aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/fuzzer/mem_pool.cpp79
-rw-r--r--src/lib/asn1/ber_dec.h2
-rw-r--r--src/lib/block/threefish_512/threefish_512_avx2/threefish_512_avx2.cpp12
-rw-r--r--src/lib/block/xtea/xtea.cpp4
-rw-r--r--src/lib/pk_pad/emsa.cpp4
-rw-r--r--src/lib/pubkey/ecies/ecies.cpp6
-rw-r--r--src/lib/rng/hmac_drbg/hmac_drbg.h42
-rw-r--r--src/lib/tls/tls_cbc/tls_cbc.cpp30
-rw-r--r--src/lib/tls/tls_policy.cpp4
-rw-r--r--src/lib/utils/mem_pool/mem_pool.cpp3
-rw-r--r--src/lib/utils/os_utils.cpp2
-rw-r--r--src/lib/x509/ocsp.cpp2
-rw-r--r--src/lib/x509/x509path.cpp2
-rw-r--r--src/lib/x509/x509path.h2
-rw-r--r--src/tests/test_certstor.cpp4
-rw-r--r--src/tests/test_ffi.cpp3
-rw-r--r--src/tests/test_ocsp.cpp6
-rw-r--r--src/tests/test_x509_path.cpp4
18 files changed, 131 insertions, 80 deletions
diff --git a/src/fuzzer/mem_pool.cpp b/src/fuzzer/mem_pool.cpp
index d6305997d..0bd35031d 100644
--- a/src/fuzzer/mem_pool.cpp
+++ b/src/fuzzer/mem_pool.cpp
@@ -11,6 +11,8 @@
#include <map>
#include <utility>
+#include <stdlib.h>
+
namespace {
size_t compute_expected_alignment(size_t plen)
@@ -25,19 +27,71 @@ size_t compute_expected_alignment(size_t plen)
}
}
+struct RawPage
+ {
+ public:
+ RawPage(void* p) : m_p(p) {}
+ ~RawPage() { std::free(m_p); }
+
+ RawPage(const RawPage& other) = default;
+ RawPage& operator=(const RawPage& other) = default;
+
+ RawPage(RawPage&& other) : m_p(nullptr)
+ {
+ std::swap(m_p, other.m_p);
+ }
+
+ RawPage& operator=(RawPage&& other)
+ {
+ if(this != &other)
+ {
+ std::swap(m_p, other.m_p);
+ }
+ return (*this);
+ }
+
+ void* ptr() const { return m_p; }
+ private:
+ void* m_p;
+ };
+
+std::vector<RawPage> allocate_raw_pages(size_t count, size_t page_size)
+ {
+ std::vector<RawPage> pages;
+ pages.reserve(count);
+
+ for(size_t i = 0; i != count; ++i)
+ {
+ void* ptr = nullptr;
+
+ ::posix_memalign(&ptr, page_size, page_size);
+
+ if(ptr)
+ {
+ fprintf(stderr, "%p\n", ptr);
+ pages.push_back(RawPage(ptr));
+ }
+ }
+
+ return pages;
+ }
+
}
void fuzz(const uint8_t in[], size_t in_len)
{
+ const size_t page_count = 4;
const size_t page_size = 4096;
- static std::vector<void*> raw_mem{malloc(page_size),
- malloc(page_size),
- malloc(page_size),
- malloc(page_size)};
+ // static to avoid repeated allocations
+ static std::vector<RawPage> raw_mem = allocate_raw_pages(page_count, page_size);
+ std::vector<void*> mem_pages;
+ mem_pages.reserve(raw_mem.size());
+ for(size_t i = 0; i != raw_mem.size(); ++i)
+ mem_pages.push_back(raw_mem[i].ptr());
- Botan::Memory_Pool pool(raw_mem, page_size);
+ Botan::Memory_Pool pool(mem_pages, page_size);
std::map<uint8_t*, size_t> ptrs;
while(in_len > 0)
@@ -64,9 +118,11 @@ void fuzz(const uint8_t in[], size_t in_len)
if(p)
{
