From dfa4bec30b8c05ecddf2494e7207edbd5696edca Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 5 Jun 2024 20:48:31 -0400 Subject: [PATCH 1/2] Fixes for clang-tidy 18 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: René Meusel --- src/bogo_shim/bogo_shim.cpp | 4 +- src/cli/math.cpp | 8 ++-- src/cli/timing_tests.cpp | 6 --- src/cli/tls_client.cpp | 7 ++- src/cli/tls_http_server.cpp | 21 ++++++--- src/cli/tls_proxy.cpp | 8 ++-- src/cli/x509.cpp | 2 - src/examples/dl_group.cpp | 10 +++-- src/examples/hmac.cpp | 6 ++- src/examples/password_encryption.cpp | 2 +- src/examples/tls_custom_curves_client.cpp | 2 + src/examples/tls_ssl_key_log_file.cpp | 12 +++-- src/examples/tls_stream_coroutine_client.cpp | 35 ++++++++------- src/lib/block/camellia/camellia.cpp | 11 ++++- src/lib/block/threefish_512/threefish_512.cpp | 36 +++++++-------- src/lib/codec/base32/base32.cpp | 22 +++++----- src/lib/codec/base64/base64.cpp | 20 ++++----- src/lib/hash/blake2s/blake2s.cpp | 2 +- src/lib/math/bigint/big_io.cpp | 2 + src/lib/math/bigint/bigint.cpp | 2 +- src/lib/math/bigint/bigint.h | 1 + src/lib/misc/roughtime/roughtime.cpp | 18 +++++--- src/lib/modes/aead/ocb/ocb.cpp | 1 + src/lib/prov/pkcs11/p11.h | 2 + src/lib/prov/pkcs11/p11_mechanism.cpp | 4 +- src/lib/pubkey/ec_group/ec_point.cpp | 4 +- src/lib/pubkey/ec_group/ec_point.h | 4 +- src/lib/pubkey/ecies/ecies.h | 1 + src/lib/pubkey/hss_lms/lms.cpp | 4 +- src/lib/pubkey/mce/code_based_key_gen.cpp | 11 +++-- src/lib/pubkey/mce/mce_workfactor.cpp | 7 +-- src/lib/pubkey/mce/polyn_gf2m.cpp | 2 +- src/lib/pubkey/mce/polyn_gf2m.h | 2 +- src/lib/pubkey/rsa/rsa.cpp | 16 +++---- .../sphincsplus_common/sphincsplus.cpp | 2 +- src/lib/pubkey/workfactor.cpp | 7 ++- src/lib/tls/msg_client_hello.cpp | 6 +-- src/lib/tls/msg_session_ticket.cpp | 2 +- src/lib/tls/tls12/msg_client_kex.cpp | 2 +- src/lib/tls/tls13/tls_channel_impl_13.cpp | 5 +-- src/lib/tls/tls13/tls_cipher_state.cpp | 2 +- src/lib/tls/tls13/tls_cipher_state.h | 2 +- src/lib/tls/tls13/tls_extensions_psk.cpp | 1 + src/lib/tls/tls13_pqc/kex_to_kem_adapter.cpp | 3 ++ src/lib/tls/tls_ciphersuite.cpp | 3 ++ src/lib/tls/tls_extensions.cpp | 2 +- src/lib/tls/tls_session_manager_stateless.cpp | 2 +- src/lib/utils/poly_dbl/poly_dbl.cpp | 2 +- src/lib/utils/socket/socket.cpp | 2 + src/lib/utils/socket/socket_udp.cpp | 2 + src/lib/x509/alt_name.cpp | 1 + src/lib/x509/name_constraint.cpp | 2 +- src/lib/x509/x509_ext.cpp | 2 - src/lib/x509/x509path.cpp | 2 +- src/scripts/dev_tools/run_clang_tidy.py | 2 + src/tests/test_dl_group.cpp | 1 + src/tests/test_filters.cpp | 1 - src/tests/test_oid.cpp | 2 - src/tests/test_pbkdf.cpp | 2 +- src/tests/test_pkcs11_high_level.cpp | 4 +- src/tests/test_pkcs11_low_level.cpp | 14 +++--- src/tests/test_tests.cpp | 3 +- src/tests/test_tls_hybrid_kem_key.cpp | 2 + src/tests/test_tls_messages.cpp | 1 - src/tests/test_tls_rfc8448.cpp | 15 +++++-- src/tests/test_tls_session_manager.cpp | 4 +- src/tests/test_tls_stream_integration.cpp | 21 ++++++--- src/tests/test_utils.cpp | 2 - src/tests/test_x509_path.cpp | 2 +- src/tests/unit_asio_stream.cpp | 10 +++-- src/tests/unit_ecdsa.cpp | 1 + src/tests/unit_tls.cpp | 44 ++++++++++++------- 72 files changed, 279 insertions(+), 199 deletions(-) diff --git a/src/bogo_shim/bogo_shim.cpp b/src/bogo_shim/bogo_shim.cpp index 07820c7c83f..c279d742471 100644 --- a/src/bogo_shim/bogo_shim.cpp +++ b/src/bogo_shim/bogo_shim.cpp @@ -633,7 +633,7 @@ void Shim_Arguments::parse_args(char* argv[]) { while(argv[i] != nullptr) { const std::string param(argv[i]); - if(param.find('-') == 0) { + if(param.starts_with("-")) { const std::string flag_name = param.substr(1, std::string::npos); if(m_flags.contains(flag_name)) { @@ -1811,7 +1811,7 @@ int main(int /*argc*/, char* argv[]) { shim_log("Offering " + offer_version.to_string()); std::string host_name = args->get_string_opt_or_else("host-name", hostname); - if(args->test_name().find("UnsolicitedServerNameAck") == 0) { + if(args->test_name().starts_with("UnsolicitedServerNameAck")) { host_name = ""; // avoid sending SNI for this test } diff --git a/src/cli/math.cpp b/src/cli/math.cpp index 97b94f3a01a..77770ec53bc 100644 --- a/src/cli/math.cpp +++ b/src/cli/math.cpp @@ -96,9 +96,11 @@ class Factor final : public Command { std::vector factors = factorize(n, rng()); std::sort(factors.begin(), factors.end()); - output() << n << ": "; - std::copy(factors.begin(), factors.end(), std::ostream_iterator(output(), " ")); - output() << std::endl; + output() << n << ":"; + for(const auto& factor : factors) { + output() << " " << factor; + } + output() << "\n"; } private: diff --git a/src/cli/timing_tests.cpp b/src/cli/timing_tests.cpp index 849ee424533..f5a971929ff 100644 --- a/src/cli/timing_tests.cpp +++ b/src/cli/timing_tests.cpp @@ -622,13 +622,7 @@ class MARVIN_Test_Command final : public Command { const uint64_t start = Botan::OS::get_system_timestamp_ns(); - #if 0 - try { - op.decrypt(ciphertext.data(), modulus_bytes); - } catch(...) {} - #else op.decrypt_or_random(ciphertext.data(), modulus_bytes, expect_pt_len, rng()); - #endif const uint64_t duration = Botan::OS::get_system_timestamp_ns() - start; BOTAN_ASSERT_NOMSG(measurements[testcase].size() == r); diff --git a/src/cli/tls_client.cpp b/src/cli/tls_client.cpp index 3524a74534f..48159c16161 100644 --- a/src/cli/tls_client.cpp +++ b/src/cli/tls_client.cpp @@ -200,14 +200,13 @@ class TLS_Client final : public Command { const std::string next_protos = get_arg("next-protocols"); const bool use_system_cert_store = flag_set("skip-system-cert-store") == false; const std::string trusted_CAs = get_arg("trusted-cas"); - const std::string trusted_pubkey_sha256 = get_arg("trusted-pubkey-sha256"); const auto tls_version = get_arg("tls-version"); if(!sessions_db.empty()) { #if defined(BOTAN_HAS_TLS_SQLITE3_SESSION_MANAGER) const std::string sessions_passphrase = get_passphrase_arg("Session DB passphrase", "session-db-pass"); - session_mgr.reset( - new Botan::TLS::Session_Manager_SQLite(sessions_passphrase, rng_as_shared(), sessions_db)); + session_mgr = + std::make_shared(sessions_passphrase, rng_as_shared(), sessions_db); #else error_output() << "Ignoring session DB file, sqlite not enabled\n"; #endif @@ -400,7 +399,7 @@ class TLS_Client final : public Command { continue; } - if(::connect(fd, rp->ai_addr, static_cast(rp->ai_addrlen)) != 0) { + if(::connect(fd, rp->ai_addr, rp->ai_addrlen) != 0) { ::close(fd); continue; } diff --git a/src/cli/tls_http_server.cpp b/src/cli/tls_http_server.cpp index cfbc17111e6..c53de869c8c 100644 --- a/src/cli/tls_http_server.cpp +++ b/src/cli/tls_http_server.cpp @@ -286,11 +286,22 @@ net::awaitable do_listen(tcp::endpoint endpoint, // If max_clients is zero in the beginning, we'll serve forever // otherwise we'll count down and stop eventually. - do { + + const bool run_forever = (max_clients == 0); + + auto done = [&] { + if(run_forever) { + return false; + } else { + return max_clients-- == 0; + } + }; + + while(!done()) { boost::asio::co_spawn(acceptor.get_executor(), do_session(tcp_stream(co_await acceptor.async_accept()), tls_ctx, logger), make_final_completion_handler(logger, "Session")); - } while(max_clients == 0 || --max_clients > 0); + } } } // namespace @@ -337,15 +348,15 @@ class TLS_HTTP_Server final : public Command { if(!sessions_db.empty()) { #if defined(BOTAN_HAS_TLS_SQLITE3_SESSION_MANAGER) const std::string sessions_passphrase = get_passphrase_arg("Session DB passphrase", "session-db-pass"); - session_mgr.reset( - new Botan::TLS::Session_Manager_SQLite(sessions_passphrase, rng_as_shared(), sessions_db)); + session_mgr = + std::make_shared(sessions_passphrase, rng_as_shared(), sessions_db); #else throw CLI_Error_Unsupported("Sqlite3 support not available"); #endif } if(!session_mgr) { - session_mgr.reset(new Botan::TLS::Session_Manager_In_Memory(rng_as_shared())); + session_mgr = std::make_shared(rng_as_shared()); } auto logger = std::make_shared(output(), error_output()); diff --git a/src/cli/tls_proxy.cpp b/src/cli/tls_proxy.cpp index 2eed44561b3..465b55852ef 100644 --- a/src/cli/tls_proxy.cpp +++ b/src/cli/tls_proxy.cpp @@ -98,7 +98,7 @@ class ServerStatus { class tls_proxy_session final : public std::enable_shared_from_this, public Botan::TLS::Callbacks { public: - enum { readbuf_size = 17 * 1024 }; + static constexpr size_t readbuf_size = 17 * 1024; typedef std::shared_ptr pointer; @@ -433,12 +433,12 @@ class TLS_Proxy final : public Command { const std::string sessions_db = get_arg("session-db"); if(!sessions_db.empty()) { - session_mgr.reset( - new Botan::TLS::Session_Manager_SQLite(sessions_passphrase, rng_as_shared(), sessions_db)); + session_mgr = + std::make_shared(sessions_passphrase, rng_as_shared(), sessions_db); } #endif if(!session_mgr) { - session_mgr.reset(new Botan::TLS::Session_Manager_In_Memory(rng_as_shared())); + session_mgr = std::make_shared(rng_as_shared()); } tls_proxy_server server(io, listen_port, server_endpoint_iterator, creds, policy, session_mgr, max_clients); diff --git a/src/cli/x509.cpp b/src/cli/x509.cpp index bc733fa26f6..92b1a50131f 100644 --- a/src/cli/x509.cpp +++ b/src/cli/x509.cpp @@ -154,8 +154,6 @@ class Cert_Info final : public Command { std::string description() const override { return "Parse X.509 certificate and display data fields"; } void go() override { - const std::string arg_file = get_arg("file"); - std::vector data = slurp_file(get_arg("file")); Botan::DataSource_Memory in(data); diff --git a/src/examples/dl_group.cpp b/src/examples/dl_group.cpp index 6ecda5004b6..86486e629fa 100644 --- a/src/examples/dl_group.cpp +++ b/src/examples/dl_group.cpp @@ -7,10 +7,12 @@ int main() { Botan::AutoSeeded_RNG rng; auto group = std::make_unique(rng, Botan::DL_Group::Strong, 2048); - std::cout << "\np: " << group->get_p(); - std::cout << "\nq: " << group->get_q(); - std::cout << "\ng: " << group->get_q(); - std::cout << "\nANSI_X9_42:\n" << group->PEM_encode(Botan::DL_Group_Format::ANSI_X9_42); + + std::cout << "P = " << group->get_p().to_hex_string() << "\n" + << "Q = " << group->get_q().to_hex_string() << "\n" + << "G = " << group->get_g().to_hex_string() << "\n"; + + std::cout << "\nPEM:\n" << group->PEM_encode(Botan::DL_Group_Format::ANSI_X9_42) << "\n"; return 0; } diff --git a/src/examples/hmac.cpp b/src/examples/hmac.cpp index 7f77e47bdd3..f1bbbf74b8f 100644 --- a/src/examples/hmac.cpp +++ b/src/examples/hmac.cpp @@ -4,7 +4,9 @@ #include -static std::string compute_mac(const std::string& msg, const Botan::secure_vector& key) { +namespace { + +std::string compute_mac(const std::string& msg, const Botan::secure_vector& key) { auto hmac = Botan::MessageAuthenticationCode::create_or_throw("HMAC(SHA-256)"); hmac->set_key(key); @@ -13,6 +15,8 @@ static std::string compute_mac(const std::string& msg, const Botan::secure_vecto return Botan::hex_encode(hmac->final()); } +} // namespace + int main() { Botan::AutoSeeded_RNG rng; diff --git a/src/examples/password_encryption.cpp b/src/examples/password_encryption.cpp index 063de1b6989..c22ea8ece84 100644 --- a/src/examples/password_encryption.cpp +++ b/src/examples/password_encryption.cpp @@ -9,7 +9,7 @@ namespace { template , typename... Ts> -OutT concat(Ts&&... buffers) { +OutT concat(const Ts&... buffers) { OutT out; out.reserve((buffers.size() + ... + 0)); (out.insert(out.end(), buffers.begin(), buffers.end()), ...); diff --git a/src/examples/tls_custom_curves_client.cpp b/src/examples/tls_custom_curves_client.cpp index 00f5fca2440..5102a78e9f0 100644 --- a/src/examples/tls_custom_curves_client.cpp +++ b/src/examples/tls_custom_curves_client.cpp @@ -86,6 +86,8 @@ class Client_Policy : public Botan::TLS::Strict_Policy { public: std::vector key_exchange_groups() const override { // modified strict policy to allow our custom curves + + // NOLINTNEXTLINE(clang-analyzer-optin.core.EnumCastOutOfRange) return {static_cast(0xFE00)}; } }; diff --git a/src/examples/tls_ssl_key_log_file.cpp b/src/examples/tls_ssl_key_log_file.cpp index 8389e88e9c9..b47e8bd4312 100644 --- a/src/examples/tls_ssl_key_log_file.cpp +++ b/src/examples/tls_ssl_key_log_file.cpp @@ -24,8 +24,10 @@ #include #endif -constexpr static uint32_t SERVER_PORT = 5060; -constexpr static uint32_t CLIENT_PORT = 5070; +namespace { + +constexpr uint32_t SERVER_PORT = 5060; +constexpr uint32_t CLIENT_PORT = 5070; class Client_Credential : public Botan::Credentials_Manager { public: @@ -205,7 +207,7 @@ class DtlsConnection : public Botan::TLS::Callbacks { } }; -static void server_proc(const std::function conn)>& conn_callback) { +void server_proc(const std::function conn)>& conn_callback) { std::cout << "Start Server" << std::endl; int fd = 0; @@ -251,7 +253,7 @@ static void server_proc(const std::function std::cout << "Server closed" << std::endl; } -static void client_proc(const std::function conn)>& conn_callback) { +void client_proc(const std::function conn)>& conn_callback) { std::cout << "Start Client" << std::endl; int fd = 0; @@ -296,6 +298,8 @@ static void client_proc(const std::function std::cout << "Client closed" << std::endl; } +} // namespace + int main() { std::mutex m; std::condition_variable conn_cond; diff --git a/src/examples/tls_stream_coroutine_client.cpp b/src/examples/tls_stream_coroutine_client.cpp index c4b18957b2e..4b003a43b64 100644 --- a/src/examples/tls_stream_coroutine_client.cpp +++ b/src/examples/tls_stream_coroutine_client.cpp @@ -68,9 +68,7 @@ http::request create_GET_request(const std::string& host, con return req; } -} // namespace - -static net::awaitable request(std::string host, std::string port, std::string target) { +net::awaitable request(std::string host, std::string port, std::string target) { // Lookup host address auto resolver = net::use_awaitable.as_default_on(tcp::resolver(co_await net::this_coro::executor)); const auto dns_result = co_await resolver.async_resolve(host, port); @@ -98,6 +96,8 @@ static net::awaitable request(std::string host, std::string port, std::str tls_stream.next_layer().close(); } +} // namespace + int main(int argc, char* argv[]) { if(argc != 4) { std::cerr << "Usage: tls_stream_coroutine_client \n" @@ -110,21 +110,26 @@ int main(int argc, char* argv[]) { const auto port = argv[2]; const auto target = argv[3]; - net::io_context ioc; - int return_code = 0; - net::co_spawn(ioc, request(host, port, target), [&](std::exception_ptr eptr) { - if(eptr) { - try { - std::rethrow_exception(eptr); - } catch(std::exception& ex) { - std::cerr << "Error: " << ex.what() << "\n"; - return_code = 1; + + try { + net::io_context ioc; + + net::co_spawn(ioc, request(host, port, target), [&](const std::exception_ptr& eptr) { + if(eptr) { + try { + std::rethrow_exception(eptr); + } catch(std::exception& ex) { + std::cerr << "Error: " << ex.what() << "\n"; + return_code = 1; + } } - } - }); + }); - ioc.run(); + ioc.run(); + } catch(std::exception& e) { + std::cerr << e.what() << "\n"; + } return return_code; } diff --git a/src/lib/block/camellia/camellia.cpp b/src/lib/block/camellia/camellia.cpp index 9b540659c58..d555c5b91c1 100644 --- a/src/lib/block/camellia/camellia.cpp +++ b/src/lib/block/camellia/camellia.cpp @@ -239,7 +239,16 @@ void key_schedule(secure_vector& SK, std::span key) { const uint64_t KL_L = load_be(key.data(), 1); const uint64_t KR_H = (key.size() >= 24) ? load_be(key.data(), 2) : 0; - const uint64_t KR_L = (key.size() == 32) ? load_be(key.data(), 3) : ((key.size() == 24) ? ~KR_H : 0); + + const uint64_t KR_L = [&]() -> uint64_t { + if(key.size() == 32) { + return load_be(key.data(), 3); + } else if(key.size() == 24) { + return ~KR_H; + } else { + return 0; + } + }(); uint64_t D1 = KL_H ^ KR_H; uint64_t D2 = KL_L ^ KR_L; diff --git a/src/lib/block/threefish_512/threefish_512.cpp b/src/lib/block/threefish_512/threefish_512.cpp index 3a08d515520..6bcc8396c10 100644 --- a/src/lib/block/threefish_512/threefish_512.cpp +++ b/src/lib/block/threefish_512/threefish_512.cpp @@ -53,15 +53,15 @@ class