thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-11-22 23:52:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:ClickHouse/ClickHouse into urlCluster

Browse Source
This commit is contained in:
avogar 2023-04-21 14:13:33 +02:00
commit c949f0ebf5
6135 changed files with 432442 additions and 52687 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.clang-format
View File

@ -21,7 +21,6 @@ ConstructorInitializerAllOnOneLineOrOnePerLine: true
ExperimentalAutoDetectBinPacking: true
UseTab: Never
TabWidth: 4
IndentWidth: 4
Standard: Cpp11
PointerAlignment: Middle
MaxEmptyLinesToKeep: 2

95
.clang-tidy
View File

@ -23,9 +23,12 @@ Checks: '*,
-bugprone-implicit-widening-of-multiplication-result,
-bugprone-narrowing-conversions,
-bugprone-not-null-terminated-result,
-bugprone-reserved-identifier,
-bugprone-unchecked-optional-access,
-cert-dcl16-c,
-cert-dcl37-c,
-cert-dcl51-cpp,
-cert-err58-cpp,
-cert-msc32-c,
-cert-msc51-cpp,
@ -38,6 +41,8 @@ Checks: '*,
-clang-analyzer-security.insecureAPI.strcpy,
-cppcoreguidelines-avoid-c-arrays,
-cppcoreguidelines-avoid-const-or-ref-data-members,
-cppcoreguidelines-avoid-do-while,
-cppcoreguidelines-avoid-goto,
-cppcoreguidelines-avoid-magic-numbers,
-cppcoreguidelines-avoid-non-const-global-variables,
@ -105,6 +110,7 @@ Checks: '*,
-misc-const-correctness,
-misc-no-recursion,
-misc-non-private-member-variables-in-classes,
-misc-confusable-identifiers, # useful but slooow
-modernize-avoid-c-arrays,
-modernize-concat-nested-namespaces,
@ -125,10 +131,12 @@ Checks: '*,
-portability-simd-intrinsics,
-readability-braces-around-statements,
-readability-convert-member-functions-to-static,
-readability-else-after-return,
-readability-function-cognitive-complexity,
-readability-function-size,
-readability-identifier-length,
-readability-identifier-naming,
-readability-implicit-bool-conversion,
-readability-isolate-declaration,
-readability-magic-numbers,
@ -141,71 +149,32 @@ Checks: '*,
-readability-use-anyofallof,
-zirkon-*,
-misc-*, # temporarily disabled due to being too slow
# also disable checks in other categories which are aliases of checks in misc-*:
# https://releases.llvm.org/15.0.0/tools/clang/tools/extra/docs/clang-tidy/checks/list.html
-cert-dcl54-cpp, # alias of misc-new-delete-overloads
-hicpp-new-delete-operators, # alias of misc-new-delete-overloads
-cert-fio38-c, # alias of misc-non-copyable-objects
-cert-dcl03-c, # alias of misc-static-assert
-hicpp-static-assert, # alias of misc-static-assert
-cert-err09-cpp, # alias of misc-throw-by-value-catch-by-reference
-cert-err61-cpp, # alias of misc-throw-by-value-catch-by-reference
-cppcoreguidelines-c-copy-assignment-signature, # alias of misc-unconventional-assign-operator
-cppcoreguidelines-non-private-member-variables-in-classes, # alias of misc-non-private-member-variables-in-classes
'
WarningsAsErrors: '*'
# TODO: use dictionary syntax for CheckOptions when minimum clang-tidy level rose to 15
# some-check.SomeOption: 'some value'
# instead of
# - key: some-check.SomeOption
# value: 'some value'
CheckOptions:
- key: readability-identifier-naming.ClassCase
value: CamelCase
- key: readability-identifier-naming.EnumCase
value: CamelCase
- key: readability-identifier-naming.LocalVariableCase
value: lower_case
- key: readability-identifier-naming.StaticConstantCase
value: aNy_CasE
- key: readability-identifier-naming.MemberCase
value: lower_case
- key: readability-identifier-naming.PrivateMemberPrefix
value: ''
- key: readability-identifier-naming.ProtectedMemberPrefix
value: ''
- key: readability-identifier-naming.PublicMemberCase
value: lower_case
- key: readability-identifier-naming.MethodCase
value: camelBack
- key: readability-identifier-naming.PrivateMethodPrefix
value: ''
- key: readability-identifier-naming.ProtectedMethodPrefix
value: ''
- key: readability-identifier-naming.ParameterPackCase
value: lower_case
- key: readability-identifier-naming.StructCase
value: CamelCase
- key: readability-identifier-naming.TemplateTemplateParameterCase
value: CamelCase
- key: readability-identifier-naming.TemplateUsingCase
value: lower_case
- key: readability-identifier-naming.TypeTemplateParameterCase
value: CamelCase
- key: readability-identifier-naming.TypedefCase
value: CamelCase
- key: readability-identifier-naming.UnionCase
value: CamelCase
- key: readability-identifier-naming.UsingCase
value: CamelCase
- key: modernize-loop-convert.UseCxx20ReverseRanges
value: false
- key: performance-move-const-arg.CheckTriviallyCopyableMove
value: false
# Workaround clang-tidy bug: https://github.com/llvm/llvm-project/issues/46097
- key: readability-identifier-naming.TypeTemplateParameterIgnoredRegexp
value: expr-type
readability-identifier-naming.ClassCase: CamelCase
readability-identifier-naming.EnumCase: CamelCase
readability-identifier-naming.LocalVariableCase: lower_case
readability-identifier-naming.StaticConstantCase: aNy_CasE
readability-identifier-naming.MemberCase: lower_case
readability-identifier-naming.PrivateMemberPrefix: ''
readability-identifier-naming.ProtectedMemberPrefix: ''
readability-identifier-naming.PublicMemberCase: lower_case
readability-identifier-naming.MethodCase: camelBack
readability-identifier-naming.PrivateMethodPrefix: ''
readability-identifier-naming.ProtectedMethodPrefix: ''
readability-identifier-naming.ParameterPackCase: lower_case
readability-identifier-naming.StructCase: CamelCase
readability-identifier-naming.TemplateTemplateParameterCase: CamelCase
readability-identifier-naming.TemplateUsingCase: lower_case
readability-identifier-naming.TypeTemplateParameterCase: CamelCase
readability-identifier-naming.TypedefCase: CamelCase
readability-identifier-naming.UnionCase: CamelCase
readability-identifier-naming.UsingCase: CamelCase
modernize-loop-convert.UseCxx20ReverseRanges: false
performance-move-const-arg.CheckTriviallyCopyableMove: false
# Workaround clang-tidy bug: https://github.com/llvm/llvm-project/issues/46097
readability-identifier-naming.TypeTemplateParameterIgnoredRegexp: expr-type
cppcoreguidelines-avoid-do-while.IgnoreMacros: true

2
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@ -7,11 +7,11 @@ tests/ci/run_check.py
### Changelog category (leave one):
- New Feature
- Improvement
- Bug Fix (user-visible misbehavior in official stable or prestable release)
- Performance Improvement
- Backward Incompatible Change
- Build/Testing/Packaging Improvement
- Documentation (changelog entry is not required)
- Bug Fix (user-visible misbehavior in an official stable release)
- Not for changelog (changelog entry is not required)

137
.github/workflows/backport_branches.yml vendored
View File

@ -9,8 +9,22 @@ on: # yamllint disable-line rule:truthy
branches:
- 'backport/**'
jobs:
CheckLabels:
runs-on: [self-hosted, style-checker]
# Run the first check always, even if the CI is cancelled
if: ${{ always() }}
steps:
- name: Check out repository code
uses: ClickHouse/checkout@v1
with:
clear-repository: true
- name: Labels check
run: |
cd "$GITHUB_WORKSPACE/tests/ci"
python3 run_check.py
PythonUnitTests:
runs-on: [self-hosted, style-checker]
needs: CheckLabels
steps:
- name: Check out repository code
uses: ClickHouse/checkout@v1
@ -22,6 +36,7 @@ jobs:
python3 -m unittest discover -s . -p '*_test.py'
DockerHubPushAarch64:
runs-on: [self-hosted, style-checker-aarch64]
needs: CheckLabels
steps:
- name: Check out repository code
uses: ClickHouse/checkout@v1
@ -38,6 +53,7 @@ jobs:
path: ${{ runner.temp }}/docker_images_check/changed_images_aarch64.json
DockerHubPushAmd64:
runs-on: [self-hosted, style-checker]
needs: CheckLabels
steps:
- name: Check out repository code
uses: ClickHouse/checkout@v1
@ -79,7 +95,7 @@ jobs:
with:
name: changed_images
path: ${{ runner.temp }}/changed_images.json
CompatibilityCheck:
CompatibilityCheckX86:
needs: [BuilderDebRelease]
runs-on: [self-hosted, style-checker]
steps:
@ -98,12 +114,43 @@ jobs:
uses: actions/download-artifact@v3
with:
path: ${{ env.REPORTS_PATH }}
- name: CompatibilityCheck
- name: CompatibilityCheckX86
run: |
sudo rm -fr "$TEMP_PATH"
mkdir -p "$TEMP_PATH"
cp -r "$GITHUB_WORKSPACE" "$TEMP_PATH"
cd "$REPO_COPY/tests/ci" && python3 compatibility_check.py
cd "$REPO_COPY/tests/ci" && python3 compatibility_check.py --check-name "Compatibility check (amd64)" --check-glibc --check-distributions
- name: Cleanup
if: always()
run: |
docker ps --quiet | xargs --no-run-if-empty docker kill ||:
docker ps --all --quiet | xargs --no-run-if-empty docker rm -f ||:
sudo rm -fr "$TEMP_PATH"
CompatibilityCheckAarch64:
needs: [BuilderDebAarch64]
runs-on: [self-hosted, style-checker]
steps:
- name: Set envs
run: |
cat >> "$GITHUB_ENV" << 'EOF'
TEMP_PATH=${{runner.temp}}/compatibility_check
REPO_COPY=${{runner.temp}}/compatibility_check/ClickHouse
REPORTS_PATH=${{runner.temp}}/reports_dir
EOF
- name: Check out repository code
uses: ClickHouse/checkout@v1
with:
clear-repository: true
- name: Download json reports
uses: actions/download-artifact@v3
with:
path: ${{ env.REPORTS_PATH }}
- name: CompatibilityCheckAarch64
run: |
sudo rm -fr "$TEMP_PATH"
mkdir -p "$TEMP_PATH"
cp -r "$GITHUB_WORKSPACE" "$TEMP_PATH"
cd "$REPO_COPY/tests/ci" && python3 compatibility_check.py --check-name "Compatibility check (aarch64)" --check-glibc
- name: Cleanup
if: always()
run: |
@ -302,6 +349,13 @@ jobs:
with:
clear-repository: true
submodules: true
- name: Apply sparse checkout for contrib # in order to check that it doesn't break build
run: |
rm -rf "$GITHUB_WORKSPACE/contrib" && echo 'removed'
git -C "$GITHUB_WORKSPACE" checkout . && echo 'restored'
"$GITHUB_WORKSPACE/contrib/update-submodules.sh" && echo 'OK'
du -hs "$GITHUB_WORKSPACE/contrib" ||:
find "$GITHUB_WORKSPACE/contrib" -type f | wc -l ||:
- name: Build
run: |
sudo rm -fr "$TEMP_PATH"
@ -421,8 +475,9 @@ jobs:
- name: Check docker clickhouse/clickhouse-server building
run: |
cd "$GITHUB_WORKSPACE/tests/ci"
python3 docker_server.py --release-type head --no-push
python3 docker_server.py --release-type head --no-push --no-ubuntu \
python3 docker_server.py --release-type head --no-push \
--image-repo clickhouse/clickhouse-server --image-path docker/server
python3 docker_server.py --release-type head --no-push \
--image-repo clickhouse/clickhouse-keeper --image-path docker/keeper
- name: Cleanup
if: always()
@ -512,6 +567,75 @@ jobs:
docker ps --quiet | xargs --no-run-if-empty docker kill ||:
docker ps --all --quiet | xargs --no-run-if-empty docker rm -f ||:
sudo rm -fr "$TEMP_PATH"
############################################################################################
#################################### INSTALL PACKAGES ######################################
############################################################################################
InstallPackagesTestRelease:
needs: [BuilderDebRelease]
runs-on: [self-hosted, style-checker]
steps:
- name: Set envs
run: |
cat >> "$GITHUB_ENV" << 'EOF'
TEMP_PATH=${{runner.temp}}/test_install
REPORTS_PATH=${{runner.temp}}/reports_dir
CHECK_NAME=Install packages (amd64)
REPO_COPY=${{runner.temp}}/test_install/ClickHouse
EOF
- name: Download json reports
uses: actions/download-artifact@v3
with:
path: ${{ env.REPORTS_PATH }}
- name: Check out repository code
uses: ClickHouse/checkout@v1
with:
clear-repository: true
- name: Test packages installation
run: |
sudo rm -fr "$TEMP_PATH"
mkdir -p "$TEMP_PATH"
cp -r "$GITHUB_WORKSPACE" "$TEMP_PATH"
cd "$REPO_COPY/tests/ci"
python3 install_check.py "$CHECK_NAME"
- name: Cleanup
if: always()
run: |
docker ps --quiet | xargs --no-run-if-empty docker kill ||:
docker ps --all --quiet | xargs --no-run-if-empty docker rm -f ||:
sudo rm -fr "$TEMP_PATH"
InstallPackagesTestAarch64:
needs: [BuilderDebAarch64]
runs-on: [self-hosted, style-checker-aarch64]
steps:
- name: Set envs
run: |
cat >> "$GITHUB_ENV" << 'EOF'
TEMP_PATH=${{runner.temp}}/test_install
REPORTS_PATH=${{runner.temp}}/reports_dir
CHECK_NAME=Install packages (arm64)
REPO_COPY=${{runner.temp}}/test_install/ClickHouse
EOF
- name: Download json reports
uses: actions/download-artifact@v3
with:
path: ${{ env.REPORTS_PATH }}
- name: Check out repository code
uses: ClickHouse/checkout@v1
with:
clear-repository: true
- name: Test packages installation
run: |
sudo rm -fr "$TEMP_PATH"
mkdir -p "$TEMP_PATH"
cp -r "$GITHUB_WORKSPACE" "$TEMP_PATH"
cd "$REPO_COPY/tests/ci"
python3 install_check.py "$CHECK_NAME"
- name: Cleanup
if: always()
run: |
docker ps --quiet | xargs --no-run-if-empty docker kill ||:
docker ps --all --quiet | xargs --no-run-if-empty docker rm -f ||:
sudo rm -fr "$TEMP_PATH"
##############################################################################################
########################### FUNCTIONAl STATELESS TESTS #######################################
##############################################################################################
@ -672,7 +796,8 @@ jobs:
- FunctionalStatefulTestDebug
- StressTestTsan
- IntegrationTestsRelease
- CompatibilityCheck
- CompatibilityCheckX86
- CompatibilityCheckAarch64
runs-on: [self-hosted, style-checker]
steps:
- name: Check out repository code

1
.github/workflows/cherry_pick.yml vendored
View File

@ -35,7 +35,6 @@ jobs:
fetch-depth: 0
- name: Cherry pick
run: |
sudo pip install GitPython
cd "$GITHUB_WORKSPACE/tests/ci"
python3 cherry_pick.py
- name: Cleanup

2
.github/workflows/debug.yml vendored
View File

@ -2,7 +2,7 @@
name: Debug
'on':
[push, pull_request, release, workflow_dispatch, workflow_call]
[push, pull_request, pull_request_review, release, workflow_dispatch, workflow_call]
jobs:
DebugInfo:

4
.github/workflows/docs_check.yml vendored
View File

@ -13,9 +13,11 @@ on: # yamllint disable-line rule:truthy
branches:
- master
paths:
- 'CHANGELOG.md'
- 'README.md'
- 'SECURITY.md'
- 'docker/docs/**'
- 'docs/**'
- 'website/**'
- 'utils/check-style/aspell-ignore/**'
jobs:
CheckLabels:

118
.github/workflows/docs_release.yml vendored
View File

@ -1,118 +0,0 @@
name: DocsReleaseChecks
env:
# Force the stdout and stderr streams to be unbuffered
PYTHONUNBUFFERED: 1
concurrency:
group: master-release
cancel-in-progress: true
'on':
push:
branches:
- master
paths:
- '.github/**'
- 'docker/docs/release/**'
- 'docs/**'
- 'utils/list-versions/version_date.tsv'
- 'website/**'
- 'utils/check-style/aspell-ignore/**'
workflow_dispatch:
jobs:
DockerHubPushAarch64:
runs-on: [self-hosted, style-checker-aarch64]
steps:
- name: Check out repository code
uses: ClickHouse/checkout@v1
with:
clear-repository: true
- name: Images check
run: |
cd "$GITHUB_WORKSPACE/tests/ci"
python3 docker_images_check.py --suffix aarch64
- name: Upload images files to artifacts
uses: actions/upload-artifact@v3
with:
name: changed_images_aarch64
path: ${{ runner.temp }}/docker_images_check/changed_images_aarch64.json
DockerHubPushAmd64:
runs-on: [self-hosted, style-checker]
steps:
- name: Check out repository code
uses: ClickHouse/checkout@v1
with:
clear-repository: true
- name: Images check
run: |
cd "$GITHUB_WORKSPACE/tests/ci"
python3 docker_images_check.py --suffix amd64
- name: Upload images files to artifacts
uses: actions/upload-artifact@v3
with:
name: changed_images_amd64
path: ${{ runner.temp }}/docker_images_check/changed_images_amd64.json
DockerHubPush:
needs: [DockerHubPushAmd64, DockerHubPushAarch64]
runs-on: [self-hosted, style-checker]
steps:
- name: Check out repository code
uses: ClickHouse/checkout@v1
with:
clear-repository: true
- name: Download changed aarch64 images
uses: actions/download-artifact@v3
with:
name: changed_images_aarch64
path: ${{ runner.temp }}
- name: Download changed amd64 images
uses: actions/download-artifact@v3
with:
name: changed_images_amd64
path: ${{ runner.temp }}
- name: Images check
run: |
cd "$GITHUB_WORKSPACE/tests/ci"
python3 docker_manifests_merge.py --suffix amd64 --suffix aarch64
- name: Upload images files to artifacts
uses: actions/upload-artifact@v3
with:
name: changed_images
path: ${{ runner.temp }}/changed_images.json
DocsRelease:
needs: DockerHubPush
runs-on: [self-hosted, func-tester]
steps:
- name: Set envs
# https://docs.github.com/en/actions/learn-github-actions/workflow-commands-for-github-actions#multiline-strings
run: |
cat >> "$GITHUB_ENV" << 'EOF'
TEMP_PATH=${{runner.temp}}/docs_release
REPO_COPY=${{runner.temp}}/docs_release/ClickHouse
CLOUDFLARE_TOKEN=${{secrets.CLOUDFLARE}}
ROBOT_CLICKHOUSE_SSH_KEY<<RCSK
${{secrets.ROBOT_CLICKHOUSE_SSH_KEY}}
RCSK
EOF
- name: Check out repository code
uses: ClickHouse/checkout@v1
with:
clear-repository: true
- name: Download changed images
uses: actions/download-artifact@v3
with:
name: changed_images
path: ${{ env.TEMP_PATH }}
- name: Docs Release
run: |
sudo rm -fr "$TEMP_PATH"
mkdir -p "$TEMP_PATH"
cp -r "$GITHUB_WORKSPACE" "$TEMP_PATH"
cd "$REPO_COPY/tests/ci"
python3 docs_release.py
- name: Cleanup
if: always()
run: |
docker ps --quiet | xargs --no-run-if-empty docker kill ||:
docker ps --all --quiet | xargs --no-run-if-empty docker rm -f ||:
sudo rm -fr "$TEMP_PATH"

908
.github/workflows/master.yml vendored
View File

File diff suppressed because it is too large Load Diff

10
.github/workflows/nightly.yml vendored
View File

@ -107,7 +107,7 @@ jobs:
run: |
curl --form token="${COVERITY_TOKEN}" \
--form email='security+coverity@clickhouse.com' \
--form file="@$TEMP_PATH/$BUILD_NAME/coverity-scan.tar.zst" \
--form file="@$TEMP_PATH/$BUILD_NAME/coverity-scan.tar.gz" \
--form version="${GITHUB_REF#refs/heads/}-${GITHUB_SHA::6}" \
--form description="Nighly Scan: $(date +'%Y-%m-%dT%H:%M:%S')" \
https://scan.coverity.com/builds?project=ClickHouse%2FClickHouse
@ -118,9 +118,11 @@ jobs:
docker ps --all --quiet | xargs --no-run-if-empty docker rm -f ||:
sudo rm -fr "$TEMP_PATH" "$CACHES_PATH"
SonarCloud:
# TODO: Remove if: whenever SonarCloud supports c++23
if: ${{ false }}
runs-on: [self-hosted, builder]
env:
SONAR_SCANNER_VERSION: 4.7.0.2747
SONAR_SCANNER_VERSION: 4.8.0.2856
SONAR_SERVER_URL: "https://sonarcloud.io"
BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory # Directory where build-wrapper output will be placed
CC: clang-15
@ -154,7 +156,7 @@ jobs:
- name: Set Up Build Tools
run: |
sudo apt-get update
sudo apt-get install -yq git cmake ccache python3 ninja-build
sudo apt-get install -yq git cmake ccache ninja-build python3 yasm
sudo bash -c "$(wget -O - https://apt.llvm.org/llvm.sh)"
- name: Run build-wrapper
run: |
@ -173,4 +175,4 @@ jobs:
--define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}" \
--define sonar.projectKey="ClickHouse_ClickHouse" \
--define sonar.organization="clickhouse-java" \
--define sonar.exclusions="**/*.java,**/*.ts,**/*.js,**/*.css,**/*.sql"
--define sonar.exclusions="**/*.java,**/*.ts,**/*.js,**/*.css,**/*.sql" \

515
.github/workflows/pull_request.yml vendored
View File

@ -13,9 +13,11 @@ on: # yamllint disable-line rule:truthy
branches:
- master
paths-ignore:
- 'CHANGELOG.md'
- 'README.md'
- 'SECURITY.md'
- 'docker/docs/**'
- 'docs/**'
- 'website/**'
- 'utils/check-style/aspell-ignore/**'
##########################################################################################
##################################### SMALL CHECKS #######################################
@ -35,7 +37,6 @@ jobs:
cd "$GITHUB_WORKSPACE/tests/ci"
python3 run_check.py
PythonUnitTests:
needs: CheckLabels
runs-on: [self-hosted, style-checker]
steps:
- name: Check out repository code
@ -172,7 +173,7 @@ jobs:
docker ps --quiet | xargs --no-run-if-empty docker kill ||:
docker ps --all --quiet | xargs --no-run-if-empty docker rm -f ||:
sudo rm -fr "$TEMP_PATH" "$CACHES_PATH"
CompatibilityCheck:
CompatibilityCheckX86:
needs: [BuilderDebRelease]
runs-on: [self-hosted, style-checker]
steps:
@ -191,12 +192,43 @@ jobs:
uses: actions/download-artifact@v3
with:
path: ${{ env.REPORTS_PATH }}
- name: CompatibilityCheck
- name: CompatibilityCheckX86
run: |
sudo rm -fr "$TEMP_PATH"
mkdir -p "$TEMP_PATH"
cp -r "$GITHUB_WORKSPACE" "$TEMP_PATH"
cd "$REPO_COPY/tests/ci" && python3 compatibility_check.py
cd "$REPO_COPY/tests/ci" && python3 compatibility_check.py --check-name "Compatibility check (amd64)" --check-glibc --check-distributions
- name: Cleanup
if: always()
run: |
docker ps --quiet | xargs --no-run-if-empty docker kill ||:
docker ps --all --quiet | xargs --no-run-if-empty docker rm -f ||:
sudo rm -fr "$TEMP_PATH"
CompatibilityCheckAarch64:
needs: [BuilderDebAarch64]
runs-on: [self-hosted, style-checker]
steps:
- name: Set envs
run: |
cat >> "$GITHUB_ENV" << 'EOF'
TEMP_PATH=${{runner.temp}}/compatibility_check
REPO_COPY=${{runner.temp}}/compatibility_check/ClickHouse
REPORTS_PATH=${{runner.temp}}/reports_dir
EOF
- name: Check out repository code
uses: ClickHouse/checkout@v1
with:
clear-repository: true
- name: Download json reports
uses: actions/download-artifact@v3
with:
path: ${{ env.REPORTS_PATH }}
- name: CompatibilityCheckAarch64
run: |
sudo rm -fr "$TEMP_PATH"
mkdir -p "$TEMP_PATH"
cp -r "$GITHUB_WORKSPACE" "$TEMP_PATH"
cd "$REPO_COPY/tests/ci" && python3 compatibility_check.py --check-name "Compatibility check (aarch64)" --check-glibc
- name: Cleanup
if: always()
run: |
@ -518,6 +550,13 @@ jobs:
with:
clear-repository: true
submodules: true
- name: Apply sparse checkout for contrib # in order to check that it doesn't break build
run: |
rm -rf "$GITHUB_WORKSPACE/contrib" && echo 'removed'
git -C "$GITHUB_WORKSPACE" checkout . && echo 'restored'
"$GITHUB_WORKSPACE/contrib/update-submodules.sh" && echo 'OK'
du -hs "$GITHUB_WORKSPACE/contrib" ||:
find "$GITHUB_WORKSPACE/contrib" -type f | wc -l ||:
- name: Build
run: |
sudo rm -fr "$TEMP_PATH"
@ -884,8 +923,9 @@ jobs:
- name: Check docker clickhouse/clickhouse-server building
run: |
cd "$GITHUB_WORKSPACE/tests/ci"
python3 docker_server.py --release-type head --no-push
python3 docker_server.py --release-type head --no-push --no-ubuntu \
python3 docker_server.py --release-type head --no-push \
--image-repo clickhouse/clickhouse-server --image-path docker/server
python3 docker_server.py --release-type head --no-push \
--image-repo clickhouse/clickhouse-keeper --image-path docker/keeper
- name: Cleanup
if: always()
@ -984,6 +1024,75 @@ jobs:
docker ps --quiet | xargs --no-run-if-empty docker kill ||:
docker ps --all --quiet | xargs --no-run-if-empty docker rm -f ||:
sudo rm -fr "$TEMP_PATH"
############################################################################################
#################################### INSTALL PACKAGES ######################################
############################################################################################
InstallPackagesTestRelease:
needs: [BuilderDebRelease]
runs-on: [self-hosted, style-checker]
steps:
- name: Set envs
run: |
cat >> "$GITHUB_ENV" << 'EOF'
TEMP_PATH=${{runner.temp}}/test_install
REPORTS_PATH=${{runner.temp}}/reports_dir
CHECK_NAME=Install packages (amd64)
REPO_COPY=${{runner.temp}}/test_install/ClickHouse
EOF
- name: Download json reports
uses: actions/download-artifact@v3
with:
path: ${{ env.REPORTS_PATH }}
- name: Check out repository code
uses: ClickHouse/checkout@v1
with:
clear-repository: true
- name: Test packages installation
run: |
sudo rm -fr "$TEMP_PATH"
mkdir -p "$TEMP_PATH"
cp -r "$GITHUB_WORKSPACE" "$TEMP_PATH"
cd "$REPO_COPY/tests/ci"
python3 install_check.py "$CHECK_NAME"
- name: Cleanup
if: always()
run: |
docker ps --quiet | xargs --no-run-if-empty docker kill ||:
docker ps --all --quiet | xargs --no-run-if-empty docker rm -f ||:
sudo rm -fr "$TEMP_PATH"
InstallPackagesTestAarch64:
needs: [BuilderDebAarch64]
runs-on: [self-hosted, style-checker-aarch64]
steps:
- name: Set envs
run: |
cat >> "$GITHUB_ENV" << 'EOF'
TEMP_PATH=${{runner.temp}}/test_install
REPORTS_PATH=${{runner.temp}}/reports_dir
CHECK_NAME=Install packages (arm64)
REPO_COPY=${{runner.temp}}/test_install/ClickHouse
EOF
- name: Download json reports
uses: actions/download-artifact@v3
with:
path: ${{ env.REPORTS_PATH }}
- name: Check out repository code
uses: ClickHouse/checkout@v1
with:
clear-repository: true
- name: Test packages installation
run: |
sudo rm -fr "$TEMP_PATH"
mkdir -p "$TEMP_PATH"
cp -r "$GITHUB_WORKSPACE" "$TEMP_PATH"
cd "$REPO_COPY/tests/ci"
python3 install_check.py "$CHECK_NAME"
- name: Cleanup
if: always()
run: |
docker ps --quiet | xargs --no-run-if-empty docker kill ||:
docker ps --all --quiet | xargs --no-run-if-empty docker rm -f ||:
sudo rm -fr "$TEMP_PATH"
##############################################################################################
########################### FUNCTIONAl STATELESS TESTS #######################################
##############################################################################################
@ -2813,6 +2922,217 @@ jobs:
docker ps --quiet | xargs --no-run-if-empty docker kill ||:
docker ps --all --quiet | xargs --no-run-if-empty docker rm -f ||:
sudo rm -fr "$TEMP_PATH"
# Parallel replicas
FunctionalStatefulTestDebugParallelReplicas:
needs: [BuilderDebDebug]
runs-on: [self-hosted, func-tester]
steps:
- name: Set envs
run: |
cat >> "$GITHUB_ENV" << 'EOF'
TEMP_PATH=${{runner.temp}}/stateful_debug
REPORTS_PATH=${{runner.temp}}/reports_dir
CHECK_NAME=Stateful tests (debug, ParallelReplicas)
REPO_COPY=${{runner.temp}}/stateful_debug/ClickHouse
KILL_TIMEOUT=3600
EOF
- name: Download json reports
uses: actions/download-artifact@v2
with:
path: ${{ env.REPORTS_PATH }}
- name: Clear repository
run: |
sudo rm -fr "$GITHUB_WORKSPACE" && mkdir "$GITHUB_WORKSPACE"
- name: Check out repository code
uses: actions/checkout@v2
- name: Functional test
run: |
sudo rm -fr "$TEMP_PATH"
mkdir -p "$TEMP_PATH"
cp -r "$GITHUB_WORKSPACE" "$TEMP_PATH"
cd "$REPO_COPY/tests/ci"
python3 functional_test_check.py "$CHECK_NAME" "$KILL_TIMEOUT"
- name: Cleanup
if: always()
run: |
docker ps --quiet | xargs --no-run-if-empty docker kill ||:
docker ps --all --quiet | xargs --no-run-if-empty docker rm -f ||:
sudo rm -fr "$TEMP_PATH"
FunctionalStatefulTestUBsanParallelReplicas:
needs: [BuilderDebUBsan]
runs-on: [self-hosted, func-tester]
steps:
- name: Set envs
run: |
cat >> "$GITHUB_ENV" << 'EOF'
TEMP_PATH=${{runner.temp}}/stateful_ubsan
REPORTS_PATH=${{runner.temp}}/reports_dir
CHECK_NAME=Stateful tests (ubsan, ParallelReplicas)
REPO_COPY=${{runner.temp}}/stateful_ubsan/ClickHouse
KILL_TIMEOUT=3600
EOF
- name: Download json reports
uses: actions/download-artifact@v2
with:
path: ${{ env.REPORTS_PATH }}
- name: Clear repository
run: |
sudo rm -fr "$GITHUB_WORKSPACE" && mkdir "$GITHUB_WORKSPACE"
- name: Check out repository code
uses: actions/checkout@v2
- name: Functional test
run: |
sudo rm -fr "$TEMP_PATH"
mkdir -p "$TEMP_PATH"
cp -r "$GITHUB_WORKSPACE" "$TEMP_PATH"
cd "$REPO_COPY/tests/ci"
python3 functional_test_check.py "$CHECK_NAME" "$KILL_TIMEOUT"
- name: Cleanup
if: always()
run: |
docker ps --quiet | xargs --no-run-if-empty docker kill ||:
docker ps --all --quiet | xargs --no-run-if-empty docker rm -f ||:
sudo rm -fr "$TEMP_PATH"
FunctionalStatefulTestMsanParallelReplicas:
needs: [BuilderDebMsan]
runs-on: [self-hosted, func-tester]
steps:
- name: Set envs
run: |
cat >> "$GITHUB_ENV" << 'EOF'
TEMP_PATH=${{runner.temp}}/stateful_msan
REPORTS_PATH=${{runner.temp}}/reports_dir
CHECK_NAME=Stateful tests (msan, ParallelReplicas)
REPO_COPY=${{runner.temp}}/stateful_msan/ClickHouse
KILL_TIMEOUT=3600
EOF
- name: Download json reports
uses: actions/download-artifact@v2
with:
path: ${{ env.REPORTS_PATH }}
- name: Clear repository
run: |
sudo rm -fr "$GITHUB_WORKSPACE" && mkdir "$GITHUB_WORKSPACE"
- name: Check out repository code
uses: actions/checkout@v2
- name: Functional test
run: |
sudo rm -fr "$TEMP_PATH"
mkdir -p "$TEMP_PATH"
cp -r "$GITHUB_WORKSPACE" "$TEMP_PATH"
cd "$REPO_COPY/tests/ci"
python3 functional_test_check.py "$CHECK_NAME" "$KILL_TIMEOUT"
- name: Cleanup
if: always()
run: |
docker ps --quiet | xargs --no-run-if-empty docker kill ||:
docker ps --all --quiet | xargs --no-run-if-empty docker rm -f ||:
sudo rm -fr "$TEMP_PATH"
FunctionalStatefulTestTsanParallelReplicas:
needs: [BuilderDebTsan]
runs-on: [self-hosted, func-tester]
steps:
- name: Set envs
run: |
cat >> "$GITHUB_ENV" << 'EOF'
TEMP_PATH=${{runner.temp}}/stateful_tsan
REPORTS_PATH=${{runner.temp}}/reports_dir
CHECK_NAME=Stateful tests (tsan, ParallelReplicas)
REPO_COPY=${{runner.temp}}/stateful_tsan/ClickHouse
KILL_TIMEOUT=3600
EOF
- name: Download json reports
uses: actions/download-artifact@v2
with:
path: ${{ env.REPORTS_PATH }}
- name: Clear repository
run: |
sudo rm -fr "$GITHUB_WORKSPACE" && mkdir "$GITHUB_WORKSPACE"
- name: Check out repository code
uses: actions/checkout@v2
- name: Functional test
run: |
sudo rm -fr "$TEMP_PATH"
mkdir -p "$TEMP_PATH"
cp -r "$GITHUB_WORKSPACE" "$TEMP_PATH"
cd "$REPO_COPY/tests/ci"
python3 functional_test_check.py "$CHECK_NAME" "$KILL_TIMEOUT"
- name: Cleanup
if: always()
run: |
docker ps --quiet | xargs --no-run-if-empty docker kill ||:
docker ps --all --quiet | xargs --no-run-if-empty docker rm -f ||:
sudo rm -fr "$TEMP_PATH"
FunctionalStatefulTestAsanParallelReplicas:
needs: [BuilderDebAsan]
runs-on: [self-hosted, func-tester]
steps:
- name: Set envs
run: |
cat >> "$GITHUB_ENV" << 'EOF'
TEMP_PATH=${{runner.temp}}/stateful_debug
REPORTS_PATH=${{runner.temp}}/reports_dir
CHECK_NAME=Stateful tests (asan, ParallelReplicas)
REPO_COPY=${{runner.temp}}/stateful_debug/ClickHouse
KILL_TIMEOUT=3600
EOF
- name: Download json reports
uses: actions/download-artifact@v2
with:
path: ${{ env.REPORTS_PATH }}
- name: Clear repository
run: |
sudo rm -fr "$GITHUB_WORKSPACE" && mkdir "$GITHUB_WORKSPACE"
- name: Check out repository code
uses: actions/checkout@v2
- name: Functional test
run: |
sudo rm -fr "$TEMP_PATH"
mkdir -p "$TEMP_PATH"
cp -r "$GITHUB_WORKSPACE" "$TEMP_PATH"
cd "$REPO_COPY/tests/ci"
python3 functional_test_check.py "$CHECK_NAME" "$KILL_TIMEOUT"
- name: Cleanup
if: always()
run: |
docker ps --quiet | xargs --no-run-if-empty docker kill ||:
docker ps --all --quiet | xargs --no-run-if-empty docker rm -f ||:
sudo rm -fr "$TEMP_PATH"
FunctionalStatefulTestReleaseParallelReplicas:
needs: [BuilderDebRelease]
runs-on: [self-hosted, func-tester]
steps:
- name: Set envs
run: |
cat >> "$GITHUB_ENV" << 'EOF'
TEMP_PATH=${{runner.temp}}/stateful_release
REPORTS_PATH=${{runner.temp}}/reports_dir
CHECK_NAME=Stateful tests (release, ParallelReplicas)
REPO_COPY=${{runner.temp}}/stateful_release/ClickHouse
KILL_TIMEOUT=3600
EOF
- name: Download json reports
uses: actions/download-artifact@v2
with:
path: ${{ env.REPORTS_PATH }}
- name: Clear repository
run: |
sudo rm -fr "$GITHUB_WORKSPACE" && mkdir "$GITHUB_WORKSPACE"
- name: Check out repository code
uses: actions/checkout@v2
- name: Functional test
run: |
sudo rm -fr "$TEMP_PATH"
mkdir -p "$TEMP_PATH"
cp -r "$GITHUB_WORKSPACE" "$TEMP_PATH"
cd "$REPO_COPY/tests/ci"
python3 functional_test_check.py "$CHECK_NAME" "$KILL_TIMEOUT"
- name: Cleanup
if: always()
run: |
docker ps --quiet | xargs --no-run-if-empty docker kill ||:
docker ps --all --quiet | xargs --no-run-if-empty docker rm -f ||:
sudo rm -fr "$TEMP_PATH"
##############################################################################################
######################################### STRESS TESTS #######################################
##############################################################################################
@ -2823,10 +3143,10 @@ jobs:
- name: Set envs
run: |
cat >> "$GITHUB_ENV" << 'EOF'
TEMP_PATH=${{runner.temp}}/stress_thread
TEMP_PATH=${{runner.temp}}/stress_asan
REPORTS_PATH=${{runner.temp}}/reports_dir
CHECK_NAME=Stress test (asan)
REPO_COPY=${{runner.temp}}/stress_thread/ClickHouse
REPO_COPY=${{runner.temp}}/stress_asan/ClickHouse
EOF
- name: Download json reports
uses: actions/download-artifact@v3
@ -2985,6 +3305,142 @@ jobs:
docker ps --quiet | xargs --no-run-if-empty docker kill ||:
docker ps --all --quiet | xargs --no-run-if-empty docker rm -f ||:
sudo rm -fr "$TEMP_PATH"
##############################################################################################
######################################### UPGRADE CHECK ######################################
##############################################################################################
UpgradeCheckAsan:
needs: [BuilderDebAsan]
runs-on: [self-hosted, stress-tester]
steps:
- name: Set envs
run: |
cat >> "$GITHUB_ENV" << 'EOF'
TEMP_PATH=${{runner.temp}}/upgrade_asan
REPORTS_PATH=${{runner.temp}}/reports_dir
CHECK_NAME=Upgrade check (asan)
REPO_COPY=${{runner.temp}}/upgrade_asan/ClickHouse
EOF
- name: Download json reports
uses: actions/download-artifact@v3
with:
path: ${{ env.REPORTS_PATH }}
- name: Check out repository code
uses: ClickHouse/checkout@v1
with:
clear-repository: true
- name: Upgrade check
run: |
sudo rm -fr "$TEMP_PATH"
mkdir -p "$TEMP_PATH"
cp -r "$GITHUB_WORKSPACE" "$TEMP_PATH"
cd "$REPO_COPY/tests/ci"
python3 upgrade_check.py "$CHECK_NAME"
- name: Cleanup
if: always()
run: |
docker ps --quiet | xargs --no-run-if-empty docker kill ||:
docker ps --all --quiet | xargs --no-run-if-empty docker rm -f ||:
sudo rm -fr "$TEMP_PATH"
UpgradeCheckTsan:
needs: [BuilderDebTsan]
# same as for stress test with tsan
runs-on: [self-hosted, func-tester]
steps:
- name: Set envs
run: |
cat >> "$GITHUB_ENV" << 'EOF'
TEMP_PATH=${{runner.temp}}/upgrade_thread
REPORTS_PATH=${{runner.temp}}/reports_dir
CHECK_NAME=Upgrade check (tsan)
REPO_COPY=${{runner.temp}}/upgrade_thread/ClickHouse
EOF
- name: Download json reports
uses: actions/download-artifact@v3
with:
path: ${{ env.REPORTS_PATH }}
- name: Check out repository code
uses: ClickHouse/checkout@v1
with:
clear-repository: true
- name: Upgrade check
run: |
sudo rm -fr "$TEMP_PATH"
mkdir -p "$TEMP_PATH"
cp -r "$GITHUB_WORKSPACE" "$TEMP_PATH"
cd "$REPO_COPY/tests/ci"
python3 upgrade_check.py "$CHECK_NAME"
- name: Cleanup
if: always()
run: |
docker ps --quiet | xargs --no-run-if-empty docker kill ||:
docker ps --all --quiet | xargs --no-run-if-empty docker rm -f ||:
sudo rm -fr "$TEMP_PATH"
UpgradeCheckMsan:
needs: [BuilderDebMsan]
runs-on: [self-hosted, stress-tester]
steps:
- name: Set envs
run: |
cat >> "$GITHUB_ENV" << 'EOF'
TEMP_PATH=${{runner.temp}}/upgrade_memory
REPORTS_PATH=${{runner.temp}}/reports_dir
CHECK_NAME=Upgrade check (msan)
REPO_COPY=${{runner.temp}}/upgrade_memory/ClickHouse
EOF
- name: Download json reports
uses: actions/download-artifact@v3
with:
path: ${{ env.REPORTS_PATH }}
- name: Check out repository code
uses: ClickHouse/checkout@v1
with:
clear-repository: true
- name: Upgrade check
run: |
sudo rm -fr "$TEMP_PATH"
mkdir -p "$TEMP_PATH"
cp -r "$GITHUB_WORKSPACE" "$TEMP_PATH"
cd "$REPO_COPY/tests/ci"
python3 upgrade_check.py "$CHECK_NAME"
- name: Cleanup
if: always()
run: |
docker ps --quiet | xargs --no-run-if-empty docker kill ||:
docker ps --all --quiet | xargs --no-run-if-empty docker rm -f ||:
sudo rm -fr "$TEMP_PATH"
UpgradeCheckDebug:
needs: [BuilderDebDebug]
runs-on: [self-hosted, stress-tester]
steps:
- name: Set envs
run: |
cat >> "$GITHUB_ENV" << 'EOF'
TEMP_PATH=${{runner.temp}}/upgrade_debug
REPORTS_PATH=${{runner.temp}}/reports_dir
CHECK_NAME=Upgrade check (debug)
REPO_COPY=${{runner.temp}}/upgrade_debug/ClickHouse
EOF
- name: Download json reports
uses: actions/download-artifact@v3
with:
path: ${{ env.REPORTS_PATH }}
- name: Check out repository code
uses: ClickHouse/checkout@v1
with:
clear-repository: true
- name: Upgrade check
run: |
sudo rm -fr "$TEMP_PATH"
mkdir -p "$TEMP_PATH"
cp -r "$GITHUB_WORKSPACE" "$TEMP_PATH"
cd "$REPO_COPY/tests/ci"
python3 upgrade_check.py "$CHECK_NAME"
- name: Cleanup
if: always()
run: |
docker ps --quiet | xargs --no-run-if-empty docker kill ||:
docker ps --all --quiet | xargs --no-run-if-empty docker rm -f ||:
sudo rm -fr "$TEMP_PATH"
##############################################################################################
##################################### AST FUZZERS ############################################
##############################################################################################
@ -4374,7 +4830,8 @@ jobs:
- UnitTestsMsan
- UnitTestsUBsan
- UnitTestsReleaseClang
- CompatibilityCheck
- CompatibilityCheckX86
- CompatibilityCheckAarch64
- IntegrationTestsFlakyCheck
- SQLancerTestRelease
- SQLancerTestDebug
@ -4389,3 +4846,41 @@ jobs:
cd "$GITHUB_WORKSPACE/tests/ci"
python3 finish_check.py
python3 merge_pr.py --check-approved
##############################################################################################
########################### SQLLOGIC TEST ###################################################
##############################################################################################
SQLLogicTestRelease:
needs: [BuilderDebRelease]
runs-on: [self-hosted, func-tester]
steps:
- name: Set envs
run: |
cat >> "$GITHUB_ENV" << 'EOF'
TEMP_PATH=${{runner.temp}}/sqllogic_debug
REPORTS_PATH=${{runner.temp}}/reports_dir
CHECK_NAME=Sqllogic test (release)
REPO_COPY=${{runner.temp}}/sqllogic_debug/ClickHouse
KILL_TIMEOUT=10800
EOF
- name: Download json reports
uses: actions/download-artifact@v2
with:
path: ${{ env.REPORTS_PATH }}
- name: Clear repository
run: |
sudo rm -fr "$GITHUB_WORKSPACE" && mkdir "$GITHUB_WORKSPACE"
- name: Check out repository code
uses: actions/checkout@v2
- name: Sqllogic test
run: |
sudo rm -fr "$TEMP_PATH"
mkdir -p "$TEMP_PATH"
cp -r "$GITHUB_WORKSPACE" "$TEMP_PATH"
cd "$REPO_COPY/tests/ci"
python3 sqllogic_test.py "$CHECK_NAME" "$KILL_TIMEOUT"
- name: Cleanup
if: always()
run: |
docker ps --quiet | xargs --no-run-if-empty docker kill ||:
docker ps --all --quiet | xargs --no-run-if-empty docker rm -f ||:
sudo rm -fr "$TEMP_PATH"

