4127 4189) +# pragma warning(disable: 4127 4189 4231 4275) #endif #include "cryptlib.h" diff --git a/test.cpp b/test.cpp index b19fbad5..a4e02bc5 100644 --- a/test.cpp +++ b/test.cpp @@ -392,7 +392,6 @@ int CRYPTOPP_API main(int argc, char *argv[]) { FileSource usage(CRYPTOPP_DATA_DIR "TestData/usage.dat", true, new FileSink(std::cout)); return 1; - return 1; } else if (command == "V") { diff --git a/trap.h b/trap.h index 46e6598b..0508447d 100644 --- a/trap.h +++ b/trap.h @@ -23,9 +23,8 @@ # if defined(UNIX_SIGNALS_AVAILABLE) # include "ossig.h" # elif defined(CRYPTOPP_WIN32_AVAILABLE) && !defined(__CYGWIN__) -# if (_MSC_VER >= 1400) -# include -# endif + extern "C" __declspec(dllimport) void __stdcall DebugBreak(); + extern "C" __declspec(dllimport) int __stdcall IsDebuggerPresent(); # endif #endif // CRYPTOPP_DEBUG @@ -80,7 +79,7 @@ << (int)(__LINE__) << "): " << (char*)(__FUNCTION__) \ << std::endl; \ std::cerr << oss.str(); \ - __debugbreak(); \ + if (IsDebuggerPresent()) {DebugBreak();} \ } \ } #endif // DEBUG and Unix or Windows diff --git a/validat0.cpp b/validat0.cpp index c4a25c76..4b482c03 100644 --- a/validat0.cpp +++ b/validat0.cpp @@ -31,6 +31,10 @@ # pragma strict_gs_check (on) #endif +#if CRYPTOPP_MSC_VERSION +# pragma warning(disable: 4505 4355) +#endif + NAMESPACE_BEGIN(CryptoPP) NAMESPACE_BEGIN(Test) @@ -141,9 +145,6 @@ bool TestPolynomialMod2() std::cout << (!pass2 ? "FAILED" : "passed") << ": " << "0x" << std::hex << word(SIZE_MAX) << std::dec << " shifted over range [" << start << "," << stop << "]" << "\n"; std::cout << (!pass3 ? "FAILED" : "passed") << ": " << "random values shifted over range [" << std::dec << start << "," << stop << "]" << "\n"; - if (!(pass1 && pass2 && pass3)) - std::cout.flush(); - return pass1 && pass2 && pass3; } #endif @@ -428,7 +429,6 @@ bool TestCompressors() // ************************************************************** - std::cout.flush(); return !fail1 && !fail2 && !fail3; } @@ -684,6 +684,7 @@ bool TestSharing() vector_member_ptrs strSources(threshold); channel.resize(CHID_LENGTH); + for (unsigned int i=0; i