aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlloyd <[email protected]>2014-11-03 22:16:51 +0000
committerlloyd <[email protected]>2014-11-03 22:16:51 +0000
commitbcd83686c3daed38974d1f9b533c07d35c5a7476 (patch)
tree3203d6f30423ebf3b7b5b3d4aa2b9ecc9ce5ba5e
parentd623823e7e0d2754343ab498f48976e91180d24f (diff)
Various small fixes and cleanups, new is_prime util
-rwxr-xr-xconfigure.py3
-rw-r--r--doc/manual/ocsp.rst8
-rw-r--r--src/cmd/apps.h1
-rw-r--r--src/cmd/asn1.cpp5
-rw-r--r--src/cmd/is_prime.cpp33
-rw-r--r--src/cmd/main.cpp3
-rw-r--r--src/cmd/tls_client.cpp25
-rw-r--r--src/lib/alloc/locking_allocator/locking_allocator.cpp6
-rw-r--r--src/lib/cert/x509/x509_ext.cpp2
-rw-r--r--src/lib/cert/x509/x509path.h2
-rw-r--r--src/lib/entropy/egd/es_egd.cpp4
-rw-r--r--src/lib/entropy/proc_walk/proc_walk.cpp2
-rw-r--r--src/lib/entropy/unix_procs/unix_procs.cpp25
-rw-r--r--src/lib/kdf/info.txt1
-rw-r--r--src/lib/rng/hmac_rng/hmac_rng.cpp10
-rw-r--r--src/lib/tls/tls_messages.h8
-rw-r--r--src/lib/utils/sqlite3/sqlite3.h2
-rwxr-xr-xsrc/scripts/dist.py1
-rw-r--r--src/tests/data/mp_valid.dat9
-rw-r--r--src/tests/test_pubkey.cpp4
20 files changed, 116 insertions, 38 deletions
diff --git a/configure.py b/configure.py
index ab363a5ba..9d5b4304b 100755
--- a/configure.py
+++ b/configure.py
@@ -1641,8 +1641,7 @@ def setup_build(build_config, options, template_vars):
portable_symlink(header_file, dir, link_method)
except OSError as e:
if e.errno != errno.EEXIST:
- logging.error('Error linking %s into %s: %s' % (
- header_file, dir, e))
+ raise Exception('Error linking %s into %s: %s' % (header_file, dir, e))
link_headers(build_config.public_headers, 'public',
build_config.botan_include_dir)
diff --git a/doc/manual/ocsp.rst b/doc/manual/ocsp.rst
index 6c52cbe50..45858dfeb 100644
--- a/doc/manual/ocsp.rst
+++ b/doc/manual/ocsp.rst
@@ -37,3 +37,11 @@ OCSP requests is via HTTP, see :rfc:`2560` Appendix A for details.
is signed correctly, and the response indicates that *subject*
is not currently revoked.
+
+.. cpp:function:: OCSP::Response online_check(const X509_Certificate& issuer, \
+ const X509_Certificate& subject, \
+ const Certificate_Store* trusted_roots)
+
+ Attempts to contact the OCSP responder specified in the subject certificate
+ and
+
diff --git a/src/cmd/apps.h b/src/cmd/apps.h
index 0cb514aca..48f1f770e 100644
--- a/src/cmd/apps.h
+++ b/src/cmd/apps.h
@@ -25,6 +25,7 @@ DEFINE_APP(dsa_verify);
DEFINE_APP(factor);
DEFINE_APP(fpe);
DEFINE_APP(hash);
+DEFINE_APP(is_prime);
DEFINE_APP(keygen);
DEFINE_APP(ocsp_check);
DEFINE_APP(pkcs10);
diff --git a/src/cmd/asn1.cpp b/src/cmd/asn1.cpp
index f9baae902..02b73e415 100644
--- a/src/cmd/asn1.cpp
+++ b/src/cmd/asn1.cpp
@@ -231,7 +231,10 @@ void decode(BER_Decoder& decoder, size_t level)
for(size_t i = 0; i != bits.size(); ++i)
for(size_t j = 0; j != 8; ++j)
- bit_set.push_back((bool)((bits[bits.size()-i-1] >> (7-j)) & 1));
+ {
+ const bool bit = static_cast<bool>((bits[bits.size()-i-1] >> (7-j)) & 1);
+ bit_set.push_back(bit);
+ }
std::string bit_str;
for(size_t i = 0; i != bit_set.size(); ++i)
diff --git a/src/cmd/is_prime.cpp b/src/cmd/is_prime.cpp
new file mode 100644
index 000000000..658401690
--- /dev/null
+++ b/src/cmd/is_prime.cpp
@@ -0,0 +1,33 @@
+#include "apps.h"
+#include <botan/numthry.h>
+
+int is_prime_main(int argc, char* argv[])
+ {
+ if(argc != 2 && argc != 3)
+ {
+ std::cerr << "Usage: " << argv[0] << " n <prob>\n";
