diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/fuzzer/mem_pool.cpp | 79 | ||||
-rw-r--r-- | src/lib/asn1/ber_dec.h | 2 | ||||
-rw-r--r-- | src/lib/block/threefish_512/threefish_512_avx2/threefish_512_avx2.cpp | 12 | ||||
-rw-r--r-- | src/lib/block/xtea/xtea.cpp | 4 | ||||
-rw-r--r-- | src/lib/pk_pad/emsa.cpp | 4 | ||||
-rw-r--r-- | src/lib/pubkey/ecies/ecies.cpp | 6 | ||||
-rw-r--r-- | src/lib/rng/hmac_drbg/hmac_drbg.h | 42 | ||||
-rw-r--r-- | src/lib/tls/tls_cbc/tls_cbc.cpp | 30 | ||||
-rw-r--r-- | src/lib/tls/tls_policy.cpp | 4 | ||||
-rw-r--r-- | src/lib/utils/mem_pool/mem_pool.cpp | 3 | ||||
-rw-r--r-- | src/lib/utils/os_utils.cpp | 2 | ||||
-rw-r--r-- | src/lib/x509/ocsp.cpp | 2 | ||||
-rw-r--r-- | src/lib/x509/x509path.cpp | 2 | ||||
-rw-r--r-- | src/lib/x509/x509path.h | 2 | ||||
-rw-r--r-- | src/tests/test_certstor.cpp | 4 | ||||
-rw-r--r-- | src/tests/test_ffi.cpp | 3 | ||||
-rw-r--r-- | src/tests/test_ocsp.cpp | 6 | ||||
-rw-r--r-- | src/tests/test_x509_path.cpp | 4 |
18 files changed, 131 insertions, 80 deletions
diff --git a/src/fuzzer/mem_pool.cpp b/src/fuzzer/mem_pool.cpp index d6305997d..0bd35031d 100644 --- a/src/fuzzer/mem_pool.cpp +++ b/src/fuzzer/mem_pool.cpp @@ -11,6 +11,8 @@ #include <map> #include <utility> +#include <stdlib.h> + namespace { size_t compute_expected_alignment(size_t plen) @@ -25,19 +27,71 @@ size_t compute_expected_alignment(size_t plen) } } +struct RawPage + { + public: + RawPage(void* p) : m_p(p) {} + ~RawPage() { std::free(m_p); } + + RawPage(const RawPage& other) = default; + RawPage& operator=(const RawPage& other) = default; + + RawPage(RawPage&& other) : m_p(nullptr) + { + std::swap(m_p, other.m_p); + } + + RawPage& operator=(RawPage&& other) + { + if(this != &other) + { + std::swap(m_p, other.m_p); + } + return (*this); + } + + void* ptr() const { return m_p; } + private: + void* m_p; + }; + +std::vector<RawPage> allocate_raw_pages(size_t count, size_t page_size) + { + std::vector<RawPage> pages; + pages.reserve(count); + + for(size_t i = 0; i != count; ++i) + { + void* ptr = nullptr; + + ::posix_memalign(&ptr, page_size, page_size); + + if(ptr) + { + fprintf(stderr, "%p\n", ptr); + pages.push_back(RawPage(ptr)); + } + } + + return pages; + } + } void fuzz(const uint8_t in[], size_t in_len) { + const size_t page_count = 4; const size_t page_size = 4096; - static std::vector<void*> raw_mem{malloc(page_size), - malloc(page_size), - malloc(page_size), - malloc(page_size)}; + // static to avoid repeated allocations + static std::vector<RawPage> raw_mem = allocate_raw_pages(page_count, page_size); + std::vector<void*> mem_pages; + mem_pages.reserve(raw_mem.size()); + for(size_t i = 0; i != raw_mem.size(); ++i) + mem_pages.push_back(raw_mem[i].ptr()); - Botan::Memory_Pool pool(raw_mem, page_size); + Botan::Memory_Pool pool(mem_pages, page_size); std::map<uint8_t*, size_t> ptrs; while(in_len > 0) @@ -64,9 +118,11 @@ void fuzz(const uint8_t in[], size_t in_len) if(p) { const size_t expected_alignment = compute_expected_alignment(plen); - if(reinterpret_cast<uintptr_t>(p) % expected_alignment != 0) + const size_t alignment = reinterpret_cast<uintptr_t>(p) % expected_alignment; + if(alignment != 0) { - FUZZER_WRITE_AND_CRASH("Pointer allocated non-aligned pointer " << p); + FUZZER_WRITE_AND_CRASH("Pointer allocated non-aligned pointer " << static_cast<void*>(p) << " for len " << plen + << " expected " << expected_alignment << " got " << alignment); } //printf("alloc %d -> %p\n", plen, p); @@ -85,7 +141,7 @@ void fuzz(const uint8_t in[], size_t in_len) auto insert = ptrs.insert(std::make_pair(p, plen)); if(insert.second == false) { - FUZZER_WRITE_AND_CRASH("Pointer " << p << " already existed\n"); + FUZZER_WRITE_AND_CRASH("Pointer " << static_cast<void*>(p) << " already existed\n"); } auto itr = insert.first; @@ -98,8 +154,8 @@ void fuzz(const uint8_t in[], size_t in_len) if(ptr_before.first + ptr_before.second > p) { - FUZZER_WRITE_AND_CRASH("Previous " << ptr_before.first << "/" << ptr_before.second << - " overlaps with new " << p); + FUZZER_WRITE_AND_CRASH("Previous " << static_cast<void*>(ptr_before.first) << "/" << ptr_before.second << + " overlaps with new " << static_cast<void*>(p)); } } @@ -109,7 +165,8 @@ void fuzz(const uint8_t in[], size_t in_len) { if(p + plen > after->first) { - FUZZER_WRITE_AND_CRASH("New " << p << "/" << plen << " overlaps following " << after->first); + FUZZER_WRITE_AND_CRASH("New " << static_cast<void*>(p) << "/" << plen + << " overlaps following " << static_cast<void*>(after->first)); } } } diff --git a/src/lib/asn1/ber_dec.h b/src/lib/asn1/ber_dec.h index 0f2fb4607..b2fd61ffd 100644 --- a/src/lib/asn1/ber_dec.h +++ b/src/lib/asn1/ber_dec.h @@ -125,7 +125,7 @@ class BOTAN_PUBLIC_API(2,0) BER_Decoder final * @param out POD type reference where to copy object value * @param type_tag ASN1_Tag enum to assert type on object read * @param class_tag ASN1_Tag enum to assert class on object read (default: CONTEXT_SPECIFIC) - * @return this reference + * @return this reference */ template <typename T> BER_Decoder& get_next_value(T &out, diff --git a/src/lib/block/threefish_512/threefish_512_avx2/threefish_512_avx2.cpp b/src/lib/block/threefish_512/threefish_512_avx2/threefish_512_avx2.cpp index cbdd09c20..0ceea2d7f 100644 --- a/src/lib/block/threefish_512/threefish_512_avx2/threefish_512_avx2.cpp +++ b/src/lib/block/threefish_512/threefish_512_avx2/threefish_512_avx2.cpp @@ -60,13 +60,13 @@ inline void rotate_keys(__m256i& R0, __m256i& R1, __m256i R2) X0 is X2 from the last round X1 becomes (X0[4],X1[1:3]) X2 becomes (X1[4],X2[1:3]) - - Uses 3 permutes and 2 blends, is there a faster way? + + Uses 3 permutes and 2 blends, is there a faster way? */ __m256i T0 = _mm256_permute4x64_epi64(R0, _MM_SHUFFLE(0,0,0,0)); __m256i T1 = _mm256_permute4x64_epi64(R1, _MM_SHUFFLE(0,3,2,1)); __m256i T2 = _mm256_permute4x64_epi64(R2, _MM_SHUFFLE(0,3,2,1)); - + R0 = _mm256_blend_epi32(T1, T0, 0xC0); R1 = _mm256_blend_epi32(T2, T1, 0xC0); } @@ -180,7 +180,7 @@ void Threefish_512::avx2_encrypt_n(const uint8_t in[], uint8_t out[], size_t blo const __m256i* in_mm = reinterpret_cast<const __m256i*>(in); __m256i* out_mm = reinterpret_cast<__m256i*>(out); - + while(blocks >= 2) { __m256i X0 = _mm256_loadu_si256(in_mm++); @@ -215,7 +215,7 @@ void Threefish_512::avx2_encrypt_n(const uint8_t in[], uint8_t out[], size_t blo blocks -= 2; } - + for(size_t i = 0; i != blocks; ++i) { __m256i X0 = _mm256_loadu_si256(in_mm++); @@ -403,7 +403,7 @@ void Threefish_512::avx2_decrypt_n(const uint8_t in[], uint8_t out[], size_t blo blocks -= 2; } - + for(size_t i = 0; i != blocks; ++i) { __m256i X0 = _mm256_loadu_si256(in_mm++); diff --git a/src/lib/block/xtea/xtea.cpp b/src/lib/block/xtea/xtea.cpp index 679ad4cfb..7d815529f 100644 --- a/src/lib/block/xtea/xtea.cpp +++ b/src/lib/block/xtea/xtea.cpp @@ -42,7 +42,7 @@ void XTEA::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const store_be(out + 4*BLOCK_SIZE*i, L0, R0, L1, R1, L2, R2, L3, R3); } - + BOTAN_PARALLEL_FOR(size_t i = 0; i < blocks_left; ++i) { uint32_t L, R; @@ -90,7 +90,7 @@ void XTEA::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const