diff options
Diffstat (limited to 'src/lib')
143 files changed, 547 insertions, 450 deletions
diff --git a/src/lib/asn1/alg_id.cpp b/src/lib/asn1/alg_id.cpp index 7d476a225..75ea78c18 100644 --- a/src/lib/asn1/alg_id.cpp +++ b/src/lib/asn1/alg_id.cpp @@ -16,32 +16,24 @@ namespace Botan { * Create an AlgorithmIdentifier */ AlgorithmIdentifier::AlgorithmIdentifier(const OID& alg_id, - const std::vector<byte>& param) - { - oid = alg_id; - parameters = param; - } + const std::vector<byte>& param) : oid(alg_id), parameters(param) + {} /* * Create an AlgorithmIdentifier */ AlgorithmIdentifier::AlgorithmIdentifier(const std::string& alg_id, - const std::vector<byte>& param) - { - oid = OIDS::lookup(alg_id); - parameters = param; - } + const std::vector<byte>& param) : oid(OIDS::lookup(alg_id)), parameters(param) + {} /* * Create an AlgorithmIdentifier */ AlgorithmIdentifier::AlgorithmIdentifier(const OID& alg_id, - Encoding_Option option) + Encoding_Option option) : oid(alg_id), parameters() { const byte DER_NULL[] = { 0x05, 0x00 }; - oid = alg_id; - if(option == USE_NULL_PARAM) parameters += std::pair<const byte*, size_t>(DER_NULL, sizeof(DER_NULL)); } @@ -50,12 +42,10 @@ AlgorithmIdentifier::AlgorithmIdentifier(const OID& alg_id, * Create an AlgorithmIdentifier */ AlgorithmIdentifier::AlgorithmIdentifier(const std::string& alg_id, - Encoding_Option option) + Encoding_Option option) : oid(OIDS::lookup(alg_id)), parameters() { const byte DER_NULL[] = { 0x05, 0x00 }; - oid = OIDS::lookup(alg_id); - if(option == USE_NULL_PARAM) parameters += std::pair<const byte*, size_t>(DER_NULL, sizeof(DER_NULL)); } diff --git a/src/lib/asn1/asn1_attribute.cpp b/src/lib/asn1/asn1_attribute.cpp index 406a57d9a..bd7e5bf11 100644 --- a/src/lib/asn1/asn1_attribute.cpp +++ b/src/lib/asn1/asn1_attribute.cpp @@ -15,21 +15,15 @@ namespace Botan { /* * Create an Attribute */ -Attribute::Attribute(const OID& attr_oid, const std::vector<byte>& attr_value) - { - oid = attr_oid; - parameters = attr_value; - } +Attribute::Attribute(const OID& attr_oid, const std::vector<byte>& attr_value) : oid(attr_oid), parameters(attr_value) + {} /* * Create an Attribute */ Attribute::Attribute(const std::string& attr_oid, - const std::vector<byte>& attr_value) - { - oid = OIDS::lookup(attr_oid); - parameters = attr_value; - } + const std::vector<byte>& attr_value) : oid(OIDS::lookup(attr_oid)), parameters(attr_value) + {} /* * DER encode a Attribute diff --git a/src/lib/asn1/asn1_obj.h b/src/lib/asn1/asn1_obj.h index 2bd2b1ed5..3e119dc01 100644 --- a/src/lib/asn1/asn1_obj.h +++ b/src/lib/asn1/asn1_obj.h @@ -114,7 +114,7 @@ bool maybe_BER(DataSource& src); */ struct BOTAN_DLL BER_Decoding_Error : public Decoding_Error { - BER_Decoding_Error(const std::string&); + explicit BER_Decoding_Error(const std::string&); }; /** diff --git a/src/lib/asn1/asn1_str.cpp b/src/lib/asn1/asn1_str.cpp index 809448888..c378d5dfe 100644 --- a/src/lib/asn1/asn1_str.cpp +++ b/src/lib/asn1/asn1_str.cpp @@ -62,9 +62,8 @@ ASN1_Tag choose_encoding(const std::string& str, /* * Create an ASN1_String */ -ASN1_String::ASN1_String(const std::string& str, ASN1_Tag t) : m_tag(t) +ASN1_String::ASN1_String(const std::string& str, ASN1_Tag t) : m_iso_8859_str(Charset::transcode(str, LOCAL_CHARSET, LATIN1_CHARSET)), m_tag(t) { - m_iso_8859_str = Charset::transcode(str, LOCAL_CHARSET, LATIN1_CHARSET); if(m_tag == DIRECTORY_STRING) m_tag = choose_encoding(m_iso_8859_str, "latin1"); @@ -83,11 +82,8 @@ ASN1_String::ASN1_String(const std::string& str, ASN1_Tag t) : m_tag(t) /* * Create an ASN1_String */ -ASN1_String::ASN1_String(const std::string& str) - { - m_iso_8859_str = Charset::transcode(str, LOCAL_CHARSET, LATIN1_CHARSET); - m_tag = choose_encoding(m_iso_8859_str, "latin1"); - } +ASN1_String::ASN1_String(const std::string& str) : m_iso_8859_str(Charset::transcode(str, LOCAL_CHARSET, LATIN1_CHARSET)), m_tag(choose_encoding(m_iso_8859_str, "latin1")) + {} /* * Return this string in ISO 8859-1 encoding @@ -141,7 +137,7 @@ void ASN1_String::decode_from(BER_Decoder& source) charset_is = LATIN1_CHARSET; *this = ASN1_String( - Charset::transcode(ASN1::to_string(obj), charset_is, LOCAL_CHARSET), + Charset::transcode(ASN1::to_string(obj), LOCAL_CHARSET, charset_is), obj.type_tag); } diff --git a/src/lib/asn1/asn1_str.h b/src/lib/asn1/asn1_str.h index 269b821b8..1d75ec519 100644 --- a/src/lib/asn1/asn1_str.h +++ b/src/lib/asn1/asn1_str.h @@ -26,7 +26,7 @@ class BOTAN_DLL ASN1_String final : public ASN1_Object ASN1_Tag tagging() const; - ASN1_String(const std::string& = ""); + explicit ASN1_String(const std::string& = ""); ASN1_String(const std::string&, ASN1_Tag); private: std::string m_iso_8859_str; diff --git a/src/lib/asn1/asn1_time.h b/src/lib/asn1/asn1_time.h index 269cc7983..ba5b84838 100644 --- a/src/lib/asn1/asn1_time.h +++ b/src/lib/asn1/asn1_time.h @@ -41,7 +41,7 @@ class BOTAN_DLL X509_Time final : public ASN1_Object X509_Time() {} /// Create a X509_Time from a time point - X509_Time(const std::chrono::system_clock::time_point& time); + explicit X509_Time(const std::chrono::system_clock::time_point& time); /// Create an X509_Time from string X509_Time(const std::string& t_spec, ASN1_Tag tag); diff --git a/src/lib/asn1/ber_dec.h b/src/lib/asn1/ber_dec.h index b755251c5..8a5c9ca45 100644 --- a/src/lib/asn1/ber_dec.h +++ b/src/lib/asn1/ber_dec.h @@ -157,13 +157,13 @@ class BOTAN_DLL BER_Decoder BER_Decoder& operator=(const BER_Decoder&) = delete; - BER_Decoder(DataSource&); + explicit BER_Decoder(DataSource&); BER_Decoder(const byte[], size_t); - BER_Decoder(const secure_vector<byte>&); + explicit BER_Decoder(const secure_vector<byte>&); - BER_Decoder(const std::vector<byte>& vec); + explicit BER_Decoder(const std::vector<byte>& vec); BER_Decoder(const BER_Decoder&); ~BER_Decoder(); diff --git a/src/lib/asn1/oid_lookup/oids.cpp b/src/lib/asn1/oid_lookup/oids.cpp index 0d1ab58ff..cdb863494 100644 --- a/src/lib/asn1/oid_lookup/oids.cpp +++ b/src/lib/asn1/oid_lookup/oids.cpp @@ -125,8 +125,8 @@ void OID_Map::read_cfg(std::istream& cfg, const std::string& source) const std::string oid = clean_ws(s.substr(0, eq)); const std::string name = clean_ws(s.substr(eq + 1, std::string::npos)); - m_str2oid.insert(std::make_pair(name, oid)); - m_oid2str.insert(std::make_pair(oid, name)); + m_str2oid.insert(std::make_pair(name, OID(oid))); + m_oid2str.insert(std::make_pair(OID(oid), name)); } } diff --git a/src/lib/asn1/x509_dn.h b/src/lib/asn1/x509_dn.h index dafe72f51..2b841feb6 100644 --- a/src/lib/asn1/x509_dn.h +++ b/src/lib/asn1/x509_dn.h @@ -38,8 +38,8 @@ class BOTAN_DLL X509_DN final : public ASN1_Object std::vector<byte> get_bits() const; X509_DN(); - X509_DN(const std::multimap<OID, std::string>&); - X509_DN(const std::multimap<std::string, std::string>&); + explicit X509_DN(const std::multimap<OID, std::string>&); + explicit X509_DN(const std::multimap<std::string, std::string>&); private: std::multimap<OID, ASN1_String> m_dn_info; std::vector<byte> m_dn_bits; diff --git a/src/lib/base/algo_registry.h b/src/lib/base/algo_registry.h index eebbaa4e8..ebc23bfca 100644 --- a/src/lib/base/algo_registry.h +++ b/src/lib/base/algo_registry.h @@ -11,6 +11,7 @@ #include <botan/build.h> #include <botan/types.h> #include <botan/exceptn.h> +#include <botan/scan_name.h> #include <functional> #include <mutex> #include <vector> @@ -212,7 +213,7 @@ class Algo_Registry }; template<typename T> T* -make_a(const typename T::Spec& spec, const std::string provider = "") +make_a(const typename T::Spec& spec, const std::string& provider = "") { return Algo_Registry<T>::global_registry().make(spec, provider); } @@ -257,7 +258,7 @@ make_new_T_1str_req(const typename Algo_Registry<T>::Spec& spec) template<typename T, typename X> T* make_new_T_1X(const typename Algo_Registry<T>::Spec& spec) { - std::unique_ptr<X> x(Algo_Registry<X>::global_registry().make(spec.arg(0))); + std::unique_ptr<X> x(Algo_Registry<X>::global_registry().make(Botan::SCAN_Name(spec.arg(0)))); if(!x) throw Exception(spec.arg(0)); return new T(x.release()); diff --git a/src/lib/base/init.h b/src/lib/base/init.h index 0c61eba6f..7709883af 100644 --- a/src/lib/base/init.h +++ b/src/lib/base/init.h @@ -22,7 +22,7 @@ namespace Botan { class BOTAN_DLL LibraryInitializer { public: - LibraryInitializer(const std::string& s = "") { initialize(s); } + explicit LibraryInitializer(const std::string& s = "") { initialize(s); } ~LibraryInitializer() { deinitialize(); } static void initialize(const std::string& = ""); diff --git a/src/lib/base/key_spec.h b/src/lib/base/key_spec.h index f9cdcc78d..82e0e7e6f 100644 --- a/src/lib/base/key_spec.h +++ b/src/lib/base/key_spec.h @@ -22,7 +22,7 @@ class BOTAN_DLL Key_Length_Specification * Constructor for fixed length keys * @param keylen the supported key length */ - Key_Length_Specification(size_t keylen) : + explicit Key_Length_Specification(size_t keylen) : m_min_keylen(keylen), m_max_keylen(keylen), m_keylen_mod(1) diff --git a/src/lib/base/scan_name.cpp b/src/lib/base/scan_name.cpp index 4688d0871..08f5e8702 100644 --- a/src/lib/base/scan_name.cpp +++ b/src/lib/base/scan_name.cpp @@ -70,10 +70,8 @@ SCAN_Name::SCAN_Name(const char* algo_spec) : SCAN_Name(std::string(algo_spec)) { } -SCAN_Name::SCAN_Name(std::string algo_spec) +SCAN_Name::SCAN_Name(std::string algo_spec) : m_orig_algo_spec(algo_spec), m_alg_name(), m_args(), m_mode_info() { - m_orig_algo_spec = algo_spec; - std::vector<std::pair<size_t, std::string> > name; size_t level = 0; std::pair<size_t, std::string> accum = std::make_pair(level, ""); diff --git a/src/lib/base/scan_name.h b/src/lib/base/scan_name.h index 43441e19c..d59d5889e 100644 --- a/src/lib/base/scan_name.h +++ b/src/lib/base/scan_name.h @@ -26,12 +26,12 @@ class BOTAN_DLL SCAN_Name /** * @param algo_spec A SCAN-format name */ - SCAN_Name(const char* algo_spec); + explicit SCAN_Name(const char* algo_spec); /** * @param algo_spec A SCAN-format name */ - SCAN_Name(std::string algo_spec); + explicit SCAN_Name(std::string algo_spec); /** * @param algo_spec A SCAN-format name diff --git a/src/lib/base/symkey.h b/src/lib/base/symkey.h index 3b0208e51..c780e5239 100644 --- a/src/lib/base/symkey.h +++ b/src/lib/base/symkey.h @@ -61,7 +61,7 @@ class BOTAN_DLL OctetString * Create a new OctetString * @param str is a hex encoded string */ - OctetString(const std::string& str = ""); + explicit OctetString(const std::string& str = ""); /** * Create a new random OctetString diff --git a/src/lib/block/aes/aes.cpp b/src/lib/block/aes/aes.cpp index 6cca701af..aac277b4f 100644 --- a/src/lib/block/aes/aes.cpp +++ b/src/lib/block/aes/aes.cpp @@ -345,6 +345,12 @@ void aes_key_schedule(const byte key[], size_t length, secure_vector<byte>& ME, secure_vector<byte>& MD) { + + // if length is < 4, X = 0, the first for loop is not entered and in + // the second for loop "RC[(i-X)/X]" = division by zero + // But obviously valid aes length values are only 16, 24 and 32 + BOTAN_ASSERT( length >= 4, "aes key length has valid size" ); + static const u32bit RC[10] = { 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, 0x20000000, 0x40000000, 0x80000000, 0x1B000000, 0x36000000 }; diff --git a/src/lib/block/aes_ssse3/aes_ssse3.cpp b/src/lib/block/aes_ssse3/aes_ssse3.cpp index fa0cb787c..54e8fcbd8 100644 --- a/src/lib/block/aes_ssse3/aes_ssse3.cpp +++ b/src/lib/block/aes_ssse3/aes_ssse3.cpp @@ -59,8 +59,6 @@ __m128i aes_schedule_transform(__m128i input, __m128i i_1 = _mm_and_si128(low_nibs, input); __m128i i_2 = _mm_srli_epi32(_mm_andnot_si128(low_nibs, input), 4); - input = _mm_and_si128(low_nibs, input); - return _mm_xor_si128( _mm_shuffle_epi8(table_1, i_1), _mm_shuffle_epi8(table_2, i_2)); diff --git a/src/lib/block/block_cipher.cpp b/src/lib/block/block_cipher.cpp index 7b52f8716..c70ba229d 100644 --- a/src/lib/block/block_cipher.cpp +++ b/src/lib/block/block_cipher.cpp @@ -150,7 +150,7 @@ BlockCipher::~BlockCipher() {} std::unique_ptr<BlockCipher> BlockCipher::create(const std::string& algo_spec, const std::string& provider) { - return std::unique_ptr<BlockCipher>(make_a<BlockCipher>(algo_spec, provider)); + return std::unique_ptr<BlockCipher>(make_a<BlockCipher>(Botan::BlockCipher::Spec(algo_spec), provider)); } std::vector<std::string> BlockCipher::providers(const std::string& algo_spec) diff --git a/src/lib/block/cast/cast128.cpp b/src/lib/block/cast/cast128.cpp index ce9e86794..53f7d4611 100644 --- a/src/lib/block/cast/cast128.cpp +++ b/src/lib/block/cast/cast128.cpp @@ -330,7 +330,7 @@ void CAST_128::cast_ks(secure_vector<u32bit>& K, { public: byte operator()(size_t i) { return (m_X[i/4] >> (8*(3 - (i%4)))); } - ByteReader(const u32bit* x) : m_X(x) {} + explicit ByteReader(const u32bit* x) : m_X(x) {} private: const u32bit* m_X; }; diff --git a/src/lib/block/gost_28147/gost_28147.h b/src/lib/block/gost_28147/gost_28147.h index 11f5228a6..4105154e3 100644 --- a/src/lib/block/gost_28147/gost_28147.h +++ b/src/lib/block/gost_28147/gost_28147.h @@ -63,9 +63,9 @@ class BOTAN_DLL GOST_28147_89 final : public Block_Cipher_Fixed_Params<8, 32> /** * @param params the sbox parameters to use */ - GOST_28147_89(const GOST_28147_89_Params& params); + explicit GOST_28147_89(const GOST_28147_89_Params& params); private: - GOST_28147_89(const std::vector<u32bit>& other_SBOX) : + explicit GOST_28147_89(const std::vector<u32bit>& other_SBOX) : m_SBOX(other_SBOX), m_EK(8) {} void key_schedule(const byte[], size_t) override; diff --git a/src/lib/block/rc5/rc5.h b/src/lib/block/rc5/rc5.h index 17469205f..4d9232326 100644 --- a/src/lib/block/rc5/rc5.h +++ b/src/lib/block/rc5/rc5.h @@ -29,7 +29,7 @@ class BOTAN_DLL RC5 final : public Block_Cipher_Fixed_Params<8, 1, 32> * @param rounds the number of RC5 rounds to run. Must be between * 8 and 32 and a multiple of 4. */ - RC5(size_t rounds); + explicit RC5(size_t rounds); private: void key_schedule(const byte[], size_t) override; diff --git a/src/lib/block/safer/safer_sk.h b/src/lib/block/safer/safer_sk.h index babc22eb9..af944b36c 100644 --- a/src/lib/block/safer/safer_sk.h +++ b/src/lib/block/safer/safer_sk.h @@ -29,7 +29,7 @@ class BOTAN_DLL SAFER_SK final : public Block_Cipher_Fixed_Params<8, 16> * @param rounds the number of rounds to use - must be between 1 * and 13 */ - SAFER_SK(size_t rounds); + explicit SAFER_SK(size_t rounds); private: void key_schedule(const byte[], size_t) override; diff --git a/src/lib/cert/cvc/asn1_eac_str.cpp b/src/lib/cert/cvc/asn1_eac_str.cpp index 0134399d8..72ad24926 100644 --- a/src/lib/cert/cvc/asn1_eac_str.cpp +++ b/src/lib/cert/cvc/asn1_eac_str.cpp @@ -85,7 +85,7 @@ void ASN1_EAC_String::decode_from(BER_Decoder& source) try { *this = ASN1_EAC_String( - Charset::transcode(ASN1::to_string(obj), charset_is, LOCAL_CHARSET), + Charset::transcode(ASN1::to_string(obj), LOCAL_CHARSET, charset_is), obj.type_tag); } catch(Invalid_Argument& inv_arg) diff --git a/src/lib/cert/x509/certstor.h b/src/lib/cert/x509/certstor.h index eb42c6a49..29948c709 100644 --- a/src/lib/cert/x509/certstor.h +++ b/src/lib/cert/x509/certstor.h @@ -48,9 +48,9 @@ class BOTAN_DLL Certificate_Store_In_Memory : public Certificate_Store * Attempt to parse all files in dir (including