const size_t expected_alignment = compute_expected_alignment(plen);
- if(reinterpret_cast<uintptr_t>(p) % expected_alignment != 0)
+ const size_t alignment = reinterpret_cast<uintptr_t>(p) % expected_alignment;
+ if(alignment != 0)
{
- FUZZER_WRITE_AND_CRASH("Pointer allocated non-aligned pointer " << p);
+ FUZZER_WRITE_AND_CRASH("Pointer allocated non-aligned pointer " << static_cast<void*>(p) << " for len " << plen
+ << " expected " << expected_alignment << " got " << alignment);
}
//printf("alloc %d -> %p\n", plen, p);
@@ -85,7 +141,7 @@ void fuzz(const uint8_t in[], size_t in_len)
auto insert = ptrs.insert(std::make_pair(p, plen));
if(insert.second == false)
{
- FUZZER_WRITE_AND_CRASH("Pointer " << p << " already existed\n");
+ FUZZER_WRITE_AND_CRASH("Pointer " << static_cast<void*>(p) << " already existed\n");
}
auto itr = insert.first;
@@ -98,8 +154,8 @@ void fuzz(const uint8_t in[], size_t in_len)
if(ptr_before.first + ptr_before.second > p)
{
- FUZZER_WRITE_AND_CRASH("Previous " << ptr_before.first << "/" << ptr_before.second <<
- " overlaps with new " << p);
+ FUZZER_WRITE_AND_CRASH("Previous " << static_cast<void*>(ptr_before.first) << "/" << ptr_before.second <<
+ " overlaps with new " << static_cast<void*>(p));
}
}
@@ -109,7 +165,8 @@ void fuzz(const uint8_t in[], size_t in_len)
{
if(p + plen > after->first)
{
- FUZZER_WRITE_AND_CRASH("New " << p << "/" << plen << " overlaps following " << after->first);
+ FUZZER_WRITE_AND_CRASH("New " << static_cast<void*>(p) << "/" << plen
+ << " overlaps following " << static_cast<void*>(after->first));
}
}
}
diff --git a/src/lib/asn1/ber_dec.h b/src/lib/asn1/ber_dec.h
index 0f2fb4607..b2fd61ffd 100644
--- a/src/lib/asn1/ber_dec.h
+++ b/src/lib/asn1/ber_dec.h
@@ -125,7 +125,7 @@ class BOTAN_PUBLIC_API(2,0) BER_Decoder final
* @param out POD type reference where to copy object value
* @param type_tag ASN1_Tag enum to assert type on object read
* @param class_tag ASN1_Tag enum to assert class on object read (default: CONTEXT_SPECIFIC)
- * @return this reference
+ * @return this reference
*/
template <typename T>
BER_Decoder& get_next_value(T &out,
diff --git a/src/lib/block/threefish_512/threefish_512_avx2/threefish_512_avx2.cpp b/src/lib/block/threefish_512/threefish_512_avx2/threefish_512_avx2.cpp
index cbdd09c20..0ceea2d7f 100644
--- a/src/lib/block/threefish_512/threefish_512_avx2/threefish_512_avx2.cpp
+++ b/src/lib/block/threefish_512/threefish_512_avx2/threefish_512_avx2.cpp
@@ -60,13 +60,13 @@ inline void rotate_keys(__m256i& R0, __m256i& R1, __m256i R2)
X0 is X2 from the last round
X1 becomes (X0[4],X1[1:3])
X2 becomes (X1[4],X2[1:3])
-
- Uses 3 permutes and 2 blends, is there a faster way?
+
+ Uses 3 permutes and 2 blends, is there a faster way?
