aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.gitignore2
-rw-r--r--botan_version.py2
-rw-r--r--doc/news.rst31
-rw-r--r--src/build-data/buildh.in6
-rw-r--r--src/build-data/cc/msvc.txt2
-rw-r--r--src/cli/main.cpp12
-rw-r--r--src/lib/asn1/ber_dec.h2
-rw-r--r--src/lib/cert/x509/x509_ext.cpp4
-rw-r--r--src/lib/cert/x509/x509cert.cpp4
-rw-r--r--src/lib/math/ec_gfp/curve_nistp.cpp2
-rw-r--r--src/lib/math/numbertheory/make_prm.cpp2
-rw-r--r--src/lib/math/numbertheory/numthry.cpp2
-rw-r--r--src/lib/modes/aead/ccm/ccm.cpp4
-rw-r--r--src/lib/modes/mode_pad/mode_pad.cpp4
-rw-r--r--src/lib/pubkey/workfactor.cpp2
-rw-r--r--src/lib/rng/hmac_rng/hmac_rng.cpp2
-rw-r--r--src/lib/stream/ctr/ctr.cpp2
-rw-r--r--src/lib/tls/msg_cert_verify.cpp2
-rw-r--r--src/lib/tls/msg_certificate.cpp4
-rw-r--r--src/lib/tls/tls_channel.cpp7
-rw-r--r--src/lib/tls/tls_extensions.cpp30
-rw-r--r--src/lib/tls/tls_handshake_io.cpp12
-rw-r--r--src/lib/tls/tls_handshake_state.cpp6
-rw-r--r--src/lib/tls/tls_policy.h2
-rw-r--r--src/lib/tls/tls_record.cpp26
-rw-r--r--src/lib/tls/tls_session.cpp5
-rw-r--r--src/lib/utils/loadstor.h2
-rw-r--r--src/scripts/ci/appveyor.yml3
28 files changed, 104 insertions, 80 deletions
diff --git a/.gitignore b/.gitignore
index 2c4639d6c..691fab8d2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,6 +5,8 @@ libbotan*.so.*
*.dylib
*.exp
*.lib
+*.pdb
+*.ilk
*.dll
*.exe
*.manifest
diff --git a/botan_version.py b/botan_version.py
index b92681d93..e5e2b811a 100644
--- a/botan_version.py
+++ b/botan_version.py
@@ -1,7 +1,7 @@
release_major = 1
release_minor = 11
-release_patch = 29
+release_patch = 30
release_so_abi_rev = release_patch
# These are set by the distribution script
diff --git a/doc/news.rst b/doc/news.rst
index 188f3db4d..2a9fe53a6 100644
--- a/doc/news.rst
+++ b/doc/news.rst
@@ -9,6 +9,17 @@ Version 1.11.30, Not Yet Released
a MAC failure. Records like this are used by OpenSSL in TLS 1.0
connections in order to randomize the IV.
+* The Transform and Keyed_Transform interfaces has been removed. The
+ two concrete implementations of these interfaces were Cipher_Mode
+ and the Compressor_tkk. The Cipher_Mode interface remains unchanged
+ as the Transform and Keyed_Transform signatures have moved to it;
+ no changes to Cipher_Mode usage should be necessary. Any uses of
+ Transform& or Keyed_Transform& to refer to a cipher should be replaced
+ by Cipher_Mode&. The compression algorithm interface has changed; the start
+ function now takes the per-message compression ratio to use. Previously the
+ compression level to use had to be set once, at creation time, and
+ the required `secure_vector` argument to start was required to be empty.
+
* Add IETF versions of the ChaCha20Poly1305 TLS ciphersuites from
draft-ietf-tls-chacha20-poly1305-04. The previously implemented
(non-standard) ChaCha20Poly1305 ciphersuites from
@@ -19,14 +30,32 @@ Version 1.11.30, Not Yet Released
previous versions of the draft, and the ciphersuite numbers used for
the (still experimental) OCB ciphersuites have changed.
+* Previously an unknown critical extension caused X.509 certificate
+ parsing to fail; such a cert could not be created at all. Now
+ parsing succeeds and the certificate validation fails with
+ an error indicating an unknown critical extension. GH #469
+
+* X509_CRL previously had an option to cause it to ignore unknown
+ critical extensions. This has been removed.
+
+* Added support for ChaCha stream cipher with 12 rounds.
