diff options
author | lloyd <[email protected]> | 2008-09-29 03:08:47 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2008-09-29 03:08:47 +0000 |
commit | 8479818176b1b80376541e33e49d65589e8feabb (patch) | |
tree | f17e9e17286766ada342bc1a9778b98122a378e0 | |
parent | 9e3118d4ded9af1f75ec0512fa9a6bc3725a6ae1 (diff) |
Remove more dependencies on the global state object.
New argument to X509_CRL constructor, a boolean that specifies if
an exception should be thrown upon encountering an unknown extension
type marked as critical. Previously this was controlled globally via
the x509/crl/unknown_critical policy flag.
-rw-r--r-- | src/asn1/asn1_str.cpp | 2 | ||||
-rw-r--r-- | src/core/policy.cpp | 7 | ||||
-rw-r--r-- | src/pk_pad/emsa2/emsa2.cpp | 11 | ||||
-rw-r--r-- | src/pk_pad/emsa3/emsa3.cpp | 2 | ||||
-rw-r--r-- | src/pk_pad/hash_id/hash_id.cpp | 12 | ||||
-rw-r--r-- | src/x509/crl_ent.cpp | 16 | ||||
-rw-r--r-- | src/x509/crl_ent.h | 3 | ||||
-rw-r--r-- | src/x509/x509_ca.cpp | 16 | ||||
-rw-r--r-- | src/x509/x509_crl.cpp | 16 | ||||
-rw-r--r-- | src/x509/x509_crl.h | 6 |
10 files changed, 34 insertions, 57 deletions
diff --git a/src/asn1/asn1_str.cpp b/src/asn1/asn1_str.cpp index eadc7a75d..bca1bf3c3 100644 --- a/src/asn1/asn1_str.cpp +++ b/src/asn1/asn1_str.cpp @@ -49,7 +49,7 @@ ASN1_Tag choose_encoding(const std::string& str, { if(type == "utf8") return UTF8_STRING; if(type == "latin1") return T61_STRING; - throw Invalid_Argument("Bad setting for x509/ca/str_type: " + type); + throw Invalid_Argument("choose_encoding: Bad string type " + type); } } return PRINTABLE_STRING; diff --git a/src/core/policy.cpp b/src/core/policy.cpp index 606250690..39810760b 100644 --- a/src/core/policy.cpp +++ b/src/core/policy.cpp @@ -218,13 +218,6 @@ void set_default_config(Library_State& config) config.set_option("pk/test/private", "basic"); config.set_option("pk/test/private_gen", "all"); - config.set_option("x509/ca/allow_ca", "false"); - config.set_option("x509/ca/basic_constraints", "always"); - config.set_option("x509/ca/rsa_hash", "SHA-1"); - - config.set_option("x509/crl/unknown_critical", "ignore"); - config.set_option("x509/crl/next_update", "7d"); - config.set_option("x509/exts/basic_constraints", "critical"); config.set_option("x509/exts/subject_key_id", "yes"); config.set_option("x509/exts/authority_key_id", "yes"); diff --git a/src/pk_pad/emsa2/emsa2.cpp b/src/pk_pad/emsa2/emsa2.cpp index 24292d390..9f5f4b277 100644 --- a/src/pk_pad/emsa2/emsa2.cpp +++ b/src/pk_pad/emsa2/emsa2.cpp @@ -96,11 +96,16 @@ bool EMSA2::verify(const MemoryRegion<byte>& coded, *************************************************/ EMSA2::EMSA2(const std::string& hash_name) { - hash_id = ieee1363_hash_id(hash_name); - if(hash_id == 0) - throw Encoding_Error("EMSA2 cannot be used with " + hash->name()); hash = get_hash(hash_name); empty_hash = hash->final(); + + hash_id = ieee1363_hash_id(hash->name()); + + if(hash_id == 0) + { + delete hash; + throw Encoding_Error("EMSA2 cannot be used with " + hash->name()); + } } } diff --git a/src/pk_pad/emsa3/emsa3.cpp b/src/pk_pad/emsa3/emsa3.cpp index 60880d1aa..255366503 100644 --- a/src/pk_pad/emsa3/emsa3.cpp +++ b/src/pk_pad/emsa3/emsa3.cpp @@ -90,8 +90,8 @@ bool EMSA3::verify(const MemoryRegion<byte>& coded, *************************************************/ EMSA3::EMSA3(const std::string& hash_name) { - hash_id = pkcs_hash_id(hash_name); hash = get_hash(hash_name); + hash_id = pkcs_hash_id(hash->name()); } } diff --git a/src/pk_pad/hash_id/hash_id.cpp