*/
__m256i T0 = _mm256_permute4x64_epi64(R0, _MM_SHUFFLE(0,0,0,0));
__m256i T1 = _mm256_permute4x64_epi64(R1, _MM_SHUFFLE(0,3,2,1));
__m256i T2 = _mm256_permute4x64_epi64(R2, _MM_SHUFFLE(0,3,2,1));
-
+
R0 = _mm256_blend_epi32(T1, T0, 0xC0);
R1 = _mm256_blend_epi32(T2, T1, 0xC0);
}
@@ -180,7 +180,7 @@ void Threefish_512::avx2_encrypt_n(const uint8_t in[], uint8_t out[], size_t blo
const __m256i* in_mm = reinterpret_cast<const __m256i*>(in);
__m256i* out_mm = reinterpret_cast<__m256i*>(out);
-
+
while(blocks >= 2)
{
__m256i X0 = _mm256_loadu_si256(in_mm++);
@@ -215,7 +215,7 @@ void Threefish_512::avx2_encrypt_n(const uint8_t in[], uint8_t out[], size_t blo
blocks -= 2;
}
-
+
for(size_t i = 0; i != blocks; ++i)
{
__m256i X0 = _mm256_loadu_si256(in_mm++);
@@ -403,7 +403,7 @@ void Threefish_512::avx2_decrypt_n(const uint8_t in[], uint8_t out[], size_t blo
blocks -= 2;
}
-
+
for(size_t i = 0; i != blocks; ++i)
{
__m256i X0 = _mm256_loadu_si256(in_mm++);
diff --git a/src/lib/block/xtea/xtea.cpp b/src/lib/block/xtea/xtea.cpp
index 679ad4cfb..7d815529f 100644
--- a/src/lib/block/xtea/xtea.cpp
+++ b/src/lib/block/xtea/xtea.cpp
@@ -42,7 +42,7 @@ void XTEA::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const
store_be(out + 4*BLOCK_SIZE*i, L0, R0, L1, R1, L2, R2, L3, R3);
}
-
+
BOTAN_PARALLEL_FOR(size_t i = 0; i < blocks_left; ++i)
{
uint32_t L, R;
@@ -90,7 +90,7 @@ void XTEA::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const
store_be(out + 4*BLOCK_SIZE*i, L0, R0, L1, R1, L2, R2, L3, R3);
}
-
+
BOTAN_PARALLEL_FOR(size_t i = 0; i < blocks_left; ++i)
{
uint32_t L, R;
diff --git a/src/lib/pk_pad/emsa.cpp b/src/lib/pk_pad/emsa.cpp
index eaae898f3..4b02776c2 100644
--- a/src/lib/pk_pad/emsa.cpp
+++ b/src/lib/pk_pad/emsa.cpp
@@ -100,7 +100,7 @@ EMSA* get_emsa(const std::string& algo_spec)
}
}
}
-
+
if(req.algo_name() == "PSS" ||
req.algo_name() == "PSSR" ||
req.algo_name() == "EMSA-PSS" ||
@@ -200,5 +200,3 @@ std::string hash_for_emsa(const std::string& algo_spec)
}
}
-
-
diff --git a/src/lib/pubkey/ecies/ecies.cpp b/src/lib/pubkey/ecies/ecies.cpp
index 864e0b72a..54055de7a 100644
--- a/src/lib/pubkey/ecies/ecies.cpp
+++ b/src/lib/pubkey/ecies/ecies.cpp
@@ -240,7 +240,7 @@ ECIES_Encryptor::ECIES_Encryptor(const PK_Key_Agreement_Key& private_key,
{
if(ecies_params.compression_type() != PointGFp::UNCOMPRESSED)
{
- // ISO 18033: step d
+ // ISO 18033: step d
// convert only if necessary; m_eph_public_key_bin has been initialized with the uncompressed format
m_eph_public_key_bin = m_params.domain().OS2ECP(m_eph_public_key_bin).encode(ecies_params.compression_type());
}
@@ -372,7 +372,7 @@ secure_vector<uint8_t> ECIES_Decryptor::do_decrypt(uint8_t& valid_mask, const ui
throw Decoding_Error("ECIES decryption: received public key is not on the curve");
}
- // ISO 18033: step e (and step f because get_affine_x (called by ECDH_KA_Operation::raw_agree)
+ // ISO 18033: step e (and step f because get_affine_x (called by ECDH_KA_Operation::raw_agree)
// throws Illegal_Transformation if the point is zero)
const SymmetricKey secret_key = m_ka.derive_secret(other_public_key_bin, other_public_key);
@@ -395,7 +395,7 @@ secure_vector<uint8_t> ECIES_Decryptor::do_decrypt(uint8_t& valid_mask, const ui
{
m_cipher->start(m_iv.bits_of());
}
-
+
try
{
// the decryption can fail:
diff --git a/src/lib/rng/hmac_drbg/hmac_drbg.h b/src/lib/rng/hmac_drbg/hmac_drbg.h
index edf38b684..6ead498fc 100644
--- a/src/lib/rng/hmac_drbg/hmac_drbg.h
+++ b/src/lib/rng/hmac_drbg/hmac_drbg.h
@@ -44,16 +44,16 @@ class BOTAN_PUBLIC_API(2,0) HMAC_DRBG final : public Stateful_RNG
* to perform the periodic reseeding
* @param reseed_interval specifies a limit of how many times
* the RNG will be called before automatic reseeding is performed
- * @param max_number_of_bytes_per_request requests that are in size higher
- * than max_number_of_bytes_per_request are treated as if multiple single
+ * @param max_number_of_bytes_per_request requests that are in size higher
+ * than max_number_of_bytes_per_request are treated as if multiple single
* requests of max_number_of_bytes_per_request size had been made.