+
* Add ECGDSA signature algorithm (GH #479)
-* Add NIST SP800-108 and 56C KDFs
+* Add NIST SP800-108 and 56C KDFs (GH #481)
* A bug in the IETF version of ChaCha20Poly1305 (with 96 bit nonces)
caused incorrect computation when the plaintext or AAD was exactly
a multiple of 16 bytes.
+* Fix return type of TLS_Reader::get_u32bit, which was truncated to
+ 16 bits. This only affected decoding of session ticket lifetimes.
+ GH #478
+
+* Fix OS X dylib naming problem (GH #468 #467)
+
+* Fix bcrypt function under Python 3 (GH #461)
+
Version 1.10.13, 2016-04-23
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
diff --git a/src/build-data/buildh.in b/src/build-data/buildh.in
index 6412fdcdf..d6201be19 100644
--- a/src/build-data/buildh.in
+++ b/src/build-data/buildh.in
@@ -226,12 +226,6 @@ Each poll generates 32 bit entropy
%{target_compiler_defines}
-#if defined(_MSC_VER)
- // 4250: inherits via dominance (diamond inheritence issue)
- // 4251: needs DLL interface (STL DLL exports)
- #pragma warning(disable: 4250 4251)
-#endif
-
/*
* Compile-time deprecatation warnings
*/
diff --git a/src/build-data/cc/msvc.txt b/src/build-data/cc/msvc.txt
index 02e33bfab..8231c0429 100644
--- a/src/build-data/cc/msvc.txt
+++ b/src/build-data/cc/msvc.txt
@@ -19,7 +19,7 @@ optimization_flags "/O2"
debug_info_flags "/Zi /FS"
lang_flags "/EHs /GR"
-warning_flags "/W3 /wd4275 /wd4267"
+warning_flags "/W4 /wd4250 /wd4251 /wd4275"
visibility_build_flags "/DBOTAN_DLL=__declspec(dllexport)"
visibility_attribute "__declspec(dllimport)"
diff --git a/src/cli/main.cpp b/src/cli/main.cpp
index f6bbcc30e..f63de8fa2 100644
--- a/src/cli/main.cpp
+++ b/src/cli/main.cpp
@@ -21,11 +21,13 @@ std::string main_help()
std::ostringstream oss;
oss << "Usage: botan <cmd> <cmd-options>\n";
- oss << "Available commands: ";
- std::copy(avail_commands.begin(),
- avail_commands.end(),
- std::ostream_iterator<std::string>(oss, " "));
- oss << "\n";
+ oss << "Available commands:\n";
+
+ for(auto& cmd_name : avail_commands)
+ {
+ auto cmd = Botan_CLI::Command::get_cmd(cmd_name);
+ oss << cmd->cmd_spec() << "\n";
+ }
return oss.str();
}
diff --git a/src/lib/asn1/ber_dec.h b/src/lib/asn1/ber_dec.h
index 8a5c9ca45..8c1491851 100644
--- a/src/lib/asn1/ber_dec.h
+++ b/src/lib/asn1/ber_dec.h
@@ -86,7 +86,7 @@ class BOTAN_DLL BER_Decoder
ASN1_Tag type_tag,
ASN1_Tag class_tag = CONTEXT_SPECIFIC)
{
- out = decode_constrained_integer(type_tag, class_tag, sizeof(out));
+ out = static_cast<T>(decode_constrained_integer(type_tag, class_tag, sizeof(out)));
return (*this);
}
diff --git a/src/lib/cert/x509/x509_ext.cpp b/src/lib/cert/x509/x509_ext.cpp
index b54c82b87..85d40bf21 100644
--- a/src/lib/cert/x509/x509_ext.cpp
+++ b/src/lib/cert/x509/x509_ext.cpp
@@ -246,7 +246,7 @@ void Basic_Constraints::decode_inner(const std::vector<byte>& in)
void Basic_Constraints::contents_to(Data_Store& subject, Data_Store&) const
{
subject.add("X509v3.BasicConstraints.is_ca", (m_is_ca ? 1 : 0));
- subject.add("X509v3.BasicConstraints.path_constraint", m_path_limit);
+ subject.add("X509v3.BasicConstraints.path_constraint", static_cast<u32bit>(m_path_limit));
}
/*
@@ -744,7 +744,7 @@ void CRL_Number::decode_inner(const std::vector<byte>& in)
*/
void CRL_Number::contents_to(Data_Store& info, Data_Store&) const
{
- info.add("X509v3.CRLNumber", m_crl_number);
+ info.add("X509v3.CRLNumber", static_cast<u32bit>(m_crl_number));
}
/*
diff --git a/src/lib/cert/x509/x509cert.cpp b/src/lib/cert/x509/x509cert.cpp
index f68956859..d7da00af0 100644
--- a/src/lib/cert/x509/x509cert.cpp
+++ b/src/lib/cert/x509/x509cert.cpp
@@ -159,7 +159,7 @@ void X509_Certificate::force_decode()
if(tbs_cert.more_items())
throw Decoding_Error("TBSCertificate has more items that expected");
- m_subject.add("X509.Certificate.version", version);
+ m_subject.add("X509.Certificate.version", static_cast<u32bit>(version));
m_subject.add("X509.Certificate.serial", BigInt::encode(serial_bn));
m_subject.add("X509.Certificate.start", start.to_string());
m_subject.add("X509.Certificate.end", end.to_string());
@@ -182,7 +182,7 @@ void X509_Certificate::force_decode()
const size_t limit = (x509_version() < 3) ?
