On May 13, 2010, at 00:39, Zooko O'Whielacronx wrote: > Hm, yeah, I assumed someone else would do something about it and then > forgot about it. Apparently Wei Dai's attention is elsewhere.
Oops. :-) > Let's at least get a publicly available copy of your full test system > (the big one that you weren't sure how to deliver). How big is it? Oh, it was just one source file, but a larger one than I wanted to just include in the email to the list. I attached it to the bug report in Trac. Trac says it's about 80kB; it includes hex values for the expected hash values from over 300 tests. Unlike the regular test vectors, this test program looks for problems relating to message alignment and length handling, accidental overflow or sign-extension problems in dealing with byte/bit counts, address comparisons, stuff like that. So a bunch of hashes of basically the same messages get run over and over again. (Plus a couple of standard test vectors for sha256, to check my own test routines for correctness.) Hmm... I don't think I included a test for an overrun while reading message data.... It probably wouldn't be hard to set up similar tests for sha1 or sha512 or whatever -- or write up code to synthesize the test data, based on block size and such. > I'll work on this issue more soon (I'm in the middle of Tahoe-LAFS > v1.7 release at the moment). Possible ways forward include setting up > a Continuous Integration server, Probably a good idea. But I get the impression from some of the list traffic that exercising the code on a wide variety of platforms and compilers may be even more interesting than re-checking slightly changed versions on a small number of high-profile platforms, which is what I've usually seen. > trying to get Crypto++ adopted into > Boost, Sounds like it would probably be a good thing. > getting more people than Wei Dai to have SVN commit access, If he's okay with it, sure. It might be wise to get the continuous integration server (or other regular testing) up and running, with at least a few platforms being exercised regularly first, so someone doesn't accidentally "fix" a bug seen on Windows, say, by breaking the code on everything else without noticing for a while. You might put performance regression testing on your list too... though that's trickier to manage since you really want a physical machine to yourself for the duration of the test, and you want the same machine, or at least exactly the same hardware configuration, time after time, so as to make comparisons meaningful. > moving to a different hosting environment (I really don't like sf.net > and I really don't like SVN), Eh... I just use git-svn and don't worry about it. :-) Though, I think sf.net now gives you choices about the VCS you want to use. And github seems pretty popular... Ken -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com.