* In theory SP 800-90A requires that we reject any request for a DRBG
* output longer than max_number_of_bytes_per_request. To avoid inconveniencing
- * the caller who wants an output larger than max_number_of_bytes_per_request,
- * instead treat these requests as if multiple requests of
- * max_number_of_bytes_per_request size had been made. NIST requires for
- * HMAC_DRBG that every implementation set a value no more than 2**19 bits
- * (or 64 KiB). Together with @p reseed_interval = 1 you can enforce that for
+ * the caller who wants an output larger than max_number_of_bytes_per_request,
+ * instead treat these requests as if multiple requests of
+ * max_number_of_bytes_per_request size had been made. NIST requires for
+ * HMAC_DRBG that every implementation set a value no more than 2**19 bits
+ * (or 64 KiB). Together with @p reseed_interval = 1 you can enforce that for
* example every 512 bit automatic reseeding occurs.
*/
HMAC_DRBG(std::unique_ptr<MessageAuthenticationCode> prf,
@@ -71,16 +71,16 @@ class BOTAN_PUBLIC_API(2,0) HMAC_DRBG final : public Stateful_RNG
* @param entropy_sources will be polled to perform reseeding periodically
* @param reseed_interval specifies a limit of how many times
* the RNG will be called before automatic reseeding is performed.
- * @param max_number_of_bytes_per_request requests that are in size higher
- * than max_number_of_bytes_per_request are treated as if multiple single
+ * @param max_number_of_bytes_per_request requests that are in size higher
+ * than max_number_of_bytes_per_request are treated as if multiple single
* requests of max_number_of_bytes_per_request size had been made.
* In theory SP 800-90A requires that we reject any request for a DRBG
* output longer than max_number_of_bytes_per_request. To avoid inconveniencing
- * the caller who wants an output larger than max_number_of_bytes_per_request,
- * instead treat these requests as if multiple requests of
- * max_number_of_bytes_per_request size had been made. NIST requires for
- * HMAC_DRBG that every implementation set a value no more than 2**19 bits
- * (or 64 KiB). Together with @p reseed_interval = 1 you can enforce that for
+ * the caller who wants an output larger than max_number_of_bytes_per_request,
+ * instead treat these requests as if multiple requests of
+ * max_number_of_bytes_per_request size had been made. NIST requires for
+ * HMAC_DRBG that every implementation set a value no more than 2**19 bits
+ * (or 64 KiB). Together with @p reseed_interval = 1 you can enforce that for
* example every 512 bit automatic reseeding occurs.
*/
HMAC_DRBG(std::unique_ptr<MessageAuthenticationCode> prf,
@@ -101,16 +101,16 @@ class BOTAN_PUBLIC_API(2,0) HMAC_DRBG final : public Stateful_RNG
* @param entropy_sources will be polled to perform reseeding periodically
* @param reseed_interval specifies a limit of how many times
* the RNG will be called before automatic reseeding is performed.
- * @param max_number_of_bytes_per_request requests that are in size higher
- * than max_number_of_bytes_per_request are treated as if multiple single
+ * @param max_number_of_bytes_per_request requests that are in size higher
+ * than max_number_of_bytes_per_request are treated as if multiple single
* requests of max_number_of_bytes_per_request size had been made.
* In theory SP 800-90A requires that we reject any request for a DRBG
* output longer than max_number_of_bytes_per_request. To avoid inconveniencing
- * the caller who wants an output larger than max_number_of_bytes_per_request,
- * instead treat these requests as if multiple requests of
- * max_number_of_bytes_per_request size had been made. NIST requires for
- * HMAC_DRBG that every implementation set a value no more than 2**19 bits
- * (or 64 KiB). Together with @p reseed_interval = 1 you can enforce that for
+ * the caller who wants an output larger than max_number_of_bytes_per_request,
+ * instead treat these requests as if multiple requests of
+ * max_number_of_bytes_per_request size had been made. NIST requires for
+ * HMAC_DRBG that every implementation set a value no more than 2**19 bits
+ * (or 64 KiB). Together with @p reseed_interval = 1 you can enforce that for
* example every 512 bit automatic reseeding occurs.