23
.github/workflows/pull_request_approved.yml vendored Normal file
View File

@ -0,0 +1,23 @@
name: PullRequestApprovedCI
env:
# Force the stdout and stderr streams to be unbuffered
PYTHONUNBUFFERED: 1
on: # yamllint disable-line rule:truthy
pull_request_review:
types:
- submitted
jobs:
MergeOnApproval:
runs-on: [self-hosted, style-checker]
steps:
- name: Check out repository code
uses: ClickHouse/checkout@v1
with:
clear-repository: true
- name: Merge approved PR
run: |
cd "$GITHUB_WORKSPACE/tests/ci"
python3 merge_pr.py --check-approved

31
.github/workflows/release.yml vendored
View File

@ -7,15 +7,28 @@ on: # yamllint disable-line rule:truthy
release:
types:
- published
workflow_dispatch:
inputs:
tag:
description: 'Release tag'
required: true
type: string
jobs:
ReleasePublish:
runs-on: [self-hosted, style-checker]
steps:
- name: Set tag from input
if: github.event_name == 'workflow_dispatch'
run: |
echo "GITHUB_TAG=${{ github.event.inputs.tag }}" >> "$GITHUB_ENV"
- name: Set tag from REF
if: github.event_name == 'release'
run: |
echo "GITHUB_TAG=${GITHUB_REF#refs/tags/}" >> "$GITHUB_ENV"
- name: Deploy packages and assets
run: |
GITHUB_TAG="${GITHUB_REF#refs/tags/}"
curl --silent --data '' \
curl --silent --data '' --no-buffer \
'${{ secrets.PACKAGES_RELEASE_URL }}/release/'"${GITHUB_TAG}"'?binary=binary_darwin&binary=binary_darwin_aarch64&sync=true'
############################################################################################
##################################### Docker images #######################################
@ -23,16 +36,26 @@ jobs:
DockerServerImages:
runs-on: [self-hosted, style-checker]
steps:
- name: Set tag from input
if: github.event_name == 'workflow_dispatch'
run: |
echo "GITHUB_TAG=${{ github.event.inputs.tag }}" >> "$GITHUB_ENV"
- name: Set tag from REF
if: github.event_name == 'release'
run: |
echo "GITHUB_TAG=${GITHUB_REF#refs/tags/}" >> "$GITHUB_ENV"
- name: Check out repository code
uses: ClickHouse/checkout@v1
with:
clear-repository: true
fetch-depth: 0 # otherwise we will have no version info
ref: ${{ env.GITHUB_TAG }}
- name: Check docker clickhouse/clickhouse-server building
run: |
cd "$GITHUB_WORKSPACE/tests/ci"
python3 docker_server.py --release-type auto --version "${{ github.ref }}"
python3 docker_server.py --release-type auto --version "${{ github.ref }}" --no-ubuntu \
python3 docker_server.py --release-type auto --version "$GITHUB_TAG" \
--image-repo clickhouse/clickhouse-server --image-path docker/server
python3 docker_server.py --release-type auto --version "$GITHUB_TAG" \
--image-repo clickhouse/clickhouse-keeper --image-path docker/keeper
- name: Cleanup
if: always()

121
.github/workflows/release_branches.yml vendored
View File

@ -71,7 +71,7 @@ jobs:
with:
name: changed_images
path: ${{ runner.temp }}/changed_images.json
CompatibilityCheck:
CompatibilityCheckX86:
needs: [BuilderDebRelease]
runs-on: [self-hosted, style-checker]
steps:
@ -90,12 +90,43 @@ jobs:
uses: actions/download-artifact@v3
with:
path: ${{ env.REPORTS_PATH }}
- name: CompatibilityCheck
- name: CompatibilityCheckX86
run: |
sudo rm -fr "$TEMP_PATH"
mkdir -p "$TEMP_PATH"
cp -r "$GITHUB_WORKSPACE" "$TEMP_PATH"
cd "$REPO_COPY/tests/ci" && python3 compatibility_check.py
cd "$REPO_COPY/tests/ci" && python3 compatibility_check.py --check-name "Compatibility check (amd64)" --check-glibc --check-distributions
- name: Cleanup
if: always()
run: |
docker ps --quiet | xargs --no-run-if-empty docker kill ||:
docker ps --all --quiet | xargs --no-run-if-empty docker rm -f ||:
sudo rm -fr "$TEMP_PATH"
CompatibilityCheckAarch64:
needs: [BuilderDebAarch64]
runs-on: [self-hosted, style-checker]
steps:
- name: Set envs
run: |
cat >> "$GITHUB_ENV" << 'EOF'
TEMP_PATH=${{runner.temp}}/compatibility_check
REPO_COPY=${{runner.temp}}/compatibility_check/ClickHouse
REPORTS_PATH=${{runner.temp}}/reports_dir
EOF
- name: Check out repository code
uses: ClickHouse/checkout@v1
with:
clear-repository: true
- name: Download json reports
uses: actions/download-artifact@v3
with:
path: ${{ env.REPORTS_PATH }}
- name: CompatibilityCheckAarch64
run: |
sudo rm -fr "$TEMP_PATH"
mkdir -p "$TEMP_PATH"
cp -r "$GITHUB_WORKSPACE" "$TEMP_PATH"
cd "$REPO_COPY/tests/ci" && python3 compatibility_check.py --check-name "Compatibility check (aarch64)" --check-glibc
- name: Cleanup
if: always()
run: |
@ -375,6 +406,13 @@ jobs:
with:
clear-repository: true
submodules: true
- name: Apply sparse checkout for contrib # in order to check that it doesn't break build
run: |
rm -rf "$GITHUB_WORKSPACE/contrib" && echo 'removed'
git -C "$GITHUB_WORKSPACE" checkout . && echo 'restored'
"$GITHUB_WORKSPACE/contrib/update-submodules.sh" && echo 'OK'
du -hs "$GITHUB_WORKSPACE/contrib" ||:
find "$GITHUB_WORKSPACE/contrib" -type f | wc -l ||:
- name: Build
run: |
sudo rm -fr "$TEMP_PATH"
@ -494,8 +532,9 @@ jobs:
- name: Check docker clickhouse/clickhouse-server building
run: |
cd "$GITHUB_WORKSPACE/tests/ci"
python3 docker_server.py --release-type head --no-push
python3 docker_server.py --release-type head --no-push --no-ubuntu \
python3 docker_server.py --release-type head --no-push \
--image-repo clickhouse/clickhouse-server --image-path docker/server
python3 docker_server.py --release-type head --no-push \
--image-repo clickhouse/clickhouse-keeper --image-path docker/keeper
- name: Cleanup
if: always()
@ -604,6 +643,75 @@ jobs:
run: |
cd "$GITHUB_WORKSPACE/tests/ci"
python3 mark_release_ready.py
############################################################################################
#################################### INSTALL PACKAGES ######################################
############################################################################################
InstallPackagesTestRelease:
needs: [BuilderDebRelease]
runs-on: [self-hosted, style-checker]
steps:
- name: Set envs
run: |
cat >> "$GITHUB_ENV" << 'EOF'
TEMP_PATH=${{runner.temp}}/test_install
REPORTS_PATH=${{runner.temp}}/reports_dir
CHECK_NAME=Install packages (amd64)
REPO_COPY=${{runner.temp}}/test_install/ClickHouse
EOF
- name: Download json reports
uses: actions/download-artifact@v3
with:
path: ${{ env.REPORTS_PATH }}
- name: Check out repository code
uses: ClickHouse/checkout@v1
with:
clear-repository: true
- name: Test packages installation
run: |
sudo rm -fr "$TEMP_PATH"
mkdir -p "$TEMP_PATH"
cp -r "$GITHUB_WORKSPACE" "$TEMP_PATH"
cd "$REPO_COPY/tests/ci"
python3 install_check.py "$CHECK_NAME"
- name: Cleanup
if: always()
run: |
docker ps --quiet | xargs --no-run-if-empty docker kill ||:
docker ps --all --quiet | xargs --no-run-if-empty docker rm -f ||:
sudo rm -fr "$TEMP_PATH"
InstallPackagesTestAarch64:
needs: [BuilderDebAarch64]
runs-on: [self-hosted, style-checker-aarch64]
steps:
- name: Set envs
run: |
cat >> "$GITHUB_ENV" << 'EOF'
TEMP_PATH=${{runner.temp}}/test_install
REPORTS_PATH=${{runner.temp}}/reports_dir
CHECK_NAME=Install packages (arm64)
REPO_COPY=${{runner.temp}}/test_install/ClickHouse
EOF
- name: Download json reports
uses: actions/download-artifact@v3
with:
path: ${{ env.REPORTS_PATH }}
- name: Check out repository code
uses: ClickHouse/checkout@v1
with:
clear-repository: true
- name: Test packages installation
run: |
sudo rm -fr "$TEMP_PATH"
mkdir -p "$TEMP_PATH"
cp -r "$GITHUB_WORKSPACE" "$TEMP_PATH"
cd "$REPO_COPY/tests/ci"
python3 install_check.py "$CHECK_NAME"
- name: Cleanup
if: always()
run: |
docker ps --quiet | xargs --no-run-if-empty docker kill ||:
docker ps --all --quiet | xargs --no-run-if-empty docker rm -f ||:
sudo rm -fr "$TEMP_PATH"
##############################################################################################
########################### FUNCTIONAl STATELESS TESTS #######################################
##############################################################################################
@ -1878,7 +1986,8 @@ jobs:
- IntegrationTestsTsan1
- IntegrationTestsTsan2
- IntegrationTestsTsan3
- CompatibilityCheck
- CompatibilityCheckX86
- CompatibilityCheckAarch64
runs-on: [self-hosted, style-checker]
steps:
- name: Check out repository code

1
.gitignore vendored
View File

@ -161,6 +161,7 @@ website/package-lock.json
tests/queries/0_stateless/test_*
tests/queries/0_stateless/*.binary
tests/queries/0_stateless/*.generated-expect
tests/queries/0_stateless/*.expect.history
# rust
/rust/**/target

10
.gitmodules vendored
View File

@ -1,7 +1,3 @@
[submodule "contrib/poco"]
path = contrib/poco
url = https://github.com/ClickHouse/poco
branch = clickhouse
[submodule "contrib/zstd"]
path = contrib/zstd
url = https://github.com/facebook/zstd
@ -257,6 +253,9 @@
[submodule "contrib/qpl"]
path = contrib/qpl
url = https://github.com/intel/qpl
[submodule "contrib/idxd-config"]
path = contrib/idxd-config
url = https://github.com/intel/idxd-config
[submodule "contrib/wyhash"]
path = contrib/wyhash
url = https://github.com/wangyi-fudan/wyhash
@ -297,6 +296,9 @@
[submodule "contrib/libdivide"]
path = contrib/libdivide
url = https://github.com/ridiculousfish/libdivide
[submodule "contrib/ulid-c"]
path = contrib/ulid-c
url = https://github.com/ClickHouse/ulid-c.git
[submodule "contrib/aws-crt-cpp"]
path = contrib/aws-crt-cpp
url = https://github.com/ClickHouse/aws-crt-cpp