Cert_Extension::NO_CERT_PATH_LIMIT : 0;
- m_subject.add("X509v3.BasicConstraints.path_constraint", limit);
+ m_subject.add("X509v3.BasicConstraints.path_constraint", static_cast<u32bit>(limit));
}
}
diff --git a/src/lib/math/ec_gfp/curve_nistp.cpp b/src/lib/math/ec_gfp/curve_nistp.cpp
index c153340e9..176409dbf 100644
--- a/src/lib/math/ec_gfp/curve_nistp.cpp
+++ b/src/lib/math/ec_gfp/curve_nistp.cpp
@@ -94,7 +94,7 @@ inline u32bit get_u32bit(const BigInt& x, size_t i)
#if (BOTAN_MP_WORD_BITS == 32)
return x.word_at(i);
#elif (BOTAN_MP_WORD_BITS == 64)
- return (x.word_at(i/2) >> ((i % 2)*32));
+ return static_cast<u32bit>(x.word_at(i/2) >> ((i % 2)*32));
#else
#error "Not implemented"
#endif
diff --git a/src/lib/math/numbertheory/make_prm.cpp b/src/lib/math/numbertheory/make_prm.cpp
index 3d82adf06..acd187063 100644
--- a/src/lib/math/numbertheory/make_prm.cpp
+++ b/src/lib/math/numbertheory/make_prm.cpp
@@ -66,7 +66,7 @@ BigInt random_prime(RandomNumberGenerator& rng,
secure_vector<u16bit> sieve(sieve_size);
for(size_t j = 0; j != sieve.size(); ++j)
- sieve[j] = p % PRIMES[j];
+ sieve[j] = static_cast<u16bit>(p % PRIMES[j]);
size_t counter = 0;
while(true)
diff --git a/src/lib/math/numbertheory/numthry.cpp b/src/lib/math/numbertheory/numthry.cpp
index ae2d33524..6c3d2c931 100644
--- a/src/lib/math/numbertheory/numthry.cpp
+++ b/src/lib/math/numbertheory/numthry.cpp
@@ -446,7 +446,7 @@ bool is_prime(const BigInt& n, RandomNumberGenerator& rng,
// Fast path testing for small numbers (<= 65521)
if(n <= PRIMES[PRIME_TABLE_SIZE-1])
{
- const u16bit num = n.word_at(0);
+ const u16bit num = static_cast<u16bit>(n.word_at(0));
return std::binary_search(PRIMES, PRIMES + PRIME_TABLE_SIZE, num);
}
diff --git a/src/lib/modes/aead/ccm/ccm.cpp b/src/lib/modes/aead/ccm/ccm.cpp
index df33685f3..1f528769e 100644
--- a/src/lib/modes/aead/ccm/ccm.cpp
+++ b/src/lib/modes/aead/ccm/ccm.cpp
@@ -81,8 +81,8 @@ void CCM_Mode::set_associated_data(const byte ad[], size_t length)
// FIXME: support larger AD using length encoding rules
BOTAN_ASSERT(length < (0xFFFF - 0xFF), "Supported CCM AD length");
- m_ad_buf.push_back(get_byte<u16bit>(0, length));
- m_ad_buf.push_back(get_byte<u16bit>(1, length));
+ m_ad_buf.push_back(get_byte(0, static_cast<u16bit>(length)));
+ m_ad_buf.push_back(get_byte(1, static_cast<u16bit>(length)));
m_ad_buf += std::make_pair(ad, length);
while(m_ad_buf.size() % BS)
m_ad_buf.push_back(0); // pad with zeros to full block size
diff --git a/src/lib/modes/mode_pad/mode_pad.cpp b/src/lib/modes/mode_pad/mode_pad.cpp
index ecf241821..0f1df9e8a 100644
--- a/src/lib/modes/mode_pad/mode_pad.cpp
+++ b/src/lib/modes/mode_pad/mode_pad.cpp
@@ -37,7 +37,7 @@ void PKCS7_Padding::add_padding(secure_vector<byte>& buffer,
size_t last_byte_pos,
size_t block_size) const
{
- const byte pad_value = block_size - last_byte_pos;
+ const byte pad_value = static_cast<byte>(block_size - last_byte_pos);