+ return 2;
+ }
+
+ BigInt n(argv[1]);
+
+ size_t prob = 56;
+
+ if(argc == 3)
+ prob = to_u32bit(argv[2]);
+
+ AutoSeeded_RNG rng;
+
+ const bool prime = is_prime(n, rng, prob);
+
+ if(prime)
+ {
+ std::cout << n << " is prime\n";
+ return 0;
+ }
+ else
+ {
+ std::cout << n << " is not prime\n";
+ return 1;
+ }
+ }
diff --git a/src/cmd/main.cpp b/src/cmd/main.cpp
index 92ecc051e..f04c7daee 100644
--- a/src/cmd/main.cpp
+++ b/src/cmd/main.cpp
@@ -160,9 +160,10 @@ int main(int argc, char* argv[])
CALL_APP(factor);
CALL_APP(fpe);
CALL_APP(hash);
+ CALL_APP(is_prime);
CALL_APP(keygen);
- CALL_APP(rng);
CALL_APP(read_ssh);
+ CALL_APP(rng);
CALL_APP(speed);
#if defined(BOTAN_HAS_TLS)
diff --git a/src/cmd/tls_client.cpp b/src/cmd/tls_client.cpp
index 9130cd085..5ab015c33 100644
--- a/src/cmd/tls_client.cpp
+++ b/src/cmd/tls_client.cpp
@@ -4,6 +4,11 @@
#include <botan/tls_client.h>
#include <botan/pkcs8.h>
#include <botan/hex.h>
+
+#if defined(BOTAN_HAS_TLS_SQLITE3_SESSION_MANAGER)
+ #include <botan/tls_session_manager_sqlite.h>
+#endif
+
#include <string>
#include <iostream>
#include <memory>
@@ -21,10 +26,6 @@
#define MSG_NOSIGNAL 0
#endif
-#if defined(BOTAN_HAS_TLS_SQLITE3_SESSION_MANAGER)
- #include <botan/tls_session_manager_sqlite.h>
-#endif
-
#include "credentials.h"
using namespace Botan;
@@ -147,9 +148,12 @@ int tls_client_main(int argc, char* argv[])
TLS::Policy policy;
#if defined(BOTAN_HAS_TLS_SQLITE3_SESSION_MANAGER)
- TLS::Session_Manager_SQLite session_manager("my secret passphrase",
+ const std::string passphrase = "correct horse battery staple";
+ const std::string sessions_db = "sessions.db";
+
+ TLS::Session_Manager_SQLite session_manager(passphrase,
rng,
- "sessions.db");
+ sessions_db);
#else
TLS::Session_Manager_In_Memory session_manager(rng);
#endif
@@ -188,7 +192,9 @@ int tls_client_main(int argc, char* argv[])
FD_SET(sockfd, &readfds);
FD_SET(STDIN_FILENO, &readfds);
- ::select(sockfd + 1, &readfds, nullptr, nullptr, nullptr);
+ struct timeval timeout = { 1, 0 };
+
+ ::select(sockfd + 1, &readfds, nullptr, nullptr, &timeout);
if(FD_ISSET(sockfd, &readfds))
{
@@ -247,6 +253,11 @@ int tls_client_main(int argc, char* argv[])
else
client.send(buf, got);
}
+ else
+ {
+ if(client.timeout_check())
+ std::cerr << "Timeout detected\n";
+ }
}
::close(sockfd);
diff --git a/src/lib/alloc/locking_allocator/locking_allocator.cpp b/src/lib/alloc/locking_allocator/locking_allocator.cpp
index 4b66ea018..9ea1235e9 100644
--- a/src/lib/alloc/locking_allocator/locking_allocator.cpp
+++ b/src/lib/alloc/locking_allocator/locking_allocator.cpp
@@ -158,6 +158,12 @@ bool mlock_allocator::deallocate(void* p, size_t num_elems, size_t elem_size)
if(!m_pool)
return false;
+ /*
+ We do not have to zero the memory here, as
+ secure_allocator::deallocate does that for all arguments before
+ invoking the deallocator (us or delete[])
+ */
+
size_t n = num_elems * elem_size;
/*
diff --git a/src/lib/cert/x509/x509_ext.cpp b/src/lib/cert/x509/x509_ext.cpp
index f56014ab7..db43ab175 100644
--- a/src/lib/cert/x509/x509_ext.cpp
+++ b/src/lib/cert/x509/x509_ext.cpp
@@ -63,6 +63,8 @@ Extensions& Extensions::operator=(const Extensions& other)
std::make_pair(other.extensions[i].first->copy(),
other.extensions[i].second));
+ m_throw_on_unknown_critical = other.m_throw_on_unknown_critical;
+
return (*this);
}
diff --git a/src/lib/cert/x509/x509path.h b/src/lib/cert/x509/x509path.h