subdirectories) * as certificates. Ignores errors. */ - Certificate_Store_In_Memory(const std::string& dir); + explicit Certificate_Store_In_Memory(const std::string& dir); - Certificate_Store_In_Memory(const X509_Certificate& cert); + explicit Certificate_Store_In_Memory(const X509_Certificate& cert); Certificate_Store_In_Memory() {} @@ -74,7 +74,7 @@ class BOTAN_DLL Certificate_Store_In_Memory : public Certificate_Store class BOTAN_DLL Certificate_Store_Overlay : public Certificate_Store { public: - Certificate_Store_Overlay(const std::vector<X509_Certificate>& certs) : + explicit Certificate_Store_Overlay(const std::vector<X509_Certificate>& certs) : m_certs(certs) {} std::vector<X509_DN> all_subjects() const override; diff --git a/src/lib/cert/x509/crl_ent.h b/src/lib/cert/x509/crl_ent.h index ceefdb191..11ab34365 100644 --- a/src/lib/cert/x509/crl_ent.h +++ b/src/lib/cert/x509/crl_ent.h @@ -63,7 +63,7 @@ class BOTAN_DLL CRL_Entry final : public ASN1_Object /** * Construct an empty CRL entry. */ - CRL_Entry(bool throw_on_unknown_critical_extension = false); + explicit CRL_Entry(bool throw_on_unknown_critical_extension = false); /** * Construct an CRL entry. diff --git a/src/lib/cert/x509/pkcs10.h b/src/lib/cert/x509/pkcs10.h index 94db222cd..8c9f49d84 100644 --- a/src/lib/cert/x509/pkcs10.h +++ b/src/lib/cert/x509/pkcs10.h @@ -84,20 +84,20 @@ class BOTAN_DLL PKCS10_Request final : public X509_Object * Create a PKCS#10 Request from a data source. * @param source the data source providing the DER encoded request */ - PKCS10_Request(DataSource& source); + explicit PKCS10_Request(DataSource& source); /** * Create a PKCS#10 Request from a file. * @param filename the name of the file containing the DER or PEM * encoded request file */ - PKCS10_Request(const std::string& filename); + explicit PKCS10_Request(const std::string& filename); /** * Create a PKCS#10 Request from binary data. * @param vec a std::vector containing the DER value */ - PKCS10_Request(const std::vector<byte>& vec); + explicit PKCS10_Request(const std::vector<byte>& vec); private: void force_decode() override; void handle_attribute(const Attribute&); diff --git a/src/lib/cert/x509/x509_crl.h b/src/lib/cert/x509/x509_crl.h index 25556000d..29057e944 100644 --- a/src/lib/cert/x509/x509_crl.h +++ b/src/lib/cert/x509/x509_crl.h @@ -27,7 +27,7 @@ class BOTAN_DLL X509_CRL final : public X509_Object */ struct BOTAN_DLL X509_CRL_Error : public Exception { - X509_CRL_Error(const std::string& error) : + explicit X509_CRL_Error(const std::string& error) : Exception("X509_CRL: " + error) {} }; diff --git a/src/lib/cert/x509/x509_ext.cpp b/src/lib/cert/x509/x509_ext.cpp index 765ad1786..47fd909eb 100644 --- a/src/lib/cert/x509/x509_ext.cpp +++ b/src/lib/cert/x509/x509_ext.cpp @@ -55,14 +55,12 @@ Extensions::Extensions(const Extensions& extensions) : ASN1_Object() * Extensions Assignment Operator */ Extensions& Extensions::operator=(const Extensions& other) - { - for(size_t i = 0; i != m_extensions.size(); ++i) - delete m_extensions[i].first; + { m_extensions.clear(); for(size_t i = 0; i != other.m_extensions.size(); ++i) m_extensions.push_back( - std::make_pair(other.m_extensions[i].first->copy(), + std::make_pair(std::unique_ptr<Certificate_Extension>(other.m_extensions[i].first->copy()), other.m_extensions[i].second)); m_throw_on_unknown_critical = other.m_throw_on_unknown_critical; @@ -80,7 +78,14 @@ OID Certificate_Extension::oid_of() const void Extensions::add(Certificate_Extension* extn, bool critical) { - m_extensions.push_back(std::make_pair(extn, critical)); + m_extensions.push_back(std::make_pair(std::unique_ptr<Certificate_Extension>(extn), critical)); + m_extensions_raw.emplace(extn->oid_of(), std::make_pair(extn->encode_inner(), critical)); + } + + +std::map<OID, std::pair<std::vector<byte>, bool>> Extensions::extensions_raw() const + { + return m_extensions_raw; } /* @@ -90,7 +95,7 @@ void Extensions::encode_into(DER_Encoder& to_object) const { for(size_t i = 0; i != m_extensions.size(); ++i) { - const Certificate_Extension* ext = m_extensions[i].first; + const Certificate_Extension* ext = m_extensions[i].first.get(); const bool is_critical = m_extensions[i].second; const bool should_encode = ext->should_encode(); @@ -111,9 +116,8 @@ void Extensions::encode_into(DER_Encoder& to_object) const */ void Extensions::decode_from(BER_Decoder& from_source) { - for(size_t i = 0; i != m_extensions.size(); ++i) - delete m_extensions[i].first; m_extensions.clear(); + m_extensions_raw.clear(); BER_Decoder sequence = from_source.start_cons(SEQUENCE); @@ -130,7 +134,9 @@ void Extensions::decode_from(BER_Decoder& from_source) .verify_end() .end_cons(); - Certificate_Extension* ext = get_extension(oid); + m_extensions_raw.emplace(oid, std::make_pair(value, critical)); + + std::unique_ptr<Certificate_Extension> ext(get_extension(oid)); if(!ext && critical && m_throw_on_unknown_critical) throw Decoding_Error("Encountered unknown X.509 extension marked " @@ -148,7 +154,7 @@ void Extensions::decode_from(BER_Decoder& from_source) oid.as_string() + ": " + e.what()); } - m_extensions.push_back(std::make_pair(ext, critical)); + m_extensions.push_back(std::make_pair(std::move(ext), critical)); } } @@ -168,14 +174,6 @@ void Extensions::contents_to(Data_Store& subject_info, } } -/* -* Delete an Extensions list -*/ -Extensions::~Extensions() - { - for(size_t i = 0; i != m_extensions.size(); ++i) - delete m_extensions[i].first; - } namespace Cert_Extension { @@ -314,11 +312,8 @@ void Subject_Key_ID::contents_to(Data_Store& subject, Data_Store&) const /* * Subject_Key_ID Constructor */ -Subject_Key_ID::Subject_Key_ID(const std::vector<byte>& pub_key) - { - SHA_160 hash; - m_key_id = unlock(hash.process(pub_key)); - } +Subject_Key_ID::Subject_Key_ID(const std::vector<byte>& pub_key) : m_key_id(unlock(SHA_160().process(pub_key))) + {} /* * Encode the extension @@ -389,11 +384,10 @@ void Alternative_Name::contents_to(Data_Store& subject_info, * Alternative_Name Constructor */ Alternative_Name::Alternative_Name(const AlternativeName& alt_name, - const std::string& oid_name_str) - { - this->m_alt_name = alt_name; - this->m_oid_name_str = oid_name_str; - } + const std::string& oid_name_str) : + m_oid_name_str(oid_name_str), + m_alt_name(alt_name) + {} /* * Subject_Alternative_Name Constructor @@ -514,26 +508,28 @@ namespace { class Policy_Information : public ASN1_Object { public: - // public member variable: - OID oid; - Policy_Information() {} - Policy_Information(const OID& oid_) : oid(oid_) {} + explicit Policy_Information(const OID& oid) : m_oid(oid) {} + + const OID& oid() const { return m_oid; } void encode_into(DER_Encoder& codec) const override { codec.start_cons(SEQUENCE) - .encode(oid) + .encode(m_oid) .end_cons(); } void decode_from(BER_Decoder& codec) override { codec.start_cons(SEQUENCE) - .decode(oid) + .decode(m_oid) .discard_remaining() .end_cons(); } + + private: + OID m_oid; }; } @@ -546,7 +542,7 @@ std::vector<byte> Certificate_Policies::encode_inner() const std::vector<Policy_Information> policies; for(size_t i = 0; i != m_oids.size(); ++i) - policies.push_back(m_oids[i]); + policies.push_back(Policy_Information(m_oids[i])); return DER_Encoder() .start_cons(SEQUENCE) @@ -566,7 +562,7 @@ void Certificate_Policies::decode_inner(const std::vector<byte>& in) m_oids.clear(); for(size_t i = 0; i != policies.size(); ++i) - m_oids.push_back(policies[i].oid); + m_oids.push_back(policies[i].oid()); } /* diff --git a/src/lib/cert/x509/x509_ext.h b/src/lib/cert/x509/x509_ext.h index 64d290fc2..ac456b998 100644 --- a/src/lib/cert/x509/x509_ext.h +++ b/src/lib/cert/x509/x509_ext.h @@ -67,16 +67,20 @@ class BOTAN_DLL Extensions : public ASN1_Object void add(Certificate_Extension* extn, bool critical = false); + std::map<OID, std::pair<std::vector<byte>, bool>> extensions_raw() const; + Extensions& operator=(const Extensions&); Extensions(const Extensions&); - Extensions(bool st = true) : m_throw_on_unknown_critical(st) {} - ~Extensions(); + + explicit Extensions(bool st = true) : m_throw_on_unknown_critical(st) {} + private: static Certificate_Extension* get_extension(const OID&); - std::vector<std::pair<Certificate_Extension*, bool> > m_extensions; + std::vector<std::pair<std::unique_ptr<Certificate_Extension>, bool>> m_extensions; bool m_throw_on_unknown_critical; + std::map<OID, std::pair<std::vector<byte>, bool>> m_extensions_raw; }; namespace Cert_Extension { @@ -117,7 +121,7 @@ class BOTAN_DLL Key_Usage final : public Certificate_Extension public: Key_Usage* copy() const override { return new Key_Usage(m_constraints); } - Key_Usage(Key_Constraints c = NO_CONSTRAINTS) : m_constraints(c) {} + explicit Key_Usage(Key_Constraints c = NO_CONSTRAINTS) : m_constraints(c) {} Key_Constraints get_constraints() const { return m_constraints; } private: @@ -142,7 +146,7 @@ class BOTAN_DLL Subject_Key_ID final : public Certificate_Extension { return new Subject_Key_ID(m_key_id); } Subject_Key_ID() {} - Subject_Key_ID(const std::vector<byte>&); + explicit Subject_Key_ID(const std::vector<byte>&); std::vector<byte> get_key_id() const { return m_key_id; } private: @@ -167,7 +171,7 @@ class BOTAN_DLL Authority_Key_ID final : public Certificate_Extension { return new Authority_Key_ID(m_key_id); } Authority_Key_ID() {} - Authority_Key_ID(const std::vector<byte>& k) : m_key_id(k) {} + explicit Authority_Key_ID(const std::vector<byte>& k) : m_key_id(k) {} std::vector<byte> get_key_id() const { return m_key_id; } private: @@ -215,7 +219,7 @@ class BOTAN_DLL Subject_Alternative_Name : public Alternative_Name Subject_Alternative_Name* copy() const override { return new Subject_Alternative_Name(get_alt_name()); } - Subject_Alternative_Name(const AlternativeName& = AlternativeName()); + explicit Subject_Alternative_Name(const AlternativeName& = AlternativeName()); }; /** @@ -227,7 +231,7 @@ class BOTAN_DLL Issuer_Alternative_Name : public Alternative_Name Issuer_Alternative_Name* copy() const override { return new Issuer_Alternative_Name(get_alt_name()); } - Issuer_Alternative_Name(const AlternativeName& = AlternativeName()); + explicit Issuer_Alternative_Name(const AlternativeName& = AlternativeName()); }; /** @@ -240,7 +244,7 @@ class BOTAN_DLL Extended_Key_Usage final : public Certificate_Extension { return new Extended_Key_Usage(m_oids); } Extended_Key_Usage() {} - Extended_Key_Usage(const std::vector<OID>& o) : m_oids(o) {} + explicit Extended_Key_Usage(const std::vector<OID>& o) : m_oids(o) {} std::vector<OID> get_oids() const { return m_oids; } private: @@ -288,7 +292,7 @@ class BOTAN_DLL Certificate_Policies final : public Certificate_Extension { return new Certificate_Policies(m_oids); } Certificate_Policies() {} - Certificate_Policies(const std::vector<OID>& o) : m_oids(o) {} + explicit Certificate_Policies(const std::vector<OID>& o) : m_oids(o) {} std::vector<OID> get_oids() const { return m_oids; } private: @@ -311,7 +315,7 @@ class BOTAN_DLL Authority_Information_Access final : public Certificate_Extensio Authority_Information_Access() {} - Authority_Information_Access(const std::string& ocsp) : + explicit Authority_Information_Access(const std::string& ocsp) : m_ocsp_responder(ocsp) {} private: @@ -361,7 +365,7 @@ class BOTAN_DLL CRL_ReasonCode final : public Certificate_Extension CRL_ReasonCode* copy() const override { return new CRL_ReasonCode(m_reason); } - CRL_ReasonCode(CRL_Code r = UNSPECIFIED) : m_reason(r) {} + explicit CRL_ReasonCode(CRL_Code r = UNSPECIFIED) : m_reason(r) {} CRL_Code get_reason() const { return m_reason; } private: @@ -397,7 +401,7 @@ class BOTAN_DLL CRL_Distribution_Points final : public Certificate_Extension CRL_Distribution_Points() {} - CRL_Distribution_Points(const std::vector<Distribution_Point>& points) : + explicit CRL_Distribution_Points(const std::vector<Distribution_Point>& points) : m_distribution_points(points) {} std::vector<Distribution_Point> distribution_points() const diff --git a/src/lib/cert/x509/x509cert.cpp b/src/lib/cert/x509/x509cert.cpp index 73aa02cf3..959cddb53 100644 --- a/src/lib/cert/x509/x509cert.cpp +++ b/src/lib/cert/x509/x509cert.cpp @@ -124,6 +124,7 @@ void X509_Certificate::force_decode() BER_Decoder(v3_exts_data.value).decode(extensions).verify_end(); + m_v3_extensions = extensions.extensions_raw(); extensions.contents_to(m_subject, m_issuer); } else if(v3_exts_data.type_tag != NO_OBJECT) @@ -331,6 +332,11 @@ std::vector<std::string> X509_Certificate::policies() const return lookup_oids(m_subject.get("X509v3.CertificatePolicies")); } +std::map<OID, std::pair<std::vector<byte>, bool>> X509_Certificate::v3_extensions() const + { + return m_v3_extensions; + } + std::string X509_Certificate::ocsp_responder() const { return m_subject.get1("OCSP.responder", ""); diff --git a/src/lib/cert/x509/x509cert.h b/src/lib/cert/x509/x509cert.h index aa910f665..54d82b1b4 100644 --- a/src/lib/cert/x509/x509cert.h +++ b/src/lib/cert/x509/x509cert.h @@ -191,6 +191,12 @@ class BOTAN_DLL X509_Certificate final : public X509_Object std::vector<std::string> policies() const; /** + * Get all extensions of this certificate indexed by oid. + * @return extension values and critical flag + */ + std::map<OID, std::pair<std::vector<byte>, bool>> v3_extensions() const; + + /** * Return the listed address of an OCSP responder, or empty if not set */ std::string ocsp_responder() const; @@ -233,16 +239,16 @@ class BOTAN_DLL X509_Certificate final : public X509_Object * PEM encoded certificate. * @param source the data source */ - X509_Certificate(DataSource& source); + explicit X509_Certificate(DataSource& source); /** * Create a certificate from a file containing the DER or PEM * encoded certificate. * @param filename the name of the certificate file */ - X509_Certificate(const std::string& filename); + explicit X509_Certificate(const std::string& filename); - X509_Certificate(const std::vector<byte>& in); + explicit X509_Certificate(const std::vector<byte>& in); private: void force_decode() override; @@ -253,6 +259,7 @@ class BOTAN_DLL X509_Certificate final : public X509_Object Data_Store m_subject, m_issuer; bool m_self_signed; + std::map<OID, std::pair<std::vector<byte>, bool>> m_v3_extensions; }; /** diff --git a/src/lib/cert/x509/x509path.h b/src/lib/cert/x509/x509path.h index 08d92915d..b7061685a 100644 --- a/src/lib/cert/x509/x509path.h +++ b/src/lib/cert/x509/x509path.h @@ -120,7 +120,7 @@ class BOTAN_DLL Path_Validation_Result Path_Validation_Result(std::vector<std::set<Certificate_Status_Code>> status, std::vector<X509_Certificate>&& cert_chain); - Path_Validation_Result(Certificate_Status_Code status) : m_overall(status) {} + explicit Path_Validation_Result(Certificate_Status_Code status) : m_overall(status) {} private: friend Path_Validation_Result BOTAN_DLL x509_path_validate( diff --git a/src/lib/compression/bzip2/bzip2.cpp b/src/lib/compression/bzip2/bzip2.cpp index 09cd05919..d9ada84f6 100644 --- a/src/lib/compression/bzip2/bzip2.cpp +++ b/src/lib/compression/bzip2/bzip2.cpp @@ -37,7 +37,7 @@ class Bzip2_Stream : public Zlib_Style_Stream<bz_stream, char> class Bzip2_Compression_Stream : public Bzip2_Stream { public: - Bzip2_Compression_Stream(size_t block_size) + explicit Bzip2_Compression_Stream(size_t block_size) { int rc = BZ2_bzCompressInit(streamp(), block_size, 0, 0); diff --git a/src/lib/compression/compression.cpp b/src/lib/compression/compression.cpp index 178de245f..54faec7b8 100644 --- a/src/lib/compression/compression.cpp +++ b/src/lib/compression/compression.cpp @@ -56,7 +56,7 @@ void Compression_Alloc_Info::do_free(void* ptr) namespace { -Compressor_Transform* do_make_compressor(const std::string& type, const std::string suffix) +Compressor_Transform* do_make_compressor(const std::string& type, const std::string& suffix) { const std::map<std::string, std::string> trans{ {"zlib", "Zlib"}, diff --git a/src/lib/compression/lzma/lzma.cpp b/src/lib/compression/lzma/lzma.cpp index 5998d1c8c..3cc03a098 100644 --- a/src/lib/compression/lzma/lzma.cpp +++ b/src/lib/compression/lzma/lzma.cpp @@ -56,7 +56,7 @@ class LZMA_Stream : public Zlib_Style_Stream<lzma_stream, byte> class LZMA_Compression_Stream : public LZMA_Stream { public: - LZMA_Compression_Stream(size_t level) + explicit LZMA_Compression_Stream(size_t level) { lzma_ret rc = ::lzma_easy_encoder(streamp(), level, LZMA_CHECK_CRC64); diff --git a/src/lib/compression/zlib/zlib.cpp b/src/lib/compression/zlib/zlib.cpp index 8e1928826..6df5ee931 100644 --- a/src/lib/compression/zlib/zlib.cpp +++ b/src/lib/compression/zlib/zlib.cpp @@ -115,7 +115,7 @@ class Deflate_Compression_Stream : public Zlib_Compression_Stream class Deflate_Decompression_Stream : public Zlib_Decompression_Stream { public: - Deflate_Decompression_Stream(int wbits) : Zlib_Decompression_Stream(wbits, -1) {} + explicit Deflate_Decompression_Stream(int wbits) : Zlib_Decompression_Stream(wbits, -1) {} }; class Gzip_Compression_Stream : public Zlib_Compression_Stream @@ -140,7 +140,7 @@ class Gzip_Compression_Stream : public Zlib_Compression_Stream class Gzip_Decompression_Stream : public Zlib_Decompression_Stream { public: - Gzip_Decompression_Stream(int wbits) : Zlib_Decompression_Stream(wbits, 16) {} + explicit Gzip_Decompression_Stream(int wbits) : Zlib_Decompression_Stream(wbits, 16) {} }; } diff --git a/src/lib/entropy/cryptoapi_rng/es_capi.cpp b/src/lib/entropy/cryptoapi_rng/es_capi.cpp index 8d682698a..c9d8fb7c4 100644 --- a/src/lib/entropy/cryptoapi_rng/es_capi.cpp +++ b/src/lib/entropy/cryptoapi_rng/es_capi.cpp @@ -19,7 +19,7 @@ namespace { class CSP_Handle { public: - CSP_Handle(u64bit capi_provider) + explicit CSP_Handle(u64bit capi_provider) { m_valid = false; DWORD prov_type = (DWORD)capi_provider; diff --git a/src/lib/entropy/cryptoapi_rng/es_capi.h b/src/lib/entropy/cryptoapi_rng/es_capi.h index a43d5a7f2..b1c60bfa1 100644 --- a/src/lib/entropy/cryptoapi_rng/es_capi.h +++ b/src/lib/entropy/cryptoapi_rng/es_capi.h @@ -27,7 +27,7 @@ class Win32_CAPI_EntropySource final : public Entropy_Source * Win32_Capi_Entropysource Constructor * @param provs list of providers, separated by ':' */ - Win32_CAPI_EntropySource(const std::string& provs = ""); + explicit Win32_CAPI_EntropySource(const std::string& provs = ""); private: std::vector<u64bit> m_prov_types; }; diff --git a/src/lib/entropy/entropy_src.h b/src/lib/entropy/entropy_src.h index 3bcd8c68d..539df809a 100644 --- a/src/lib/entropy/entropy_src.h +++ b/src/lib/entropy/entropy_src.h @@ -30,7 +30,7 @@ class BOTAN_DLL Entropy_Accumulator final * still be called again a few more times, and should be careful to return * true then as well. */ - Entropy_Accumulator(std::function<bool (const byte[], size_t, double)> accum) : + explicit Entropy_Accumulator(std::function<bool (const byte[], size_t, double)> accum) : m_accum_fn(accum) {} /** @@ -113,7 +113,7 @@ class BOTAN_DLL Entropy_Sources final bool poll_just(Entropy_Accumulator& accum, const std::string& src); Entropy_Sources() {} - Entropy_Sources(const std::vector<std::string>& sources); + explicit Entropy_Sources(const std::vector<std::string>& sources); ~Entropy_Sources(); private: diff --git a/src/lib/entropy/proc_walk/proc_walk.cpp b/src/lib/entropy/proc_walk/proc_walk.cpp index 7ef6a8e26..c59a8227b 100644 --- a/src/lib/entropy/proc_walk/proc_walk.cpp +++ b/src/lib/entropy/proc_walk/proc_walk.cpp @@ -28,7 +28,7 @@ namespace { class Directory_Walker : public File_Descriptor_Source { public: - Directory_Walker(const std::string& root) : + explicit Directory_Walker(const std::string& root) : m_cur_dir(std::make_pair<DIR*, std::string>(nullptr, "")) { if(DIR* root_dir = ::opendir(root.c_str())) diff --git a/src/lib/entropy/rdrand/rdrand.cpp b/src/lib/entropy/rdrand/rdrand.cpp index 24fe98cf8..89234b460 100644 --- a/src/lib/entropy/rdrand/rdrand.cpp +++ b/src/lib/entropy/rdrand/rdrand.cpp @@ -1,12 +1,14 @@ /* * Entropy Source Using Intel's rdrand instruction * (C) 2012,2015 Jack Lloyd +* (C) 2015 Daniel Neus * * Botan is released under the Simplified BSD License (see license.txt) */ #include <botan/internal/rdrand.h> #include <botan/cpuid.h> +#include <botan/build.h> #if !defined(BOTAN_USE_GCC_INLINE_ASM) #include <immintrin.h> @@ -14,32 +16,31 @@ namespace Botan { -/* -* Get the timestamp -*/ -void Intel_Rdrand::poll(Entropy_Accumulator& accum) - { +void Intel_Rdrand::poll(Entropy_Accumulator& accum) { if(!CPUID::has_rdrand()) return; - const size_t RDRAND_POLLS = 32; - - for(size_t i = 0; i != RDRAND_POLLS; ++i) + for(size_t p = 0; p != BOTAN_ENTROPY_INTEL_RNG_POLLS; ++p) { - unsigned int r = 0; + for(size_t i = 0; i != BOTAN_ENTROPY_RDRAND_RETRIES; ++i) + { + uint32_t r = 0; #if defined(BOTAN_USE_GCC_INLINE_ASM) - int cf = 0; + int cf = 0; - // Encoding of rdrand %eax - asm(".byte 0x0F, 0xC7, 0xF0; adcl $0,%1" : - "=a" (r), "=r" (cf) : "0" (r), "1" (cf) : "cc"); + // Encoding of rdrand %eax + asm(".byte 0x0F, 0xC7, 0xF0; adcl $0,%1" : + "=a" (r), "=r" (cf) : "0" (r), "1" (cf) : "cc"); #else - int cf = _rdrand32_step(&r); + int cf = _rdrand32_step(&r); #endif - - if(cf == 1) - accum.add(r, BOTAN_ENTROPY_ESTIMATE_HARDWARE_RNG); + if(1 == cf) + { + accum.add(r, BOTAN_ENTROPY_ESTIMATE_HARDWARE_RNG); + break; + } + } } } diff --git a/src/lib/entropy/rdseed/rdseed.cpp b/src/lib/entropy/rdseed/rdseed.cpp index 91306769d..2ba2075cc 100644 --- a/src/lib/entropy/rdseed/rdseed.cpp +++ b/src/lib/entropy/rdseed/rdseed.cpp @@ -7,6 +7,7 @@ #include <botan/internal/rdseed.h> #include <botan/cpuid.h> +#include <botan/build.h> #if !defined(BOTAN_USE_GCC_INLINE_ASM) #include <immintrin.h> @@ -14,32 +15,31 @@ namespace Botan { -/* -* Get the timestamp -*/ -void Intel_Rdseed::poll(Entropy_Accumulator& accum) - { +void Intel_Rdseed::poll(Entropy_Accumulator& accum) { if(!CPUID::has_rdseed()) return; - const size_t RDSEED_POLLS = 32; - - for(size_t i = 0; i != RDSEED_POLLS; ++i) + for(size_t p = 0; p != BOTAN_ENTROPY_INTEL_RNG_POLLS; ++p) { - unsigned int r = 0; + for(size_t i = 0; i != BOTAN_ENTROPY_RDSEED_RETRIES; ++i) + { + uint32_t r = 0; #if defined(BOTAN_USE_GCC_INLINE_ASM) - int cf = 0; + int cf = 0; - // Encoding of rdseed %eax - asm(".byte 0x0F, 0xC7, 0xF8; adcl $0,%1" : - "=a" (r), "=r" (cf) : "0" (r), "1" (cf) : "cc"); + // Encoding of rdseed %eax + asm(".byte 0x0F, 0xC7, 0xF8; adcl $0,%1" : + "=a" (r), "=r" (cf) : "0" (r), "1" (cf) : "cc"); #else - int cf = _rdseed32_step(&r); + int cf = _rdseed32_step(&r); #endif - - if(cf == 1) - accum.add(r, BOTAN_ENTROPY_ESTIMATE_HARDWARE_RNG); + if(1 == cf) + { + accum.add(r, BOTAN_ENTROPY_ESTIMATE_HARDWARE_RNG); + break; + } + } } } diff --git a/src/lib/entropy/win32_stats/es_win32.cpp b/src/lib/entropy/win32_stats/es_win32.cpp index 7cb0988db..ce0edea83 100644 --- a/src/lib/entropy/win32_stats/es_win32.cpp +++ b/src/lib/entropy/win32_stats/es_win32.cpp @@ -72,7 +72,6 @@ void Win32_EntropySource::poll(Entropy_Accumulator& accum) if(!accum.polling_finished()) { - size_t heap_lists_found = 0; HEAPLIST32 heap_list; heap_list.dwSize = sizeof(HEAPLIST32); @@ -81,6 +80,7 @@ void Win32_EntropySource::poll(Entropy_Accumulator& accum) if(Heap32ListFirst(snapshot, &heap_list)) { + size_t heap_lists_found = 0; do { accum.add(heap_list, BOTAN_ENTROPY_ESTIMATE_SYSTEM_DATA); @@ -88,12 +88,12 @@ void Win32_EntropySource::poll(Entropy_Accumulator& accum) if(++heap_lists_found > HEAP_LISTS_MAX) break; - size_t heap_objs_found = 0; HEAPENTRY32 heap_entry; heap_entry.dwSize = sizeof(HEAPENTRY32); if(Heap32First(&heap_entry, heap_list.th32ProcessID, heap_list.th32HeapID)) { + size_t heap_objs_found = 0; do { if(heap_objs_found++ > HEAP_OBJS_PER_LIST) diff --git a/src/lib/ffi/ffi.cpp b/src/lib/ffi/ffi.cpp index 621195ea3..11084ae50 100644 --- a/src/lib/ffi/ffi.cpp +++ b/src/lib/ffi/ffi.cpp @@ -65,7 +65,7 @@ namespace { class FFI_Error : public Botan::Exception { public: - FFI_Error(const std::string& what) : Exception("FFI error", what) {} + explicit FFI_Error(const std::string& what) : Exception("FFI error", what) {} }; template<typename T, uint32_t MAGIC> diff --git a/src/lib/filters/codec_filt/b64_filt.h b/src/lib/filters/codec_filt/b64_filt.h index 8761cc327..f1879fb71 100644 --- a/src/lib/filters/codec_filt/b64_filt.h +++ b/src/lib/filters/codec_filt/b64_filt.h @@ -76,7 +76,7 @@ class BOTAN_DLL Base64_Decoder final : public Filter * @param checking the type of checking that shall be performed by * the decoder */ - Base64_Decoder(Decoder_Checking checking = NONE); + explicit Base64_Decoder(Decoder_Checking checking = NONE); private: const Decoder_Checking m_checking; std::vector<byte> m_in, m_out; diff --git a/src/lib/filters/codec_filt/hex_filt.h b/src/lib/filters/codec_filt/hex_filt.h index cb06d223f..f8a35b8b9 100644 --- a/src/lib/filters/codec_filt/hex_filt.h +++ b/src/lib/filters/codec_filt/hex_filt.h @@ -33,7 +33,7 @@ class BOTAN_DLL Hex_Encoder final : public Filter * Create a hex encoder. * @param the_case the case to use in the encoded strings. */ - Hex_Encoder(Case the_case); + explicit Hex_Encoder(Case the_case); /** * Create a hex encoder. @@ -69,7 +69,7 @@ class BOTAN_DLL Hex_Decoder final : public Filter * character checking. * @param checking the checking to use during decoding. */ - Hex_Decoder(Decoder_Checking checking = NONE); + explicit Hex_Decoder(Decoder_Checking checking = NONE); private: const Decoder_Checking m_checking; std::vector<byte> m_in, m_out; diff --git a/src/lib/filters/filter.cpp b/src/lib/filters/filter.cpp index 18ea02b9e..6ae713314 100644 --- a/src/lib/filters/filter.cpp +++ b/src/lib/filters/filter.cpp @@ -6,7 +6,6 @@ */ #include <botan/filter.h> -#include <botan/secqueue.h> #include <botan/exceptn.h> namespace Botan { diff --git a/src/lib/filters/filters.h b/src/lib/filters/filters.h index 7a527dde0..4f559587f 100644 --- a/src/lib/filters/filters.h +++ b/src/lib/filters/filters.h @@ -67,7 +67,7 @@ class BOTAN_DLL StreamCipher_Filter : public Keyed_Filter * Construct a stream cipher filter. * @param cipher a cipher object to use */ - StreamCipher_Filter(StreamCipher* cipher); + explicit StreamCipher_Filter(StreamCipher* cipher); /** * Construct a stream cipher filter. @@ -80,7 +80,7 @@ class BOTAN_DLL StreamCipher_Filter : public Keyed_Filter * Construct a stream cipher filter. * @param cipher the name of the desired cipher */ - StreamCipher_Filter(const std::string& cipher); + explicit StreamCipher_Filter(const std::string& cipher); /** * Construct a stream cipher filter. diff --git a/src/lib/filters/pipe.h b/src/lib/filters/pipe.h index 23e5b4c8d..286484a81 100644 --- a/src/lib/filters/pipe.h +++ b/src/lib/filters/pipe.h @@ -297,7 +297,7 @@ class BOTAN_DLL Pipe final : public DataSource * Construct a Pipe from a list of filters * @param filters the set of filters to use */ - Pipe(std::initializer_list<Filter*> filters); + explicit Pipe(std::initializer_list<Filter*> filters); Pipe(const Pipe&) = delete; Pipe& operator=(const Pipe&) = delete; diff --git a/src/lib/filters/pipe_rw.cpp b/src/lib/filters/pipe_rw.cpp index 4d31f43f5..646752e7c 100644 --- a/src/lib/filters/pipe_rw.cpp +++ b/src/lib/filters/pipe_rw.cpp @@ -8,7 +8,6 @@ #include <botan/pipe.h> #include <botan/internal/out_buf.h> -#include <botan/secqueue.h> namespace Botan { diff --git a/src/lib/filters/secqueue.cpp b/src/lib/filters/secqueue.cpp index 4546ae398..6f4070813 100644 --- a/src/lib/filters/secqueue.cpp +++ b/src/lib/filters/secqueue.cpp @@ -104,6 +104,7 @@ void SecureQueue::destroy() SecureQueue& SecureQueue::operator=(const SecureQueue& input) { destroy(); + m_bytes_read = input.get_bytes_read(); m_head = m_tail = new SecureQueueNode; SecureQueueNode* temp = input.m_head; while(temp) diff --git a/src/lib/filters/transform_filter.h b/src/lib/filters/transform_filter.h index 3dd68405b..2ecc5cecb 100644 --- a/src/lib/filters/transform_filter.h +++ b/src/lib/filters/transform_filter.h @@ -21,7 +21,7 @@ class BOTAN_DLL Transform_Filter : public Keyed_Filter, private Buffered_Filter { public: - Transform_Filter(Transform* t); + explicit Transform_Filter(Transform* t); void set_iv(const InitializationVector& iv) override; @@ -49,7 +49,7 @@ class BOTAN_DLL Transform_Filter : public Keyed_Filter, class Nonce_State { public: - Nonce_State(bool allow_null_nonce) : m_fresh_nonce(allow_null_nonce) {} + explicit Nonce_State(bool allow_null_nonce) : m_fresh_nonce(allow_null_nonce) {} void update(const InitializationVector& iv); std::vector<byte> get(); diff --git a/src/lib/hash/blake2/blake2b.h b/src/lib/hash/blake2/blake2b.h index efe0d34f4..290db10f0 100644 --- a/src/lib/hash/blake2/blake2b.h +++ b/src/lib/hash/blake2/blake2b.h @@ -29,7 +29,7 @@ class BOTAN_DLL Blake2b final : public HashFunction /** * @param output_bits the output size of Blake2b in bits */ - Blake2b(size_t output_bits = 512); + explicit Blake2b(size_t output_bits = 512); size_t hash_block_size() const override { return BLAKE2B_BLOCKBYTES; } size_t output_length() const override { return m_output_bits / 8; } diff --git a/src/lib/hash/hash.cpp b/src/lib/hash/hash.cpp index b6a7ca50d..9a15c7998 100644 --- a/src/lib/hash/hash.cpp +++ b/src/lib/hash/hash.cpp @@ -98,7 +98,7 @@ namespace Botan { std::unique_ptr<HashFunction> HashFunction::create(const std::string& algo_spec, const std::string& provider) { - return std::unique_ptr<HashFunction>(make_a<HashFunction>(algo_spec, provider)); + return std::unique_ptr<HashFunction>(make_a<HashFunction>(Botan::HashFunction::Spec(algo_spec), provider)); } std::vector<std::string> HashFunction::providers(const std::string& algo_spec) diff --git a/src/lib/hash/keccak/keccak.h b/src/lib/hash/keccak/keccak.h index 7929dd502..a73595d6a 100644 --- a/src/lib/hash/keccak/keccak.h +++ b/src/lib/hash/keccak/keccak.h @@ -25,7 +25,7 @@ class BOTAN_DLL Keccak_1600 final : public HashFunction * @param output_bits the size of the hash output; must be one of * 224, 256, 384, or 512 */ - Keccak_1600(size_t output_bits = 512); + explicit Keccak_1600(size_t output_bits = 512); size_t hash_block_size() const override { return m_bitrate / 8; } size_t output_length() const override { return m_output_bits / 8; } diff --git a/src/lib/hash/md2/md2.h b/src/lib/hash/md2/md2.h index ab29a49cb..58629495a 100644 --- a/src/lib/hash/md2/md2.h +++ b/src/lib/hash/md2/md2.h @@ -25,7 +25,7 @@ class BOTAN_DLL MD2 final : public HashFunction void