diff options
| author | lloyd <[email protected]> | 2012-06-07 23:58:28 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2012-06-07 23:58:28 +0000 |
| commit | 1ca43e0c8caba8b2517122b46e83bf4ca5d79005 (patch) | |
| tree | a1365d38c763cfd66844f7ad29f1f19ce05d15cd | |
| parent | 8a7eb1f73c503b289a6f4bc56f5ebef806c9d4e6 (diff) | |
Update cms, cvc, zlib, bzip2, openssl, and gnump modules for the new
allocator interface. The compression filters now just use malloc/free
with a memset.
Add a new info.txt field <warning>, like comment but warns. Use for
CMS which is pretty broken (doesn't even compile anymore), and for TLS.
30 files changed, 209 insertions, 179 deletions
diff --git a/configure.py b/configure.py index 31b55756d..32c8bfab5 100755 --- a/configure.py +++ b/configure.py @@ -536,7 +536,7 @@ class ModuleInfo(object): lex_me_harder(infofile, self, ['source', 'header:internal', 'header:public', 'requires', 'os', 'arch', 'cc', 'libs', - 'comment'], + 'comment', 'warning'], { 'load_on': 'auto', 'define': [], @@ -593,6 +593,11 @@ class ModuleInfo(object): else: self.comment = None + if self.warning != []: + self.warning = ' '.join(self.warning) + else: + self.warning = None + def sources(self): return self.source @@ -1292,8 +1297,12 @@ def choose_modules_to_use(modules, archinfo, options): logging.info('Using MP module ' + mod) if mod.startswith('simd_') and mod != 'simd_engine': logging.info('Using SIMD module ' + mod) + + for mod in sorted(to_load): if modules[mod].comment: logging.info('%s: %s' % (mod, modules[mod].comment)) + if modules[mod].warning: + logging.warning('%s: %s' % (mod, modules[mod].warning)) logging.debug('Loading modules %s', ' '.join(sorted(to_load))) diff --git a/src/cert/cvc/asn1_eac_tm.cpp b/src/cert/cvc/asn1_eac_tm.cpp index a3a4d043d..e40f555b3 100644 --- a/src/cert/cvc/asn1_eac_tm.cpp +++ b/src/cert/cvc/asn1_eac_tm.cpp @@ -18,9 +18,9 @@ namespace Botan { namespace { -secure_vector<byte> enc_two_digit(u32bit in) +std::vector<byte> enc_two_digit(u32bit in) { - secure_vector<byte> result; + std::vector<byte> result; in %= 100; if(in < 10) result.push_back(0x00); @@ -281,9 +281,9 @@ void EAC_Time::decode_from(BER_Decoder& source) /* * make the value an octet string for encoding */ -secure_vector<byte> EAC_Time::encoded_eac_time() const +std::vector<byte> EAC_Time::encoded_eac_time() const { - secure_vector<byte> result; + std::vector<byte> result; result += enc_two_digit(year); result += enc_two_digit(month); result += enc_two_digit(day); diff --git a/src/cert/cvc/cvc_ado.cpp b/src/cert/cvc/cvc_ado.cpp index f224d15b9..54bc9facd 100644 --- a/src/cert/cvc/cvc_ado.cpp +++ b/src/cert/cvc/cvc_ado.cpp @@ -26,7 +26,7 @@ EAC1_1_ADO::EAC1_1_ADO(const std::string& in) void EAC1_1_ADO::force_decode() { - secure_vector<byte> inner_cert; + std::vector<byte> inner_cert; BER_Decoder(tbs_bits) .start_cons(ASN1_Tag(33)) .raw_bytes(inner_cert) @@ -34,11 +34,11 @@ void EAC1_1_ADO::force_decode() .decode(m_car) .verify_end(); - secure_vector<byte> req_bits = DER_Encoder() + std::vector<byte> req_bits = DER_Encoder() .start_cons(ASN1_Tag(33), APPLICATION) .raw_bytes(inner_cert) .end_cons() - .get_contents(); + .get_contents_unlocked(); DataSource_Memory