for(size_t i = 0; i != pad_value; ++i)
buffer.push_back(pad_value);
@@ -67,7 +67,7 @@ void ANSI_X923_Padding::add_padding(secure_vector<byte>& buffer,
size_t last_byte_pos,
size_t block_size) const
{
- const byte pad_value = block_size - last_byte_pos;
+ const byte pad_value = static_cast<byte>(block_size - last_byte_pos);
for(size_t i = last_byte_pos; i < block_size; ++i)
buffer.push_back(0);
diff --git a/src/lib/pubkey/workfactor.cpp b/src/lib/pubkey/workfactor.cpp
index 5cbd17f09..8be64bef3 100644
--- a/src/lib/pubkey/workfactor.cpp
+++ b/src/lib/pubkey/workfactor.cpp
@@ -51,7 +51,7 @@ size_t dl_exponent_size(size_t bits)
const double strength = 1.92 * std::pow(log_p, 1.0/3.0) * std::pow(std::log(log_p), 2.0/3.0);
- return 2 * std::max<size_t>(MIN_WORKFACTOR, log2_e * strength);
+ return 2 * std::max<size_t>(MIN_WORKFACTOR, static_cast<size_t>(log2_e * strength));
}
}
diff --git a/src/lib/rng/hmac_rng/hmac_rng.cpp b/src/lib/rng/hmac_rng/hmac_rng.cpp
index 0b80de7bd..7a9e4dbc5 100644
--- a/src/lib/rng/hmac_rng/hmac_rng.cpp
+++ b/src/lib/rng/hmac_rng/hmac_rng.cpp
@@ -165,7 +165,7 @@ size_t HMAC_RNG::reseed_with_sources(Entropy_Sources& srcs,
m_counter = 0;
m_collected_entropy_estimate =
- std::min<size_t>(m_collected_entropy_estimate + bits_collected,
+ std::min<size_t>(m_collected_entropy_estimate + static_cast<size_t>(bits_collected),
m_extractor->output_length() * 8);
m_output_since_reseed = 0;
diff --git a/src/lib/stream/ctr/ctr.cpp b/src/lib/stream/ctr/ctr.cpp
index e90bb43a4..88c7a8d8e 100644
--- a/src/lib/stream/ctr/ctr.cpp
+++ b/src/lib/stream/ctr/ctr.cpp
@@ -98,7 +98,7 @@ void CTR_BE::increment_counter()
for(size_t i = 0; i != n_wide; ++i)
{
- uint16_t carry = n_wide;
+ uint16_t carry = static_cast<uint16_t>(n_wide);
for(size_t j = 0; carry && j != bs; ++j)
{
const size_t off = i*bs + (bs-1-j);
diff --git a/src/lib/tls/msg_cert_verify.cpp b/src/lib/tls/msg_cert_verify.cpp
index 0d157dc57..2598255eb 100644
--- a/src/lib/tls/msg_cert_verify.cpp
+++ b/src/lib/tls/msg_cert_verify.cpp
@@ -65,7 +65,7 @@ std::vector<byte> Certificate_Verify::serialize() const
buf.push_back(Signature_Algorithms::sig_algo_code(m_sig_algo));
}
- const u16bit sig_len = m_signature.size();
+ const u16bit sig_len = static_cast<u16bit>(m_signature.size());
buf.push_back(get_byte(0, sig_len));
buf.push_back(get_byte(1, sig_len));
buf += m_signature;
diff --git a/src/lib/tls/msg_certificate.cpp b/src/lib/tls/msg_certificate.cpp
index dbf9dbe12..a83d32d11 100644
--- a/src/lib/tls/msg_certificate.cpp
+++ b/src/lib/tls/msg_certificate.cpp
@@ -101,14 +101,14 @@ std::vector<byte> Certificate::serialize() const
const size_t cert_size = raw_cert.size();
for(size_t j = 0; j != 3; ++j)
{
- buf.push_back(get_byte<u32bit>(j+1, cert_size));
+ buf.push_back(get_byte(j+1, static_cast<u32bit>(cert_size)));
}
buf += raw_cert;
}
const size_t buf_size = buf.size() - 3;
for(size_t i = 0; i != 3; ++i)
