Visual studio – crypto++ wiki gas definition

#

Crypto++ 5.6.4 and above provide a Visual Studio 2010 solution file with four projects. Crypto++ 5.6.3 and earlier provided a Visual Studio 2005 solution file with four projects. The four projects are Cryptlib, Cryptest, Cryptdll and Dlltest, and they are the same in VS2005 and VS2010. Broadly speaking, Cryptlib is the library you will usually use. Cryptest is the driver to exercise Cryptlib. The DLL provides a FIPS 140-2 Validated library in Cryptdll. Dlltest is the DLL driver program.

All the projects use static linking against the C/C++ runtime ( /MT or /MTd). Sometimes you need to change the runtime library to work with other class libraries, like MFC or Qt (both of which use dynamic C++ runtime linking). See Dynamic C++ Runtime Linking below for information on the change.

Cryptest is set as the default startup project. There’s no way to do it declaratively in the solution, so the project is listed first in the solution file. This suits most users needs because they are interested in Cryptlib and Cryptest projects. However, a side effect is you have to perform Build → Batch Build → Build All twice to successfully build all 24 configurations. Update: as of October, 2016, you should not need to build twice. Custom build steps were added and dependencies were updated at Commit c70c78474557fa68 to force building the prerequisites.

The four Visual Studio projects do not include notelemetry.obj. The object file is needed to suppress collection and sending user, device and application information to Microsoft. Microsoft surreptitiously added it to Visual Studio 2015, and claimed the failure to disclose was an oversight. Yeah, right…

There are four projects bundled with the solution. The four projects are Cryptlib, Cryptest, Cryptdll and Dlltest. Broadly speaking, Cryptlib is the library you will usually use. Cryptest is the driver to exercise Cryptlib. The DLL provides a FIPS 140-2 Validated library in Cryptdll. The DLL exists to provide the security boundary required by the NIST program. Dlltest is the DLL driver program.

At Visual Studio 2010, Microsoft made changes to the MSBuild engine and modified the way it handled project settings and dependencies. Additionally, the VCUpgrade does a rather poor job at migrating settings. Combined, the changes created a fair amount of trouble for Crypto++ and its users who attempt to upgrade. The especially troubling part to the project was the discomfort it was causing visually impaired users who needed VS2010 for its screen reader support.

To help avoid the troubles created by Microsoft and the VCUpgrade process, the project provides a pre-converted set of project files named vs2010.zip. The solution, project files and filters are for Visual Studio 2010, which should ease the troubles being experienced by users. The ZIP file is available for download at the bottom of the page.

vs2010.zip is created from the latest set of GitHub sources. If you encounter fatal error C1083: Cannot open source file: ‘bench1.cpp’: No such file or directory, then its due to renaming bench.cpp to bench1.cpp in Crypto++ 5.6.4. In this case, you should undo the rename in the project files. That is, open cryptest.vcxproj in notepad, find bench1.cpp, and then rename it to bench.cpp. Or, perform the rename of bench.cpp to bench1.cpp on the filesystem.

If you use vs2010.zip with a downlevel version of the library, then you might find references to missing source files. For example, Crypto++ 5.6.3 will be missing ChaCha and BLAKE2, which were added for Crypto++ 5.6.4. If you experience missing referecnces, then simply delete the missing source files from the project.

From Projects and Configurations, Crypto++ uses static C/C++ runtime linking. If you need to use Crypto++ with other class libraries, like ATL, MFC or QT, then you will likely encounter problems due to mixing and matching C++ runtime libraries. To resolve the issue, you probably have to switch to dynamic C/C++ runtime linking for Crypto++. (The other option is to use other class libraries, like ATL, MFC or Qt, in a static runtime configuration).

If you switch to dynamic linking, there’s an increased attack surface because a DLL can be changed or redirected at loadtime. Both Windows and Linux suffer the DLL tricks; see, for example, Breaking the Links: Exploiting the Linker on Linux or search for Binary Planting on Windows.

Second, under Visual Studio 2005 and 2010, you can change all the project’s settings by hand. Again, the the property of interest is RuntimeLibrary, and the settings of interest are Multi-threaded DLL (/MD) and Multi-threaded Debug DLL (/MDd).

VC++ 5.0 is not guaranteed to work with Crypto++ 5.6.3, 5.6.4 and 5.6.5. The project attempts to remain compatible with VC++ 6.0 because there are a handful of users and companies which support legacy implementations, but you may need to modify some source files depending on your usage of the library.

The DLL project, Cryptdll, creates a DLL that is intended to provide FIPS validated cryptography. The DLL only provides FIPS validated cryptography. It is not a general purpose DLL, and it is missing many useful classes. The DLL is exercised by the Dlltest project. For those doing business in US Federal, it is a requirement. In general, you should avoid the DLL if you are not required to use it.

The DLL provides validated cryptography in accordance with FIPS 140-2, Level 1. The DLL only provides core cryptographic classes and functions, and they are limited to Skipjack, Triple-DES, AES, SHS, DSA, RSA, ECDSA, HMAC, RNG, Triple-DES MAC and Diffie-Hellman.

The DLL has specific Operational Environment (OE) requirements. You have to use the DLL on the platform it was validated on, which means the same CPU, OS, service pack level and even C/C++ runtime library. Crypto++ has validations on three platforms – Windows 2000, Windows XP and Windows Server 2003.

In this configuration, you will set CRYPTOPP_IMPORTS to avoid duplicate symbols from both the DLL and static library. You will link to the import library at compile time ( cryptopp.lib) for the FIPS approved algorithms. At runtime you will link to the DLL ( cryptopp.dll). And for the missing classes, you will link to the static library at compile time ( cryptlib.lib). All three of these are in the DLL_Output directory.