req_source(req_bits); m_req = EAC1_1_Req(req_source); @@ -46,17 +46,17 @@ void EAC1_1_ADO::force_decode() } std::vector<byte> EAC1_1_ADO::make_signed(PK_Signer& signer, - const secure_vector<byte>& tbs_bits, + const std::vector<byte>& tbs_bits, RandomNumberGenerator& rng) { - secure_vector<byte> concat_sig = signer.sign_message(tbs_bits, rng); + const std::vector<byte> concat_sig = signer.sign_message(tbs_bits, rng); return DER_Encoder() .start_cons(ASN1_Tag(7), APPLICATION) .raw_bytes(tbs_bits) .encode(concat_sig, OCTET_STRING, ASN1_Tag(55), APPLICATION) .end_cons() - .get_contents(); + .get_contents_unlocked(); } ASN1_Car EAC1_1_ADO::get_car() const @@ -65,11 +65,11 @@ ASN1_Car EAC1_1_ADO::get_car() const } void EAC1_1_ADO::decode_info(DataSource& source, - secure_vector<byte> & res_tbs_bits, + std::vector<byte> & res_tbs_bits, ECDSA_Signature & res_sig) { - secure_vector<byte> concat_sig; - secure_vector<byte> cert_inner_bits; + std::vector<byte> concat_sig; + std::vector<byte> cert_inner_bits; ASN1_Car car; BER_Decoder(source) @@ -81,11 +81,11 @@ void EAC1_1_ADO::decode_info(DataSource& source, .decode(concat_sig, OCTET_STRING, ASN1_Tag(55), APPLICATION) .end_cons(); - secure_vector<byte> enc_cert = DER_Encoder() + std::vector<byte> enc_cert = DER_Encoder() .start_cons(ASN1_Tag(33), APPLICATION) .raw_bytes(cert_inner_bits) .end_cons() - .get_contents(); + .get_contents_unlocked(); res_tbs_bits = enc_cert; res_tbs_bits += DER_Encoder().encode(car).get_contents(); @@ -97,8 +97,7 @@ void EAC1_1_ADO::encode(Pipe& out, X509_Encoding encoding) const if(encoding == PEM) throw Invalid_Argument("EAC1_1_ADO::encode() cannot PEM encode an EAC object"); - secure_vector<byte> concat_sig( - EAC1_1_obj<EAC1_1_ADO>::m_sig.get_concatenation()); + auto concat_sig = EAC1_1_obj<EAC1_1_ADO>::m_sig.get_concatenation(); out.write(DER_Encoder() .start_cons(ASN1_Tag(7), APPLICATION) @@ -108,7 +107,7 @@ void EAC1_1_ADO::encode(Pipe& out, X509_Encoding encoding) const .get_contents()); } -secure_vector<byte> EAC1_1_ADO::tbs_data() const +std::vector<byte> EAC1_1_ADO::tbs_data() const { return tbs_bits; } diff --git a/src/cert/cvc/cvc_ado.h b/src/cert/cvc/cvc_ado.h index 81b89ea00..6f5b1d527 100644 --- a/src/cert/cvc/cvc_ado.h +++ b/src/cert/cvc/cvc_ado.h @@ -45,7 +45,7 @@ class BOTAN_DLL EAC1_1_ADO : public EAC1_1_obj<EAC1_1_ADO> */ static std::vector<byte> make_signed( PK_Signer& signer, - const secure_vector<byte>& tbs_bits, + const std::vector<byte>& tbs_bits, RandomNumberGenerator& rng); /** @@ -73,7 +73,7 @@ class BOTAN_DLL EAC1_1_ADO : public EAC1_1_obj<EAC1_1_ADO> * Get the TBS data of this CVC ADO request. * @result the TBS data */ - secure_vector<byte> tbs_data() const; + std::vector<byte> tbs_data() const; virtual ~EAC1_1_ADO() {} private: @@ -82,7 +82,7 @@ class BOTAN_DLL EAC1_1_ADO : public EAC1_1_obj<EAC1_1_ADO> void force_decode(); static void decode_info(DataSource& source, - secure_vector<byte> & res_tbs_bits, + std::vector<byte> & res_tbs_bits, ECDSA_Signature & res_sig); }; diff --git a/src/cert/cvc/cvc_cert.cpp b/src/cert/cvc/cvc_cert.cpp index 