index f7e57759e..05ed43a2e 100644
--- a/src/lib/cert/x509/x509path.h
+++ b/src/lib/cert/x509/x509path.h
@@ -122,7 +122,7 @@ class BOTAN_DLL Path_Validation_Result
Path_Validation_Result(Certificate_Status_Code status) : m_overall(status) {}
private:
- friend Path_Validation_Result x509_path_validate(
+ friend Path_Validation_Result BOTAN_DLL x509_path_validate(
const std::vector<X509_Certificate>& end_certs,
const Path_Validation_Restrictions& restrictions,
const std::vector<Certificate_Store*>& certstores);
diff --git a/src/lib/entropy/egd/es_egd.cpp b/src/lib/entropy/egd/es_egd.cpp
index c04acb4f3..e61d4ef82 100644
--- a/src/lib/entropy/egd/es_egd.cpp
+++ b/src/lib/entropy/egd/es_egd.cpp
@@ -43,7 +43,7 @@ int EGD_EntropySource::EGD_Socket::open_socket(const std::string& path)
std::memset(&addr, 0, sizeof(addr));
addr.sun_family = PF_LOCAL;
- if(sizeof(addr.sun_path) < path.length() + 1)
+ if(path.length() >= sizeof(addr.sun_path))
throw std::invalid_argument("EGD socket path is too long");
std::strncpy(addr.sun_path, path.c_str(), sizeof(addr.sun_path));
@@ -109,7 +109,7 @@ size_t EGD_EntropySource::EGD_Socket::read(byte outbuf[], size_t length)
void EGD_EntropySource::EGD_Socket::close()
{
- if(m_fd > 0)
+ if(m_fd >= 0)
{
::close(m_fd);
m_fd = -1;
diff --git a/src/lib/entropy/proc_walk/proc_walk.cpp b/src/lib/entropy/proc_walk/proc_walk.cpp
index 5a72f46e5..f459a7e32 100644
--- a/src/lib/entropy/proc_walk/proc_walk.cpp
+++ b/src/lib/entropy/proc_walk/proc_walk.cpp
@@ -106,7 +106,7 @@ int Directory_Walker::next_fd()
{
int fd = ::open(full_path.c_str(), O_RDONLY | O_NOCTTY);
- if(fd > 0)
+ if(fd >= 0)
return fd;
}
}
diff --git a/src/lib/entropy/unix_procs/unix_procs.cpp b/src/lib/entropy/unix_procs/unix_procs.cpp
index c36941f43..7925741bb 100644
--- a/src/lib/entropy/unix_procs/unix_procs.cpp
+++ b/src/lib/entropy/unix_procs/unix_procs.cpp
@@ -11,6 +11,7 @@
#include <botan/internal/unix_procs.h>
#include <botan/parsing.h>
#include <algorithm>
+#include <atomic>
#include <sys/time.h>
#include <sys/stat.h>
@@ -67,19 +68,25 @@ Unix_EntropySource::Unix_EntropySource(const std::vector<std::string>& trusted_p
void UnixProcessInfo_EntropySource::poll(Entropy_Accumulator& accum)
{
- accum.add(::getpid(), 0.0);
- accum.add(::getppid(), 0.0);
- accum.add(::getuid(), 0.0);
- accum.add(::getgid(), 0.0);
- accum.add(::getsid(0), 0.0);
- accum.add(::getpgrp(), 0.0);
+ static std::atomic<int> last_pid;
+
+ int pid = ::getpid();
+
+ accum.add(pid, 0.0);
+
+ if(pid != last_pid)
+ {
+ last_pid = pid;
+ accum.add(::getppid(), 0.0);
+ accum.add(::getuid(), 0.0);
+ accum.add(::getgid(), 0.0);
+ accum.add(::getsid(0), 0.0);
+ accum.add(::getpgrp(), 0.0);
+ }
struct ::rusage usage;
::getrusage(RUSAGE_SELF, &usage);
accum.add(usage, 0.0);
-
- ::getrusage(RUSAGE_CHILDREN, &usage);
- accum.add(usage, 0.0);
}
namespace {
diff --git a/src/lib/kdf/info.txt b/src/lib/kdf/info.txt
index e9cbdeb1a..f33a4bc8d 100644
--- a/src/lib/kdf/info.txt
+++ b/src/lib/kdf/info.txt
@@ -2,4 +2,5 @@ define KDF_BASE 20131128
<requires>
alloc
+libstate
</requires>
diff --git a/src/lib/rng/hmac_rng/hmac_rng.cpp b/src/lib/rng/hmac_rng/hmac_rng.cpp
index 7d8b54e84..153f85c80 100644
--- a/src/lib/rng/hmac_rng/hmac_rng.cpp
+++ b/src/lib/rng/hmac_rng/hmac_rng.cpp
@@ -95,6 +95,11 @@ void HMAC_RNG::randomize(byte out[], size_t length)
const size_t max_per_prf_iter = m_prf->output_length() / 2;