clear() override; - MD2() : m_X(48), m_checksum(16), m_buffer(16) + MD2() : m_X(48), m_checksum(16), m_buffer(16), m_position(0) { clear(); } private: void add_data(const byte[], size_t) override; diff --git a/src/lib/hash/par_hash/par_hash.h b/src/lib/hash/par_hash/par_hash.h index b0e2ff828..3a93f4e8e 100644 --- a/src/lib/hash/par_hash/par_hash.h +++ b/src/lib/hash/par_hash/par_hash.h @@ -28,7 +28,7 @@ class BOTAN_DLL Parallel final : public HashFunction /** * @param hashes a set of hashes to compute in parallel */ - Parallel(const std::vector<HashFunction*>& hashes); + explicit Parallel(const std::vector<HashFunction*>& hashes); Parallel(const Parallel&) = delete; Parallel& operator=(const Parallel&) = delete; diff --git a/src/lib/hash/sha1/sha160.h b/src/lib/hash/sha1/sha160.h index 2f5d9b16e..b4a161c14 100644 --- a/src/lib/hash/sha1/sha160.h +++ b/src/lib/hash/sha1/sha160.h @@ -35,7 +35,7 @@ class BOTAN_DLL SHA_160 : public MDx_HashFunction * constraints * @param W_size how big to make W */ - SHA_160(size_t W_size) : + explicit SHA_160(size_t W_size) : MDx_HashFunction(64, true, true), m_digest(5), m_W(W_size) { clear(); diff --git a/src/lib/kdf/hkdf/hkdf.h b/src/lib/kdf/hkdf/hkdf.h index d4e4006ca..3e3e2b73a 100644 --- a/src/lib/kdf/hkdf/hkdf.h +++ b/src/lib/kdf/hkdf/hkdf.h @@ -21,7 +21,7 @@ namespace Botan { class BOTAN_DLL HKDF final : public KDF { public: - HKDF(MessageAuthenticationCode* prf) : m_prf(prf) {} + explicit HKDF(MessageAuthenticationCode* prf) : m_prf(prf) {} static HKDF* make(const Spec& spec); diff --git a/src/lib/kdf/kdf.cpp b/src/lib/kdf/kdf.cpp index cf13c4803..45ee165e0 100644 --- a/src/lib/kdf/kdf.cpp +++ b/src/lib/kdf/kdf.cpp @@ -48,7 +48,7 @@ KDF::~KDF() {} std::unique_ptr<KDF> KDF::create(const std::string& algo_spec, const std::string& provider) { - return std::unique_ptr<KDF>(make_a<KDF>(algo_spec, provider)); + return std::unique_ptr<KDF>(make_a<KDF>(Botan::KDF::Spec(algo_spec), provider)); } std::vector<std::string> KDF::providers(const std::string& algo_spec) diff --git a/src/lib/kdf/kdf1/kdf1.h b/src/lib/kdf/kdf1/kdf1.h index 2697685ac..adaa84894 100644 --- a/src/lib/kdf/kdf1/kdf1.h +++ b/src/lib/kdf/kdf1/kdf1.h @@ -27,7 +27,7 @@ class BOTAN_DLL KDF1 final : public KDF const byte secret[], size_t secret_len, const byte salt[], size_t salt_len) const override; - KDF1(HashFunction* h) : m_hash(h) {} + explicit KDF1(HashFunction* h) : m_hash(h) {} private: std::unique_ptr<HashFunction> m_hash; }; diff --git a/src/lib/kdf/kdf2/kdf2.h b/src/lib/kdf/kdf2/kdf2.h index ad62ed301..7403df21c 100644 --- a/src/lib/kdf/kdf2/kdf2.h +++ b/src/lib/kdf/kdf2/kdf2.h @@ -27,7 +27,7 @@ class BOTAN_DLL KDF2 final : public KDF const byte secret[], size_t secret_len, const byte salt[], size_t salt_len) const override; - KDF2(HashFunction* h) : m_hash(h) {} + explicit KDF2(HashFunction* h) : m_hash(h) {} private: std::unique_ptr<HashFunction> m_hash; }; diff --git a/src/lib/kdf/prf_tls/prf_tls.h b/src/lib/kdf/prf_tls/prf_tls.h index f000484a7..a51006d88 100644 --- a/src/lib/kdf/prf_tls/prf_tls.h +++ b/src/lib/kdf/prf_tls/prf_tls.h @@ -47,7 +47,7 @@ class BOTAN_DLL TLS_12_PRF final : public KDF const byte secret[], size_t secret_len, const byte salt[], size_t salt_len) const override; - TLS_12_PRF(MessageAuthenticationCode* mac) : m_mac(mac) {} + explicit TLS_12_PRF(MessageAuthenticationCode* mac) : m_mac(mac) {} static TLS_12_PRF* make(const Spec& spec); private: diff --git a/src/lib/kdf/prf_x942/prf_x942.h b/src/lib/kdf/prf_x942/prf_x942.h index f31036649..c15be9845 100644 --- a/src/lib/kdf/prf_x942/prf_x942.h +++ b/src/lib/kdf/prf_x942/prf_x942.h @@ -26,7 +26,7 @@ class BOTAN_DLL X942_PRF final : public KDF const byte secret[], size_t secret_len, const byte salt[], size_t salt_len) const override; - X942_PRF(const std::string& oid); + explicit X942_PRF(const std::string& oid); private: std::string m_key_wrap_oid; }; diff --git a/src/lib/mac/cbc_mac/cbc_mac.h b/src/lib/mac/cbc_mac/cbc_mac.h index 06d1dc852..cd2ebd18f 100644 --- a/src/lib/mac/cbc_mac/cbc_mac.h +++ b/src/lib/mac/cbc_mac/cbc_mac.h @@ -32,7 +32,7 @@ class BOTAN_DLL CBC_MAC final : public MessageAuthenticationCode /** * @param cipher the underlying block cipher to use */ - CBC_MAC(BlockCipher* cipher); + explicit CBC_MAC(BlockCipher* cipher); static CBC_MAC* make(const Spec& spec); private: diff --git a/src/lib/mac/cmac/cmac.h b/src/lib/mac/cmac/cmac.h index 5a38de28d..0e973b79d 100644 --- a/src/lib/mac/cmac/cmac.h +++ b/src/lib/mac/cmac/cmac.h @@ -40,7 +40,7 @@ class BOTAN_DLL CMAC final : public MessageAuthenticationCode /** * @param cipher the underlying block cipher to use */ - CMAC(BlockCipher* cipher); + explicit CMAC(BlockCipher* cipher); static CMAC* make(const Spec& spec); diff --git a/src/lib/mac/hmac/hmac.h b/src/lib/mac/hmac/hmac.h index 5154739d2..654a167e7 100644 --- a/src/lib/mac/hmac/hmac.h +++ b/src/lib/mac/hmac/hmac.h @@ -34,7 +34,7 @@ class BOTAN_DLL HMAC final : public MessageAuthenticationCode /** * @param hash the hash to use for HMACing */ - HMAC(HashFunction* hash); + explicit HMAC(HashFunction* hash); static HMAC* make(const Spec& spec); diff --git a/src/lib/mac/mac.cpp b/src/lib/mac/mac.cpp index 8c1185c55..a3917141d 100644 --- a/src/lib/mac/mac.cpp +++ b/src/lib/mac/mac.cpp @@ -38,7 +38,7 @@ namespace Botan { std::unique_ptr<MessageAuthenticationCode> MessageAuthenticationCode::create(const std::string& algo_spec, const std::string& provider) { - return std::unique_ptr<MessageAuthenticationCode>(make_a<MessageAuthenticationCode>(algo_spec, provider)); + return std::unique_ptr<MessageAuthenticationCode>(make_a<MessageAuthenticationCode>(MessageAuthenticationCode::Spec(algo_spec), provider)); } std::vector<std::string> MessageAuthenticationCode::providers(const std::string& algo_spec) diff --git a/src/lib/mac/mac.h b/src/lib/mac/mac.h index 90ef4db15..fe3388f3b 100644 --- a/src/lib/mac/mac.h +++ b/src/lib/mac/mac.h @@ -53,6 +53,8 @@ class BOTAN_DLL MessageAuthenticationCode : public Buffered_Computation, virtual MessageAuthenticationCode* clone() const = 0; }; +typedef MessageAuthenticationCode MAC; + } #endif diff --git a/src/lib/math/ec_gfp/point_gfp.h b/src/lib/math/ec_gfp/point_gfp.h index 206e43155..c64963683 100644 --- a/src/lib/math/ec_gfp/point_gfp.h +++ b/src/lib/math/ec_gfp/point_gfp.h @@ -21,7 +21,7 @@ namespace Botan { */ struct BOTAN_DLL Illegal_Transformation : public Exception { - Illegal_Transformation(const std::string& err = + explicit Illegal_Transformation(const std::string& err = "Requested transformation is not possible") : Exception(err) {} }; @@ -31,7 +31,7 @@ struct BOTAN_DLL Illegal_Transformation : public Exception */ struct BOTAN_DLL Illegal_Point : public Exception { - Illegal_Point(const std::string& err = "Malformed ECP point detected") : + explicit Illegal_Point(const std::string& err = "Malformed ECP point detected") : Exception(err) {} }; @@ -56,7 +56,7 @@ class BOTAN_DLL PointGFp * Construct the zero point * @param curve The base curve */ - PointGFp(const CurveGFp& curve); + explicit PointGFp(const CurveGFp& curve); static PointGFp zero_of(const CurveGFp& curve) { diff --git a/src/lib/math/numbertheory/dsa_gen.cpp b/src/lib/math/numbertheory/dsa_gen.cpp index 1f922fd49..42bfeb4c1 100644 --- a/src/lib/math/numbertheory/dsa_gen.cpp +++ b/src/lib/math/numbertheory/dsa_gen.cpp @@ -61,7 +61,7 @@ bool generate_dsa_primes(RandomNumberGenerator& rng, class Seed { public: - Seed(const std::vector<byte>& s) : m_seed(s) {} + explicit Seed(const std::vector<byte>& s) : m_seed(s) {} operator std::vector<byte>& () { return m_seed; } diff --git a/src/lib/math/numbertheory/pow_mod.cpp b/src/lib/math/numbertheory/pow_mod.cpp index 49ff6cca2..5503f313c 100644 --- a/src/lib/math/numbertheory/pow_mod.cpp +++ b/src/lib/math/numbertheory/pow_mod.cpp @@ -34,10 +34,15 @@ Power_Mod::Power_Mod(const Power_Mod& other) */ Power_Mod& Power_Mod::operator=(const Power_Mod& other) { - delete m_core; - m_core = nullptr; - if(other.m_core) - m_core = other.m_core->copy(); + if(this != &other) + { + delete m_core; + m_core = nullptr; + if(other.m_core) + { + m_core = other.m_core->copy(); + } + } return (*this); } diff --git a/src/lib/math/numbertheory/powm_fw.cpp b/src/lib/math/numbertheory/powm_fw.cpp index 02e9bbe83..7369959a9 100644 --- a/src/lib/math/numbertheory/powm_fw.cpp +++ b/src/lib/math/numbertheory/powm_fw.cpp @@ -60,10 +60,7 @@ BigInt Fixed_Window_Exponentiator::execute() const */ Fixed_Window_Exponentiator::Fixed_Window_Exponentiator(const BigInt& n, Power_Mod::Usage_Hints hints) - { - m_reducer = Modular_Reducer(n); - m_hints = hints; - m_window_bits = 0; - } + : m_reducer{Modular_Reducer(n)}, m_exp{}, m_window_bits{}, m_g{}, m_hints{hints} + {} } diff --git a/src/lib/math/numbertheory/reducer.h b/src/lib/math/numbertheory/reducer.h index 248de3e2f..36808f00f 100644 --- a/src/lib/math/numbertheory/reducer.h +++ b/src/lib/math/numbertheory/reducer.h @@ -50,7 +50,7 @@ class BOTAN_DLL Modular_Reducer bool initialized() const { return (m_mod_words != 0); } Modular_Reducer() { m_mod_words = 0; } - Modular_Reducer(const BigInt& mod); + explicit Modular_Reducer(const BigInt& mod); private: BigInt m_modulus, m_modulus_2, m_mu; size_t m_mod_words; diff --git a/src/lib/math/numbertheory/ressol.cpp b/src/lib/math/numbertheory/ressol.cpp index 127dc899e..2c83cb0e0 100644 --- a/src/lib/math/numbertheory/ressol.cpp +++ b/src/lib/math/numbertheory/ressol.cpp @@ -66,7 +66,7 @@ BigInt ressol(const BigInt& a, const BigInt& p) q = mod_p.square(q); ++i; - if(i > s) + if(i >= s) { return -BigInt(1); } diff --git a/src/lib/misc/srp6/srp6_files.h b/src/lib/misc/srp6/srp6_files.h index 7d6d9a55b..2b20de7a3 100644 --- a/src/lib/misc/srp6/srp6_files.h +++ b/src/lib/misc/srp6/srp6_files.h @@ -24,7 +24,7 @@ class BOTAN_DLL SRP6_Authenticator_File * @param filename will be opened and processed as a SRP * authenticator file */ - SRP6_Authenticator_File(const std::string& filename); + explicit SRP6_Authenticator_File(const std::string& filename); bool lookup_user(const std::string& username, BigInt& v, diff --git a/src/lib/misc/tss/tss.h b/src/lib/misc/tss/tss.h index 68eb5158f..6ff47a0cc 100644 --- a/src/lib/misc/tss/tss.h +++ b/src/lib/misc/tss/tss.h @@ -46,7 +46,7 @@ class BOTAN_DLL RTSS_Share /** * @param hex_input the share encoded in hexadecimal */ - RTSS_Share(const std::string& hex_input); + explicit RTSS_Share(const std::string& hex_input); /** * @return hex representation diff --git a/src/lib/modes/aead/ocb/ocb.cpp b/src/lib/modes/aead/ocb/ocb.cpp index 08157cd47..77126ec7a 100644 --- a/src/lib/modes/aead/ocb/ocb.cpp +++ b/src/lib/modes/aead/ocb/ocb.cpp @@ -15,7 +15,7 @@ namespace Botan { class L_computer { public: - L_computer(const BlockCipher& cipher) + explicit L_computer(const BlockCipher& cipher) { m_L_star.resize(cipher.block_size()); cipher.encrypt(m_L_star); diff --git a/src/lib/modes/aead/siv/siv.h b/src/lib/modes/aead/siv/siv.h index d46c7dcfd..d3e4c5270 100644 --- a/src/lib/modes/aead/siv/siv.h +++ b/src/lib/modes/aead/siv/siv.h @@ -43,7 +43,7 @@ class BOTAN_DLL SIV_Mode : public AEAD_Mode size_t tag_size() const override { return 16; } protected: - SIV_Mode(BlockCipher* cipher); + explicit SIV_Mode(BlockCipher* cipher); StreamCipher& ctr() { return *m_ctr; } @@ -73,7 +73,7 @@ class BOTAN_DLL SIV_Encryption final : public SIV_Mode /** * @param cipher a block cipher */ - SIV_Encryption(BlockCipher* cipher) : SIV_Mode(cipher) {} + explicit SIV_Encryption(BlockCipher* cipher) : SIV_Mode(cipher) {} void finish(secure_vector<byte>& final_block, size_t offset = 0) override; @@ -92,7 +92,7 @@ class BOTAN_DLL SIV_Decryption final : public SIV_Mode /** * @param cipher a 128-bit block cipher */ - SIV_Decryption(BlockCipher* cipher) : SIV_Mode(cipher) {} + explicit SIV_Decryption(BlockCipher* cipher) : SIV_Mode(cipher) {} void finish(secure_vector<byte>& final_block, size_t offset = 0) override; diff --git a/src/lib/modes/cbc/cbc.h b/src/lib/modes/cbc/cbc.h index 9a767d3a0..961991d4a 100644 --- a/src/lib/modes/cbc/cbc.h +++ b/src/lib/modes/cbc/cbc.h @@ -80,7 +80,7 @@ class BOTAN_DLL CBC_Encryption : public CBC_Mode class BOTAN_DLL CTS_Encryption final : public CBC_Encryption { public: - CTS_Encryption(BlockCipher* cipher) : CBC_Encryption(cipher, nullptr) {} + explicit CTS_Encryption(BlockCipher* cipher) : CBC_Encryption(cipher, nullptr) {} size_t output_length(size_t input_length) const override; @@ -117,7 +117,7 @@ class BOTAN_DLL CBC_Decryption : public CBC_Mode class BOTAN_DLL CTS_Decryption final : public CBC_Decryption { public: - CTS_Decryption(BlockCipher* cipher) : CBC_Decryption(cipher, nullptr) {} + explicit CTS_Decryption(BlockCipher* cipher) : CBC_Decryption(cipher, nullptr) {} void finish(secure_vector<byte>& final_block, size_t offset = 0) override; diff --git a/src/lib/modes/stream_mode.h b/src/lib/modes/stream_mode.h index 5450bc37d..f5f1aa33a 100644 --- a/src/lib/modes/stream_mode.h +++ b/src/lib/modes/stream_mode.h @@ -15,7 +15,7 @@ namespace Botan { class BOTAN_DLL Stream_Cipher_Mode : public Cipher_Mode { public: - Stream_Cipher_Mode(StreamCipher* cipher) : m_cipher(cipher) {} + explicit Stream_Cipher_Mode(StreamCipher* cipher) : m_cipher(cipher) {} void update(secure_vector<byte>& buf, size_t offset) override { diff --git a/src/lib/modes/xts/xts.h b/src/lib/modes/xts/xts.h index 2df18e82f..e751b1644 100644 --- a/src/lib/modes/xts/xts.h +++ b/src/lib/modes/xts/xts.h @@ -33,7 +33,7 @@ class BOTAN_DLL XTS_Mode : public Cipher_Mode void clear() override; protected: - XTS_Mode(BlockCipher* cipher); + explicit XTS_Mode(BlockCipher* cipher); const byte* tweak() const { return m_tweak.data(); } @@ -55,7 +55,7 @@ class BOTAN_DLL XTS_Mode : public Cipher_Mode class BOTAN_DLL XTS_Encryption final : public XTS_Mode { public: - XTS_Encryption(BlockCipher* cipher) : XTS_Mode(cipher) {} + explicit XTS_Encryption(BlockCipher* cipher) : XTS_Mode(cipher) {} void update(secure_vector<byte>& blocks, size_t offset = 0) override; @@ -70,7 +70,7 @@ class BOTAN_DLL XTS_Encryption final : public XTS_Mode class BOTAN_DLL XTS_Decryption final : public XTS_Mode { public: - XTS_Decryption(BlockCipher* cipher) : XTS_Mode(cipher) {} + explicit XTS_Decryption(BlockCipher* cipher) : XTS_Mode(cipher) {} void update(secure_vector<byte>& blocks, size_t offset = 0) override; diff --git a/src/lib/pbkdf/pbkdf.cpp b/src/lib/pbkdf/pbkdf.cpp index 98722fcc6..01f52853a 100644 --- a/src/lib/pbkdf/pbkdf.cpp +++ b/src/lib/pbkdf/pbkdf.cpp @@ -34,7 +34,7 @@ PBKDF::~PBKDF() {} std::unique_ptr<PBKDF> PBKDF::create(const std::string& algo_spec, const std::string& provider) { - return std::unique_ptr<PBKDF>(make_a<PBKDF>(algo_spec, provider)); + return std::unique_ptr<PBKDF>(make_a<PBKDF>(Botan::PBKDF::Spec(algo_spec), provider)); } std::vector<std::string> PBKDF::providers(const std::string& algo_spec) diff --git a/src/lib/pbkdf/pbkdf1/pbkdf1.h b/src/lib/pbkdf/pbkdf1/pbkdf1.h index 22b04a3a0..cd10b3112 100644 --- a/src/lib/pbkdf/pbkdf1/pbkdf1.h +++ b/src/lib/pbkdf/pbkdf1/pbkdf1.h @@ -25,7 +25,7 @@ class BOTAN_DLL PKCS5_PBKDF1 final : public PBKDF * Create a PKCS #5 instance using the specified hash function. * @param hash pointer to a hash function object to use */ - PKCS5_PBKDF1(HashFunction* hash) : m_hash(hash) {} + explicit PKCS5_PBKDF1(HashFunction* hash) : m_hash(hash) {} std::string name() const override { diff --git a/src/lib/pbkdf/pbkdf2/pbkdf2.h b/src/lib/pbkdf/pbkdf2/pbkdf2.h index 1918f5dd2..4f77f338b 100644 --- a/src/lib/pbkdf/pbkdf2/pbkdf2.h +++ b/src/lib/pbkdf/pbkdf2/pbkdf2.h @@ -48,7 +48,7 @@ class BOTAN_DLL PKCS5_PBKDF2 final : public PBKDF * Create a PKCS #5 instance using the specified message auth code * @param mac_fn the MAC object to use as PRF */ - PKCS5_PBKDF2(MessageAuthenticationCode* mac_fn) : m_mac(mac_fn) {} + explicit PKCS5_PBKDF2(MessageAuthenticationCode* mac_fn) : m_mac(mac_fn) {} static PKCS5_PBKDF2* make(const Spec& spec); private: diff --git a/src/lib/pk_pad/eme.cpp b/src/lib/pk_pad/eme.cpp index 4804a8a81..623c3777e 100644 --- a/src/lib/pk_pad/eme.cpp +++ b/src/lib/pk_pad/eme.cpp @@ -44,7 +44,7 @@ EME* get_eme(const std::string& algo_spec) { SCAN_Name request(algo_spec); - if(EME* eme = make_a<EME>(algo_spec)) + if(EME* eme = make_a<EME>(Botan::EME::Spec(algo_spec))) return eme; if(request.algo_name() == "Raw") diff --git a/src/lib/pk_pad/emsa.cpp b/src/lib/pk_pad/emsa.cpp index e20286a7d..3b8641357 100644 --- a/src/lib/pk_pad/emsa.cpp +++ b/src/lib/pk_pad/emsa.cpp @@ -39,7 +39,7 @@ EMSA* get_emsa(const std::string& algo_spec) { SCAN_Name request(algo_spec); - if(EMSA* emsa = make_a<EMSA>(algo_spec)) + if(EMSA* emsa = make_a<EMSA>(Botan::EMSA::Spec(algo_spec))) return emsa; throw Algorithm_Not_Found(algo_spec); diff --git a/src/lib/pk_pad/emsa1/emsa1.h b/src/lib/pk_pad/emsa1/emsa1.h index 3e10162b2..e346167da 100644 --- a/src/lib/pk_pad/emsa1/emsa1.h +++ b/src/lib/pk_pad/emsa1/emsa1.h @@ -23,7 +23,7 @@ class BOTAN_DLL EMSA1 : public EMSA /** * @param hash the hash function to use */ - EMSA1(HashFunction* hash) : m_hash(hash) {} + explicit EMSA1(HashFunction* hash) : m_hash(hash) {} protected: size_t hash_output_length() const { return m_hash->output_length(); } diff --git a/src/lib/pk_pad/emsa1_bsi/emsa1_bsi.h b/src/lib/pk_pad/emsa1_bsi/emsa1_bsi.h index f00c0a101..a7fae6c23 100644 --- a/src/lib/pk_pad/emsa1_bsi/emsa1_bsi.h +++ b/src/lib/pk_pad/emsa1_bsi/emsa1_bsi.h @@ -24,7 +24,7 @@ class BOTAN_DLL EMSA1_BSI final : public EMSA1 /** * @param hash the hash object to use */ - EMSA1_BSI(HashFunction* hash) : EMSA1(hash) {} + explicit EMSA1_BSI(HashFunction* hash) : EMSA1(hash) {} private: secure_vector<byte> encoding_of(const secure_vector<byte>&, size_t, RandomNumberGenerator& rng) override; diff --git a/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.h b/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.h index f217af764..9d5bc7829 100644 --- a/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.h +++ b/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.h @@ -26,7 +26,7 @@ class BOTAN_DLL EMSA_PKCS1v15 final : public EMSA /** * @param hash the hash object to use */ - EMSA_PKCS1v15(HashFunction* hash); + explicit EMSA_PKCS1v15(HashFunction* hash); void update(const byte[], size_t) override; diff --git a/src/lib/pk_pad/emsa_pssr/pssr.h b/src/lib/pk_pad/emsa_pssr/pssr.h index edbda4640..ee234b0b6 100644 --- a/src/lib/pk_pad/emsa_pssr/pssr.h +++ b/src/lib/pk_pad/emsa_pssr/pssr.h @@ -23,7 +23,7 @@ class BOTAN_DLL PSSR final : public EMSA /** * @param hash the hash object to use */ - PSSR(HashFunction* hash); + explicit PSSR(HashFunction* hash); /** * @param hash the hash object to use diff --git a/src/lib/pk_pad/emsa_x931/emsa_x931.h b/src/lib/pk_pad/emsa_x931/emsa_x931.h index 3372ac13c..400042a86 100644 --- a/src/lib/pk_pad/emsa_x931/emsa_x931.h +++ b/src/lib/pk_pad/emsa_x931/emsa_x931.h @@ -24,7 +24,7 @@ class BOTAN_DLL EMSA_X931 final : public EMSA /** * @param hash the hash object to use */ - EMSA_X931(HashFunction* hash); + explicit EMSA_X931(HashFunction* hash); private: void update(const byte[], size_t) override; secure_vector<byte> raw_data() override; diff --git a/src/lib/prov/openssl/openssl_rc4.cpp b/src/lib/prov/openssl/openssl_rc4.cpp index 79ad98ca4..e36535e08 100644 --- a/src/lib/prov/openssl/openssl_rc4.cpp +++ b/src/lib/prov/openssl/openssl_rc4.cpp @@ -43,7 +43,7 @@ class OpenSSL_RC4 : public StreamCipher return Key_Length_Specification(1, 32); } - OpenSSL_RC4(size_t skip = 0) : m_skip(skip) { clear(); } + explicit OpenSSL_RC4(size_t skip = 0) : m_skip(skip) { clear(); } ~OpenSSL_RC4() { clear(); } private: void cipher(const byte in[], byte out[], size_t length) override diff --git a/src/lib/prov/tpm/tpm.cpp b/src/lib/prov/tpm/tpm.cpp index 9a29be395..c0b265b98 100644 --- a/src/lib/prov/tpm/tpm.cpp +++ b/src/lib/prov/tpm/tpm.cpp @@ -56,13 +56,14 @@ TSS_FLAG bit_flag(size_t bits) } } +#if 0 bool is_srk_uuid(const UUID& uuid) { static const byte srk[16] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1 }; const std::vector<uint8_t>& b = uuid.binary_value(); return (b.size() == 16 && same_mem(b.data(), srk, 16)); } - +#endif #define TSPI_CHECK_SUCCESS(expr) do { \ TSS_RESULT res = expr; \ @@ -90,10 +91,11 @@ void set_policy_secret(TSS_HPOLICY policy, const char* secret) { if(secret) { + BYTE* as_b = const_cast<BYTE*>(reinterpret_cast<const BYTE*>(secret)); TSPI_CHECK_SUCCESS(::Tspi_Policy_SetSecret(policy, - TSS_SECRET_MODE_PLAIN, - std::strlen(secret), - (BYTE*)secret)); + TSS_SECRET_MODE_PLAIN, + std::strlen(secret), + as_b)); } else { diff --git a/src/lib/prov/tpm/tpm.h b/src/lib/prov/tpm/tpm.h index 7df232be3..4a9dcd3c6 100644 --- a/src/lib/prov/tpm/tpm.h +++ b/src/lib/prov/tpm/tpm.h @@ -138,32 +138,36 @@ class BOTAN_DLL TPM_PrivateKey : public Private_Key */ std::string register_key(TPM_Storage_Type storage_type); + /** + * Returns a copy of the public key + */ + std::unique_ptr<Public_Key> public_key() const; + + std::vector<uint8_t> export_blob() const; + + TPM_Context& ctx() const { return m_ctx; } + + TSS_HKEY handle() const { return m_key; } + /* * Returns the list of all keys (in URL format) registered with the system */ static std::vector<std::string> registered_keys(TPM_Context& ctx); - size_t estimated_strength() const; - - size_t max_input_bits() const; + size_t estimated_strength() const override; - AlgorithmIdentifier algorithm_identifier() const; + size_t max_input_bits() const override; - std::vector<byte> x509_subject_public_key() const; + AlgorithmIdentifier algorithm_identifier() const override; - secure_vector<byte> pkcs8_private_key() const; // not implemented + std::vector<byte> x509_subject_public_key() const override; - std::unique_ptr<Public_Key> public_key() const; + secure_vector<byte> pkcs8_private_key() const override; bool check_key(RandomNumberGenerator& rng, bool) const override; - std::string algo_name() const { return "RSA"; } // ??? - - std::vector<uint8_t> export_blob() const; - - TPM_Context& ctx() const { return m_ctx; } + std::string algo_name() const override { return "RSA"; } // ??? - TSS_HKEY handle() const { return m_key; } private: BigInt get_n() const; BigInt get_e() const; diff --git a/src/lib/pubkey/blinding.cpp b/src/lib/pubkey/blinding.cpp index 4a5c5acff..b20a30fa1 100644 --- a/src/lib/pubkey/blinding.cpp +++ b/src/lib/pubkey/blinding.cpp @@ -19,11 +19,8 @@ namespace Botan { Blinder::Blinder(const BigInt& modulus, std::function<BigInt (const BigInt&)> fwd, std::function<BigInt (const BigInt&)> inv) : - m_fwd_fn(fwd), m_inv_fn(inv) + m_reducer{Modular_Reducer(modulus)}, m_rng{}, m_fwd_fn(fwd), m_inv_fn(inv), m_modulus_bits{modulus.bits()}, m_e{}, m_d{}, m_counter{} { - m_reducer = Modular_Reducer(modulus); - m_modulus_bits = modulus.bits(); - #if defined(BOTAN_HAS_SYSTEM_RNG) m_rng.reset(new System_RNG); #else diff --git a/src/lib/pubkey/curve25519/curve25519.h b/src/lib/pubkey/curve25519/curve25519.h index c3e3d4e60..9d2868d6d 100644 --- a/src/lib/pubkey/curve25519/curve25519.h +++ b/src/lib/pubkey/curve25519/curve25519.h @@ -32,7 +32,7 @@ class BOTAN_DLL Curve25519_PublicKey : public virtual Public_Key Curve25519_PublicKey(const AlgorithmIdentifier& alg_id, const secure_vector<byte>& key_bits); - Curve25519_PublicKey(const secure_vector<byte>& pub) : m_public(pub) {} + explicit Curve25519_PublicKey(const secure_vector<byte>& pub) : m_public(pub) {} protected: Curve25519_PublicKey() {} secure_vector<byte> m_public; @@ -47,9 +47,9 @@ class BOTAN_DLL Curve25519_PrivateKey : public Curve25519_PublicKey, const secure_vector<byte>& key_bits, RandomNumberGenerator& rng); - Curve25519_PrivateKey(RandomNumberGenerator& rng); + explicit Curve25519_PrivateKey(RandomNumberGenerator& rng); - Curve25519_PrivateKey(const secure_vector<byte>& secret_key); + explicit Curve25519_PrivateKey(const secure_vector<byte>& secret_key); std::vector<byte> public_value() const override { return Curve25519_PublicKey::public_value(); } diff --git a/src/lib/pubkey/dlies/dlies.cpp b/src/lib/pubkey/dlies/dlies.cpp index 86cd51e19..ba890ac3d 100644 --- a/src/lib/pubkey/dlies/dlies.cpp +++ b/src/lib/pubkey/dlies/dlies.cpp @@ -21,6 +21,8 @@ DLIES_Encryptor::DLIES_Encryptor(const PK_Key_Agreement_Key& key, m_mac(mac_obj), m_mac_keylen(mac_kl) { + BOTAN_ASSERT_NONNULL(kdf_obj); + BOTAN_ASSERT_NONNULL(mac_obj); m_my_key = key.public_value(); } diff --git a/src/lib/pubkey/dsa/dsa.cpp b/src/lib/pubkey/dsa/dsa.cpp index 63b7bd07e..471189cd8 100644 --- a/src/lib/pubkey/dsa/dsa.cpp +++ b/src/lib/pubkey/dsa/dsa.cpp @@ -140,13 +140,10 @@ class DSA_Verification_Operation : public PK_Ops::Verification_with_EMSA DSA_Verification_Operation(const DSA_PublicKey& dsa, const std::string& emsa) : PK_Ops::Verification_with_EMSA(emsa), - m_q(dsa.group_q()), m_y(dsa.get_y()) - { - m_powermod_g_p = Fixed_Base_Power_Mod(dsa.group_g(), dsa.group_p()); - m_powermod_y_p = Fixed_Base_Power_Mod(m_y, dsa.group_p()); - m_mod_p = Modular_Reducer(dsa.group_p()); - m_mod_q = Modular_Reducer(dsa.group_q()); - } + m_q(dsa.group_q()), m_y(dsa.get_y()), m_powermod_g_p{Fixed_Base_Power_Mod(dsa.group_g(), dsa.group_p())}, + m_powermod_y_p{Fixed_Base_Power_Mod(m_y, dsa.group_p())}, m_mod_p{Modular_Reducer(dsa.group_p())}, + m_mod_q{Modular_Reducer(dsa.group_q())} + {} size_t message_parts() const override { return 2; } size_t message_part_size() const override { return m_q.bytes(); } diff --git a/src/lib/pubkey/ec_group/ec_group.h b/src/lib/pubkey/ec_group/ec_group.h index c7e52b238..a03b97a68 100644 --- a/src/lib/pubkey/ec_group/ec_group.h +++ b/src/lib/pubkey/ec_group/ec_group.h @@ -54,13 +54,13 @@ class BOTAN_DLL EC_Group * Decode a BER encoded ECC domain parameter set * @param ber_encoding the bytes of the BER encoding */ - EC_Group(const std::vector<byte>& ber_encoding); + explicit EC_Group(const std::vector<byte>& ber_encoding); /** * Create an EC domain by OID (or throw if unknown) * @param oid the OID of the EC domain to create */ - EC_Group(const OID& oid); + explicit EC_Group(const OID& oid); /** * Create an EC domain from PEM encoding (as from PEM_encode), or diff --git a/src/lib/pubkey/ecc_key/ecc_key.cpp b/src/lib/pubkey/ecc_key/ecc_key.cpp index a3f0ea93d..2dca20725 100644 --- a/src/lib/pubkey/ecc_key/ecc_key.cpp +++ b/src/lib/pubkey/ecc_key/ecc_key.cpp @@ -33,13 +33,8 @@ EC_PublicKey::EC_PublicKey(const EC_Group& dom_par, } EC_PublicKey::EC_PublicKey(const AlgorithmIdentifier& alg_id, - const secure_vector<byte>& key_bits) - { - m_domain_params = EC_Group(alg_id.parameters); - m_domain_encoding = EC_DOMPAR_ENC_EXPLICIT; - - m_public_key = OS2ECP(key_bits, domain().get_curve()); - } + const secure_vector<byte>& key_bits) : m_domain_params{EC_Group(alg_id.parameters)}, m_public_key{OS2ECP(key_bits, domain().get_curve())}, m_domain_encoding{EC_DOMPAR_ENC_EXPLICIT} + {} bool EC_PublicKey::check_key(RandomNumberGenerator&, bool) const diff --git a/src/lib/pubkey/ecc_key/ecc_key.h b/src/lib/pubkey/ecc_key/ecc_key.h index 3557d0266..3f93a908c 100644 --- a/src/lib/pubkey/ecc_key/ecc_key.h +++ b/src/lib/pubkey/ecc_key/ecc_key.h @@ -81,7 +81,8 @@ class BOTAN_DLL EC_PublicKey : public virtual Public_Key size_t estimated_strength() const override; protected: - EC_PublicKey() : m_domain_encoding(EC_DOMPAR_ENC_EXPLICIT) {} + EC_PublicKey() : m_domain_params{}, m_public_key{}, m_domain_encoding(EC_DOMPAR_ENC_EXPLICIT) + {} EC_Group m_domain_params; PointGFp m_public_key; diff --git a/src/lib/pubkey/if_algo/if_algo.cpp b/src/lib/pubkey/if_algo/if_algo.cpp index a79cad116..e5f3ae20f 100644 --- a/src/lib/pubkey/if_algo/if_algo.cpp +++ b/src/lib/pubkey/if_algo/if_algo.cpp @@ -97,13 +97,11 @@ IF_Scheme_PrivateKey::IF_Scheme_PrivateKey(RandomNumberGenerator& rng, const BigInt& prime2, const BigInt& exp, const BigInt& d_exp, - const BigInt& mod) + const BigInt& mod) : + m_d{ d_exp }, m_p{ prime1 }, m_q{ prime2 }, m_d1{}, m_d2{}, m_c{ inverse_mod( m_q, m_p ) } { - m_p = prime1; - m_q = prime2; - m_e = exp; - m_d = d_exp; m_n = mod.is_nonzero() ? mod : m_p * m_q; + m_e = exp; if(m_d == 0) { @@ -116,7 +114,6 @@ IF_Scheme_PrivateKey::IF_Scheme_PrivateKey(RandomNumberGenerator& rng, m_d1 = m_d % (m_p - 1); m_d2 = m_d % (m_q - 1); - m_c = inverse_mod(m_q, m_p); load_check(rng); } diff --git a/src/lib/pubkey/mce/gf2m_small_m.h b/src/lib/pubkey/mce/gf2m_small_m.h index 6a8de4424..0b27a82e3 100644 --- a/src/lib/pubkey/mce/gf2m_small_m.h +++ b/src/lib/pubkey/mce/gf2m_small_m.h @@ -25,7 +25,7 @@ typedef u16bit gf2m; class BOTAN_DLL GF2m_Field { public: - GF2m_Field(size_t extdeg); + explicit GF2m_Field(size_t extdeg); gf2m gf_mul(gf2m x, gf2m y) const { diff --git a/src/lib/pubkey/mce/mceliece.h b/src/lib/pubkey/mce/mceliece.h index b9e54ec0e..311f0f253 100644 --- a/src/lib/pubkey/mce/mceliece.h +++ b/src/lib/pubkey/mce/mceliece.h @@ -21,7 +21,7 @@ namespace Botan { class BOTAN_DLL McEliece_PublicKey : public virtual Public_Key { public: - McEliece_PublicKey(const std::vector<byte>& key_bits); + explicit McEliece_PublicKey(const std::vector<byte>& key_bits); McEliece_PublicKey(std::vector<byte> const& pub_matrix, u32bit the_t, u32bit the_code_length) : m_public_matrix(pub_matrix), @@ -90,7 +90,7 @@ class BOTAN_DLL McEliece_PrivateKey : public virtual McEliece_PublicKey, */ McEliece_PrivateKey(RandomNumberGenerator& rng, size_t code_length, size_t t); - McEliece_PrivateKey(const secure_vector<byte>& key_bits); + explicit McEliece_PrivateKey(const secure_vector<byte>& key_bits); McEliece_PrivateKey(polyn_gf2m const& goppa_polyn, std::vector<u32bit> const& parity_check_matrix_coeffs, diff --git a/src/lib/pubkey/mce/polyn_gf2m.cpp b/src/lib/pubkey/mce/polyn_gf2m.cpp index a957b8cc1..e0d1c5a65 100644 --- a/src/lib/pubkey/mce/polyn_gf2m.cpp +++ b/src/lib/pubkey/mce/polyn_gf2m.cpp @@ -644,13 +644,11 @@ polyn_gf2m::polyn_gf2m(int t, Botan::RandomNumberGenerator& rng, std::shared_ptr coeff(t+1), msp_field(sp_field) { - int i; (*this).set_coef( t, 1); - i = 0; int degree = 0; do { - for (i = 0; i < t; ++i) + for (int i = 0; i < t; ++i) { (*this).set_coef( i, random_code_element(sp_field->get_cardinality(), rng)); } diff --git a/src/lib/pubkey/mce/polyn_gf2m.h b/src/lib/pubkey/mce/polyn_gf2m.h index 938c1f553..62264e480 100644 --- a/src/lib/pubkey/mce/polyn_gf2m.h +++ b/src/lib/pubkey/mce/polyn_gf2m.h @@ -27,7 +27,7 @@ struct polyn_gf2m /** * create a zero polynomial: */ - polyn_gf2m( std::shared_ptr<GF2m_Field> sp_field ); + explicit