12558bb80..3ab78b7d4 100644 --- a/src/cert/cvc/cvc_cert.cpp +++ b/src/cert/cvc/cvc_cert.cpp @@ -33,8 +33,8 @@ u32bit EAC1_1_CVC::get_chat_value() const */ void EAC1_1_CVC::force_decode() { - secure_vector<byte> enc_pk; - secure_vector<byte> enc_chat_val; + std::vector<byte> enc_pk; + std::vector<byte> enc_chat_val; size_t cpi; BER_Decoder tbs_cert(tbs_bits); tbs_cert.decode(cpi, ASN1_Tag(41), APPLICATION) @@ -88,7 +88,7 @@ bool EAC1_1_CVC::operator==(EAC1_1_CVC const& rhs) const && get_concat_sig() == rhs.get_concat_sig()); } -ECDSA_PublicKey* decode_eac1_1_key(const secure_vector<byte>&, +ECDSA_PublicKey* decode_eac1_1_key(const std::vector<byte>&, AlgorithmIdentifier&) { throw Internal_Error("decode_eac1_1_key: Unimplemented"); @@ -96,7 +96,7 @@ ECDSA_PublicKey* decode_eac1_1_key(const secure_vector<byte>&, } EAC1_1_CVC make_cvc_cert(PK_Signer& signer, - secure_vector<byte> const& public_key, + const std::vector<byte>& public_key, ASN1_Car const& car, ASN1_Chr const& chr, byte holder_auth_templ, @@ -121,7 +121,7 @@ EAC1_1_CVC make_cvc_cert(PK_Signer& signer, .end_cons() .encode(ced) .encode(cex) - .get_contents(); + .get_contents_unlocked(); std::vector<byte> signed_cert = EAC1_1_CVC::make_signed(signer, diff --git a/src/cert/cvc/cvc_cert.h b/src/cert/cvc/cvc_cert.h index 20370e64b..7c084379f 100644 --- a/src/cert/cvc/cvc_cert.h +++ b/src/cert/cvc/cvc_cert.h @@ -96,7 +96,7 @@ inline bool operator!=(EAC1_1_CVC const& lhs, EAC1_1_CVC const& rhs) * @param rng a random number generator */ EAC1_1_CVC BOTAN_DLL make_cvc_cert(PK_Signer& signer, - const secure_vector<byte>& public_key, + const std::vector<byte>& public_key, ASN1_Car const& car, ASN1_Chr const& chr, byte holder_auth_templ, @@ -107,7 +107,7 @@ EAC1_1_CVC BOTAN_DLL make_cvc_cert(PK_Signer& signer, /** * Decode an EAC encoding ECDSA key */ -BOTAN_DLL ECDSA_PublicKey* decode_eac1_1_key(const secure_vector<byte>& enc_key, +BOTAN_DLL ECDSA_PublicKey* decode_eac1_1_key(const std::vector<byte>& enc_key, AlgorithmIdentifier& sig_algo); } diff --git a/src/cert/cvc/cvc_gen_cert.h b/src/cert/cvc/cvc_gen_cert.h index a272e316f..7fa4eba29 100644 --- a/src/cert/cvc/cvc_gen_cert.h +++ b/src/cert/cvc/cvc_gen_cert.h @@ -56,14 +56,14 @@ class EAC1_1_gen_CVC : public EAC1_1_obj<Derived> // CRTP continuation from EAC1 * Get the to-be-signed (TBS) data of this object. * @result the TBS data of this object */ - secure_vector<byte> tbs_data() const; + std::vector<byte> tbs_data() const; /** * Build the DER encoded certifcate body of an object * @param tbs the data to be signed * @result the correctly encoded body of the object */ - static secure_vector<byte> build_cert_body(secure_vector<byte> const& tbs); + static std::vector<byte> build_cert_body(const std::vector<byte>& tbs); /** * Create a signed generalized CVC object. @@ -74,7 +74,7 @@ class EAC1_1_gen_CVC : public EAC1_1_obj<Derived> // CRTP continuation from EAC1 */ static std::vector<byte> make_signed( PK_Signer& signer, - const secure_vector<byte>& tbs_bits, + const std::vector<byte>& tbs_bits, RandomNumberGenerator& rng); EAC1_1_gen_CVC() { m_pk = 0; } @@ -88,7 +88,7 @@ class EAC1_1_gen_CVC : public EAC1_1_obj<Derived> // CRTP