368
CHANGELOG.md
View File

@ -1,9 +1,377 @@
### Table of Contents
**[ClickHouse release v23.3 LTS, 2023-03-30](#233)**<br/>
**[ClickHouse release v23.2, 2023-02-23](#232)**<br/>
**[ClickHouse release v23.1, 2023-01-25](#231)**<br/>
**[Changelog for 2022](https://clickhouse.com/docs/en/whats-new/changelog/2022/)**<br/>
# 2023 Changelog
### <a id="233"></a> ClickHouse release 23.3 LTS, 2023-03-30
#### Upgrade Notes
* Lightweight DELETEs are production ready and enabled by default. The `DELETE` query for MergeTree tables is now available by default.
* The behavior of `*domain*RFC` and `netloc` functions is slightly changed: relaxed the set of symbols that are allowed in the URL authority for better conformance. [#46841](https://github.com/ClickHouse/ClickHouse/pull/46841) ([Azat Khuzhin](https://github.com/azat)).
* Prohibited creating tables based on KafkaEngine with DEFAULT/EPHEMERAL/ALIAS/MATERIALIZED statements for columns. [#47138](https://github.com/ClickHouse/ClickHouse/pull/47138) ([Aleksandr Musorin](https://github.com/AVMusorin)).
* An "asynchronous connection drain" feature is removed. Related settings and metrics are removed as well. It was an internal feature, so the removal should not affect users who had never heard about that feature. [#47486](https://github.com/ClickHouse/ClickHouse/pull/47486) ([Alexander Tokmakov](https://github.com/tavplubix)).
* Support 256-bit Decimal data type (more than 38 digits) in `arraySum`/`Min`/`Max`/`Avg`/`Product`, `arrayCumSum`/`CumSumNonNegative`, `arrayDifference`, array construction, IN operator, query parameters, `groupArrayMovingSum`, statistical functions, `min`/`max`/`any`/`argMin`/`argMax`, PostgreSQL wire protocol, MySQL table engine and function, `sumMap`, `mapAdd`, `mapSubtract`, `arrayIntersect`. Add support for big integers in `arrayIntersect`. Statistical aggregate functions involving moments (such as `corr` or various `TTest`s) will use `Float64` as their internal representation (they were using `Decimal128` before this change, but it was pointless), and these functions can return `nan` instead of `inf` in case of infinite variance. Some functions were allowed on `Decimal256` data types but returned `Decimal128` in previous versions - now it is fixed. This closes [#47569](https://github.com/ClickHouse/ClickHouse/issues/47569). This closes [#44864](https://github.com/ClickHouse/ClickHouse/issues/44864). This closes [#28335](https://github.com/ClickHouse/ClickHouse/issues/28335). [#47594](https://github.com/ClickHouse/ClickHouse/pull/47594) ([Alexey Milovidov](https://github.com/alexey-milovidov)).
* Make backup_threads/restore_threads server settings (instead of user settings). [#47881](https://github.com/ClickHouse/ClickHouse/pull/47881) ([Azat Khuzhin](https://github.com/azat)).
* Do not allow const and non-deterministic secondary indices [#46839](https://github.com/ClickHouse/ClickHouse/pull/46839) ([Anton Popov](https://github.com/CurtizJ)).
#### New Feature
* Add a new mode for splitting the work on replicas using settings `parallel_replicas_custom_key` and `parallel_replicas_custom_key_filter_type`. If the cluster consists of a single shard with multiple replicas, up to `max_parallel_replicas` will be randomly picked and turned into shards. For each shard, a corresponding filter is added to the query on the initiator before being sent to the shard. If the cluster consists of multiple shards, it will behave the same as `sample_key` but with the possibility to define an arbitrary key. [#45108](https://github.com/ClickHouse/ClickHouse/pull/45108) ([Antonio Andelic](https://github.com/antonio2368)).
* An option to display partial result on cancel: Added query setting `partial_result_on_first_cancel` allowing the canceled query (e.g. due to Ctrl-C) to return a partial result. [#45689](https://github.com/ClickHouse/ClickHouse/pull/45689) ([Alexey Perevyshin](https://github.com/alexX512)).
* Added support of arbitrary tables engines for temporary tables (except for Replicated and KeeperMap engines). Close [#31497](https://github.com/ClickHouse/ClickHouse/issues/31497). [#46071](https://github.com/ClickHouse/ClickHouse/pull/46071) ([Roman Vasin](https://github.com/rvasin)).
* Add support for replication of user-defined SQL functions using centralized storage in Keeper. [#46085](https://github.com/ClickHouse/ClickHouse/pull/46085) ([Aleksei Filatov](https://github.com/aalexfvk)).
* Implement `system.server_settings` (similar to `system.settings`), which will contain server configurations. [#46550](https://github.com/ClickHouse/ClickHouse/pull/46550) ([pufit](https://github.com/pufit)).
* Support for `UNDROP TABLE` query. Closes [#46811](https://github.com/ClickHouse/ClickHouse/issues/46811). [#47241](https://github.com/ClickHouse/ClickHouse/pull/47241) ([chen](https://github.com/xiedeyantu)).
* Allow separate grants for named collections (e.g. to be able to give `SHOW/CREATE/ALTER/DROP named collection` access only to certain collections, instead of all at once). Closes [#40894](https://github.com/ClickHouse/ClickHouse/issues/40894). Add new access type `NAMED_COLLECTION_CONTROL` which is not given to user default unless explicitly added to the user config (is required to be able to do `GRANT ALL`), also `show_named_collections` is no longer obligatory to be manually specified for user default to be able to have full access rights as was in 23.2. [#46241](https://github.com/ClickHouse/ClickHouse/pull/46241) ([Kseniia Sumarokova](https://github.com/kssenii)).
* Allow nested custom disks. Previously custom disks supported only flat disk structure. [#47106](https://github.com/ClickHouse/ClickHouse/pull/47106) ([Kseniia Sumarokova](https://github.com/kssenii)).
* Introduce a function `widthBucket` (with a `WIDTH_BUCKET` alias for compatibility). [#42974](https://github.com/ClickHouse/ClickHouse/issues/42974). [#46790](https://github.com/ClickHouse/ClickHouse/pull/46790) ([avoiderboi](https://github.com/avoiderboi)).
* Add new function `parseDateTime`/`parseDateTimeInJodaSyntax` according to the specified format string. parseDateTime parses String to DateTime in MySQL syntax, parseDateTimeInJodaSyntax parses in Joda syntax. [#46815](https://github.com/ClickHouse/ClickHouse/pull/46815) ([李扬](https://github.com/taiyang-li)).
* Use `dummy UInt8` for the default structure of table function `null`. Closes [#46930](https://github.com/ClickHouse/ClickHouse/issues/46930). [#47006](https://github.com/ClickHouse/ClickHouse/pull/47006) ([flynn](https://github.com/ucasfl)).
* Support for date format with a comma, like `Dec 15, 2021` in the `parseDateTimeBestEffort` function. Closes [#46816](https://github.com/ClickHouse/ClickHouse/issues/46816). [#47071](https://github.com/ClickHouse/ClickHouse/pull/47071) ([chen](https://github.com/xiedeyantu)).
* Add settings `http_wait_end_of_query` and `http_response_buffer_size` that corresponds to URL params `wait_end_of_query` and `buffer_size` for the HTTP interface. This allows changing these settings in the profiles. [#47108](https://github.com/ClickHouse/ClickHouse/pull/47108) ([Vladimir C](https://github.com/vdimir)).
* Add `system.dropped_tables` table that shows tables that were dropped from `Atomic` databases but were not completely removed yet. [#47364](https://github.com/ClickHouse/ClickHouse/pull/47364) ([chen](https://github.com/xiedeyantu)).
* Add `INSTR` as alias of `positionCaseInsensitive` for MySQL compatibility. Closes [#47529](https://github.com/ClickHouse/ClickHouse/issues/47529). [#47535](https://github.com/ClickHouse/ClickHouse/pull/47535) ([flynn](https://github.com/ucasfl)).
* Added `toDecimalString` function allowing to convert numbers to string with fixed precision. [#47838](https://github.com/ClickHouse/ClickHouse/pull/47838) ([Andrey Zvonov](https://github.com/zvonand)).
* Add a merge tree setting `max_number_of_mutations_for_replica`. It limits the number of part mutations per replica to the specified amount. Zero means no limit on the number of mutations per replica (the execution can still be constrained by other settings). [#48047](https://github.com/ClickHouse/ClickHouse/pull/48047) ([Vladimir C](https://github.com/vdimir)).
* Add the Map-related function `mapFromArrays`, which allows the creation of a map from a pair of arrays. [#31125](https://github.com/ClickHouse/ClickHouse/pull/31125) ([李扬](https://github.com/taiyang-li)).
* Allow control of compression in Parquet/ORC/Arrow output formats, adds support for more compression input formats. This closes [#13541](https://github.com/ClickHouse/ClickHouse/issues/13541). [#47114](https://github.com/ClickHouse/ClickHouse/pull/47114) ([Kruglov Pavel](https://github.com/Avogar)).
* Add SSL User Certificate authentication to the native protocol. Closes [#47077](https://github.com/ClickHouse/ClickHouse/issues/47077). [#47596](https://github.com/ClickHouse/ClickHouse/pull/47596) ([Nikolay Degterinsky](https://github.com/evillique)).
* Add *OrNull() and *OrZero() variants for `parseDateTime`, add alias `str_to_date` for MySQL parity. [#48000](https://github.com/ClickHouse/ClickHouse/pull/48000) ([Robert Schulze](https://github.com/rschu1ze)).
* Added operator `REGEXP` (similar to operators "LIKE", "IN", "MOD" etc.) for better compatibility with MySQL [#47869](https://github.com/ClickHouse/ClickHouse/pull/47869) ([Robert Schulze](https://github.com/rschu1ze)).
#### Performance Improvement
* Marks in memory are now compressed, using 3-6x less memory. [#47290](https://github.com/ClickHouse/ClickHouse/pull/47290) ([Michael Kolupaev](https://github.com/al13n321)).
* Backups for large numbers of files were unbelievably slow in previous versions. Not anymore. Now they are unbelievably fast. [#47251](https://github.com/ClickHouse/ClickHouse/pull/47251) ([Alexey Milovidov](https://github.com/alexey-milovidov)). Introduced a separate thread pool for backup's IO operations. This will allow scaling it independently of other pools and increase performance. [#47174](https://github.com/ClickHouse/ClickHouse/pull/47174) ([Nikita Mikhaylov](https://github.com/nikitamikhaylov)). Use MultiRead request and retries for collecting metadata at the final stage of backup processing. [#47243](https://github.com/ClickHouse/ClickHouse/pull/47243) ([Nikita Mikhaylov](https://github.com/nikitamikhaylov)). If a backup and restoring data are both in S3 then server-side copy should be used from now on. [#47546](https://github.com/ClickHouse/ClickHouse/pull/47546) ([Vitaly Baranov](https://github.com/vitlibar)).
* Fixed excessive reading in queries with `FINAL`. [#47801](https://github.com/ClickHouse/ClickHouse/pull/47801) ([Nikita Taranov](https://github.com/nickitat)).
* Setting `max_final_threads` would be set to the number of cores at server startup (by the same algorithm as used for `max_threads`). This improves the concurrency of `final` execution on servers with high number of CPUs. [#47915](https://github.com/ClickHouse/ClickHouse/pull/47915) ([Nikita Taranov](https://github.com/nickitat)).
* Allow executing reading pipeline for DIRECT dictionary with CLICKHOUSE source in multiple threads. To enable set `dictionary_use_async_executor=1` in `SETTINGS` section for source in `CREATE DICTIONARY` statement. [#47986](https://github.com/ClickHouse/ClickHouse/pull/47986) ([Vladimir C](https://github.com/vdimir)).
* Optimize one nullable key aggregate performance. [#45772](https://github.com/ClickHouse/ClickHouse/pull/45772) ([LiuNeng](https://github.com/liuneng1994)).
* Implemented lowercase `tokenbf_v1` index utilization for `hasTokenOrNull`, `hasTokenCaseInsensitive` and `hasTokenCaseInsensitiveOrNull`. [#46252](https://github.com/ClickHouse/ClickHouse/pull/46252) ([ltrk2](https://github.com/ltrk2)).
* Optimize functions `position` and `LIKE` by searching the first two chars using SIMD. [#46289](https://github.com/ClickHouse/ClickHouse/pull/46289) ([Jiebin Sun](https://github.com/jiebinn)).
* Optimize queries from the `system.detached_parts`, which could be significantly large. Added several sources with respect to the block size limitation; in each block, an IO thread pool is used to calculate the part size, i.e. to make syscalls in parallel. [#46624](https://github.com/ClickHouse/ClickHouse/pull/46624) ([Sema Checherinda](https://github.com/CheSema)).
* Increase the default value of `max_replicated_merges_in_queue` for ReplicatedMergeTree tables from 16 to 1000. It allows faster background merge operation on clusters with a very large number of replicas, such as clusters with shared storage in ClickHouse Cloud. [#47050](https://github.com/ClickHouse/ClickHouse/pull/47050) ([Alexey Milovidov](https://github.com/alexey-milovidov)).
* Updated `clickhouse-copier` to use `GROUP BY` instead of `DISTINCT` to get the list of partitions. For large tables, this reduced the select time from over 500s to under 1s. [#47386](https://github.com/ClickHouse/ClickHouse/pull/47386) ([Clayton McClure](https://github.com/cmcclure-twilio)).
* Fix performance degradation in `ASOF JOIN`. [#47544](https://github.com/ClickHouse/ClickHouse/pull/47544) ([Ongkong](https://github.com/ongkong)).
* Even more batching in Keeper. Improve performance by avoiding breaking batches on read requests. [#47978](https://github.com/ClickHouse/ClickHouse/pull/47978) ([Antonio Andelic](https://github.com/antonio2368)).
* Allow PREWHERE for Merge with different DEFAULT expressions for columns. [#46831](https://github.com/ClickHouse/ClickHouse/pull/46831) ([Azat Khuzhin](https://github.com/azat)).
#### Experimental Feature
* Parallel replicas: Improved the overall performance by better utilizing the local replica, and forbid the reading with parallel replicas from non-replicated MergeTree by default. [#47858](https://github.com/ClickHouse/ClickHouse/pull/47858) ([Nikita Mikhaylov](https://github.com/nikitamikhaylov)).
* Support filter push down to left table for JOIN with `Join`, `Dictionary` and `EmbeddedRocksDB` tables if the experimental Analyzer is enabled. [#47280](https://github.com/ClickHouse/ClickHouse/pull/47280) ([Maksim Kita](https://github.com/kitaisreal)).
* Now ReplicatedMergeTree with zero copy replication has less load to Keeper. [#47676](https://github.com/ClickHouse/ClickHouse/pull/47676) ([alesapin](https://github.com/alesapin)).
* Fix create materialized view with MaterializedPostgreSQL [#40807](https://github.com/ClickHouse/ClickHouse/pull/40807) ([Maksim Buren](https://github.com/maks-buren630501)).
#### Improvement
* Enable `input_format_json_ignore_unknown_keys_in_named_tuple` by default. [#46742](https://github.com/ClickHouse/ClickHouse/pull/46742) ([Kruglov Pavel](https://github.com/Avogar)).
* Allow errors to be ignored while pushing to MATERIALIZED VIEW (add new setting `materialized_views_ignore_errors`, by default to `false`, but it is set to `true` for flushing logs to `system.*_log` tables unconditionally). [#46658](https://github.com/ClickHouse/ClickHouse/pull/46658) ([Azat Khuzhin](https://github.com/azat)).
* Track the file queue of distributed sends in memory. [#45491](https://github.com/ClickHouse/ClickHouse/pull/45491) ([Azat Khuzhin](https://github.com/azat)).
* Now `X-ClickHouse-Query-Id` and `X-ClickHouse-Timezone` headers are added to responses in all queries via HTTP protocol. Previously it was done only for `SELECT` queries. [#46364](https://github.com/ClickHouse/ClickHouse/pull/46364) ([Anton Popov](https://github.com/CurtizJ)).
* External tables from `MongoDB`: support for connection to a replica set via a URI with a host:port enum and support for the readPreference option in MongoDB dictionaries. Example URI: mongodb://db0.example.com:27017,db1.example.com:27017,db2.example.com:27017/?replicaSet=myRepl&readPreference=primary. [#46524](https://github.com/ClickHouse/ClickHouse/pull/46524) ([artem-yadr](https://github.com/artem-yadr)).
* This improvement should be invisible for users. Re-implement projection analysis on top of query plan. Added setting `query_plan_optimize_projection=1` to switch between old and new version. Fixes [#44963](https://github.com/ClickHouse/ClickHouse/issues/44963). [#46537](https://github.com/ClickHouse/ClickHouse/pull/46537) ([Nikolai Kochetov](https://github.com/KochetovNicolai)).
* Use Parquet format v2 instead of v1 in output format by default. Add setting `output_format_parquet_version` to control parquet version, possible values `1.0`, `2.4`, `2.6`, `2.latest` (default). [#46617](https://github.com/ClickHouse/ClickHouse/pull/46617) ([Kruglov Pavel](https://github.com/Avogar)).
* It is now possible to use the new configuration syntax to configure Kafka topics with periods (`.`) in their name. [#46752](https://github.com/ClickHouse/ClickHouse/pull/46752) ([Robert Schulze](https://github.com/rschu1ze)).
* Fix heuristics that check hyperscan patterns for problematic repeats. [#46819](https://github.com/ClickHouse/ClickHouse/pull/46819) ([Robert Schulze](https://github.com/rschu1ze)).
* Don't report ZK node exists to system.errors when a block was created concurrently by a different replica. [#46820](https://github.com/ClickHouse/ClickHouse/pull/46820) ([Raúl Marín](https://github.com/Algunenano)).
* Increase the limit for opened files in `clickhouse-local`. It will be able to read from `web` tables on servers with a huge number of CPU cores. Do not back off reading from the URL table engine in case of too many opened files. This closes [#46852](https://github.com/ClickHouse/ClickHouse/issues/46852). [#46853](https://github.com/ClickHouse/ClickHouse/pull/46853) ([Alexey Milovidov](https://github.com/alexey-milovidov)).
* Exceptions thrown when numbers cannot be parsed now have an easier-to-read exception message. [#46917](https://github.com/ClickHouse/ClickHouse/pull/46917) ([Robert Schulze](https://github.com/rschu1ze)).
* Added update `system.backups` after every processed task to track the progress of backups. [#46989](https://github.com/ClickHouse/ClickHouse/pull/46989) ([Aleksandr Musorin](https://github.com/AVMusorin)).
* Allow types conversion in Native input format. Add settings `input_format_native_allow_types_conversion` that controls it (enabled by default). [#46990](https://github.com/ClickHouse/ClickHouse/pull/46990) ([Kruglov Pavel](https://github.com/Avogar)).
* Allow IPv4 in the `range` function to generate IP ranges. [#46995](https://github.com/ClickHouse/ClickHouse/pull/46995) ([Yakov Olkhovskiy](https://github.com/yakov-olkhovskiy)).
* Improve exception message when it's impossible to move a part from one volume/disk to another. [#47032](https://github.com/ClickHouse/ClickHouse/pull/47032) ([alesapin](https://github.com/alesapin)).
* Support `Bool` type in `JSONType` function. Previously `Null` type was mistakenly returned for bool values. [#47046](https://github.com/ClickHouse/ClickHouse/pull/47046) ([Anton Popov](https://github.com/CurtizJ)).
* Use `_request_body` parameter to configure predefined HTTP queries. [#47086](https://github.com/ClickHouse/ClickHouse/pull/47086) ([Constantine Peresypkin](https://github.com/pkit)).
* Automatic indentation in the built-in UI SQL editor when Enter is pressed. [#47113](https://github.com/ClickHouse/ClickHouse/pull/47113) ([Alexey Korepanov](https://github.com/alexkorep)).
* Self-extraction with 'sudo' will attempt to set uid and gid of extracted files to running user. [#47116](https://github.com/ClickHouse/ClickHouse/pull/47116) ([Yakov Olkhovskiy](https://github.com/yakov-olkhovskiy)).
* Previously, the `repeat` function's second argument only accepted an unsigned integer type, which meant it could not accept values such as -1. This behavior differed from that of the Spark function. In this update, the repeat function has been modified to match the behavior of the Spark function. It now accepts the same types of inputs, including negative integers. Extensive testing has been performed to verify the correctness of the updated implementation. [#47134](https://github.com/ClickHouse/ClickHouse/pull/47134) ([KevinyhZou](https://github.com/KevinyhZou)). Note: the changelog entry was rewritten by ChatGPT.
* Remove `::__1` part from stacktraces. Display `std::basic_string<char, ...` as `String` in stacktraces. [#47171](https://github.com/ClickHouse/ClickHouse/pull/47171) ([Mike Kot](https://github.com/myrrc)).
* Reimplement interserver mode to avoid replay attacks (note, that change is backward compatible with older servers). [#47213](https://github.com/ClickHouse/ClickHouse/pull/47213) ([Azat Khuzhin](https://github.com/azat)).
* Improve recognition of regular expression groups and refine the regexp_tree dictionary. [#47218](https://github.com/ClickHouse/ClickHouse/pull/47218) ([Han Fei](https://github.com/hanfei1991)).
* Keeper improvement: Add new 4LW `clrs` to clean resources used by Keeper (e.g. release unused memory). [#47256](https://github.com/ClickHouse/ClickHouse/pull/47256) ([Antonio Andelic](https://github.com/antonio2368)).
* Add optional arguments to codecs `DoubleDelta(bytes_size)`, `Gorilla(bytes_size)`, `FPC(level, float_size)`, this allows using these codecs without column type in `clickhouse-compressor`. Fix possible aborts and arithmetic errors in `clickhouse-compressor` with these codecs. Fixes: https://github.com/ClickHouse/ClickHouse/discussions/47262. [#47271](https://github.com/ClickHouse/ClickHouse/pull/47271) ([Kruglov Pavel](https://github.com/Avogar)).
* Add support for big int types to the `runningDifference` function. Closes [#47194](https://github.com/ClickHouse/ClickHouse/issues/47194). [#47322](https://github.com/ClickHouse/ClickHouse/pull/47322) ([Nikolay Degterinsky](https://github.com/evillique)).
* Add an expiration window for S3 credentials that have an expiration time to avoid `ExpiredToken` errors in some edge cases. It can be controlled with `expiration_window_seconds` config, the default is 120 seconds. [#47423](https://github.com/ClickHouse/ClickHouse/pull/47423) ([Antonio Andelic](https://github.com/antonio2368)).
* Support Decimals and Date32 in `Avro` format. [#47434](https://github.com/ClickHouse/ClickHouse/pull/47434) ([Kruglov Pavel](https://github.com/Avogar)).
* Do not start the server if an interrupted conversion from `Ordinary` to `Atomic` was detected, print a better error message with troubleshooting instructions. [#47487](https://github.com/ClickHouse/ClickHouse/pull/47487) ([Alexander Tokmakov](https://github.com/tavplubix)).
* Add a new column `kind` to the `system.opentelemetry_span_log`. This column holds the value of [SpanKind](https://opentelemetry.io/docs/reference/specification/trace/api/#spankind) defined in OpenTelemtry. [#47499](https://github.com/ClickHouse/ClickHouse/pull/47499) ([Frank Chen](https://github.com/FrankChen021)).
* Allow reading/writing nested arrays in `Protobuf` format with only the root field name as column name. Previously column name should've contained all nested field names (like `a.b.c Array(Array(Array(UInt32)))`, now you can use just `a Array(Array(Array(UInt32)))`. [#47650](https://github.com/ClickHouse/ClickHouse/pull/47650) ([Kruglov Pavel](https://github.com/Avogar)).
* Added an optional `STRICT` modifier for `SYSTEM SYNC REPLICA` which makes the query wait for the replication queue to become empty (just like it worked before https://github.com/ClickHouse/ClickHouse/pull/45648). [#47659](https://github.com/ClickHouse/ClickHouse/pull/47659) ([Alexander Tokmakov](https://github.com/tavplubix)).
* Improve the naming of some OpenTelemetry span logs. [#47667](https://github.com/ClickHouse/ClickHouse/pull/47667) ([Frank Chen](https://github.com/FrankChen021)).
* Prevent using too long chains of aggregate function combinators (they can lead to slow queries in the analysis stage). This closes [#47715](https://github.com/ClickHouse/ClickHouse/issues/47715). [#47716](https://github.com/ClickHouse/ClickHouse/pull/47716) ([Alexey Milovidov](https://github.com/alexey-milovidov)).
* Support for subquery in parameterized views; resolves [#46741](https://github.com/ClickHouse/ClickHouse/issues/46741) [#47725](https://github.com/ClickHouse/ClickHouse/pull/47725) ([SmitaRKulkarni](https://github.com/SmitaRKulkarni)).
* Fix memory leak in MySQL integration (reproduces with `connection_auto_close=1`). [#47732](https://github.com/ClickHouse/ClickHouse/pull/47732) ([Kseniia Sumarokova](https://github.com/kssenii)).
* Improved error handling in the code related to Decimal parameters, resulting in more informative error messages. Previously, when incorrect Decimal parameters were supplied, the error message generated was unclear or unhelpful. With this update, the error message printed has been fixed to provide more detailed and useful information, making it easier to identify and correct issues related to Decimal parameters. [#47812](https://github.com/ClickHouse/ClickHouse/pull/47812) ([Yu Feng](https://github.com/Vigor-jpg)). Note: this changelog entry is rewritten by ChatGPT.
* The parameter `exact_rows_before_limit` is used to make `rows_before_limit_at_least` is designed to accurately reflect the number of rows returned before the limit is reached. This pull request addresses issues encountered when the query involves distributed processing across multiple shards or sorting operations. Prior to this update, these scenarios were not functioning as intended. [#47874](https://github.com/ClickHouse/ClickHouse/pull/47874) ([Amos Bird](https://github.com/amosbird)).
* ThreadPools metrics introspection. [#47880](https://github.com/ClickHouse/ClickHouse/pull/47880) ([Azat Khuzhin](https://github.com/azat)).
* Add `WriteBufferFromS3Microseconds` and `WriteBufferFromS3RequestsErrors` profile events. [#47885](https://github.com/ClickHouse/ClickHouse/pull/47885) ([Antonio Andelic](https://github.com/antonio2368)).
* Add `--link` and `--noninteractive` (`-y`) options to ClickHouse install. Closes [#47750](https://github.com/ClickHouse/ClickHouse/issues/47750). [#47887](https://github.com/ClickHouse/ClickHouse/pull/47887) ([Nikolay Degterinsky](https://github.com/evillique)).
* Fixed `UNKNOWN_TABLE` exception when attaching to a materialized view that has dependent tables that are not available. This might be useful when trying to restore state from a backup. [#47975](https://github.com/ClickHouse/ClickHouse/pull/47975) ([MikhailBurdukov](https://github.com/MikhailBurdukov)).
* Fix case when the (optional) path is not added to an encrypted disk configuration. [#47981](https://github.com/ClickHouse/ClickHouse/pull/47981) ([Kseniia Sumarokova](https://github.com/kssenii)).
* Support for CTE in parameterized views Implementation: Updated to allow query parameters while evaluating scalar subqueries. [#48065](https://github.com/ClickHouse/ClickHouse/pull/48065) ([SmitaRKulkarni](https://github.com/SmitaRKulkarni)).
* Support big integers `(U)Int128/(U)Int256`, `Map` with any key type and `DateTime64` with any precision (not only 3 and 6). [#48119](https://github.com/ClickHouse/ClickHouse/pull/48119) ([Kruglov Pavel](https://github.com/Avogar)).
* Allow skipping errors related to unknown enum values in row input formats. [#48133](https://github.com/ClickHouse/ClickHouse/pull/48133) ([Alexey Milovidov](https://github.com/alexey-milovidov)).
#### Build/Testing/Packaging Improvement
* ClickHouse now builds with `C++23`. [#47424](https://github.com/ClickHouse/ClickHouse/pull/47424) ([Robert Schulze](https://github.com/rschu1ze)).
* Fuzz `EXPLAIN` queries in the AST Fuzzer. [#47803](https://github.com/ClickHouse/ClickHouse/pull/47803) [#47852](https://github.com/ClickHouse/ClickHouse/pull/47852) ([flynn](https://github.com/ucasfl)).
* Split stress test and the automated backward compatibility check (now Upgrade check). [#44879](https://github.com/ClickHouse/ClickHouse/pull/44879) ([Kruglov Pavel](https://github.com/Avogar)).
* Updated the Ubuntu Image for Docker to calm down some bogus security reports. [#46784](https://github.com/ClickHouse/ClickHouse/pull/46784) ([Julio Jimenez](https://github.com/juliojimenez)). Please note that ClickHouse has no dependencies and does not require Docker.
* Adds a prompt to allow the removal of an existing `clickhouse` download when using "curl | sh" download of ClickHouse. Prompt is "ClickHouse binary clickhouse already exists. Overwrite? \[y/N\]". [#46859](https://github.com/ClickHouse/ClickHouse/pull/46859) ([Dan Roscigno](https://github.com/DanRoscigno)).
* Fix error during server startup on old distros (e.g. Amazon Linux 2) and on ARM that glibc 2.28 symbols are not found. [#47008](https://github.com/ClickHouse/ClickHouse/pull/47008) ([Robert Schulze](https://github.com/rschu1ze)).
* Prepare for clang 16. [#47027](https://github.com/ClickHouse/ClickHouse/pull/47027) ([Amos Bird](https://github.com/amosbird)).
* Added a CI check which ensures ClickHouse can run with an old glibc on ARM. [#47063](https://github.com/ClickHouse/ClickHouse/pull/47063) ([Robert Schulze](https://github.com/rschu1ze)).
* Add a style check to prevent incorrect usage of the `NDEBUG` macro. [#47699](https://github.com/ClickHouse/ClickHouse/pull/47699) ([Alexey Milovidov](https://github.com/alexey-milovidov)).
* Speed up the build a little. [#47714](https://github.com/ClickHouse/ClickHouse/pull/47714) ([Alexey Milovidov](https://github.com/alexey-milovidov)).
* Bump `vectorscan` to 5.4.9. [#47955](https://github.com/ClickHouse/ClickHouse/pull/47955) ([Robert Schulze](https://github.com/rschu1ze)).
* Add a unit test to assert Apache Arrow's fatal logging does not abort. It covers the changes in [ClickHouse/arrow#16](https://github.com/ClickHouse/arrow/pull/16). [#47958](https://github.com/ClickHouse/ClickHouse/pull/47958) ([Arthur Passos](https://github.com/arthurpassos)).
* Restore the ability of native macOS debug server build to start. [#48050](https://github.com/ClickHouse/ClickHouse/pull/48050) ([Robert Schulze](https://github.com/rschu1ze)). Note: this change is only relevant for development, as the ClickHouse official builds are done with cross-compilation.
#### Bug Fix (user-visible misbehavior in an official stable release)
* Fix formats parser resetting, test processing bad messages in `Kafka` [#45693](https://github.com/ClickHouse/ClickHouse/pull/45693) ([Kruglov Pavel](https://github.com/Avogar)).
* Fix data size calculation in Keeper [#46086](https://github.com/ClickHouse/ClickHouse/pull/46086) ([Antonio Andelic](https://github.com/antonio2368)).
* Fixed a bug in automatic retries of `DROP TABLE` query with `ReplicatedMergeTree` tables and `Atomic` databases. In rare cases it could lead to `Can't get data for node /zk_path/log_pointer` and `The specified key does not exist` errors if the ZooKeeper session expired during DROP and a new replicated table with the same path in ZooKeeper was created in parallel. [#46384](https://github.com/ClickHouse/ClickHouse/pull/46384) ([Alexander Tokmakov](https://github.com/tavplubix)).
* Fix incorrect alias recursion while normalizing queries that prevented some queries to run. [#46609](https://github.com/ClickHouse/ClickHouse/pull/46609) ([Raúl Marín](https://github.com/Algunenano)).
* Fix IPv4/IPv6 serialization/deserialization in binary formats [#46616](https://github.com/ClickHouse/ClickHouse/pull/46616) ([Kruglov Pavel](https://github.com/Avogar)).
* ActionsDAG: do not change result of `and` during optimization [#46653](https://github.com/ClickHouse/ClickHouse/pull/46653) ([Salvatore Mesoraca](https://github.com/aiven-sal)).
* Improve query cancellation when a client dies [#46681](https://github.com/ClickHouse/ClickHouse/pull/46681) ([Alexander Tokmakov](https://github.com/tavplubix)).
* Fix arithmetic operations in aggregate optimization [#46705](https://github.com/ClickHouse/ClickHouse/pull/46705) ([Duc Canh Le](https://github.com/canhld94)).
* Fix possible `clickhouse-local`'s abort on JSONEachRow schema inference [#46731](https://github.com/ClickHouse/ClickHouse/pull/46731) ([Kruglov Pavel](https://github.com/Avogar)).
* Fix changing an expired role [#46772](https://github.com/ClickHouse/ClickHouse/pull/46772) ([Vitaly Baranov](https://github.com/vitlibar)).
* Fix combined PREWHERE column accumulation from multiple steps [#46785](https://github.com/ClickHouse/ClickHouse/pull/46785) ([Alexander Gololobov](https://github.com/davenger)).
* Use initial range for fetching file size in HTTP read buffer. Without this change, some remote files couldn't be processed. [#46824](https://github.com/ClickHouse/ClickHouse/pull/46824) ([Antonio Andelic](https://github.com/antonio2368)).
* Fix the incorrect progress bar while using the URL tables [#46830](https://github.com/ClickHouse/ClickHouse/pull/46830) ([Antonio Andelic](https://github.com/antonio2368)).
* Fix MSan report in `maxIntersections` function [#46847](https://github.com/ClickHouse/ClickHouse/pull/46847) ([Alexey Milovidov](https://github.com/alexey-milovidov)).
* Fix a bug in `Map` data type [#46856](https://github.com/ClickHouse/ClickHouse/pull/46856) ([Alexey Milovidov](https://github.com/alexey-milovidov)).
* Fix wrong results of some LIKE searches when the LIKE pattern contains quoted non-quotable characters [#46875](https://github.com/ClickHouse/ClickHouse/pull/46875) ([Robert Schulze](https://github.com/rschu1ze)).
* Fix - WITH FILL would produce abort when the Filling Transform processing an empty block [#46897](https://github.com/ClickHouse/ClickHouse/pull/46897) ([Yakov Olkhovskiy](https://github.com/yakov-olkhovskiy)).
* Fix date and int inference from string in JSON [#46972](https://github.com/ClickHouse/ClickHouse/pull/46972) ([Kruglov Pavel](https://github.com/Avogar)).
* Fix bug in zero-copy replication disk choice during fetch [#47010](https://github.com/ClickHouse/ClickHouse/pull/47010) ([alesapin](https://github.com/alesapin)).
* Fix a typo in systemd service definition [#47051](https://github.com/ClickHouse/ClickHouse/pull/47051) ([Palash Goel](https://github.com/palash-goel)).
* Fix the NOT_IMPLEMENTED error with CROSS JOIN and algorithm = auto [#47068](https://github.com/ClickHouse/ClickHouse/pull/47068) ([Vladimir C](https://github.com/vdimir)).
* Fix the problem that the 'ReplicatedMergeTree' table failed to insert two similar data when the 'part_type' is configured as 'InMemory' mode (experimental feature). [#47121](https://github.com/ClickHouse/ClickHouse/pull/47121) ([liding1992](https://github.com/liding1992)).
* External dictionaries / library-bridge: Fix error "unknown library method 'extDict_libClone'" [#47136](https://github.com/ClickHouse/ClickHouse/pull/47136) ([alex filatov](https://github.com/phil-88)).
* Fix race condition in a grace hash join with limit [#47153](https://github.com/ClickHouse/ClickHouse/pull/47153) ([Vladimir C](https://github.com/vdimir)).
* Fix concrete columns PREWHERE support [#47154](https://github.com/ClickHouse/ClickHouse/pull/47154) ([Azat Khuzhin](https://github.com/azat)).
* Fix possible deadlock in Query Status [#47161](https://github.com/ClickHouse/ClickHouse/pull/47161) ([Kruglov Pavel](https://github.com/Avogar)).
* Forbid insert select for the same `Join` table, as it leads to a deadlock [#47260](https://github.com/ClickHouse/ClickHouse/pull/47260) ([Vladimir C](https://github.com/vdimir)).
* Skip merged partitions for `min_age_to_force_merge_seconds` merges [#47303](https://github.com/ClickHouse/ClickHouse/pull/47303) ([Antonio Andelic](https://github.com/antonio2368)).
* Modify find_first_symbols, so it works as expected for find_first_not_symbols [#47304](https://github.com/ClickHouse/ClickHouse/pull/47304) ([Arthur Passos](https://github.com/arthurpassos)).
* Fix big numbers inference in CSV [#47410](https://github.com/ClickHouse/ClickHouse/pull/47410) ([Kruglov Pavel](https://github.com/Avogar)).
* Disable logical expression optimizer for expression with aliases. [#47451](https://github.com/ClickHouse/ClickHouse/pull/47451) ([Nikolai Kochetov](https://github.com/KochetovNicolai)).
* Fix error in `decodeURLComponent` [#47457](https://github.com/ClickHouse/ClickHouse/pull/47457) ([Alexey Milovidov](https://github.com/alexey-milovidov)).
* Fix explain graph with projection [#47473](https://github.com/ClickHouse/ClickHouse/pull/47473) ([flynn](https://github.com/ucasfl)).
* Fix query parameters [#47488](https://github.com/ClickHouse/ClickHouse/pull/47488) ([Alexey Milovidov](https://github.com/alexey-milovidov)).
* Parameterized view: a bug fix. [#47495](https://github.com/ClickHouse/ClickHouse/pull/47495) ([SmitaRKulkarni](https://github.com/SmitaRKulkarni)).
* Fuzzer of data formats, and the corresponding fixes. [#47519](https://github.com/ClickHouse/ClickHouse/pull/47519) ([Alexey Milovidov](https://github.com/alexey-milovidov)).
* Fix monotonicity check for `DateTime64` [#47526](https://github.com/ClickHouse/ClickHouse/pull/47526) ([Antonio Andelic](https://github.com/antonio2368)).
* Fix "block structure mismatch" for a Nullable LowCardinality column [#47537](https://github.com/ClickHouse/ClickHouse/pull/47537) ([Nikolai Kochetov](https://github.com/KochetovNicolai)).
* Proper fix for a bug in Apache Parquet [#45878](https://github.com/ClickHouse/ClickHouse/issues/45878) [#47538](https://github.com/ClickHouse/ClickHouse/pull/47538) ([Kruglov Pavel](https://github.com/Avogar)).
* Fix `BSONEachRow` parallel parsing when document size is invalid [#47540](https://github.com/ClickHouse/ClickHouse/pull/47540) ([Kruglov Pavel](https://github.com/Avogar)).
* Preserve error in `system.distribution_queue` on `SYSTEM FLUSH DISTRIBUTED` [#47541](https://github.com/ClickHouse/ClickHouse/pull/47541) ([Azat Khuzhin](https://github.com/azat)).
* Check for duplicate column in `BSONEachRow` format [#47609](https://github.com/ClickHouse/ClickHouse/pull/47609) ([Kruglov Pavel](https://github.com/Avogar)).
* Fix wait for zero copy lock during move [#47631](https://github.com/ClickHouse/ClickHouse/pull/47631) ([alesapin](https://github.com/alesapin)).
* Fix aggregation by partitions [#47634](https://github.com/ClickHouse/ClickHouse/pull/47634) ([Nikita Taranov](https://github.com/nickitat)).
* Fix bug in tuple as array serialization in `BSONEachRow` format [#47690](https://github.com/ClickHouse/ClickHouse/pull/47690) ([Kruglov Pavel](https://github.com/Avogar)).
* Fix crash in `polygonsSymDifferenceCartesian` [#47702](https://github.com/ClickHouse/ClickHouse/pull/47702) ([pufit](https://github.com/pufit)).
* Fix reading from storage `File` compressed files with `zlib` and `gzip` compression [#47796](https://github.com/ClickHouse/ClickHouse/pull/47796) ([Anton Popov](https://github.com/CurtizJ)).
* Improve empty query detection for PostgreSQL (for pgx golang driver) [#47854](https://github.com/ClickHouse/ClickHouse/pull/47854) ([Azat Khuzhin](https://github.com/azat)).
* Fix DateTime monotonicity check for LowCardinality types [#47860](https://github.com/ClickHouse/ClickHouse/pull/47860) ([Antonio Andelic](https://github.com/antonio2368)).
* Use restore_threads (not backup_threads) for RESTORE ASYNC [#47861](https://github.com/ClickHouse/ClickHouse/pull/47861) ([Azat Khuzhin](https://github.com/azat)).
* Fix DROP COLUMN with ReplicatedMergeTree containing projections [#47883](https://github.com/ClickHouse/ClickHouse/pull/47883) ([Antonio Andelic](https://github.com/antonio2368)).
* Fix for Replicated database recovery [#47901](https://github.com/ClickHouse/ClickHouse/pull/47901) ([Alexander Tokmakov](https://github.com/tavplubix)).
* Hotfix for too verbose warnings in HTTP [#47903](https://github.com/ClickHouse/ClickHouse/pull/47903) ([Alexander Tokmakov](https://github.com/tavplubix)).
* Fix "Field value too long" in `catboostEvaluate` [#47970](https://github.com/ClickHouse/ClickHouse/pull/47970) ([Robert Schulze](https://github.com/rschu1ze)).
* Fix [#36971](https://github.com/ClickHouse/ClickHouse/issues/36971): Watchdog: exit with non-zero code if child process exits [#47973](https://github.com/ClickHouse/ClickHouse/pull/47973) ([Коренберг Марк](https://github.com/socketpair)).
* Fix for "index file `cidx` is unexpectedly long" [#48010](https://github.com/ClickHouse/ClickHouse/pull/48010) ([SmitaRKulkarni](https://github.com/SmitaRKulkarni)).
* Fix MaterializedPostgreSQL query to get attributes (replica-identity) [#48015](https://github.com/ClickHouse/ClickHouse/pull/48015) ([Solomatov Sergei](https://github.com/solomatovs)).
* parseDateTime(): Fix UB (signed integer overflow) [#48019](https://github.com/ClickHouse/ClickHouse/pull/48019) ([Robert Schulze](https://github.com/rschu1ze)).
* Use unique names for Records in Avro to avoid reusing its schema [#48057](https://github.com/ClickHouse/ClickHouse/pull/48057) ([Kruglov Pavel](https://github.com/Avogar)).
* Correctly set TCP/HTTP socket timeouts in Keeper [#48108](https://github.com/ClickHouse/ClickHouse/pull/48108) ([Antonio Andelic](https://github.com/antonio2368)).
* Fix possible member call on null pointer in `Avro` format [#48184](https://github.com/ClickHouse/ClickHouse/pull/48184) ([Kruglov Pavel](https://github.com/Avogar)).
### <a id="232"></a> ClickHouse release 23.2, 2023-02-23
#### Backward Incompatible Change
* Extend function "toDayOfWeek()" (alias: "DAYOFWEEK") with a mode argument that encodes whether the week starts on Monday or Sunday and whether counting starts at 0 or 1. For consistency with other date time functions, the mode argument was inserted between the time and the time zone arguments. This breaks existing usage of the (previously undocumented) 2-argument syntax "toDayOfWeek(time, time_zone)". A fix is to rewrite the function into "toDayOfWeek(time, 0, time_zone)". [#45233](https://github.com/ClickHouse/ClickHouse/pull/45233) ([Robert Schulze](https://github.com/rschu1ze)).
* Rename setting `max_query_cache_size` to `filesystem_cache_max_download_size`. [#45614](https://github.com/ClickHouse/ClickHouse/pull/45614) ([Kseniia Sumarokova](https://github.com/kssenii)).
* The `default` user will not have permissions for access type `SHOW NAMED COLLECTION` by default (e.g. `default` user will no longer be able to grant ALL to other users as it was before, therefore this PR is backward incompatible). [#46010](https://github.com/ClickHouse/ClickHouse/pull/46010) ([Kseniia Sumarokova](https://github.com/kssenii)).
* If the SETTINGS clause is specified before the FORMAT clause, the settings will be applied to formatting as well. [#46003](https://github.com/ClickHouse/ClickHouse/pull/46003) ([Azat Khuzhin](https://github.com/azat)).
* Remove support for setting `materialized_postgresql_allow_automatic_update` (which was by default turned off). [#46106](https://github.com/ClickHouse/ClickHouse/pull/46106) ([Kseniia Sumarokova](https://github.com/kssenii)).
* Slightly improve performance of `countDigits` on realistic datasets. This closed [#44518](https://github.com/ClickHouse/ClickHouse/issues/44518). In previous versions, `countDigits(0)` returned `0`; now it returns `1`, which is more correct, and follows the existing documentation. [#46187](https://github.com/ClickHouse/ClickHouse/pull/46187) ([Alexey Milovidov](https://github.com/alexey-milovidov)).
* Disallow creation of new columns compressed by a combination of codecs "Delta" or "DoubleDelta" followed by codecs "Gorilla" or "FPC". This can be bypassed using setting "allow_suspicious_codecs = true". [#45652](https://github.com/ClickHouse/ClickHouse/pull/45652) ([Robert Schulze](https://github.com/rschu1ze)).
#### New Feature
* Add `StorageIceberg` and table function `iceberg` to access iceberg table store on S3. [#45384](https://github.com/ClickHouse/ClickHouse/pull/45384) ([flynn](https://github.com/ucasfl)).
* Allow configuring storage as `SETTINGS disk = '<disk_name>'` (instead of `storage_policy`) and with explicit disk creation `SETTINGS disk = disk(type=s3, ...)`. [#41976](https://github.com/ClickHouse/ClickHouse/pull/41976) ([Kseniia Sumarokova](https://github.com/kssenii)).
* Expose `ProfileEvents` counters in `system.part_log`. [#38614](https://github.com/ClickHouse/ClickHouse/pull/38614) ([Bharat Nallan](https://github.com/bharatnc)).
* Enrichment of the existing `ReplacingMergeTree` engine to allow duplicate the insertion. It leverages the power of both `ReplacingMergeTree` and `CollapsingMergeTree` in one MergeTree engine. Deleted data are not returned when queried, but not removed from disk neither. [#41005](https://github.com/ClickHouse/ClickHouse/pull/41005) ([youennL-cs](https://github.com/youennL-cs)).
* Add `generateULID` function. Closes [#36536](https://github.com/ClickHouse/ClickHouse/issues/36536). [#44662](https://github.com/ClickHouse/ClickHouse/pull/44662) ([Nikolay Degterinsky](https://github.com/evillique)).
* Add `corrMatrix` aggregate function, calculating each two columns. In addition, since Aggregatefunctions `covarSamp` and `covarPop` are similar to `corr`, I add `covarSampMatrix`, `covarPopMatrix` by the way. @alexey-milovidov closes [#44587](https://github.com/ClickHouse/ClickHouse/issues/44587). [#44680](https://github.com/ClickHouse/ClickHouse/pull/44680) ([FFFFFFFHHHHHHH](https://github.com/FFFFFFFHHHHHHH)).
* Introduce arrayShuffle function for random array permutations. [#45271](https://github.com/ClickHouse/ClickHouse/pull/45271) ([Joanna Hulboj](https://github.com/jh0x)).
* Support types `FIXED_SIZE_BINARY` type in Arrow, `FIXED_LENGTH_BYTE_ARRAY` in `Parquet` and match them to `FixedString`. Add settings `output_format_parquet_fixed_string_as_fixed_byte_array/output_format_arrow_fixed_string_as_fixed_byte_array` to control default output type for FixedString. Closes [#45326](https://github.com/ClickHouse/ClickHouse/issues/45326). [#45340](https://github.com/ClickHouse/ClickHouse/pull/45340) ([Kruglov Pavel](https://github.com/Avogar)).
* Add a new column `last_exception_time` to system.replication_queue. [#45457](https://github.com/ClickHouse/ClickHouse/pull/45457) ([Frank Chen](https://github.com/FrankChen021)).
* Add two new functions which allow for user-defined keys/seeds with SipHash{64,128}. [#45513](https://github.com/ClickHouse/ClickHouse/pull/45513) ([Salvatore Mesoraca](https://github.com/aiven-sal)).
* Allow a three-argument version for table function `format`. close [#45808](https://github.com/ClickHouse/ClickHouse/issues/45808). [#45873](https://github.com/ClickHouse/ClickHouse/pull/45873) ([FFFFFFFHHHHHHH](https://github.com/FFFFFFFHHHHHHH)).
* Add `JodaTime` format support for 'x','w','S'. Refer to https://joda-time.sourceforge.net/apidocs/org/joda/time/format/DateTimeFormat.html. [#46073](https://github.com/ClickHouse/ClickHouse/pull/46073) ([zk_kiger](https://github.com/zk-kiger)).
* Support window function `ntile`. ([lgbo](https://github.com/lgbo-ustc)).
* Add setting `final` to implicitly apply the `FINAL` modifier to every table. [#40945](https://github.com/ClickHouse/ClickHouse/pull/40945) ([Arthur Passos](https://github.com/arthurpassos)).
* Added `arrayPartialSort` and `arrayPartialReverseSort` functions. [#46296](https://github.com/ClickHouse/ClickHouse/pull/46296) ([Joanna Hulboj](https://github.com/jh0x)).
* The new http parameter `client_protocol_version` allows setting a client protocol version for HTTP responses using the Native format. [#40397](https://github.com/ClickHouse/ClickHouse/issues/40397). [#46360](https://github.com/ClickHouse/ClickHouse/pull/46360) ([Geoff Genz](https://github.com/genzgd)).
* Add new function `regexpExtract`, like spark function `REGEXP_EXTRACT` for compatibility. It is similar to the existing function `extract`. [#46469](https://github.com/ClickHouse/ClickHouse/pull/46469) ([李扬](https://github.com/taiyang-li)).
* Add new function `JSONArrayLength`, which returns the number of elements in the outermost JSON array. The function returns NULL if the input JSON string is invalid. [#46631](https://github.com/ClickHouse/ClickHouse/pull/46631) ([李扬](https://github.com/taiyang-li)).
#### Performance Improvement
* The introduced logic works if PREWHERE condition is a conjunction of multiple conditions (cond1 AND cond2 AND ... ). It groups those conditions that require reading the same columns into steps. After each step the corresponding part of the full condition is computed and the result rows might be filtered. This allows to read fewer rows in the next steps thus saving IO bandwidth and doing less computation. This logic is disabled by default for now. It will be enabled by default in one of the future releases once it is known to not have any regressions, so it is highly encouraged to be used for testing. It can be controlled by 2 settings: "enable_multiple_prewhere_read_steps" and "move_all_conditions_to_prewhere". [#46140](https://github.com/ClickHouse/ClickHouse/pull/46140) ([Alexander Gololobov](https://github.com/davenger)).
* An option added to aggregate partitions independently if table partition key and group by key are compatible. Controlled by the setting `allow_aggregate_partitions_independently`. Disabled by default because of limited applicability (please refer to the docs). [#45364](https://github.com/ClickHouse/ClickHouse/pull/45364) ([Nikita Taranov](https://github.com/nickitat)).
* Allow using Vertical merge algorithm with parts in Compact format. This will allow ClickHouse server to use much less memory for background operations. This closes [#46084](https://github.com/ClickHouse/ClickHouse/issues/46084). [#45681](https://github.com/ClickHouse/ClickHouse/pull/45681) [#46282](https://github.com/ClickHouse/ClickHouse/pull/46282) ([Anton Popov](https://github.com/CurtizJ)).
* Optimize `Parquet` reader by using batch reader. [#45878](https://github.com/ClickHouse/ClickHouse/pull/45878) ([LiuNeng](https://github.com/liuneng1994)).
* Add new `local_filesystem_read_method` method `io_uring` based on the asynchronous Linux [io_uring](https://kernel.dk/io_uring.pdf) subsystem, improving read performance almost universally compared to the default `pread` method. [#38456](https://github.com/ClickHouse/ClickHouse/pull/38456) ([Saulius Valatka](https://github.com/sauliusvl)).
* Rewrite aggregate functions with `if` expression as argument when logically equivalent. For example, `avg(if(cond, col, null))` can be rewritten to avgIf(cond, col). It is helpful in performance. [#44730](https://github.com/ClickHouse/ClickHouse/pull/44730) ([李扬](https://github.com/taiyang-li)).
* Improve lower/upper function performance with avx512 instructions. [#37894](https://github.com/ClickHouse/ClickHouse/pull/37894) ([yaqi-zhao](https://github.com/yaqi-zhao)).
* Remove the limitation that on systems with >=32 cores and SMT disabled ClickHouse uses only half of the cores (the case when you disable Hyper Threading in BIOS). [#44973](https://github.com/ClickHouse/ClickHouse/pull/44973) ([Robert Schulze](https://github.com/rschu1ze)).
* Improve performance of function `multiIf` by columnar executing, speed up by 2.3x. [#45296](https://github.com/ClickHouse/ClickHouse/pull/45296) ([李扬](https://github.com/taiyang-li)).
* Add fast path for function `position` when the needle is empty. [#45382](https://github.com/ClickHouse/ClickHouse/pull/45382) ([李扬](https://github.com/taiyang-li)).
* Enable `query_plan_remove_redundant_sorting` optimization by default. Optimization implemented in [#45420](https://github.com/ClickHouse/ClickHouse/issues/45420). [#45567](https://github.com/ClickHouse/ClickHouse/pull/45567) ([Igor Nikonov](https://github.com/devcrafter)).
* Increased HTTP Transfer Encoding chunk size to improve performance of large queries using the HTTP interface. [#45593](https://github.com/ClickHouse/ClickHouse/pull/45593) ([Geoff Genz](https://github.com/genzgd)).
* Fixed performance of short `SELECT` queries that read from tables with large number of `Array`/`Map`/`Nested` columns. [#45630](https://github.com/ClickHouse/ClickHouse/pull/45630) ([Anton Popov](https://github.com/CurtizJ)).
* Improve performance of filtering for big integers and decimal types. [#45949](https://github.com/ClickHouse/ClickHouse/pull/45949) ([李扬](https://github.com/taiyang-li)).
* This change could effectively reduce the overhead of obtaining the filter from ColumnNullable(UInt8) and improve the overall query performance. To evaluate the impact of this change, we adopted TPC-H benchmark but revised the column types from non-nullable to nullable, and we measured the QPS of its queries as the performance indicator. [#45962](https://github.com/ClickHouse/ClickHouse/pull/45962) ([Zhiguo Zhou](https://github.com/ZhiguoZh)).
* Make the `_part` and `_partition_id` virtual column be `LowCardinality(String)` type. Closes [#45964](https://github.com/ClickHouse/ClickHouse/issues/45964). [#45975](https://github.com/ClickHouse/ClickHouse/pull/45975) ([flynn](https://github.com/ucasfl)).
* Improve the performance of Decimal conversion when the scale does not change. [#46095](https://github.com/ClickHouse/ClickHouse/pull/46095) ([Alexey Milovidov](https://github.com/alexey-milovidov)).
* Allow to increase prefetching for read data. [#46168](https://github.com/ClickHouse/ClickHouse/pull/46168) ([Kseniia Sumarokova](https://github.com/kssenii)).
* Rewrite `arrayExists(x -> x = 1, arr)` -> `has(arr, 1)`, which improve performance by 1.34x. [#46188](https://github.com/ClickHouse/ClickHouse/pull/46188) ([李扬](https://github.com/taiyang-li)).
* Fix too big memory usage for vertical merges on non-remote disk. Respect `max_insert_delayed_streams_for_parallel_write` for the remote disk. [#46275](https://github.com/ClickHouse/ClickHouse/pull/46275) ([Nikolai Kochetov](https://github.com/KochetovNicolai)).
* Update zstd to v1.5.4. It has some minor improvements in performance and compression ratio. If you run replicas with different versions of ClickHouse you may see reasonable error messages `Data after merge/mutation is not byte-identical to data on another replicas.` with explanation. These messages are Ok and you should not worry. [#46280](https://github.com/ClickHouse/ClickHouse/pull/46280) ([Raúl Marín](https://github.com/Algunenano)).
* Fix performance degradation caused by [#39737](https://github.com/ClickHouse/ClickHouse/issues/39737). [#46309](https://github.com/ClickHouse/ClickHouse/pull/46309) ([Alexey Milovidov](https://github.com/alexey-milovidov)).
* The `replicas_status` handle will answer quickly even in case of a large replication queue. [#46310](https://github.com/ClickHouse/ClickHouse/pull/46310) ([Alexey Milovidov](https://github.com/alexey-milovidov)).
* Add avx512 support for aggregate function `sum`, function unary arithmetic, function comparison. [#37870](https://github.com/ClickHouse/ClickHouse/pull/37870) ([zhao zhou](https://github.com/zzachimed)).
* Rewrote the code around marks distribution and the overall coordination of the reading in order to achieve the maximum performance improvement. This closes [#34527](https://github.com/ClickHouse/ClickHouse/issues/34527). [#43772](https://github.com/ClickHouse/ClickHouse/pull/43772) ([Nikita Mikhaylov](https://github.com/nikitamikhaylov)).
* Remove redundant DISTINCT clauses in query (subqueries). Implemented on top of query plan. It does similar optimization as `optimize_duplicate_order_by_and_distinct` regarding DISTINCT clauses. Can be enabled via `query_plan_remove_redundant_distinct` setting. Related to [#42648](https://github.com/ClickHouse/ClickHouse/issues/42648). [#44176](https://github.com/ClickHouse/ClickHouse/pull/44176) ([Igor Nikonov](https://github.com/devcrafter)).
* A few query rewrite optimizations: `sumIf(123, cond) -> 123 * countIf(1, cond)`, `sum(if(cond, 123, 0)) -> 123 * countIf(cond)`, `sum(if(cond, 0, 123)) -> 123 * countIf(not(cond))` [#44728](https://github.com/ClickHouse/ClickHouse/pull/44728) ([李扬](https://github.com/taiyang-li)).
* Improved how memory bound merging and aggregation in order on top query plan interact. Previously we fell back to explicit sorting for AIO in some cases when it wasn't actually needed. [#45892](https://github.com/ClickHouse/ClickHouse/pull/45892) ([Nikita Taranov](https://github.com/nickitat)).
* Concurrent merges are scheduled using round-robin by default to ensure fair and starvation-free operation. Previously in heavily overloaded shards, big merges could possibly be starved by smaller merges due to the use of strict priority scheduling. Added `background_merges_mutations_scheduling_policy` server config option to select scheduling algorithm (`round_robin` or `shortest_task_first`). [#46247](https://github.com/ClickHouse/ClickHouse/pull/46247) ([Sergei Trifonov](https://github.com/serxa)).
#### Improvement
* Enable retries for INSERT by default in case of ZooKeeper session loss. We already use it in production. [#46308](https://github.com/ClickHouse/ClickHouse/pull/46308) ([Alexey Milovidov](https://github.com/alexey-milovidov)).
* Add ability to ignore unknown keys in JSON object for named tuples (`input_format_json_ignore_unknown_keys_in_named_tuple`). [#45678](https://github.com/ClickHouse/ClickHouse/pull/45678) ([Azat Khuzhin](https://github.com/azat)).
* Support optimizing the `where` clause with sorting key expression move to `prewhere` for query with `final`. [#38893](https://github.com/ClickHouse/ClickHouse/issues/38893). [#38950](https://github.com/ClickHouse/ClickHouse/pull/38950) ([hexiaoting](https://github.com/hexiaoting)).
* Add new metrics for backups: num_processed_files and processed_files_size described actual number of processed files. [#42244](https://github.com/ClickHouse/ClickHouse/pull/42244) ([Aleksandr](https://github.com/AVMusorin)).
* Added retries on interserver DNS errors. [#43179](https://github.com/ClickHouse/ClickHouse/pull/43179) ([Anton Kozlov](https://github.com/tonickkozlov)).
* Keeper improvement: try preallocating space on the disk to avoid undefined out-of-space issues. Introduce setting `max_log_file_size` for the maximum size of Keeper's Raft log files. [#44370](https://github.com/ClickHouse/ClickHouse/pull/44370) ([Antonio Andelic](https://github.com/antonio2368)).
* Optimize behavior for a replica delay api logic in case the replica is read-only. [#45148](https://github.com/ClickHouse/ClickHouse/pull/45148) ([mateng915](https://github.com/mateng0915)).
* Ask for the password in clickhouse-client interactively in a case when the empty password is wrong. Closes [#46702](https://github.com/ClickHouse/ClickHouse/issues/46702). [#46730](https://github.com/ClickHouse/ClickHouse/pull/46730) ([Nikolay Degterinsky](https://github.com/evillique)).
* Mark `Gorilla` compression on columns of non-Float* type as suspicious. [#45376](https://github.com/ClickHouse/ClickHouse/pull/45376) ([Robert Schulze](https://github.com/rschu1ze)).
* Show replica name that is executing a merge in the `postpone_reason` column. [#45458](https://github.com/ClickHouse/ClickHouse/pull/45458) ([Frank Chen](https://github.com/FrankChen021)).
* Save exception stack trace in part_log. [#45459](https://github.com/ClickHouse/ClickHouse/pull/45459) ([Frank Chen](https://github.com/FrankChen021)).
* The `regexp_tree` dictionary is polished and now it is compatible with https://github.com/ua-parser/uap-core. [#45631](https://github.com/ClickHouse/ClickHouse/pull/45631) ([Han Fei](https://github.com/hanfei1991)).
* Updated checking of `SYSTEM SYNC REPLICA`, resolves [#45508](https://github.com/ClickHouse/ClickHouse/issues/45508) [#45648](https://github.com/ClickHouse/ClickHouse/pull/45648) ([SmitaRKulkarni](https://github.com/SmitaRKulkarni)).
* Rename setting `replication_alter_partitions_sync` to `alter_sync`. [#45659](https://github.com/ClickHouse/ClickHouse/pull/45659) ([Antonio Andelic](https://github.com/antonio2368)).
* The `generateRandom` table function and the engine now support `LowCardinality` data types. This is useful for testing, for example you can write `INSERT INTO table SELECT * FROM generateRandom() LIMIT 1000`. This is needed to debug [#45590](https://github.com/ClickHouse/ClickHouse/issues/45590). [#45661](https://github.com/ClickHouse/ClickHouse/pull/45661) ([Alexey Milovidov](https://github.com/alexey-milovidov)).
* The experimental query result cache now provides more modular configuration settings. [#45679](https://github.com/ClickHouse/ClickHouse/pull/45679) ([Robert Schulze](https://github.com/rschu1ze)).
* Renamed "query result cache" to "query cache". [#45682](https://github.com/ClickHouse/ClickHouse/pull/45682) ([Robert Schulze](https://github.com/rschu1ze)).
* add `SYSTEM SYNC FILE CACHE` command. It will do the `sync` syscall. [#8921](https://github.com/ClickHouse/ClickHouse/issues/8921). [#45685](https://github.com/ClickHouse/ClickHouse/pull/45685) ([DR](https://github.com/freedomDR)).
* Add a new S3 setting `allow_head_object_request`. This PR makes usage of `GetObjectAttributes` request instead of `HeadObject` introduced in https://github.com/ClickHouse/ClickHouse/pull/45288 optional (and disabled by default). [#45701](https://github.com/ClickHouse/ClickHouse/pull/45701) ([Vitaly Baranov](https://github.com/vitlibar)).
* Add ability to override connection settings based on connection names (that said that now you can forget about storing password for each connection, you can simply put everything into `~/.clickhouse-client/config.xml` and even use different history files for them, which can be also useful). [#45715](https://github.com/ClickHouse/ClickHouse/pull/45715) ([Azat Khuzhin](https://github.com/azat)).
* Arrow format: support the duration type. Closes [#45669](https://github.com/ClickHouse/ClickHouse/issues/45669). [#45750](https://github.com/ClickHouse/ClickHouse/pull/45750) ([flynn](https://github.com/ucasfl)).
* Extend the logging in the Query Cache to improve investigations of the caching behavior. [#45751](https://github.com/ClickHouse/ClickHouse/pull/45751) ([Robert Schulze](https://github.com/rschu1ze)).
* The query cache's server-level settings are now reconfigurable at runtime. [#45758](https://github.com/ClickHouse/ClickHouse/pull/45758) ([Robert Schulze](https://github.com/rschu1ze)).
* Hide password in logs when a table function's arguments are specified with a named collection. [#45774](https://github.com/ClickHouse/ClickHouse/pull/45774) ([Vitaly Baranov](https://github.com/vitlibar)).
* Improve internal S3 client to correctly deduce regions and redirections for different types of URLs. [#45783](https://github.com/ClickHouse/ClickHouse/pull/45783) ([Antonio Andelic](https://github.com/antonio2368)).
* Add support for Map, IPv4 and IPv6 types in generateRandom. Mostly useful for testing. [#45785](https://github.com/ClickHouse/ClickHouse/pull/45785) ([Raúl Marín](https://github.com/Algunenano)).
* Support empty/notEmpty for IP types. [#45799](https://github.com/ClickHouse/ClickHouse/pull/45799) ([Yakov Olkhovskiy](https://github.com/yakov-olkhovskiy)).
* The column `num_processed_files` was split into two columns: `num_files` (for BACKUP) and `files_read` (for RESTORE). The column `processed_files_size` was split into two columns: `total_size` (for BACKUP) and `bytes_read` (for RESTORE). [#45800](https://github.com/ClickHouse/ClickHouse/pull/45800) ([Vitaly Baranov](https://github.com/vitlibar)).
* Add support for `SHOW ENGINES` query for MySQL compatibility. [#45859](https://github.com/ClickHouse/ClickHouse/pull/45859) ([Filatenkov Artur](https://github.com/FArthur-cmd)).
* Improved how the obfuscator deals with queries. [#45867](https://github.com/ClickHouse/ClickHouse/pull/45867) ([Raúl Marín](https://github.com/Algunenano)).
* Improve behaviour of conversion into Date for boundary value 65535 (2149-06-06). [#46042](https://github.com/ClickHouse/ClickHouse/pull/46042) [#45914](https://github.com/ClickHouse/ClickHouse/pull/45914) ([Joanna Hulboj](https://github.com/jh0x)).
* Add setting `check_referential_table_dependencies` to check referential dependencies on `DROP TABLE`. This PR solves [#38326](https://github.com/ClickHouse/ClickHouse/issues/38326). [#45936](https://github.com/ClickHouse/ClickHouse/pull/45936) ([Vitaly Baranov](https://github.com/vitlibar)).
* Fix `tupleElement` to return `Null` when having `Null` argument. Closes [#45894](https://github.com/ClickHouse/ClickHouse/issues/45894). [#45952](https://github.com/ClickHouse/ClickHouse/pull/45952) ([flynn](https://github.com/ucasfl)).
* Throw an error on no files satisfying the S3 wildcard. Closes [#45587](https://github.com/ClickHouse/ClickHouse/issues/45587). [#45957](https://github.com/ClickHouse/ClickHouse/pull/45957) ([chen](https://github.com/xiedeyantu)).
* Use cluster state data to check concurrent backup/restore. [#45982](https://github.com/ClickHouse/ClickHouse/pull/45982) ([SmitaRKulkarni](https://github.com/SmitaRKulkarni)).
* ClickHouse Client: Use "exact" matching for fuzzy search, which has correct case ignorance and more appropriate algorithm for matching SQL queries. [#46000](https://github.com/ClickHouse/ClickHouse/pull/46000) ([Azat Khuzhin](https://github.com/azat)).
* Forbid wrong create View syntax `CREATE View X TO Y AS SELECT`. Closes [#4331](https://github.com/ClickHouse/ClickHouse/issues/4331). [#46043](https://github.com/ClickHouse/ClickHouse/pull/46043) ([flynn](https://github.com/ucasfl)).
* Storage `Log` family support setting the `storage_policy`. Closes [#43421](https://github.com/ClickHouse/ClickHouse/issues/43421). [#46044](https://github.com/ClickHouse/ClickHouse/pull/46044) ([flynn](https://github.com/ucasfl)).
* Improve `JSONColumns` format when the result is empty. Closes [#46024](https://github.com/ClickHouse/ClickHouse/issues/46024). [#46053](https://github.com/ClickHouse/ClickHouse/pull/46053) ([flynn](https://github.com/ucasfl)).
* Add reference implementation for SipHash128. [#46065](https://github.com/ClickHouse/ClickHouse/pull/46065) ([Salvatore Mesoraca](https://github.com/aiven-sal)).
* Add a new metric to record allocations times and bytes using mmap. [#46068](https://github.com/ClickHouse/ClickHouse/pull/46068) ([李扬](https://github.com/taiyang-li)).
* Currently for functions like `leftPad`, `rightPad`, `leftPadUTF8`, `rightPadUTF8`, the second argument `length` must be UInt8|16|32|64|128|256. Which is too strict for clickhouse users, besides, it is not consistent with other similar functions like `arrayResize`, `substring` and so on. [#46103](https://github.com/ClickHouse/ClickHouse/pull/46103) ([李扬](https://github.com/taiyang-li)).
* Fix assertion in the `welchTTest` function in debug build when the resulting statistics is NaN. Unified the behavior with other similar functions. Change the behavior of `studentTTest` to return NaN instead of throwing an exception because the previous behavior was inconvenient. This closes [#41176](https://github.com/ClickHouse/ClickHouse/issues/41176) This closes [#42162](https://github.com/ClickHouse/ClickHouse/issues/42162). [#46141](https://github.com/ClickHouse/ClickHouse/pull/46141) ([Alexey Milovidov](https://github.com/alexey-milovidov)).
* More convenient usage of big integers and ORDER BY WITH FILL. Allow using plain integers for start and end points in WITH FILL when ORDER BY big (128-bit and 256-bit) integers. Fix the wrong result for big integers with negative start or end points. This closes [#16733](https://github.com/ClickHouse/ClickHouse/issues/16733). [#46152](https://github.com/ClickHouse/ClickHouse/pull/46152) ([Alexey Milovidov](https://github.com/alexey-milovidov)).
* Add `parts`, `active_parts` and `total_marks` columns to `system.tables` on [issue](https://github.com/ClickHouse/ClickHouse/issues/44336). [#46161](https://github.com/ClickHouse/ClickHouse/pull/46161) ([attack204](https://github.com/attack204)).
* Functions "multi[Fuzzy]Match(Any|AnyIndex|AllIndices}" now reject regexes which will likely evaluate very slowly in vectorscan. [#46167](https://github.com/ClickHouse/ClickHouse/pull/46167) ([Robert Schulze](https://github.com/rschu1ze)).
* When `insert_null_as_default` is enabled and column doesn't have defined default value, the default of column type will be used. Also this PR fixes using default values on nulls in case of LowCardinality columns. [#46171](https://github.com/ClickHouse/ClickHouse/pull/46171) ([Kruglov Pavel](https://github.com/Avogar)).
* Prefer explicitly defined access keys for S3 clients. If `use_environment_credentials` is set to `true`, and the user has provided the access key through query or config, they will be used instead of the ones from the environment variable. [#46191](https://github.com/ClickHouse/ClickHouse/pull/46191) ([Antonio Andelic](https://github.com/antonio2368)).
* Add an alias "DATE_FORMAT()" for function "formatDateTime()" to improve compatibility with MySQL's SQL dialect, extend function `formatDateTime` with substitutions "a", "b", "c", "h", "i", "k", "l" "r", "s", "W". ### Documentation entry for user-facing changes User-readable short description: `DATE_FORMAT` is an alias of `formatDateTime`. Formats a Time according to the given Format string. Format is a constant expression, so you cannot have multiple formats for a single result column. (Provide link to [formatDateTime](https://clickhouse.com/docs/en/sql-reference/functions/date-time-functions/#formatdatetime)). [#46302](https://github.com/ClickHouse/ClickHouse/pull/46302) ([Jake Bamrah](https://github.com/JakeBamrah)).
* Add `ProfileEvents` and `CurrentMetrics` about the callback tasks for parallel replicas (`s3Cluster` and `MergeTree` tables). [#46313](https://github.com/ClickHouse/ClickHouse/pull/46313) ([Alexey Milovidov](https://github.com/alexey-milovidov)).
* Add support for `DELETE` and `UPDATE` for tables using `KeeperMap` storage engine. [#46330](https://github.com/ClickHouse/ClickHouse/pull/46330) ([Antonio Andelic](https://github.com/antonio2368)).
* Allow writing RENAME queries with query parameters. Resolves [#45778](https://github.com/ClickHouse/ClickHouse/issues/45778). [#46407](https://github.com/ClickHouse/ClickHouse/pull/46407) ([Nikolay Degterinsky](https://github.com/evillique)).
* Fix parameterized SELECT queries with REPLACE transformer. Resolves [#33002](https://github.com/ClickHouse/ClickHouse/issues/33002). [#46420](https://github.com/ClickHouse/ClickHouse/pull/46420) ([Nikolay Degterinsky](https://github.com/evillique)).
* Exclude the internal database used for temporary/external tables from the calculation of asynchronous metric "NumberOfDatabases". This makes the behavior consistent with system table "system.databases". [#46435](https://github.com/ClickHouse/ClickHouse/pull/46435) ([Robert Schulze](https://github.com/rschu1ze)).
* Added `last_exception_time` column into distribution_queue table. [#46564](https://github.com/ClickHouse/ClickHouse/pull/46564) ([Aleksandr](https://github.com/AVMusorin)).
* Support for IN clause with parameter in parameterized views. [#46583](https://github.com/ClickHouse/ClickHouse/pull/46583) ([SmitaRKulkarni](https://github.com/SmitaRKulkarni)).
* Do not load named collections on server startup (load them on first access instead). [#46607](https://github.com/ClickHouse/ClickHouse/pull/46607) ([Kseniia Sumarokova](https://github.com/kssenii)).
#### Build/Testing/Packaging Improvement
* Introduce GWP-ASan implemented by the LLVM runtime. This closes [#27039](https://github.com/ClickHouse/ClickHouse/issues/27039). [#45226](https://github.com/ClickHouse/ClickHouse/pull/45226) ([Han Fei](https://github.com/hanfei1991)).
* We want to make our tests less stable and more flaky: add randomization for merge tree settings in tests. [#38983](https://github.com/ClickHouse/ClickHouse/pull/38983) ([Anton Popov](https://github.com/CurtizJ)).
* Enable the HDFS support in PowerPC and which helps to fixes the following functional tests 02113_hdfs_assert.sh, 02244_hdfs_cluster.sql and 02368_cancel_write_into_hdfs.sh. [#44949](https://github.com/ClickHouse/ClickHouse/pull/44949) ([MeenaRenganathan22](https://github.com/MeenaRenganathan22)).
* Add systemd.service file for clickhouse-keeper. Fixes [#44293](https://github.com/ClickHouse/ClickHouse/issues/44293). [#45568](https://github.com/ClickHouse/ClickHouse/pull/45568) ([Mikhail f. Shiryaev](https://github.com/Felixoid)).
* ClickHouse's fork of poco was moved from "contrib/" to "base/poco/". [#46075](https://github.com/ClickHouse/ClickHouse/pull/46075) ([Robert Schulze](https://github.com/rschu1ze)).
* Add an option for `clickhouse-watchdog` to restart the child process. This does not make a lot of use. [#46312](https://github.com/ClickHouse/ClickHouse/pull/46312) ([Alexey Milovidov](https://github.com/alexey-milovidov)).
* If the environment variable `CLICKHOUSE_DOCKER_RESTART_ON_EXIT` is set to 1, the Docker container will run `clickhouse-server` as a child instead of the first process, and restart it when it exited. [#46391](https://github.com/ClickHouse/ClickHouse/pull/46391) ([Alexey Milovidov](https://github.com/alexey-milovidov)).
* Fix Systemd service file. [#46461](https://github.com/ClickHouse/ClickHouse/pull/46461) ([SuperDJY](https://github.com/cmsxbc)).
* Raised the minimum Clang version needed to build ClickHouse from 12 to 15. [#46710](https://github.com/ClickHouse/ClickHouse/pull/46710) ([Robert Schulze](https://github.com/rschu1ze)).
* Upgrade Intel QPL from v0.3.0 to v1.0.0 2. Build libaccel-config and link it statically to QPL library instead of dynamically. [#45809](https://github.com/ClickHouse/ClickHouse/pull/45809) ([jasperzhu](https://github.com/jinjunzh)).
#### Bug Fix (user-visible misbehavior in official stable release)
* Flush data exactly by `rabbitmq_flush_interval_ms` or by `rabbitmq_max_block_size` in `StorageRabbitMQ`. Closes [#42389](https://github.com/ClickHouse/ClickHouse/issues/42389). Closes [#45160](https://github.com/ClickHouse/ClickHouse/issues/45160). [#44404](https://github.com/ClickHouse/ClickHouse/pull/44404) ([Kseniia Sumarokova](https://github.com/kssenii)).
* Use PODArray to render in sparkBar function, so we can control the memory usage. Close [#44467](https://github.com/ClickHouse/ClickHouse/issues/44467). [#44489](https://github.com/ClickHouse/ClickHouse/pull/44489) ([Duc Canh Le](https://github.com/canhld94)).
* Fix functions (quantilesExactExclusive, quantilesExactInclusive) return unsorted array element. [#45379](https://github.com/ClickHouse/ClickHouse/pull/45379) ([wujunfu](https://github.com/wujunfu)).
* Fix uncaught exception in HTTPHandler when open telemetry is enabled. [#45456](https://github.com/ClickHouse/ClickHouse/pull/45456) ([Frank Chen](https://github.com/FrankChen021)).
* Don't infer Dates from 8 digit numbers. It could lead to wrong data to be read. [#45581](https://github.com/ClickHouse/ClickHouse/pull/45581) ([Kruglov Pavel](https://github.com/Avogar)).
* Fixes to correctly use `odbc_bridge_use_connection_pooling` setting. [#45591](https://github.com/ClickHouse/ClickHouse/pull/45591) ([Bharat Nallan](https://github.com/bharatnc)).
* When the callback in the cache is called, it is possible that this cache is destructed. To keep it safe, we capture members by value. It's also safe for task schedule because it will be deactivated before storage is destroyed. Resolve [#45548](https://github.com/ClickHouse/ClickHouse/issues/45548). [#45601](https://github.com/ClickHouse/ClickHouse/pull/45601) ([Han Fei](https://github.com/hanfei1991)).
* Fix data corruption when codecs Delta or DoubleDelta are combined with codec Gorilla. [#45615](https://github.com/ClickHouse/ClickHouse/pull/45615) ([Robert Schulze](https://github.com/rschu1ze)).
* Correctly check types when using N-gram bloom filter index to avoid invalid reads. [#45617](https://github.com/ClickHouse/ClickHouse/pull/45617) ([Antonio Andelic](https://github.com/antonio2368)).
* A couple of segfaults have been reported around `c-ares`. They were introduced in my previous pull requests. I have fixed them with the help of Alexander Tokmakov. [#45629](https://github.com/ClickHouse/ClickHouse/pull/45629) ([Arthur Passos](https://github.com/arthurpassos)).
* Fix key description when encountering duplicate primary keys. This can happen in projections. See [#45590](https://github.com/ClickHouse/ClickHouse/issues/45590) for details. [#45686](https://github.com/ClickHouse/ClickHouse/pull/45686) ([Amos Bird](https://github.com/amosbird)).
* Set compression method and level for backup Closes [#45690](https://github.com/ClickHouse/ClickHouse/issues/45690). [#45737](https://github.com/ClickHouse/ClickHouse/pull/45737) ([Pradeep Chhetri](https://github.com/chhetripradeep)).
* Should use `select_query_typed.limitByOffset()` instead of `select_query_typed.limitOffset()`. [#45817](https://github.com/ClickHouse/ClickHouse/pull/45817) ([刘陶峰](https://github.com/taofengliu)).
* When use experimental analyzer, queries like `SELECT number FROM numbers(100) LIMIT 10 OFFSET 10;` get wrong results (empty result for this sql). That is caused by an unnecessary offset step added by planner. [#45822](https://github.com/ClickHouse/ClickHouse/pull/45822) ([刘陶峰](https://github.com/taofengliu)).
* Backward compatibility - allow implicit narrowing conversion from UInt64 to IPv4 - required for "INSERT ... VALUES ..." expression. [#45865](https://github.com/ClickHouse/ClickHouse/pull/45865) ([Yakov Olkhovskiy](https://github.com/yakov-olkhovskiy)).
* Bugfix IPv6 parser for mixed ip4 address with missed first octet (like `::.1.2.3`). [#45871](https://github.com/ClickHouse/ClickHouse/pull/45871) ([Yakov Olkhovskiy](https://github.com/yakov-olkhovskiy)).
* Add the `query_kind` column to the `system.processes` table and the `SHOW PROCESSLIST` query. Remove duplicate code. It fixes a bug: the global configuration parameter `max_concurrent_select_queries` was not respected to queries with `INTERSECT` or `EXCEPT` chains. [#45872](https://github.com/ClickHouse/ClickHouse/pull/45872) ([Alexey Milovidov](https://github.com/alexey-milovidov)).
* Fix crash in a function `stochasticLinearRegression`. Found by WingFuzz. [#45985](https://github.com/ClickHouse/ClickHouse/pull/45985) ([Nikolai Kochetov](https://github.com/KochetovNicolai)).
* Fix crash in `SELECT` queries with `INTERSECT` and `EXCEPT` modifiers that read data from tables with enabled sparse columns (controlled by setting `ratio_of_defaults_for_sparse_serialization`). [#45987](https://github.com/ClickHouse/ClickHouse/pull/45987) ([Anton Popov](https://github.com/CurtizJ)).
* Fix read in order optimization for DESC sorting with FINAL, close [#45815](https://github.com/ClickHouse/ClickHouse/issues/45815). [#46009](https://github.com/ClickHouse/ClickHouse/pull/46009) ([Vladimir C](https://github.com/vdimir)).
* Fix reading of non existing nested columns with multiple level in compact parts. [#46045](https://github.com/ClickHouse/ClickHouse/pull/46045) ([Azat Khuzhin](https://github.com/azat)).
* Fix elapsed column in system.processes (10x error). [#46047](https://github.com/ClickHouse/ClickHouse/pull/46047) ([Azat Khuzhin](https://github.com/azat)).
* Follow-up fix for Replace domain IP types (IPv4, IPv6) with native https://github.com/ClickHouse/ClickHouse/pull/43221. [#46087](https://github.com/ClickHouse/ClickHouse/pull/46087) ([Yakov Olkhovskiy](https://github.com/yakov-olkhovskiy)).
* Fix environment variable substitution in the configuration when a parameter already has a value. This closes [#46131](https://github.com/ClickHouse/ClickHouse/issues/46131). This closes [#9547](https://github.com/ClickHouse/ClickHouse/issues/9547). [#46144](https://github.com/ClickHouse/ClickHouse/pull/46144) ([pufit](https://github.com/pufit)).
* Fix incorrect predicate push down with grouping sets. Closes [#45947](https://github.com/ClickHouse/ClickHouse/issues/45947). [#46151](https://github.com/ClickHouse/ClickHouse/pull/46151) ([flynn](https://github.com/ucasfl)).
* Fix possible pipeline stuck error on `fulls_sorting_join` with constant keys. [#46175](https://github.com/ClickHouse/ClickHouse/pull/46175) ([Vladimir C](https://github.com/vdimir)).
* Never rewrite tuple functions as literals during formatting to avoid incorrect results. [#46232](https://github.com/ClickHouse/ClickHouse/pull/46232) ([Salvatore Mesoraca](https://github.com/aiven-sal)).
* Fix possible out of bounds error while reading LowCardinality(Nullable) in Arrow format. [#46270](https://github.com/ClickHouse/ClickHouse/pull/46270) ([Kruglov Pavel](https://github.com/Avogar)).
* Fix `SYSTEM UNFREEZE` queries failing with the exception `CANNOT_PARSE_INPUT_ASSERTION_FAILED`. [#46325](https://github.com/ClickHouse/ClickHouse/pull/46325) ([Aleksei Filatov](https://github.com/aalexfvk)).
* Fix possible crash which can be caused by an integer overflow while deserializing aggregating state of a function that stores HashTable. [#46349](https://github.com/ClickHouse/ClickHouse/pull/46349) ([Nikolai Kochetov](https://github.com/KochetovNicolai)).
* Fix possible `LOGICAL_ERROR` in asynchronous inserts with invalid data sent in format `VALUES`. [#46350](https://github.com/ClickHouse/ClickHouse/pull/46350) ([Anton Popov](https://github.com/CurtizJ)).
* Fixed a LOGICAL_ERROR on an attempt to execute `ALTER ... MOVE PART ... TO TABLE`. This type of query was never actually supported. [#46359](https://github.com/ClickHouse/ClickHouse/pull/46359) ([Alexander Tokmakov](https://github.com/tavplubix)).
* Fix s3Cluster schema inference in parallel distributed insert select when `parallel_distributed_insert_select` is enabled. [#46381](https://github.com/ClickHouse/ClickHouse/pull/46381) ([Kruglov Pavel](https://github.com/Avogar)).
* Fix queries like `ALTER TABLE ... UPDATE nested.arr1 = nested.arr2 ...`, where `arr1` and `arr2` are fields of the same `Nested` column. [#46387](https://github.com/ClickHouse/ClickHouse/pull/46387) ([Anton Popov](https://github.com/CurtizJ)).
* Scheduler may fail to schedule a task. If it happens, the whole MulityPartUpload should be aborted and `UploadHelper` must wait for already scheduled tasks. [#46451](https://github.com/ClickHouse/ClickHouse/pull/46451) ([Dmitry Novik](https://github.com/novikd)).
* Fix PREWHERE for Merge with different default types (fixes some `NOT_FOUND_COLUMN_IN_BLOCK` when the default type for the column differs, also allow `PREWHERE` when the type of column is the same across tables, and prohibit it, only if it differs). [#46454](https://github.com/ClickHouse/ClickHouse/pull/46454) ([Azat Khuzhin](https://github.com/azat)).
* Fix a crash that could happen when constant values are used in `ORDER BY`. Fixes [#46466](https://github.com/ClickHouse/ClickHouse/issues/46466). [#46493](https://github.com/ClickHouse/ClickHouse/pull/46493) ([Nikolai Kochetov](https://github.com/KochetovNicolai)).
* Do not throw exception if `disk` setting was specified on query level, but `storage_policy` was specified in config merge tree settings section. `disk` will override setting from config. [#46533](https://github.com/ClickHouse/ClickHouse/pull/46533) ([Kseniia Sumarokova](https://github.com/kssenii)).
* Fix an invalid processing of constant `LowCardinality` argument in function `arrayMap`. This bug could lead to a segfault in release, and logical error `Bad cast` in debug build. [#46569](https://github.com/ClickHouse/ClickHouse/pull/46569) ([Alexey Milovidov](https://github.com/alexey-milovidov)).
* fixes [#46557](https://github.com/ClickHouse/ClickHouse/issues/46557). [#46611](https://github.com/ClickHouse/ClickHouse/pull/46611) ([Alexander Gololobov](https://github.com/davenger)).
* Fix endless restarts of clickhouse-server systemd unit if server cannot start within 1m30sec (Disable timeout logic for starting clickhouse-server from systemd service). [#46613](https://github.com/ClickHouse/ClickHouse/pull/46613) ([Azat Khuzhin](https://github.com/azat)).
* Allocated during asynchronous inserts memory buffers were deallocated in the global context and MemoryTracker counters for corresponding user and query were not updated correctly. That led to false positive OOM exceptions. [#46622](https://github.com/ClickHouse/ClickHouse/pull/46622) ([Dmitry Novik](https://github.com/novikd)).
* Updated to not clear on_expression from table_join as its used by future analyze runs resolves [#45185](https://github.com/ClickHouse/ClickHouse/issues/45185). [#46487](https://github.com/ClickHouse/ClickHouse/pull/46487) ([SmitaRKulkarni](https://github.com/SmitaRKulkarni)).
### <a id="231"></a> ClickHouse release 23.1, 2023-01-26
### ClickHouse release 23.1

