diff options
| author | lloyd <[email protected]> | 2010-10-29 15:15:30 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2010-10-29 15:15:30 +0000 |
| commit | 66b163323d39ac5c0be30fd0b1c0fd91b64a55f3 (patch) | |
| tree | e745b4824105f600ec5452e591a112229bc01478 | |
| parent | 89a2e78d2ff2f0266825708a0294b13a4c370a29 (diff) | |
Make MemoryRegion::set protected, change all callers
| -rw-r--r-- | src/alloc/secmem.h | 18 | ||||
| -rw-r--r-- | src/block/aes/aes.cpp | 6 | ||||
| -rw-r--r-- | src/block/lubyrack/lubyrack.cpp | 6 | ||||
| -rw-r--r-- | src/block/serpent/serpent.h | 4 | ||||
| -rw-r--r-- | src/cms/cms_enc.cpp | 3 | ||||
| -rw-r--r-- | src/filters/data_src.cpp | 12 | ||||
| -rw-r--r-- | src/filters/modes/cbc/cbc.cpp | 6 | ||||
| -rw-r--r-- | src/filters/pk_filts/pk_filts.cpp | 3 | ||||
| -rw-r--r-- | src/math/bigint/bigint.h | 9 | ||||
| -rw-r--r-- | src/math/numbertheory/powm_mnt.cpp | 8 | ||||
| -rw-r--r-- | src/pbe/pbes1/pbes1.cpp | 14 | ||||
| -rw-r--r-- | src/pk_pad/hash_id/hash_id.cpp | 45 | ||||
| -rw-r--r-- | src/pubkey/pubkey.cpp | 23 | ||||
| -rw-r--r-- | src/ssl/hello.cpp | 3 | ||||
| -rw-r--r-- | src/ssl/s_kex.cpp | 3 | ||||
| -rw-r--r-- | src/sym_algo/symkey.cpp | 7 |
16 files changed, 97 insertions, 73 deletions
diff --git a/src/alloc/secmem.h b/src/alloc/secmem.h index cbc4354ad..5261724ae 100644 --- a/src/alloc/secmem.h +++ b/src/alloc/secmem.h @@ -135,18 +135,12 @@ class MemoryRegion * @param in the array to copy the contents from * @param n the length of in */ +#if 1 void copy(size_t off, const T in[], size_t n) { copy_mem(buf + off, in, std::min(n, size() - off)); } - - /** - * Set the contents of this according to the argument. The size of - * this is increased if necessary. - * @param in the array of objects of type T to copy the contents from - * @param n the size of array in - */ - void set(const T in[], size_t n) { resize(n); copy(in, n); } +#endif /** * Append a single element. @@ -193,6 +187,14 @@ class MemoryRegion } /** + * Set the contents of this according to the argument. The size of + * this is increased if necessary. + * @param in the array of objects of type T to copy the contents from + * @param n the size of array in + */ + void set(const T in[], size_t n) { resize(n); copy(in, n); } + + /** * @param locking should we use a locking allocator * @param length the initial length to use */ diff --git a/src/block/aes/aes.cpp b/src/block/aes/aes.cpp index f149a0ac0..b19699dbc 100644 --- a/src/block/aes/aes.cpp +++ b/src/block/aes/aes.cpp @@ -666,8 +666,10 @@ void aes_key_schedule(const byte key[], size_t length, store_be(XEK[i], &MD[4*i]); } - EK.set(&XEK[0], length + 24); - DK.set(&XDK[0], length + 24); + EK.resize(length + 24); + DK.resize(length + 24); + copy_mem(&EK[0], &XEK[0], EK.size()); + copy_mem(&DK[0], &XDK[0], DK.size()); } } diff --git a/src/block/lubyrack/lubyrack.cpp b/src/block/lubyrack/lubyrack.cpp index 731dceb0b..ef4a11e9d 100644 --- a/src/block/lubyrack/lubyrack.cpp +++ b/src/block/lubyrack/lubyrack.cpp @@ -89,8 +89,10 @@ void LubyRackoff::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void LubyRackoff::key_schedule(const byte key[], size_t length) { - K1.set(key, length / 2); - K2.set(key + length / 2, length / 2); + K1.resize(length / 2); + K2.resize(length / 2); + copy_mem(&K1[0], key , length / 2); + copy_mem(&K2[0], key + length / 2, length / 2); } /* diff --git a/src/block/serpent/serpent.h b/src/block/serpent/serpent.h index 33bd747cd..df3f039aa 