continuation from EAC1 bool self_signed; static void decode_info(DataSource& source, - secure_vector<byte> & res_tbs_bits, + std::vector<byte> & res_tbs_bits, ECDSA_Signature & res_sig); }; @@ -106,17 +106,17 @@ template<typename Derived> bool EAC1_1_gen_CVC<Derived>::is_self_signed() const template<typename Derived> std::vector<byte> EAC1_1_gen_CVC<Derived>::make_signed( PK_Signer& signer, - const secure_vector<byte>& tbs_bits, + const std::vector<byte>& tbs_bits, RandomNumberGenerator& rng) // static { - secure_vector<byte> concat_sig = signer.sign_message(tbs_bits, rng); + const auto concat_sig = signer.sign_message(tbs_bits, rng); return DER_Encoder() .start_cons(ASN1_Tag(33), APPLICATION) .raw_bytes(tbs_bits) .encode(concat_sig, OCTET_STRING, ASN1_Tag(55), APPLICATION) .end_cons() - .get_contents(); + .get_contents_unlocked(); } template<typename Derived> @@ -125,30 +125,30 @@ Public_Key* EAC1_1_gen_CVC<Derived>::subject_public_key() const return new ECDSA_PublicKey(*m_pk); } -template<typename Derived> secure_vector<byte> EAC1_1_gen_CVC<Derived>::build_cert_body(secure_vector<byte> const& tbs) +template<typename Derived> std::vector<byte> EAC1_1_gen_CVC<Derived>::build_cert_body(const std::vector<byte>& tbs) { return DER_Encoder() .start_cons(ASN1_Tag(78), APPLICATION) .raw_bytes(tbs) - .end_cons().get_contents(); + .end_cons().get_contents_unlocked(); } -template<typename Derived> secure_vector<byte> EAC1_1_gen_CVC<Derived>::tbs_data() const +template<typename Derived> std::vector<byte> EAC1_1_gen_CVC<Derived>::tbs_data() const { return build_cert_body(EAC1_1_obj<Derived>::tbs_bits); } template<typename Derived> void EAC1_1_gen_CVC<Derived>::encode(Pipe& out, X509_Encoding encoding) const { - secure_vector<byte> concat_sig(EAC1_1_obj<Derived>::m_sig.get_concatenation()); - secure_vector<byte> der = DER_Encoder() + std::vector<byte> concat_sig(EAC1_1_obj<Derived>::m_sig.get_concatenation()); + std::vector<byte> der = DER_Encoder() .start_cons(ASN1_Tag(33), APPLICATION) .start_cons(ASN1_Tag(78), APPLICATION) .raw_bytes(EAC1_1_obj<Derived>::tbs_bits) .end_cons() .encode(concat_sig, OCTET_STRING, ASN1_Tag(55), APPLICATION) .end_cons() - .get_contents(); + .get_contents_unlocked(); if (encoding == PEM) throw Invalid_Argument("EAC1_1_gen_CVC::encode() cannot PEM encode an EAC object"); @@ -159,10 +159,10 @@ template<typename Derived> void EAC1_1_gen_CVC<Derived>::encode(Pipe& out, X509_ template<typename Derived> void EAC1_1_gen_CVC<Derived>::decode_info( DataSource& source, - secure_vector<byte> & res_tbs_bits, + std::vector<byte> & res_tbs_bits, ECDSA_Signature & res_sig) { - secure_vector<byte> concat_sig; + std::vector<byte> concat_sig; BER_Decoder(source) .start_cons(ASN1_Tag(33)) .start_cons(ASN1_Tag(78)) diff --git a/src/cert/cvc/cvc_req.cpp b/src/cert/cvc/cvc_req.cpp index bd7dee3fa..6c013f755 100644 --- a/src/cert/cvc/cvc_req.cpp +++ b/src/cert/cvc/cvc_req.cpp @@ -19,7 +19,7 @@ bool EAC1_1_Req::operator==(EAC1_1_Req const& rhs) const void EAC1_1_Req::force_decode() { - secure_vector<byte> enc_pk; + std::vector<byte> enc_pk; BER_Decoder tbs_cert(tbs_bits); size_t