138
CMakeLists.txt
View File

@ -58,7 +58,7 @@ if (ENABLE_CHECK_HEAVY_BUILDS)
set (RLIMIT_CPU 1000)
# gcc10/gcc10/clang -fsanitize=memory is too heavy
if (SANITIZE STREQUAL "memory" OR COMPILER_GCC)
if (SANITIZE STREQUAL "memory")
set (RLIMIT_DATA 10000000000) # 10G
endif()
@ -121,6 +121,7 @@ if (ENABLE_COLORED_BUILD AND CMAKE_GENERATOR STREQUAL "Ninja")
set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fdiagnostics-color=always")
# ... such manually setting of flags can be removed once CMake supports a variable to
# activate colors in *all* build systems: https://gitlab.kitware.com/cmake/cmake/-/issues/15502
# --> available since CMake 3.24: https://stackoverflow.com/a/73349744
endif ()
include (cmake/check_flags.cmake)
@ -134,24 +135,15 @@ if (COMPILER_CLANG)
set(COMPILER_FLAGS "${COMPILER_FLAGS} -gdwarf-aranges")
endif ()
if (HAS_USE_CTOR_HOMING)
# For more info see https://blog.llvm.org/posts/2021-04-05-constructor-homing-for-debug-info/
if (CMAKE_BUILD_TYPE_UC STREQUAL "DEBUG" OR CMAKE_BUILD_TYPE_UC STREQUAL "RELWITHDEBINFO")
set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Xclang -fuse-ctor-homing")
set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Xclang -fuse-ctor-homing")
endif()
# See https://blog.llvm.org/posts/2021-04-05-constructor-homing-for-debug-info/
if (CMAKE_BUILD_TYPE_UC STREQUAL "DEBUG" OR CMAKE_BUILD_TYPE_UC STREQUAL "RELWITHDEBINFO")
set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Xclang -fuse-ctor-homing")
set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Xclang -fuse-ctor-homing")
endif()
no_warning(enum-constexpr-conversion) # breaks Protobuf in clang-16
endif ()
# If compiler has support for -Wreserved-identifier. It is difficult to detect by clang version,
# because there are two different branches of clang: clang and AppleClang.
# (AppleClang is not supported by ClickHouse, but some developers have misfortune to use it).
if (HAS_RESERVED_IDENTIFIER)
add_compile_definitions (HAS_RESERVED_IDENTIFIER)
endif ()
option(ENABLE_TESTS "Provide unit_test_dbms target with Google.Test unit tests" ON)
option(ENABLE_EXAMPLES "Build all example programs in 'examples' subdirectories" OFF)
option(ENABLE_BENCHMARKS "Build all benchmark programs in 'benchmarks' subdirectories" OFF)
@ -184,26 +176,11 @@ if (OS_DARWIN)
set (ENABLE_CURL_BUILD OFF)
endif ()
# Ignored if `lld` is used
option(ADD_GDB_INDEX_FOR_GOLD "Add .gdb-index to resulting binaries for gold linker.")
if (NOT CMAKE_BUILD_TYPE_UC STREQUAL "RELEASE")
# Can be lld or ld-lld or lld-13 or /path/to/lld.
if (LINKER_NAME MATCHES "lld" AND OS_LINUX)
if (LINKER_NAME MATCHES "lld")
set (CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--gdb-index")
set (CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -Wl,--gdb-index")
message (STATUS "Adding .gdb-index via --gdb-index linker option.")
# we use another tool for gdb-index, because gold linker removes section .debug_aranges, which used inside clickhouse stacktraces
# http://sourceware-org.1504.n7.nabble.com/gold-No-debug-aranges-section-when-linking-with-gdb-index-td540965.html#a556932
elseif (LINKER_NAME MATCHES "gold$" AND ADD_GDB_INDEX_FOR_GOLD)
find_program (GDB_ADD_INDEX_EXE NAMES "gdb-add-index" DOC "Path to gdb-add-index executable")
if (NOT GDB_ADD_INDEX_EXE)
set (USE_GDB_ADD_INDEX 0)
message (WARNING "Cannot add gdb index to binaries, because gold linker is used, but gdb-add-index executable not found.")
else()
set (USE_GDB_ADD_INDEX 1)
message (STATUS "gdb-add-index found: ${GDB_ADD_INDEX_EXE}")
endif()
endif ()
endif()
@ -235,7 +212,7 @@ endif ()
# Create BuildID when using lld. For other linkers it is created by default.
# (NOTE: LINKER_NAME can be either path or name, and in different variants)
if (LINKER_NAME MATCHES "lld" AND OS_LINUX)
if (LINKER_NAME MATCHES "lld")
# SHA1 is not cryptographically secure but it is the best what lld is offering.
set (CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--build-id=sha1")
endif ()
@ -301,59 +278,39 @@ if (ENABLE_BUILD_PROFILING)
endif ()
endif ()
set (CMAKE_CXX_STANDARD 20)
set (CMAKE_CXX_EXTENSIONS ON) # Same as gnu++2a (ON) vs c++2a (OFF): https://cmake.org/cmake/help/latest/prop_tgt/CXX_EXTENSIONS.html
set (CMAKE_CXX_STANDARD 23)
set (CMAKE_CXX_EXTENSIONS OFF)
set (CMAKE_CXX_STANDARD_REQUIRED ON)
set (CMAKE_C_STANDARD 11)
set (CMAKE_C_EXTENSIONS ON)
set (CMAKE_C_EXTENSIONS ON) # required by most contribs written in C
set (CMAKE_C_STANDARD_REQUIRED ON)
if (COMPILER_GCC OR COMPILER_CLANG)
# Enable C++14 sized global deallocation functions. It should be enabled by setting -std=c++14 but I'm not sure.
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsized-deallocation")
endif ()
# falign-functions=32 prevents from random performance regressions with the code change. Thus, providing more stable
# benchmarks.
if (COMPILER_GCC OR COMPILER_CLANG)
set(COMPILER_FLAGS "${COMPILER_FLAGS} -falign-functions=32")
endif ()
if (ARCH_AMD64)
# align branches within a 32-Byte boundary to avoid the potential performance loss when code layout change,
# which makes benchmark results more stable.
set(BRANCHES_WITHIN_32B_BOUNDARIES "-mbranches-within-32B-boundaries")
if (COMPILER_GCC)
# gcc is in assembler, need to add "-Wa," prefix
set(BRANCHES_WITHIN_32B_BOUNDARIES "-Wa,${BRANCHES_WITHIN_32B_BOUNDARIES}")
endif()
include(CheckCXXCompilerFlag)
check_cxx_compiler_flag("${BRANCHES_WITHIN_32B_BOUNDARIES}" HAS_BRANCHES_WITHIN_32B_BOUNDARIES)
if (HAS_BRANCHES_WITHIN_32B_BOUNDARIES)
set(COMPILER_FLAGS "${COMPILER_FLAGS} ${BRANCHES_WITHIN_32B_BOUNDARIES}")
endif()
endif()
if (COMPILER_GCC)
set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fcoroutines")
endif ()
# Compiler-specific coverage flags e.g. -fcoverage-mapping for gcc
option(WITH_COVERAGE "Profile the resulting binary/binaries" OFF)
if (WITH_COVERAGE AND COMPILER_CLANG)
set(COMPILER_FLAGS "${COMPILER_FLAGS} -fprofile-instr-generate -fcoverage-mapping")
# If we want to disable coverage for specific translation units
set(WITHOUT_COVERAGE "-fno-profile-instr-generate -fno-coverage-mapping")
endif()
if (COMPILER_CLANG)
# Enable C++14 sized global deallocation functions. It should be enabled by setting -std=c++14 but I'm not sure.
# See https://reviews.llvm.org/D112921
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsized-deallocation")
if (WITH_COVERAGE AND COMPILER_GCC)
set(COMPILER_FLAGS "${COMPILER_FLAGS} -fprofile-arcs -ftest-coverage")
set(COVERAGE_OPTION "-lgcov")
set(WITHOUT_COVERAGE "-fno-profile-arcs -fno-test-coverage")
endif()
# falign-functions=32 prevents from random performance regressions with the code change. Thus, providing more stable
# benchmarks.
set(COMPILER_FLAGS "${COMPILER_FLAGS} -falign-functions=32")
if (ARCH_AMD64)
# align branches within a 32-Byte boundary to avoid the potential performance loss when code layout change,
# which makes benchmark results more stable.
set(BRANCHES_WITHIN_32B_BOUNDARIES "-mbranches-within-32B-boundaries")
set(COMPILER_FLAGS "${COMPILER_FLAGS} ${BRANCHES_WITHIN_32B_BOUNDARIES}")
endif()
if (WITH_COVERAGE)
set(COMPILER_FLAGS "${COMPILER_FLAGS} -fprofile-instr-generate -fcoverage-mapping")
# If we want to disable coverage for specific translation units
set(WITHOUT_COVERAGE "-fno-profile-instr-generate -fno-coverage-mapping")
endif()
endif ()
set (COMPILER_FLAGS "${COMPILER_FLAGS}")
@ -391,10 +348,12 @@ if (COMPILER_CLANG)
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fstrict-vtable-pointers")
# Set new experimental pass manager, it's a performance, build time and binary size win.
# Can be removed after https://reviews.llvm.org/D66490 merged and released to at least two versions of clang.
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fexperimental-new-pass-manager")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fexperimental-new-pass-manager")
if (CMAKE_CXX_COMPILER_VERSION VERSION_LESS 16)
# Set new experimental pass manager, it's a performance, build time and binary size win.
# Can be removed after https://reviews.llvm.org/D66490 merged and released to at least two versions of clang.
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fexperimental-new-pass-manager")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fexperimental-new-pass-manager")
endif ()
# We cannot afford to use LTO when compiling unit tests, and it's not enough
# to only supply -fno-lto at the final linking stage. So we disable it
@ -433,11 +392,21 @@ else()
link_libraries(global-group)
endif ()
option (ENABLE_GWP_ASAN "Enable Gwp-Asan" ON)
# We use mmap for allocations more heavily in debug builds,
# but GWP-ASan also wants to use mmap frequently,
# and due to a large number of memory mappings,
# it does not work together well.
if ((NOT OS_LINUX AND NOT OS_ANDROID) OR (CMAKE_BUILD_TYPE_UC STREQUAL "DEBUG"))
set(ENABLE_GWP_ASAN OFF)
endif ()
option(WERROR "Enable -Werror compiler option" ON)
if (WERROR)
# Don't pollute CMAKE_CXX_FLAGS with -Werror as it will break some CMake checks.
# Instead, adopt modern cmake usage requirement.
# TODO: Set CMAKE_COMPILE_WARNING_AS_ERROR (cmake 3.24)
target_compile_options(global-group INTERFACE "-Werror")
endif ()
@ -453,7 +422,7 @@ endif ()
set (CMAKE_POSTFIX_VARIABLE "CMAKE_${CMAKE_BUILD_TYPE_UC}_POSTFIX")
set (CMAKE_POSITION_INDEPENDENT_CODE OFF)
if (OS_LINUX AND NOT ARCH_AARCH64)
if (OS_LINUX AND NOT (ARCH_AARCH64 OR ARCH_S390X))
# Slightly more efficient code can be generated
# It's disabled for ARM because otherwise ClickHouse cannot run on Android.
set (CMAKE_CXX_FLAGS_RELWITHDEBINFO "${CMAKE_CXX_FLAGS_RELWITHDEBINFO} -fno-pie")
@ -471,7 +440,12 @@ enable_testing() # Enable for tests without binary
option(ENABLE_OPENSSL "This option performs a build with OpenSSL. NOTE! This option is insecure and should never be used. By default, ClickHouse uses and only supports BoringSSL" OFF)
option(ENABLE_OPENSSL_DYNAMIC "This option removes SSL from ClickHouse and will link to the OpenSSL version supplied by OS." OFF)
if (ARCH_S390X)
set(ENABLE_OPENSSL_DYNAMIC_DEFAULT ON)
else ()
set(ENABLE_OPENSSL_DYNAMIC_DEFAULT OFF)
endif ()
option(ENABLE_OPENSSL_DYNAMIC "This option removes SSL from ClickHouse and will link to the OpenSSL version supplied by OS." ${ENABLE_OPENSSL_DYNAMIC_DEFAULT})
# when installing to /usr - place configs to /etc but for /usr/local place to /usr/local/etc
if (CMAKE_INSTALL_PREFIX STREQUAL "/usr")
@ -581,7 +555,7 @@ if (NATIVE_BUILD_TARGETS
COMMAND ${CMAKE_COMMAND}
"-DCMAKE_C_COMPILER=${CMAKE_C_COMPILER}"
"-DCMAKE_CXX_COMPILER=${CMAKE_CXX_COMPILER}"
"-DENABLE_CCACHE=${ENABLE_CCACHE}"
"-DCOMPILER_CACHE=${COMPILER_CACHE}"
# Avoid overriding .cargo/config.toml with native toolchain.
"-DENABLE_RUST=OFF"
"-DENABLE_CLICKHOUSE_SELF_EXTRACTING=${ENABLE_CLICKHOUSE_SELF_EXTRACTING}"

8
PreLoad.cmake
View File

@ -19,8 +19,8 @@ endif()
if (NOT "$ENV{CFLAGS}" STREQUAL ""
OR NOT "$ENV{CXXFLAGS}" STREQUAL ""
OR NOT "$ENV{LDFLAGS}" STREQUAL ""
OR CMAKE_C_FLAGS OR CMAKE_CXX_FLAGS OR CMAKE_EXE_LINKER_FLAGS OR CMAKE_SHARED_LINKER_FLAGS OR CMAKE_MODULE_LINKER_FLAGS
OR CMAKE_C_FLAGS_INIT OR CMAKE_CXX_FLAGS_INIT OR CMAKE_EXE_LINKER_FLAGS_INIT OR CMAKE_SHARED_LINKER_FLAGS_INIT OR CMAKE_MODULE_LINKER_FLAGS_INIT)
OR CMAKE_C_FLAGS OR CMAKE_CXX_FLAGS OR CMAKE_EXE_LINKER_FLAGS OR CMAKE_MODULE_LINKER_FLAGS
OR CMAKE_C_FLAGS_INIT OR CMAKE_CXX_FLAGS_INIT OR CMAKE_EXE_LINKER_FLAGS_INIT OR CMAKE_MODULE_LINKER_FLAGS_INIT)
# if $ENV
message("CFLAGS: $ENV{CFLAGS}")
@ -36,7 +36,6 @@ if (NOT "$ENV{CFLAGS}" STREQUAL ""
message("CMAKE_C_FLAGS_INIT: ${CMAKE_C_FLAGS_INIT}")
message("CMAKE_CXX_FLAGS_INIT: ${CMAKE_CXX_FLAGS_INIT}")
message("CMAKE_EXE_LINKER_FLAGS_INIT: ${CMAKE_EXE_LINKER_FLAGS_INIT}")
message("CMAKE_SHARED_LINKER_FLAGS_INIT: ${CMAKE_SHARED_LINKER_FLAGS_INIT}")
message("CMAKE_MODULE_LINKER_FLAGS_INIT: ${CMAKE_MODULE_LINKER_FLAGS_INIT}")
message(FATAL_ERROR "
@ -84,7 +83,10 @@ if (OS MATCHES "Linux"
set (CMAKE_TOOLCHAIN_FILE "cmake/linux/toolchain-aarch64.cmake" CACHE INTERNAL "")
elseif (ARCH MATCHES "^(ppc64le.*|PPC64LE.*)")
set (CMAKE_TOOLCHAIN_FILE "cmake/linux/toolchain-ppc64le.cmake" CACHE INTERNAL "")
elseif (ARCH MATCHES "^(s390x.*|S390X.*)")
set (CMAKE_TOOLCHAIN_FILE "cmake/linux/toolchain-s390x.cmake" CACHE INTERNAL "")
else ()
message (FATAL_ERROR "Unsupported architecture: ${ARCH}")
endif ()
endif()

20
README.md
View File

@ -1,7 +1,12 @@
[![ClickHouse — open source distributed column-oriented DBMS](https://github.com/ClickHouse/clickhouse-presentations/raw/master/images/logo-400x240.png)](https://clickhouse.com)
[<img alt="ClickHouse — open source distributed column-oriented DBMS" width="400px" src="https://clickhouse.com/images/ch_gh_logo_rounded.png" />](https://clickhouse.com?utm_source=github)
ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time.
## How To Install (Linux, macOS, FreeBSD)
```
curl https://clickhouse.com/ | sh
```
## Useful Links
* [Official website](https://clickhouse.com/) has a quick high-level overview of ClickHouse on the main page.
@ -9,12 +14,17 @@ ClickHouse® is an open-source column-oriented database management system that a
* [Tutorial](https://clickhouse.com/docs/en/getting_started/tutorial/) shows how to set up and query a small ClickHouse cluster.
* [Documentation](https://clickhouse.com/docs/en/) provides more in-depth information.
* [YouTube channel](https://www.youtube.com/c/ClickHouseDB) has a lot of content about ClickHouse in video format.
* [Slack](https://clickhousedb.slack.com/) and [Telegram](https://telegram.me/clickhouse_en) allow chatting with ClickHouse users in real-time.
* [Slack](https://clickhouse.com/slack) and [Telegram](https://telegram.me/clickhouse_en) allow chatting with ClickHouse users in real-time.
* [Blog](https://clickhouse.com/blog/) contains various ClickHouse-related articles, as well as announcements and reports about events.
* [Code Browser (Woboq)](https://clickhouse.com/codebrowser/ClickHouse/index.html) with syntax highlight and navigation.
* [Code Browser (github.dev)](https://github.dev/ClickHouse/ClickHouse) with syntax highlight, powered by github.dev.
* [Contacts](https://clickhouse.com/company/contact) can help to get your questions answered if there are any.
## Upcoming events
* **Recording available**: [**v23.1 Release Webinar**](https://www.youtube.com/watch?v=zYSZXBnTMSE) 23.1 is the ClickHouse New Year release. Original creator, co-founder, and CTO of ClickHouse Alexey Milovidov will walk us through the highlights of the release. Inverted indices, query cache, and so -- very -- much more.
* **Recording available**: [**ClickHouse Meetup at the CHEQ office in Tel Aviv**](https://www.meetup.com/clickhouse-tel-aviv-user-group/events/289599423/) - We are very excited to be holding our next in-person ClickHouse meetup at the CHEQ office in Tel Aviv! Hear from CHEQ, ServiceNow and Contentsquare, as well as a deep dive presentation from ClickHouse CTO Alexey Milovidov. Join us for a fun evening of talks, food and discussion!
## Upcoming Events
* [**ClickHouse Spring Meetup in Manhattan**](https://www.meetup.com/clickhouse-new-york-user-group/events/292517734) - April 26 - It's spring, and it's time to meet again in the city! Talks include: "Building a domain specific query language on top of Clickhouse", "A Galaxy of Information", "Our Journey to ClickHouse Cloud from Redshift", and a ClickHouse update!
* [**v23.4 Release Webinar**](https://clickhouse.com/company/events/v23-4-release-webinar?utm_source=github&utm_medium=social&utm_campaign=release-webinar-2023-04) - April 26 - 23.4 is rapidly approaching. Original creator, co-founder, and CTO of ClickHouse Alexey Milovidov will walk us through the highlights of the release.
## Recent Recordings
* **Recent Meetup Videos**: [Meetup Playlist](https://www.youtube.com/playlist?list=PL0Z2YDlm0b3iNDUzpY1S3L_iV4nARda_U) Whenever possible recordings of the ClickHouse Community Meetups are edited and presented as individual talks. Current featuring "Modern SQL in 2023", "Fast, Concurrent, and Consistent Asynchronous INSERTS in ClickHouse", and "Full-Text Indices: Design and Experiments"
* **Recording available**: [**v23.3 Release Webinar**](https://www.youtube.com/watch?v=ISaGUjvBNao) UNDROP TABLE, server settings introspection, nested dynamic disks, MySQL compatibility, parseDate Time, Lightweight Deletes, Parallel Replicas, integrations updates, and so much more! Watch it now!
* **All release webinar recordings**: [YouTube playlist](https://www.youtube.com/playlist?list=PL0Z2YDlm0b3jAlSy1JxyP8zluvXaN3nxU)

8
SECURITY.md
View File

@ -13,9 +13,11 @@ The following versions of ClickHouse server are currently being supported with s
| Version | Supported |
|:-|:-|
| 23.3 | ✔️ |
| 23.2 | ✔️ |
| 23.1 | ✔️ |
| 22.12 | ✔️ |
| 22.11 | ✔️ |
| 22.12 | |
| 22.11 | |
| 22.10 | ❌ |
| 22.9 | ❌ |
| 22.8 | ✔️ |
@ -23,7 +25,7 @@ The following versions of ClickHouse server are currently being supported with s
| 22.6 | ❌ |
| 22.5 | ❌ |
| 22.4 | ❌ |
| 22.3 | ✔️ |
| 22.3 | |
| 22.2 | ❌ |
| 22.1 | ❌ |
| 21.* | ❌ |

5
base/CMakeLists.txt
View File

@ -1,8 +1,5 @@
if (USE_CLANG_TIDY)
set (CMAKE_CXX_CLANG_TIDY "${CLANG_TIDY_PATH}")
endif ()
add_subdirectory (base)
add_subdirectory (pcg-random)
add_subdirectory (poco)
add_subdirectory (widechar_width)
add_subdirectory (readpassphrase)

8
base/base/CMakeLists.txt
View File

@ -1,3 +1,11 @@
if (USE_CLANG_TIDY)
set (CMAKE_CXX_CLANG_TIDY "${CLANG_TIDY_PATH}")
endif ()
# TODO: Remove this. We like to compile with C++23 (set by top-level CMakeLists) but Clang crashes with our libcxx
# when instantiated from JSON.cpp. Try again when libcxx(abi) and Clang are upgraded to 16.
set (CMAKE_CXX_STANDARD 20)
set (SRCS
argsToConfig.cpp
coverage.cpp

18
base/base/Decimal.h
View File

@ -1,5 +1,6 @@
#pragma once
#include <base/extended_types.h>
#include <base/Decimal_fwd.h>
#if !defined(NO_SANITIZE_UNDEFINED)
#if defined(__clang__)
@ -19,23 +20,6 @@ using Decimal64 = Decimal<Int64>;
using Decimal128 = Decimal<Int128>;
using Decimal256 = Decimal<Int256>;
template <class T>
concept is_decimal =
std::is_same_v<T, Decimal32>
|| std::is_same_v<T, Decimal64>
|| std::is_same_v<T, Decimal128>
|| std::is_same_v<T, Decimal256>
|| std::is_same_v<T, DateTime64>;
template <class T>
concept is_over_big_int =
std::is_same_v<T, Int128>
|| std::is_same_v<T, UInt128>
|| std::is_same_v<T, Int256>
|| std::is_same_v<T, UInt256>
|| std::is_same_v<T, Decimal128>
|| std::is_same_v<T, Decimal256>;
template <class T> struct NativeTypeT { using Type = T; };
template <is_decimal T> struct NativeTypeT<T> { using Type = typename T::NativeType; };
template <class T> using NativeType = typename NativeTypeT<T>::Type;

46
base/base/Decimal_fwd.h Normal file
View File

@ -0,0 +1,46 @@
#pragma once
#include <base/types.h>
namespace wide
{
template <size_t Bits, typename Signed>
class integer;
}
using Int128 = wide::integer<128, signed>;
using UInt128 = wide::integer<128, unsigned>;
using Int256 = wide::integer<256, signed>;
using UInt256 = wide::integer<256, unsigned>;
namespace DB
{
template <class> struct Decimal;
using Decimal32 = Decimal<Int32>;
using Decimal64 = Decimal<Int64>;
using Decimal128 = Decimal<Int128>;
using Decimal256 = Decimal<Int256>;
class DateTime64;
template <class T>
concept is_decimal =
std::is_same_v<T, Decimal32>
|| std::is_same_v<T, Decimal64>
|| std::is_same_v<T, Decimal128>
|| std::is_same_v<T, Decimal256>
|| std::is_same_v<T, DateTime64>;
template <class T>
concept is_over_big_int =
std::is_same_v<T, Int128>
|| std::is_same_v<T, UInt128>
|| std::is_same_v<T, Int256>
|| std::is_same_v<T, UInt256>
|| std::is_same_v<T, Decimal128>
|| std::is_same_v<T, Decimal256>;
}

12
base/base/IPv4andIPv6.h
View File

@ -51,3 +51,15 @@ namespace DB
};
}
namespace std
{
template <>
struct hash<DB::IPv6>
{
size_t operator()(const DB::IPv6 & x) const
{
return std::hash<DB::IPv6::UnderlyingType>()(x.toUnderType());
}
};
}

5
base/base/JSON.cpp
View File

@ -466,9 +466,8 @@ JSON::Pos JSON::searchField(const char * data, size_t size) const
{
if (!it->hasEscapes())
{
if (static_cast<int>(size) + 2 > it->dataEnd() - it->data())
continue;
if (!strncmp(data, it->data() + 1, size))
const auto current_name = it->getRawName();
if (current_name.size() == size && 0 == memcmp(current_name.data(), data, size))
break;
}
else

3
base/base/TypeList.h
View File

@ -4,7 +4,6 @@
#include <type_traits>
#include <utility>
#include "defines.h"
#include "TypePair.h"
/// General-purpose typelist. Easy on compilation times as it does not use recursion.
template <typename ...Args>
@ -28,7 +27,7 @@ namespace TypeListUtils /// In some contexts it's more handy to use functions in
constexpr Root<Args...> changeRoot(TypeList<Args...>) { return {}; }
template <typename F, typename ...Args>
constexpr void forEach(TypeList<Args...>, F && f) { (std::forward<F>(f)(Id<Args>{}), ...); }
constexpr void forEach(TypeList<Args...>, F && f) { (std::forward<F>(f)(TypeList<Args>{}), ...); }
}
template <typename TypeListLeft, typename TypeListRight>

4
base/base/TypePair.h
View File

@ -1,4 +0,0 @@
#pragma once
template <typename T, typename V> struct TypePair {};
template <typename T> struct Id {};

23
base/base/bit_cast.h
View File

@ -12,21 +12,22 @@
template <typename To, typename From>
std::decay_t<To> bit_cast(const From & from)
{
/**
* Assume the source value is 0xAABBCCDD (i.e. sizeof(from) == 4).
* Its BE representation is 0xAABBCCDD, the LE representation is 0xDDCCBBAA.
* Further assume, sizeof(res) == 8 and that res is initially zeroed out.
* With LE, the result after bit_cast will be 0xDDCCBBAA00000000 --> input value == output value.
* With BE, the result after bit_cast will be 0x00000000AABBCCDD --> input value == output value.
*/
/** Assume the source value is 0xAABBCCDD (i.e. sizeof(from) == 4).
* Its BE representation is 0xAABBCCDD, the LE representation is 0xDDCCBBAA.
* Further assume, sizeof(res) == 8 and that res is initially zeroed out.
* With LE, the result after bit_cast will be 0xDDCCBBAA00000000 --> input value == output value.
* With BE, the result after bit_cast will be 0x00000000AABBCCDD --> input value == output value.
*/
To res {};
if constexpr (std::endian::native == std::endian::little)
memcpy(static_cast<void*>(&res), &from, std::min(sizeof(res), sizeof(from)));
{
memcpy(static_cast<void*>(&res), &from, std::min(sizeof(res), sizeof(from)));
}
else
{
uint32_t offset_to = (sizeof(res) > sizeof(from)) ? (sizeof(res) - sizeof(from)) : 0;
uint32_t offset_from = (sizeof(from) > sizeof(res)) ? (sizeof(from) - sizeof(res)) : 0;
memcpy(reinterpret_cast<char *>(&res) + offset_to, reinterpret_cast<const char *>(&from) + offset_from, std::min(sizeof(res), sizeof(from)));
uint32_t offset_to = (sizeof(res) > sizeof(from)) ? (sizeof(res) - sizeof(from)) : 0;
uint32_t offset_from = (sizeof(from) > sizeof(res)) ? (sizeof(from) - sizeof(res)) : 0;
memcpy(reinterpret_cast<char *>(&res) + offset_to, reinterpret_cast<const char *>(&from) + offset_from, std::min(sizeof(res), sizeof(from)));
}
return res;
}

2
base/base/coverage.cpp
View File

@ -2,6 +2,8 @@
#if WITH_COVERAGE
#pragma GCC diagnostic ignored "-Wreserved-identifier"
# include <mutex>
# include <unistd.h>

12
base/base/defines.h
View File

@ -28,8 +28,8 @@
#define NO_INLINE __attribute__((__noinline__))
#define MAY_ALIAS __attribute__((__may_alias__))
#if !defined(__x86_64__) && !defined(__aarch64__) && !defined(__PPC__) && !(defined(__riscv) && (__riscv_xlen == 64))
# error "The only supported platforms are x86_64 and AArch64, PowerPC (work in progress) and RISC-V 64 (experimental)"
#if !defined(__x86_64__) && !defined(__aarch64__) && !defined(__PPC__) && !defined(__s390x__) && !(defined(__riscv) && (__riscv_xlen == 64))
# error "The only supported platforms are x86_64 and AArch64, PowerPC (work in progress), s390x (work in progress) and RISC-V 64 (experimental)"
#endif
/// Check for presence of address sanitizer
@ -127,10 +127,14 @@
/// because SIGABRT is easier to debug than SIGTRAP (the second one makes gdb crazy)
#if !defined(chassert)
#if defined(ABORT_ON_LOGICAL_ERROR)
#define chassert(x) static_cast<bool>(x) ? void(0) : abortOnFailedAssertion(#x)
#define chassert(x) static_cast<bool>(x) ? void(0) : ::DB::abortOnFailedAssertion(#x)
#define UNREACHABLE() abort()
#else
#define chassert(x) ((void)0)
/// Here sizeof() trick is used to suppress unused warning for result,
/// since simple "(void)x" will evaluate the expression, while
/// "sizeof(!(x))" will not.
#define NIL_EXPRESSION(x) (void)sizeof(!(x))
#define chassert(x) NIL_EXPRESSION(x)
#define UNREACHABLE() __builtin_unreachable()
#endif
#endif

34
base/base/find_symbols.h
View File

@ -36,7 +36,7 @@
namespace detail
{
template <char ...chars> constexpr bool is_in(char x) { return ((x == chars) || ...); }
template <char ...chars> constexpr bool is_in(char x) { return ((x == chars) || ...); } // NOLINT(misc-redundant-expression)
#if defined(__SSE2__)
template <char s0>
@ -159,22 +159,22 @@ inline const char * find_first_symbols_sse42(const char * const begin, const cha
#endif
for (; pos < end; ++pos)
if ( (num_chars >= 1 && maybe_negate<positive>(*pos == c01))
|| (num_chars >= 2 && maybe_negate<positive>(*pos == c02))
|| (num_chars >= 3 && maybe_negate<positive>(*pos == c03))
|| (num_chars >= 4 && maybe_negate<positive>(*pos == c04))
|| (num_chars >= 5 && maybe_negate<positive>(*pos == c05))
|| (num_chars >= 6 && maybe_negate<positive>(*pos == c06))
|| (num_chars >= 7 && maybe_negate<positive>(*pos == c07))
|| (num_chars >= 8 && maybe_negate<positive>(*pos == c08))
|| (num_chars >= 9 && maybe_negate<positive>(*pos == c09))
|| (num_chars >= 10 && maybe_negate<positive>(*pos == c10))
|| (num_chars >= 11 && maybe_negate<positive>(*pos == c11))
|| (num_chars >= 12 && maybe_negate<positive>(*pos == c12))
|| (num_chars >= 13 && maybe_negate<positive>(*pos == c13))
|| (num_chars >= 14 && maybe_negate<positive>(*pos == c14))
|| (num_chars >= 15 && maybe_negate<positive>(*pos == c15))
|| (num_chars >= 16 && maybe_negate<positive>(*pos == c16)))
if ( (num_chars == 1 && maybe_negate<positive>(is_in<c01>(*pos)))
|| (num_chars == 2 && maybe_negate<positive>(is_in<c01, c02>(*pos)))
|| (num_chars == 3 && maybe_negate<positive>(is_in<c01, c02, c03>(*pos)))
|| (num_chars == 4 && maybe_negate<positive>(is_in<c01, c02, c03, c04>(*pos)))
|| (num_chars == 5 && maybe_negate<positive>(is_in<c01, c02, c03, c04, c05>(*pos)))
|| (num_chars == 6 && maybe_negate<positive>(is_in<c01, c02, c03, c04, c05, c06>(*pos)))
|| (num_chars == 7 && maybe_negate<positive>(is_in<c01, c02, c03, c04, c05, c06, c07>(*pos)))
|| (num_chars == 8 && maybe_negate<positive>(is_in<c01, c02, c03, c04, c05, c06, c07, c08>(*pos)))
|| (num_chars == 9 && maybe_negate<positive>(is_in<c01, c02, c03, c04, c05, c06, c07, c08, c09>(*pos)))
|| (num_chars == 10 && maybe_negate<positive>(is_in<c01, c02, c03, c04, c05, c06, c07, c08, c09, c10>(*pos)))
|| (num_chars == 11 && maybe_negate<positive>(is_in<c01, c02, c03, c04, c05, c06, c07, c08, c09, c10, c11>(*pos)))
|| (num_chars == 12 && maybe_negate<positive>(is_in<c01, c02, c03, c04, c05, c06, c07, c08, c09, c10, c11, c12>(*pos)))
|| (num_chars == 13 && maybe_negate<positive>(is_in<c01, c02, c03, c04, c05, c06, c07, c08, c09, c10, c11, c12, c13>(*pos)))
|| (num_chars == 14 && maybe_negate<positive>(is_in<c01, c02, c03, c04, c05, c06, c07, c08, c09, c10, c11, c12, c13, c14>(*pos)))
|| (num_chars == 15 && maybe_negate<positive>(is_in<c01, c02, c03, c04, c05, c06, c07, c08, c09, c10, c11, c12, c13, c14, c15>(*pos)))
|| (num_chars == 16 && maybe_negate<positive>(is_in<c01, c02, c03, c04, c05, c06, c07, c08, c09, c10, c11, c12, c13, c14, c15, c16>(*pos))))
return pos;
return return_mode == ReturnMode::End ? end : nullptr;
}