b/src/pk_pad/hash_id/hash_id.cpp index 27225b3b5..123a0de0e 100644 --- a/src/pk_pad/hash_id/hash_id.cpp +++ b/src/pk_pad/hash_id/hash_id.cpp @@ -4,7 +4,7 @@ *************************************************/ #include <botan/hash_id.h> -#include <botan/libstate.h> +#include <botan/exceptn.h> namespace Botan { @@ -51,10 +51,8 @@ const byte TIGER_ID[] = { /************************************************* * Return the HashID, as specified by PKCS * *************************************************/ -MemoryVector<byte> pkcs_hash_id(const std::string& name_or_alias) +MemoryVector<byte> pkcs_hash_id(const std::string& name) { - const std::string name = global_state().deref_alias(name_or_alias); - MemoryVector<byte> out; if(name == "Parallel(MD5,SHA-160)") @@ -82,16 +80,14 @@ MemoryVector<byte> pkcs_hash_id(const std::string& name_or_alias) if(out.size()) return out; - throw Invalid_Argument("No PKCS #1 identifier for " + name_or_alias); + throw Invalid_Argument("No PKCS #1 identifier for " + name); } /************************************************* * Return the HashID, as specified by IEEE 1363 * *************************************************/ -byte ieee1363_hash_id(const std::string& name_or_alias) +byte ieee1363_hash_id(const std::string& name) { - const std::string name = global_state().deref_alias(name_or_alias); - if(name == "RIPEMD-160") return 0x31; if(name == "RIPEMD-128") return 0x32; if(name == "SHA-160") return 0x33; diff --git a/src/x509/crl_ent.cpp b/src/x509/crl_ent.cpp index 4a85b99c2..dbf550f13 100644 --- a/src/x509/crl_ent.cpp +++ b/src/x509/crl_ent.cpp @@ -8,7 +8,6 @@ #include <botan/der_enc.h> #include <botan/ber_dec.h> #include <botan/bigint.h> -#include <botan/libstate.h> #include <botan/oids.h> #include <botan/util.h> @@ -17,7 +16,8 @@ namespace Botan { /************************************************* * Create a CRL_Entry * *************************************************/ -CRL_Entry::CRL_Entry() +CRL_Entry::CRL_Entry(bool t_on_unknown_crit) : + throw_on_unknown_critical(t_on_unknown_crit) { reason = UNSPECIFIED; } @@ -25,7 +25,8 @@ CRL_Entry::CRL_Entry() /************************************************* * Create a CRL_Entry * *************************************************/ -CRL_Entry::CRL_Entry(const X509_Certificate& cert, CRL_Code why) +CRL_Entry::CRL_Entry(const X509_Certificate& cert, CRL_Code why) : + throw_on_unknown_critical(false) { serial = cert.serial_number(); time = X509_Time(system_time()); @@ -91,14 +92,7 @@ void CRL_Entry::decode_from(BER_Decoder& source) if(source.more_items()) { - std::string action = - global_state().option("x509/crl/unknown_critical"); - - if(action != "throw" && action != "ignore") - throw Invalid_Argument("Bad setting x509/crl/unknown_critical: " - + action); - - Extensions extensions(action == "throw"); + Extensions extensions(throw_on_unknown_critical); source.decode(extensions); Data_Store info; extensions.contents_to(info, info); diff --git a/src/x509/crl_ent.h b/src/x509/crl_ent.h index 05a9338b3..8aa567a2a 100644 --- a/src/x509/crl_ent.h +++ b/src/x509/crl_ent.h @@ -23,10 +23,11 @@ class BOTAN_DLL CRL_Entry : public ASN1_Object X509_Time expire_time() const { return time; } CRL_Code reason_code() const { return reason; } - CRL_Entry(); + CRL_Entry(bool throw_on_unknown_critical_extension = false); CRL_Entry(const X509_Certificate&, CRL_Code = UNSPECIFIED); private: + bool throw_on_unknown_critical; MemoryVector<byte> serial; X509_Time time; CRL_Code reason; diff --git a/src/x509/x509_ca.cpp b/src/x509/x509_ca.cpp index