cpi; tbs_cert.decode(cpi, ASN1_Tag(41), APPLICATION) diff --git a/src/cert/cvc/cvc_self.cpp b/src/cert/cvc/cvc_self.cpp index e692bc9b8..46e4960e1 100644 --- a/src/cert/cvc/cvc_self.cpp +++ b/src/cert/cvc/cvc_self.cpp @@ -68,7 +68,7 @@ std::vector<byte> eac_1_1_encoding(const EC_PublicKey* key, enc.end_cons(); - return enc.get_contents(); + return enc.get_contents_unlocked(); } std::string padding_and_hash_from_oid(OID const& oid) @@ -141,7 +141,7 @@ EAC1_1_Req create_cvc_req(Private_Key const& key, .encode(enc_cpi, OCTET_STRING, ASN1_Tag(41), APPLICATION) .raw_bytes(enc_public_key) .encode(chr) - .get_contents(); + .get_contents_unlocked(); std::vector<byte> signed_cert = EAC1_1_gen_CVC<EAC1_1_Req>::make_signed(signer, @@ -166,7 +166,7 @@ EAC1_1_ADO create_ado_req(Private_Key const& key, std::string padding_and_hash = padding_and_hash_from_oid(req.signature_algorithm().oid); PK_Signer signer(*priv_key, padding_and_hash); - secure_vector<byte> tbs_bits = req.BER_encode(); + std::vector<byte> tbs_bits = req.BER_encode(); tbs_bits += DER_Encoder().encode(car).get_contents(); std::vector<byte> signed_cert = diff --git a/src/cert/cvc/eac_asn_obj.h b/src/cert/cvc/eac_asn_obj.h index 9937abb01..ab8536e45 100644 --- a/src/cert/cvc/eac_asn_obj.h +++ b/src/cert/cvc/eac_asn_obj.h @@ -98,7 +98,7 @@ class BOTAN_DLL EAC_Time : public ASN1_Object virtual ~EAC_Time() {} private: - secure_vector<byte> encoded_eac_time() const; + std::vector<byte> encoded_eac_time() const; bool passes_sanity_check() const; u32bit year, month, day; ASN1_Tag tag; diff --git a/src/cert/cvc/eac_obj.h b/src/cert/cvc/eac_obj.h index 39f34b874..42274446c 100644 --- a/src/cert/cvc/eac_obj.h +++ b/src/cert/cvc/eac_obj.h @@ -24,7 +24,7 @@ class EAC1_1_obj : public EAC_Signed_Object * Return the signature as a concatenation of the encoded parts. * @result the concatenated signature */ - secure_vector<byte> get_concat_sig() const + std::vector<byte> get_concat_sig() const { return m_sig.get_concatenation(); } bool check_signature(class Public_Key& key) const diff --git a/src/cert/cvc/ecdsa_sig.cpp b/src/cert/cvc/ecdsa_sig.cpp index 91166ad79..690244d50 100644 --- a/src/cert/cvc/ecdsa_sig.cpp +++ b/src/cert/cvc/ecdsa_sig.cpp @@ -10,7 +10,7 @@ namespace Botan { -ECDSA_Signature::ECDSA_Signature(const secure_vector<byte>& ber) +ECDSA_Signature::ECDSA_Signature(const std::vector<byte>& ber) { BER_Decoder(ber) .start_cons(SEQUENCE) @@ -27,7 +27,7 @@ std::vector<byte> ECDSA_Signature::DER_encode() const .encode(get_r()) .encode(get_s()) .end_cons() - .get_contents(); + .get_contents_unlocked(); } std::vector<byte> ECDSA_Signature::get_concatenation() const @@ -35,15 +35,15 @@ std::vector<byte> ECDSA_Signature::get_concatenation() const // use the larger const size_t enc_len = m_r > m_s ? m_r.bytes() : m_s.bytes(); - secure_vector<byte> sv_r = BigInt::encode_1363(m_r, enc_len); - secure_vector<byte> sv_s = BigInt::encode_1363(m_s, enc_len); + const auto sv_r = BigInt::encode_1363(m_r, enc_len); + const auto sv_s = BigInt::encode_1363(m_s, enc_len); secure_vector<byte> result(sv_r); result += sv_s; - return result; + return unlock(result); } -ECDSA_Signature decode_concatenation(const