polyn_gf2m( std::shared_ptr<GF2m_Field> sp_field ); polyn_gf2m() :m_deg(-1) diff --git a/src/lib/pubkey/nr/nr.cpp b/src/lib/pubkey/nr/nr.cpp index 64e08a111..5e2cb1be5 100644 --- a/src/lib/pubkey/nr/nr.cpp +++ b/src/lib/pubkey/nr/nr.cpp @@ -144,13 +144,10 @@ class NR_Verification_Operation : public PK_Ops::Verification_with_EMSA typedef NR_PublicKey Key_Type; NR_Verification_Operation(const NR_PublicKey& nr, const std::string& emsa) : PK_Ops::Verification_with_EMSA(emsa), - m_q(nr.group_q()), m_y(nr.get_y()) - { - m_powermod_g_p = Fixed_Base_Power_Mod(nr.group_g(), nr.group_p()); - m_powermod_y_p = Fixed_Base_Power_Mod(m_y, nr.group_p()); - m_mod_p = Modular_Reducer(nr.group_p()); - m_mod_q = Modular_Reducer(nr.group_q()); - } + m_q(nr.group_q()), m_y(nr.get_y()), m_powermod_g_p{Fixed_Base_Power_Mod(nr.group_g(), nr.group_p())}, + m_powermod_y_p{Fixed_Base_Power_Mod(m_y, nr.group_p())}, m_mod_p{Modular_Reducer(nr.group_p())}, + m_mod_q{Modular_Reducer(nr.group_q())} + {} size_t message_parts() const override { return 2; } size_t message_part_size() const override { return m_q.bytes(); } diff --git a/src/lib/pubkey/pk_ops_impl.h b/src/lib/pubkey/pk_ops_impl.h index bda3434bf..9be65cf21 100644 --- a/src/lib/pubkey/pk_ops_impl.h +++ b/src/lib/pubkey/pk_ops_impl.h @@ -23,7 +23,7 @@ class Encryption_with_EME : public Encryption ~Encryption_with_EME(); protected: - Encryption_with_EME(const std::string& eme); + explicit Encryption_with_EME(const std::string& eme); private: virtual size_t max_raw_input_bits() const = 0; @@ -41,7 +41,7 @@ class Decryption_with_EME : public Decryption ~Decryption_with_EME(); protected: - Decryption_with_EME(const std::string& eme); + explicit Decryption_with_EME(const std::string& eme); private: virtual size_t max_raw_input_bits() const = 0; virtual secure_vector<byte> raw_decrypt(const byte msg[], size_t len) = 0; @@ -59,7 +59,7 @@ class Verification_with_EMSA : public Verification protected: - Verification_with_EMSA(const std::string& emsa); + explicit Verification_with_EMSA(const std::string& emsa); ~Verification_with_EMSA(); /** @@ -105,7 +105,7 @@ class Signature_with_EMSA : public Signature secure_vector<byte> sign(RandomNumberGenerator& rng) override; protected: - Signature_with_EMSA(const std::string& emsa); + explicit Signature_with_EMSA(const std::string& emsa); ~Signature_with_EMSA(); private: @@ -132,7 +132,7 @@ class Key_Agreement_with_KDF : public Key_Agreement const byte salt[], size_t salt_len) override; protected: - Key_Agreement_with_KDF(const std::string& kdf); + explicit Key_Agreement_with_KDF(const std::string& kdf); ~Key_Agreement_with_KDF(); private: virtual secure_vector<byte> raw_agree(const byte w[], size_t w_len) = 0; @@ -154,7 +154,7 @@ class KEM_Encryption_with_KDF : public KEM_Encryption secure_vector<byte>& raw_shared_key, Botan::RandomNumberGenerator& rng) = 0; - KEM_Encryption_with_KDF(const std::string& kdf); + explicit KEM_Encryption_with_KDF(const std::string& kdf); ~KEM_Encryption_with_KDF(); private: std::unique_ptr<KDF> m_kdf; @@ -173,7 +173,7 @@ class KEM_Decryption_with_KDF : public KEM_Decryption virtual secure_vector<byte> raw_kem_decrypt(const byte encap_key[], size_t len) = 0; - KEM_Decryption_with_KDF(const std::string& kdf); + explicit KEM_Decryption_with_KDF(const std::string& kdf); ~KEM_Decryption_with_KDF(); private: std::unique_ptr<KDF> m_kdf; diff --git a/src/lib/pubkey/pkcs8.h b/src/lib/pubkey/pkcs8.h index 9dc5265c7..791a612df 100644 --- a/src/lib/pubkey/pkcs8.h +++ b/src/lib/pubkey/pkcs8.h @@ -19,7 +19,7 @@ namespace Botan { */ struct BOTAN_DLL PKCS8_Exception : public Decoding_Error { - PKCS8_Exception(const std::string& error) : + explicit PKCS8_Exception(const std::string& error) : Decoding_Error("PKCS #8: " + error) {} }; diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp index 18a694754..eb9fc2892 100644 --- a/src/lib/pubkey/rsa/rsa.cpp +++ b/src/lib/pubkey/rsa/rsa.cpp @@ -71,7 +71,7 @@ class RSA_Private_Operation protected: size_t get_max_input_bits() const { return (m_n.bits() - 1); } - RSA_Private_Operation(const RSA_PrivateKey& rsa) : + explicit RSA_Private_Operation(const RSA_PrivateKey& rsa) : m_n(rsa.get_n()), m_q(rsa.get_q()), m_c(rsa.get_c()), @@ -190,7 +190,7 @@ class RSA_KEM_Decryption_Operation : public PK_Ops::KEM_Decryption_with_KDF, class RSA_Public_Operation { public: - RSA_Public_Operation(const RSA_PublicKey& rsa) : + explicit RSA_Public_Operation(const RSA_PublicKey& rsa) : m_n(rsa.get_n()), m_powermod_e_n(rsa.get_e(), rsa.get_n()) {} diff --git a/src/lib/rng/rng.h b/src/lib/rng/rng.h index a01212359..2e29a713c 100644 --- a/src/lib/rng/rng.h +++ b/src/lib/rng/rng.h @@ -199,7 +199,7 @@ class BOTAN_DLL Serialized_RNG : public RandomNumberGenerator } Serialized_RNG() : m_rng(RandomNumberGenerator::make_rng()) {} - Serialized_RNG(RandomNumberGenerator* rng) : m_rng(rng) {} + explicit Serialized_RNG(RandomNumberGenerator* rng) : m_rng(rng) {} private: mutable std::mutex m_mutex; std::unique_ptr<RandomNumberGenerator> m_rng; diff --git a/src/lib/stream/ctr/ctr.h b/src/lib/stream/ctr/ctr.h index dc05fa596..8e931605c 100644 --- a/src/lib/stream/ctr/ctr.h +++ b/src/lib/stream/ctr/ctr.h @@ -43,7 +43,7 @@ class BOTAN_DLL CTR_BE final : public StreamCipher /** * @param cipher the underlying block cipher to use */ - CTR_BE(BlockCipher* cipher); + explicit CTR_BE(BlockCipher* cipher); private: void key_schedule(const byte key[], size_t key_len) override; void increment_counter(); diff --git a/src/lib/stream/ofb/ofb.h b/src/lib/stream/ofb/ofb.h index 4775c5575..fecd47d9d 100644 --- a/src/lib/stream/ofb/ofb.h +++ b/src/lib/stream/ofb/ofb.h @@ -43,7 +43,7 @@ class BOTAN_DLL OFB final : public StreamCipher /** * @param cipher the underlying block cipher to use */ - OFB(BlockCipher* cipher); + explicit OFB(BlockCipher* cipher); private: void key_schedule(const byte key[], size_t key_len) override; diff --git a/src/lib/stream/rc4/rc4.h b/src/lib/stream/rc4/rc4.h index db1726a18..f166a2772 100644 --- a/src/lib/stream/rc4/rc4.h +++ b/src/lib/stream/rc4/rc4.h @@ -36,7 +36,7 @@ class BOTAN_DLL RC4 final : public StreamCipher /** * @param skip skip this many initial bytes in the keystream */ - RC4(size_t skip = 0); + explicit RC4(size_t skip = 0); ~RC4() { clear(); } private: diff --git a/src/lib/stream/stream_cipher.cpp b/src/lib/stream/stream_cipher.cpp index 060e65d86..03ef5e329 100644 --- a/src/lib/stream/stream_cipher.cpp +++ b/src/lib/stream/stream_cipher.cpp @@ -33,7 +33,7 @@ namespace Botan { std::unique_ptr<StreamCipher> StreamCipher::create(const std::string& algo_spec, const std::string& provider) { - return std::unique_ptr<StreamCipher>(make_a<StreamCipher>(algo_spec, provider)); + return std::unique_ptr<StreamCipher>(make_a<StreamCipher>(Botan::StreamCipher::Spec(algo_spec), provider)); } std::vector<std::string> StreamCipher::providers(const std::string& algo_spec) diff --git a/src/lib/tls/msg_cert_verify.cpp b/src/lib/tls/msg_cert_verify.cpp index be6c8a069..0d157dc57 100644 --- a/src/lib/tls/msg_cert_verify.cpp +++ b/src/lib/tls/msg_cert_verify.cpp @@ -77,12 +77,14 @@ std::vector<byte> Certificate_Verify::serialize() const * Verify a Certificate Verify message */ bool Certificate_Verify::verify(const X509_Certificate& cert, - const Handshake_State& state) const + const Handshake_State& state, + const Policy& policy) const { std::unique_ptr<Public_Key> key(cert.subject_public_key()); std::pair<std::string, Signature_Format> format = - state.understand_sig_format(*key.get(), m_hash_algo, m_sig_algo); + state.parse_sig_format(*key.get(), m_hash_algo, m_sig_algo, + true, policy); PK_Verifier verifier(*key, format.first, format.second); diff --git a/src/lib/tls/msg_finished.cpp b/src/lib/tls/msg_finished.cpp index b837172b6..2d6b11995 100644 --- a/src/lib/tls/msg_finished.cpp +++ b/src/lib/tls/msg_finished.cpp @@ -48,9 +48,8 @@ std::vector<byte> finished_compute_verify(const Handshake_State& state, */ Finished::Finished(Handshake_IO& io, Handshake_State& state, - Connection_Side side) + Connection_Side side) : m_verification_data(finished_compute_verify( state, side )) { - m_verification_data = finished_compute_verify(state, side); state.hash().update(io.send(*this)); } @@ -65,10 +64,8 @@ std::vector<byte> Finished::serialize() const /* * Deserialize a Finished message */ -Finished::Finished(const std::vector<byte>& buf) - { - m_verification_data = buf; - } +Finished::Finished(const std::vector<byte>& buf) : m_verification_data(buf) + {} /* * Verify a Finished message diff --git a/src/lib/tls/msg_server_hello.cpp b/src/lib/tls/msg_server_hello.cpp index f9962a8ee..f8d0c63c7 100644 --- a/src/lib/tls/msg_server_hello.cpp +++ b/src/lib/tls/msg_server_hello.cpp @@ -28,7 +28,7 @@ Server_Hello::Server_Hello(Handshake_IO& io, u16bit ciphersuite, byte compression, bool offer_session_ticket, - const std::string next_protocol) : + const std::string& next_protocol) : m_version(new_session_version), m_session_id(new_session_id), m_random(make_hello_random(rng, policy)), diff --git a/src/lib/tls/msg_server_kex.cpp b/src/lib/tls/msg_server_kex.cpp index fcff7349e..98e3ad1f0 100644 --- a/src/lib/tls/msg_server_kex.cpp +++ b/src/lib/tls/msg_server_kex.cpp @@ -48,7 +48,7 @@ Server_Key_Exchange::Server_Key_Exchange(Handshake_IO& io, if(kex_algo == "DH" || kex_algo == "DHE_PSK") { - std::unique_ptr<DH_PrivateKey> dh(new DH_PrivateKey(rng, policy.dh_group())); + std::unique_ptr<DH_PrivateKey> dh(new DH_PrivateKey(rng, DL_Group(policy.dh_group()))); append_tls_length_value(m_params, BigInt::encode(dh->get_domain().get_p()), 2); append_tls_length_value(m_params, BigInt::encode(dh->get_domain().get_g()), 2); @@ -233,10 +233,12 @@ std::vector<byte> Server_Key_Exchange::serialize() const * Verify a Server Key Exchange message */ bool Server_Key_Exchange::verify(const Public_Key& server_key, - const Handshake_State& state) const + const Handshake_State& state, + const Policy& policy) const { std::pair<std::string, Signature_Format> format = - state.understand_sig_format(server_key, m_hash_algo, m_sig_algo); + state.parse_sig_format(server_key, m_hash_algo, m_sig_algo, + false, policy); PK_Verifier verifier(server_key, format.first, format.second); diff --git a/src/lib/tls/tls_alert.h b/src/lib/tls/tls_alert.h index 2c82514a3..1184c6260 100644 --- a/src/lib/tls/tls_alert.h +++ b/src/lib/tls/tls_alert.h @@ -92,7 +92,7 @@ class BOTAN_DLL Alert * Deserialize an Alert message * @param buf the serialized alert */ - Alert(const secure_vector<byte>& buf); + explicit Alert(const secure_vector<byte>& buf); /** * Create a new Alert diff --git a/src/lib/tls/tls_blocking.cpp b/src/lib/tls/tls_blocking.cpp index f88b7896c..a1867b6b5 100644 --- a/src/lib/tls/tls_blocking.cpp +++ b/src/lib/tls/tls_blocking.cpp @@ -20,7 +20,7 @@ Blocking_Client::Blocking_Client(read_fn reader, const Policy& policy, RandomNumberGenerator& rng, const Server_Information& server_info, - const Protocol_Version offer_version, + const Protocol_Version& offer_version, const std::vector<std::string>& next) : m_read(reader), m_channel(writer, @@ -42,7 +42,7 @@ bool Blocking_Client::handshake_cb(const Session& session) return this->handshake_complete(session); } -void Blocking_Client::alert_cb(const Alert alert, const byte[], size_t) +void Blocking_Client::alert_cb(const Alert& alert, const byte[], size_t) { this->alert_notification(alert); } diff --git a/src/lib/tls/tls_blocking.h b/src/lib/tls/tls_blocking.h index 89421f5f5..00e65cbaf 100644 --- a/src/lib/tls/tls_blocking.h +++ b/src/lib/tls/tls_blocking.h @@ -39,7 +39,7 @@ class BOTAN_DLL Blocking_Client const Policy& policy, RandomNumberGenerator& rng, const Server_Information& server_info = Server_Information(), - const Protocol_Version offer_version = Protocol_Version::latest_tls_version(), + const Protocol_Version& offer_version = Protocol_Version::latest_tls_version(), const std::vector<std::string>& next_protos = {}); /** @@ -89,7 +89,7 @@ class BOTAN_DLL Blocking_Client void data_cb(const byte data[], size_t data_len); - void alert_cb(const Alert alert, const byte data[], size_t data_len); + void alert_cb(const Alert& alert, const byte data[], size_t data_len); read_fn m_read; TLS::Client m_channel; diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp index 368e4569e..301c77c6b 100644 --- a/src/lib/tls/tls_client.cpp +++ b/src/lib/tls/tls_client.cpp @@ -51,7 +51,7 @@ Client::Client(output_fn output_fn, const Policy& policy, RandomNumberGenerator& rng, const Server_Information& info, - const Protocol_Version offer_version, + const Protocol_Version& offer_version, const std::vector<std::string>& next_protos, size_t io_buf_sz) : Channel(output_fn, proc_cb, alert_cb, handshake_cb, Channel::handshake_msg_cb(), @@ -75,7 +75,7 @@ Client::Client(output_fn output_fn, const Policy& policy, RandomNumberGenerator& rng, const Server_Information& info, - const Protocol_Version offer_version, + const Protocol_Version& offer_version, const std::vector<std::string>& next_protos) : Channel(output_fn, proc_cb, alert_cb, handshake_cb, hs_msg_cb, session_manager, rng, policy, offer_version.is_datagram_protocol()), @@ -394,7 +394,7 @@ void Client::process_handshake_msg(const Handshake_State* active_state, { const Public_Key& server_key = state.get_server_public_Key(); - if(!state.server_kex()->verify(server_key, state)) + if(!state.server_kex()->verify(server_key, state, policy())) { throw TLS_Exception(Alert::DECRYPT_ERROR, "Bad signature on server key exchange"); diff --git a/src/lib/tls/tls_client.h b/src/lib/tls/tls_client.h index d17ea74d0..45a741878 100644 --- a/src/lib/tls/tls_client.h +++ b/src/lib/tls/tls_client.h @@ -62,7 +62,7 @@ class BOTAN_DLL Client final : public Channel const Policy& policy, RandomNumberGenerator& rng, const Server_Information& server_info = Server_Information(), - const Protocol_Version offer_version = Protocol_Version::latest_tls_version(), + const Protocol_Version& offer_version = Protocol_Version::latest_tls_version(), const std::vector<std::string>& next_protocols = {}, size_t reserved_io_buffer_size = 16*1024 ); @@ -77,7 +77,7 @@ class BOTAN_DLL Client final : public Channel const Policy& policy, RandomNumberGenerator& rng, const Server_Information& server_info = Server_Information(), - const Protocol_Version offer_version = Protocol_Version::latest_tls_version(), + const Protocol_Version& offer_version = Protocol_Version::latest_tls_version(), const std::vector<std::string>& next_protocols = {} ); diff --git a/src/lib/tls/tls_exceptn.h b/src/lib/tls/tls_exceptn.h index 509226094..2ed5b685c 100644 --- a/src/lib/tls/tls_exceptn.h +++ b/src/lib/tls/tls_exceptn.h @@ -36,7 +36,7 @@ class BOTAN_DLL TLS_Exception : public Exception */ struct BOTAN_DLL Unexpected_Message : public TLS_Exception { - Unexpected_Message(const std::string& err) : + explicit Unexpected_Message(const std::string& err) : TLS_Exception(Alert::UNEXPECTED_MESSAGE, err) {} }; diff --git a/src/lib/tls/tls_extensions.cpp b/src/lib/tls/tls_extensions.cpp index 35c39ddab..4acf9a6fe 100644 --- a/src/lib/tls/tls_extensions.cpp +++ b/src/lib/tls/tls_extensions.cpp @@ -180,10 +180,8 @@ std::vector<byte> Server_Name_Indicator::serialize() const #if