Key_Inserter { public: Key_Inserter(const uint64_t* K, const uint64_t* T) : m_K(K), m_T(T) {} - inline void e_add(size_t R, - uint64_t& X0, - uint64_t& X1, - uint64_t& X2, - uint64_t& X3, - uint64_t& X4, - uint64_t& X5, - uint64_t& X6, - uint64_t& X7) const { + void e_add(size_t R, + uint64_t& X0, + uint64_t& X1, + uint64_t& X2, + uint64_t& X3, + uint64_t& X4, + uint64_t& X5, + uint64_t& X6, + uint64_t& X7) const { X0 += m_K[(R) % 9]; X1 += m_K[(R + 1) % 9]; X2 += m_K[(R + 2) % 9]; @@ -72,15 +72,15 @@ class Key_Inserter { X7 += m_K[(R + 7) % 9] + R; } - inline void d_add(size_t R, - uint64_t& X0, - uint64_t& X1, - uint64_t& X2, - uint64_t& X3, - uint64_t& X4, - uint64_t& X5, - uint64_t& X6, - uint64_t& X7) const { + void d_add(size_t R, + uint64_t& X0, + uint64_t& X1, + uint64_t& X2, + uint64_t& X3, + uint64_t& X4, + uint64_t& X5, + uint64_t& X6, + uint64_t& X7) const { X0 -= m_K[(R) % 9]; X1 -= m_K[(R + 1) % 9]; X2 -= m_K[(R + 2) % 9]; diff --git a/src/lib/codec/base32/base32.cpp b/src/lib/codec/base32/base32.cpp index ff4b672db9a..6f4c3265d56 100644 --- a/src/lib/codec/base32/base32.cpp +++ b/src/lib/codec/base32/base32.cpp @@ -20,25 +20,25 @@ namespace { class Base32 final { public: - static inline std::string name() noexcept { return "base32"; } + static std::string name() noexcept { return "base32"; } - static inline size_t encoding_bytes_in() noexcept { return m_encoding_bytes_in; } + static size_t encoding_bytes_in() noexcept { return m_encoding_bytes_in; } - static inline size_t encoding_bytes_out() noexcept { return m_encoding_bytes_out; } + static size_t encoding_bytes_out() noexcept { return m_encoding_bytes_out; } - static inline size_t decoding_bytes_in() noexcept { return m_encoding_bytes_out; } + static size_t decoding_bytes_in() noexcept { return m_encoding_bytes_out; } - static inline size_t decoding_bytes_out() noexcept { return m_encoding_bytes_in; } + static size_t decoding_bytes_out() noexcept { return m_encoding_bytes_in; } - static inline size_t bits_consumed() noexcept { return m_encoding_bits; } + static size_t bits_consumed() noexcept { return m_encoding_bits; } - static inline size_t remaining_bits_before_padding() noexcept { return m_remaining_bits_before_padding; } + static size_t remaining_bits_before_padding() noexcept { return m_remaining_bits_before_padding; } - static inline size_t encode_max_output(size_t input_length) { + static size_t encode_max_output(size_t input_length) { return (round_up(input_length, m_encoding_bytes_in) / m_encoding_bytes_in) * m_encoding_bytes_out; } - static inline size_t decode_max_output(size_t input_length) { + static size_t decode_max_output(size_t input_length) { return (round_up(input_length, m_encoding_bytes_out) * m_encoding_bytes_in) / m_encoding_bytes_out; } @@ -56,9 +56,7 @@ class Base32 final { out_ptr[4] = (decode_buf[6] << 5) | decode_buf[7]; } - static inline size_t bytes_to_remove(size_t final_truncate) { - return final_truncate ? (final_truncate / 2) + 1 : 0; - } + static size_t bytes_to_remove(size_t final_truncate) { return final_truncate ? (final_truncate / 2) + 1 : 0; } private: static const size_t m_encoding_bits = 5; diff --git a/src/lib/codec/base64/base64.cpp b/src/lib/codec/base64/base64.cpp index b6140c301f0..90e540959b8 100644 --- a/src/lib/codec/base64/base64.cpp +++ b/src/lib/codec/base64/base64.cpp @@ -20,25 +20,25 @@ namespace { class Base64 final { public: - static inline std::string name() noexcept { return "base64"; } + static std::string name() noexcept { return "base64"; } - static inline size_t encoding_bytes_in() noexcept { return m_encoding_bytes_in; } + static size_t encoding_bytes_in() noexcept { return m_encoding_bytes_in; } - static inline size_t encoding_bytes_out() noexcept { return m_encoding_bytes_out; } + static size_t encoding_bytes_out() noexcept { return m_encoding_bytes_out; } - static inline size_t decoding_bytes_in() noexcept { return m_encoding_bytes_out; } + static size_t decoding_bytes_in() noexcept { return m_encoding_bytes_out; } - static inline size_t decoding_bytes_out() noexcept { return m_encoding_bytes_in; } + static size_t decoding_bytes_out() noexcept { return m_encoding_bytes_in; } - static inline size_t bits_consumed() noexcept { return m_encoding_bits; } + static size_t bits_consumed() noexcept { return m_encoding_bits; } - static inline size_t remaining_bits_before_padding() noexcept { return m_remaining_bits_before_padding; } + static size_t remaining_bits_before_padding() noexcept { return m_remaining_bits_before_padding; } - static inline size_t encode_max_output(size_t input_length) { + static size_t encode_max_output(size_t input_length) { return (round_up(input_length, m_encoding_bytes_in) / m_encoding_bytes_in) * m_encoding_bytes_out; } - static inline size_t decode_max_output(size_t input_length) { + static size_t decode_max_output(size_t input_length) { return (round_up(input_length, m_encoding_bytes_out) * m_encoding_bytes_in) / m_encoding_bytes_out; } @@ -54,7 +54,7 @@ class Base64 final { out_ptr[2] = (decode_buf[2] << 6) | decode_buf[3]; } - static inline size_t bytes_to_remove(size_t final_truncate) { return final_truncate; } + static size_t bytes_to_remove(size_t final_truncate) { return final_truncate; } private: static const size_t m_encoding_bits = 6; diff --git a/src/lib/hash/blake2s/blake2s.cpp b/src/lib/hash/blake2s/blake2s.cpp index 6bbfe31424b..0d2b0a3110b 100644 --- a/src/lib/hash/blake2s/blake2s.cpp +++ b/src/lib/hash/blake2s/blake2s.cpp @@ -144,7 +144,7 @@ void BLAKE2s::final_result(std::span out) { copy_out_le(out.first(output_length()), m_h); clear(); -}; +} std::unique_ptr BLAKE2s::copy_state() const { std::unique_ptr h = std::make_unique(m_outlen << 3); diff --git a/src/lib/math/bigint/big_io.cpp b/src/lib/math/bigint/big_io.cpp index 949445d8cb7..a6243b5d8af 100644 --- a/src/lib/math/bigint/big_io.cpp +++ b/src/lib/math/bigint/big_io.cpp @@ -16,10 +16,12 @@ namespace Botan { */ std::ostream& operator<<(std::ostream& stream, const BigInt& n) { const auto stream_flags = stream.flags(); + // NOLINTNEXTLINE(*-non-zero-enum-to-bool-conversion) if(stream_flags & std::ios::oct) { throw Invalid_Argument("Octal output of BigInt not supported"); } + // NOLINTNEXTLINE(*-non-zero-enum-to-bool-conversion) const size_t base = (stream_flags & std::ios::hex) ? 16 : 10; if(base == 10) { diff --git a/src/lib/math/bigint/bigint.cpp b/src/lib/math/bigint/bigint.cpp index e8a33411f4f..285883f5ea4 100644 --- a/src/lib/math/bigint/bigint.cpp +++ b/src/lib/math/bigint/bigint.cpp @@ -69,7 +69,7 @@ BigInt::BigInt(std::string_view str) { size_t markers = 0; bool negative = false; - if(str.length() > 0 && str[0] == '-') { + if(!str.empty() && str[0] == '-') { markers += 1; negative = true; } diff --git a/src/lib/math/bigint/bigint.h b/src/lib/math/bigint/bigint.h index 89f1cdf61c2..be879611d98 100644 --- a/src/lib/math/bigint/bigint.h +++ b/src/lib/math/bigint/bigint.h @@ -1162,6 +1162,7 @@ inline bool operator>(const BigInt& a, word b) { /* * I/O Operators */ +BOTAN_DEPRECATED("Use BigInt::to_{hex,dec}_string") BOTAN_PUBLIC_API(2, 0) std::ostream& operator<<(std::ostream&, const BigInt&); BOTAN_DEPRECATED("Use BigInt::from_string") BOTAN_PUBLIC_API(2, 0) std::istream& operator>>(std::istream&, BigInt&); diff --git a/src/lib/misc/roughtime/roughtime.cpp b/src/lib/misc/roughtime/roughtime.cpp index 2f32494496a..6e72a3a88e2 100644 --- a/src/lib/misc/roughtime/roughtime.cpp +++ b/src/lib/misc/roughtime/roughtime.cpp @@ -42,15 +42,19 @@ T from_little_endian(const uint8_t* t) { return impl_from_little_endian(t, sizeof(T) - 1); } -template ::value>* = nullptr> -T copy(const uint8_t* t) { - return typecast_copy(t); //arrays are endianess indepedent, so we do a memcpy +template +T copy(const uint8_t* t) + requires(is_array::value) +{ + return typecast_copy(t); //arrays are endianess independent, so we do a memcpy } -template ::value>* = nullptr> -T copy(const uint8_t* t) { - return from_little_endian( - t); //other types are arithmetic, so we account that roughtime serializes as little endian +template +T copy(const uint8_t* t) + requires(!is_array::value) +{ + //other types are arithmetic, so we account that roughtime serializes as little endian + return from_little_endian(t); } template diff --git a/src/lib/modes/aead/ocb/ocb.cpp b/src/lib/modes/aead/ocb/ocb.cpp index 8c43103530b..42cc1176230 100644 --- a/src/lib/modes/aead/ocb/ocb.cpp +++ b/src/lib/modes/aead/ocb/ocb.cpp @@ -240,6 +240,7 @@ const secure_vector& OCB_Mode::update_nonce(const uint8_t nonce[], size BOTAN_ASSERT(BS == 16 || BS == 24 || BS == 32 || BS == 64, "OCB block size is supported"); + // NOLINTNEXTLINE(readability-avoid-nested-conditional-operator) const size_t MASKLEN = (BS == 16 ? 