store_be(out + 4*BLOCK_SIZE*i, L0, R0, L1, R1, L2, R2, L3, R3); } - + BOTAN_PARALLEL_FOR(size_t i = 0; i < blocks_left; ++i) { uint32_t L, R; diff --git a/src/lib/pk_pad/emsa.cpp b/src/lib/pk_pad/emsa.cpp index eaae898f3..4b02776c2 100644 --- a/src/lib/pk_pad/emsa.cpp +++ b/src/lib/pk_pad/emsa.cpp @@ -100,7 +100,7 @@ EMSA* get_emsa(const std::string& algo_spec) } } } - + if(req.algo_name() == "PSS" || req.algo_name() == "PSSR" || req.algo_name() == "EMSA-PSS" || @@ -200,5 +200,3 @@ std::string hash_for_emsa(const std::string& algo_spec) } } - - diff --git a/src/lib/pubkey/ecies/ecies.cpp b/src/lib/pubkey/ecies/ecies.cpp index 864e0b72a..54055de7a 100644 --- a/src/lib/pubkey/ecies/ecies.cpp +++ b/src/lib/pubkey/ecies/ecies.cpp @@ -240,7 +240,7 @@ ECIES_Encryptor::ECIES_Encryptor(const PK_Key_Agreement_Key& private_key, { if(ecies_params.compression_type() != PointGFp::UNCOMPRESSED) { - // ISO 18033: step d + // ISO 18033: step d // convert only if necessary; m_eph_public_key_bin has been initialized with the uncompressed format m_eph_public_key_bin = m_params.domain().OS2ECP(m_eph_public_key_bin).encode(ecies_params.compression_type()); } @@ -372,7 +372,7 @@ secure_vector<uint8_t> ECIES_Decryptor::do_decrypt(uint8_t& valid_mask, const ui throw Decoding_Error("ECIES decryption: received public key is not on the curve"); } - // ISO 18033: step e (and step f because get_affine_x (called by ECDH_KA_Operation::raw_agree) + // ISO 18033: step e (and step f because get_affine_x (called by ECDH_KA_Operation::raw_agree) // throws Illegal_Transformation if the point is zero) const SymmetricKey secret_key = m_ka.derive_secret(other_public_key_bin, other_public_key); @@ -395,7 +395,7 @@ secure_vector<uint8_t> ECIES_Decryptor::do_decrypt(uint8_t& valid_mask, const ui { m_cipher->start(m_iv.bits_of()); } - + try { // the decryption can fail: diff --git a/src/lib/rng/hmac_drbg/hmac_drbg.h b/src/lib/rng/hmac_drbg/hmac_drbg.h index edf38b684..6ead498fc 100644 --- a/src/lib/rng/hmac_drbg/hmac_drbg.h +++ b/src/lib/rng/hmac_drbg/hmac_drbg.h @@ -44,16 +44,16 @@ class BOTAN_PUBLIC_API(2,0) HMAC_DRBG final : public Stateful_RNG * to perform the periodic reseeding * @param reseed_interval specifies a limit of how many times * the RNG will be called before automatic reseeding is performed - * @param max_number_of_bytes_per_request requests that are in size higher - * than max_number_of_bytes_per_request are treated as if multiple single + * @param max_number_of_bytes_per_request requests that are in size higher + * than max_number_of_bytes_per_request are treated as if multiple single * requests of max_number_of_bytes_per_request size had been made. * In theory SP 800-90A requires that we reject any request for a DRBG * output longer than max_number_of_bytes_per_request. To avoid inconveniencing - * the caller who wants an output larger than max_number_of_bytes_per_request, - * instead treat these requests as if multiple requests of - * max_number_of_bytes_per_request size had been made. NIST requires for - * HMAC_DRBG that every implementation set a value no more than 2**19 bits - * (or 64 KiB). Together with @p reseed_interval = 1 you can enforce that for + * the caller who wants an output larger than max_number_of_bytes_per_request, + * instead treat these requests as if multiple requests of + * max_number_of_bytes_per_request size had been made. NIST requires for + * HMAC_DRBG that every implementation set a value no more than 2**19 bits + * (or 64 KiB). Together with @p reseed_interval = 1 you can enforce