100644 --- a/src/block/serpent/serpent.h +++ b/src/block/serpent/serpent.h @@ -39,7 +39,9 @@ class BOTAN_DLL Serpent : public Block_Cipher_Fixed_Params<16, 16, 32, 8> * @param ks is the new key schedule value to set */ void set_round_keys(const u32bit ks[132]) - { round_key.set(ks, 132); } + { + copy_mem(&round_key[0], ks, 132); + } private: void key_schedule(const byte key[], size_t length); diff --git a/src/cms/cms_enc.cpp b/src/cms/cms_enc.cpp index 1cc2064ac..cd739ef08 100644 --- a/src/cms/cms_enc.cpp +++ b/src/cms/cms_enc.cpp @@ -20,7 +20,8 @@ void CMS_Encoder::set_data(const byte buf[], size_t length) if(!data.empty()) throw Invalid_State("Cannot call CMS_Encoder::set_data here"); - data.set(buf, length); + data.resize(length); + copy_mem(&data[0], buf, length); type = "CMS.DataContent"; } diff --git a/src/filters/data_src.cpp b/src/filters/data_src.cpp index 9c9e19c23..da67baa98 100644 --- a/src/filters/data_src.cpp +++ b/src/filters/data_src.cpp @@ -77,27 +77,27 @@ bool DataSource_Memory::end_of_data() const /* * DataSource_Memory Constructor */ -DataSource_Memory::DataSource_Memory(const byte in[], size_t length) +DataSource_Memory::DataSource_Memory(const byte in[], size_t length) : + source(in, length) { - source.set(in, length); offset = 0; } /* * DataSource_Memory Constructor */ -DataSource_Memory::DataSource_Memory(const MemoryRegion<byte>& in) +DataSource_Memory::DataSource_Memory(const MemoryRegion<byte>& in) : + source(in) { - source = in; offset = 0; } /* * DataSource_Memory Constructor */ -DataSource_Memory::DataSource_Memory(const std::string& in) +DataSource_Memory::DataSource_Memory(const std::string& in) : + source(reinterpret_cast<const byte*>(in.data()), in.length()) { - source.set(reinterpret_cast<const byte*>(in.data()), in.length()); offset = 0; } diff --git a/src/filters/modes/cbc/cbc.cpp b/src/filters/modes/cbc/cbc.cpp index cb7f94fc7..b464d075f 100644 --- a/src/filters/modes/cbc/cbc.cpp +++ b/src/filters/modes/cbc/cbc.cpp @@ -177,7 +177,9 @@ void CBC_Decryption::buffered_block(const byte input[], size_t length) input + (i-1) * cipher->block_size(), cipher->block_size()); - state.set(input + (to_proc - 1) * cipher->block_size(), cipher->block_size()); + copy_mem(&state[0], + input + (to_proc - 1) * cipher->block_size(), + cipher->block_size()); send(temp, to_proc * cipher->block_size()); @@ -204,7 +206,7 @@ void CBC_Decryption::buffered_final(const byte input[], size_t length) xor_buf(temp, state, cipher->block_size()); send(temp, padder->unpad(temp, cipher->block_size())); - state.set(input, state.size()); + copy_mem(&state[0], input, state.size()); // save for IV chaining } /* diff --git a/src/filters/pk_filts/pk_filts.cpp b/src/filters/pk_filts/pk_filts.cpp index a0a8095d6..d843d711c 100644 --- a/src/filters/pk_filts/pk_filts.cpp +++ b/src/filters/pk_filts/pk_filts.cpp @@ -83,7 +83,8 @@ void PK_Verifier_Filter::end_msg() */ void PK_Verifier_Filter::set_signature(const byte sig[], size_t length) { - signature.set(sig, length); + signature.resize(length); + copy_mem(&signature[0], sig, length); } /* diff --git a/src/math/bigint/bigint.h b/src/math/bigint/bigint.h index 9a2513d1b..12a7f1701 100644 --- a/src/math/bigint/bigint.h +++ b/src/math/bigint/bigint.h @@ -325,6 +325,15 @@ class BOTAN_DLL BigInt const SecureVector<word>& get_reg() const { return reg; } /** + * Assign using a plain word array + */ + void assign(const word x[], size_t