215
base/base/hex.h Normal file
View File

@ -0,0 +1,215 @@
#pragma once
#include <bit>
#include <cstring>
#include "types.h"
/// Maps 0..15 to 0..9A..F or 0..9a..f correspondingly.
constexpr inline std::string_view hex_digit_to_char_uppercase_table = "0123456789ABCDEF";
constexpr inline std::string_view hex_digit_to_char_lowercase_table = "0123456789abcdef";
constexpr char hexDigitUppercase(unsigned char c)
{
return hex_digit_to_char_uppercase_table[c];
}
constexpr char hexDigitLowercase(unsigned char c)
{
return hex_digit_to_char_lowercase_table[c];
}
/// Maps 0..255 to 00..FF or 00..ff correspondingly
constexpr inline std::string_view hex_byte_to_char_uppercase_table = //
"000102030405060708090A0B0C0D0E0F"
"101112131415161718191A1B1C1D1E1F"
"202122232425262728292A2B2C2D2E2F"
"303132333435363738393A3B3C3D3E3F"
"404142434445464748494A4B4C4D4E4F"
"505152535455565758595A5B5C5D5E5F"
"606162636465666768696A6B6C6D6E6F"
"707172737475767778797A7B7C7D7E7F"
"808182838485868788898A8B8C8D8E8F"
"909192939495969798999A9B9C9D9E9F"
"A0A1A2A3A4A5A6A7A8A9AAABACADAEAF"
"B0B1B2B3B4B5B6B7B8B9BABBBCBDBEBF"
"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF"
"D0D1D2D3D4D5D6D7D8D9DADBDCDDDEDF"
"E0E1E2E3E4E5E6E7E8E9EAEBECEDEEEF"
"F0F1F2F3F4F5F6F7F8F9FAFBFCFDFEFF";
constexpr inline std::string_view hex_byte_to_char_lowercase_table = //
"000102030405060708090a0b0c0d0e0f"
"101112131415161718191a1b1c1d1e1f"
"202122232425262728292a2b2c2d2e2f"
"303132333435363738393a3b3c3d3e3f"
"404142434445464748494a4b4c4d4e4f"
"505152535455565758595a5b5c5d5e5f"
"606162636465666768696a6b6c6d6e6f"
"707172737475767778797a7b7c7d7e7f"
"808182838485868788898a8b8c8d8e8f"
"909192939495969798999a9b9c9d9e9f"
"a0a1a2a3a4a5a6a7a8a9aaabacadaeaf"
"b0b1b2b3b4b5b6b7b8b9babbbcbdbebf"
"c0c1c2c3c4c5c6c7c8c9cacbcccdcecf"
"d0d1d2d3d4d5d6d7d8d9dadbdcdddedf"
"e0e1e2e3e4e5e6e7e8e9eaebecedeeef"
"f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff";
inline void writeHexByteUppercase(UInt8 byte, void * out)
{
memcpy(out, &hex_byte_to_char_uppercase_table[static_cast<size_t>(byte) * 2], 2);
}
inline void writeHexByteLowercase(UInt8 byte, void * out)
{
memcpy(out, &hex_byte_to_char_lowercase_table[static_cast<size_t>(byte) * 2], 2);
}
constexpr inline std::string_view bin_byte_to_char_table = //
"0000000000000001000000100000001100000100000001010000011000000111"
"0000100000001001000010100000101100001100000011010000111000001111"
"0001000000010001000100100001001100010100000101010001011000010111"
"0001100000011001000110100001101100011100000111010001111000011111"
"0010000000100001001000100010001100100100001001010010011000100111"
"0010100000101001001010100010101100101100001011010010111000101111"
"0011000000110001001100100011001100110100001101010011011000110111"
"0011100000111001001110100011101100111100001111010011111000111111"
"0100000001000001010000100100001101000100010001010100011001000111"
"0100100001001001010010100100101101001100010011010100111001001111"
"0101000001010001010100100101001101010100010101010101011001010111"
"0101100001011001010110100101101101011100010111010101111001011111"
"0110000001100001011000100110001101100100011001010110011001100111"
"0110100001101001011010100110101101101100011011010110111001101111"
"0111000001110001011100100111001101110100011101010111011001110111"
"0111100001111001011110100111101101111100011111010111111001111111"
"1000000010000001100000101000001110000100100001011000011010000111"
"1000100010001001100010101000101110001100100011011000111010001111"
"1001000010010001100100101001001110010100100101011001011010010111"
"1001100010011001100110101001101110011100100111011001111010011111"
"1010000010100001101000101010001110100100101001011010011010100111"
"1010100010101001101010101010101110101100101011011010111010101111"
"1011000010110001101100101011001110110100101101011011011010110111"
"1011100010111001101110101011101110111100101111011011111010111111"
"1100000011000001110000101100001111000100110001011100011011000111"
"1100100011001001110010101100101111001100110011011100111011001111"
"1101000011010001110100101101001111010100110101011101011011010111"
"1101100011011001110110101101101111011100110111011101111011011111"
"1110000011100001111000101110001111100100111001011110011011100111"
"1110100011101001111010101110101111101100111011011110111011101111"
"1111000011110001111100101111001111110100111101011111011011110111"
"1111100011111001111110101111101111111100111111011111111011111111";
inline void writeBinByte(UInt8 byte, void * out)
{
memcpy(out, &bin_byte_to_char_table[static_cast<size_t>(byte) * 8], 8);
}
/// Produces hex representation of an unsigned int with leading zeros (for checksums)
template <typename TUInt>
inline void writeHexUIntImpl(TUInt uint_, char * out, std::string_view table)
{
union
{
TUInt value;
UInt8 uint8[sizeof(TUInt)];
};
value = uint_;
for (size_t i = 0; i < sizeof(TUInt); ++i)
{
if constexpr (std::endian::native == std::endian::little)
memcpy(out + i * 2, &table[static_cast<size_t>(uint8[sizeof(TUInt) - 1 - i]) * 2], 2);
else
memcpy(out + i * 2, &table[static_cast<size_t>(uint8[i]) * 2], 2);
}
}
template <typename TUInt>
inline void writeHexUIntUppercase(TUInt uint_, char * out)
{
writeHexUIntImpl(uint_, out, hex_byte_to_char_uppercase_table);
}
template <typename TUInt>
inline void writeHexUIntLowercase(TUInt uint_, char * out)
{
writeHexUIntImpl(uint_, out, hex_byte_to_char_lowercase_table);
}
template <typename TUInt>
std::string getHexUIntUppercase(TUInt uint_)
{
std::string res(sizeof(TUInt) * 2, '\0');
writeHexUIntUppercase(uint_, res.data());
return res;
}
template <typename TUInt>
std::string getHexUIntLowercase(TUInt uint_)
{
std::string res(sizeof(TUInt) * 2, '\0');
writeHexUIntLowercase(uint_, res.data());
return res;
}
/// Maps 0..9, A..F, a..f to 0..15. Other chars are mapped to implementation specific value.
constexpr inline std::string_view hex_char_to_digit_table
= {"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\xff\xff\xff\xff\xff\xff" //0-9
"\xff\x0a\x0b\x0c\x0d\x0e\x0f\xff\xff\xff\xff\xff\xff\xff\xff\xff" //A-Z
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\x0a\x0b\x0c\x0d\x0e\x0f\xff\xff\xff\xff\xff\xff\xff\xff\xff" //a-z
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff",
256};
constexpr UInt8 unhex(char c)
{
return hex_char_to_digit_table[static_cast<UInt8>(c)];
}
constexpr UInt8 unhex2(const char * data)
{
return static_cast<UInt8>(unhex(data[0])) * 0x10 + static_cast<UInt8>(unhex(data[1]));
}
constexpr UInt16 unhex4(const char * data)
{
return static_cast<UInt16>(unhex(data[0])) * 0x1000 + static_cast<UInt16>(unhex(data[1])) * 0x100
+ static_cast<UInt16>(unhex(data[2])) * 0x10 + static_cast<UInt16>(unhex(data[3]));
}
template <typename TUInt>
constexpr TUInt unhexUInt(const char * data)
{
TUInt res = 0;
if constexpr ((sizeof(TUInt) <= 8) || ((sizeof(TUInt) % 8) != 0))
{
for (size_t i = 0; i < sizeof(TUInt) * 2; ++i, ++data)
{
res <<= 4;
res += unhex(*data);
}
}
else
{
for (size_t i = 0; i < sizeof(TUInt) / 8; ++i, data += 16)
{
res <<= 64;
res += unhexUInt<UInt64>(data);
}
}
return res;
}

13
base/base/interpolate.h Normal file
View File

@ -0,0 +1,13 @@
#pragma once
#include <cassert>
#include <cmath>
/** Linear interpolation in logarithmic coordinates.
* Exponential interpolation is related to linear interpolation
* exactly in same way as geometric mean is related to arithmetic mean.
*/
constexpr double interpolateExponential(double min, double max, double ratio)
{
assert(min > 0 && ratio >= 0 && ratio <= 1);
return min * std::pow(max / min, ratio);
}

68
base/base/itoa.h
View File

@ -33,6 +33,41 @@
#include <base/extended_types.h>
template <typename T>
inline int digits10(T x)
{
if (x < 10ULL)
return 1;
if (x < 100ULL)
return 2;
if (x < 1000ULL)
return 3;
if (x < 1000000000000ULL)
{
if (x < 100000000ULL)
{
if (x < 1000000ULL)
{
if (x < 10000ULL)
return 4;
else
return 5 + (x >= 100000ULL);
}
return 7 + (x >= 10000000ULL);
}
if (x < 10000000000ULL)
return 9 + (x >= 1000000000ULL);
return 11 + (x >= 100000000000ULL);
}
return 12 + digits10(x / 1000000000000ULL);
}
namespace impl
{
@ -312,39 +347,6 @@ namespace convert
}
}
template <typename T>
static inline int digits10(T x)
{
if (x < 10ULL)
return 1;
if (x < 100ULL)
return 2;
if (x < 1000ULL)
return 3;
if (x < 1000000000000ULL)
{
if (x < 100000000ULL)
{
if (x < 1000000ULL)
{
if (x < 10000ULL)
return 4;
else
return 5 + (x >= 100000ULL);
}
return 7 + (x >= 10000000ULL);
}
if (x < 10000000000ULL)
return 9 + (x >= 1000000000ULL);
return 11 + (x >= 100000000000ULL);
}
return 12 + digits10(x / 1000000000000ULL);
}
template <typename T>
static inline char * writeUIntText(T x, char * p)

2
base/base/phdr_cache.cpp
View File

@ -1,6 +1,4 @@
#ifdef HAS_RESERVED_IDENTIFIER
#pragma clang diagnostic ignored "-Wreserved-identifier"
#endif
/// This code was based on the code by Fedor Korotkiy https://www.linkedin.com/in/fedor-korotkiy-659a1838/

148
base/base/preciseExp10.cpp
View File

@ -1,8 +1,8 @@
/** Origin: musl-libc /src/math/exp10.c
* https://www.musl-libc.org/
* http://git.musl-libc.org/cgit/musl/tree/src/math/exp10.c
*/
/*
https://www.musl-libc.org/
http://git.musl-libc.org/cgit/musl/tree/src/math/exp10.c
musl as a whole is licensed under the following standard MIT license:
----------------------------------------------------------------------
@ -27,146 +27,6 @@ CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
----------------------------------------------------------------------
Authors/contributors include:
Alex Dowad
Alexander Monakov
Anthony G. Basile
Arvid Picciani
Bobby Bingham
Boris Brezillon
Brent Cook
Chris Spiegel
Clément Vasseur
Daniel Micay
Denys Vlasenko
Emil Renner Berthing
Felix Fietkau
Felix Janda
Gianluca Anzolin
Hauke Mehrtens
Hiltjo Posthuma
Isaac Dunham
Jaydeep Patil
Jens Gustedt
Jeremy Huntwork
Jo-Philipp Wich
Joakim Sindholt
John Spencer
Josiah Worcester
Justin Cormack
Khem Raj
Kylie McClain
Luca Barbato
Luka Perkov
M Farkas-Dyck (Strake)
Mahesh Bodapati
Michael Forney
Natanael Copa
Nicholas J. Kain
orc
Pascal Cuoq
Petr Hosek
Pierre Carrier
Rich Felker
Richard Pennington
Shiz
sin
Solar Designer
Stefan Kristiansson
Szabolcs Nagy
Timo Teräs
Trutz Behn
Valentin Ochs
William Haddon
Portions of this software are derived from third-party works licensed
under terms compatible with the above MIT license:
The TRE regular expression implementation (src/regex/reg* and
src/regex/tre*) is Copyright © 2001-2008 Ville Laurikari and licensed
under a 2-clause BSD license (license text in the source files). The
included version has been heavily modified by Rich Felker in 2012, in
the interests of size, simplicity, and namespace cleanliness.
Much of the math library code (src/math/ * and src/complex/ *) is
Copyright © 1993,2004 Sun Microsystems or
Copyright © 2003-2011 David Schultz or
Copyright © 2003-2009 Steven G. Kargl or
Copyright © 2003-2009 Bruce D. Evans or
Copyright © 2008 Stephen L. Moshier
and labelled as such in comments in the individual source files. All
have been licensed under extremely permissive terms.
The ARM memcpy code (src/string/arm/memcpy_el.S) is Copyright © 2008
The Android Open Source Project and is licensed under a two-clause BSD
license. It was taken from Bionic libc, used on Android.
The implementation of DES for crypt (src/crypt/crypt_des.c) is
Copyright © 1994 David Burren. It is licensed under a BSD license.
The implementation of blowfish crypt (src/crypt/crypt_blowfish.c) was
originally written by Solar Designer and placed into the public
domain. The code also comes with a fallback permissive license for use
in jurisdictions that may not recognize the public domain.
The smoothsort implementation (src/stdlib/qsort.c) is Copyright © 2011
Valentin Ochs and is licensed under an MIT-style license.
The BSD PRNG implementation (src/prng/random.c) and XSI search API
(src/search/ *.c) functions are Copyright © 2011 Szabolcs Nagy and
licensed under following terms: "Permission to use, copy, modify,
and/or distribute this code for any purpose with or without fee is
hereby granted. There is no warranty."
The x86_64 port was written by Nicholas J. Kain and is licensed under
the standard MIT terms.
The mips and microblaze ports were originally written by Richard
Pennington for use in the ellcc project. The original code was adapted
by Rich Felker for build system and code conventions during upstream
integration. It is licensed under the standard MIT terms.
The mips64 port was contributed by Imagination Technologies and is
licensed under the standard MIT terms.
The powerpc port was also originally written by Richard Pennington,
and later supplemented and integrated by John Spencer. It is licensed
under the standard MIT terms.
All other files which have no copyright comments are original works
produced specifically for use as part of this library, written either
by Rich Felker, the main author of the library, or by one or more
contibutors listed above. Details on authorship of individual files
can be found in the git version control history of the project. The
omission of copyright and license comments in each file is in the
interest of source tree size.
In addition, permission is hereby granted for all public header files
(include/ * and arch/ * /bits/ *) and crt files intended to be linked into
applications (crt/ *, ldso/dlstart.c, and arch/ * /crt_arch.h) to omit
the copyright notice and permission notice otherwise required by the
license, and to use these files without any requirement of
attribution. These files include substantial contributions from:
Bobby Bingham
John Spencer
Nicholas J. Kain
Rich Felker
Richard Pennington
Stefan Kristiansson
Szabolcs Nagy
all of whom have explicitly granted such permission.
This file previously contained text expressing a belief that most of
the files covered by the above exception were sufficiently trivial not
to be subject to copyright, resulting in confusion over whether it
negated the permissions granted in the license. In the spirit of
permissive licensing, and of not having licensing issues being an
obstacle to adoption, that text has been removed.
*/
#include <cmath>

4
base/base/preciseExp10.h
View File

@ -3,9 +3,9 @@
/** exp10 from GNU libm fails to give precise result for integer arguments.
* For example, exp10(3) gives 1000.0000000000001
* despite the fact that 1000 is exactly representable in double and float.
* Better to always use implementation from MUSL.
* Better to always use our own implementation based on a MUSL's one.
*
* Note: the function names are different to avoid confusion with symbols from the system libm.
* Note: the function name is different to avoid confusion with symbols from the system libm.
*/
double preciseExp10(double x);

2
base/base/strong_typedef.h
View File

@ -35,7 +35,7 @@ public:
Self & operator=(T && rhs) { t = std::move(rhs); return *this;}
// NOLINTBEGIN(google-explicit-constructor)
operator const T & () const { return t; }
constexpr operator const T & () const { return t; }
operator T & () { return t; }
// NOLINTEND(google-explicit-constructor)

4
base/base/types.h
View File

@ -13,11 +13,7 @@ using char8_t = unsigned char;
#endif
/// This is needed for more strict aliasing. https://godbolt.org/z/xpJBSb https://stackoverflow.com/a/57453713
#if !defined(PVS_STUDIO) /// But PVS-Studio does not treat it correctly.
using UInt8 = char8_t;
#else
using UInt8 = uint8_t;
#endif
using UInt16 = uint16_t;
using UInt32 = uint32_t;

10
base/base/unit.h
View File

@ -5,10 +5,8 @@ constexpr size_t KiB = 1024;
constexpr size_t MiB = 1024 * KiB;
constexpr size_t GiB = 1024 * MiB;
#ifdef HAS_RESERVED_IDENTIFIER
# pragma clang diagnostic push
# pragma clang diagnostic ignored "-Wreserved-identifier"
#endif
#pragma clang diagnostic push
#pragma clang diagnostic ignored "-Wreserved-identifier"
// NOLINTBEGIN(google-runtime-int)
constexpr size_t operator"" _KiB(unsigned long long val) { return val * KiB; }
@ -16,6 +14,4 @@ constexpr size_t operator"" _MiB(unsigned long long val) { return val * MiB; }
constexpr size_t operator"" _GiB(unsigned long long val) { return val * GiB; }
// NOLINTEND(google-runtime-int)
#ifdef HAS_RESERVED_IDENTIFIER
# pragma clang diagnostic pop
#endif
#pragma clang diagnostic pop

19
base/base/wide_integer_impl.h
View File

@ -155,13 +155,13 @@ struct common_type<wide::integer<Bits, Signed>, Arithmetic>
std::is_floating_point_v<Arithmetic>,
Arithmetic,
std::conditional_t<
sizeof(Arithmetic) < Bits * sizeof(long),
sizeof(Arithmetic) * 8 < Bits,
wide::integer<Bits, Signed>,
std::conditional_t<
Bits * sizeof(long) < sizeof(Arithmetic),
Bits < sizeof(Arithmetic) * 8,
Arithmetic,
std::conditional_t<
Bits * sizeof(long) == sizeof(Arithmetic) && (std::is_same_v<Signed, signed> || std::is_signed_v<Arithmetic>),
Bits == sizeof(Arithmetic) * 8 && (std::is_same_v<Signed, signed> || std::is_signed_v<Arithmetic>),
Arithmetic,
wide::integer<Bits, Signed>>>>>;
};
@ -360,7 +360,7 @@ struct integer<Bits, Signed>::_impl
constexpr const unsigned to_copy = min_bits / base_bits;
for (unsigned i = 0; i < to_copy; ++i)
self.items[little(i)] = rhs.items[little(i)];
self.items[little(i)] = rhs.items[integer<Bits2, Signed2>::_impl::little(i)];
if constexpr (Bits > Bits2)
{
@ -732,9 +732,10 @@ public:
if (std::numeric_limits<T>::is_signed && (is_negative(lhs) != is_negative(rhs)))
return is_negative(rhs);
integer<Bits, Signed> t = rhs;
for (unsigned i = 0; i < item_count; ++i)
{
base_type rhs_item = get_item(rhs, big(i));
base_type rhs_item = get_item(t, big(i));
if (lhs.items[big(i)] != rhs_item)
return lhs.items[big(i)] > rhs_item;
@ -757,9 +758,10 @@ public:
if (std::numeric_limits<T>::is_signed && (is_negative(lhs) != is_negative(rhs)))
return is_negative(lhs);
integer<Bits, Signed> t = rhs;
for (unsigned i = 0; i < item_count; ++i)
{
base_type rhs_item = get_item(rhs, big(i));
base_type rhs_item = get_item(t, big(i));
if (lhs.items[big(i)] != rhs_item)
return lhs.items[big(i)] < rhs_item;
@ -779,9 +781,10 @@ public:
{
if constexpr (should_keep_size<T>())
{
integer<Bits, Signed> t = rhs;
for (unsigned i = 0; i < item_count; ++i)
{
base_type rhs_item = get_item(rhs, any(i));
base_type rhs_item = get_item(t, any(i));
if (lhs.items[any(i)] != rhs_item)
return false;
@ -1239,7 +1242,7 @@ constexpr integer<Bits, Signed>::operator long double() const noexcept
for (unsigned i = 0; i < _impl::item_count; ++i)
{
long double t = res;
res *= std::numeric_limits<base_type>::max();
res *= static_cast<long double>(std::numeric_limits<base_type>::max());
res += t;
res += tmp.items[_impl::big(i)];
}

2
base/base/wide_integer_to_string.h
View File

@ -64,6 +64,6 @@ struct fmt::formatter<wide::integer<Bits, Signed>>
template <typename FormatContext>
auto format(const wide::integer<Bits, Signed> & value, FormatContext & ctx)
{
return format_to(ctx.out(), "{}", to_string(value));
return fmt::format_to(ctx.out(), "{}", to_string(value));
}
};

2
base/glibc-compatibility/glibc-compatibility.c
View File

@ -195,7 +195,6 @@ long splice(int fd_in, off_t *off_in, int fd_out, off_t *off_out, size_t len, un
#include <sys/stat.h>
#include <stdint.h>
#if !defined(__aarch64__)
struct statx {
uint32_t stx_mask;
uint32_t stx_blksize;
@ -226,7 +225,6 @@ int statx(int fd, const char *restrict path, int flag,
{
return syscall(SYS_statx, fd, path, flag, mask, statxbuf);
}
#endif
#include <syscall.h>

81
base/glibc-compatibility/musl/expf.c Normal file
View File

@ -0,0 +1,81 @@
/* origin: FreeBSD /usr/src/lib/msun/src/e_expf.c */
/*
* Conversion to float by Ian Lance Taylor, Cygnus Support, ian@cygnus.com.
*/
/*
* ====================================================
* Copyright (C) 1993 by Sun Microsystems, Inc. All rights reserved.
*
* Developed at SunPro, a Sun Microsystems, Inc. business.
* Permission to use, copy, modify, and distribute this
* software is freely granted, provided that this notice
* is preserved.
* ====================================================
*/
#include "libm.h"
static const float
half[2] = {0.5,-0.5},
ln2hi = 6.9314575195e-1f, /* 0x3f317200 */
ln2lo = 1.4286067653e-6f, /* 0x35bfbe8e */
invln2 = 1.4426950216e+0f, /* 0x3fb8aa3b */
/*
* Domain [-0.34568, 0.34568], range ~[-4.278e-9, 4.447e-9]:
* |x*(exp(x)+1)/(exp(x)-1) - p(x)| < 2**-27.74
*/
P1 = 1.6666625440e-1f, /* 0xaaaa8f.0p-26 */
P2 = -2.7667332906e-3f; /* -0xb55215.0p-32 */
float expf(float x)
{
float_t hi, lo, c, xx, y;
int k, sign;
uint32_t hx;
GET_FLOAT_WORD(hx, x);
sign = hx >> 31; /* sign bit of x */
hx &= 0x7fffffff; /* high word of |x| */
/* special cases */
if (hx >= 0x42aeac50) { /* if |x| >= -87.33655f or NaN */
if (hx >= 0x42b17218 && !sign) { /* x >= 88.722839f */
/* overflow */
x *= 0x1p127f;
return x;
}
if (sign) {
/* underflow */
FORCE_EVAL(-0x1p-149f/x);
if (hx >= 0x42cff1b5) /* x <= -103.972084f */
return 0;
}
}
/* argument reduction */
if (hx > 0x3eb17218) { /* if |x| > 0.5 ln2 */
if (hx > 0x3f851592) /* if |x| > 1.5 ln2 */
k = invln2*x + half[sign];
else
k = 1 - sign - sign;
hi = x - k*ln2hi; /* k*ln2hi is exact here */
lo = k*ln2lo;
x = hi - lo;
} else if (hx > 0x39000000) { /* |x| > 2**-14 */
k = 0;
hi = x;
lo = 0;
} else {
/* raise inexact */
FORCE_EVAL(0x1p127f + x);
return 1 + x;
}
/* x is now in primary range */
xx = x*x;
c = x - xx*(P1+xx*P2);
y = 1 + (x*c/(2-c) - lo + hi);
if (k == 0)
return y;
return scalbnf(y, k);
}

5
base/glibc-compatibility/musl/fallocate.c
View File

@ -8,3 +8,8 @@ int fallocate(int fd, int mode, off_t base, off_t len)
{
return syscall(SYS_fallocate, fd, mode, base, len);
}
int fallocate64(int fd, int mode, off_t base, off_t len)
{
return fallocate(fd, mode, base, len);
}

3
base/glibc-compatibility/musl/lgamma.c
View File

@ -78,9 +78,6 @@
*
*/
// Disable warnings by PVS-Studio
//-V::GA
static const double
pi = 3.14159265358979311600e+00, /* 0x400921FB, 0x54442D18 */
a0 = 7.72156649015328655494e-02, /* 0x3FB3C467, 0xE37DB0C8 */

3
base/glibc-compatibility/musl/lgammal.c
View File

@ -85,9 +85,6 @@
*
*/
// Disable warnings by PVS-Studio
//-V::GA
#include <stdint.h>
#include <math.h>
#include "libm.h"

6
base/glibc-compatibility/musl/libm.h
View File

@ -155,7 +155,7 @@ static inline long double fp_barrierl(long double x)
static inline void fp_force_evalf(float x)
{
volatile float y;
y = x; //-V1001
y = x;
}
#endif
@ -164,7 +164,7 @@ static inline void fp_force_evalf(float x)
static inline void fp_force_eval(double x)
{
volatile double y;
y = x; //-V1001
y = x;
}
#endif
@ -173,7 +173,7 @@ static inline void fp_force_eval(double x)
static inline void fp_force_evall(long double x)
{
volatile long double y;
y = x; //-V1001
y = x;
}
#endif

3
base/glibc-compatibility/musl/powf.c
View File

@ -3,9 +3,6 @@
* SPDX-License-Identifier: MIT
*/
// Disable warnings by PVS-Studio
//-V::GA
#include <math.h>
#include <stdint.h>
#include "libm.h"

5
base/glibc-compatibility/musl/pwritev.c
View File

@ -9,3 +9,8 @@ ssize_t pwritev(int fd, const struct iovec *iov, int count, off_t ofs)
/// There was cancellable syscall (syscall_cp), but I don't care.
return syscall(SYS_pwritev, fd, iov, count, (long)(ofs), (long)(ofs>>32));
}
ssize_t pwritev64(int fd, const struct iovec *iov, int count, off_t ofs)
{
return pwritev(fd, iov, count, ofs);
}

31
base/glibc-compatibility/musl/scalbnf.c Normal file
View File

@ -0,0 +1,31 @@
#include <math.h>
#include <stdint.h>
float scalbnf(float x, int n)
{
union {float f; uint32_t i;} u;
float_t y = x;
if (n > 127) {
y *= 0x1p127f;
n -= 127;
if (n > 127) {
y *= 0x1p127f;
n -= 127;
if (n > 127)
n = 127;
}
} else if (n < -126) {
y *= 0x1p-126f;
n += 126;
if (n < -126) {
y *= 0x1p-126f;
n += 126;
if (n < -126)
n = -126;
}
}
u.i = (uint32_t)(0x7f+n)<<23;
x = y * u.f;
return x;
}

4
base/pcg-random/CMakeLists.txt
View File

@ -1,2 +1,6 @@
if (USE_CLANG_TIDY)
set (CMAKE_CXX_CLANG_TIDY "${CLANG_TIDY_PATH}")
endif ()
add_library(pcg_random INTERFACE)
target_include_directories(pcg_random INTERFACE .)

2
base/pcg-random/pcg_extras.hpp
View File

@ -455,7 +455,7 @@ auto bounded_rand(RngType& rng, typename RngType::result_type upper_bound)
typedef typename RngType::result_type rtype;
rtype threshold = (RngType::max() - RngType::min() + rtype(1) - upper_bound)
% upper_bound;
for (;;) { //-V1044
for (;;) {
rtype r = rng() - RngType::min();
if (r >= threshold)
return r % upper_bound;

8
base/pcg-random/pcg_random.hpp
View File

@ -930,7 +930,7 @@ struct rxs_m_xs_mixin {
constexpr bitcount_t shift = bits - xtypebits;
constexpr bitcount_t mask = (1 << opbits) - 1;
bitcount_t rshift =
opbits ? bitcount_t(internal >> (bits - opbits)) & mask : 0; //-V547
opbits ? bitcount_t(internal >> (bits - opbits)) & mask : 0;
internal ^= internal >> (opbits + rshift);
internal *= mcg_multiplier<itype>::multiplier();
xtype result = internal >> shift;
@ -952,7 +952,7 @@ struct rxs_m_xs_mixin {
internal *= mcg_unmultiplier<itype>::unmultiplier();
bitcount_t rshift = opbits ? (internal >> (bits - opbits)) & mask : 0; //-V547
bitcount_t rshift = opbits ? (internal >> (bits - opbits)) & mask : 0;
internal = unxorshift(internal, bits, opbits + rshift);
return internal;
@ -977,7 +977,7 @@ struct rxs_m_mixin {
: 2;
constexpr bitcount_t shift = bits - xtypebits;
constexpr bitcount_t mask = (1 << opbits) - 1;
bitcount_t rshift = opbits ? (internal >> (bits - opbits)) & mask : 0; //-V547
bitcount_t rshift = opbits ? (internal >> (bits - opbits)) & mask : 0;
internal ^= internal >> (opbits + rshift);
internal *= mcg_multiplier<itype>::multiplier();
xtype result = internal >> shift;
@ -1368,7 +1368,7 @@ void extended<table_pow2,advance_pow2,baseclass,extvalclass,kdd>::selfinit()
// - any strange correlations would only be apparent if we
// were to backstep the generator so that the base generator
// was generating the same values again
result_type xdiff = baseclass::operator()() - baseclass::operator()(); //-V501
result_type xdiff = baseclass::operator()() - baseclass::operator()();
for (size_t i = 0; i < table_size; ++i) {
data_[i] = baseclass::operator()() ^ xdiff;
}

4
contrib/poco-cmake/CMakeLists.txt → base/poco/CMakeLists.txt
View File

@ -1,5 +1,3 @@
set (LIBRARY_DIR "${ClickHouse_SOURCE_DIR}/contrib/poco")
add_subdirectory (Crypto)
add_subdirectory (Data)
add_subdirectory (Data/ODBC)
@ -7,7 +5,7 @@ add_subdirectory (Foundation)
add_subdirectory (JSON)
add_subdirectory (MongoDB)
add_subdirectory (Net)
add_subdirectory (Net/SSL)
add_subdirectory (NetSSL_OpenSSL)
add_subdirectory (Redis)
add_subdirectory (Util)
add_subdirectory (XML)

35
base/poco/Crypto/CMakeLists.txt Normal file
View File

@ -0,0 +1,35 @@
if (ENABLE_SSL)
file (GLOB SRCS src/*.cpp)
add_library (_poco_crypto ${SRCS})
add_library (Poco::Crypto ALIAS _poco_crypto)
# TODO: remove these warning exclusions
target_compile_options (_poco_crypto
PRIVATE
-Wno-covered-switch-default
-Wno-deprecated-dynamic-exception-spec
-Wno-extra-semi-stmt
-Wno-missing-noreturn
-Wno-newline-eof
-Wno-old-style-cast
-Wno-shadow
-Wno-shorten-64-to-32
-Wno-sign-compare
-Wno-suggest-destructor-override
-Wno-suggest-override
-Wno-unreachable-code-return
-Wno-unused-parameter
-Wno-zero-as-null-pointer-constant
-Wno-used-but-marked-unused
)
target_include_directories (_poco_crypto SYSTEM PUBLIC "include")
target_link_libraries (_poco_crypto PUBLIC Poco::Foundation OpenSSL::SSL OpenSSL::Crypto)
message (STATUS "Using Poco::Crypto")
else ()
add_library (_poco_crypto INTERFACE)
add_library (Poco::Crypto ALIAS _poco_crypto)
message (STATUS "Not using Poco::Crypto")
endif ()

141
base/poco/Crypto/include/Poco/Crypto/Cipher.h Normal file
View File

@ -0,0 +1,141 @@
//
// Cipher.h
//
// Library: Crypto
// Package: Cipher
// Module: Cipher
//
// Definition of the Cipher class.
//
// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#ifndef Crypto_Cipher_INCLUDED
#define Crypto_Cipher_INCLUDED
#include <istream>
#include <ostream>
#include <vector>
#include "Poco/AutoPtr.h"
#include "Poco/Crypto/Crypto.h"
#include "Poco/RefCountedObject.h"
namespace Poco
{
namespace Crypto
{
class CryptoTransform;
class Crypto_API Cipher : public Poco::RefCountedObject
/// Represents the abstract base class from which all implementations of
/// symmetric/asymmetric encryption algorithms must inherit. Use the CipherFactory
/// class to obtain an instance of this class:
///
/// CipherFactory& factory = CipherFactory::defaultFactory();
/// // Creates a 256-bit AES cipher
/// Cipher* pCipher = factory.createCipher(CipherKey("aes-256"));
/// Cipher* pRSACipher = factory.createCipher(RSAKey(RSAKey::KL_1024, RSAKey::EXP_SMALL));
///
/// Check the different Key constructors on how to initialize/create
/// a key. The above example auto-generates random keys.
///
/// Note that you won't be able to decrypt data encrypted with a random key
/// once the Cipher is destroyed unless you persist the generated key and IV.
/// An example usage for random keys is to encrypt data saved in a temporary
/// file.
///
/// Once your key is set up, you can use the Cipher object to encrypt or
/// decrypt strings or, in conjunction with a CryptoInputStream or a
/// CryptoOutputStream, to encrypt streams of data.
///
/// Since encrypted strings will contain arbitrary binary data that will cause
/// problems in applications that are not binary-safe (eg., when sending
/// encrypted data in e-mails), the encryptString() and decryptString() can
/// encode (or decode, respectively) encrypted data using a "transport encoding".
/// Supported encodings are Base64 and BinHex.
///
/// The following example encrypts and decrypts a string utilizing Base64
/// encoding:
///
/// std::string plainText = "This is my secret information";
/// std::string encrypted = pCipher->encryptString(plainText, Cipher::ENC_BASE64);
/// std::string decrypted = pCipher->decryptString(encrypted, Cipher::ENC_BASE64);
///
/// In order to encrypt a stream of data (eg. to encrypt files), you can use
/// a CryptoStream:
///
/// // Create an output stream that will encrypt all data going through it
/// // and write pass it to the underlying file stream.
/// Poco::FileOutputStream sink("encrypted.dat");
/// CryptoOutputStream encryptor(sink, pCipher->createEncryptor());
///
/// Poco::FileInputStream source("source.txt");
/// Poco::StreamCopier::copyStream(source, encryptor);
///
/// // Always close output streams to flush all internal buffers
/// encryptor.close();
/// sink.close();
{
public:
typedef Poco::AutoPtr<Cipher> Ptr;
typedef std::vector<unsigned char> ByteVec;
enum Encoding
/// Transport encoding to use for encryptString() and decryptString().
{
ENC_NONE = 0x00, /// Plain binary output
ENC_BASE64 = 0x01, /// Base64-encoded output
ENC_BINHEX = 0x02, /// BinHex-encoded output
ENC_BASE64_NO_LF = 0x81, /// Base64-encoded output, no linefeeds
ENC_BINHEX_NO_LF = 0x82 /// BinHex-encoded output, no linefeeds
};
virtual ~Cipher();
/// Destroys the Cipher.
virtual const std::string & name() const = 0;
/// Returns the name of the Cipher.
virtual CryptoTransform * createEncryptor() = 0;
/// Creates an encryptor object to be used with a CryptoStream.
virtual CryptoTransform * createDecryptor() = 0;
/// Creates a decryptor object to be used with a CryptoStream.
virtual std::string encryptString(const std::string & str, Encoding encoding = ENC_NONE);
/// Directly encrypt a string and encode it using the given encoding.
virtual std::string decryptString(const std::string & str, Encoding encoding = ENC_NONE);
/// Directly decrypt a string that is encoded with the given encoding.
virtual void encrypt(std::istream & source, std::ostream & sink, Encoding encoding = ENC_NONE);
/// Directly encrypts an input stream and encodes it using the given encoding.
virtual void decrypt(std::istream & source, std::ostream & sink, Encoding encoding = ENC_NONE);
/// Directly decrypt an input stream that is encoded with the given encoding.
protected:
Cipher();
/// Creates a new Cipher object.
private:
Cipher(const Cipher &);
Cipher & operator=(const Cipher &);
};
}
} // namespace Poco::Crypto
#endif // Crypto_Cipher_INCLUDED

78
base/poco/Crypto/include/Poco/Crypto/CipherFactory.h Normal file
View File

@ -0,0 +1,78 @@
//
// CipherFactory.h
//
// Library: Crypto
// Package: Cipher
// Module: CipherFactory
//
// Definition of the CipherFactory class.
//
// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#ifndef Crypto_CipherFactory_INCLUDED
#define Crypto_CipherFactory_INCLUDED
#include "Poco/Crypto/Crypto.h"
namespace Poco
{
namespace Crypto
{
class Cipher;
class CipherKey;
class RSAKey;
class Crypto_API CipherFactory
/// A factory for Cipher objects. See the Cipher class for examples on how to
/// use the CipherFactory.
{
public:
CipherFactory();
/// Creates a new CipherFactory object.
virtual ~CipherFactory();
/// Destroys the CipherFactory.
Cipher * createCipher(const CipherKey & key);
/// Creates a Cipher object for the given Cipher name. Valid cipher
/// names depend on the OpenSSL version the library is linked with;
/// see the output of
///
/// openssl enc --help
///
/// for a list of supported block and stream ciphers.
///
/// Common examples are:
///
/// * AES: "aes-128", "aes-256"
/// * DES: "des", "des3"
/// * Blowfish: "bf"
Cipher * createCipher(const RSAKey & key, RSAPaddingMode paddingMode = RSA_PADDING_PKCS1);
/// Creates a RSACipher using the given RSA key and padding mode
/// for public key encryption/private key decryption.
static CipherFactory & defaultFactory();
/// Returns the default CipherFactory.
private:
CipherFactory(const CipherFactory &);
CipherFactory & operator=(const CipherFactory &);
};
}
} // namespace Poco::Crypto
#endif // Crypto_CipherFactory_INCLUDED

72
base/poco/Crypto/include/Poco/Crypto/CipherImpl.h Normal file
View File

@ -0,0 +1,72 @@
//
// CipherImpl.h
//
// Library: Crypto
// Package: Cipher
// Module: CipherImpl
//
// Definition of the CipherImpl class.
//
// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#ifndef Crypto_CipherImpl_INCLUDED
#define Crypto_CipherImpl_INCLUDED
#include <openssl/evp.h>
#include "Poco/Crypto/Cipher.h"
#include "Poco/Crypto/CipherKey.h"
#include "Poco/Crypto/Crypto.h"
#include "Poco/Crypto/OpenSSLInitializer.h"
namespace Poco
{
namespace Crypto
{
class CipherImpl : public Cipher
/// An implementation of the Cipher class for OpenSSL's crypto library.
{
public:
CipherImpl(const CipherKey & key);
/// Creates a new CipherImpl object for the given CipherKey.
virtual ~CipherImpl();
/// Destroys the CipherImpl.
const std::string & name() const;
/// Returns the name of the cipher.
CryptoTransform * createEncryptor();
/// Creates an encryptor object.
CryptoTransform * createDecryptor();
/// Creates a decryptor object.
private:
CipherKey _key;
OpenSSLInitializer _openSSLInitializer;
};
//
// Inlines
//
inline const std::string & CipherImpl::name() const
{
return _key.name();
}
}
} // namespace Poco::Crypto
#endif // Crypto_CipherImpl_INCLUDED

203
base/poco/Crypto/include/Poco/Crypto/CipherKey.h Normal file
View File

@ -0,0 +1,203 @@
//
// CipherKey.h
//
// Library: Crypto
// Package: Cipher
// Module: CipherKey
//
// Definition of the CipherKey class.
//
// Copyright (c) 2007, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#ifndef Crypto_CipherKey_INCLUDED
#define Crypto_CipherKey_INCLUDED
#include "Poco/Crypto/CipherKeyImpl.h"
#include "Poco/Crypto/Crypto.h"
namespace Poco
{
namespace Crypto
{
class Crypto_API CipherKey
/// CipherKey stores the key information for decryption/encryption of data.
/// To create a random key, using the following code:
///
/// CipherKey key("aes-256");
///
/// Note that you won't be able to decrypt data encrypted with a random key
/// once the Cipher is destroyed unless you persist the generated key and IV.
/// An example usage for random keys is to encrypt data saved in a temporary
/// file.
///
/// To create a key using a human-readable password
/// string, use the following code. We create a AES Cipher and
/// use a salt value to make the key more robust:
///
/// std::string password = "secret";
/// std::string salt("asdff8723lasdf(**923412");
/// CipherKey key("aes-256", password, salt);
///
/// You may also control the digest and the number of iterations used to generate the key
/// by specifying the specific values. Here we create a key with the same data as before,
/// except that we use 100 iterations instead of DEFAULT_ITERATION_COUNT, and sha1 instead of
/// the default md5:
///
/// std::string password = "secret";
/// std::string salt("asdff8723lasdf(**923412");
/// std::string digest ("sha1");
/// CipherKey key("aes-256", password, salt, 100, digest);
///
{
public:
typedef CipherKeyImpl::Mode Mode;
typedef CipherKeyImpl::ByteVec ByteVec;
enum
{
DEFAULT_ITERATION_COUNT = 2000
/// Default iteration count to use with
/// generateKey(). RSA security recommends
/// an iteration count of at least 1000.
};
CipherKey(
const std::string & name,
const std::string & passphrase,
const std::string & salt = "",
int iterationCount = DEFAULT_ITERATION_COUNT,
const std::string & digest = "md5");
/// Creates a new CipherKeyImpl object using the given
/// cipher name, passphrase, salt value, iteration count and digest.
CipherKey(const std::string & name, const ByteVec & key, const ByteVec & iv);
/// Creates a new CipherKeyImpl object using the given cipher
/// name, key and initialization vector (IV).
///
/// The size of the IV must match the cipher's expected
/// IV size (see ivSize()), except for GCM mode, which allows
/// a custom IV size.
CipherKey(const std::string & name);
/// Creates a new CipherKeyImpl object. Autoinitializes key and
/// initialization vector.
~CipherKey();
/// Destroys the CipherKeyImpl.
const std::string & name() const;
/// Returns the name of the Cipher.
int keySize() const;
/// Returns the key size of the Cipher.
int blockSize() const;
/// Returns the block size of the Cipher.
int ivSize() const;
/// Returns the IV size of the Cipher.
Mode mode() const;
/// Returns the Cipher's mode of operation.
const ByteVec & getKey() const;
/// Returns the key for the Cipher.
void setKey(const ByteVec & key);
/// Sets the key for the Cipher.
const ByteVec & getIV() const;
/// Returns the initialization vector (IV) for the Cipher.
void setIV(const ByteVec & iv);
/// Sets the initialization vector (IV) for the Cipher.
///
/// The size of the vector must match the cipher's expected
/// IV size (see ivSize()), except for GCM mode, which allows
/// a custom IV size.
CipherKeyImpl::Ptr impl();
/// Returns the impl object
private:
CipherKeyImpl::Ptr _pImpl;
};
//
// inlines
//
inline const std::string & CipherKey::name() const
{
return _pImpl->name();
}
inline int CipherKey::keySize() const
{
return _pImpl->keySize();
}
inline int CipherKey::blockSize() const
{
return _pImpl->blockSize();
}
inline int CipherKey::ivSize() const
{
return _pImpl->ivSize();
}
inline CipherKey::Mode CipherKey::mode() const
{
return _pImpl->mode();
}
inline const CipherKey::ByteVec & CipherKey::getKey() const
{
return _pImpl->getKey();
}
inline void CipherKey::setKey(const CipherKey::ByteVec & key)
{
_pImpl->setKey(key);
}
inline const CipherKey::ByteVec & CipherKey::getIV() const
{
return _pImpl->getIV();
}
inline void CipherKey::setIV(const CipherKey::ByteVec & iv)
{
_pImpl->setIV(iv);
}
inline CipherKeyImpl::Ptr CipherKey::impl()
{
return _pImpl;
}
}
} // namespace Poco::Crypto
#endif // Crypto_CipherKey_INCLUDED

168
base/poco/Crypto/include/Poco/Crypto/CipherKeyImpl.h Normal file
View File

@ -0,0 +1,168 @@
//
// CipherKeyImpl.h
//
// Library: Crypto
// Package: Cipher
// Module: CipherKeyImpl
//
// Definition of the CipherKeyImpl class.
//
// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#ifndef Crypto_CipherKeyImpl_INCLUDED
#define Crypto_CipherKeyImpl_INCLUDED
#include <vector>
#include "Poco/AutoPtr.h"
#include "Poco/Crypto/Crypto.h"
#include "Poco/Crypto/OpenSSLInitializer.h"
#include "Poco/RefCountedObject.h"
struct evp_cipher_st;
typedef struct evp_cipher_st EVP_CIPHER;
namespace Poco
{
namespace Crypto
{
class CipherKeyImpl : public RefCountedObject
/// An implementation of the CipherKey class for OpenSSL's crypto library.
{
public:
typedef std::vector<unsigned char> ByteVec;
typedef Poco::AutoPtr<CipherKeyImpl> Ptr;
enum Mode
/// Cipher mode of operation. This mode determines how multiple blocks
/// are connected; this is essential to improve security.
{
MODE_STREAM_CIPHER, /// Stream cipher
MODE_ECB, /// Electronic codebook (plain concatenation)
MODE_CBC, /// Cipher block chaining (default)
MODE_CFB, /// Cipher feedback
MODE_OFB, /// Output feedback
MODE_CTR, /// Counter mode
MODE_GCM, /// Galois/Counter mode
MODE_CCM /// Counter with CBC-MAC
};
CipherKeyImpl(
const std::string & name,
const std::string & passphrase,
const std::string & salt,
int iterationCount,
const std::string & digest);
/// Creates a new CipherKeyImpl object, using
/// the given cipher name, passphrase, salt value
/// and iteration count.
CipherKeyImpl(const std::string & name, const ByteVec & key, const ByteVec & iv);
/// Creates a new CipherKeyImpl object, using the
/// given cipher name, key and initialization vector.
CipherKeyImpl(const std::string & name);
/// Creates a new CipherKeyImpl object. Autoinitializes key
/// and initialization vector.
virtual ~CipherKeyImpl();
/// Destroys the CipherKeyImpl.
const std::string & name() const;
/// Returns the name of the Cipher.
int keySize() const;
/// Returns the key size of the Cipher.
int blockSize() const;
/// Returns the block size of the Cipher.
int ivSize() const;
/// Returns the IV size of the Cipher.
Mode mode() const;
/// Returns the Cipher's mode of operation.
const ByteVec & getKey() const;
/// Returns the key for the Cipher.
void setKey(const ByteVec & key);
/// Sets the key for the Cipher.
const ByteVec & getIV() const;
/// Returns the initialization vector (IV) for the Cipher.
void setIV(const ByteVec & iv);
/// Sets the initialization vector (IV) for the Cipher.
const EVP_CIPHER * cipher();
/// Returns the cipher object
private:
void generateKey(const std::string & passphrase, const std::string & salt, int iterationCount);
/// Generates key and IV from a password and optional salt string.
void generateKey();
/// Generates key and IV from random data.
void getRandomBytes(ByteVec & vec, std::size_t count);
/// Stores random bytes in vec.
private:
const EVP_CIPHER * _pCipher;
const EVP_MD * _pDigest;
std::string _name;
ByteVec _key;
ByteVec _iv;
OpenSSLInitializer _openSSLInitializer;
};
//
// Inlines
//
inline const std::string & CipherKeyImpl::name() const
{
return _name;
}
inline const CipherKeyImpl::ByteVec & CipherKeyImpl::getKey() const
{
return _key;
}
inline void CipherKeyImpl::setKey(const ByteVec & key)
{
poco_assert(key.size() == static_cast<ByteVec::size_type>(keySize()));
_key = key;
}
inline const CipherKeyImpl::ByteVec & CipherKeyImpl::getIV() const
{
return _iv;
}
inline const EVP_CIPHER * CipherKeyImpl::cipher()
{
return _pCipher;
}
}
} // namespace Poco::Crypto
#endif // Crypto_CipherKeyImpl_INCLUDED