that for * example every 512 bit automatic reseeding occurs. */ HMAC_DRBG(std::unique_ptr<MessageAuthenticationCode> prf, @@ -71,16 +71,16 @@ class BOTAN_PUBLIC_API(2,0) HMAC_DRBG final : public Stateful_RNG * @param entropy_sources will be polled to perform reseeding periodically * @param reseed_interval specifies a limit of how many times * the RNG will be called before automatic reseeding is performed. - * @param max_number_of_bytes_per_request requests that are in size higher - * than max_number_of_bytes_per_request are treated as if multiple single + * @param max_number_of_bytes_per_request requests that are in size higher + * than max_number_of_bytes_per_request are treated as if multiple single * requests of max_number_of_bytes_per_request size had been made. * In theory SP 800-90A requires that we reject any request for a DRBG * output longer than max_number_of_bytes_per_request. To avoid inconveniencing - * the caller who wants an output larger than max_number_of_bytes_per_request, - * instead treat these requests as if multiple requests of - * max_number_of_bytes_per_request size had been made. NIST requires for - * HMAC_DRBG that every implementation set a value no more than 2**19 bits - * (or 64 KiB). Together with @p reseed_interval = 1 you can enforce that for + * the caller who wants an output larger than max_number_of_bytes_per_request, + * instead treat these requests as if multiple requests of + * max_number_of_bytes_per_request size had been made. NIST requires for + * HMAC_DRBG that every implementation set a value no more than 2**19 bits + * (or 64 KiB). Together with @p reseed_interval = 1 you can enforce that for * example every 512 bit automatic reseeding occurs. */ HMAC_DRBG(std::unique_ptr<MessageAuthenticationCode> prf, @@ -101,16 +101,16 @@ class BOTAN_PUBLIC_API(2,0) HMAC_DRBG final : public Stateful_RNG * @param entropy_sources will be polled to perform reseeding periodically * @param reseed_interval specifies a limit of how many times * the RNG will be called before automatic reseeding is performed. - * @param max_number_of_bytes_per_request requests that are in size higher - * than max_number_of_bytes_per_request are treated as if multiple single + * @param max_number_of_bytes_per_request requests that are in size higher + * than max_number_of_bytes_per_request are treated as if multiple single * requests of max_number_of_bytes_per_request size had been made. * In theory SP 800-90A requires that we reject any request for a DRBG * output longer than max_number_of_bytes_per_request. To avoid inconveniencing - * the caller who wants an output larger than max_number_of_bytes_per_request, - * instead treat these requests as if multiple requests of - * max_number_of_bytes_per_request size had been made. NIST requires for - * HMAC_DRBG that every implementation set a value no more than 2**19 bits - * (or 64 KiB). Together with @p reseed_interval = 1 you can enforce that for + * the caller who wants an output larger than max_number_of_bytes_per_request, + * instead treat these requests as if multiple requests of + * max_number_of_bytes_per_request size had been made. NIST requires for + * HMAC_DRBG that every implementation set a value no more than 2**19 bits + * (or 64 KiB). Together with @p reseed_interval = 1 you can enforce that for * example every 512 bit automatic reseeding occurs. */ HMAC_DRBG(std::unique_ptr<MessageAuthenticationCode> prf, diff --git a/src/lib/tls/tls_cbc/tls_cbc.cpp b/src/lib/tls/tls_cbc/tls_cbc.cpp index d63729611..aa54194a3 100644 --- a/src/lib/tls/tls_cbc/tls_cbc.cpp +++ b/src/lib/tls/tls_cbc/tls_cbc.cpp @@ -269,46 +269,46 @@ size_t TLS_CBC_HMAC_AEAD_Decryption::output_length(size_t) const } /* -* This function performs additional compression calls in order -* to protect from the Lucky 13 attack. It adds new compression +* This function performs additional compression calls in order +* to protect from the Lucky 13 attack. It adds new compression * function calls over dummy data, by computing additional HMAC updates. * * The countermeasure was described (in a similar way) in the Lucky 13 paper. -* +* * Background: * - One SHA-1/SHA-256 compression is performed with 64 bytes of data. * - HMAC adds 8 byte length field and padding (at least 1 byte) so that we have: * - 0 - 55 bytes: 1 compression * - 56 - 55+64 bytes: 2 compressions * - 56+64 - 55+2*64 bytes: 3 compressions ... -* - For SHA-384, this works similarly, but we have 128 byte blocks and 16 byte +* - For SHA-384, this works similarly, but we have 128 byte blocks and 16 byte * long length field. This results in: * - 0 - 111 bytes: 1 compression * - 112 - 111+128 bytes: 2 compressions ... -* +* * The implemented countermeasure works as follows: * 1) It computes max_compressions: number of maximum compressions performed on * the decrypted data -* 2) It computes current_compressions: number of compressions performed on the +* 2) It computes current_compressions: number of compressions performed on the * decrypted data, after padding has been removed -* 3) If current_compressions != max_compressions: It invokes an HMAC update -* over dummy data so that (max_compressions - current_compressions) +* 3) If current_compressions != max_compressions: It invokes an HMAC update +* over dummy data so that (max_compressions - current_compressions) * compressions are performed. Otherwise, it invokes an HMAC update so that * no compressions are performed. -* +* * Note that the padding validation in Botan is always performed over * min(plen,256) bytes, see the function check_tls_cbc_padding. This differs * from the countermeasure described in the paper. -* +* * Note that the padding length padlen does also count the last byte * of the decrypted plaintext. This is different from the Lucky 13 paper. -* -* This countermeasure leaves a difference of about 100 clock cycles (in +* +* This countermeasure leaves a difference of about 100 clock cycles (in * comparison to >1000 clock cycles observed without it). -* +* * plen represents the length of the decrypted plaintext message P * padlen represents the padding length -* +* */ void TLS_CBC_HMAC_AEAD_Decryption::perform_additional_compressions(size_t plen, size_t padlen) { @@ -327,7 +327,7 @@ void TLS_CBC_HMAC_AEAD_Decryption::perform_additional_compressions(size_t plen, // number of maximum MACed bytes const uint16_t L1 = static_cast<uint16_t>(13 + plen - tag_size()); // number of current MACed bytes (L1 - padlen) - // Here the Lucky 13 paper is different because the padlen length in the paper + // Here the Lucky 13 paper is different because the padlen length in the paper // does not count the last message byte. const uint16_t L2 = static_cast<uint16_t>(13 + plen - padlen - tag_size()); // From the paper, for SHA-256/SHA-1 compute: ceil((L1-55)/64) and ceil((L2-55)/64) diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp index 4c6c32d5d..4caaf623a 100644 --- a/src/lib/tls/tls_policy.cpp +++ b/src/lib/tls/tls_policy.cpp @@ -257,7 +257,7 @@ void Policy::check_peer_key_acceptable(const Public_Key& public_key) const if(keylength < expected_keylength) throw