length) + { + reg.resize(length); + copy_mem(®[0], x, length); + } + + /** * Increase internal register buffer by n words * @param n increase by n words */ diff --git a/src/math/numbertheory/powm_mnt.cpp b/src/math/numbertheory/powm_mnt.cpp index 4f626ac9d..421470364 100644 --- a/src/math/numbertheory/powm_mnt.cpp +++ b/src/math/numbertheory/powm_mnt.cpp @@ -41,7 +41,7 @@ void Montgomery_Exponentiator::set_base(const BigInt& base) &workspace[0], modulus.data(), mod_words, mod_prime); - g[0].get_reg().set(&z[0], mod_words + 1); + g[0].assign(&z[0], mod_words + 1); const BigInt& x = g[0]; const size_t x_sig = x.sig_words(); @@ -60,7 +60,7 @@ void Montgomery_Exponentiator::set_base(const BigInt& base) &workspace[0], modulus.data(), mod_words, mod_prime); - g[i].get_reg().set(&z[0], mod_words + 1); + g[i].assign(&z[0], mod_words + 1); } } @@ -87,7 +87,7 @@ BigInt Montgomery_Exponentiator::execute() const &workspace[0], modulus.data(), mod_words, mod_prime); - x.get_reg().set(&z[0], mod_words + 1); + x.assign(&z[0], mod_words + 1); } if(u32bit nibble = exp.get_substring(window_bits*(i-1), window_bits)) @@ -103,7 +103,7 @@ BigInt Montgomery_Exponentiator::execute() const &workspace[0], modulus.data(), mod_words, mod_prime); - x.get_reg().set(&z[0], mod_words + 1); + x.assign(&z[0], mod_words + 1); } } diff --git a/src/pbe/pbes1/pbes1.cpp b/src/pbe/pbes1/pbes1.cpp index 994b02d0a..ec5ebb253 100644 --- a/src/pbe/pbes1/pbes1.cpp +++ b/src/pbe/pbes1/pbes1.cpp @@ -80,12 +80,14 @@ void PBE_PKCS5v15::set_key(const std::string& passphrase) { PKCS5_PBKDF1 pbkdf(hash_function->clone()); - SymmetricKey key_and_iv = pbkdf.derive_key(16, passphrase, - &salt[0], salt.size(), - iterations); - - key.set(key_and_iv.begin(), 8); - iv.set(key_and_iv.begin() + 8, 8); + SecureVector<byte> key_and_iv = pbkdf.derive_key(16, passphrase, + &salt[0], salt.size(), + iterations).bits_of(); + + key.resize(8); + iv.resize(8); + copy_mem(&key[0], &key_and_iv[0], 8); + copy_mem(&iv[0], &key_and_iv[8], 8); } /* diff --git a/src/pk_pad/hash_id/hash_id.cpp b/src/pk_pad/hash_id/hash_id.cpp index 173f02a6d..74653cb83 100644 --- a/src/pk_pad/hash_id/hash_id.cpp +++ b/src/pk_pad/hash_id/hash_id.cpp @@ -59,35 +59,30 @@ const byte TIGER_PKCS_ID[] = { */ MemoryVector<byte> pkcs_hash_id(const std::string& name) { - MemoryVector<byte> out; - // Special case for SSL/TLS RSA signatures if(name == "Parallel(MD5,SHA-160)") - return out; + return MemoryVector<byte>(); if(name == "MD2") - out.set(MD2_PKCS_ID, sizeof(MD2_PKCS_ID)); - else if(name == "MD5") - out.set(MD5_PKCS_ID, sizeof(MD5_PKCS_ID)); - else if(name == "RIPEMD-128") - out.set(RIPEMD_128_PKCS_ID, sizeof(RIPEMD_128_PKCS_ID)); - else if(name == "RIPEMD-160") - out.set(RIPEMD_160_PKCS_ID, sizeof(RIPEMD_160_PKCS_ID)); - else if(name == "SHA-160") - out.set(SHA_160_PKCS_ID, sizeof(SHA_160_PKCS_ID)); - else if(name == "SHA-224") - out.set(SHA_224_PKCS_ID, sizeof(SHA_224_PKCS_ID)); - else if(name == "SHA-256") - out.set(SHA_256_PKCS_ID, sizeof(SHA_256_PKCS_ID)); - else if(name == "SHA-384") - out.set(SHA_384_PKCS_ID, sizeof(SHA_384_PKCS_ID)); - else if(name == "SHA-512") - out.set(SHA_512_PKCS_ID, sizeof(SHA_512_PKCS_ID)); - else if(name == "Tiger(24,3)") - out.set(TIGER_PKCS_ID, sizeof(TIGER_PKCS_ID)); - - if(out.size()) - return out; + return MemoryVector<byte>(MD2_PKCS_ID, sizeof(MD2_PKCS_ID)); + if(name == "MD5") + return MemoryVector<byte>(MD5_PKCS_ID, sizeof(MD5_PKCS_ID)); + if(name == "RIPEMD-128") + return