*/
HMAC_DRBG(std::unique_ptr<MessageAuthenticationCode> prf,
diff --git a/src/lib/tls/tls_cbc/tls_cbc.cpp b/src/lib/tls/tls_cbc/tls_cbc.cpp
index d63729611..aa54194a3 100644
--- a/src/lib/tls/tls_cbc/tls_cbc.cpp
+++ b/src/lib/tls/tls_cbc/tls_cbc.cpp
@@ -269,46 +269,46 @@ size_t TLS_CBC_HMAC_AEAD_Decryption::output_length(size_t) const
}
/*
-* This function performs additional compression calls in order
-* to protect from the Lucky 13 attack. It adds new compression
+* This function performs additional compression calls in order
+* to protect from the Lucky 13 attack. It adds new compression
* function calls over dummy data, by computing additional HMAC updates.
*
* The countermeasure was described (in a similar way) in the Lucky 13 paper.
-*
+*
* Background:
* - One SHA-1/SHA-256 compression is performed with 64 bytes of data.
* - HMAC adds 8 byte length field and padding (at least 1 byte) so that we have:
* - 0 - 55 bytes: 1 compression
* - 56 - 55+64 bytes: 2 compressions
* - 56+64 - 55+2*64 bytes: 3 compressions ...
-* - For SHA-384, this works similarly, but we have 128 byte blocks and 16 byte
+* - For SHA-384, this works similarly, but we have 128 byte blocks and 16 byte
* long length field. This results in:
* - 0 - 111 bytes: 1 compression
* - 112 - 111+128 bytes: 2 compressions ...
-*
+*
* The implemented countermeasure works as follows:
* 1) It computes max_compressions: number of maximum compressions performed on
* the decrypted data
-* 2) It computes current_compressions: number of compressions performed on the
+* 2) It computes current_compressions: number of compressions performed on the
* decrypted data, after padding has been removed
-* 3) If current_compressions != max_compressions: It invokes an HMAC update
-* over dummy data so that (max_compressions - current_compressions)
+* 3) If current_compressions != max_compressions: It invokes an HMAC update
+* over dummy data so that (max_compressions - current_compressions)
* compressions are performed. Otherwise, it invokes an HMAC update so that
* no compressions are performed.
-*
+*
* Note that the padding validation in Botan is always performed over
* min(plen,256) bytes, see the function check_tls_cbc_padding. This differs
* from the countermeasure described in the paper.
-*
+*
* Note that the padding length padlen does also count the last byte
* of the decrypted plaintext. This is different from the Lucky 13 paper.
-*
-* This countermeasure leaves a difference of about 100 clock cycles (in
+*
+* This countermeasure leaves a difference of about 100 clock cycles (in
* comparison to >1000 clock cycles observed without it).
-*
+*
* plen represents the length of the decrypted plaintext message P
* padlen represents the padding length
-*
+*
*/
void TLS_CBC_HMAC_AEAD_Decryption::perform_additional_compressions(size_t plen, size_t padlen)
{
@@ -327,7 +327,7 @@ void TLS_CBC_HMAC_AEAD_Decryption::perform_additional_compressions(size_t plen,
// number of maximum MACed bytes
const uint16_t L1 = static_cast<uint16_t>(13 + plen - tag_size());
// number of current MACed bytes (L1 - padlen)
- // Here the Lucky 13 paper is different because the padlen length in the paper
+ // Here the Lucky 13 paper is different because the padlen length in the paper
// does not count the last message byte.