TLS_Exception(Alert::INSUFFICIENT_SECURITY, - "Peer sent " + + "Peer sent " + std::to_string(keylength) + " bit " + algo_name + " key" ", policy requires at least " + std::to_string(expected_keylength)); @@ -276,7 +276,7 @@ bool Policy::send_fallback_scsv(Protocol_Version version) const bool Policy::acceptable_protocol_version(Protocol_Version version) const { // Uses boolean optimization: - // First check the current version (left part), then if it is allowed + // First check the current version (left part), then if it is allowed // (right part) // checks are ordered according to their probability return ( diff --git a/src/lib/utils/mem_pool/mem_pool.cpp b/src/lib/utils/mem_pool/mem_pool.cpp index e4a873ad5..cd49c1e33 100644 --- a/src/lib/utils/mem_pool/mem_pool.cpp +++ b/src/lib/utils/mem_pool/mem_pool.cpp @@ -166,10 +166,7 @@ class BitMap final enum { BITMASK_BITS = BOTAN_MP_WORD_BITS }; #endif - static const size_t m_last_free_npos = -1; - size_t m_len; - size_t m_last_free; bitmask_type m_main_mask; bitmask_type m_last_mask; std::vector<bitmask_type> m_bits; diff --git a/src/lib/utils/os_utils.cpp b/src/lib/utils/os_utils.cpp index f373ece99..f64b85c18 100644 --- a/src/lib/utils/os_utils.cpp +++ b/src/lib/utils/os_utils.cpp @@ -303,7 +303,7 @@ size_t OS::get_memory_locking_limit() // According to Microsoft MSDN: // The maximum number of pages that a process can lock is equal to the number of pages in its minimum working set minus a small overhead - // In the book "Windows Internals Part 2": the maximum lockable pages are minimum working set size - 8 pages + // In the book "Windows Internals Part 2": the maximum lockable pages are minimum working set size - 8 pages // But the information in the book seems to be inaccurate/outdated // I've tested this on Windows 8.1 x64, Windows 10 x64 and Windows 7 x86 // On all three OS the value is 11 instead of 8 diff --git a/src/lib/x509/ocsp.cpp b/src/lib/x509/ocsp.cpp index 62d814702..de229d412 100644 --- a/src/lib/x509/ocsp.cpp +++ b/src/lib/x509/ocsp.cpp @@ -158,7 +158,7 @@ Certificate_Status_Code Response::verify_signature(const X509_Certificate& issue { if (m_responses.empty()) return m_dummy_response_status; - + try { std::unique_ptr<Public_Key> pub_key(issuer.subject_public_key()); diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp index 9fed87f60..9d886ca7a 100644 --- a/src/lib/x509/x509path.cpp +++ b/src/lib/x509/x509path.cpp @@ -1029,7 +1029,7 @@ bool Path_Validation_Result::successful_validation() const bool Path_Validation_Result::no_warnings() const { - for(auto status_set_i : m_warnings) + for(auto status_set_i : m_warnings) if(!status_set_i.empty()) return false; return true; diff --git a/src/lib/x509/x509path.h b/src/lib/x509/x509path.h index 79ae02a10..841f1a8ef 100644 --- a/src/lib/x509/x509path.h +++ b/src/lib/x509/x509path.h @@ -205,7 +205,7 @@ class BOTAN_PUBLIC_API(2,0) Path_Validation_Result final * @param ocsp_resp additional OCSP responses to consider (eg from peer) * @return result of the path validation * note: when enabled, OCSP check is softfail by default: if the OCSP server is not -* reachable, Path_Validation_Result::successful_validation() will return true. +* reachable, Path_Validation_Result::successful_validation() will return true. * Hardfail OCSP check can be achieve by also calling Path_Validation_Result::no_warnings(). */ Path_Validation_Result BOTAN_PUBLIC_API(2,0) x509_path_validate( diff --git a/src/tests/test_certstor.cpp b/src/tests/test_certstor.cpp index 185c6a64b..c05772561 100644 --- a/src/tests/test_certstor.cpp +++ b/src/tests/test_certstor.cpp @@ -334,7 +334,7 @@ Test::Result test_certstor_find_hash_subject(const std::vector<CertificateAndKey Test::Result test_certstor_load_allcert() { Test::Result result("Certificate Store - Load every cert of every files"); - // test_dir_bundled dir should contain only one file with 2 certificates + // test_dir_bundled dir should contain only one file with 2 certificates // concatenated (ValidCert and root) const std::string test_dir_bundled = Test::data_dir() + "/x509/misc/bundledcertdir"; @@ -343,7 +343,7 @@ Test::Result test_certstor_load_allcert() result.test_note("load certs from dir: " + test_dir_bundled); // Certificate_Store_In_Memory constructor loads every cert of every files of the dir. Botan::Certificate_Store_In_Memory store(test_dir_bundled); - + // X509_Certificate constructor loads only the first certificate found in the file. Botan::X509_Certificate root_cert(Test::data_dir() + "/x509/x509test/root.pem"); Botan::X509_Certificate valid_cert(Test::data_dir() + "/x509/x509test/ValidCert.pem"); diff --git a/src/tests/test_ffi.cpp b/src/tests/test_ffi.cpp index 58b491a9a..ce9dc94d5 100644 --- a/src/tests/test_ffi.cpp +++ b/src/tests/test_ffi.cpp @@ -1237,7 +1237,7 @@ class FFI_Unit_Tests final : public Test str_len = sizeof(str_buf); TEST_FFI_OK(botan_mp_to_str, (x, 10, str_buf, &str_len)); result.test_eq("botan_mp_add", std::string(str_buf), "259"); - + TEST_FFI_RC(1, botan_mp_is_odd, (x)); TEST_FFI_RC(0, botan_mp_is_even, (x)); TEST_FFI_RC(0, botan_mp_is_negative, (x)); @@ -2708,4 +2708,3 @@ BOTAN_REGISTER_TEST("ffi", FFI_Unit_Tests); } } - diff --git a/src/tests/test_ocsp.cpp b/src/tests/test_ocsp.cpp index 3b681e193..753e4455b 100644 --- a/src/tests/test_ocsp.cpp +++ b/src/tests/test_ocsp.cpp @@ -11,7 +11,7 @@ #include <botan/x509path.h> #include <botan/certstor.h> #include <botan/calendar.h> - #include <botan/cert_status.h> + #include <botan/cert_status.h> #include <fstream> #endif @@ -164,7 +164,7 @@ class OCSP_Tests final : public Test const std::vector<std::shared_ptr<const Botan::X509_Certificate>> cert_path = { ee, ca, trust_root }; - std::shared_ptr<const Botan::OCSP::Response> ocsp = + std::shared_ptr<const Botan::OCSP::Response> ocsp = std::make_shared<const Botan::OCSP::Response>(Botan::Certificate_Status_Code::OSCP_NO_REVOCATION_URL); Botan::Certificate_Store_In_Memory certstore; @@ -177,7 +177,7 @@ class OCSP_Tests final : public Test if(result.test_eq("Expected size of ocsp_status", ocsp_status.size(), 1)) { if(result.test_eq("Expected size of ocsp_status[0]", ocsp_status[0].size(), 1)) - { + { result.confirm("Status warning", ocsp_status[0].count(Botan::Certificate_Status_Code::OSCP_NO_REVOCATION_URL)); } } diff --git a/src/tests/test_x509_path.cpp b/src/tests/test_x509_path.cpp index e86c7b70f..0e9f8eba0 100644 --- a/src/tests/test_x509_path.cpp +++ b/src/tests/test_x509_path.cpp @@ -135,7 +135,7 @@ class X509test_Path_Validation_Tests final : public Test Botan::Path_Validation_Result path_result = Botan::x509_path_validate( certs, restrictions, trusted, "www.tls.test", Botan::Usage_Type::TLS_SERVER_AUTH, - validation_time, + validation_time, /* activate check_ocsp_online */ std::chrono::milliseconds(1000), {}); if(path_result.successful_validation() && path_result.trust_root() != root) @@ -152,7 +152,7 @@ class X509test_Path_Validation_Tests final : public Test result.test_eq("test warnings string", path_result.warnings_string(), "[0] OCSP URL not available"); #endif result.end_timer(); - results.push_back(result); + results.push_back(result); } return results; |