- buf[i] = get_byte<u32bit>(i+1, buf_size);
+ buf[i] = get_byte(i+1, static_cast<u32bit>(buf_size));
return buf;
}
diff --git a/src/lib/tls/tls_channel.cpp b/src/lib/tls/tls_channel.cpp
index cfaeefeb8..4549470e2 100644
--- a/src/lib/tls/tls_channel.cpp
+++ b/src/lib/tls/tls_channel.cpp
@@ -122,7 +122,7 @@ Handshake_State& Channel::create_handshake_state(Protocol_Version version)
io.reset(new Datagram_Handshake_IO(
std::bind(&Channel::send_record_under_epoch, this, _1, _2, _3),
sequence_numbers(),
- m_policy.dtls_default_mtu(),
+ static_cast<u16bit>(m_policy.dtls_default_mtu()),
m_policy.dtls_initial_timeout(),
m_policy.dtls_maximum_timeout()));
}
@@ -632,8 +632,8 @@ SymmetricKey Channel::key_material_export(const std::string& label,
size_t context_size = context.length();
if(context_size > 0xFFFF)
throw Exception("key_material_export context is too long");
- salt.push_back(get_byte<u16bit>(0, context_size));
- salt.push_back(get_byte<u16bit>(1, context_size));
+ salt.push_back(get_byte(0, static_cast<u16bit>(context_size)));
+ salt.push_back(get_byte(1, static_cast<u16bit>(context_size)));
salt += to_byte_vector(context);
}
@@ -646,4 +646,3 @@ SymmetricKey Channel::key_material_export(const std::string& label,
}
}
-
diff --git a/src/lib/tls/tls_extensions.cpp b/src/lib/tls/tls_extensions.cpp
index 76a4c8060..49b7355ab 100644
--- a/src/lib/tls/tls_extensions.cpp
+++ b/src/lib/tls/tls_extensions.cpp
@@ -102,13 +102,13 @@ std::vector<byte> Extensions::serialize() const
buf.push_back(get_byte(0, extn_code));
buf.push_back(get_byte(1, extn_code));
- buf.push_back(get_byte<u16bit>(0, extn_val.size()));
- buf.push_back(get_byte<u16bit>(1, extn_val.size()));
+ buf.push_back(get_byte(0, static_cast<u16bit>(extn_val.size())));
+ buf.push_back(get_byte(1, static_cast<u16bit>(extn_val.size())));
buf += extn_val;
}
- const u16bit extn_size = buf.size() - 2;
+ const u16bit extn_size = static_cast<u16bit>(buf.size() - 2);
buf[0] = get_byte(0, extn_size);
buf[1] = get_byte(1, extn_size);
@@ -150,7 +150,7 @@ Server_Name_Indicator::Server_Name_Indicator(TLS_Data_Reader& reader,
if(name_type == 0) // DNS
{
m_sni_host_name = reader.get_string(2, 1, 65535);
- name_bytes -= (2 + m_sni_host_name.size());
+ name_bytes -= static_cast<u16bit>(2 + m_sni_host_name.size());
}
else // some other unknown name type
{
@@ -166,12 +166,12 @@ std::vector<byte> Server_Name_Indicator::serialize() const
size_t name_len = m_sni_host_name.size();
- buf.push_back(get_byte<u16bit>(0, name_len+3));
- buf.push_back(get_byte<u16bit>(1, name_len+3));
+ buf.push_back(get_byte(0, static_cast<u16bit>(name_len+3)));
+ buf.push_back(get_byte(1, static_cast<u16bit>(name_len+3)));
buf.push_back(0); // DNS
- buf.push_back(get_byte<u16bit>(0, name_len));
- buf.push_back(get_byte<u16bit>(1, name_len));
+ buf.push_back(get_byte(0, static_cast<u16bit>(name_len)));
+ buf.push_back(get_byte(1, static_cast<u16bit>(name_len)));
buf += std::make_pair(