const uint16_t L2 = static_cast<uint16_t>(13 + plen - padlen - tag_size());
// From the paper, for SHA-256/SHA-1 compute: ceil((L1-55)/64) and ceil((L2-55)/64)
diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp
index 4c6c32d5d..4caaf623a 100644
--- a/src/lib/tls/tls_policy.cpp
+++ b/src/lib/tls/tls_policy.cpp
@@ -257,7 +257,7 @@ void Policy::check_peer_key_acceptable(const Public_Key& public_key) const
if(keylength < expected_keylength)
throw TLS_Exception(Alert::INSUFFICIENT_SECURITY,
- "Peer sent " +
+ "Peer sent " +
std::to_string(keylength) + " bit " + algo_name + " key"
", policy requires at least " +
std::to_string(expected_keylength));
@@ -276,7 +276,7 @@ bool Policy::send_fallback_scsv(Protocol_Version version) const
bool Policy::acceptable_protocol_version(Protocol_Version version) const
{
// Uses boolean optimization:
- // First check the current version (left part), then if it is allowed
+ // First check the current version (left part), then if it is allowed
// (right part)
// checks are ordered according to their probability
return (
diff --git a/src/lib/utils/mem_pool/mem_pool.cpp b/src/lib/utils/mem_pool/mem_pool.cpp
index e4a873ad5..cd49c1e33 100644
--- a/src/lib/utils/mem_pool/mem_pool.cpp
+++ b/src/lib/utils/mem_pool/mem_pool.cpp
@@ -166,10 +166,7 @@ class BitMap final
enum { BITMASK_BITS = BOTAN_MP_WORD_BITS };
#endif
- static const size_t m_last_free_npos = -1;
-
size_t m_len;
- size_t m_last_free;
bitmask_type m_main_mask;
bitmask_type m_last_mask;
std::vector<bitmask_type> m_bits;
diff --git a/src/lib/utils/os_utils.cpp b/src/lib/utils/os_utils.cpp
index f373ece99..f64b85c18 100644
--- a/src/lib/utils/os_utils.cpp
+++ b/src/lib/utils/os_utils.cpp
@@ -303,7 +303,7 @@ size_t OS::get_memory_locking_limit()
// According to Microsoft MSDN:
// The maximum number of pages that a process can lock is equal to the number of pages in its minimum working set minus a small overhead
- // In the book "Windows Internals Part 2": the maximum lockable pages are minimum working set size - 8 pages
+ // In the book "Windows Internals Part 2": the maximum lockable pages are minimum working set size - 8 pages
// But the information in the book seems to be inaccurate/outdated
// I've tested this on Windows 8.1 x64, Windows 10 x64 and Windows 7 x86
// On all three OS the value is 11 instead of 8
diff --git a/src/lib/x509/ocsp.cpp b/src/lib/x509/ocsp.cpp
index 62d814702..de229d412 100644
--- a/src/lib/x509/ocsp.cpp
+++ b/src/lib/x509/ocsp.cpp
@@ -158,7 +158,7 @@ Certificate_Status_Code Response::verify_signature(const X509_Certificate& issue
{
if (m_responses.empty())
return m_dummy_response_status;
-
+
try
{
std::unique_ptr<Public_Key> pub_key(issuer.subject_public_key());
diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp
index 9fed87f60..9d886ca7a 100644
--- a/src/lib/x509/x509path.cpp
+++ b/src/lib/x509/x509path.cpp
@@ -1029,7 +1029,7 @@ bool Path_Validation_Result::successful_validation() const
bool Path_Validation_Result::no_warnings() const
{
- for(auto status_set_i : m_warnings)
+ for(auto status_set_i : m_warnings)
if(!status_set_i.empty())
return false;
return true;
diff --git a/src/lib/x509/x509path.h b/src/lib/x509/x509path.h
index 79ae02a10..841f1a8ef 100644
--- a/src/lib/x509/x509path.h
+++ b/src/lib/x509/x509path.h
@@ -205,7 +205,7 @@ class BOTAN_PUBLIC_API(2,0) Path_Validation_Result final
* @param ocsp_resp additional OCSP responses to consider (eg from peer)
* @return result of the path validation
* note: when enabled, OCSP check is softfail by default: if the OCSP server is not
-* reachable, Path_Validation_Result::successful_validation() will return true.
+* reachable, Path_Validation_Result::successful_validation() will return true.
* Hardfail OCSP check can be achieve by also calling Path_Validation_Result::no_warnings().