MemoryVector<byte>(RIPEMD_128_PKCS_ID, sizeof(RIPEMD_128_PKCS_ID)); + if(name == "RIPEMD-160") + return MemoryVector<byte>(RIPEMD_160_PKCS_ID, sizeof(RIPEMD_160_PKCS_ID)); + if(name == "SHA-160") + return MemoryVector<byte>(SHA_160_PKCS_ID, sizeof(SHA_160_PKCS_ID)); + if(name == "SHA-224") + return MemoryVector<byte>(SHA_224_PKCS_ID, sizeof(SHA_224_PKCS_ID)); + if(name == "SHA-256") + return MemoryVector<byte>(SHA_256_PKCS_ID, sizeof(SHA_256_PKCS_ID)); + if(name == "SHA-384") + return MemoryVector<byte>(SHA_384_PKCS_ID, sizeof(SHA_384_PKCS_ID)); + if(name == "SHA-512") + return MemoryVector<byte>(SHA_512_PKCS_ID, sizeof(SHA_512_PKCS_ID)); + if(name == "Tiger(24,3)") + return MemoryVector<byte>(TIGER_PKCS_ID, sizeof(TIGER_PKCS_ID)); throw Invalid_Argument("No PKCS #1 identifier for " + name); } diff --git a/src/pubkey/pubkey.cpp b/src/pubkey/pubkey.cpp index a5ec60df3..6e63f9fc9 100644 --- a/src/pubkey/pubkey.cpp +++ b/src/pubkey/pubkey.cpp @@ -45,20 +45,27 @@ PK_Encryptor_EME::PK_Encryptor_EME(const Public_Key& key, * Encrypt a message */ SecureVector<byte> -PK_Encryptor_EME::enc(const byte msg[], +PK_Encryptor_EME::enc(const byte in[], size_t length, RandomNumberGenerator& rng) const { - SecureVector<byte> message; if(eme) - message = eme->encode(msg, length, op->max_input_bits(), rng); - else - message.set(msg, length); + { + SecureVector<byte> encoded = + eme->encode(in, length, op->max_input_bits(), rng); + + if(8*(encoded.size() - 1) + high_bit(encoded[0]) > op->max_input_bits()) + throw Invalid_Argument("PK_Encryptor_EME: Input is too large"); - if(8*(message.size() - 1) + high_bit(message[0]) > op->max_input_bits()) - throw Invalid_Argument("PK_Encryptor_EME: Input is too large"); + return op->encrypt(&encoded[0], encoded.size(), rng); + } + else + { + if(8*(length - 1) + high_bit(in[0]) > op->max_input_bits()) + throw Invalid_Argument("PK_Encryptor_EME: Input is too large"); - return op->encrypt(&message[0], message.size(), rng); + return op->encrypt(&in[0], length, rng); + } } /* diff --git a/src/ssl/hello.cpp b/src/ssl/hello.cpp index 1efef9213..bec316bb1 100644 --- a/src/ssl/hello.cpp +++ b/src/ssl/hello.cpp @@ -125,7 +125,8 @@ void Client_Hello::deserialize_sslv2(const MemoryRegion<byte>& buf) c_version = static_cast<Version_Code>(make_u16bit(buf[1], buf[2])); - c_random.set(&buf[9+cipher_spec_len+sess_id_len], challenge_len); + c_random.resize(challenge_len); + copy_mem(&c_random[0], &buf[9+cipher_spec_len+sess_id_len], challenge_len); } /* diff --git a/src/ssl/s_kex.cpp b/src/ssl/s_kex.cpp index 757738859..1e7de31d0 100644 --- a/src/ssl/s_kex.cpp +++ b/src/ssl/s_kex.cpp @@ -111,7 +111,8 @@ void Server_Key_Exchange::deserialize(const MemoryRegion<byte>& buf) if(len + so_far > buf.size()) throw Decoding_Error("Server_Key_Exchange: Packet corrupted"); - values[i].set(&buf[so_far], len); + values[i].resize(len); + copy_mem(&values[i][0], &buf[so_far], len); so_far += len; if(i == 2 && so_far == buf.size()) diff --git a/src/sym_algo/symkey.cpp b/src/sym_algo/symkey.cpp index e8b9ddd21..56648d9c5 100644 --- a/src/sym_algo/symkey.cpp +++ b/src/sym_algo/symkey.cpp @@ -28,11 +28,8 @@ OctetString::OctetString(RandomNumberGenerator& rng, */ void OctetString::change(const std::string& hex_string) { - SecureVector<byte> decoded(1 + hex_string.length() / 2); - - size_t written = hex_decode(&decoded[0], hex_string); - - bits.set(&decoded[0], written); + bits.resize(1 + hex_string.length() / 2); + bits.resize(hex_decode(&bits[0], hex_string)); } /* |