116
base/poco/Crypto/include/Poco/Crypto/Crypto.h Normal file
View File

@ -0,0 +1,116 @@
//
// Crypto.h
//
// Library: Crypto
// Package: CryptoCore
// Module: Crypto
//
// Basic definitions for the Poco Crypto library.
// This file must be the first file included by every other Crypto
// header file.
//
// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#ifndef Crypto_Crypto_INCLUDED
#define Crypto_Crypto_INCLUDED
#define POCO_EXTERNAL_OPENSSL_DEFAULT 1
#define POCO_EXTERNAL_OPENSSL_SLPRO 2
#include <openssl/opensslv.h>
#include "Poco/Foundation.h"
#ifndef OPENSSL_VERSION_PREREQ
# if defined(OPENSSL_VERSION_MAJOR) && defined(OPENSSL_VERSION_MINOR)
# define OPENSSL_VERSION_PREREQ(maj, min) ((OPENSSL_VERSION_MAJOR << 16) + OPENSSL_VERSION_MINOR >= ((maj) << 16) + (min))
# else
# define OPENSSL_VERSION_PREREQ(maj, min) (OPENSSL_VERSION_NUMBER >= (((maj) << 28) | ((min) << 20)))
# endif
#endif
enum RSAPaddingMode
/// The padding mode used for RSA public key encryption.
{
RSA_PADDING_PKCS1,
/// PKCS #1 v1.5 padding. This currently is the most widely used mode.
RSA_PADDING_PKCS1_OAEP,
/// EME-OAEP as defined in PKCS #1 v2.0 with SHA-1, MGF1 and an empty
/// encoding parameter. This mode is recommended for all new applications.
RSA_PADDING_SSLV23,
/// PKCS #1 v1.5 padding with an SSL-specific modification that denotes
/// that the server is SSL3 capable.
RSA_PADDING_NONE
/// Raw RSA encryption. This mode should only be used to implement cryptographically
/// sound padding modes in the application code. Encrypting user data directly with RSA
/// is insecure.
};
//
// The following block is the standard way of creating macros which make exporting
// from a DLL simpler. All files within this DLL are compiled with the Crypto_EXPORTS
// symbol defined on the command line. this symbol should not be defined on any project
// that uses this DLL. This way any other project whose source files include this file see
// Crypto_API functions as being imported from a DLL, whereas this DLL sees symbols
// defined with this macro as being exported.
//
#if !defined(Crypto_API)
# if !defined(POCO_NO_GCC_API_ATTRIBUTE) && defined(__GNUC__) && (__GNUC__ >= 4)
# define Crypto_API __attribute__((visibility("default")))
# else
# define Crypto_API
# endif
#endif
//
// Automatically link Crypto and OpenSSL libraries.
//
namespace Poco
{
namespace Crypto
{
void Crypto_API initializeCrypto();
/// Initialize the Crypto library, as well as the underlying OpenSSL
/// libraries, by calling OpenSSLInitializer::initialize().
///
/// Should be called before using any class from the Crypto library.
/// The Crypto library will be initialized automatically, through
/// OpenSSLInitializer instances held by various Crypto classes
/// (Cipher, CipherKey, RSAKey, X509Certificate).
/// However, it is recommended to call initializeCrypto()
/// in any case at application startup.
///
/// Can be called multiple times; however, for every call to
/// initializeCrypto(), a matching call to uninitializeCrypto()
/// must be performed.
void Crypto_API uninitializeCrypto();
/// Uninitializes the Crypto library by calling
/// OpenSSLInitializer::uninitialize().
}
} // namespace Poco::Crypto
#endif // Crypto_Crypto_INCLUDED

59
base/poco/Crypto/include/Poco/Crypto/CryptoException.h Normal file
View File

@ -0,0 +1,59 @@
//
// CryptoException.h
//
//
// Library: Crypto
// Package: Crypto
// Module: CryptoException
//
// Definition of the CryptoException class.
//
// Copyright (c) 2012, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#ifndef Crypto_CryptoException_INCLUDED
#define Crypto_CryptoException_INCLUDED
#include "Poco/Crypto/Crypto.h"
#include "Poco/Exception.h"
namespace Poco
{
namespace Crypto
{
POCO_DECLARE_EXCEPTION(Crypto_API, CryptoException, Poco::Exception)
class Crypto_API OpenSSLException : public CryptoException
{
public:
OpenSSLException(int code = 0);
OpenSSLException(const std::string & msg, int code = 0);
OpenSSLException(const std::string & msg, const std::string & arg, int code = 0);
OpenSSLException(const std::string & msg, const Poco::Exception & exc, int code = 0);
OpenSSLException(const OpenSSLException & exc);
~OpenSSLException() throw();
OpenSSLException & operator=(const OpenSSLException & exc);
const char * name() const throw();
const char * className() const throw();
Poco::Exception * clone() const;
void rethrow() const;
private:
void setExtMessage();
};
}
} // namespace Poco::Crypto
#endif // Crypto_CryptoException_INCLUDED

195
base/poco/Crypto/include/Poco/Crypto/CryptoStream.h Normal file
View File

@ -0,0 +1,195 @@
//
// CryptoStream.h
//
// Library: Crypto
// Package: Cipher
// Module: CryptoStream
//
// Definition of the CryptoStreamBuf, CryptoInputStream and CryptoOutputStream
// classes.
//
// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#ifndef Crypto_CryptoStream_INCLUDED
#define Crypto_CryptoStream_INCLUDED
#include <iostream>
#include "Poco/Buffer.h"
#include "Poco/BufferedStreamBuf.h"
#include "Poco/Crypto/Crypto.h"
namespace Poco
{
namespace Crypto
{
class CryptoTransform;
class Cipher;
class Crypto_API CryptoStreamBuf : public Poco::BufferedStreamBuf
/// This stream buffer performs cryptographic transformation on the data
/// going through it.
{
public:
CryptoStreamBuf(std::istream & istr, CryptoTransform * pTransform, std::streamsize bufferSize = 8192);
CryptoStreamBuf(std::ostream & ostr, CryptoTransform * pTransform, std::streamsize bufferSize = 8192);
virtual ~CryptoStreamBuf();
void close();
/// Flushes all buffers and finishes the encryption.
protected:
int readFromDevice(char * buffer, std::streamsize length);
int writeToDevice(const char * buffer, std::streamsize length);
private:
CryptoTransform * _pTransform;
std::istream * _pIstr;
std::ostream * _pOstr;
bool _eof;
Poco::Buffer<unsigned char> _buffer;
CryptoStreamBuf(const CryptoStreamBuf &);
CryptoStreamBuf & operator=(const CryptoStreamBuf &);
};
class Crypto_API CryptoIOS : public virtual std::ios
/// The base class for CryptoInputStream and CryptoOutputStream.
///
/// This class is needed to ensure correct initialization order of the
/// stream buffer and base classes.
{
public:
CryptoIOS(std::istream & istr, CryptoTransform * pTransform, std::streamsize bufferSize = 8192);
CryptoIOS(std::ostream & ostr, CryptoTransform * pTransform, std::streamsize bufferSize = 8192);
~CryptoIOS();
CryptoStreamBuf * rdbuf();
protected:
CryptoStreamBuf _buf;
};
class Crypto_API CryptoInputStream : public CryptoIOS, public std::istream
/// This stream transforms all data passing through it using the given
/// CryptoTransform.
///
/// Use a CryptoTransform object provided by Cipher::createEncrytor() or
/// Cipher::createDecryptor() to create an encrypting or decrypting stream,
/// respectively.
{
public:
CryptoInputStream(std::istream & istr, CryptoTransform * pTransform, std::streamsize bufferSize = 8192);
/// Create a new CryptoInputStream object. The CryptoInputStream takes the
/// ownership of the given CryptoTransform object.
CryptoInputStream(std::istream & istr, Cipher & cipher, std::streamsize bufferSize = 8192);
/// Create a new encrypting CryptoInputStream object using the given cipher.
~CryptoInputStream();
/// Destroys the CryptoInputStream.
};
class Crypto_API CryptoOutputStream : public CryptoIOS, public std::ostream
/// This stream transforms all data passing through it using the given
/// CryptoTransform.
///
/// Use a CryptoTransform object provided by Cipher::createEncrytor() or
/// Cipher::createDecryptor() to create an encrypting or decrypting stream,
/// respectively.
///
/// After all data has been passed through the stream, close() must be called
/// to ensure completion of cryptographic transformation.
{
public:
CryptoOutputStream(std::ostream & ostr, CryptoTransform * pTransform, std::streamsize bufferSize = 8192);
/// Create a new CryptoOutputStream object. The CryptoOutputStream takes the
/// ownership of the given CryptoTransform object.
CryptoOutputStream(std::ostream & ostr, Cipher & cipher, std::streamsize bufferSize = 8192);
/// Create a new decrypting CryptoOutputStream object using the given cipher.
~CryptoOutputStream();
/// Destroys the CryptoOutputStream.
void close();
/// Flushes all buffers and finishes the encryption.
};
class Crypto_API DecryptingInputStream : public CryptoIOS, public std::istream
/// This stream decrypts all data passing through it using the given
/// Cipher.
{
public:
DecryptingInputStream(std::istream & istr, Cipher & cipher, std::streamsize bufferSize = 8192);
/// Create a new DecryptingInputStream object using the given cipher.
~DecryptingInputStream();
/// Destroys the DecryptingInputStream.
};
class Crypto_API DecryptingOutputStream : public CryptoIOS, public std::ostream
/// This stream decrypts all data passing through it using the given
/// Cipher.
{
public:
DecryptingOutputStream(std::ostream & ostr, Cipher & cipher, std::streamsize bufferSize = 8192);
/// Create a new DecryptingOutputStream object using the given cipher.
~DecryptingOutputStream();
/// Destroys the DecryptingOutputStream.
void close();
/// Flushes all buffers and finishes the decryption.
};
class Crypto_API EncryptingInputStream : public CryptoIOS, public std::istream
/// This stream encrypts all data passing through it using the given
/// Cipher.
{
public:
EncryptingInputStream(std::istream & istr, Cipher & cipher, std::streamsize bufferSize = 8192);
/// Create a new EncryptingInputStream object using the given cipher.
~EncryptingInputStream();
/// Destroys the EncryptingInputStream.
};
class Crypto_API EncryptingOutputStream : public CryptoIOS, public std::ostream
/// This stream encrypts all data passing through it using the given
/// Cipher.
{
public:
EncryptingOutputStream(std::ostream & ostr, Cipher & cipher, std::streamsize bufferSize = 8192);
/// Create a new EncryptingOutputStream object using the given cipher.
~EncryptingOutputStream();
/// Destroys the EncryptingOutputStream.
void close();
/// Flushes all buffers and finishes the encryption.
};
}
} // namespace Poco::Crypto
#endif // Crypto_CryptoStream_INCLUDED

88
base/poco/Crypto/include/Poco/Crypto/CryptoTransform.h Normal file
View File

@ -0,0 +1,88 @@
//
// CryptoTransform.h
//
// Library: Crypto
// Package: Cipher
// Module: CryptoTransform
//
// Definition of the CryptoTransform class.
//
// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#ifndef Crypto_CryptoTransform_INCLUDED
#define Crypto_CryptoTransform_INCLUDED
#include <ios>
#include "Poco/Crypto/Crypto.h"
namespace Poco
{
namespace Crypto
{
class Crypto_API CryptoTransform
/// This interface represents the basic operations for cryptographic
/// transformations to be used with a CryptoInputStream or a
/// CryptoOutputStream.
///
/// Implementations of this class are returned by the Cipher class to
/// perform encryption or decryption of data.
{
public:
CryptoTransform();
/// Creates a new CryptoTransform object.
virtual ~CryptoTransform();
/// Destroys the CryptoTransform.
virtual std::size_t blockSize() const = 0;
/// Returns the block size for this CryptoTransform.
virtual int setPadding(int padding);
/// Enables or disables padding. By default encryption operations are padded using standard block
/// padding and the padding is checked and removed when decrypting. If the padding parameter is zero then
/// no padding is performed, the total amount of data encrypted or decrypted must then be a multiple of
/// the block size or an error will occur.
virtual std::string getTag(std::size_t tagSize = 16) = 0;
/// Returns the GCM tag after encrypting using GCM mode.
///
/// Must be called after finalize().
virtual void setTag(const std::string & tag) = 0;
/// Sets the GCM tag for authenticated decryption using GCM mode.
///
/// Must be set before finalize() is called, otherwise
/// decryption will fail.
virtual std::streamsize
transform(const unsigned char * input, std::streamsize inputLength, unsigned char * output, std::streamsize outputLength)
= 0;
/// Transforms a chunk of data. The inputLength is arbitrary and does not
/// need to be a multiple of the block size. The output buffer has a maximum
/// capacity of the given outputLength that must be at least
/// inputLength + blockSize() - 1
/// Returns the number of bytes written to the output buffer.
virtual std::streamsize finalize(unsigned char * output, std::streamsize length) = 0;
/// Finalizes the transformation. The output buffer must contain enough
/// space for at least two blocks, ie.
/// length >= 2*blockSize()
/// must be true. Returns the number of bytes written to the output
/// buffer.
};
}
} // namespace Poco::Crypto
#endif // Crypto_CryptoTransform_INCLUDED

83
base/poco/Crypto/include/Poco/Crypto/DigestEngine.h Normal file
View File

@ -0,0 +1,83 @@
//
// DigestEngine.h
//
// Library: Crypto
// Package: Digest
// Module: DigestEngine
//
// Definition of the DigestEngine class.
//
// Copyright (c) 2012, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#ifndef Crypto_DigestEngine_INCLUDED
#define Crypto_DigestEngine_INCLUDED
#include <openssl/evp.h>
#include "Poco/Crypto/Crypto.h"
#include "Poco/Crypto/OpenSSLInitializer.h"
#include "Poco/DigestEngine.h"
namespace Poco
{
namespace Crypto
{
class Crypto_API DigestEngine : public Poco::DigestEngine
/// This class implements a Poco::DigestEngine for all
/// digest algorithms supported by OpenSSL.
{
public:
DigestEngine(const std::string & name);
/// Creates a DigestEngine using the digest with the given name
/// (e.g., "MD5", "SHA1", "SHA256", "SHA512", etc.).
/// See the OpenSSL documentation for a list of supported digest algorithms.
///
/// Throws a Poco::NotFoundException if no algorithm with the given name exists.
~DigestEngine();
/// Destroys the DigestEngine.
const std::string & algorithm() const;
/// Returns the name of the digest algorithm.
int nid() const;
/// Returns the NID (OpenSSL object identifier) of the digest algorithm.
// DigestEngine
std::size_t digestLength() const;
void reset();
const Poco::DigestEngine::Digest & digest();
protected:
void updateImpl(const void * data, std::size_t length);
private:
std::string _name;
EVP_MD_CTX * _pContext;
Poco::DigestEngine::Digest _digest;
OpenSSLInitializer _openSSLInitializer;
};
//
// inlines
//
inline const std::string & DigestEngine::algorithm() const
{
return _name;
}
}
} // namespace Poco::Crypto
#endif // Crypto_DigestEngine_INCLUDED

103
base/poco/Crypto/include/Poco/Crypto/ECDSADigestEngine.h Normal file
View File

@ -0,0 +1,103 @@
//
// ECDSADigestEngine.h
//
//
// Library: Crypto
// Package: ECDSA
// Module: ECDSADigestEngine
//
// Definition of the ECDSADigestEngine class.
//
// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#ifndef Crypto_ECDSADigestEngine_INCLUDED
#define Crypto_ECDSADigestEngine_INCLUDED
#include <istream>
#include <ostream>
#include "Poco/Crypto/Crypto.h"
#include "Poco/Crypto/DigestEngine.h"
#include "Poco/Crypto/ECKey.h"
#include "Poco/DigestEngine.h"
namespace Poco
{
namespace Crypto
{
class Crypto_API ECDSADigestEngine : public Poco::DigestEngine
/// This class implements a Poco::DigestEngine that can be
/// used to compute a secure digital signature.
///
/// First another Poco::Crypto::DigestEngine is created and
/// used to compute a cryptographic hash of the data to be
/// signed. Then, the hash value is encrypted, using
/// the ECDSA private key.
///
/// To verify a signature, pass it to the verify()
/// member function. It will decrypt the signature
/// using the ECDSA public key and compare the resulting
/// hash with the actual hash of the data.
{
public:
ECDSADigestEngine(const ECKey & key, const std::string & name);
/// Creates the ECDSADigestEngine with the given ECDSA key,
/// using the hash algorithm with the given name
/// (e.g., "SHA1", "SHA256", "SHA512", etc.).
/// See the OpenSSL documentation for a list of supported digest algorithms.
///
/// Throws a Poco::NotFoundException if no algorithm with the given name exists.
~ECDSADigestEngine();
/// Destroys the ECDSADigestEngine.
std::size_t digestLength() const;
/// Returns the length of the digest in bytes.
void reset();
/// Resets the engine so that a new
/// digest can be computed.
const DigestEngine::Digest & digest();
/// Finishes the computation of the digest
/// (the first time it's called) and
/// returns the message digest.
///
/// Can be called multiple times.
const DigestEngine::Digest & signature();
/// Signs the digest using the ECDSADSA algorithm
/// and the private key (the first time it's
/// called) and returns the result.
///
/// Can be called multiple times.
bool verify(const DigestEngine::Digest & signature);
/// Verifies the data against the signature.
///
/// Returns true if the signature can be verified, false otherwise.
protected:
void updateImpl(const void * data, std::size_t length);
private:
ECKey _key;
Poco::Crypto::DigestEngine _engine;
Poco::DigestEngine::Digest _digest;
Poco::DigestEngine::Digest _signature;
};
}
} // namespace Poco::Crypto
#endif // Crypto_ECDSADigestEngine_INCLUDED

138
base/poco/Crypto/include/Poco/Crypto/ECKey.h Normal file
View File

@ -0,0 +1,138 @@
//
// ECKey.h
//
//
// Library: Crypto
// Package: EC
// Module: ECKey
//
// Definition of the ECKey class.
//
// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#ifndef Crypto_ECKey_INCLUDED
#define Crypto_ECKey_INCLUDED
#include "Poco/Crypto/Crypto.h"
#include "Poco/Crypto/ECKeyImpl.h"
#include "Poco/Crypto/KeyPair.h"
namespace Poco
{
namespace Crypto
{
class X509Certificate;
class PKCS12Container;
class Crypto_API ECKey : public KeyPair
/// This class stores an EC key pair, consisting
/// of private and public key. Storage of the private
/// key is optional.
///
/// If a private key is available, the ECKey can be
/// used for decrypting data (encrypted with the public key)
/// or computing secure digital signatures.
{
public:
ECKey(const EVPPKey & key);
/// Constructs ECKeyImpl by extracting the EC key.
ECKey(const X509Certificate & cert);
/// Extracts the EC public key from the given certificate.
ECKey(const PKCS12Container & cert);
/// Extracts the EC private key from the given certificate.
ECKey(const std::string & eccGroup);
/// Creates the ECKey. Creates a new public/private key pair using the given parameters.
/// Can be used to sign data and verify signatures.
ECKey(const std::string & publicKeyFile, const std::string & privateKeyFile, const std::string & privateKeyPassphrase = "");
/// Creates the ECKey, by reading public and private key from the given files and
/// using the given passphrase for the private key.
///
/// Cannot be used for signing or decryption unless a private key is available.
///
/// If a private key is specified, you don't need to specify a public key file.
/// OpenSSL will auto-create the public key from the private key.
ECKey(std::istream * pPublicKeyStream, std::istream * pPrivateKeyStream = 0, const std::string & privateKeyPassphrase = "");
/// Creates the ECKey, by reading public and private key from the given streams and
/// using the given passphrase for the private key.
///
/// Cannot be used for signing or decryption unless a private key is available.
///
/// If a private key is specified, you don't need to specify a public key file.
/// OpenSSL will auto-create the public key from the private key.
~ECKey();
/// Destroys the ECKey.
ECKeyImpl::Ptr impl() const;
/// Returns the impl object.
static std::string getCurveName(int nid = -1);
/// Returns elliptical curve name corresponding to
/// the given nid; if nid is not found, returns
/// empty string.
///
/// If nid is -1, returns first curve name.
///
/// If no curves are found, returns empty string;
static int getCurveNID(std::string & name);
/// Returns the NID of the specified curve.
///
/// If name is empty, returns the first curve NID
/// and updates the name accordingly.
static bool hasCurve(const std::string & name);
/// Returns true if the named curve is found,
/// false otherwise.
private:
ECKeyImpl::Ptr _pImpl;
};
//
// inlines
//
inline ECKeyImpl::Ptr ECKey::impl() const
{
return _pImpl;
}
inline std::string ECKey::getCurveName(int nid)
{
return ECKeyImpl::getCurveName(nid);
}
inline int ECKey::getCurveNID(std::string & name)
{
return ECKeyImpl::getCurveNID(name);
}
inline bool ECKey::hasCurve(const std::string & name)
{
return ECKeyImpl::hasCurve(name);
}
}
} // namespace Poco::Crypto
#endif // Crypto_ECKey_INCLUDED

173
base/poco/Crypto/include/Poco/Crypto/ECKeyImpl.h Normal file
View File

@ -0,0 +1,173 @@
//
// ECKeyImpl.h
//
//
// Library: Crypto
// Package: EC
// Module: ECKeyImpl
//
// Definition of the ECKeyImpl class.
//
// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#ifndef Crypto_ECKeyImplImpl_INCLUDED
#define Crypto_ECKeyImplImpl_INCLUDED
#include <istream>
#include <ostream>
#include <vector>
#include <openssl/ec.h>
#include <openssl/objects.h>
#include "Poco/AutoPtr.h"
#include "Poco/Crypto/Crypto.h"
#include "Poco/Crypto/EVPPKey.h"
#include "Poco/Crypto/KeyPairImpl.h"
#include "Poco/Crypto/OpenSSLInitializer.h"
#include "Poco/RefCountedObject.h"
namespace Poco
{
namespace Crypto
{
class X509Certificate;
class PKCS12Container;
class ECKeyImpl : public KeyPairImpl
/// Elliptic Curve key clas implementation.
{
public:
typedef Poco::AutoPtr<ECKeyImpl> Ptr;
typedef std::vector<unsigned char> ByteVec;
ECKeyImpl(const EVPPKey & key);
/// Constructs ECKeyImpl by extracting the EC key.
ECKeyImpl(const X509Certificate & cert);
/// Constructs ECKeyImpl by extracting the EC public key from the given certificate.
ECKeyImpl(const PKCS12Container & cert);
/// Constructs ECKeyImpl by extracting the EC private key from the given certificate.
ECKeyImpl(int eccGroup);
/// Creates the ECKey of the specified group. Creates a new public/private keypair using the given parameters.
/// Can be used to sign data and verify signatures.
ECKeyImpl(const std::string & publicKeyFile, const std::string & privateKeyFile, const std::string & privateKeyPassphrase);
/// Creates the ECKey, by reading public and private key from the given files and
/// using the given passphrase for the private key. Can only by used for signing if
/// a private key is available.
ECKeyImpl(std::istream * pPublicKeyStream, std::istream * pPrivateKeyStream, const std::string & privateKeyPassphrase);
/// Creates the ECKey. Can only by used for signing if pPrivKey
/// is not null. If a private key file is specified, you don't need to
/// specify a public key file. OpenSSL will auto-create it from the private key.
~ECKeyImpl();
/// Destroys the ECKeyImpl.
EC_KEY * getECKey();
/// Returns the OpenSSL EC key.
const EC_KEY * getECKey() const;
/// Returns the OpenSSL EC key.
int size() const;
/// Returns the EC key length in bits.
int groupId() const;
/// Returns the EC key group integer Id.
std::string groupName() const;
/// Returns the EC key group name.
void save(const std::string & publicKeyFile, const std::string & privateKeyFile = "", const std::string & privateKeyPassphrase = "")
const;
/// Exports the public and private keys to the given files.
///
/// If an empty filename is specified, the corresponding key
/// is not exported.
void
save(std::ostream * pPublicKeyStream, std::ostream * pPrivateKeyStream = 0, const std::string & privateKeyPassphrase = "") const;
/// Exports the public and private key to the given streams.
///
/// If a null pointer is passed for a stream, the corresponding
/// key is not exported.
static std::string getCurveName(int nid = -1);
/// Returns elliptical curve name corresponding to
/// the given nid; if nid is not found, returns
/// empty string.
///
/// If nid is -1, returns first curve name.
///
/// If no curves are found, returns empty string;
static int getCurveNID(std::string & name);
/// Returns the NID of the specified curve.
///
/// If name is empty, returns the first curve NID
/// and updates the name accordingly.
static bool hasCurve(const std::string & name);
/// Returns true if the named curve is found,
/// false otherwise.
private:
void checkEC(const std::string & method, const std::string & func) const;
void freeEC();
EC_KEY * _pEC;
};
//
// inlines
//
inline EC_KEY * ECKeyImpl::getECKey()
{
return _pEC;
}
inline const EC_KEY * ECKeyImpl::getECKey() const
{
return _pEC;
}
inline std::string ECKeyImpl::groupName() const
{
return OBJ_nid2sn(groupId());
}
inline void
ECKeyImpl::save(const std::string & publicKeyFile, const std::string & privateKeyFile, const std::string & privateKeyPassphrase) const
{
EVPPKey(_pEC).save(publicKeyFile, privateKeyFile, privateKeyPassphrase);
}
inline void
ECKeyImpl::save(std::ostream * pPublicKeyStream, std::ostream * pPrivateKeyStream, const std::string & privateKeyPassphrase) const
{
EVPPKey(_pEC).save(pPublicKeyStream, pPrivateKeyStream, privateKeyPassphrase);
}
}
} // namespace Poco::Crypto
#endif // Crypto_ECKeyImplImpl_INCLUDED

369
base/poco/Crypto/include/Poco/Crypto/EVPPKey.h Normal file
View File

@ -0,0 +1,369 @@
//
// EVPPKey.h
//
//
// Library: Crypto
// Package: CryptoCore
// Module: EVPPKey
//
// Definition of the EVPPKey class.
//
// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#ifndef Crypto_EVPPKeyImpl_INCLUDED
#define Crypto_EVPPKeyImpl_INCLUDED
#include <sstream>
#include <typeinfo>
#include <openssl/ec.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include "Poco/Crypto/Crypto.h"
#include "Poco/Crypto/CryptoException.h"
#include "Poco/StreamCopier.h"
namespace Poco
{
namespace Crypto
{
class ECKey;
class RSAKey;
class Crypto_API EVPPKey
/// Utility class for conversion of native keys to EVP.
/// Currently, only RSA and EC keys are supported.
{
public:
explicit EVPPKey(const std::string & ecCurveName);
/// Constructs EVPPKey from ECC curve name.
///
/// Only EC keys can be wrapped by an EVPPKey
/// created using this constructor.
explicit EVPPKey(const char * ecCurveName);
/// Constructs EVPPKey from ECC curve name.
///
/// Only EC keys can be wrapped by an EVPPKey
/// created using this constructor.
explicit EVPPKey(EVP_PKEY * pEVPPKey);
/// Constructs EVPPKey from EVP_PKEY pointer.
/// The content behind the supplied pointer is internally duplicated.
template <typename K>
explicit EVPPKey(K * pKey) : _pEVPPKey(EVP_PKEY_new())
/// Constructs EVPPKey from a "native" OpenSSL (RSA or EC_KEY),
/// or a Poco wrapper (RSAKey, ECKey) key pointer.
{
if (!_pEVPPKey)
throw OpenSSLException();
setKey(pKey);
}
EVPPKey(const std::string & publicKeyFile, const std::string & privateKeyFile, const std::string & privateKeyPassphrase = "");
/// Creates the EVPPKey, by reading public and private key from the given files and
/// using the given passphrase for the private key. Can only by used for signing if
/// a private key is available.
EVPPKey(std::istream * pPublicKeyStream, std::istream * pPrivateKeyStream, const std::string & privateKeyPassphrase = "");
/// Creates the EVPPKey. Can only by used for signing if pPrivKey
/// is not null. If a private key file is specified, you don't need to
/// specify a public key file. OpenSSL will auto-create it from the private key.
EVPPKey(const EVPPKey & other);
/// Copy constructor.
EVPPKey & operator=(const EVPPKey & other);
/// Assignment operator.
#ifdef POCO_ENABLE_CPP11
EVPPKey(EVPPKey && other);
/// Move constructor.
EVPPKey & operator=(EVPPKey && other);
/// Assignment move operator.
#endif // POCO_ENABLE_CPP11
~EVPPKey();
/// Destroys the EVPPKey.
bool operator==(const EVPPKey & other) const;
/// Comparison operator.
/// Returns true if public key components and parameters
/// of the other key are equal to this key.
///
/// Works as expected when one key contains only public key,
/// while the other one contains private (thus also public) key.
bool operator!=(const EVPPKey & other) const;
/// Comparison operator.
/// Returns true if public key components and parameters
/// of the other key are different from this key.
///
/// Works as expected when one key contains only public key,
/// while the other one contains private (thus also public) key.
void save(const std::string & publicKeyFile, const std::string & privateKeyFile = "", const std::string & privateKeyPassphrase = "")
const;
/// Exports the public and/or private keys to the given files.
///
/// If an empty filename is specified, the corresponding key
/// is not exported.
void
save(std::ostream * pPublicKeyStream, std::ostream * pPrivateKeyStream = 0, const std::string & privateKeyPassphrase = "") const;
/// Exports the public and/or private key to the given streams.
///
/// If a null pointer is passed for a stream, the corresponding
/// key is not exported.
int type() const;
/// Returns the EVPPKey type NID.
bool isSupported(int type) const;
/// Returns true if OpenSSL type is supported
operator const EVP_PKEY *() const;
/// Returns const pointer to the OpenSSL EVP_PKEY structure.
operator EVP_PKEY *();
/// Returns pointer to the OpenSSL EVP_PKEY structure.
static EVP_PKEY * duplicate(const EVP_PKEY * pFromKey, EVP_PKEY ** pToKey);
/// Duplicates pFromKey into *pToKey and returns
// the pointer to duplicated EVP_PKEY.
private:
EVPPKey();
static int type(const EVP_PKEY * pEVPPKey);
void newECKey(const char * group);
void duplicate(EVP_PKEY * pEVPPKey);
void setKey(ECKey * pKey);
void setKey(RSAKey * pKey);
void setKey(EC_KEY * pKey);
void setKey(RSA * pKey);
static int passCB(char * buf, int size, int, void * pass);
typedef EVP_PKEY * (*PEM_read_FILE_Key_fn)(FILE *, EVP_PKEY **, pem_password_cb *, void *);
typedef EVP_PKEY * (*PEM_read_BIO_Key_fn)(BIO *, EVP_PKEY **, pem_password_cb *, void *);
typedef void * (*EVP_PKEY_get_Key_fn)(EVP_PKEY *);
// The following load*() functions are used by both native and EVP_PKEY type key
// loading from BIO/FILE.
// When used for EVP key loading, getFunc is null (ie. native key is not extracted
// from the loaded EVP_PKEY).
template <typename K, typename F>
static bool
loadKey(K ** ppKey, PEM_read_FILE_Key_fn readFunc, F getFunc, const std::string & keyFile, const std::string & pass = "")
{
poco_assert_dbg(
((typeid(K *) == typeid(RSA *) || typeid(K *) == typeid(EC_KEY *)) && getFunc)
|| ((typeid(K *) == typeid(EVP_PKEY *)) && !getFunc));
poco_check_ptr(ppKey);
poco_assert_dbg(!*ppKey);
FILE * pFile = 0;
if (!keyFile.empty())
{
if (!getFunc)
*ppKey = (K *)EVP_PKEY_new();
EVP_PKEY * pKey = getFunc ? EVP_PKEY_new() : (EVP_PKEY *)*ppKey;
if (pKey)
{
pFile = fopen(keyFile.c_str(), "r");
if (pFile)
{
pem_password_cb * pCB = pass.empty() ? (pem_password_cb *)0 : &passCB;
void * pPassword = pass.empty() ? (void *)0 : (void *)pass.c_str();
if (readFunc(pFile, &pKey, pCB, pPassword))
{
fclose(pFile);
pFile = 0;
if (getFunc)
{
*ppKey = (K *)getFunc(pKey);
EVP_PKEY_free(pKey);
}
else
{
poco_assert_dbg(typeid(K *) == typeid(EVP_PKEY *));
*ppKey = (K *)pKey;
}
if (!*ppKey)
goto error;
return true;
}
goto error;
}
else
{
if (getFunc)
EVP_PKEY_free(pKey);
throw IOException("ECKeyImpl, cannot open file", keyFile);
}
}
else
goto error;
}
return false;
error:
if (pFile)
fclose(pFile);
throw OpenSSLException("EVPKey::loadKey(string)");
}
template <typename K, typename F>
static bool loadKey(K ** ppKey, PEM_read_BIO_Key_fn readFunc, F getFunc, std::istream * pIstr, const std::string & pass = "")
{
poco_assert_dbg(
((typeid(K *) == typeid(RSA *) || typeid(K *) == typeid(EC_KEY *)) && getFunc)
|| ((typeid(K *) == typeid(EVP_PKEY *)) && !getFunc));
poco_check_ptr(ppKey);
poco_assert_dbg(!*ppKey);
BIO * pBIO = 0;
if (pIstr)
{
std::ostringstream ostr;
Poco::StreamCopier::copyStream(*pIstr, ostr);
std::string key = ostr.str();
pBIO = BIO_new_mem_buf(const_cast<char *>(key.data()), static_cast<int>(key.size()));
if (pBIO)
{
if (!getFunc)
*ppKey = (K *)EVP_PKEY_new();
EVP_PKEY * pKey = getFunc ? EVP_PKEY_new() : (EVP_PKEY *)*ppKey;
if (pKey)
{
pem_password_cb * pCB = pass.empty() ? (pem_password_cb *)0 : &passCB;
void * pPassword = pass.empty() ? (void *)0 : (void *)pass.c_str();
if (readFunc(pBIO, &pKey, pCB, pPassword))
{
BIO_free(pBIO);
pBIO = 0;
if (getFunc)
{
*ppKey = (K *)getFunc(pKey);
EVP_PKEY_free(pKey);
}
else
{
poco_assert_dbg(typeid(K *) == typeid(EVP_PKEY *));
*ppKey = (K *)pKey;
}
if (!*ppKey)
goto error;
return true;
}
if (getFunc)
EVP_PKEY_free(pKey);
goto error;
}
else
goto error;
}
else
goto error;
}
return false;
error:
if (pBIO)
BIO_free(pBIO);
throw OpenSSLException("EVPKey::loadKey(stream)");
}
EVP_PKEY * _pEVPPKey;
friend class ECKeyImpl;
friend class RSAKeyImpl;
};
//
// inlines
//
inline bool EVPPKey::operator==(const EVPPKey & other) const
{
poco_check_ptr(other._pEVPPKey);
poco_check_ptr(_pEVPPKey);
return (1 == EVP_PKEY_cmp(_pEVPPKey, other._pEVPPKey));
}
inline bool EVPPKey::operator!=(const EVPPKey & other) const
{
return !(other == *this);
}
inline int EVPPKey::type(const EVP_PKEY * pEVPPKey)
{
if (!pEVPPKey)
return NID_undef;
return EVP_PKEY_type(EVP_PKEY_id(pEVPPKey));
}
inline int EVPPKey::type() const
{
return type(_pEVPPKey);
}
inline bool EVPPKey::isSupported(int type) const
{
return type == EVP_PKEY_EC || type == EVP_PKEY_RSA;
}
inline EVPPKey::operator const EVP_PKEY *() const
{
return _pEVPPKey;
}
inline EVPPKey::operator EVP_PKEY *()
{
return _pEVPPKey;
}
inline void EVPPKey::setKey(EC_KEY * pKey)
{
if (!EVP_PKEY_set1_EC_KEY(_pEVPPKey, pKey))
throw OpenSSLException();
}
inline void EVPPKey::setKey(RSA * pKey)
{
if (!EVP_PKEY_set1_RSA(_pEVPPKey, pKey))
throw OpenSSLException();
}
}
} // namespace Poco::Crypto
#endif // Crypto_EVPPKeyImpl_INCLUDED

136
base/poco/Crypto/include/Poco/Crypto/KeyPair.h Normal file
View File

@ -0,0 +1,136 @@
//
// KeyPair.h
//
//
// Library: Crypto
// Package: CryptoCore
// Module: KeyPair
//
// Definition of the KeyPair class.
//
// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#ifndef Crypto_KeyPair_INCLUDED
#define Crypto_KeyPair_INCLUDED
#include "Poco/Crypto/Crypto.h"
#include "Poco/Crypto/KeyPairImpl.h"
namespace Poco
{
namespace Crypto
{
class X509Certificate;
class Crypto_API KeyPair
/// This is a parent class for classes storing a key pair, consisting
/// of private and public key. Storage of the private key is optional.
///
/// If a private key is available, the KeyPair can be
/// used for decrypting data (encrypted with the public key)
/// or computing secure digital signatures.
{
public:
enum Type
{
KT_RSA = KeyPairImpl::KT_RSA_IMPL,
KT_EC = KeyPairImpl::KT_EC_IMPL
};
explicit KeyPair(KeyPairImpl::Ptr pKeyPairImpl = 0);
/// Extracts the RSA public key from the given certificate.
virtual ~KeyPair();
/// Destroys the KeyPair.
virtual int size() const;
/// Returns the RSA modulus size.
virtual void save(
const std::string & publicKeyPairFile,
const std::string & privateKeyPairFile = "",
const std::string & privateKeyPairPassphrase = "") const;
/// Exports the public and private keys to the given files.
///
/// If an empty filename is specified, the corresponding key
/// is not exported.
virtual void save(
std::ostream * pPublicKeyPairStream,
std::ostream * pPrivateKeyPairStream = 0,
const std::string & privateKeyPairPassphrase = "") const;
/// Exports the public and private key to the given streams.
///
/// If a null pointer is passed for a stream, the corresponding
/// key is not exported.
KeyPairImpl::Ptr impl() const;
/// Returns the impl object.
const std::string & name() const;
/// Returns key pair name
Type type() const;
/// Returns key pair type
private:
KeyPairImpl::Ptr _pImpl;
};
//
// inlines
//
inline int KeyPair::size() const
{
return _pImpl->size();
}
inline void
KeyPair::save(const std::string & publicKeyFile, const std::string & privateKeyFile, const std::string & privateKeyPassphrase) const
{
_pImpl->save(publicKeyFile, privateKeyFile, privateKeyPassphrase);
}
inline void
KeyPair::save(std::ostream * pPublicKeyStream, std::ostream * pPrivateKeyStream, const std::string & privateKeyPassphrase) const
{
_pImpl->save(pPublicKeyStream, pPrivateKeyStream, privateKeyPassphrase);
}
inline const std::string & KeyPair::name() const
{
return _pImpl->name();
}
inline KeyPairImpl::Ptr KeyPair::impl() const
{
return _pImpl;
}
inline KeyPair::Type KeyPair::type() const
{
return (KeyPair::Type)impl()->type();
}
}
} // namespace Poco::Crypto
#endif // Crypto_KeyPair_INCLUDED

110
base/poco/Crypto/include/Poco/Crypto/KeyPairImpl.h Normal file
View File

@ -0,0 +1,110 @@
//
// KeyPairImpl.h
//
//
// Library: Crypto
// Package: CryptoCore
// Module: KeyPairImpl
//
// Definition of the KeyPairImpl class.
//
// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#ifndef Crypto_KeyPairImplImpl_INCLUDED
#define Crypto_KeyPairImplImpl_INCLUDED
#include <string>
#include <vector>
#include "Poco/AutoPtr.h"
#include "Poco/Crypto/Crypto.h"
#include "Poco/Crypto/OpenSSLInitializer.h"
#include "Poco/RefCountedObject.h"
namespace Poco
{
namespace Crypto
{
class KeyPairImpl : public Poco::RefCountedObject
/// Class KeyPairImpl
{
public:
enum Type
{
KT_RSA_IMPL = 0,
KT_EC_IMPL
};
typedef Poco::AutoPtr<KeyPairImpl> Ptr;
typedef std::vector<unsigned char> ByteVec;
KeyPairImpl(const std::string & name, Type type);
/// Create KeyPairImpl with specified type and name.
virtual ~KeyPairImpl();
/// Destroys the KeyPairImpl.
virtual int size() const = 0;
/// Returns the key size.
virtual void save(
const std::string & publicKeyFile,
const std::string & privateKeyFile = "",
const std::string & privateKeyPassphrase = "") const = 0;
/// Exports the public and private keys to the given files.
///
/// If an empty filename is specified, the corresponding key
/// is not exported.
virtual void save(
std::ostream * pPublicKeyStream, std::ostream * pPrivateKeyStream = 0, const std::string & privateKeyPassphrase = "") const = 0;
/// Exports the public and private key to the given streams.
///
/// If a null pointer is passed for a stream, the corresponding
/// key is not exported.
const std::string & name() const;
/// Returns key pair name
Type type() const;
/// Returns key pair type
private:
KeyPairImpl();
std::string _name;
Type _type;
OpenSSLInitializer _openSSLInitializer;
};
//
// inlines
//
inline const std::string & KeyPairImpl::name() const
{
return _name;
}
inline KeyPairImpl::Type KeyPairImpl::type() const
{
return _type;
}
}
} // namespace Poco::Crypto
#endif // Crypto_KeyPairImplImpl_INCLUDED

117
base/poco/Crypto/include/Poco/Crypto/OpenSSLInitializer.h Normal file
View File

@ -0,0 +1,117 @@
//
// OpenSSLInitializer.h
//
// Library: Crypto
// Package: CryptoCore
// Module: OpenSSLInitializer
//
// Definition of the OpenSSLInitializer class.
//
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#ifndef Crypto_OpenSSLInitializer_INCLUDED
#define Crypto_OpenSSLInitializer_INCLUDED
#include <openssl/crypto.h>
#include "Poco/AtomicCounter.h"
#include "Poco/Crypto/Crypto.h"
#include "Poco/Mutex.h"
#if defined(OPENSSL_FIPS) && OPENSSL_VERSION_NUMBER < 0x010001000L
# include <openssl/fips.h>
#endif
extern "C" {
struct CRYPTO_dynlock_value
{
Poco::FastMutex _mutex;
};
}
namespace Poco
{
namespace Crypto
{
class Crypto_API OpenSSLInitializer
/// Initializes the OpenSSL library.
///
/// The class ensures the earliest initialization and the
/// latest shutdown of the OpenSSL library.
{
public:
OpenSSLInitializer();
/// Automatically initialize OpenSSL on startup.
~OpenSSLInitializer();
/// Automatically shut down OpenSSL on exit.
static void initialize();
/// Initializes the OpenSSL machinery.
static void uninitialize();
/// Shuts down the OpenSSL machinery.
static bool isFIPSEnabled();
// Returns true if FIPS mode is enabled, false otherwise.
static void enableFIPSMode(bool enabled);
// Enable or disable FIPS mode. If FIPS is not available, this method doesn't do anything.
protected:
enum
{
SEEDSIZE = 256
};
// OpenSSL multithreading support
static void lock(int mode, int n, const char * file, int line);
static unsigned long id();
static struct CRYPTO_dynlock_value * dynlockCreate(const char * file, int line);
static void dynlock(int mode, struct CRYPTO_dynlock_value * lock, const char * file, int line);
static void dynlockDestroy(struct CRYPTO_dynlock_value * lock, const char * file, int line);
private:
static Poco::FastMutex * _mutexes;
static Poco::AtomicCounter _rc;
};
//
// inlines
//
inline bool OpenSSLInitializer::isFIPSEnabled()
{
#ifdef OPENSSL_FIPS
return FIPS_mode() ? true : false;
#else
return false;
#endif
}
#ifdef OPENSSL_FIPS
inline void OpenSSLInitializer::enableFIPSMode(bool enabled)
{
FIPS_mode_set(enabled);
}
#else
inline void OpenSSLInitializer::enableFIPSMode(bool /*enabled*/)
{
}
#endif
}
} // namespace Poco::Crypto
#endif // Crypto_OpenSSLInitializer_INCLUDED

162
base/poco/Crypto/include/Poco/Crypto/PKCS12Container.h Normal file
View File

@ -0,0 +1,162 @@
//
// PKCS12Container.h
//
// Library: Crypto
// Package: Certificate
// Module: PKCS12Container
//
// Definition of the PKCS12Container class.
//
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#ifndef Crypto_PKCS12Container_INCLUDED
#define Crypto_PKCS12Container_INCLUDED
#include <istream>
#include <memory>
#include <openssl/pkcs12.h>
#include "Poco/Crypto/Crypto.h"
#include "Poco/Crypto/EVPPKey.h"
#include "Poco/Crypto/OpenSSLInitializer.h"
#include "Poco/Crypto/X509Certificate.h"
#include "Poco/Path.h"
namespace Poco
{
namespace Crypto
{
class Crypto_API PKCS12Container
/// This class implements PKCS#12 container functionality.
{
public:
typedef X509Certificate::List CAList;
typedef std::vector<std::string> CANameList;
explicit PKCS12Container(std::istream & istr, const std::string & password = "");
/// Creates the PKCS12Container object from a stream.
explicit PKCS12Container(const std::string & path, const std::string & password = "");
/// Creates the PKCS12Container object from a file.
PKCS12Container(const PKCS12Container & cont);
/// Copy constructor.
PKCS12Container & operator=(const PKCS12Container & cont);
/// Assignment operator.
#ifdef POCO_ENABLE_CPP11
PKCS12Container(PKCS12Container && cont);
/// Move constructor.
PKCS12Container & operator=(PKCS12Container && cont);
/// Move assignment operator.
#endif // POCO_ENABLE_CPP11
~PKCS12Container();
/// Destroys the PKCS12Container.
bool hasKey() const;
/// Returns true if container contains the key.
EVPPKey getKey() const;
/// Return key as openssl EVP_PKEY wrapper object.
bool hasX509Certificate() const;
/// Returns true if container has X509 certificate.
const X509Certificate & getX509Certificate() const;
/// Returns the X509 certificate.
/// Throws NotFoundException if there is no certificate.
const CAList & getCACerts() const;
/// Returns the list of CA certificates in this container.
const std::string & getFriendlyName() const;
/// Returns the friendly name of the certificate bag.
const CANameList & getFriendlyNamesCA() const;
/// Returns a list of CA certificates friendly names.
private:
void load(PKCS12 * pPKCS12, const std::string & password = "");
std::string extractFriendlyName(X509 * pCert);
#ifdef POCO_ENABLE_CPP11
typedef std::unique_ptr<X509Certificate> CertPtr;
#else
typedef std::auto_ptr<X509Certificate> CertPtr;
#endif // #ifdef POCO_ENABLE_CPP11
OpenSSLInitializer _openSSLInitializer;
EVP_PKEY * _pKey;
CertPtr _pX509Cert;
CAList _caCertList;
CANameList _caCertNames;
std::string _pkcsFriendlyName;
};
//
// inlines
//
inline bool PKCS12Container::hasX509Certificate() const
{
return _pX509Cert.get() != 0;
}
inline const X509Certificate & PKCS12Container::getX509Certificate() const
{
if (!hasX509Certificate())
throw NotFoundException("PKCS12Container X509 certificate");
return *_pX509Cert;
}
inline const std::string & PKCS12Container::getFriendlyName() const
{
return _pkcsFriendlyName;
}
inline const PKCS12Container::CAList & PKCS12Container::getCACerts() const
{
return _caCertList;
}
inline const PKCS12Container::CANameList & PKCS12Container::getFriendlyNamesCA() const
{
return _caCertNames;
}
inline bool PKCS12Container::hasKey() const
{
return _pKey != 0;
}
inline EVPPKey PKCS12Container::getKey() const
{
return EVPPKey(_pKey);
}
}
} // namespace Poco::Crypto
#endif // Crypto_PKCS12Container_INCLUDED