reinterpret_cast<const byte*>(m_sni_host_name.data()),
@@ -267,8 +267,8 @@ std::vector<byte> Application_Layer_Protocol_Notification::serialize() const
1);
}
- buf[0] = get_byte<u16bit>(0, buf.size()-2);
- buf[1] = get_byte<u16bit>(1, buf.size()-2);
+ buf[0] = get_byte(0, static_cast<u16bit>(buf.size()-2));
+ buf[1] = get_byte(1, static_cast<u16bit>(buf.size()-2));
return buf;
}
@@ -323,8 +323,8 @@ std::vector<byte> Supported_Elliptic_Curves::serialize() const
buf.push_back(get_byte(1, id));
}
- buf[0] = get_byte<u16bit>(0, buf.size()-2);
- buf[1] = get_byte<u16bit>(1, buf.size()-2);
+ buf[0] = get_byte(0, static_cast<u16bit>(buf.size()-2));
+ buf[1] = get_byte(1, static_cast<u16bit>(buf.size()-2));
return buf;
}
@@ -438,8 +438,8 @@ std::vector<byte> Signature_Algorithms::serialize() const
{}
}
- buf[0] = get_byte<u16bit>(0, buf.size()-2);
- buf[1] = get_byte<u16bit>(1, buf.size()-2);
+ buf[0] = get_byte(0, static_cast<u16bit>(buf.size()-2));
+ buf[1] = get_byte(1, static_cast<u16bit>(buf.size()-2));
return buf;
}
@@ -495,7 +495,7 @@ std::vector<byte> SRTP_Protection_Profiles::serialize() const
{
std::vector<byte> buf;
- const u16bit pp_len = m_pp.size() * 2;
+ const u16bit pp_len = static_cast<u16bit>(m_pp.size() * 2);
buf.push_back(get_byte(0, pp_len));
buf.push_back(get_byte(1, pp_len));
diff --git a/src/lib/tls/tls_handshake_io.cpp b/src/lib/tls/tls_handshake_io.cpp
index f39c9f84e..ed7b1487d 100644
--- a/src/lib/tls/tls_handshake_io.cpp
+++ b/src/lib/tls/tls_handshake_io.cpp
@@ -28,9 +28,9 @@ inline size_t load_be24(const byte q[3])
void store_be24(byte out[3], size_t val)
{
- out[0] = get_byte<u32bit>(1, val);
- out[1] = get_byte<u32bit>(2, val);
- out[2] = get_byte<u32bit>(3, val);
+ out[0] = get_byte(1, static_cast<u32bit>(val));
+ out[1] = get_byte(2, static_cast<u32bit>(val));
+ out[2] = get_byte(3, static_cast<u32bit>(val));
}
u64bit steady_clock_ms()
@@ -376,7 +376,7 @@ Datagram_Handshake_IO::format_w_seq(const std::vector<byte>& msg,
Handshake_Type type,
u16bit msg_sequence) const
{
- return format_fragment(msg.data(), msg.size(), 0, msg.size(), type, msg_sequence);
+ return format_fragment(msg.data(), msg.size(), 0, static_cast<u16bit>(msg.size()), type, msg_sequence);
}
std::vector<byte>
@@ -441,8 +441,8 @@ std::vector<byte> Datagram_Handshake_IO::send_message(u16bit msg_seq,
HANDSHAKE,
format_fragment(&msg_bits[frag_offset],
frag_len,
- frag_offset,
- msg_bits.size(),
+ static_cast<u16bit>(frag_offset),
+ static_cast<u16bit>(msg_bits.size()),
msg_type,
msg_seq));
diff --git a/src/lib/tls/tls_handshake_state.cpp b/src/lib/tls/tls_handshake_state.cpp
index 67ba43265..afc32ba87 100644
--- a/src/lib/tls/tls_handshake_state.cpp
+++ b/src/lib/tls/tls_handshake_state.cpp
@@ -287,7 +287,7 @@ void Handshake_State::confirm_transition_to(Handshake_Type handshake_msg)
m_hand_received_mask |= mask;
- const bool ok = (m_hand_expecting_mask & mask); // overlap?