defined(BOTAN_HAS_SRP6) SRP_Identifier::SRP_Identifier(TLS_Data_Reader& reader, - u16bit extension_size) + u16bit extension_size) : m_srp_identifier(reader.get_string(1, 1, 255)) { - m_srp_identifier = reader.get_string(1, 1, 255); - if(m_srp_identifier.size() + 1 != extension_size) throw Decoding_Error("Bad encoding for SRP identifier extension"); } @@ -203,10 +201,8 @@ std::vector<byte> SRP_Identifier::serialize() const #endif Renegotiation_Extension::Renegotiation_Extension(TLS_Data_Reader& reader, - u16bit extension_size) + u16bit extension_size) : m_reneg_data(reader.get_range<byte>(1, 0, 255)) { - m_reneg_data = reader.get_range<byte>(1, 0, 255); - if(m_reneg_data.size() + 1 != extension_size) throw Decoding_Error("Bad encoding for secure renegotiation extn"); } @@ -516,16 +512,12 @@ Signature_Algorithms::Signature_Algorithms(TLS_Data_Reader& reader, } Session_Ticket::Session_Ticket(TLS_Data_Reader& reader, - u16bit extension_size) - { - m_ticket = reader.get_elem<byte, std::vector<byte> >(extension_size); - } + u16bit extension_size) : m_ticket(reader.get_elem<byte, std::vector<byte>>(extension_size)) + {} SRTP_Protection_Profiles::SRTP_Protection_Profiles(TLS_Data_Reader& reader, - u16bit extension_size) + u16bit extension_size) : m_pp(reader.get_range<u16bit>(2, 0, 65535)) { - m_pp = reader.get_range<u16bit>(2, 0, 65535); - const std::vector<byte> mki = reader.get_range<byte>(1, 0, 255); if(m_pp.size() * 2 + mki.size() + 3 != extension_size) diff --git a/src/lib/tls/tls_extensions.h b/src/lib/tls/tls_extensions.h index 5a8aff9de..a5aac0020 100644 --- a/src/lib/tls/tls_extensions.h +++ b/src/lib/tls/tls_extensions.h @@ -79,7 +79,7 @@ class Server_Name_Indicator final : public Extension Handshake_Extension_Type type() const override { return static_type(); } - Server_Name_Indicator(const std::string& host_name) : + explicit Server_Name_Indicator(const std::string& host_name) : m_sni_host_name(host_name) {} Server_Name_Indicator(TLS_Data_Reader& reader, @@ -106,7 +106,7 @@ class SRP_Identifier final : public Extension Handshake_Extension_Type type() const override { return static_type(); } - SRP_Identifier(const std::string& identifier) : + explicit SRP_Identifier(const std::string& identifier) : m_srp_identifier(identifier) {} SRP_Identifier(TLS_Data_Reader& reader, @@ -135,7 +135,7 @@ class Renegotiation_Extension final : public Extension Renegotiation_Extension() {} - Renegotiation_Extension(const std::vector<byte>& bits) : + explicit Renegotiation_Extension(const std::vector<byte>& bits) : m_reneg_data(bits) {} Renegotiation_Extension(TLS_Data_Reader& reader, @@ -168,13 +168,13 @@ class Application_Layer_Protocol_Notification final : public Extension /** * Single protocol, used by server */ - Application_Layer_Protocol_Notification(const std::string& protocol) : + explicit Application_Layer_Protocol_Notification(const std::string& protocol) : m_protocols(1, protocol) {} /** * List of protocols, used by client */ - Application_Layer_Protocol_Notification(const std::vector<std::string>& protocols) : + explicit Application_Layer_Protocol_Notification(const std::vector<std::string>& protocols) : m_protocols(protocols) {} Application_Layer_Protocol_Notification(TLS_Data_Reader& reader, @@ -211,7 +211,7 @@ class Session_Ticket final : public Extension /** * Extension with ticket, used by client */ - Session_Ticket(const std::vector<byte>& session_ticket) : + explicit Session_Ticket(const std::vector<byte>& session_ticket) : m_ticket(session_ticket) {} /** @@ -244,7 +244,7 @@ class Supported_Elliptic_Curves final : public Extension std::vector<byte> serialize() const override; - Supported_Elliptic_Curves(const std::vector<std::string>& curves) : + explicit Supported_Elliptic_Curves(const std::vector<std::string>& curves) : m_curves(curves) {} Supported_Elliptic_Curves(TLS_Data_Reader& reader, @@ -285,7 +285,7 @@ class Signature_Algorithms final : public Extension Signature_Algorithms(const std::vector<std::string>& hashes, const std::vector<std::string>& sig_algos); - Signature_Algorithms(const std::vector<std::pair<std::string, std::string> >& algos) : + explicit Signature_Algorithms(const std::vector<std::pair<std::string, std::string> >& algos) : m_supported_algos(algos) {} Signature_Algorithms(TLS_Data_Reader& reader, @@ -311,9 +311,9 @@ class SRTP_Protection_Profiles final : public Extension bool empty() const override { return m_pp.empty(); } - SRTP_Protection_Profiles(const std::vector<u16bit>& pp) : m_pp(pp) {} + explicit SRTP_Protection_Profiles(const std::vector<u16bit>& pp) : m_pp(pp) {} - SRTP_Protection_Profiles(u16bit pp) : m_pp(1, pp) {} + explicit SRTP_Protection_Profiles(u16bit pp) : m_pp(1, pp) {} SRTP_Protection_Profiles(TLS_Data_Reader& reader, u16bit extension_size); private: @@ -377,7 +377,7 @@ class Extensions Extensions() {} - Extensions(TLS_Data_Reader& reader) { deserialize(reader); } + explicit Extensions(TLS_Data_Reader& reader) { deserialize(reader); } private: Extensions(const Extensions&) {} diff --git a/src/lib/tls/tls_handshake_io.h b/src/lib/tls/tls_handshake_io.h index f2bb2ac71..601ac41d9 100644 --- a/src/lib/tls/tls_handshake_io.h +++ b/src/lib/tls/tls_handshake_io.h @@ -67,7 +67,7 @@ class Stream_Handshake_IO final : public Handshake_IO public: typedef std::function<void (byte, const std::vector<byte>&)> writer_fn; - Stream_Handshake_IO(writer_fn writer) : m_send_hs(writer) {} + explicit Stream_Handshake_IO(writer_fn writer) : m_send_hs(writer) {} Protocol_Version initial_record_version() const override; diff --git a/src/lib/tls/tls_handshake_state.cpp b/src/lib/tls/tls_handshake_state.cpp index 3799c9e7d..67ba43265 100644 --- a/src/lib/tls/tls_handshake_state.cpp +++ b/src/lib/tls/tls_handshake_state.cpp @@ -1,6 +1,6 @@ /* * TLS Handshaking -* (C) 2004-2006,2011,2012,2015 Jack Lloyd +* (C) 2004-2006,2011,2012,2015,2016 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -449,58 +449,111 @@ Handshake_State::choose_sig_format(const Private_Key& key, throw Invalid_Argument(sig_algo + " is invalid/unknown for TLS signatures"); } +namespace { + +bool supported_algos_include( + const std::vector<std::pair<std::string, std::string>>& algos, + const std::string& key_type, + const std::string& hash_type) + { + for(auto&& algo : algos) + { + if(algo.first == hash_type && algo.second == key_type) + { + return true; + } + } + + return false; + } + +} + std::pair<std::string, Signature_Format> -Handshake_State::understand_sig_format(const Public_Key& key, - std::string hash_algo, - std::string sig_algo) const +Handshake_State::parse_sig_format(const Public_Key& key, + const std::string& input_hash_algo, + const std::string& input_sig_algo, + bool for_client_auth, + const Policy& policy) const { - const std::string algo_name = key.algo_name(); + const std::string key_type = key.algo_name(); - /* - FIXME: This should check what was sent against the client hello - preferences, or the certificate request, to ensure it was allowed - by those restrictions. + if(!policy.allowed_signature_method(key_type)) + { + throw TLS_Exception(Alert::HANDSHAKE_FAILURE, + "Rejecting " + key_type + " signature"); + } - Or not? - */ + std::string hash_algo; if(this->version().supports_negotiable_signature_algorithms()) { - if(hash_algo.empty()) + if(input_sig_algo != key_type) + throw Decoding_Error("Counterparty sent inconsistent key and sig types"); + + if(input_hash_algo == "") throw Decoding_Error("Counterparty did not send hash/sig IDS"); - if(sig_algo != algo_name) - throw Decoding_Error("Counterparty sent inconsistent key and sig types"); + hash_algo = input_hash_algo; + + if(for_client_auth && !cert_req()) + { + throw TLS_Exception(Alert::HANDSHAKE_FAILURE, + "No certificate verify set"); + } + + /* + Confirm the signature type we just received against the + supported_algos list that we sent; it better be there. + */ + + const auto supported_algos = + for_client_auth ? cert_req()->supported_algos() : + client_hello()->supported_algos(); + + if(!supported_algos_include(supported_algos, key_type, hash_algo)) + { + throw TLS_Exception(Alert::HANDSHAKE_FAILURE, + "TLS signature extension did not allow for " + + key_type + "/" + hash_algo + " signature"); + } } else { - if(!hash_algo.empty() || !sig_algo.empty()) + if(input_hash_algo != "" || input_sig_algo != "") throw Decoding_Error("Counterparty sent hash/sig IDs with old version"); - } - if(algo_name == "RSA") - { - if(!this->version().supports_negotiable_signature_algorithms()) + if(key_type == "RSA") { hash_algo = "Parallel(MD5,SHA-160)"; } + else if(key_type == "DSA" || key_type == "ECDSA") + { + hash_algo = "SHA-1"; + } + else + { + throw Invalid_Argument(key_type + " is invalid/unknown for TLS signatures"); + } + + /* + There is no check on the acceptability of a v1.0/v1.1 hash type, + since it's implicit with use of the protocol + */ + } + if(key_type == "RSA") + { const std::string padding = "EMSA3(" + hash_algo + ")"; return std::make_pair(padding, IEEE_1363); } - else if(algo_name == "DSA" || algo_name == "ECDSA") + else if(key_type == "DSA" || key_type == "ECDSA") { - if(!this->version().supports_negotiable_signature_algorithms()) - { - hash_algo = "SHA-1"; - } - const std::string padding = "EMSA1(" + hash_algo + ")"; - return std::make_pair(padding, DER_SEQUENCE); } - throw Invalid_Argument(algo_name + " is invalid/unknown for TLS signatures"); + throw Invalid_Argument(key_type + " is invalid/unknown for TLS signatures"); } } diff --git a/src/lib/tls/tls_handshake_state.h b/src/lib/tls/tls_handshake_state.h index 6260b090f..2943a8637 100644 --- a/src/lib/tls/tls_handshake_state.h +++ b/src/lib/tls/tls_handshake_state.h @@ -80,9 +80,11 @@ class Handshake_State std::vector<byte> session_ticket() const; std::pair<std::string, Signature_Format> - understand_sig_format(const Public_Key& key, - std::string hash_algo, - std::string sig_algo) const; + parse_sig_format(const Public_Key& key, + const std::string& hash_algo, + const std::string& sig_algo, + bool for_client_auth, + const Policy& policy) const; std::pair<std::string, Signature_Format> choose_sig_format(const Private_Key& key, diff --git a/src/lib/tls/tls_messages.h b/src/lib/tls/tls_messages.h index c648df720..3bee89e13 100644 --- a/src/lib/tls/tls_messages.h +++ b/src/lib/tls/tls_messages.h @@ -46,7 +46,7 @@ class Hello_Verify_Request final : public Handshake_Message std::vector<byte> cookie() const { return m_cookie; } - Hello_Verify_Request(const std::vector<byte>& buf); + explicit Hello_Verify_Request(const std::vector<byte>& buf); Hello_Verify_Request(const std::vector<byte>& client_hello_bits, const std::string& client_identity, @@ -178,7 +178,7 @@ class Client_Hello final : public Handshake_Message const Session& resumed_session, const std::vector<std::string>& next_protocols); - Client_Hello(const std::vector<byte>& buf); + explicit Client_Hello(const std::vector<byte>& buf); private: std::vector<byte> serialize() const override; @@ -267,7 +267,7 @@ class Server_Hello final : public Handshake_Message u16bit ciphersuite, byte compression, bool offer_session_ticket, - const std::string next_protocol); + const std::string& next_protocol); Server_Hello(Handshake_IO& io, Handshake_Hash& hash, @@ -279,7 +279,7 @@ class Server_Hello final : public Handshake_Message bool offer_session_ticket, const std::string& next_protocol); - Server_Hello(const std::vector<byte>& buf); + explicit Server_Hello(const std::vector<byte>& buf); private: std::vector<byte> serialize() const override; @@ -341,7 +341,7 @@ class Certificate final : public Handshake_Message Handshake_Hash& hash, const std::vector<X509_Certificate>& certs); - Certificate(const std::vector<byte>& buf); + explicit Certificate(const std::vector<byte>& buf); private: std::vector<byte> serialize() const override; @@ -395,7 +395,8 @@ class Certificate_Verify final : public Handshake_Message * @param state the handshake state */ bool verify(const X509_Certificate& cert, - const Handshake_State& state) const; + const Handshake_State& state, + const Policy& policy) const; Certificate_Verify(Handshake_IO& io, Handshake_State& state, @@ -431,7 +432,7 @@ class Finished final : public Handshake_Message Handshake_State& state, Connection_Side side); - Finished(const std::vector<byte>& buf); + explicit Finished(const std::vector<byte>& buf); private: std::vector<byte> serialize() const override; @@ -446,8 +447,8 @@ class Hello_Request final : public Handshake_Message public: Handshake_Type type() const override { return HELLO_REQUEST; } - Hello_Request(Handshake_IO& io); - Hello_Request(const std::vector<byte>& buf); + explicit Hello_Request(Handshake_IO& io); + explicit Hello_Request(const std::vector<byte>& buf); private: std::vector<byte> serialize() const override; }; @@ -463,7 +464,8 @@ class Server_Key_Exchange final : public Handshake_Message const std::vector<byte>& params() const { return m_params; } bool verify(const Public_Key& server_key, - const Handshake_State& state) const; + const Handshake_State& state, + const Policy& policy) const; // Only valid for certain kex types const Private_Key& server_kex_key() const; @@ -514,7 +516,7 @@ class Server_Hello_Done final : public Handshake_Message Handshake_Type type() const override { return SERVER_HELLO_DONE; } Server_Hello_Done(Handshake_IO& io, Handshake_Hash& hash); - Server_Hello_Done(const std::vector<byte>& buf); + explicit Server_Hello_Done(const std::vector<byte>& buf); private: std::vector<byte> serialize() const override; }; @@ -538,7 +540,7 @@ class New_Session_Ticket final : public Handshake_Message New_Session_Ticket(Handshake_IO& io, Handshake_Hash& hash); - New_Session_Ticket(const std::vector<byte>& buf); + explicit New_Session_Ticket(const std::vector<byte>& buf); private: std::vector<byte> serialize() const override; diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp index 3100db50d..be4c61b16 100644 --- a/src/lib/tls/tls_policy.cpp +++ b/src/lib/tls/tls_policy.cpp @@ -84,6 +84,11 @@ std::vector<std::string> Policy::allowed_signature_methods() const }; } +bool Policy::allowed_signature_method(const std::string& sig_method) const + { + return value_exists(allowed_signature_methods(), sig_method); + } + std::vector<std::string> Policy::allowed_ecc_curves() const { return { diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h index c1f40df17..769bb8eeb 100644 --- a/src/lib/tls/tls_policy.h +++ b/src/lib/tls/tls_policy.h @@ -57,6 +57,8 @@ class BOTAN_DLL Policy */ virtual std::vector<std::string> allowed_signature_methods() const; + bool allowed_signature_method(const std::string& sig_method) const; + /** * Return list of ECC curves we are willing to use in order of preference */ @@ -288,6 +290,9 @@ class BOTAN_DLL Text_Policy : public Policy u32bit session_ticket_lifetime() const override { return get_len("session_ticket_lifetime", Policy::session_ticket_lifetime()); } + bool send_fallback_scsv(Protocol_Version version) const override + { return get_bool("send_fallback_scsv", false) ? Policy::send_fallback_scsv(version) : false; } + std::vector<u16bit> srtp_profiles() const override { std::vector<u16bit> r; @@ -300,16 +305,14 @@ class BOTAN_DLL