80
base/poco/Crypto/include/Poco/Crypto/RSACipherImpl.h Normal file
View File

@ -0,0 +1,80 @@
//
// RSACipherImpl.h
//
// Library: Crypto
// Package: RSA
// Module: RSACipherImpl
//
// Definition of the RSACipherImpl class.
//
// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#ifndef Crypto_RSACipherImpl_INCLUDED
#define Crypto_RSACipherImpl_INCLUDED
#include <openssl/evp.h>
#include "Poco/Crypto/Cipher.h"
#include "Poco/Crypto/Crypto.h"
#include "Poco/Crypto/OpenSSLInitializer.h"
#include "Poco/Crypto/RSAKey.h"
namespace Poco
{
namespace Crypto
{
class RSACipherImpl : public Cipher
/// An implementation of the Cipher class for
/// asymmetric (public-private key) encryption
/// based on the the RSA algorithm in OpenSSL's
/// crypto library.
///
/// Encryption is using the public key, decryption
/// requires the private key.
{
public:
RSACipherImpl(const RSAKey & key, RSAPaddingMode paddingMode);
/// Creates a new RSACipherImpl object for the given RSAKey
/// and using the given padding mode.
virtual ~RSACipherImpl();
/// Destroys the RSACipherImpl.
const std::string & name() const;
/// Returns the name of the Cipher.
CryptoTransform * createEncryptor();
/// Creates an encryptor object.
CryptoTransform * createDecryptor();
/// Creates a decryptor object.
private:
RSAKey _key;
RSAPaddingMode _paddingMode;
OpenSSLInitializer _openSSLInitializer;
};
//
// Inlines
//
inline const std::string & RSACipherImpl::name() const
{
return _key.name();
}
}
} // namespace Poco::Crypto
#endif // Crypto_RSACipherImpl_INCLUDED

114
base/poco/Crypto/include/Poco/Crypto/RSADigestEngine.h Normal file
View File

@ -0,0 +1,114 @@
//
// RSADigestEngine.h
//
// Library: Crypto
// Package: RSA
// Module: RSADigestEngine
//
// Definition of the RSADigestEngine class.
//
// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#ifndef Crypto_RSADigestEngine_INCLUDED
#define Crypto_RSADigestEngine_INCLUDED
#include <istream>
#include <ostream>
#include "Poco/Crypto/Crypto.h"
#include "Poco/Crypto/DigestEngine.h"
#include "Poco/Crypto/RSAKey.h"
#include "Poco/DigestEngine.h"
namespace Poco
{
namespace Crypto
{
class Crypto_API RSADigestEngine : public Poco::DigestEngine
/// This class implements a Poco::DigestEngine that can be
/// used to compute a secure digital signature.
///
/// First another Poco::Crypto::DigestEngine is created and
/// used to compute a cryptographic hash of the data to be
/// signed. Then, the hash value is encrypted, using
/// the RSA private key.
///
/// To verify a signature, pass it to the verify()
/// member function. It will decrypt the signature
/// using the RSA public key and compare the resulting
/// hash with the actual hash of the data.
{
public:
enum DigestType
{
DIGEST_MD5,
DIGEST_SHA1
};
//@ deprecated
RSADigestEngine(const RSAKey & key, DigestType digestType = DIGEST_SHA1);
/// Creates the RSADigestEngine with the given RSA key,
/// using the MD5 or SHA-1 hash algorithm.
/// Kept for backward compatibility
RSADigestEngine(const RSAKey & key, const std::string & name);
/// Creates the RSADigestEngine with the given RSA key,
/// using the hash algorithm with the given name
/// (e.g., "MD5", "SHA1", "SHA256", "SHA512", etc.).
/// See the OpenSSL documentation for a list of supported digest algorithms.
///
/// Throws a Poco::NotFoundException if no algorithm with the given name exists.
~RSADigestEngine();
/// Destroys the RSADigestEngine.
std::size_t digestLength() const;
/// Returns the length of the digest in bytes.
void reset();
/// Resets the engine so that a new
/// digest can be computed.
const DigestEngine::Digest & digest();
/// Finishes the computation of the digest
/// (the first time it's called) and
/// returns the message digest.
///
/// Can be called multiple times.
const DigestEngine::Digest & signature();
/// Signs the digest using the RSA algorithm
/// and the private key (the first time it's
/// called) and returns the result.
///
/// Can be called multiple times.
bool verify(const DigestEngine::Digest & signature);
/// Verifies the data against the signature.
///
/// Returns true if the signature can be verified, false otherwise.
protected:
void updateImpl(const void * data, std::size_t length);
private:
RSAKey _key;
Poco::Crypto::DigestEngine _engine;
Poco::DigestEngine::Digest _digest;
Poco::DigestEngine::Digest _signature;
};
}
} // namespace Poco::Crypto
#endif // Crypto_RSADigestEngine_INCLUDED

124
base/poco/Crypto/include/Poco/Crypto/RSAKey.h Normal file
View File

@ -0,0 +1,124 @@
//
// RSAKey.h
//
// Library: Crypto
// Package: RSA
// Module: RSAKey
//
// Definition of the RSAKey class.
//
// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#ifndef Crypto_RSAKey_INCLUDED
#define Crypto_RSAKey_INCLUDED
#include "Poco/Crypto/Crypto.h"
#include "Poco/Crypto/KeyPair.h"
#include "Poco/Crypto/RSAKeyImpl.h"
namespace Poco
{
namespace Crypto
{
class X509Certificate;
class PKCS12Container;
class Crypto_API RSAKey : public KeyPair
/// This class stores an RSA key pair, consisting
/// of private and public key. Storage of the private
/// key is optional.
///
/// If a private key is available, the RSAKey can be
/// used for decrypting data (encrypted with the public key)
/// or computing secure digital signatures.
{
public:
enum KeyLength
{
KL_512 = 512,
KL_1024 = 1024,
KL_2048 = 2048,
KL_4096 = 4096
};
enum Exponent
{
EXP_SMALL = 0,
EXP_LARGE
};
RSAKey(const EVPPKey & key);
/// Constructs ECKeyImpl by extracting the EC key.
RSAKey(const X509Certificate & cert);
/// Extracts the RSA public key from the given certificate.
RSAKey(const PKCS12Container & cert);
/// Extracts the RSA private key from the given certificate.
RSAKey(KeyLength keyLength, Exponent exp);
/// Creates the RSAKey. Creates a new public/private keypair using the given parameters.
/// Can be used to sign data and verify signatures.
RSAKey(const std::string & publicKeyFile, const std::string & privateKeyFile = "", const std::string & privateKeyPassphrase = "");
/// Creates the RSAKey, by reading public and private key from the given files and
/// using the given passphrase for the private key.
///
/// Cannot be used for signing or decryption unless a private key is available.
///
/// If a private key is specified, you don't need to specify a public key file.
/// OpenSSL will auto-create the public key from the private key.
RSAKey(std::istream * pPublicKeyStream, std::istream * pPrivateKeyStream = 0, const std::string & privateKeyPassphrase = "");
/// Creates the RSAKey, by reading public and private key from the given streams and
/// using the given passphrase for the private key.
///
/// Cannot be used for signing or decryption unless a private key is available.
///
/// If a private key is specified, you don't need to specify a public key file.
/// OpenSSL will auto-create the public key from the private key.
~RSAKey();
/// Destroys the RSAKey.
RSAKeyImpl::ByteVec modulus() const;
/// Returns the RSA modulus.
RSAKeyImpl::ByteVec encryptionExponent() const;
/// Returns the RSA encryption exponent.
RSAKeyImpl::ByteVec decryptionExponent() const;
/// Returns the RSA decryption exponent.
RSAKeyImpl::Ptr impl() const;
/// Returns the impl object.
private:
RSAKeyImpl::Ptr _pImpl;
};
//
// inlines
//
inline RSAKeyImpl::Ptr RSAKey::impl() const
{
return _pImpl;
}
}
} // namespace Poco::Crypto
#endif // Crypto_RSAKey_INCLUDED

142
base/poco/Crypto/include/Poco/Crypto/RSAKeyImpl.h Normal file
View File

@ -0,0 +1,142 @@
//
// RSAKeyImpl.h
//
// Library: Crypto
// Package: RSA
// Module: RSAKeyImpl
//
// Definition of the RSAKeyImpl class.
//
// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#ifndef Crypto_RSAKeyImplImpl_INCLUDED
#define Crypto_RSAKeyImplImpl_INCLUDED
#include <istream>
#include <ostream>
#include <vector>
#include "Poco/AutoPtr.h"
#include "Poco/Crypto/Crypto.h"
#include "Poco/Crypto/EVPPKey.h"
#include "Poco/Crypto/KeyPairImpl.h"
#include "Poco/Crypto/OpenSSLInitializer.h"
#include "Poco/RefCountedObject.h"
struct bignum_st;
struct rsa_st;
typedef struct bignum_st BIGNUM;
typedef struct rsa_st RSA;
namespace Poco
{
namespace Crypto
{
class X509Certificate;
class PKCS12Container;
class RSAKeyImpl : public KeyPairImpl
/// class RSAKeyImpl
{
public:
typedef Poco::AutoPtr<RSAKeyImpl> Ptr;
typedef std::vector<unsigned char> ByteVec;
RSAKeyImpl(const EVPPKey & key);
/// Constructs ECKeyImpl by extracting the EC key.
RSAKeyImpl(const X509Certificate & cert);
/// Extracts the RSA public key from the given certificate.
RSAKeyImpl(const PKCS12Container & cert);
/// Extracts the EC private key from the given certificate.
RSAKeyImpl(int keyLength, unsigned long exponent);
/// Creates the RSAKey. Creates a new public/private keypair using the given parameters.
/// Can be used to sign data and verify signatures.
RSAKeyImpl(const std::string & publicKeyFile, const std::string & privateKeyFile, const std::string & privateKeyPassphrase);
/// Creates the RSAKey, by reading public and private key from the given files and
/// using the given passphrase for the private key. Can only by used for signing if
/// a private key is available.
RSAKeyImpl(std::istream * pPublicKeyStream, std::istream * pPrivateKeyStream, const std::string & privateKeyPassphrase);
/// Creates the RSAKey. Can only by used for signing if pPrivKey
/// is not null. If a private key file is specified, you don't need to
/// specify a public key file. OpenSSL will auto-create it from the private key.
~RSAKeyImpl();
/// Destroys the RSAKeyImpl.
RSA * getRSA();
/// Returns the OpenSSL RSA object.
const RSA * getRSA() const;
/// Returns the OpenSSL RSA object.
int size() const;
/// Returns the RSA modulus size.
ByteVec modulus() const;
/// Returns the RSA modulus.
ByteVec encryptionExponent() const;
/// Returns the RSA encryption exponent.
ByteVec decryptionExponent() const;
/// Returns the RSA decryption exponent.
void save(const std::string & publicKeyFile, const std::string & privateKeyFile = "", const std::string & privateKeyPassphrase = "")
const;
/// Exports the public and private keys to the given files.
///
/// If an empty filename is specified, the corresponding key
/// is not exported.
void
save(std::ostream * pPublicKeyStream, std::ostream * pPrivateKeyStream = 0, const std::string & privateKeyPassphrase = "") const;
/// Exports the public and private key to the given streams.
///
/// If a null pointer is passed for a stream, the corresponding
/// key is not exported.
private:
RSAKeyImpl();
void freeRSA();
static ByteVec convertToByteVec(const BIGNUM * bn);
RSA * _pRSA;
};
//
// inlines
//
inline RSA * RSAKeyImpl::getRSA()
{
return _pRSA;
}
inline const RSA * RSAKeyImpl::getRSA() const
{
return _pRSA;
}
}
} // namespace Poco::Crypto
#endif // Crypto_RSAKeyImplImpl_INCLUDED

248
base/poco/Crypto/include/Poco/Crypto/X509Certificate.h Normal file
View File

@ -0,0 +1,248 @@
//
// X509Certificate.h
//
// Library: Crypto
// Package: Certificate
// Module: X509Certificate
//
// Definition of the X509Certificate class.
//
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#ifndef Crypto_X509Certificate_INCLUDED
#define Crypto_X509Certificate_INCLUDED
#include <istream>
#include <set>
#include <vector>
#include <openssl/ssl.h>
#include "Poco/Crypto/Crypto.h"
#include "Poco/Crypto/OpenSSLInitializer.h"
#include "Poco/DateTime.h"
#include "Poco/SharedPtr.h"
namespace Poco
{
namespace Crypto
{
class Crypto_API X509Certificate
/// This class represents a X509 Certificate.
{
public:
typedef std::vector<X509Certificate> List;
enum NID
/// Name identifier for extracting information from
/// a certificate subject's or issuer's distinguished name.
{
NID_COMMON_NAME = 13,
NID_COUNTRY = 14,
NID_LOCALITY_NAME = 15,
NID_STATE_OR_PROVINCE = 16,
NID_ORGANIZATION_NAME = 17,
NID_ORGANIZATION_UNIT_NAME = 18,
NID_PKCS9_EMAIL_ADDRESS = 48,
NID_SERIAL_NUMBER = 105
};
explicit X509Certificate(std::istream & istr);
/// Creates the X509Certificate object by reading
/// a certificate in PEM format from a stream.
explicit X509Certificate(const std::string & path);
/// Creates the X509Certificate object by reading
/// a certificate in PEM format from a file.
explicit X509Certificate(X509 * pCert);
/// Creates the X509Certificate from an existing
/// OpenSSL certificate. Ownership is taken of
/// the certificate.
X509Certificate(X509 * pCert, bool shared);
/// Creates the X509Certificate from an existing
/// OpenSSL certificate. Ownership is taken of
/// the certificate. If shared is true, the
/// certificate's reference count is incremented.
X509Certificate(const X509Certificate & cert);
/// Creates the certificate by copying another one.
X509Certificate & operator=(const X509Certificate & cert);
/// Assigns a certificate.
void swap(X509Certificate & cert);
/// Exchanges the certificate with another one.
~X509Certificate();
/// Destroys the X509Certificate.
long version() const;
/// Returns the version of the certificate.
const std::string & serialNumber() const;
/// Returns the certificate serial number as a
/// string in decimal encoding.
const std::string & issuerName() const;
/// Returns the certificate issuer's distinguished name.
std::string issuerName(NID nid) const;
/// Extracts the information specified by the given
/// NID (name identifier) from the certificate issuer's
/// distinguished name.
const std::string & subjectName() const;
/// Returns the certificate subject's distinguished name.
std::string subjectName(NID nid) const;
/// Extracts the information specified by the given
/// NID (name identifier) from the certificate subject's
/// distinguished name.
std::string commonName() const;
/// Returns the common name stored in the certificate
/// subject's distinguished name.
void extractNames(std::string & commonName, std::set<std::string> & domainNames) const;
/// Extracts the common name and the alias domain names from the
/// certificate.
Poco::DateTime validFrom() const;
/// Returns the date and time the certificate is valid from.
Poco::DateTime expiresOn() const;
/// Returns the date and time the certificate expires.
void save(std::ostream & stream) const;
/// Writes the certificate to the given stream.
/// The certificate is written in PEM format.
void save(const std::string & path) const;
/// Writes the certificate to the file given by path.
/// The certificate is written in PEM format.
bool issuedBy(const X509Certificate & issuerCertificate) const;
/// Checks whether the certificate has been issued by
/// the issuer given by issuerCertificate. This can be
/// used to validate a certificate chain.
///
/// Verifies if the certificate has been signed with the
/// issuer's private key, using the public key from the issuer
/// certificate.
///
/// Returns true if verification against the issuer certificate
/// was successful, false otherwise.
bool equals(const X509Certificate & otherCertificate) const;
/// Checks whether the certificate is equal to
/// the other certificate, by comparing the hashes
/// of both certificates.
///
/// Returns true if both certificates are identical,
/// otherwise false.
const X509 * certificate() const;
/// Returns the underlying OpenSSL certificate.
X509 * dup() const;
/// Duplicates and returns the underlying OpenSSL certificate. Note that
/// the caller assumes responsibility for the lifecycle of the created
/// certificate.
std::string signatureAlgorithm() const;
/// Returns the certificate signature algorithm long name.
void print(std::ostream & out) const;
/// Prints the certificate information to ostream.
static List readPEM(const std::string & pemFileName);
/// Reads and returns a list of certificates from
/// the specified PEM file.
static void writePEM(const std::string & pemFileName, const List & list);
/// Writes the list of certificates to the specified PEM file.
protected:
void load(std::istream & stream);
/// Loads the certificate from the given stream. The
/// certificate must be in PEM format.
void load(const std::string & path);
/// Loads the certificate from the given file. The
/// certificate must be in PEM format.
void init();
/// Extracts issuer and subject name from the certificate.
private:
enum
{
NAME_BUFFER_SIZE = 256
};
std::string _issuerName;
std::string _subjectName;
std::string _serialNumber;
X509 * _pCert;
OpenSSLInitializer _openSSLInitializer;
};
//
// inlines
//
inline long X509Certificate::version() const
{
// This is defined by standards (X.509 et al) to be
// one less than the certificate version.
// So, eg. a version 3 certificate will return 2.
return X509_get_version(_pCert) + 1;
}
inline const std::string & X509Certificate::serialNumber() const
{
return _serialNumber;
}
inline const std::string & X509Certificate::issuerName() const
{
return _issuerName;
}
inline const std::string & X509Certificate::subjectName() const
{
return _subjectName;
}
inline const X509 * X509Certificate::certificate() const
{
return _pCert;
}
inline X509 * X509Certificate::dup() const
{
return X509_dup(_pCert);
}
}
} // namespace Poco::Crypto
#endif // Crypto_X509Certificate_INCLUDED

140
base/poco/Crypto/src/Cipher.cpp Normal file
View File

@ -0,0 +1,140 @@
//
// Cipher.cpp
//
// Library: Crypto
// Package: Cipher
// Module: Cipher
//
// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#include "Poco/Crypto/Cipher.h"
#include "Poco/Crypto/CryptoStream.h"
#include "Poco/Crypto/CryptoTransform.h"
#include "Poco/Base64Encoder.h"
#include "Poco/Base64Decoder.h"
#include "Poco/HexBinaryEncoder.h"
#include "Poco/HexBinaryDecoder.h"
#include "Poco/StreamCopier.h"
#include "Poco/Exception.h"
#include <sstream>
#include <memory>
namespace Poco {
namespace Crypto {
Cipher::Cipher()
{
}
Cipher::~Cipher()
{
}
std::string Cipher::encryptString(const std::string& str, Encoding encoding)
{
std::istringstream source(str);
std::ostringstream sink;
encrypt(source, sink, encoding);
return sink.str();
}
std::string Cipher::decryptString(const std::string& str, Encoding encoding)
{
std::istringstream source(str);
std::ostringstream sink;
decrypt(source, sink, encoding);
return sink.str();
}
void Cipher::encrypt(std::istream& source, std::ostream& sink, Encoding encoding)
{
CryptoInputStream encryptor(source, createEncryptor());
switch (encoding)
{
case ENC_NONE:
StreamCopier::copyStream(encryptor, sink);
break;
case ENC_BASE64:
case ENC_BASE64_NO_LF:
{
Poco::Base64Encoder encoder(sink);
if (encoding == ENC_BASE64_NO_LF)
{
encoder.rdbuf()->setLineLength(0);
}
StreamCopier::copyStream(encryptor, encoder);
encoder.close();
}
break;
case ENC_BINHEX:
case ENC_BINHEX_NO_LF:
{
Poco::HexBinaryEncoder encoder(sink);
if (encoding == ENC_BINHEX_NO_LF)
{
encoder.rdbuf()->setLineLength(0);
}
StreamCopier::copyStream(encryptor, encoder);
encoder.close();
}
break;
default:
throw Poco::InvalidArgumentException("Invalid argument", "encoding");
}
}
void Cipher::decrypt(std::istream& source, std::ostream& sink, Encoding encoding)
{
CryptoOutputStream decryptor(sink, createDecryptor());
switch (encoding)
{
case ENC_NONE:
StreamCopier::copyStream(source, decryptor);
decryptor.close();
break;
case ENC_BASE64:
case ENC_BASE64_NO_LF:
{
Poco::Base64Decoder decoder(source);
StreamCopier::copyStream(decoder, decryptor);
decryptor.close();
}
break;
case ENC_BINHEX:
case ENC_BINHEX_NO_LF:
{
Poco::HexBinaryDecoder decoder(source);
StreamCopier::copyStream(decoder, decryptor);
decryptor.close();
}
break;
default:
throw Poco::InvalidArgumentException("Invalid argument", "encoding");
}
}
} } // namespace Poco::Crypto

65
base/poco/Crypto/src/CipherFactory.cpp Normal file
View File

@ -0,0 +1,65 @@
//
// CipherFactory.cpp
//
// Library: Crypto
// Package: Cipher
// Module: CipherFactory
//
// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#include "Poco/Crypto/CipherFactory.h"
#include "Poco/Crypto/Cipher.h"
#include "Poco/Crypto/CipherKey.h"
#include "Poco/Crypto/RSAKey.h"
#include "Poco/Crypto/CipherImpl.h"
#include "Poco/Crypto/RSACipherImpl.h"
#include "Poco/Exception.h"
#include "Poco/SingletonHolder.h"
#include <openssl/evp.h>
#include <openssl/err.h>
namespace Poco {
namespace Crypto {
CipherFactory::CipherFactory()
{
}
CipherFactory::~CipherFactory()
{
}
namespace
{
static Poco::SingletonHolder<CipherFactory> holder;
}
CipherFactory& CipherFactory::defaultFactory()
{
return *holder.get();
}
Cipher* CipherFactory::createCipher(const CipherKey& key)
{
return new CipherImpl(key);
}
Cipher* CipherFactory::createCipher(const RSAKey& key, RSAPaddingMode paddingMode)
{
return new RSACipherImpl(key, paddingMode);
}
} } // namespace Poco::Crypto

272
base/poco/Crypto/src/CipherImpl.cpp Normal file
View File

@ -0,0 +1,272 @@
//
// CipherImpl.cpp
//
// Library: Crypto
// Package: Cipher
// Module: CipherImpl
//
// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#include "Poco/Crypto/CipherImpl.h"
#include "Poco/Crypto/CryptoTransform.h"
#include "Poco/Exception.h"
#include "Poco/Buffer.h"
#include <openssl/err.h>
namespace Poco {
namespace Crypto {
namespace
{
void throwError()
{
unsigned long err;
std::string msg;
while ((err = ERR_get_error()))
{
if (!msg.empty())
msg.append("; ");
msg.append(ERR_error_string(err, 0));
}
throw Poco::IOException(msg);
}
class CryptoTransformImpl: public CryptoTransform
{
public:
typedef Cipher::ByteVec ByteVec;
enum Direction
{
DIR_ENCRYPT,
DIR_DECRYPT
};
CryptoTransformImpl(
const EVP_CIPHER* pCipher,
const ByteVec& key,
const ByteVec& iv,
Direction dir);
~CryptoTransformImpl();
std::size_t blockSize() const;
int setPadding(int padding);
std::string getTag(std::size_t tagSize);
void setTag(const std::string& tag);
std::streamsize transform(
const unsigned char* input,
std::streamsize inputLength,
unsigned char* output,
std::streamsize outputLength);
std::streamsize finalize(
unsigned char* output,
std::streamsize length);
private:
const EVP_CIPHER* _pCipher;
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
EVP_CIPHER_CTX* _pContext;
#else
EVP_CIPHER_CTX _context;
#endif
ByteVec _key;
ByteVec _iv;
};
CryptoTransformImpl::CryptoTransformImpl(
const EVP_CIPHER* pCipher,
const ByteVec& key,
const ByteVec& iv,
Direction dir):
_pCipher(pCipher),
_key(key),
_iv(iv)
{
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
_pContext = EVP_CIPHER_CTX_new();
EVP_CipherInit(
_pContext,
_pCipher,
&_key[0],
_iv.empty() ? 0 : &_iv[0],
(dir == DIR_ENCRYPT) ? 1 : 0);
#else
EVP_CipherInit(
&_context,
_pCipher,
&_key[0],
_iv.empty() ? 0 : &_iv[0],
(dir == DIR_ENCRYPT) ? 1 : 0);
#endif
#if OPENSSL_VERSION_NUMBER >= 0x10001000L
if (_iv.size() != EVP_CIPHER_iv_length(_pCipher) && EVP_CIPHER_mode(_pCipher) == EVP_CIPH_GCM_MODE)
{
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
int rc = EVP_CIPHER_CTX_ctrl(_pContext, EVP_CTRL_GCM_SET_IVLEN, _iv.size(), NULL);
#else
int rc = EVP_CIPHER_CTX_ctrl(&_context, EVP_CTRL_GCM_SET_IVLEN, _iv.size(), NULL);
#endif
if (rc == 0) throwError();
}
#endif
}
CryptoTransformImpl::~CryptoTransformImpl()
{
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
EVP_CIPHER_CTX_cleanup(_pContext);
EVP_CIPHER_CTX_free(_pContext);
#else
EVP_CIPHER_CTX_cleanup(&_context);
#endif
}
std::size_t CryptoTransformImpl::blockSize() const
{
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
return EVP_CIPHER_CTX_block_size(_pContext);
#else
return EVP_CIPHER_CTX_block_size(&_context);
#endif
}
int CryptoTransformImpl::setPadding(int padding)
{
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
return EVP_CIPHER_CTX_block_size(_pContext);
#else
return EVP_CIPHER_CTX_set_padding(&_context, padding);
#endif
}
std::string CryptoTransformImpl::getTag(std::size_t tagSize)
{
std::string tag;
#if OPENSSL_VERSION_NUMBER >= 0x10001000L
Poco::Buffer<char> buffer(tagSize);
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
int rc = EVP_CIPHER_CTX_ctrl(_pContext, EVP_CTRL_GCM_GET_TAG, tagSize, buffer.begin());
#else
int rc = EVP_CIPHER_CTX_ctrl(&_context, EVP_CTRL_GCM_GET_TAG, tagSize, buffer.begin());
#endif
if (rc == 0) throwError();
tag.assign(buffer.begin(), tagSize);
#endif
return tag;
}
void CryptoTransformImpl::setTag(const std::string& tag)
{
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
int rc = EVP_CIPHER_CTX_ctrl(_pContext, EVP_CTRL_GCM_SET_TAG, tag.size(), const_cast<char*>(tag.data()));
#elif OPENSSL_VERSION_NUMBER >= 0x10001000L
int rc = EVP_CIPHER_CTX_ctrl(&_context, EVP_CTRL_GCM_SET_TAG, tag.size(), const_cast<char*>(tag.data()));
#else
int rc = 0;
#endif
if (rc == 0) throwError();
}
std::streamsize CryptoTransformImpl::transform(
const unsigned char* input,
std::streamsize inputLength,
unsigned char* output,
std::streamsize outputLength)
{
poco_assert (outputLength >= (inputLength + blockSize() - 1));
int outLen = static_cast<int>(outputLength);
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
int rc = EVP_CipherUpdate(
_pContext,
output,
&outLen,
input,
static_cast<int>(inputLength));
#else
int rc = EVP_CipherUpdate(
&_context,
output,
&outLen,
input,
static_cast<int>(inputLength));
#endif
if (rc == 0)
throwError();
return static_cast<std::streamsize>(outLen);
}
std::streamsize CryptoTransformImpl::finalize(
unsigned char* output,
std::streamsize length)
{
poco_assert (length >= blockSize());
int len = static_cast<int>(length);
// Use the '_ex' version that does not perform implicit cleanup since we
// will call EVP_CIPHER_CTX_cleanup() from the dtor as there is no
// guarantee that finalize() will be called if an error occurred.
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
int rc = EVP_CipherFinal_ex(_pContext, output, &len);
#else
int rc = EVP_CipherFinal_ex(&_context, output, &len);
#endif
if (rc == 0)
throwError();
return static_cast<std::streamsize>(len);
}
}
CipherImpl::CipherImpl(const CipherKey& key):
_key(key)
{
}
CipherImpl::~CipherImpl()
{
}
CryptoTransform* CipherImpl::createEncryptor()
{
CipherKeyImpl::Ptr p = _key.impl();
return new CryptoTransformImpl(p->cipher(), p->getKey(), p->getIV(), CryptoTransformImpl::DIR_ENCRYPT);
}
CryptoTransform* CipherImpl::createDecryptor()
{
CipherKeyImpl::Ptr p = _key.impl();
return new CryptoTransformImpl(p->cipher(), p->getKey(), p->getIV(), CryptoTransformImpl::DIR_DECRYPT);
}
} } // namespace Poco::Crypto

49
base/poco/Crypto/src/CipherKey.cpp Normal file
View File

@ -0,0 +1,49 @@
//
// CipherKey.cpp
//
// Library: Crypto
// Package: Cipher
// Module: CipherKey
//
// Copyright (c) 2007, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#include "Poco/Crypto/CipherKey.h"
namespace Poco {
namespace Crypto {
CipherKey::CipherKey(const std::string& name,
const std::string& passphrase,
const std::string& salt,
int iterationCount,
const std::string &digest):
_pImpl(new CipherKeyImpl(name, passphrase, salt, iterationCount, digest))
{
}
CipherKey::CipherKey(const std::string& name, const ByteVec& key, const ByteVec& iv):
_pImpl(new CipherKeyImpl(name, key, iv))
{
}
CipherKey::CipherKey(const std::string& name):
_pImpl(new CipherKeyImpl(name))
{
}
CipherKey::~CipherKey()
{
}
} } // namespace Poco::Crypto

222
base/poco/Crypto/src/CipherKeyImpl.cpp Normal file
View File

@ -0,0 +1,222 @@
//
// CipherKeyImpl.cpp
//
// Library: Crypto
// Package: Cipher
// Module: CipherKeyImpl
//
// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#include "Poco/Crypto/CipherKeyImpl.h"
#include "Poco/Crypto/CryptoTransform.h"
#include "Poco/Crypto/CipherFactory.h"
#include "Poco/Exception.h"
#include "Poco/RandomStream.h"
#include <openssl/err.h>
#include <openssl/evp.h>
namespace Poco {
namespace Crypto {
CipherKeyImpl::CipherKeyImpl(const std::string& name,
const std::string& passphrase,
const std::string& salt,
int iterationCount,
const std::string& digest):
_pCipher(0),
_pDigest(0),
_name(name),
_key(),
_iv()
{
// dummy access to Cipherfactory so that the EVP lib is initilaized
CipherFactory::defaultFactory();
_pCipher = EVP_get_cipherbyname(name.c_str());
if (!_pCipher)
throw Poco::NotFoundException("Cipher " + name + " was not found");
_pDigest = EVP_get_digestbyname(digest.c_str());
if (!_pDigest)
throw Poco::NotFoundException("Digest " + name + " was not found");
_key = ByteVec(keySize());
_iv = ByteVec(ivSize());
generateKey(passphrase, salt, iterationCount);
}
CipherKeyImpl::CipherKeyImpl(const std::string& name,
const ByteVec& key,
const ByteVec& iv):
_pCipher(0),
_pDigest(0),
_name(name),
_key(key),
_iv(iv)
{
// dummy access to Cipherfactory so that the EVP lib is initialized
CipherFactory::defaultFactory();
_pCipher = EVP_get_cipherbyname(name.c_str());
if (!_pCipher)
throw Poco::NotFoundException("Cipher " + name + " was not found");
}
CipherKeyImpl::CipherKeyImpl(const std::string& name):
_pCipher(0),
_pDigest(0),
_name(name),
_key(),
_iv()
{
// dummy access to Cipherfactory so that the EVP lib is initilaized
CipherFactory::defaultFactory();
_pCipher = EVP_get_cipherbyname(name.c_str());
if (!_pCipher)
throw Poco::NotFoundException("Cipher " + name + " was not found");
_key = ByteVec(keySize());
_iv = ByteVec(ivSize());
generateKey();
}
CipherKeyImpl::~CipherKeyImpl()
{
}
CipherKeyImpl::Mode CipherKeyImpl::mode() const
{
switch (EVP_CIPHER_mode(_pCipher))
{
case EVP_CIPH_STREAM_CIPHER:
return MODE_STREAM_CIPHER;
case EVP_CIPH_ECB_MODE:
return MODE_ECB;
case EVP_CIPH_CBC_MODE:
return MODE_CBC;
case EVP_CIPH_CFB_MODE:
return MODE_CFB;
case EVP_CIPH_OFB_MODE:
return MODE_OFB;
#if OPENSSL_VERSION_NUMBER >= 0x10001000L
case EVP_CIPH_CTR_MODE:
return MODE_CTR;
case EVP_CIPH_GCM_MODE:
return MODE_GCM;
#endif
}
throw Poco::IllegalStateException("Unexpected value of EVP_CIPHER_mode()");
}
void CipherKeyImpl::generateKey()
{
ByteVec vec;
getRandomBytes(vec, keySize());
setKey(vec);
getRandomBytes(vec, ivSize());
setIV(vec);
}
void CipherKeyImpl::getRandomBytes(ByteVec& vec, std::size_t count)
{
Poco::RandomInputStream random;
vec.clear();
vec.reserve(count);
for (int i = 0; i < count; ++i)
vec.push_back(static_cast<unsigned char>(random.get()));
}
void CipherKeyImpl::generateKey(
const std::string& password,
const std::string& salt,
int iterationCount)
{
unsigned char keyBytes[EVP_MAX_KEY_LENGTH];
unsigned char ivBytes[EVP_MAX_IV_LENGTH];
// OpenSSL documentation specifies that the salt must be an 8-byte array.
unsigned char saltBytes[8];
if (!salt.empty())
{
int len = static_cast<int>(salt.size());
// Create the salt array from the salt string
for (int i = 0; i < 8; ++i)
saltBytes[i] = salt.at(i % len);
for (int i = 8; i < len; ++i)
saltBytes[i % 8] ^= salt.at(i);
}
// Now create the key and IV, using the MD5 digest algorithm.
int keySize = EVP_BytesToKey(
_pCipher,
_pDigest ? _pDigest : EVP_md5(),
(salt.empty() ? 0 : saltBytes),
reinterpret_cast<const unsigned char*>(password.data()),
static_cast<int>(password.size()),
iterationCount,
keyBytes,
ivBytes);
// Copy the buffers to our member byte vectors.
_key.assign(keyBytes, keyBytes + keySize);
if (ivSize() == 0)
_iv.clear();
else
_iv.assign(ivBytes, ivBytes + ivSize());
}
int CipherKeyImpl::keySize() const
{
return EVP_CIPHER_key_length(_pCipher);
}
int CipherKeyImpl::blockSize() const
{
return EVP_CIPHER_block_size(_pCipher);
}
int CipherKeyImpl::ivSize() const
{
return EVP_CIPHER_iv_length(_pCipher);
}
void CipherKeyImpl::setIV(const ByteVec& iv)
{
poco_assert(mode() == MODE_GCM || iv.size() == static_cast<ByteVec::size_type>(ivSize()));
_iv = iv;
}
} } // namespace Poco::Crypto

108
base/poco/Crypto/src/CryptoException.cpp Normal file
View File

@ -0,0 +1,108 @@
//
// CryptoException.cpp
//
//
// Library: Crypto
// Package: Crypto
// Module: CryptoException
//
// Copyright (c) 2012, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#include "Poco/Crypto/CryptoException.h"
#include "Poco/NumberFormatter.h"
#include <typeinfo>
#include <openssl/err.h>
namespace Poco {
namespace Crypto {
POCO_IMPLEMENT_EXCEPTION(CryptoException, Exception, "Crypto Exception")
OpenSSLException::OpenSSLException(int otherCode): CryptoException(otherCode)
{
setExtMessage();
}
OpenSSLException::OpenSSLException(const std::string& msg, int otherCode): CryptoException(msg, otherCode)
{
setExtMessage();
}
OpenSSLException::OpenSSLException(const std::string& msg, const std::string& arg, int otherCode): CryptoException(msg, arg, otherCode)
{
setExtMessage();
}
OpenSSLException::OpenSSLException(const std::string& msg, const Poco::Exception& exc, int otherCode): CryptoException(msg, exc, otherCode)
{
setExtMessage();
}
OpenSSLException::OpenSSLException(const OpenSSLException& exc): CryptoException(exc)
{
setExtMessage();
}
OpenSSLException::~OpenSSLException() throw()
{
}
OpenSSLException& OpenSSLException::operator = (const OpenSSLException& exc)
{
CryptoException::operator = (exc);
return *this;
}
const char* OpenSSLException::name() const throw()
{
return "OpenSSLException";
}
const char* OpenSSLException::className() const throw()
{
return typeid(*this).name();
}
Poco::Exception* OpenSSLException::clone() const
{
return new OpenSSLException(*this);
}
void OpenSSLException::setExtMessage()
{
Poco::UInt64 e = static_cast<Poco::UInt64>(ERR_get_error());
char buf[128] = { 0 };
char* pErr = ERR_error_string(static_cast<unsigned long>(e), buf);
std::string err;
if (pErr) err = pErr;
else err = NumberFormatter::format(e);
extendedMessage(err);
}
void OpenSSLException::rethrow() const
{
throw *this;
}
} } // namespace Poco::Crypto

355
base/poco/Crypto/src/CryptoStream.cpp Normal file
View File

@ -0,0 +1,355 @@
//
// CryptoStream.cpp
//
// Library: Crypto
// Package: Cipher
// Module: CryptoStream
//
// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#include "Poco/Crypto/CryptoStream.h"
#include "Poco/Crypto/CryptoTransform.h"
#include "Poco/Crypto/Cipher.h"
#include "Poco/Exception.h"
#include <algorithm>
#undef min
#undef max
namespace Poco {
namespace Crypto {
//
// CryptoStreamBuf
//
CryptoStreamBuf::CryptoStreamBuf(std::istream& istr, CryptoTransform* pTransform, std::streamsize bufferSize):
Poco::BufferedStreamBuf(bufferSize, std::ios::in),
_pTransform(pTransform),
_pIstr(&istr),
_pOstr(0),
_eof(false),
_buffer(static_cast<std::size_t>(bufferSize))
{
poco_check_ptr (pTransform);
poco_assert (bufferSize > 2 * pTransform->blockSize());
}
CryptoStreamBuf::CryptoStreamBuf(std::ostream& ostr, CryptoTransform* pTransform, std::streamsize bufferSize):
Poco::BufferedStreamBuf(bufferSize, std::ios::out),
_pTransform(pTransform),
_pIstr(0),
_pOstr(&ostr),
_eof(false),
_buffer(static_cast<std::size_t>(bufferSize))
{
poco_check_ptr (pTransform);
poco_assert (bufferSize > 2 * pTransform->blockSize());
}
CryptoStreamBuf::~CryptoStreamBuf()
{
try
{
close();
}
catch (...)
{
}
delete _pTransform;
}
void CryptoStreamBuf::close()
{
sync();
if (_pIstr)
{
_pIstr = 0;
}
else if (_pOstr)
{
// Close can be called multiple times. By zeroing the pointer we make
// sure that we call finalize() only once, even if an exception is
// thrown.
std::ostream* pOstr = _pOstr;
_pOstr = 0;
// Finalize transformation.
std::streamsize n = _pTransform->finalize(_buffer.begin(), static_cast<std::streamsize>(_buffer.size()));
if (n > 0)
{
pOstr->write(reinterpret_cast<char*>(_buffer.begin()), n);
if (!pOstr->good())
throw Poco::IOException("Output stream failure");
}
}
}
int CryptoStreamBuf::readFromDevice(char* buffer, std::streamsize length)
{
if (!_pIstr)
return 0;
int count = 0;
while (!_eof)
{
int m = (static_cast<int>(length) - count)/2 - static_cast<int>(_pTransform->blockSize());
// Make sure we can read at least one more block. Explicitly check
// for m < 0 since blockSize() returns an unsigned int and the
// comparison might give false results for m < 0.
if (m <= 0)
break;
int n = 0;
if (_pIstr->good())
{
_pIstr->read(reinterpret_cast<char*>(_buffer.begin()), m);
n = static_cast<int>(_pIstr->gcount());
}
if (n == 0)
{
_eof = true;
// No more data, finalize transformation
count += static_cast<int>(_pTransform->finalize(
reinterpret_cast<unsigned char*>(buffer + count),
static_cast<int>(length) - count));
}
else
{
// Transform next chunk of data
count += static_cast<int>(_pTransform->transform(
_buffer.begin(),
n,
reinterpret_cast<unsigned char*>(buffer + count),
static_cast<int>(length) - count));
}
}
return count;
}
int CryptoStreamBuf::writeToDevice(const char* buffer, std::streamsize length)
{
if (!_pOstr)
return 0;
std::size_t maxChunkSize = _buffer.size()/2;
std::size_t count = 0;
while (count < length)
{
// Truncate chunk size so that the maximum output fits into _buffer.
std::size_t n = static_cast<std::size_t>(length) - count;
if (n > maxChunkSize)
n = maxChunkSize;
// Transform next chunk of data
std::streamsize k = _pTransform->transform(
reinterpret_cast<const unsigned char*>(buffer + count),
static_cast<std::streamsize>(n),
_buffer.begin(),
static_cast<std::streamsize>(_buffer.size()));
// Attention: (n != k) might be true. In count, we have to track how
// many bytes from buffer have been consumed, not how many bytes have
// been written to _pOstr!
count += n;
if (k > 0)
{
_pOstr->write(reinterpret_cast<const char*>(_buffer.begin()), k);
if (!_pOstr->good())
throw Poco::IOException("Output stream failure");
}
}
return static_cast<int>(count);
}
//
// CryptoIOS
//
CryptoIOS::CryptoIOS(std::istream& istr, CryptoTransform* pTransform, std::streamsize bufferSize):
_buf(istr, pTransform, bufferSize)
{
poco_ios_init(&_buf);
}
CryptoIOS::CryptoIOS(std::ostream& ostr, CryptoTransform* pTransform, std::streamsize bufferSize):
_buf(ostr, pTransform, bufferSize)
{
poco_ios_init(&_buf);
}
CryptoIOS::~CryptoIOS()
{
}
CryptoStreamBuf* CryptoIOS::rdbuf()
{
return &_buf;
}
//
// CryptoInputStream
//
CryptoInputStream::CryptoInputStream(std::istream& istr, CryptoTransform* pTransform, std::streamsize bufferSize):
CryptoIOS(istr, pTransform, bufferSize),
std::istream(&_buf)
{
}
CryptoInputStream::CryptoInputStream(std::istream& istr, Cipher& cipher, std::streamsize bufferSize):
CryptoIOS(istr, cipher.createEncryptor(), bufferSize),
std::istream(&_buf)
{
}
CryptoInputStream::~CryptoInputStream()
{
}
//
// CryptoOutputStream
//
CryptoOutputStream::CryptoOutputStream(std::ostream& ostr, CryptoTransform* pTransform, std::streamsize bufferSize):
CryptoIOS(ostr, pTransform, bufferSize),
std::ostream(&_buf)
{
}
CryptoOutputStream::CryptoOutputStream(std::ostream& ostr, Cipher& cipher, std::streamsize bufferSize):
CryptoIOS(ostr, cipher.createDecryptor(), bufferSize),
std::ostream(&_buf)
{
}
CryptoOutputStream::~CryptoOutputStream()
{
}
void CryptoOutputStream::close()
{
_buf.close();
}
//
// EncryptingInputStream
//
EncryptingInputStream::EncryptingInputStream(std::istream& istr, Cipher& cipher, std::streamsize bufferSize):
CryptoIOS(istr, cipher.createEncryptor(), bufferSize),
std::istream(&_buf)
{
}
EncryptingInputStream::~EncryptingInputStream()
{
}
//
// EncryptingOuputStream
//
EncryptingOutputStream::EncryptingOutputStream(std::ostream& ostr, Cipher& cipher, std::streamsize bufferSize):
CryptoIOS(ostr, cipher.createEncryptor(), bufferSize),
std::ostream(&_buf)
{
}
EncryptingOutputStream::~EncryptingOutputStream()
{
}
void EncryptingOutputStream::close()
{
_buf.close();
}
//
// DecryptingInputStream
//
DecryptingInputStream::DecryptingInputStream(std::istream& istr, Cipher& cipher, std::streamsize bufferSize):
CryptoIOS(istr, cipher.createDecryptor(), bufferSize),
std::istream(&_buf)
{
}
DecryptingInputStream::~DecryptingInputStream()
{
}
//
// DecryptingOuputStream
//
DecryptingOutputStream::DecryptingOutputStream(std::ostream& ostr, Cipher& cipher, std::streamsize bufferSize):
CryptoIOS(ostr, cipher.createDecryptor(), bufferSize),
std::ostream(&_buf)
{
}
DecryptingOutputStream::~DecryptingOutputStream()
{
}
void DecryptingOutputStream::close()
{
_buf.close();
}
} } // namespace Poco::Crypto