+ const bool ok = (m_hand_expecting_mask & mask) != 0; // overlap?
if(!ok)
throw Unexpected_Message("Unexpected state transition in handshake, got type " +
@@ -311,14 +311,14 @@ bool Handshake_State::received_handshake_msg(Handshake_Type handshake_msg) const
{
const u32bit mask = bitmask_for_handshake_type(handshake_msg);
- return (m_hand_received_mask & mask);
+ return (m_hand_received_mask & mask) != 0;
}
std::pair<Handshake_Type, std::vector<byte>>
Handshake_State::get_next_handshake_msg()
{
const bool expecting_ccs =
- (bitmask_for_handshake_type(HANDSHAKE_CCS) & m_hand_expecting_mask);
+ (bitmask_for_handshake_type(HANDSHAKE_CCS) & m_hand_expecting_mask) != 0;
return m_handshake_io->get_next_record(expecting_ccs);
}
diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h
index dc24d73e2..3a09a1747 100644
--- a/src/lib/tls/tls_policy.h
+++ b/src/lib/tls/tls_policy.h
@@ -362,7 +362,7 @@ class BOTAN_DLL Text_Policy : public Policy
{ return get_bool("hide_unknown_users", Policy::hide_unknown_users()); }
u32bit session_ticket_lifetime() const override
- { return get_len("session_ticket_lifetime", Policy::session_ticket_lifetime()); }
+ { return static_cast<u32bit>(get_len("session_ticket_lifetime", Policy::session_ticket_lifetime())); }
bool send_fallback_scsv(Protocol_Version version) const override
{ return get_bool("send_fallback_scsv", false) ? Policy::send_fallback_scsv(version) : false; }
diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp
index 438dce178..16dfecc6a 100644
--- a/src/lib/tls/tls_record.cpp
+++ b/src/lib/tls/tls_record.cpp
@@ -174,8 +174,8 @@ void write_record(secure_vector<byte>& output,
if(!cs) // initial unencrypted handshake records
{
- output.push_back(get_byte<u16bit>(0, msg_length));
- output.push_back(get_byte<u16bit>(1, msg_length));
+ output.push_back(get_byte(0, static_cast<u16bit>(msg_length)));
+ output.push_back(get_byte(1, static_cast<u16bit>(msg_length)));
output.insert(output.end(), msg, msg + msg_length);
@@ -192,10 +192,10 @@ void write_record(secure_vector<byte>& output,
const size_t rec_size = ctext_size + cs->nonce_bytes_from_record();
BOTAN_ASSERT(rec_size <= 0xFFFF, "Ciphertext length fits in field");
- output.push_back(get_byte<u16bit>(0, rec_size));
- output.push_back(get_byte<u16bit>(1, rec_size));
+ output.push_back(get_byte(0, static_cast<u16bit>(rec_size)));
+ output.push_back(get_byte(1, static_cast<u16bit>(rec_size)));
- aead->set_ad(cs->format_ad(seq, msg_type, version, msg_length));
+ aead->set_ad(cs->format_ad(seq, msg_type, version, static_cast<u16bit>(msg_length)));
if(cs->nonce_bytes_from_record() > 0)
{
@@ -221,7 +221,7 @@ void write_record(secure_vector<byte>& output,
if(!cs->uses_encrypt_then_mac())
{
- cs->mac()->update(cs->format_ad(seq, msg_type, version, msg_length));
+ cs->mac()->update(cs->format_ad(seq, msg_type, version, static_cast<u16bit>(msg_length)));
cs->mac()->update(msg, msg_length);
const size_t buf_size = round_up(
@@ -231,8 +231,8 @@ void write_record(secure_vector<byte>& output,
if(buf_size > MAX_CIPHERTEXT_SIZE)
throw Internal_Error("Output record is larger than allowed by protocol");
- output.push_back(get_byte<u16bit>(0, buf_size));
- output.push_back(get_byte<u16bit>(1, buf_size));
+ output.push_back(get_byte(0, static_cast<u16bit>(buf_size)));
+ output.push_back(get_byte(1, static_cast<u16bit>(buf_size)));
const size_t header_size = output.size();
@@ -253,7 +253,7 @@ void write_record(secure_vector<byte>& output,
buf_size - (iv_size + msg_length + mac_size + 1);
for(size_t i = 0; i != pad_val + 1; ++i)
- output.push_back(pad_val);
+ output.push_back(static_cast<byte>(pad_val));
}
if(buf_size > MAX_CIPHERTEXT_SIZE)
@@ -407,7 +407,7 @@ u16bit tls_padding_check(const byte record[], size_t record_len)
for(size_t i = 0; i != record_len; ++i)
{
const size_t left = record_len - i - 2;
- const byte delim_mask = CT::is_less<u16bit>(left, pad_byte) & 0xFF;
+ const byte delim_mask = CT::is_less<u16bit>(static_cast<u16bit>(left), pad_byte) & 0xFF;
pad_invalid |= (delim_mask & (record[i] ^ pad_byte));
}
@@ -465,7 +465,7 @@ void decrypt_record(secure_vector<byte>& output,
const size_t ptext_size = aead->output_length(msg_length);
aead->set_associated_data_vec(
- cs.format_ad(record_sequence, record_type, record_version, ptext_size)
+ cs.format_ad(record_sequence, record_type, record_version, static_cast<u16bit>(ptext_size))
);
output += aead->start(nonce);
@@ -501,7 +501,7 @@ void decrypt_record(secure_vector<byte>& output,
// This mask is zero if there is not enough room in the packet to get
// a valid MAC. We have to accept empty packets, since otherwise we
// are not compatible with the BEAST countermeasure (thus record_len+1).