+ m_output_since_reseed += length;
+
+ if(m_output_since_reseed >= BOTAN_RNG_MAX_OUTPUT_BEFORE_RESEED)
+ reseed(BOTAN_RNG_RESEED_POLL_BITS);
+
/*
HMAC KDF as described in E-t-E, using a CTXinfo of "rng"
*/
@@ -107,11 +112,6 @@ void HMAC_RNG::randomize(byte out[], size_t length)
copy_mem(out, &m_K[0], copied);
out += copied;
length -= copied;
-
- m_output_since_reseed += copied;
-
- if(m_output_since_reseed >= BOTAN_RNG_MAX_OUTPUT_BEFORE_RESEED)
- reseed(BOTAN_RNG_RESEED_POLL_BITS);
}
}
diff --git a/src/lib/tls/tls_messages.h b/src/lib/tls/tls_messages.h
index 626f6a1cf..a1634c8ad 100644
--- a/src/lib/tls/tls_messages.h
+++ b/src/lib/tls/tls_messages.h
@@ -210,7 +210,7 @@ class Server_Hello : public Handshake_Message
bool secure_renegotiation() const
{
- return m_extensions.get<Renegotiation_Extension>();
+ return m_extensions.has<Renegotiation_Extension>();
}
std::vector<byte> renegotiation_info() const
@@ -222,7 +222,7 @@ class Server_Hello : public Handshake_Message
bool next_protocol_notification() const
{
- return m_extensions.get<Next_Protocol_Notification>();
+ return m_extensions.has<Next_Protocol_Notification>();
}
std::vector<std::string> next_protocols() const
@@ -241,12 +241,12 @@ class Server_Hello : public Handshake_Message
bool supports_session_ticket() const
{
- return m_extensions.get<Session_Ticket>();
+ return m_extensions.has<Session_Ticket>();
}
bool supports_heartbeats() const
{
- return m_extensions.get<Heartbeat_Support_Indicator>();
+ return m_extensions.has<Heartbeat_Support_Indicator>();
}
bool peer_can_send_heartbeats() const
diff --git a/src/lib/utils/sqlite3/sqlite3.h b/src/lib/utils/sqlite3/sqlite3.h
index aef04ab4d..3085ff0e3 100644
--- a/src/lib/utils/sqlite3/sqlite3.h
+++ b/src/lib/utils/sqlite3/sqlite3.h
@@ -56,8 +56,6 @@ class sqlite3_statement
bool step();
- sqlite3_stmt* stmt() { return m_stmt; }
-
~sqlite3_statement();
private:
sqlite3_stmt* m_stmt;
diff --git a/src/scripts/dist.py b/src/scripts/dist.py
index 26da31d24..3929c9531 100755
--- a/src/scripts/dist.py
+++ b/src/scripts/dist.py
@@ -13,7 +13,6 @@ import logging
import optparse
import os
import shlex
-import StringIO
import shutil
import subprocess
import sys
diff --git a/src/tests/data/mp_valid.dat b/src/tests/data/mp_valid.dat
index 1b45bf9bb..47a5df1f1 100644
--- a/src/tests/data/mp_valid.dat
+++ b/src/tests/data/mp_valid.dat
@@ -5419,6 +5419,10 @@
2:1
3:1
4:0
+255:0
+257:1
+65517:0
+65521:1
65537:1
# This one passes Miller-Rabin with a base of 2, but not with most others
@@ -5466,3 +5470,8 @@
2701791887072337189992932234179329410389241899414841054215169960\
1546741832617953638436279944072980418788682453341495300190580109\
0622787969540076319408964006231:0
+
+# Carmichael numbers
+232250619601:0
+9746347772161:0
+340561:0
diff --git a/src/tests/test_pubkey.cpp b/src/tests/test_pubkey.cpp
index 734ff1803..eec7e3bde 100644
--- a/src/tests/test_pubkey.cpp
+++ b/src/tests/test_pubkey.cpp
@@ -170,11 +170,11 @@ size_t validate_encryption(PK_Encryptor& e, PK_Decryptor& d,
{
std::vector<byte> message = hex_decode(input);
std::vector<byte> expected = hex_decode(exp);
- Fixed_Output_RNG rng(hex_decode(random));
+ Fixed_Output_RNG kat_rng(hex_decode(random));
size_t fails = 0;
- const std::vector<byte> ctext = e.encrypt(message, rng);
+ const std::vector<byte> ctext = e.encrypt(message, kat_rng);
if(ctext != expected)
{
std::cout << "FAILED (encrypt): " << algo << std::endl;