38
base/poco/Crypto/src/CryptoTransform.cpp Normal file
View File

@ -0,0 +1,38 @@
//
// CryptoTransform.cpp
//
// Library: Crypto
// Package: Cipher
// Module: CryptoTransform
//
// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#include "Poco/Crypto/CryptoTransform.h"
namespace Poco {
namespace Crypto {
CryptoTransform::CryptoTransform()
{
}
CryptoTransform::~CryptoTransform()
{
}
int CryptoTransform::setPadding(int padding)
{
return 1;
}
} } // namespace Poco::Crypto

80
base/poco/Crypto/src/DigestEngine.cpp Normal file
View File

@ -0,0 +1,80 @@
//
// DigestEngine.cpp
//
// Library: Crypto
// Package: Digest
// Module: DigestEngine
//
// Copyright (c) 2012, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#include "Poco/Crypto/DigestEngine.h"
#include "Poco/Exception.h"
namespace Poco {
namespace Crypto {
DigestEngine::DigestEngine(const std::string& name):
_name(name),
_pContext(EVP_MD_CTX_create())
{
const EVP_MD* md = EVP_get_digestbyname(_name.c_str());
if (!md) throw Poco::NotFoundException(_name);
EVP_DigestInit_ex(_pContext, md, NULL);
}
DigestEngine::~DigestEngine()
{
EVP_MD_CTX_destroy(_pContext);
}
int DigestEngine::nid() const
{
return EVP_MD_type(EVP_MD_CTX_md(_pContext));
}
std::size_t DigestEngine::digestLength() const
{
return EVP_MD_CTX_size(_pContext);
}
void DigestEngine::reset()
{
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
EVP_MD_CTX_free(_pContext);
_pContext = EVP_MD_CTX_create();
#else
EVP_MD_CTX_cleanup(_pContext);
#endif
const EVP_MD* md = EVP_get_digestbyname(_name.c_str());
if (!md) throw Poco::NotFoundException(_name);
EVP_DigestInit_ex(_pContext, md, NULL);
}
const Poco::DigestEngine::Digest& DigestEngine::digest()
{
_digest.clear();
unsigned len = EVP_MD_CTX_size(_pContext);
_digest.resize(len);
EVP_DigestFinal_ex(_pContext, &_digest[0], &len);
reset();
return _digest;
}
void DigestEngine::updateImpl(const void* data, std::size_t length)
{
EVP_DigestUpdate(_pContext, data, length);
}
} } // namespace Poco::Crypto

100
base/poco/Crypto/src/ECDSADigestEngine.cpp Normal file
View File

@ -0,0 +1,100 @@
//
// ECDSADigestEngine.cpp
//
//
// Library: Crypto
// Package: ECDSA
// Module: ECDSADigestEngine
//
// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#include "Poco/Crypto/ECDSADigestEngine.h"
#include <openssl/ecdsa.h>
namespace Poco {
namespace Crypto {
ECDSADigestEngine::ECDSADigestEngine(const ECKey& key, const std::string &name):
_key(key),
_engine(name)
{
}
ECDSADigestEngine::~ECDSADigestEngine()
{
}
std::size_t ECDSADigestEngine::digestLength() const
{
return _engine.digestLength();
}
void ECDSADigestEngine::reset()
{
_engine.reset();
_digest.clear();
_signature.clear();
}
const DigestEngine::Digest& ECDSADigestEngine::digest()
{
if (_digest.empty())
{
_digest = _engine.digest();
}
return _digest;
}
const DigestEngine::Digest& ECDSADigestEngine::signature()
{
if (_signature.empty())
{
digest();
_signature.resize(_key.size());
unsigned sigLen = static_cast<unsigned>(_signature.size());
if (!ECDSA_sign(0, &_digest[0], static_cast<unsigned>(_digest.size()),
&_signature[0], &sigLen, _key.impl()->getECKey()))
{
throw OpenSSLException();
}
if (sigLen < _signature.size()) _signature.resize(sigLen);
}
return _signature;
}
bool ECDSADigestEngine::verify(const DigestEngine::Digest& sig)
{
digest();
EC_KEY* pKey = _key.impl()->getECKey();
if (pKey)
{
int ret = ECDSA_verify(0, &_digest[0], static_cast<unsigned>(_digest.size()),
&sig[0], static_cast<unsigned>(sig.size()),
pKey);
if (1 == ret) return true;
else if (0 == ret) return false;
}
throw OpenSSLException();
}
void ECDSADigestEngine::updateImpl(const void* data, std::size_t length)
{
_engine.update(data, length);
}
} } // namespace Poco::Crypto

75
base/poco/Crypto/src/ECKey.cpp Normal file
View File

@ -0,0 +1,75 @@
//
// ECKey.cpp
//
//
// Library: Crypto
// Package: EC
// Module: ECKey
//
// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#include "Poco/Crypto/ECKey.h"
#include <openssl/rsa.h>
namespace Poco {
namespace Crypto {
ECKey::ECKey(const EVPPKey& key):
KeyPair(new ECKeyImpl(key)),
_pImpl(KeyPair::impl().cast<ECKeyImpl>())
{
}
ECKey::ECKey(const X509Certificate& cert):
KeyPair(new ECKeyImpl(cert)),
_pImpl(KeyPair::impl().cast<ECKeyImpl>())
{
}
ECKey::ECKey(const PKCS12Container& cont):
KeyPair(new ECKeyImpl(cont)),
_pImpl(KeyPair::impl().cast<ECKeyImpl>())
{
}
ECKey::ECKey(const std::string& eccGroup):
KeyPair(new ECKeyImpl(OBJ_txt2nid(eccGroup.c_str()))),
_pImpl(KeyPair::impl().cast<ECKeyImpl>())
{
}
ECKey::ECKey(const std::string& publicKeyFile,
const std::string& privateKeyFile,
const std::string& privateKeyPassphrase):
KeyPair(new ECKeyImpl(publicKeyFile, privateKeyFile, privateKeyPassphrase)),
_pImpl(KeyPair::impl().cast<ECKeyImpl>())
{
}
ECKey::ECKey(std::istream* pPublicKeyStream,
std::istream* pPrivateKeyStream,
const std::string& privateKeyPassphrase):
KeyPair(new ECKeyImpl(pPublicKeyStream, pPrivateKeyStream, privateKeyPassphrase)),
_pImpl(KeyPair::impl().cast<ECKeyImpl>())
{
}
ECKey::~ECKey()
{
}
} } // namespace Poco::Crypto

258
base/poco/Crypto/src/ECKeyImpl.cpp Normal file
View File

@ -0,0 +1,258 @@
//
// ECKeyImpl.cpp
//
//
// Library: Crypto
// Package: EC
// Module: ECKeyImpl
//
// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#include "Poco/Crypto/ECKeyImpl.h"
#include "Poco/Crypto/X509Certificate.h"
#include "Poco/Crypto/PKCS12Container.h"
#include "Poco/FileStream.h"
#include "Poco/Format.h"
#include "Poco/StreamCopier.h"
#include <sstream>
#include <openssl/evp.h>
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
#include <openssl/bn.h>
#endif
namespace Poco {
namespace Crypto {
ECKeyImpl::ECKeyImpl(const EVPPKey& key):
KeyPairImpl("ec", KT_EC_IMPL),
_pEC(EVP_PKEY_get1_EC_KEY(const_cast<EVP_PKEY*>((const EVP_PKEY*)key)))
{
checkEC("ECKeyImpl(const EVPPKey&)", "EVP_PKEY_get1_EC_KEY()");
}
ECKeyImpl::ECKeyImpl(const X509Certificate& cert):
KeyPairImpl("ec", KT_EC_IMPL),
_pEC(0)
{
const X509* pCert = cert.certificate();
if (pCert)
{
EVP_PKEY* pKey = X509_get_pubkey(const_cast<X509*>(pCert));
if (pKey)
{
_pEC = EVP_PKEY_get1_EC_KEY(pKey);
EVP_PKEY_free(pKey);
checkEC("ECKeyImpl(const const X509Certificate&)", "EVP_PKEY_get1_EC_KEY()");
return;
}
}
throw OpenSSLException("ECKeyImpl(const X509Certificate&)");
}
ECKeyImpl::ECKeyImpl(const PKCS12Container& cont):
KeyPairImpl("ec", KT_EC_IMPL),
_pEC(EVP_PKEY_get1_EC_KEY(cont.getKey()))
{
checkEC("ECKeyImpl(const PKCS12Container&)", "EVP_PKEY_get1_EC_KEY()");
}
ECKeyImpl::ECKeyImpl(int curve):
KeyPairImpl("ec", KT_EC_IMPL),
_pEC(EC_KEY_new_by_curve_name(curve))
{
poco_check_ptr(_pEC);
EC_KEY_set_asn1_flag(_pEC, OPENSSL_EC_NAMED_CURVE);
if (!(EC_KEY_generate_key(_pEC)))
throw OpenSSLException("ECKeyImpl(int curve): EC_KEY_generate_key()");
checkEC("ECKeyImpl(int curve)", "EC_KEY_generate_key()");
}
ECKeyImpl::ECKeyImpl(const std::string& publicKeyFile,
const std::string& privateKeyFile,
const std::string& privateKeyPassphrase): KeyPairImpl("ec", KT_EC_IMPL), _pEC(0)
{
if (EVPPKey::loadKey(&_pEC, PEM_read_PrivateKey, EVP_PKEY_get1_EC_KEY, privateKeyFile, privateKeyPassphrase))
{
checkEC(Poco::format("ECKeyImpl(%s, %s, %s)",
publicKeyFile, privateKeyFile, privateKeyPassphrase.empty() ? privateKeyPassphrase : std::string("***")),
"PEM_read_PrivateKey() or EVP_PKEY_get1_EC_KEY()");
return; // private key is enough
}
// no private key, this must be public key only, otherwise throw
if (!EVPPKey::loadKey(&_pEC, PEM_read_PUBKEY, EVP_PKEY_get1_EC_KEY, publicKeyFile))
{
throw OpenSSLException("ECKeyImpl(const string&, const string&, const string&");
}
checkEC(Poco::format("ECKeyImpl(%s, %s, %s)",
publicKeyFile, privateKeyFile, privateKeyPassphrase.empty() ? privateKeyPassphrase : std::string("***")),
"PEM_read_PUBKEY() or EVP_PKEY_get1_EC_KEY()");
}
ECKeyImpl::ECKeyImpl(std::istream* pPublicKeyStream,
std::istream* pPrivateKeyStream,
const std::string& privateKeyPassphrase): KeyPairImpl("ec", KT_EC_IMPL), _pEC(0)
{
if (EVPPKey::loadKey(&_pEC, PEM_read_bio_PrivateKey, EVP_PKEY_get1_EC_KEY, pPrivateKeyStream, privateKeyPassphrase))
{
checkEC(Poco::format("ECKeyImpl(stream, stream, %s)",
privateKeyPassphrase.empty() ? privateKeyPassphrase : std::string("***")),
"PEM_read_bio_PrivateKey() or EVP_PKEY_get1_EC_KEY()");
return; // private key is enough
}
// no private key, this must be public key only, otherwise throw
if (!EVPPKey::loadKey(&_pEC, PEM_read_bio_PUBKEY, EVP_PKEY_get1_EC_KEY, pPublicKeyStream))
{
throw OpenSSLException("ECKeyImpl(istream*, istream*, const string&");
}
checkEC(Poco::format("ECKeyImpl(stream, stream, %s)",
privateKeyPassphrase.empty() ? privateKeyPassphrase : std::string("***")),
"PEM_read_bio_PUBKEY() or EVP_PKEY_get1_EC_KEY()");
}
ECKeyImpl::~ECKeyImpl()
{
freeEC();
}
void ECKeyImpl::checkEC(const std::string& method, const std::string& func) const
{
if (!_pEC) throw OpenSSLException(Poco::format("%s: %s", method, func));
if (!EC_KEY_check_key(_pEC))
throw OpenSSLException(Poco::format("%s: EC_KEY_check_key()", method));
}
void ECKeyImpl::freeEC()
{
if (_pEC)
{
EC_KEY_free(_pEC);
_pEC = 0;
}
}
int ECKeyImpl::size() const
{
int sz = -1;
EVP_PKEY* pKey = EVP_PKEY_new();
if (pKey && EVP_PKEY_set1_EC_KEY(pKey, _pEC))
{
sz = EVP_PKEY_bits(pKey);
EVP_PKEY_free(pKey);
return sz;
}
throw OpenSSLException("ECKeyImpl::size()");
}
int ECKeyImpl::groupId() const
{
if (_pEC)
{
const EC_GROUP* ecGroup = EC_KEY_get0_group(_pEC);
if (ecGroup)
{
return EC_GROUP_get_curve_name(ecGroup);
}
else
{
throw OpenSSLException("ECKeyImpl::groupName()");
}
}
throw NullPointerException("ECKeyImpl::groupName() => _pEC");
}
std::string ECKeyImpl::getCurveName(int nid)
{
std::string curveName;
size_t len = EC_get_builtin_curves(NULL, 0);
EC_builtin_curve* pCurves =
(EC_builtin_curve*) OPENSSL_malloc(sizeof(EC_builtin_curve) * len);
if (!pCurves) return curveName;
if (!EC_get_builtin_curves(pCurves, len))
{
OPENSSL_free(pCurves);
return curveName;
}
if (-1 == nid) nid = pCurves[0].nid;
const int bufLen = 128;
char buf[bufLen];
std::memset(buf, 0, bufLen);
OBJ_obj2txt(buf, bufLen, OBJ_nid2obj(nid), 0);
curveName = buf;
OPENSSL_free(pCurves);
return curveName;
}
int ECKeyImpl::getCurveNID(std::string& name)
{
std::string curveName;
size_t len = EC_get_builtin_curves(NULL, 0);
EC_builtin_curve* pCurves =
(EC_builtin_curve*)OPENSSL_malloc(static_cast<int>(sizeof(EC_builtin_curve) * len));
if (!pCurves) return -1;
if (!EC_get_builtin_curves(pCurves, len))
{
OPENSSL_free(pCurves);
return -1;
}
int nid = -1;
const int bufLen = 128;
char buf[bufLen];
if (name.empty())
{
std::memset(buf, 0, bufLen);
OBJ_obj2txt(buf, bufLen, OBJ_nid2obj(nid), 0);
name = buf;
nid = pCurves[0].nid;
}
else
{
for (int i = 0; i < len; ++i)
{
std::memset(buf, 0, bufLen);
OBJ_obj2txt(buf, bufLen, OBJ_nid2obj(pCurves[i].nid), 0);
if (strncmp(name.c_str(), buf, name.size() > bufLen ? bufLen : name.size()) == 0)
{
nid = pCurves[i].nid;
break;
}
}
}
OPENSSL_free(pCurves);
return nid;
}
bool ECKeyImpl::hasCurve(const std::string& name)
{
std::string tmp(name);
return (-1 != getCurveNID(tmp));
}
} } // namespace Poco::Crypto

321
base/poco/Crypto/src/EVPPKey.cpp Normal file
View File

@ -0,0 +1,321 @@
//
// EVPPKey.cpp
//
//
// Library: Crypto
// Package: CryptoCore
// Module: EVPPKey
//
// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#include "Poco/Crypto/EVPPKey.h"
#include "Poco/Crypto/ECKey.h"
#include "Poco/Crypto/RSAKey.h"
#include "Poco/NumberFormatter.h"
namespace Poco {
namespace Crypto {
EVPPKey::EVPPKey(const std::string& ecCurveName): _pEVPPKey(0)
{
newECKey(ecCurveName.c_str());
poco_check_ptr(_pEVPPKey);
}
EVPPKey::EVPPKey(const char* ecCurveName): _pEVPPKey(0)
{
newECKey(ecCurveName);
poco_check_ptr(_pEVPPKey);
}
EVPPKey::EVPPKey(EVP_PKEY* pEVPPKey): _pEVPPKey(0)
{
duplicate(pEVPPKey, &_pEVPPKey);
poco_check_ptr(_pEVPPKey);
}
EVPPKey::EVPPKey(const std::string& publicKeyFile,
const std::string& privateKeyFile,
const std::string& privateKeyPassphrase): _pEVPPKey(0)
{
if (loadKey(&_pEVPPKey, PEM_read_PrivateKey, (EVP_PKEY_get_Key_fn)0, privateKeyFile, privateKeyPassphrase))
{
poco_check_ptr(_pEVPPKey);
return; // private key is enough
}
// no private key, this must be public key only, otherwise throw
if (!loadKey(&_pEVPPKey, PEM_read_PUBKEY, (EVP_PKEY_get_Key_fn)0, publicKeyFile))
{
throw OpenSSLException("ECKeyImpl(const string&, const string&, const string&");
}
poco_check_ptr(_pEVPPKey);
}
EVPPKey::EVPPKey(std::istream* pPublicKeyStream,
std::istream* pPrivateKeyStream,
const std::string& privateKeyPassphrase): _pEVPPKey(0)
{
if (loadKey(&_pEVPPKey, PEM_read_bio_PrivateKey, (EVP_PKEY_get_Key_fn)0, pPrivateKeyStream, privateKeyPassphrase))
{
poco_check_ptr(_pEVPPKey);
return; // private key is enough
}
// no private key, this must be public key only, otherwise throw
if (!loadKey(&_pEVPPKey, PEM_read_bio_PUBKEY, (EVP_PKEY_get_Key_fn)0, pPublicKeyStream))
{
throw OpenSSLException("ECKeyImpl(istream*, istream*, const string&");
}
poco_check_ptr(_pEVPPKey);
}
EVPPKey::EVPPKey(const EVPPKey& other)
{
duplicate(other._pEVPPKey, &_pEVPPKey);
poco_check_ptr(_pEVPPKey);
}
EVPPKey& EVPPKey::operator=(const EVPPKey& other)
{
duplicate(other._pEVPPKey, &_pEVPPKey);
poco_check_ptr(_pEVPPKey);
return *this;
}
#ifdef POCO_ENABLE_CPP11
EVPPKey::EVPPKey(EVPPKey&& other): _pEVPPKey(other._pEVPPKey)
{
other._pEVPPKey = nullptr;
poco_check_ptr(_pEVPPKey);
}
EVPPKey& EVPPKey::operator=(EVPPKey&& other)
{
_pEVPPKey = other._pEVPPKey;
other._pEVPPKey = nullptr;
poco_check_ptr(_pEVPPKey);
return *this;
}
#endif // POCO_ENABLE_CPP11
EVPPKey::~EVPPKey()
{
if (_pEVPPKey) EVP_PKEY_free(_pEVPPKey);
}
void EVPPKey::save(const std::string& publicKeyFile, const std::string& privateKeyFile, const std::string& privateKeyPassphrase) const
{
if (!publicKeyFile.empty() && (publicKeyFile != privateKeyFile))
{
BIO* bio = BIO_new(BIO_s_file());
if (!bio) throw Poco::IOException("Cannot create BIO for writing public key file", publicKeyFile);
try
{
if (BIO_write_filename(bio, const_cast<char*>(publicKeyFile.c_str())))
{
if (!PEM_write_bio_PUBKEY(bio, _pEVPPKey))
{
throw Poco::WriteFileException("Failed to write public key to file", publicKeyFile);
}
}
else throw Poco::CreateFileException("Cannot create public key file");
}
catch (...)
{
BIO_free(bio);
throw;
}
BIO_free(bio);
}
if (!privateKeyFile.empty())
{
BIO* bio = BIO_new(BIO_s_file());
if (!bio) throw Poco::IOException("Cannot create BIO for writing private key file", privateKeyFile);
try
{
if (BIO_write_filename(bio, const_cast<char*>(privateKeyFile.c_str())))
{
int rc = 0;
if (privateKeyPassphrase.empty())
{
rc = PEM_write_bio_PrivateKey(bio, _pEVPPKey, 0, 0, 0, 0, 0);
}
else
{
rc = PEM_write_bio_PrivateKey(bio, _pEVPPKey, EVP_des_ede3_cbc(),
reinterpret_cast<unsigned char*>(const_cast<char*>(privateKeyPassphrase.c_str())),
static_cast<int>(privateKeyPassphrase.length()), 0, 0);
}
if (!rc)
throw Poco::FileException("Failed to write private key to file", privateKeyFile);
}
else throw Poco::CreateFileException("Cannot create private key file", privateKeyFile);
}
catch (...)
{
BIO_free(bio);
throw;
}
BIO_free(bio);
}
}
void EVPPKey::save(std::ostream* pPublicKeyStream, std::ostream* pPrivateKeyStream, const std::string& privateKeyPassphrase) const
{
if (pPublicKeyStream && (pPublicKeyStream != pPrivateKeyStream))
{
BIO* bio = BIO_new(BIO_s_mem());
if (!bio) throw Poco::IOException("Cannot create BIO for writing public key");
if (!PEM_write_bio_PUBKEY(bio, _pEVPPKey))
{
BIO_free(bio);
throw Poco::WriteFileException("Failed to write public key to stream");
}
char* pData;
long size = BIO_get_mem_data(bio, &pData);
pPublicKeyStream->write(pData, static_cast<std::streamsize>(size));
BIO_free(bio);
}
if (pPrivateKeyStream)
{
BIO* bio = BIO_new(BIO_s_mem());
if (!bio) throw Poco::IOException("Cannot create BIO for writing public key");
int rc = 0;
if (privateKeyPassphrase.empty())
rc = PEM_write_bio_PrivateKey(bio, _pEVPPKey, 0, 0, 0, 0, 0);
else
rc = PEM_write_bio_PrivateKey(bio, _pEVPPKey, EVP_des_ede3_cbc(),
reinterpret_cast<unsigned char*>(const_cast<char*>(privateKeyPassphrase.c_str())),
static_cast<int>(privateKeyPassphrase.length()), 0, 0);
if (!rc)
{
BIO_free(bio);
throw Poco::FileException("Failed to write private key to stream");
}
char* pData;
long size = BIO_get_mem_data(bio, &pData);
pPrivateKeyStream->write(pData, static_cast<std::streamsize>(size));
BIO_free(bio);
}
}
EVP_PKEY* EVPPKey::duplicate(const EVP_PKEY* pFromKey, EVP_PKEY** pToKey)
{
if (!pFromKey) throw NullPointerException("EVPPKey::duplicate(): "
"provided key pointer is null.");
*pToKey = EVP_PKEY_new();
if (!*pToKey) throw NullPointerException("EVPPKey::duplicate(): "
"EVP_PKEY_new() returned null.");
int keyType = type(pFromKey);
switch (keyType)
{
case EVP_PKEY_RSA:
{
RSA* pRSA = EVP_PKEY_get1_RSA(const_cast<EVP_PKEY*>(pFromKey));
if (pRSA)
{
EVP_PKEY_set1_RSA(*pToKey, pRSA);
RSA_free(pRSA);
}
else throw OpenSSLException("EVPPKey::duplicate(): EVP_PKEY_get1_RSA()");
break;
}
case EVP_PKEY_EC:
{
EC_KEY* pEC = EVP_PKEY_get1_EC_KEY(const_cast<EVP_PKEY*>(pFromKey));
if (pEC)
{
EVP_PKEY_set1_EC_KEY(*pToKey, pEC);
EC_KEY_free(pEC);
int cmp = EVP_PKEY_cmp_parameters(*pToKey, pFromKey);
if (cmp < 0)
throw OpenSSLException("EVPPKey::duplicate(): EVP_PKEY_cmp_parameters()");
if (0 == cmp)
{
if(!EVP_PKEY_copy_parameters(*pToKey, pFromKey))
throw OpenSSLException("EVPPKey::duplicate(): EVP_PKEY_copy_parameters()");
}
}
else throw OpenSSLException();
break;
}
default:
throw NotImplementedException("EVPPKey:duplicate(); Key type: " +
NumberFormatter::format(keyType));
}
return *pToKey;
}
void EVPPKey::newECKey(const char* ecCurveName)
{
int curveID = OBJ_txt2nid(ecCurveName);
EC_KEY* pEC = EC_KEY_new_by_curve_name(curveID);
if (!pEC) goto err;
if (!EC_KEY_generate_key(pEC)) goto err;
_pEVPPKey = EVP_PKEY_new();
if (!_pEVPPKey) goto err;
if (!EVP_PKEY_set1_EC_KEY(_pEVPPKey, pEC)) goto err;
EC_KEY_free(pEC);
return;
err:
throw OpenSSLException("EVPPKey:newECKey()");
}
void EVPPKey::setKey(ECKey* pKey)
{
poco_check_ptr(pKey);
poco_check_ptr(pKey->impl());
setKey(pKey->impl()->getECKey());
}
void EVPPKey::setKey(RSAKey* pKey)
{
poco_check_ptr(pKey);
poco_check_ptr(pKey->impl());
setKey(pKey->impl()->getRSA());
}
int EVPPKey::passCB(char* buf, int size, int, void* pass)
{
if (pass)
{
int len = (int)std::strlen((char*)pass);
if(len > size) len = size;
std::memcpy(buf, pass, len);
return len;
}
return 0;
}
} } // namespace Poco::Crypto

34
base/poco/Crypto/src/KeyPair.cpp Normal file
View File

@ -0,0 +1,34 @@
//
// KeyPair.cpp
//
//
// Library: Crypto
// Package: CryptoCore
// Module: KeyPair
//
// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#include "Poco/Crypto/KeyPair.h"
#include <openssl/rsa.h>
namespace Poco {
namespace Crypto {
KeyPair::KeyPair(KeyPairImpl::Ptr pKeyPairImpl): _pImpl(pKeyPairImpl)
{
}
KeyPair::~KeyPair()
{
}
} } // namespace Poco::Crypto

35
base/poco/Crypto/src/KeyPairImpl.cpp Normal file
View File

@ -0,0 +1,35 @@
//
// KeyPairImpl.cpp
//
//
// Library: Crypto
// Package: CryptoCore
// Module: KeyPairImpl
//
// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#include "Poco/Crypto/KeyPairImpl.h"
namespace Poco {
namespace Crypto {
KeyPairImpl::KeyPairImpl(const std::string& name, Type type):
_name(name),
_type(type)
{
}
KeyPairImpl::~KeyPairImpl()
{
}
} } // namespace Poco::Crypto

162
base/poco/Crypto/src/OpenSSLInitializer.cpp Normal file
View File

@ -0,0 +1,162 @@
//
// OpenSSLInitializer.cpp
//
// Library: Crypto
// Package: CryptoCore
// Module: OpenSSLInitializer
//
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#include "Poco/Crypto/OpenSSLInitializer.h"
#include "Poco/RandomStream.h"
#include "Poco/Thread.h"
#include <openssl/ssl.h>
#include <openssl/rand.h>
#include <openssl/crypto.h>
#include <openssl/err.h>
#if OPENSSL_VERSION_NUMBER >= 0x0907000L
#include <openssl/conf.h>
#endif
using Poco::RandomInputStream;
using Poco::Thread;
namespace Poco {
namespace Crypto {
Poco::FastMutex* OpenSSLInitializer::_mutexes(0);
Poco::AtomicCounter OpenSSLInitializer::_rc;
OpenSSLInitializer::OpenSSLInitializer()
{
initialize();
}
OpenSSLInitializer::~OpenSSLInitializer()
{
try
{
uninitialize();
}
catch (...)
{
poco_unexpected();
}
}
void OpenSSLInitializer::initialize()
{
if (++_rc == 1)
{
#if OPENSSL_VERSION_NUMBER >= 0x0907000L
OPENSSL_config(NULL);
#endif
SSL_library_init();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
char seed[SEEDSIZE];
RandomInputStream rnd;
rnd.read(seed, sizeof(seed));
RAND_seed(seed, SEEDSIZE);
int nMutexes = CRYPTO_num_locks();
_mutexes = new Poco::FastMutex[nMutexes];
CRYPTO_set_locking_callback(&OpenSSLInitializer::lock);
// Not needed on Windows (see SF #110: random unhandled exceptions when linking with ssl).
// https://sourceforge.net/p/poco/bugs/110/
//
// From http://www.openssl.org/docs/crypto/threads.html :
// "If the application does not register such a callback using CRYPTO_THREADID_set_callback(),
// then a default implementation is used - on Windows and BeOS this uses the system's
// default thread identifying APIs"
CRYPTO_set_id_callback(&OpenSSLInitializer::id);
CRYPTO_set_dynlock_create_callback(&OpenSSLInitializer::dynlockCreate);
CRYPTO_set_dynlock_lock_callback(&OpenSSLInitializer::dynlock);
CRYPTO_set_dynlock_destroy_callback(&OpenSSLInitializer::dynlockDestroy);
}
}
void OpenSSLInitializer::uninitialize()
{
if (--_rc == 0)
{
EVP_cleanup();
ERR_free_strings();
CRYPTO_set_locking_callback(0);
CRYPTO_set_id_callback(0);
delete [] _mutexes;
CONF_modules_free();
}
}
void OpenSSLInitializer::lock(int mode, int n, const char* file, int line)
{
if (mode & CRYPTO_LOCK)
_mutexes[n].lock();
else
_mutexes[n].unlock();
}
unsigned long OpenSSLInitializer::id()
{
// Note: we use an old-style C cast here because
// neither static_cast<> nor reinterpret_cast<>
// work uniformly across all platforms.
return (unsigned long) Poco::Thread::currentTid();
}
struct CRYPTO_dynlock_value* OpenSSLInitializer::dynlockCreate(const char* file, int line)
{
return new CRYPTO_dynlock_value;
}
void OpenSSLInitializer::dynlock(int mode, struct CRYPTO_dynlock_value* lock, const char* file, int line)
{
poco_check_ptr (lock);
if (mode & CRYPTO_LOCK)
lock->_mutex.lock();
else
lock->_mutex.unlock();
}
void OpenSSLInitializer::dynlockDestroy(struct CRYPTO_dynlock_value* lock, const char* file, int line)
{
delete lock;
}
void initializeCrypto()
{
OpenSSLInitializer::initialize();
}
void uninitializeCrypto()
{
OpenSSLInitializer::uninitialize();
}
} } // namespace Poco::Crypto

191
base/poco/Crypto/src/PKCS12Container.cpp Normal file
View File

@ -0,0 +1,191 @@
//
// PKCS12Container.cpp
//
//
// Library: Crypto
// Package: Certificate
// Module: PKCS12Container
//
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#include "Poco/Crypto/PKCS12Container.h"
#include "Poco/NumberFormatter.h"
#include "Poco/StreamCopier.h"
#include <sstream>
#include <openssl/err.h>
namespace Poco {
namespace Crypto {
PKCS12Container::PKCS12Container(std::istream& istr, const std::string& password): _pKey(0)
{
std::ostringstream ostr;
Poco::StreamCopier::copyStream(istr, ostr);
const std::string& cont = ostr.str();
BIO *pBIO = BIO_new_mem_buf(const_cast<char*>(cont.data()), static_cast<int>(cont.size()));
if (pBIO)
{
PKCS12* pPKCS12 = 0;
d2i_PKCS12_bio(pBIO, &pPKCS12);
BIO_free(pBIO);
if (!pPKCS12) throw OpenSSLException("PKCS12Container(istream&, const string&)");
load(pPKCS12, password);
}
else
{
throw Poco::NullPointerException("PKCS12Container(istream&, const string&)");
}
}
PKCS12Container::PKCS12Container(const std::string& path, const std::string& password): _pKey(0)
{
FILE* pFile = fopen(path.c_str(), "rb");
if (pFile)
{
PKCS12* pPKCS12 = d2i_PKCS12_fp(pFile, NULL);
fclose (pFile);
if (!pPKCS12) throw OpenSSLException("PKCS12Container(const string&, const string&)");
load(pPKCS12, password);
}
else
{
throw Poco::OpenFileException("PKCS12Container: " + path);
}
}
PKCS12Container::PKCS12Container(const PKCS12Container& other):
_pKey(EVPPKey::duplicate(other._pKey, &_pKey)),
_pX509Cert(new X509Certificate(*other._pX509Cert)),
_caCertList(other._caCertList),
_caCertNames(other._caCertNames),
_pkcsFriendlyName(other._pkcsFriendlyName)
{
}
PKCS12Container& PKCS12Container::operator = (const PKCS12Container& other)
{
if (&other != this)
{
if (_pKey) EVP_PKEY_free(_pKey);
_pKey = EVPPKey::duplicate(other._pKey, &_pKey);
_pX509Cert.reset(new X509Certificate(*other._pX509Cert));
_caCertList = other._caCertList;
_caCertNames = other._caCertNames;
_pkcsFriendlyName = other._pkcsFriendlyName;
}
return *this;
}
#ifdef POCO_ENABLE_CPP11
PKCS12Container::PKCS12Container(PKCS12Container&& other):
_pKey(other._pKey),
_pX509Cert(std::move(other._pX509Cert)),
_caCertList(std::move(other._caCertList)),
_caCertNames(std::move(other._caCertNames)),
_pkcsFriendlyName(std::move(other._pkcsFriendlyName))
{
other._pKey = 0;
}
PKCS12Container& PKCS12Container::operator = (PKCS12Container&& other)
{
if (&other != this)
{
if (_pKey) EVP_PKEY_free(_pKey);
_pKey = other._pKey; other._pKey = 0;
_pX509Cert = std::move(other._pX509Cert);
_caCertList = std::move(other._caCertList);
_caCertNames = std::move(other._caCertNames);
_pkcsFriendlyName = std::move(other._pkcsFriendlyName);
}
return *this;
}
#endif // POCO_ENABLE_CPP11
PKCS12Container::~PKCS12Container()
{
if (_pKey) EVP_PKEY_free(_pKey);
}
std::string PKCS12Container::extractFriendlyName(X509* pCert)
{
std::string friendlyName;
if(!pCert) throw NullPointerException("PKCS12Container::extractFriendlyName(X509)");
// This is how PKCS12_add_cert() sets friendlyName (via PKCS12_add_friendlyname())
int namelen = 0;
char *name = (char *)X509_alias_get0(pCert, &namelen);
friendlyName = std::string(name, namelen);
return friendlyName;
}
void PKCS12Container::load(PKCS12* pPKCS12, const std::string& password)
{
if (pPKCS12)
{
X509* pCert = 0;
STACK_OF(X509)* pCA = 0;
if (PKCS12_parse(pPKCS12, password.c_str(), &_pKey, &pCert, &pCA))
{
if (pCert)
{
_pX509Cert.reset(new X509Certificate(pCert, true));
_pkcsFriendlyName = extractFriendlyName(pCert);
}
else _pX509Cert.reset();
_caCertList.clear();
_caCertNames.clear();
if (pCA)
{
int certCount = sk_X509_num(pCA);
for (int i = 0; i < certCount; ++i)
{
X509* pX509 = sk_X509_value(pCA, i);
if (pX509)
{
_caCertList.push_back(X509Certificate(pX509, true));
_caCertNames.push_back(extractFriendlyName(pX509));
}
else throw OpenSSLException("PKCS12Container::load()");
}
}
}
else
{
throw OpenSSLException();
}
PKCS12_free(pPKCS12);
sk_X509_pop_free(pCA, X509_free);
if (pCert) X509_free(pCert);
poco_assert_dbg (_caCertList.size() == _caCertNames.size());
}
else
{
throw NullPointerException("PKCS12Container: struct PKCS12");
}
}
} } // namespace Poco::Crypto

342
base/poco/Crypto/src/RSACipherImpl.cpp Normal file
View File

@ -0,0 +1,342 @@
//
// RSACipherImpl.cpp
//
// Library: Crypto
// Package: RSA
// Module: RSACipherImpl
//
// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#include "Poco/Crypto/RSACipherImpl.h"
#include "Poco/Crypto/CryptoTransform.h"
#include "Poco/Exception.h"
#include <openssl/err.h>
#include <openssl/rsa.h>
#include <cstring>
namespace Poco {
namespace Crypto {
namespace
{
void throwError()
{
unsigned long err;
std::string msg;
while ((err = ERR_get_error()))
{
if (!msg.empty())
msg.append("; ");
msg.append(ERR_error_string(err, 0));
}
throw Poco::IOException(msg);
}
int mapPaddingMode(RSAPaddingMode paddingMode)
{
switch (paddingMode)
{
case RSA_PADDING_PKCS1:
return RSA_PKCS1_PADDING;
case RSA_PADDING_PKCS1_OAEP:
return RSA_PKCS1_OAEP_PADDING;
case RSA_PADDING_NONE:
return RSA_NO_PADDING;
default:
poco_bugcheck();
return RSA_NO_PADDING;
}
}
class RSAEncryptImpl: public CryptoTransform
{
public:
RSAEncryptImpl(const RSA* pRSA, RSAPaddingMode paddingMode);
~RSAEncryptImpl();
std::size_t blockSize() const;
std::size_t maxDataSize() const;
std::string getTag(std::size_t);
void setTag(const std::string&);
std::streamsize transform(
const unsigned char* input,
std::streamsize inputLength,
unsigned char* output,
std::streamsize outputLength);
std::streamsize finalize(unsigned char* output, std::streamsize length);
private:
const RSA* _pRSA;
RSAPaddingMode _paddingMode;
std::streamsize _pos;
unsigned char* _pBuf;
};
RSAEncryptImpl::RSAEncryptImpl(const RSA* pRSA, RSAPaddingMode paddingMode):
_pRSA(pRSA),
_paddingMode(paddingMode),
_pos(0),
_pBuf(0)
{
_pBuf = new unsigned char[blockSize()];
}
RSAEncryptImpl::~RSAEncryptImpl()
{
delete [] _pBuf;
}
std::size_t RSAEncryptImpl::blockSize() const
{
return RSA_size(_pRSA);
}
std::size_t RSAEncryptImpl::maxDataSize() const
{
std::size_t size = blockSize();
switch (_paddingMode)
{
case RSA_PADDING_PKCS1:
case RSA_PADDING_SSLV23:
size -= 11;
break;
case RSA_PADDING_PKCS1_OAEP:
size -= 41;
break;
default:
break;
}
return size;
}
std::string RSAEncryptImpl::getTag(std::size_t)
{
return std::string();
}
void RSAEncryptImpl::setTag(const std::string&)
{
}
std::streamsize RSAEncryptImpl::transform(
const unsigned char* input,
std::streamsize inputLength,
unsigned char* output,
std::streamsize outputLength)
{
// always fill up the buffer before writing!
std::streamsize maxSize = static_cast<std::streamsize>(maxDataSize());
std::streamsize rsaSize = static_cast<std::streamsize>(blockSize());
poco_assert_dbg(_pos <= maxSize);
poco_assert (outputLength >= rsaSize);
int rc = 0;
while (inputLength > 0)
{
// check how many data bytes we are missing to get the buffer full
poco_assert_dbg (maxSize >= _pos);
std::streamsize missing = maxSize - _pos;
if (missing == 0)
{
poco_assert (outputLength >= rsaSize);
int n = RSA_public_encrypt(static_cast<int>(maxSize), _pBuf, output, const_cast<RSA*>(_pRSA), mapPaddingMode(_paddingMode));
if (n == -1)
throwError();
rc += n;
output += n;
outputLength -= n;
_pos = 0;
}
else
{
if (missing > inputLength)
missing = inputLength;
std::memcpy(_pBuf + _pos, input, static_cast<std::size_t>(missing));
input += missing;
_pos += missing;
inputLength -= missing;
}
}
return rc;
}
std::streamsize RSAEncryptImpl::finalize(unsigned char* output, std::streamsize length)
{
poco_assert (length >= blockSize());
poco_assert (_pos <= maxDataSize());
int rc = 0;
if (_pos > 0)
{
rc = RSA_public_encrypt(static_cast<int>(_pos), _pBuf, output, const_cast<RSA*>(_pRSA), mapPaddingMode(_paddingMode));
if (rc == -1) throwError();
}
return rc;
}
class RSADecryptImpl: public CryptoTransform
{
public:
RSADecryptImpl(const RSA* pRSA, RSAPaddingMode paddingMode);
~RSADecryptImpl();
std::size_t blockSize() const;
std::string getTag(std::size_t);
void setTag(const std::string&);
std::streamsize transform(
const unsigned char* input,
std::streamsize inputLength,
unsigned char* output,
std::streamsize outputLength);
std::streamsize finalize(
unsigned char* output,
std::streamsize length);
private:
const RSA* _pRSA;
RSAPaddingMode _paddingMode;
std::streamsize _pos;
unsigned char* _pBuf;
};
RSADecryptImpl::RSADecryptImpl(const RSA* pRSA, RSAPaddingMode paddingMode):
_pRSA(pRSA),
_paddingMode(paddingMode),
_pos(0),
_pBuf(0)
{
_pBuf = new unsigned char[blockSize()];
}
RSADecryptImpl::~RSADecryptImpl()
{
delete [] _pBuf;
}
std::size_t RSADecryptImpl::blockSize() const
{
return RSA_size(_pRSA);
}
std::string RSADecryptImpl::getTag(std::size_t)
{
return std::string();
}
void RSADecryptImpl::setTag(const std::string&)
{
}
std::streamsize RSADecryptImpl::transform(
const unsigned char* input,
std::streamsize inputLength,
unsigned char* output,
std::streamsize outputLength)
{
// always fill up the buffer before decrypting!
std::streamsize rsaSize = static_cast<std::streamsize>(blockSize());
poco_assert_dbg(_pos <= rsaSize);
poco_assert (outputLength >= rsaSize);
int rc = 0;
while (inputLength > 0)
{
// check how many data bytes we are missing to get the buffer full
poco_assert_dbg (rsaSize >= _pos);
std::streamsize missing = rsaSize - _pos;
if (missing == 0)
{
int tmp = RSA_private_decrypt(static_cast<int>(rsaSize), _pBuf, output, const_cast<RSA*>(_pRSA), mapPaddingMode(_paddingMode));
if (tmp == -1)
throwError();
rc += tmp;
output += tmp;
outputLength -= tmp;
_pos = 0;
}
else
{
if (missing > inputLength)
missing = inputLength;
std::memcpy(_pBuf + _pos, input, static_cast<std::size_t>(missing));
input += missing;
_pos += missing;
inputLength -= missing;
}
}
return rc;
}
std::streamsize RSADecryptImpl::finalize(unsigned char* output, std::streamsize length)
{
poco_assert (length >= blockSize());
int rc = 0;
if (_pos > 0)
{
rc = RSA_private_decrypt(static_cast<int>(_pos), _pBuf, output, const_cast<RSA*>(_pRSA), mapPaddingMode(_paddingMode));
if (rc == -1)
throwError();
}
return rc;
}
}
RSACipherImpl::RSACipherImpl(const RSAKey& key, RSAPaddingMode paddingMode):
_key(key),
_paddingMode(paddingMode)
{
}
RSACipherImpl::~RSACipherImpl()
{
}
CryptoTransform* RSACipherImpl::createEncryptor()
{
return new RSAEncryptImpl(_key.impl()->getRSA(), _paddingMode);
}
CryptoTransform* RSACipherImpl::createDecryptor()
{
return new RSADecryptImpl(_key.impl()->getRSA(), _paddingMode);
}
} } // namespace Poco::Crypto

96
base/poco/Crypto/src/RSADigestEngine.cpp Normal file
View File

@ -0,0 +1,96 @@
//
// RSADigestEngine.cpp
//
// Library: Crypto
// Package: RSA
// Module: RSADigestEngine
//
// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#include "Poco/Crypto/RSADigestEngine.h"
#include <openssl/rsa.h>
namespace Poco {
namespace Crypto {
RSADigestEngine::RSADigestEngine(const RSAKey& key, DigestType digestType):
_key(key),
_engine(digestType == DIGEST_MD5 ? "MD5" : "SHA1")
{
}
RSADigestEngine::RSADigestEngine(const RSAKey& key, const std::string &name):
_key(key),
_engine(name)
{
}
RSADigestEngine::~RSADigestEngine()
{
}
std::size_t RSADigestEngine::digestLength() const
{
return _engine.digestLength();
}
void RSADigestEngine::reset()
{
_engine.reset();
_digest.clear();
_signature.clear();
}
const DigestEngine::Digest& RSADigestEngine::digest()
{
if (_digest.empty())
{
_digest = _engine.digest();
}
return _digest;
}
const DigestEngine::Digest& RSADigestEngine::signature()
{
if (_signature.empty())
{
digest();
_signature.resize(_key.size());
unsigned sigLen = static_cast<unsigned>(_signature.size());
RSA_sign(_engine.nid(), &_digest[0], static_cast<unsigned>(_digest.size()), &_signature[0], &sigLen, _key.impl()->getRSA());
// truncate _sig to sigLen
if (sigLen < _signature.size())
_signature.resize(sigLen);
}
return _signature;
}
bool RSADigestEngine::verify(const DigestEngine::Digest& sig)
{
digest();
DigestEngine::Digest sigCpy = sig; // copy becausse RSA_verify can modify sigCpy
int ret = RSA_verify(_engine.nid(), &_digest[0], static_cast<unsigned>(_digest.size()), &sigCpy[0], static_cast<unsigned>(sigCpy.size()), _key.impl()->getRSA());
return ret != 0;
}
void RSADigestEngine::updateImpl(const void* data, std::size_t length)
{
_engine.update(data, length);
}
} } // namespace Poco::Crypto

Some files were not shown because too many files have changed in this diff Show More