*/
Path_Validation_Result BOTAN_PUBLIC_API(2,0) x509_path_validate(
diff --git a/src/tests/test_certstor.cpp b/src/tests/test_certstor.cpp
index 185c6a64b..c05772561 100644
--- a/src/tests/test_certstor.cpp
+++ b/src/tests/test_certstor.cpp
@@ -334,7 +334,7 @@ Test::Result test_certstor_find_hash_subject(const std::vector<CertificateAndKey
Test::Result test_certstor_load_allcert()
{
Test::Result result("Certificate Store - Load every cert of every files");
- // test_dir_bundled dir should contain only one file with 2 certificates
+ // test_dir_bundled dir should contain only one file with 2 certificates
// concatenated (ValidCert and root)
const std::string test_dir_bundled = Test::data_dir() + "/x509/misc/bundledcertdir";
@@ -343,7 +343,7 @@ Test::Result test_certstor_load_allcert()
result.test_note("load certs from dir: " + test_dir_bundled);
// Certificate_Store_In_Memory constructor loads every cert of every files of the dir.
Botan::Certificate_Store_In_Memory store(test_dir_bundled);
-
+
// X509_Certificate constructor loads only the first certificate found in the file.
Botan::X509_Certificate root_cert(Test::data_dir() + "/x509/x509test/root.pem");
Botan::X509_Certificate valid_cert(Test::data_dir() + "/x509/x509test/ValidCert.pem");
diff --git a/src/tests/test_ffi.cpp b/src/tests/test_ffi.cpp
index 58b491a9a..ce9dc94d5 100644
--- a/src/tests/test_ffi.cpp
+++ b/src/tests/test_ffi.cpp
@@ -1237,7 +1237,7 @@ class FFI_Unit_Tests final : public Test
str_len = sizeof(str_buf);
TEST_FFI_OK(botan_mp_to_str, (x, 10, str_buf, &str_len));
result.test_eq("botan_mp_add", std::string(str_buf), "259");
-
+
TEST_FFI_RC(1, botan_mp_is_odd, (x));
TEST_FFI_RC(0, botan_mp_is_even, (x));
TEST_FFI_RC(0, botan_mp_is_negative, (x));
@@ -2708,4 +2708,3 @@ BOTAN_REGISTER_TEST("ffi", FFI_Unit_Tests);
}
}
-
diff --git a/src/tests/test_ocsp.cpp b/src/tests/test_ocsp.cpp
index 3b681e193..753e4455b 100644
--- a/src/tests/test_ocsp.cpp
+++ b/src/tests/test_ocsp.cpp
@@ -11,7 +11,7 @@
#include <botan/x509path.h>
#include <botan/certstor.h>
#include <botan/calendar.h>
- #include <botan/cert_status.h>
+ #include <botan/cert_status.h>
#include <fstream>
#endif
@@ -164,7 +164,7 @@ class OCSP_Tests final : public Test
const std::vector<std::shared_ptr<const Botan::X509_Certificate>> cert_path = { ee, ca, trust_root };
- std::shared_ptr<const Botan::OCSP::Response> ocsp =
+ std::shared_ptr<const Botan::OCSP::Response> ocsp =
std::make_shared<const Botan::OCSP::Response>(Botan::Certificate_Status_Code::OSCP_NO_REVOCATION_URL);
Botan::Certificate_Store_In_Memory certstore;
@@ -177,7 +177,7 @@ class OCSP_Tests final : public Test
if(result.test_eq("Expected size of ocsp_status", ocsp_status.size(), 1))
{
if(result.test_eq("Expected size of ocsp_status[0]", ocsp_status[0].size(), 1))
- {
+ {
result.confirm("Status warning", ocsp_status[0].count(Botan::Certificate_Status_Code::OSCP_NO_REVOCATION_URL));
}
}
diff --git a/src/tests/test_x509_path.cpp b/src/tests/test_x509_path.cpp
index e86c7b70f..0e9f8eba0 100644
--- a/src/tests/test_x509_path.cpp
+++ b/src/tests/test_x509_path.cpp
@@ -135,7 +135,7 @@ class X509test_Path_Validation_Tests final : public Test
Botan::Path_Validation_Result path_result = Botan::x509_path_validate(
certs, restrictions, trusted,
"www.tls.test", Botan::Usage_Type::TLS_SERVER_AUTH,
- validation_time,
+ validation_time,
/* activate check_ocsp_online */ std::chrono::milliseconds(1000), {});
if(path_result.successful_validation() && path_result.trust_root() != root)
@@ -152,7 +152,7 @@ class X509test_Path_Validation_Tests final : public Test
result.test_eq("test warnings string", path_result.warnings_string(), "[0] OCSP URL not available");
#endif
result.end_timer();
- results.push_back(result);
+ results.push_back(result);
}
return results;