d455e4988..16cfc662c 100644 --- a/src/x509/x509_ca.cpp +++ b/src/x509/x509_ca.cpp @@ -7,7 +7,6 @@ #include <botan/x509stor.h> #include <botan/der_enc.h> #include <botan/ber_dec.h> -#include <botan/libstate.h> #include <botan/lookup.h> #include <botan/look_pk.h> #include <botan/numthry.h> @@ -187,8 +186,7 @@ X509_CRL X509_CA::make_crl(const std::vector<CRL_Entry>& revoked, const u32bit X509_CRL_VERSION = 2; if(next_update == 0) - next_update = timespec_to_u32bit( - global_state().option("x509/crl/next_update")); + next_update = timespec_to_u32bit("7d"); // Totally stupid: ties encoding logic to the return of std::time!! const u64bit current_time = system_time(); @@ -252,20 +250,12 @@ PK_Signer* choose_sig_format(const Private_Key& key, if(algo_name == "RSA") { - std::string hash = global_state().option("x509/ca/rsa_hash"); - - if(hash == "") - throw Invalid_State("No value set for x509/ca/rsa_hash"); - - hash = global_state().deref_alias(hash); - - padding = "EMSA3(" + hash + ")"; + padding = "EMSA3(SHA-160)"; format = IEEE_1363; } else if(algo_name == "DSA") { - std::string hash = global_state().deref_alias("SHA-1"); - padding = "EMSA1(" + hash + ")"; + padding = "EMSA1(SHA-160)"; format = DER_SEQUENCE; } else diff --git a/src/x509/x509_crl.cpp b/src/x509/x509_crl.cpp index 306c78bd1..6805abef6 100644 --- a/src/x509/x509_crl.cpp +++ b/src/x509/x509_crl.cpp @@ -8,7 +8,6 @@ #include <botan/ber_dec.h> #include <botan/parsing.h> #include <botan/bigint.h> -#include <botan/libstate.h> #include <botan/oids.h> namespace Botan { @@ -16,7 +15,8 @@ namespace Botan { /************************************************* * Load a X.509 CRL * *************************************************/ -X509_CRL::X509_CRL(DataSource& in) : X509_Object(in, "X509 CRL/CRL") +X509_CRL::X509_CRL(DataSource& in, bool touc) : + X509_Object(in, "X509 CRL/CRL"), throw_on_unknown_critical(touc) { do_decode(); } @@ -24,7 +24,8 @@ X509_CRL::X509_CRL(DataSource& in) : X509_Object(in, "X509 CRL/CRL") /************************************************* * Load a X.509 CRL * *************************************************/ -X509_CRL::X509_CRL(const std::string& in) : X509_Object(in, "CRL/X509 CRL") +X509_CRL::X509_CRL(const std::string& in, bool touc) : + X509_Object(in, "CRL/X509 CRL"), throw_on_unknown_critical(touc) { do_decode(); } @@ -66,7 +67,7 @@ void X509_CRL::force_decode() while(cert_list.more_items()) { - CRL_Entry entry; + CRL_Entry entry(throw_on_unknown_critical); cert_list.decode(entry); revoked.push_back(entry); } @@ -78,12 +79,7 @@ void X509_CRL::force_decode() { BER_Decoder crl_options(next.value); - std::string action = global_state().option("x509/crl/unknown_critical"); - if(action != "throw" && action != "ignore") - throw Invalid_Argument("Bad value of x509/crl/unknown_critical: " - + action); - - Extensions extensions(action == "throw"); + Extensions extensions(throw_on_unknown_critical); crl_options.decode(extensions).verify_end(); diff --git a/src/x509/x509_crl.h b/src/x509/x509_crl.h index f7623b940..ec73e9fdf 100644 --- a/src/x509/x509_crl.h +++ b/src/x509/x509_crl.h @@ -33,10 +33,12 @@ class BOTAN_DLL X509_CRL : public X509_Object X509_Time this_update() const; X509_Time next_update() const; - X509_CRL(DataSource&); - X509_CRL(const std::string&); + X509_CRL(DataSource&, bool throw_on_unknown_critical = false); + X509_CRL(const std::string&, bool throw_on_unknown_critical = false); private: void force_decode(); + + bool throw_on_unknown_critical; std::vector<CRL_Entry> revoked; Data_Store info; }; |