6 : ((BS == 24) ? 7 : 8)); const uint8_t BOTTOM_MASK = static_cast((static_cast(1) << MASKLEN) - 1); diff --git a/src/lib/prov/pkcs11/p11.h b/src/lib/prov/pkcs11/p11.h index aadccb025b8..8ff04ede1e8 100644 --- a/src/lib/prov/pkcs11/p11.h +++ b/src/lib/prov/pkcs11/p11.h @@ -256,10 +256,12 @@ enum class Flag : CK_FLAGS { }; inline Flag operator|(Flag a, Flag b) { + // NOLINTNEXTLINE(clang-analyzer-optin.core.EnumCastOutOfRange) return static_cast(static_cast(a) | static_cast(b)); } enum class MGF : CK_RSA_PKCS_MGF_TYPE { + MgfUnused = 0, Mgf1Sha1 = CKG_MGF1_SHA1, Mgf1Sha256 = CKG_MGF1_SHA256, Mgf1Sha384 = CKG_MGF1_SHA384, diff --git a/src/lib/prov/pkcs11/p11_mechanism.cpp b/src/lib/prov/pkcs11/p11_mechanism.cpp index 7636c303e8b..1db137c284f 100644 --- a/src/lib/prov/pkcs11/p11_mechanism.cpp +++ b/src/lib/prov/pkcs11/p11_mechanism.cpp @@ -49,7 +49,7 @@ class MechanismData { class RSA_SignMechanism final : public MechanismData { public: explicit RSA_SignMechanism(MechanismType typ) : - MechanismData(typ), m_hash(static_cast(0)), m_mgf(static_cast(0)), m_salt_size(0) { + MechanismData(typ), m_hash(static_cast(0)), m_mgf(MGF::MgfUnused), m_salt_size(0) { auto pss_option = PssOptions.find(type()); if(pss_option != PssOptions.end()) { m_hash = std::get<1>(pss_option->second); @@ -127,7 +127,7 @@ struct RSA_CryptMechanism final : public MechanismData { MechanismData(typ), m_hash(hash), m_mgf(mgf), m_padding_size(padding_size) {} RSA_CryptMechanism(MechanismType typ, size_t padding_size) : - RSA_CryptMechanism(typ, padding_size, static_cast(0), static_cast(0)) {} + RSA_CryptMechanism(typ, padding_size, static_cast(0), MGF::MgfUnused) {} MechanismType hash() const { return m_hash; } diff --git a/src/lib/pubkey/ec_group/ec_point.cpp b/src/lib/pubkey/ec_group/ec_point.cpp index d61599c0e4c..1ca4344bcbe 100644 --- a/src/lib/pubkey/ec_group/ec_point.cpp +++ b/src/lib/pubkey/ec_group/ec_point.cpp @@ -564,8 +564,8 @@ bool EC_Point::on_the_curve() const { return true; } -// swaps the states of *this and other, does not throw! -void EC_Point::swap(EC_Point& other) { +// swaps the states of *this and other +void EC_Point::swap(EC_Point& other) noexcept { m_curve.swap(other.m_curve); m_coord_x.swap(other.m_coord_x); m_coord_y.swap(other.m_coord_y); diff --git a/src/lib/pubkey/ec_group/ec_point.h b/src/lib/pubkey/ec_group/ec_point.h index 4c7ca1501bc..7083703c970 100644 --- a/src/lib/pubkey/ec_group/ec_point.h +++ b/src/lib/pubkey/ec_group/ec_point.h @@ -208,10 +208,10 @@ class BOTAN_PUBLIC_API(2, 0) EC_Point final { bool operator!=(const EC_Point& other) const = default; /** - * swaps the states of *this and other, does not throw! + * swaps the states of *this and other * @param other the object to swap values with */ - void swap(EC_Point& other); + void swap(EC_Point& other) noexcept; #if defined(BOTAN_DISABLE_DEPRECATED_FEATURES) diff --git a/src/lib/pubkey/ecies/ecies.h b/src/lib/pubkey/ecies/ecies.h index df759526f29..dde3d329248 100644 --- a/src/lib/pubkey/ecies/ecies.h +++ b/src/lib/pubkey/ecies/ecies.h @@ -43,6 +43,7 @@ enum class ECIES_Flags : uint32_t { }; inline ECIES_Flags operator|(ECIES_Flags a, ECIES_Flags b) { + // NOLINTNEXTLINE(clang-analyzer-optin.core.EnumCastOutOfRange) return static_cast(static_cast(a) | static_cast(b)); } diff --git a/src/lib/pubkey/hss_lms/lms.cpp b/src/lib/pubkey/hss_lms/lms.cpp index 5d3728a967c..b9f5527573b 100644 --- a/src/lib/pubkey/hss_lms/lms.cpp +++ b/src/lib/pubkey/hss_lms/lms.cpp @@ -60,10 +60,8 @@ auto get_hash_pair_func_for_identifier(const LMS_Params& lms_params, LMS_Identif const TreeAddress& address, StrongSpan left, StrongSpan right) { - auto lms_address = dynamic_cast(address); - hash->update(I); - hash->update(store_be(lms_address.r())); + hash->update(store_be(address.r())); hash->update(store_be(D_INTR)); hash->update(left); hash->update(right); diff --git a/src/lib/pubkey/mce/code_based_key_gen.cpp b/src/lib/pubkey/mce/code_based_key_gen.cpp index a9c76c4ee44..d7c3731534e 100644 --- a/src/lib/pubkey/mce/code_based_key_gen.cpp +++ b/src/lib/pubkey/mce/code_based_key_gen.cpp @@ -221,18 +221,21 @@ McEliece_PrivateKey generate_mceliece_key(RandomNumberGenerator& rng, size_t ext // as binary vectors of length ext_deg * t (this will // speed up the syndrome computation) // - std::vector H(bit_size_to_32bit_size(codimension) * code_length); + const size_t co32 = bit_size_to_32bit_size(codimension); + std::vector H(co32 * code_length); uint32_t* sk = H.data(); for(size_t i = 0; i < code_length; ++i) { for(size_t l = 0; l < t; ++l) { const size_t k = (l * ext_deg) / 32; - const uint8_t j = (l * ext_deg) % 32; + const size_t j = (l * ext_deg) % 32; sk[k] ^= static_cast(F[i].get_coef(l)) << j; if(j + ext_deg > 32) { - sk[k + 1] ^= F[i].get_coef(l) >> (32 - j); + if(j > 0) { + sk[k + 1] ^= F[i].get_coef(l) >> (32 - j); + } } } - sk += bit_size_to_32bit_size(codimension); + sk += co32; } // We need the support L for decoding (decryption). In fact the diff --git a/src/lib/pubkey/mce/mce_workfactor.cpp b/src/lib/pubkey/mce/mce_workfactor.cpp index 7df1ce1fc35..0cad8ef8785 100644 --- a/src/lib/pubkey/mce/mce_workfactor.cpp +++ b/src/lib/pubkey/mce/mce_workfactor.cpp @@ -11,6 +11,7 @@ #include #include +#include namespace Botan { @@ -35,7 +36,7 @@ double log_binomial(size_t n, size_t k) { x -= std::log(k - i); } - return x / std::log(2); + return x / std::numbers::ln2; } double nb_iter(size_t n, size_t k, size_t w, size_t p, size_t l) { @@ -47,7 +48,7 @@ double nb_iter(size_t n, size_t k, size_t w, size_t p, size_t l) { double cout_iter(size_t n, size_t k, size_t p, size_t l) { double x = binomial(k / 2, p); - const size_t i = static_cast(std::log(x) / std::log(2)); + const size_t i = static_cast(std::log(x) / std::numbers::ln2); double res = 2 * p * (n - k - l) * std::ldexp(x * x, -static_cast(l)); // x <- binomial(k/2,p)*2*(2*l+log[2](binomial(k/2,p))) @@ -58,7 +59,7 @@ double cout_iter(size_t n, size_t k, size_t p, size_t l) { // 2*p*(n-k-l)*binomial(k/2,p)^2/2^l res += x + k * ((n - k) / 2.0); - return std::log(res) / std::log(2); // convert to bits + return std::log(res) / std::numbers::ln2; // convert to bits } double cout_total(size_t n, size_t k, size_t w, size_t p, size_t l) { diff --git a/src/lib/pubkey/mce/polyn_gf2m.cpp b/src/lib/pubkey/mce/polyn_gf2m.cpp index 657d19d412c..b5128ac808a 100644 --- a/src/lib/pubkey/mce/polyn_gf2m.cpp +++ b/src/lib/pubkey/mce/polyn_gf2m.cpp @@ -662,7 +662,7 @@ secure_vector polyn_gf2m::encode() const { return result; } -void polyn_gf2m::swap(polyn_gf2m& other) { +void polyn_gf2m::swap(polyn_gf2m& other) noexcept { std::swap(this->m_deg, other.m_deg); std::swap(this->m_sp_field, other.m_sp_field); std::swap(this->m_coeff, other.m_coeff); diff --git a/src/lib/pubkey/mce/polyn_gf2m.h b/src/lib/pubkey/mce/polyn_gf2m.h index 4ea9f87f8f3..12f256ad2aa 100644 --- a/src/lib/pubkey/mce/polyn_gf2m.h +++ b/src/lib/pubkey/mce/polyn_gf2m.h @@ -69,7 +69,7 @@ class polyn_gf2m { return *this; } - void swap(polyn_gf2m& other); + void swap(polyn_gf2m& other) noexcept; secure_vector encode() const; diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp index 12a3bbae494..3da86cd67a7 100644 --- a/src/lib/pubkey/rsa/rsa.cpp +++ b/src/lib/pubkey/rsa/rsa.cpp @@ -31,8 +31,8 @@ namespace Botan { class RSA_Public_Data final { public: RSA_Public_Data(BigInt&& n, BigInt&& e) : - m_n(n), - m_e(e), + m_n(std::move(n)), + m_e(std::move(e)), m_monty_n(std::make_shared(m_n)), m_public_modulus_bits(m_n.bits()), m_public_modulus_bytes(m_n.bytes()) {} @@ -62,12 +62,12 @@ class RSA_Public_Data final { class RSA_Private_Data final { public: RSA_Private_Data(BigInt&& d, BigInt&& p, BigInt&& q, BigInt&& d1, BigInt&& d2, BigInt&& c) : - m_d(d), - m_p(p), - m_q(q), - m_d1(d1), - m_d2(d2), - m_c(c), + m_d(std::move(d)), + m_p(std::move(p)), + m_q(std::move(q)), + m_d1(std::move(d1)), + m_d2(std::move(d2)), + m_c(std::move(c)), m_mod_p(m_p), m_mod_q(m_q), m_monty_p(std::make_shared(m_p, m_mod_p)), diff --git a/src/lib/pubkey/sphincsplus/sphincsplus_common/sphincsplus.cpp b/src/lib/pubkey/sphincsplus/sphincsplus_common/sphincsplus.cpp index c30e657d2f3..af8b7353f0d 100644 --- a/src/lib/pubkey/sphincsplus/sphincsplus_common/sphincsplus.cpp +++ b/src/lib/pubkey/sphincsplus/sphincsplus_common/sphincsplus.cpp @@ -243,7 +243,7 @@ SphincsPlus_PrivateKey::SphincsPlus_PrivateKey(std::span private_ const auto private_portion_bytes = params.private_key_bytes() - params.public_key_bytes(); BOTAN_ASSERT_NOMSG(private_key.size() >= private_portion_bytes); - m_private.reset(new SphincsPlus_PrivateKeyInternal(params, private_key.first(private_portion_bytes))); + m_private = std::make_shared(params, private_key.first(private_portion_bytes)); } SphincsPlus_PrivateKey::SphincsPlus_PrivateKey(RandomNumberGenerator& rng, diff --git a/src/lib/pubkey/workfactor.cpp b/src/lib/pubkey/workfactor.cpp index e4791865236..6702c38a65d 100644 --- a/src/lib/pubkey/workfactor.cpp +++ b/src/lib/pubkey/workfactor.cpp @@ -6,8 +6,8 @@ */ #include -#include #include +#include namespace Botan { @@ -19,8 +19,7 @@ namespace { size_t nfs_workfactor(size_t bits, double log2_k) { // approximates natural logarithm of an integer of given bitsize - const double log2_e = 1.44269504088896340736; - const double log_p = bits / log2_e; + const double log_p = bits / std::numbers::log2e; const double log_log_p = std::log(log_p); @@ -28,7 +27,7 @@ size_t nfs_workfactor(size_t bits, double log2_k) { const double est = 1.92 * std::pow(log_p * log_log_p * log_log_p, 1.0 / 3.0); // return log2 of the workfactor - return static_cast(log2_k + log2_e * est); + return static_cast(log2_k + std::numbers::log2e * est); } } // namespace diff --git a/src/lib/tls/msg_client_hello.cpp b/src/lib/tls/msg_client_hello.cpp index a5b3aa62ead..f56724ef6e1 100644 --- a/src/lib/tls/msg_client_hello.cpp +++ b/src/lib/tls/msg_client_hello.cpp @@ -35,10 +35,6 @@ namespace Botan::TLS { -enum { - TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF, -}; - std::vector make_hello_random(RandomNumberGenerator& rng, Callbacks& cb, const Policy& policy) { auto buf = rng.random_vec>(32); @@ -437,6 +433,8 @@ void Client_Hello_12::add_tls12_supported_groups_extensions(const Policy& policy } Client_Hello_12::Client_Hello_12(std::unique_ptr data) : Client_Hello(std::move(data)) { + const uint16_t TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF; + if(offered_suite(static_cast(TLS_EMPTY_RENEGOTIATION_INFO_SCSV))) { if(Renegotiation_Extension* reneg = m_data->extensions().get()) { if(!reneg->renegotiation_info().empty()) { diff --git a/src/lib/tls/msg_session_ticket.cpp b/src/lib/tls/msg_session_ticket.cpp index 5a9ef041486..7ee642f2f0a 100644 --- a/src/lib/tls/msg_session_ticket.cpp +++ b/src/lib/tls/msg_session_ticket.cpp @@ -113,7 +113,7 @@ std::optional New_Session_Ticket_13::early_data_byte_limit() const { const EarlyDataIndication* ext = m_extensions.get(); BOTAN_ASSERT_NOMSG(ext->max_early_data_size().has_value()); - return ext->max_early_data_size().value(); + return ext->max_early_data_size(); } std::vector New_Session_Ticket_13::serialize() const { diff --git a/src/lib/tls/tls12/msg_client_kex.cpp b/src/lib/tls/tls12/msg_client_kex.cpp index b7e2a65cbac..6944bbceadf 100644 --- a/src/lib/tls/tls12/msg_client_kex.cpp +++ b/src/lib/tls/tls12/msg_client_kex.cpp @@ -244,7 +244,7 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector& contents, psk = creds.psk("tls-server", state.client_hello()->sni_hostname(), m_psk_identity.value()); - if(psk.length() == 0) { + if(psk.empty()) { if(policy.hide_unknown_users()) { psk = SymmetricKey(rng, 16); } else { diff --git a/src/lib/tls/tls13/tls_channel_impl_13.cpp b/src/lib/tls/tls13/tls_channel_impl_13.cpp index 243f1a23e1c..b681b20db3c 100644 --- a/src/lib/tls/tls13/tls_channel_impl_13.cpp +++ b/src/lib/tls/tls13/tls_channel_impl_13.cpp @@ -322,11 +322,10 @@ void Channel_Impl_13::update_traffic_keys(bool request_peer_update) { m_cipher_state->update_write_keys(*this); } -void Channel_Impl_13::send_record(Record_Type record_type, const std::vector& record) { +void Channel_Impl_13::send_record(Record_Type type, const std::vector& record) { BOTAN_STATE_CHECK(!is_downgrading()); BOTAN_STATE_CHECK(m_can_write); - const auto type = static_cast(record_type); auto to_write = m_record_layer.prepare_records(type, record, m_cipher_state.get()); // After the initial handshake message is sent, the record layer must @@ -340,7 +339,7 @@ void Channel_Impl_13::send_record(Record_Type record_type, const std::vector ccs_content = {0x01}; const auto ccs = m_record_layer.prepare_records(Record_Type::ChangeCipherSpec, ccs_content, m_cipher_state.get()); to_write = concat(ccs, to_write); diff --git a/src/lib/tls/tls13/tls_cipher_state.cpp b/src/lib/tls/tls13/tls_cipher_state.cpp index 206b905f6d7..90628b5296d 100644 --- a/src/lib/tls/tls13/tls_cipher_state.cpp +++ b/src/lib/tls/tls13/tls_cipher_state.cpp @@ -550,7 +550,7 @@ void Cipher_State::derive_read_traffic_key(const secure_vector& traffic } } -secure_vector Cipher_State::hkdf_extract(secure_vector&& ikm) const { +secure_vector Cipher_State::hkdf_extract(std::span ikm) const { return m_extract->derive_key(m_hash->output_length(), ikm, m_salt, std::vector()); } diff --git a/src/lib/tls/tls13/tls_cipher_state.h b/src/lib/tls/tls13/tls_cipher_state.h index c14955a8c11..b33b14c07cd 100644 --- a/src/lib/tls/tls13/tls_cipher_state.h +++ b/src/lib/tls/tls13/tls_cipher_state.h @@ -275,7 +275,7 @@ class BOTAN_TEST_API Cipher_State { /** * HKDF-Extract from RFC 8446 7.1 */ - secure_vector hkdf_extract(secure_vector&& ikm) const; + secure_vector hkdf_extract(std::span ikm) const; /** * HKDF-Expand-Label from RFC 8446 7.1 diff --git a/src/lib/tls/tls13/tls_extensions_psk.cpp b/src/lib/tls/tls13/tls_extensions_psk.cpp index a01527d16e4..ab3e19f4ab8 100644 --- a/src/lib/tls/tls13/tls_extensions_psk.cpp +++ b/src/lib/tls/tls13/tls_extensions_psk.cpp @@ -45,6 +45,7 @@ class Client_PSK { session_to_resume.session.extract_master_secret(), Cipher_State::PSK_Type::Resumption) {} + // NOLINTNEXTLINE(*-rvalue-reference-param-not-moved) Client_PSK(ExternalPSK&& psk) : Client_PSK(PskIdentity(PresharedKeyID(psk.identity())), psk.prf_algo(), diff --git a/src/lib/tls/tls13_pqc/kex_to_kem_adapter.cpp b/src/lib/tls/tls13_pqc/kex_to_kem_adapter.cpp index c9ef5f10334..fd51dfcc9f9 100644 --- a/src/lib/tls/tls13_pqc/kex_to_kem_adapter.cpp +++ b/src/lib/tls/tls13_pqc/kex_to_kem_adapter.cpp @@ -91,6 +91,9 @@ std::unique_ptr generate_key_agreement_private_key(const P auto new_private_key = kex_public_key.generate_another(rng); const auto kex_key = dynamic_cast(new_private_key.get()); if(kex_key) [[likely]] { + // Intentionally leak new_private_key since we hold an alias of it in kex_key, + // which is captured in a unique_ptr below + // NOLINTNEXTLINE(*-unused-return-value) (void)new_private_key.release(); } return std::unique_ptr(kex_key); diff --git a/src/lib/tls/tls_ciphersuite.cpp b/src/lib/tls/tls_ciphersuite.cpp index 6eb2b9b47cb..76e5521110b 100644 --- a/src/lib/tls/tls_ciphersuite.cpp +++ b/src/lib/tls/tls_ciphersuite.cpp @@ -164,6 +164,9 @@ bool Ciphersuite::is_usable() const { if(mode == "OCB(12)" || mode == "OCB") return false; #endif + + // Potentially unused if all AEADs are available + BOTAN_UNUSED(mode); } } else { // Old non-AEAD schemes diff --git a/src/lib/tls/tls_extensions.cpp b/src/lib/tls/tls_extensions.cpp index 5460f02f614..2f8389f1c90 100644 --- a/src/lib/tls/tls_extensions.cpp +++ b/src/lib/tls/tls_extensions.cpp @@ -102,7 +102,7 @@ std::unique_ptr make_extension(TLS_Data_Reader& reader, #endif } - return std::make_unique(static_cast(code), reader, size); + return std::make_unique(code, reader, size); } } // namespace diff --git a/src/lib/tls/tls_session_manager_stateless.cpp b/src/lib/tls/tls_session_manager_stateless.cpp index 34c42f3e67c..436e61fa191 100644 --- a/src/lib/tls/tls_session_manager_stateless.cpp +++ b/src/lib/tls/tls_session_manager_stateless.cpp @@ -70,7 +70,7 @@ bool Session_Manager_Stateless::emits_session_tickets() { std::optional Session_Manager_Stateless::get_ticket_key() noexcept { try { auto key = m_credentials_manager->psk("tls-server", "session-ticket", ""); - if(key.length() == 0) { + if(key.empty()) { return std::nullopt; } return key; diff --git a/src/lib/utils/poly_dbl/poly_dbl.cpp b/src/lib/utils/poly_dbl/poly_dbl.cpp index e7568c2947b..c0dfc88ec0d 100644 --- a/src/lib/utils/poly_dbl/poly_dbl.cpp +++ b/src/lib/utils/poly_dbl/poly_dbl.cpp @@ -20,7 +20,7 @@ namespace { * by Gadiel Seroussi, HP Labs Tech Report HPL-98-135 * http://www.hpl.hp.com/techreports/98/HPL-98-135.pdf */ -enum class MinWeightPolynomial : uint64_t { +enum class MinWeightPolynomial : uint32_t { P64 = 0x1B, P128 = 0x87, P192 = 0x87, diff --git a/src/lib/utils/socket/socket.cpp b/src/lib/utils/socket/socket.cpp index 7b9e9f0f88a..2a5e9c4db1c 100644 --- a/src/lib/utils/socket/socket.cpp +++ b/src/lib/utils/socket/socket.cpp @@ -118,6 +118,8 @@ class Asio_Socket final : public OS::Socket { void check_timeout() { if(m_tcp.is_open() && m_timer.expires_at() < std::chrono::system_clock::now()) { boost::system::error_code err; + + // NOLINTNEXTLINE(bugprone-unused-return-value,cert-err33-c) m_tcp.close(err); } diff --git a/src/lib/utils/socket/socket_udp.cpp b/src/lib/utils/socket/socket_udp.cpp index 862602b6592..864f68822ce 100644 --- a/src/lib/utils/socket/socket_udp.cpp +++ b/src/lib/utils/socket/socket_udp.cpp @@ -118,6 +118,8 @@ class Asio_SocketUDP final : public OS::SocketUDP { void check_timeout() { if(m_udp.is_open() && m_timer.expires_at() < std::chrono::system_clock::now()) { boost::system::error_code err; + + // NOLINTNEXTLINE(bugprone-unused-return-value,cert-err33-c) m_udp.close(err); } diff --git a/src/lib/x509/alt_name.cpp b/src/lib/x509/alt_name.cpp index 4b7e9520ec7..1b262aa4bd4 100644 --- a/src/lib/x509/alt_name.cpp +++ b/src/lib/x509/alt_name.cpp @@ -102,6 +102,7 @@ void AlternativeName::encode_into(DER_Encoder& der) const { for(uint32_t ip : m_ipv4_addr) { auto ip_buf = store_be(ip); + // NOLINTNEXTLINE(clang-analyzer-optin.core.EnumCastOutOfRange) der.add_object(ASN1_Type(7), ASN1_Class::ContextSpecific, ip_buf.data(), 4); } diff --git a/src/lib/x509/name_constraint.cpp b/src/lib/x509/name_constraint.cpp index 37d778fce35..62c0a29cba1 100644 --- a/src/lib/x509/name_constraint.cpp +++ b/src/lib/x509/name_constraint.cpp @@ -287,7 +287,7 @@ std::ostream& operator<<(std::ostream& os, const GeneralSubtree& gs) { NameConstraints::NameConstraints(std::vector&& permitted_subtrees, std::vector&& excluded_subtrees) : - m_permitted_subtrees(permitted_subtrees), m_excluded_subtrees(excluded_subtrees) { + m_permitted_subtrees(std::move(permitted_subtrees)), m_excluded_subtrees(std::move(excluded_subtrees)) { for(const auto& c : m_permitted_subtrees) { m_permitted_name_types.insert(c.base().type_code()); } diff --git a/src/lib/x509/x509_ext.cpp b/src/lib/x509/x509_ext.cpp index cd2cbddf296..c54b58c1049 100644 --- a/src/lib/x509/x509_ext.cpp +++ b/src/lib/x509/x509_ext.cpp @@ -91,8 +91,6 @@ std::unique_ptr extension_from_oid(const OID& oid) { std::unique_ptr Extensions::create_extn_obj(const OID& oid, bool critical, const std::vector& body) { - const std::string oid_str = oid.to_string(); - auto extn = extension_from_oid(oid); if(!extn) { diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp index 201460424e1..5b029b66ad7 100644 --- a/src/lib/x509/x509path.cpp +++ b/src/lib/x509/x509path.cpp @@ -1029,7 +1029,7 @@ Path_Validation_Result::Path_Validation_Result(CertificatePathStatusCodes status std::vector&& cert_chain) : m_all_status(std::move(status)), m_warnings(find_warnings(m_all_status)), - m_cert_path(cert_chain), + m_cert_path(std::move(cert_chain)), m_overall(PKIX::overall_status(m_all_status)) {} const X509_Certificate& Path_Validation_Result::trust_root() const { diff --git a/src/scripts/dev_tools/run_clang_tidy.py b/src/scripts/dev_tools/run_clang_tidy.py index 0c29bcf896a..2b9bc9b83d6 100755 --- a/src/scripts/dev_tools/run_clang_tidy.py +++ b/src/scripts/dev_tools/run_clang_tidy.py @@ -60,6 +60,7 @@ 'misc-confusable-identifiers', 'modernize-avoid-bind', 'modernize-pass-by-value', + 'performance-avoid-endl', 'readability-convert-member-functions-to-static', 'readability-implicit-bool-conversion', 'readability-inconsistent-declaration-parameter-name', # should fix this, blocked by https://github.com/llvm/llvm-project/issues/60845 @@ -103,6 +104,7 @@ 'modernize-use-nodiscard', 'modernize-use-using', # fine not great 'portability-simd-intrinsics', + 'readability-avoid-return-with-void-value', 'readability-container-data-pointer', 'readability-function-cognitive-complexity', 'readability-identifier-length', # lol, lmao diff --git a/src/tests/test_dl_group.cpp b/src/tests/test_dl_group.cpp index 0a863823ee7..4a4da58a072 100644 --- a/src/tests/test_dl_group.cpp +++ b/src/tests/test_dl_group.cpp @@ -38,6 +38,7 @@ class DL_Group_Tests final : public Test { #if !defined(BOTAN_HAS_SANITIZER_UNDEFINED) result.test_throws("Bad generator param", "DL_Group unknown PrimeType", []() { + // NOLINTNEXTLINE(clang-analyzer-optin.core.EnumCastOutOfRange) auto invalid_type = static_cast(9); Botan::Null_RNG null_rng; Botan::DL_Group dl(null_rng, invalid_type, 1024); diff --git a/src/tests/test_filters.cpp b/src/tests/test_filters.cpp index cfd91a2c03c..7da65ceb31e 100644 --- a/src/tests/test_filters.cpp +++ b/src/tests/test_filters.cpp @@ -141,7 +141,6 @@ class Filter_Tests final : public Test { std::ifstream outfile_read(tmp_name); std::stringstream ss; ss << outfile_read.rdbuf(); - std::string foo = ss.str(); result.test_eq("output string", ss.str(), "efgh"); diff --git a/src/tests/test_oid.cpp b/src/tests/test_oid.cpp index ad6bfb69d0b..c0dae3279e4 100644 --- a/src/tests/test_oid.cpp +++ b/src/tests/test_oid.cpp @@ -75,10 +75,8 @@ Test::Result test_add_and_lookup() { const std::string name = "botan-test-oid2"; const std::string name2 = "botan-test-oid2.2"; - const std::string name3 = "botan-test-oid2.3"; const Botan::OID oid("1.3.6.1.4.1.25258.1001.1"); const Botan::OID oid2("1.3.6.1.4.1.25258.1001.2"); - const Botan::OID oid3("1.3.6.1.4.1.25258.1001.3"); result.test_eq("named OID not found", Botan::OID::from_name(name).has_value(), false); diff --git a/src/tests/test_pbkdf.cpp b/src/tests/test_pbkdf.cpp index 4c5024ad9dd..77811dbdc8c 100644 --- a/src/tests/test_pbkdf.cpp +++ b/src/tests/test_pbkdf.cpp @@ -95,7 +95,7 @@ class Pwdhash_Tests : public Test { std::unique_ptr pwhash; - if(pwdhash_fam->name() == "Scrypt" || pwdhash_fam->name().find("Argon2") == 0) { + if(pwdhash_fam->name() == "Scrypt" || pwdhash_fam->name().starts_with("Argon2")) { pwhash = pwdhash_fam->from_params( tuned_pwhash->memory_param(), tuned_pwhash->iterations(), tuned_pwhash->parallelism()); } else { diff --git a/src/tests/test_pkcs11_high_level.cpp b/src/tests/test_pkcs11_high_level.cpp index a9fa57c269e..6af55bd2c5e 100644 --- a/src/tests/test_pkcs11_high_level.cpp +++ b/src/tests/test_pkcs11_high_level.cpp @@ -99,9 +99,9 @@ class TestSession { } } - inline Session& session() const { return *m_session; } + Session& session() const { return *m_session; } - inline