Text_Policy : public Policy void set(const std::string& k, const std::string& v) { m_kv[k] = v; } - Text_Policy(const std::string& s) + explicit Text_Policy(const std::string& s) { std::istringstream iss(s); m_kv = read_cfg(iss); } - Text_Policy(std::istream& in) - { - m_kv = read_cfg(in); - } + explicit Text_Policy(std::istream& in) : m_kv(read_cfg(in)) + {} private: diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp index 5ababe621..41b14ae08 100644 --- a/src/lib/tls/tls_server.cpp +++ b/src/lib/tls/tls_server.cpp @@ -618,7 +618,7 @@ void Server::process_handshake_msg(const Handshake_State* active_state, state.client_certs()->cert_chain(); const bool sig_valid = - state.client_verify()->verify(client_certs[0], state); + state.client_verify()->verify(client_certs[0], state, policy()); state.hash().update(state.handshake_io().format(contents, type)); diff --git a/src/lib/tls/tls_session.h b/src/lib/tls/tls_session.h index 0e22037f6..8ca646cf2 100644 --- a/src/lib/tls/tls_session.h +++ b/src/lib/tls/tls_session.h @@ -65,7 +65,7 @@ class BOTAN_DLL Session /** * Load a session from PEM representation (created by PEM_encode) */ - Session(const std::string& pem); + explicit Session(const std::string& pem); /** * Encode this session data for storage diff --git a/src/lib/utils/data_src.h b/src/lib/utils/data_src.h index 0a6ce0a8c..6a100ce63 100644 --- a/src/lib/utils/data_src.h +++ b/src/lib/utils/data_src.h @@ -108,7 +108,7 @@ class BOTAN_DLL DataSource_Memory : public DataSource * Construct a memory source that reads from a string * @param in the string to read from */ - DataSource_Memory(const std::string& in); + explicit DataSource_Memory(const std::string& in); /** * Construct a memory source that reads from a byte array @@ -122,14 +122,14 @@ class BOTAN_DLL DataSource_Memory : public DataSource * Construct a memory source that reads from a secure_vector * @param in the MemoryRegion to read from */ - DataSource_Memory(const secure_vector<byte>& in) : + explicit DataSource_Memory(const secure_vector<byte>& in) : m_source(in), m_offset(0) {} /** * Construct a memory source that reads from a std::vector * @param in the MemoryRegion to read from */ - DataSource_Memory(const std::vector<byte>& in) : + explicit DataSource_Memory(const std::vector<byte>& in) : m_source(in.begin(), in.end()), m_offset(0) {} size_t get_bytes_read() const override { return m_offset; } diff --git a/src/lib/utils/database.h b/src/lib/utils/database.h index 4d8b90d0c..4cc0989b1 100644 --- a/src/lib/utils/database.h +++ b/src/lib/utils/database.h @@ -23,7 +23,7 @@ class BOTAN_DLL SQL_Database class BOTAN_DLL SQL_DB_Error : public Exception { public: - SQL_DB_Error(const std::string& what) : Exception("SQL database", what) {} + explicit SQL_DB_Error(const std::string& what) : Exception("SQL database", what) {} }; class BOTAN_DLL Statement diff --git a/src/lib/utils/donna128.h b/src/lib/utils/donna128.h index c72ccb55c..c2a3e0d2e 100644 --- a/src/lib/utils/donna128.h +++ b/src/lib/utils/donna128.h @@ -104,8 +104,8 @@ inline u64bit carry_shift(const donna128& a, size_t shift) return (a >> shift).lo(); } -inline u64bit combine_lower(const donna128 a, size_t s1, - const donna128 b, size_t s2) +inline u64bit combine_lower(const donna128& a, size_t s1, + const donna128& b, size_t s2) { donna128 z = (a >> s1) | (b << s2); return z.lo(); diff --git a/src/lib/utils/exceptn.h b/src/lib/utils/exceptn.h index 1e9cd68d5..b6797f0f6 100644 --- a/src/lib/utils/exceptn.h +++ b/src/lib/utils/exceptn.h @@ -21,7 +21,7 @@ namespace Botan { class BOTAN_DLL Exception : public std::exception { public: - Exception(const std::string& msg) : m_msg(msg) {} + explicit Exception(const std::string& msg) : m_msg(msg) {} Exception(const char* prefix, const std::string& msg) : m_msg(std::string(prefix) + " " + msg) {} const char* what() const BOTAN_NOEXCEPT override { return m_msg.c_str(); } private: @@ -34,7 +34,7 @@ class BOTAN_DLL Exception : public std::exception class BOTAN_DLL Invalid_Argument : public Exception { public: - Invalid_Argument(const std::string& msg) : + explicit Invalid_Argument(const std::string& msg) : Exception("Invalid argument", msg) {} }; @@ -46,7 +46,7 @@ class BOTAN_DLL Invalid_Argument : public Exception */ struct BOTAN_DLL Unsupported_Argument : public Invalid_Argument { - Unsupported_Argument(const std::string& msg) : Invalid_Argument(msg) {} + explicit Unsupported_Argument(const std::string& msg) : Invalid_Argument(msg) {} }; /** @@ -54,7 +54,7 @@ struct BOTAN_DLL Unsupported_Argument : public Invalid_Argument */ struct BOTAN_DLL Invalid_State : public Exception { - Invalid_State(const std::string& err) : + explicit Invalid_State(const std::string& err) : Exception(err) {} }; @@ -64,7 +64,7 @@ struct BOTAN_DLL Invalid_State : public Exception */ struct BOTAN_DLL Lookup_Error : public Exception { - Lookup_Error(const std::string& err) : + explicit Lookup_Error(const std::string& err) : Exception(err) {} }; @@ -74,7 +74,7 @@ struct BOTAN_DLL Lookup_Error : public Exception */ struct BOTAN_DLL Internal_Error : public Exception { - Internal_Error(const std::string& err) : + explicit Internal_Error(const std::string& err) : Exception("Internal error: " + err) {} }; @@ -106,7 +106,7 @@ struct BOTAN_DLL Invalid_IV_Length : public Invalid_Argument */ struct BOTAN_DLL PRNG_Unseeded : public Invalid_State { - PRNG_Unseeded(const std::string& algo) : + explicit PRNG_Unseeded(const std::string& algo) : Invalid_State("PRNG not seeded: " + algo) {} }; @@ -116,7 +116,7 @@ struct BOTAN_DLL PRNG_Unseeded : public Invalid_State */ struct BOTAN_DLL Policy_Violation : public Invalid_State { - Policy_Violation(const std::string& err) : + explicit Policy_Violation(const std::string& err) : Invalid_State("Policy violation: " + err) {} }; @@ -126,7 +126,7 @@ struct BOTAN_DLL Policy_Violation : public Invalid_State */ struct BOTAN_DLL Algorithm_Not_Found : public Lookup_Error { - Algorithm_Not_Found(const std::string& name) : + explicit Algorithm_Not_Found(const std::string& name) : Lookup_Error("Could not find any algorithm named \"" + name + "\"") {} }; @@ -136,7 +136,7 @@ struct BOTAN_DLL Algorithm_Not_Found : public Lookup_Error */ struct BOTAN_DLL No_Provider_Found : public Exception { - No_Provider_Found(const std::string& name) : + explicit No_Provider_Found(const std::string& name) : Exception("Could not find any provider for algorithm named \"" + name + "\"") {} }; @@ -146,7 +146,7 @@ struct BOTAN_DLL No_Provider_Found : public Exception */ struct BOTAN_DLL Invalid_Algorithm_Name : public Invalid_Argument { - Invalid_Algorithm_Name(const std::string& name): + explicit Invalid_Algorithm_Name(const std::string& name): Invalid_Argument("Invalid algorithm name: " + name) {} }; @@ -156,7 +156,7 @@ struct BOTAN_DLL Invalid_Algorithm_Name : public Invalid_Argument */ struct BOTAN_DLL Encoding_Error : public Invalid_Argument { - Encoding_Error(const std::string& name) : + explicit Encoding_Error(const std::string& name) : Invalid_Argument("Encoding error: " + name) {} }; @@ -165,7 +165,7 @@ struct BOTAN_DLL Encoding_Error : public Invalid_Argument */ struct BOTAN_DLL Decoding_Error : public Invalid_Argument { - Decoding_Error(const std::string& name) : + explicit Decoding_Error(const std::string& name) : Invalid_Argument("Decoding error: " + name) {} }; @@ -174,7 +174,7 @@ struct BOTAN_DLL Decoding_Error : public Invalid_Argument */ struct BOTAN_DLL Integrity_Failure : public Exception { - Integrity_Failure(const std::string& msg) : + explicit Integrity_Failure(const std::string& msg) : Exception("Integrity failure: " + msg) {} }; @@ -183,7 +183,7 @@ struct BOTAN_DLL Integrity_Failure : public Exception */ struct BOTAN_DLL Invalid_OID : public Decoding_Error { - Invalid_OID(const std::string& oid) : + explicit Invalid_OID(const std::string& oid) : Decoding_Error("Invalid ASN.1 OID: " + oid) {} }; @@ -192,7 +192,7 @@ struct BOTAN_DLL Invalid_OID : public Decoding_Error */ struct BOTAN_DLL Stream_IO_Error : public Exception { - Stream_IO_Error(const std::string& err) : + explicit Stream_IO_Error(const std::string& err) : Exception("I/O error: " + err) {} }; @@ -210,7 +210,7 @@ struct BOTAN_DLL No_Filesystem_Access : public Exception */ struct BOTAN_DLL Self_Test_Failure : public Internal_Error { - Self_Test_Failure(const std::string& err) : + explicit Self_Test_Failure(const std::string& err) : Internal_Error("Self test failed: " + err) {} }; diff --git a/src/lib/utils/os_utils.cpp b/src/lib/utils/os_utils.cpp index bd87ca2ed..86776bdd0 100644 --- a/src/lib/utils/os_utils.cpp +++ b/src/lib/utils/os_utils.cpp @@ -1,6 +1,7 @@ /* * OS and machine specific utility functions * (C) 2015,2016 Jack Lloyd +* (C) 2016 Daniel Neus * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -30,8 +31,8 @@ uint32_t get_process_id() { #if defined(BOTAN_TARGET_OS_IS_UNIX) return ::getpid(); -#elif defined(BOTAN_TARGET_OS_IS_WIDOWS) - return ::GetProcessId(); +#elif defined(BOTAN_TARGET_OS_IS_WINDOWS) + return ::GetCurrentProcessId(); #else return 0; #endif @@ -50,7 +51,7 @@ uint64_t get_processor_timestamp() #if defined(BOTAN_USE_GCC_INLINE_ASM) #if defined(BOTAN_TARGET_CPU_IS_X86_FAMILY) - if(CPUID::has_rdtsc()) // not availble on all x86 CPUs + if(CPUID::has_rdtsc()) // not available on all x86 CPUs { uint32_t rtc_low = 0, rtc_high = 0; asm volatile("rdtsc" : "=d" (rtc_high), "=a" (rtc_low)); @@ -94,7 +95,7 @@ uint64_t get_system_timestamp_ns() } #endif - auto now = std::chrono::high_resolution_clock::now().time_since_epoch(); + auto now = std::chrono::system_clock::now().time_since_epoch(); return std::chrono::duration_cast<std::chrono::nanoseconds>(now).count(); } @@ -140,6 +141,36 @@ size_t get_memory_locking_limit() return std::min<size_t>(limits.rlim_cur, mlock_requested * 1024); } +#elif defined BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK + SIZE_T working_min = 0, working_max = 0; + DWORD working_flags = 0; + if(!::GetProcessWorkingSetSizeEx(::GetCurrentProcess(), &working_min, &working_max, &working_flags)) + { + return 0; + } + + SYSTEM_INFO sSysInfo; + ::GetSystemInfo(&sSysInfo); + + // According to Microsoft MSDN: + // The maximum number of pages that a process can lock is equal to the number of pages in its minimum working set minus a small overhead + // In the book "Windows Internals Part 2": the maximum lockable pages are minimum working set size - 8 pages + // But the information in the book seems to be inaccurate/outdated + // I've tested this on Windows 8.1 x64, Windows 10 x64 and Windows 7 x86 + // On all three OS the value is 11 instead of 8 + size_t overhead = sSysInfo.dwPageSize * 11ULL; + if(working_min > overhead) + { + size_t lockable_bytes = working_min - overhead; + if(lockable_bytes < (BOTAN_MLOCK_ALLOCATOR_MAX_LOCKED_KB * 1024ULL)) + { + return lockable_bytes; + } + else + { + return BOTAN_MLOCK_ALLOCATOR_MAX_LOCKED_KB * 1024ULL; + } + } #endif return 0; @@ -182,6 +213,20 @@ void* allocate_locked_pages(size_t length) ::memset(ptr, 0, length); return ptr; +#elif defined BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK + LPVOID ptr = ::VirtualAlloc(nullptr, length, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE); + if(!ptr) + { + return nullptr; + } + + if(::VirtualLock(ptr, length) == 0) + { + ::VirtualFree(ptr, 0, MEM_RELEASE); + return nullptr; // failed to lock + } + + return ptr; #else return nullptr; /* not implemented */ #endif @@ -196,6 +241,10 @@ void free_locked_pages(void* ptr, size_t length) zero_mem(ptr, length); ::munlock(ptr, length); ::munmap(ptr, length); +#elif defined BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK + zero_mem(ptr, length); + ::VirtualUnlock(ptr, length); + ::VirtualFree(ptr, 0, MEM_RELEASE); #else // Invalid argument because no way this pointer was allocated by us throw Invalid_Argument("Invalid ptr to free_locked_pages"); diff --git a/src/lib/utils/semaphore.h b/src/lib/utils/semaphore.h index 3495043e5..994a15f21 100644 --- a/src/lib/utils/semaphore.h +++ b/src/lib/utils/semaphore.h @@ -16,7 +16,7 @@ namespace Botan { class Semaphore { public: - Semaphore(int value = 0) : m_value(value), m_wakeups(0) {} + explicit Semaphore(int value = 0) : m_value(value), m_wakeups(0) {} void acquire(); diff --git a/src/lib/utils/simd/simd_sse2/simd_sse2.h b/src/lib/utils/simd/simd_sse2/simd_sse2.h index 1757b5976..551e9189c 100644 --- a/src/lib/utils/simd/simd_sse2/simd_sse2.h +++ b/src/lib/utils/simd/simd_sse2/simd_sse2.h @@ -18,7 +18,7 @@ namespace Botan { class SIMD_SSE2 { public: - SIMD_SSE2(const u32bit B[4]) + explicit SIMD_SSE2(const u32bit B[4]) { m_reg = _mm_loadu_si128(reinterpret_cast<const __m128i*>(B)); } @@ -28,14 +28,14 @@ class SIMD_SSE2 m_reg = _mm_set_epi32(B0, B1, B2, B3); } - SIMD_SSE2(u32bit B) + explicit SIMD_SSE2(u32bit B) { m_reg = _mm_set1_epi32(B); } static SIMD_SSE2 load_le(const void* in) { - return _mm_loadu_si128(reinterpret_cast<const __m128i*>(in)); + return SIMD_SSE2(_mm_loadu_si128(reinterpret_cast<const __m128i*>(in))); } static SIMD_SSE2 load_be(const void* in) @@ -71,7 +71,7 @@ class SIMD_SSE2 SIMD_SSE2 operator+(const SIMD_SSE2& other) const { - return _mm_add_epi32(m_reg, other.m_reg); + return SIMD_SSE2(_mm_add_epi32(m_reg, other.m_reg)); } void operator-=(const SIMD_SSE2& other) @@ -81,7 +81,7 @@ class SIMD_SSE2 SIMD_SSE2 operator-(const SIMD_SSE2& other) const { - return _mm_sub_epi32(m_reg, other.m_reg); + return SIMD_SSE2(_mm_sub_epi32(m_reg, other.m_reg)); } void operator^=(const SIMD_SSE2& other) @@ -91,7 +91,7 @@ class SIMD_SSE2 SIMD_SSE2 operator^(const SIMD_SSE2& other) const { - return _mm_xor_si128(m_reg, other.m_reg); + return SIMD_SSE2(_mm_xor_si128(m_reg, other.m_reg)); } void operator|=(const SIMD_SSE2& other) @@ -101,7 +101,7 @@ class SIMD_SSE2 SIMD_SSE2 operator&(const SIMD_SSE2& other) { - return _mm_and_si128(m_reg, other.m_reg); + return SIMD_SSE2(_mm_and_si128(m_reg, other.m_reg)); } void operator&=(const SIMD_SSE2& other) @@ -111,23 +111,23 @@ class SIMD_SSE2 SIMD_SSE2 operator<<(size_t shift) const { - return _mm_slli_epi32(m_reg, static_cast<int>(shift)); + return SIMD_SSE2(_mm_slli_epi32(m_reg, static_cast<int>(shift))); } SIMD_SSE2 operator>>(size_t shift) const { - return _mm_srli_epi32(m_reg, static_cast<int>(shift)); + return SIMD_SSE2(_mm_srli_epi32(m_reg, static_cast<int>(shift))); } SIMD_SSE2 operator~() const { - return _mm_xor_si128(m_reg, _mm_set1_epi32(0xFFFFFFFF)); + return SIMD_SSE2(_mm_xor_si128(m_reg, _mm_set1_epi32(0xFFFFFFFF))); } // (~reg) & other SIMD_SSE2 andc(const SIMD_SSE2& other) { - return _mm_andnot_si128(m_reg, other.m_reg); + return SIMD_SSE2(_mm_andnot_si128(m_reg, other.m_reg)); } SIMD_SSE2 bswap() const @@ -137,8 +137,8 @@ class SIMD_SSE2 T = _mm_shufflehi_epi16(T, _MM_SHUFFLE(2, 3, 0, 1)); T = _mm_shufflelo_epi16(T, _MM_SHUFFLE(2, 3, 0, 1)); - return _mm_or_si128(_mm_srli_epi16(T, 8), - _mm_slli_epi16(T, 8)); + return SIMD_SSE2(_mm_or_si128(_mm_srli_epi16(T, 8), + _mm_slli_epi16(T, 8))); } static void transpose(SIMD_SSE2& B0, SIMD_SSE2& B1, @@ -155,7 +155,7 @@ class SIMD_SSE2 } private: - SIMD_SSE2(__m128i in) { m_reg = in; } + explicit SIMD_SSE2(__m128i in) { m_reg = in; } __m128i m_reg; }; |