- const u16bit size_ok_mask = CT::is_less<u16bit>(mac_size + pad_size + iv_size, record_len + 1);
+ const u16bit size_ok_mask = CT::is_lte<u16bit>(static_cast<u16bit>(mac_size + pad_size + iv_size), static_cast<u16bit>(record_len + 1));
pad_size &= size_ok_mask;
CT::unpoison(record_contents, record_len);
@@ -513,7 +513,7 @@ void decrypt_record(secure_vector<byte>& output,
CT::unpoison(pad_size);
const byte* plaintext_block = &record_contents[iv_size];
- const u16bit plaintext_length = record_len - mac_size - iv_size - pad_size;
+ const u16bit plaintext_length = static_cast<u16bit>(record_len - mac_size - iv_size - pad_size);
cs.mac()->update(cs.format_ad(record_sequence, record_type, record_version, plaintext_length));
cs.mac()->update(plaintext_block, plaintext_length);
diff --git a/src/lib/tls/tls_session.cpp b/src/lib/tls/tls_session.cpp
index c02bbd9ab..d6b52846f 100644
--- a/src/lib/tls/tls_session.cpp
+++ b/src/lib/tls/tls_session.cpp
@@ -109,11 +109,11 @@ Session::Session(const byte ber[], size_t ber_len)
m_version = Protocol_Version(major_version, minor_version);
m_start_time = std::chrono::system_clock::from_time_t(start_time);
m_connection_side = static_cast<Connection_Side>(side_code);
- m_srtp_profile = srtp_profile;
+ m_srtp_profile = static_cast<u16bit>(srtp_profile);
m_server_info = Server_Information(server_hostname.value(),
server_service.value(),
- server_port);
+ static_cast<u16bit>(server_port));
m_srp_identifier = srp_identifier_str.value();
@@ -222,4 +222,3 @@ Session Session::decrypt(const byte in[], size_t in_len, const SymmetricKey& key
}
}
-
diff --git a/src/lib/utils/loadstor.h b/src/lib/utils/loadstor.h
index a6c2b7969..9ae9fda0e 100644
--- a/src/lib/utils/loadstor.h
+++ b/src/lib/utils/loadstor.h
@@ -47,7 +47,7 @@ namespace Botan {
template<typename T> inline byte get_byte(size_t byte_num, T input)
{
return static_cast<byte>(
- input >> ((sizeof(T)-1-(byte_num&(sizeof(T)-1))) << 3)
+ input >> (((~byte_num)&(sizeof(T)-1)) << 3)
);
}
diff --git a/src/scripts/ci/appveyor.yml b/src/scripts/ci/appveyor.yml
index d0f59c920..58e04eea9 100644
--- a/src/scripts/ci/appveyor.yml
+++ b/src/scripts/ci/appveyor.yml
@@ -24,9 +24,8 @@ install:
)
- cl # check compiler version
-# always build via amalgamation due to build time constraints on appveyor
build_script:
- - python configure.py --cc=msvc --via-amalgamation --cpu=%PLATFORM% %MODE%
+ - python configure.py --cc=msvc --cpu=%PLATFORM% %MODE%
- nmake
- botan-test
- nmake install