Slot& slot() const { return *m_slot; } + Slot& slot() const { return *m_slot; } private: std::unique_ptr m_module = nullptr; diff --git a/src/tests/test_pkcs11_low_level.cpp b/src/tests/test_pkcs11_low_level.cpp index 5326a76fa42..fb398de4400 100644 --- a/src/tests/test_pkcs11_low_level.cpp +++ b/src/tests/test_pkcs11_low_level.cpp @@ -80,28 +80,28 @@ class RAII_LowLevel { return slots; } - inline SessionHandle open_session(Flags session_flags) { + SessionHandle open_session(Flags session_flags) { std::vector slots = get_slots(true); m_low_level->C_OpenSession(slots.at(0), session_flags, nullptr, nullptr, &m_session_handle); m_is_session_open = true; return m_session_handle; } - inline SessionHandle open_rw_session_with_user_login() { + SessionHandle open_rw_session_with_user_login() { Flags session_flags = PKCS11::flags(Flag::SerialSession | Flag::RwSession); SessionHandle handle = open_session(session_flags); login(UserType::User, PIN()); return handle; } - inline SessionHandle get_session_handle() const { + SessionHandle get_session_handle() const { if(!m_is_session_open) { throw Test_Error("no open session"); } return m_session_handle; } - inline void close_session() { + void close_session() { if(!m_is_session_open) { throw Test_Error("no open session"); } @@ -110,7 +110,7 @@ class RAII_LowLevel { m_is_session_open = false; } - inline void login(UserType user_type, const secure_vector& pin) { + void login(UserType user_type, const secure_vector& pin) { if(!m_is_session_open) { throw Test_Error("no open session"); } @@ -123,7 +123,7 @@ class RAII_LowLevel { m_is_logged_in = true; } - inline void logout() { + void logout() { if(!m_is_logged_in) { throw Test_Error("Not logged in"); } @@ -472,7 +472,7 @@ Test::Result test_c_close_all_sessions() { // test ReturnValue variant open_two_sessions(); - ReturnValue rv = static_cast(-1); + ReturnValue rv = ReturnValue::OK; success = p11_low_level.get()->C_CloseAllSessions(slot_vec.at(0), &rv); result.test_eq("C_CloseAllSessions", success, true); result.test_rc_ok("C_CloseAllSessions", static_cast(rv)); diff --git a/src/tests/test_tests.cpp b/src/tests/test_tests.cpp index 39937cb6867..ce73758c1c9 100644 --- a/src/tests/test_tests.cpp +++ b/src/tests/test_tests.cpp @@ -30,7 +30,8 @@ class Test_Tests final : public Test { // Test a few success corner cases first const std::string testcase_name = "Failing Test"; - result.test_throws("throws pi", []() { throw 3.14159; }); // NOLINT(hicpp-exception-baseclass) + // NOLINTNEXTLINE(hicpp-exception-baseclass) + result.test_throws("throws pi(-ish)", []() { throw 22.0 / 7; }); // Test expected failure cases { diff --git a/src/tests/test_tls_hybrid_kem_key.cpp b/src/tests/test_tls_hybrid_kem_key.cpp index 3def3877277..658511b9539 100644 --- a/src/tests/test_tls_hybrid_kem_key.cpp +++ b/src/tests/test_tls_hybrid_kem_key.cpp @@ -41,6 +41,7 @@ std::unique_ptr kex_dh() { auto sk = Botan::load_private_key(kex_key->algorithm_identifier(), kex_key->private_key_bits()); auto kex_sk = dynamic_cast(sk.get()); if(kex_sk) { + // NOLINTNEXTLINE(bugprone-unused-return-value) (void)sk.release(); return std::unique_ptr(kex_sk); } else { @@ -53,6 +54,7 @@ std::unique_ptr kex_ecdh() { auto sk = Botan::load_private_key(kex_key->algorithm_identifier(), kex_key->private_key_bits()); auto kex_sk = dynamic_cast(sk.get()); if(kex_sk) { + // NOLINTNEXTLINE(bugprone-unused-return-value) (void)sk.release(); return std::unique_ptr(kex_sk); } else { diff --git a/src/tests/test_tls_messages.cpp b/src/tests/test_tls_messages.cpp index 97e8bb8bebc..95671f36b15 100644 --- a/src/tests/test_tls_messages.cpp +++ b/src/tests/test_tls_messages.cpp @@ -255,7 +255,6 @@ class TLS_Extension_Parsing_Test final : public Text_Based_Test { const std::vector protocol = vars.get_opt_bin("Protocol"); const std::vector ciphersuite = vars.get_opt_bin("Ciphersuite"); const std::string exception = vars.get_req_str("Exception"); - const std::string expected_name = vars.get_opt_str("Name", ""); const bool is_positive_test = exception.empty(); Test::Result result(extension + " parsing"); diff --git a/src/tests/test_tls_rfc8448.cpp b/src/tests/test_tls_rfc8448.cpp index 572919b901f..44c0d783eff 100644 --- a/src/tests/test_tls_rfc8448.cpp +++ b/src/tests/test_tls_rfc8448.cpp @@ -90,7 +90,10 @@ std::unique_ptr server_raw_public_key_pair() { */ class Padding final : public Botan::TLS::Extension { public: - static Botan::TLS::Extension_Code static_type() { return Botan::TLS::Extension_Code(21); } + static Botan::TLS::Extension_Code static_type() { + // NOLINTNEXTLINE(clang-analyzer-optin.core.EnumCastOutOfRange) + return Botan::TLS::Extension_Code(21); + } Botan::TLS::Extension_Code type() const override { return static_type(); } @@ -387,9 +390,13 @@ class Test_Credentials : public Botan::Credentials_Manager { const std::string& type, const std::string& context) override { BOTAN_UNUSED(cert_key_types, cert_signature_schemes, context); - return {(type == "tls-client") - ? client_certificate() - : ((m_alternative_server_certificate) ? alternative_server_certificate() : server_certificate())}; + if(type == "tls-client") { + return {client_certificate()}; + } else if(m_alternative_server_certificate) { + return {alternative_server_certificate()}; + } else { + return {server_certificate()}; + } } std::shared_ptr find_raw_public_key(const std::vector& key_types, diff --git a/src/tests/test_tls_session_manager.cpp b/src/tests/test_tls_session_manager.cpp index 4ed74b525f2..fceed37443a 100644 --- a/src/tests/test_tls_session_manager.cpp +++ b/src/tests/test_tls_session_manager.cpp @@ -1141,12 +1141,12 @@ std::vector tls_session_manager_expiry() { plcy.set_session_limit(1); result.test_is_eq("find one", mgr->find(server_info, cbs, plcy).size(), - size_t(plcy.maximum_session_tickets_per_client_hello())); + plcy.maximum_session_tickets_per_client_hello()); plcy.set_session_limit(3); result.test_is_eq("find three", mgr->find(server_info, cbs, plcy).size(), - size_t(plcy.maximum_session_tickets_per_client_hello())); + plcy.maximum_session_tickets_per_client_hello()); plcy.set_session_limit(10); result.test_is_eq("find all five", mgr->find(server_info, cbs, plcy).size(), size_t(5)); diff --git a/src/tests/test_tls_stream_integration.cpp b/src/tests/test_tls_stream_integration.cpp index c809ea4f649..8aeffd332e3 100644 --- a/src/tests/test_tls_stream_integration.cpp +++ b/src/tests/test_tls_stream_integration.cpp @@ -44,7 +44,7 @@ using Result = Botan_Tests::Test::Result; const auto k_timeout = std::chrono::seconds(30); const auto k_endpoints = std::vector{tcp::endpoint{net::ip::make_address("127.0.0.1"), 8082}}; -enum { max_msg_length = 512 }; +constexpr size_t MAX_MSG_LENGTH = 512; std::string server_cert() { return Botan_Tests::Test::data_dir() + "/x509/certstor/cert1.crt"; @@ -104,7 +104,7 @@ class Peer { // NOLINTNEXTLINE(*-exception-escape) virtual ~Peer() { cancel_timeout(); } - net::mutable_buffer buffer() { return net::buffer(m_data, max_msg_length); } + net::mutable_buffer buffer() { return net::buffer(m_data, MAX_MSG_LENGTH); } net::mutable_buffer buffer(size_t size) { return net::buffer(m_data, size); } @@ -121,14 +121,14 @@ class Peer { return 0; } - return max_msg_length - bytes_transferred; + return MAX_MSG_LENGTH - bytes_transferred; } void on_timeout(std::function cb) { m_on_timeout = std::move(cb); } void reset_timeout(const std::string& message) { m_timeout_timer.expires_after(k_timeout); - m_timeout_timer.async_wait([=, this](const error_code& ec) { + m_timeout_timer.async_wait([&](const error_code& ec) { if(ec != net::error::operation_aborted) // timer cancelled { if(m_on_timeout) { @@ -171,7 +171,7 @@ class Peer { net::system_timer m_timeout_timer; std::function m_on_timeout; - char m_data[max_msg_length]; + char m_data[MAX_MSG_LENGTH]; }; class Result_Wrapper { @@ -228,9 +228,16 @@ class Server : public Peer, error_code ec; const auto& endpoint = k_endpoints.back(); + // NOLINTNEXTLINE(bugprone-unused-return-value,cert-err33-c) m_acceptor.open(endpoint.protocol(), ec); + + // NOLINTNEXTLINE(bugprone-unused-return-value,cert-err33-c) m_acceptor.set_option(net::socket_base::reuse_address(true), ec); + + // NOLINTNEXTLINE(bugprone-unused-return-value,cert-err33-c) m_acceptor.bind(endpoint, ec); + + // NOLINTNEXTLINE(bugprone-unused-return-value,cert-err33-c) m_acceptor.listen(net::socket_base::max_listen_connections, ec); m_result.expect_success("listen", ec); @@ -384,9 +391,9 @@ class TestBase { m_server(std::make_shared(server_policy, ioc, m_name)), m_result(m_name) { m_client->on_timeout( - [=, this](const std::string& msg) { m_result.test_failure("timeout in client during: " + msg); }); + [&](const std::string& msg) { m_result.test_failure("timeout in client during: " + msg); }); m_server->on_timeout( - [=, this](const std::string& msg) { m_result.test_failure("timeout in server during: " + msg); }); + [&](const std::string& msg) { m_result.test_failure("timeout in server during: " + msg); }); m_server->listen(); } diff --git a/src/tests/test_utils.cpp b/src/tests/test_utils.cpp index af2e8757cee..84bfc6ca1d8 100644 --- a/src/tests/test_utils.cpp +++ b/src/tests/test_utils.cpp @@ -1033,8 +1033,6 @@ class Charset_Tests final : public Text_Based_Test { const std::vector in = vars.get_req_bin("In"); const std::vector expected = vars.get_req_bin("Out"); - const std::string in_str(in.begin(), in.end()); - std::string converted; if(type == "UCS2-UTF8") { diff --git a/src/tests/test_x509_path.cpp b/src/tests/test_x509_path.cpp index ada68a5c8e0..f22b75a846e 100644 --- a/src/tests/test_x509_path.cpp +++ b/src/tests/test_x509_path.cpp @@ -840,7 +840,7 @@ std::vector BSI_Path_Validation_Tests::run() { certs, restrictions, trusted, "", Botan::Usage_Type::UNSPECIFIED, validation_time); // We expect to be warned - if(expected_result.find("Warning: ") == 0) { + if(expected_result.starts_with("Warning: ")) { std::string stripped = expected_result.substr(std::string("Warning: ").size()); bool found_warning = false; for(const auto& warning_set : validation_result.warnings()) { diff --git a/src/tests/unit_asio_stream.cpp b/src/tests/unit_asio_stream.cpp index 5489d22a482..e950ca638fb 100644 --- a/src/tests/unit_asio_stream.cpp +++ b/src/tests/unit_asio_stream.cpp @@ -103,6 +103,7 @@ class CancellingMockChannel : public MockChannel { // only friends boost::asio::ssl::stream. We need to make our own. class TestStream : public boost::beast::test::stream { public: + // NOLINTNEXTLINE(modernize-type-traits) using boost::beast::test::stream::stream; using lowest_layer_type = boost::beast::test::stream; }; @@ -112,7 +113,8 @@ using FailCount = boost::beast::test::fail_count; class AsioStream : public Botan::TLS::Stream { public: template - AsioStream(std::shared_ptr context, Args&&... args) : Stream(context, args...) { + AsioStream(std::shared_ptr context, Args&&... args) : + Stream(context, std::forward(args)...) { m_native_handle = std::make_unique(m_core); } }; @@ -120,7 +122,8 @@ class AsioStream : public Botan::TLS::Stream { class ThrowingAsioStream : public Botan::TLS::Stream { public: template - ThrowingAsioStream(std::shared_ptr context, Args&&... args) : Stream(context, args...) { + ThrowingAsioStream(std::shared_ptr context, Args&&... args) : + Stream(context, std::forward(args)...) { m_native_handle = std::make_unique(m_core); } }; @@ -128,7 +131,8 @@ class ThrowingAsioStream : public Botan::TLS::Stream { public: template - CancellingAsioStream(std::shared_ptr context, Args&&... args) : Stream(context, args...) { + CancellingAsioStream(std::shared_ptr context, Args&&... args) : + Stream(context, std::forward(args)...) { m_native_handle = std::make_unique(m_core); } }; diff --git a/src/tests/unit_ecdsa.cpp b/src/tests/unit_ecdsa.cpp index f9941bb6472..b82a3e7311c 100644 --- a/src/tests/unit_ecdsa.cpp +++ b/src/tests/unit_ecdsa.cpp @@ -260,6 +260,7 @@ Test::Result test_encoding_options() { result.test_eq("Hybrid point same size as uncompressed", enc_uncompressed.size(), enc_hybrid.size()); #if !defined(BOTAN_HAS_SANITIZER_UNDEFINED) + // NOLINTNEXTLINE(clang-analyzer-optin.core.EnumCastOutOfRange) auto invalid_format = static_cast(99); result.test_throws("Invalid point format throws", "Invalid point encoding for EC_PublicKey", [&] { diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp index a865359027d..f20271d603d 100644 --- a/src/tests/unit_tls.cpp +++ b/src/tests/unit_tls.cpp @@ -296,7 +296,10 @@ class TLS_Handshake_Test final { private: class Test_Extension : public Botan::TLS::Extension { public: - static Botan::TLS::Extension_Code static_type() { return static_cast(666); } + static Botan::TLS::Extension_Code static_type() { + // NOLINTNEXTLINE(clang-analyzer-optin.core.EnumCastOutOfRange) + return static_cast(666); + } Botan::TLS::Extension_Code type() const override { return static_type(); } @@ -379,7 +382,9 @@ class TLS_Handshake_Test final { void tls_examine_extensions(const Botan::TLS::Extensions& extn, Botan::TLS::Connection_Side which_side, Botan::TLS::Handshake_Type /*unused*/) override { - Botan::TLS::Extension* test_extn = extn.get(static_cast(666)); + // NOLINTNEXTLINE(clang-analyzer-optin.core.EnumCastOutOfRange) + const auto extn_id = static_cast(666); + Botan::TLS::Extension* test_extn = extn.get(extn_id); if(test_extn == nullptr) { m_results.test_failure("Did not receive test extension from peer"); @@ -874,14 +879,18 @@ class TLS_Unit_Tests final : public Test { std::shared_ptr server_ses; #if defined(BOTAN_HAS_TLS_SQLITE3_SESSION_MANAGER) - client_ses.reset(new Botan::TLS::Session_Manager_SQLite("client pass", rng, ":memory:", 5)); - server_ses.reset(new Botan::TLS::Session_Manager_SQLite("server pass", rng, ":memory:", 10)); - - #else - client_ses = std::make_shared(rng); - server_ses = std::make_shared(rng); + client_ses = std::make_shared("client pass", rng, ":memory:", 5); + server_ses = std::make_shared("server pass", rng, ":memory:", 5); #endif + if(!client_ses) { + client_ses = std::make_shared(rng); + } + + if(!server_ses) { + server_ses = std::make_shared(rng); + } + auto creds = create_creds(*rng); #if defined(BOTAN_HAS_TLS_CBC) @@ -1014,11 +1023,16 @@ class TLS_Unit_Tests final : public Test { {{"groups", "brainpool256r1"}}); #if defined(BOTAN_HAS_X25519) - test_modern_versions( - "AES-128/GCM x25519", results, client_ses, server_ses, creds, rng, "ECDH", "AES-128/GCM", "AEAD", {{ - "groups", - "x25519" - }}); + test_modern_versions("AES-128/GCM x25519", + results, + client_ses, + server_ses, + creds, + rng, + "ECDH", + "AES-128/GCM", + "AEAD", + {{"groups", "x25519"}}); #endif test_modern_versions("AES-128/GCM FFDHE-2048", @@ -1047,8 +1061,8 @@ class TLS_Unit_Tests final : public Test { true); #if defined(BOTAN_HAS_TLS_SQLITE3_SESSION_MANAGER) - client_ses.reset(new Botan::TLS::Session_Manager_In_Memory(rng)); - server_ses.reset(new Botan::TLS::Session_Manager_In_Memory(rng)); + client_ses = std::make_shared(rng); + server_ses = std::make_shared(rng); #endif #if defined(BOTAN_HAS_AEAD_OCB) From 0a3dd4818e96d4b5c75eec1a8f6d3928b6216c96 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 5 Jun 2024 20:49:19 -0400 Subject: [PATCH 2/2] Update nightly clang-tidy build to run on 24.04 --- .github/workflows/nightly.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index adcf51684d7..051aefc170e 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -25,7 +25,7 @@ jobs: clang_tidy: name: "clang-tidy" - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 @@ -36,8 +36,8 @@ jobs: target: clang-tidy cache-key: linux-x86_64-clang-tidy - - name: Install Boost - run: sudo apt-get -qq install libboost-dev + - name: Install dependencies + run: sudo apt-get -qq install libboost-dev libbz2-dev liblzma-dev libsqlite3-dev - name: Configure Build run: python3 ./configure.py --cc=clang --build-targets=shared,cli,tests,examples,bogo_shim --build-fuzzers=test --with-boost --with-sqlite --with-zlib --with-lzma --with-bzip2