secure_vector<byte>& concat) +ECDSA_Signature decode_concatenation(const std::vector<byte>& concat) { if(concat.size() % 2 != 0) throw Invalid_Argument("Erroneous length of signature"); diff --git a/src/cert/cvc/ecdsa_sig.h b/src/cert/cvc/ecdsa_sig.h index a92d5078c..1c3b506cb 100644 --- a/src/cert/cvc/ecdsa_sig.h +++ b/src/cert/cvc/ecdsa_sig.h @@ -27,7 +27,7 @@ class BOTAN_DLL ECDSA_Signature ECDSA_Signature(const BigInt& r, const BigInt& s) : m_r(r), m_s(s) {} - ECDSA_Signature(const secure_vector<byte>& ber); + ECDSA_Signature(const std::vector<byte>& ber); const BigInt& get_r() const { return m_r; } const BigInt& get_s() const { return m_s; } @@ -54,7 +54,7 @@ inline bool operator!=(const ECDSA_Signature& lhs, const ECDSA_Signature& rhs) return !(lhs == rhs); } -ECDSA_Signature decode_concatenation(const secure_vector<byte>& concatenation); +ECDSA_Signature decode_concatenation(const std::vector<byte>& concatenation); } diff --git a/src/cert/cvc/signed_obj.cpp b/src/cert/cvc/signed_obj.cpp index 4f04cd72e..20226fbe7 100644 --- a/src/cert/cvc/signed_obj.cpp +++ b/src/cert/cvc/signed_obj.cpp @@ -16,13 +16,13 @@ namespace Botan { /* * Return a BER encoded X.509 object */ -secure_vector<byte> EAC_Signed_Object::BER_encode() const +std::vector<byte> EAC_Signed_Object::BER_encode() const { Pipe ber; ber.start_msg(); encode(ber, RAW_BER); ber.end_msg(); - return ber.read_all(); + return unlock(ber.read_all()); } /* @@ -46,7 +46,7 @@ AlgorithmIdentifier EAC_Signed_Object::signature_algorithm() const } bool EAC_Signed_Object::check_signature(Public_Key& pub_key, - const secure_vector<byte>& sig) const + const std::vector<byte>& sig) const { try { @@ -62,7 +62,7 @@ bool EAC_Signed_Object::check_signature(Public_Key& pub_key, Signature_Format format = (pub_key.message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363; - secure_vector<byte> to_sign = tbs_data(); + std::vector<byte> to_sign = tbs_data(); PK_Verifier verifier(pub_key, padding, format); return verifier.verify_message(to_sign, sig); diff --git a/src/cert/cvc/signed_obj.h b/src/cert/cvc/signed_obj.h index 45bd2858e..ce2bd4dd7 100644 --- a/src/cert/cvc/signed_obj.h +++ b/src/cert/cvc/signed_obj.h @@ -11,6 +11,7 @@ #include <botan/asn1_obj.h> #include <botan/key_constraint.h> +#include <botan/x509_key.h> #include <botan/pipe.h> #include <vector> @@ -26,7 +27,7 @@ class BOTAN_DLL EAC_Signed_Object * Get the TBS (to-be-signed) data in this object. * @return DER encoded TBS data of this object */ - virtual secure_vector<byte> tbs_data() const = 0; + virtual std::vector<byte> tbs_data() const = 0; /** * Get the signature of this object as a concatenation, i.e. if the @@ -39,7 +40,7 @@ class BOTAN_DLL EAC_Signed_Object NOTE: this is here only because abstract signature objects have not yet been introduced */ - virtual secure_vector<byte> get_concat_sig() const = 0; + virtual std::vector<byte> get_concat_sig() const = 0; /** * Get the signature algorithm identifier used to sign this object. @@ -55,7 +56,7 @@ class BOTAN_DLL EAC_Signed_Object * associated with this public key */ bool check_signature(class Public_Key& key, - const secure_vector<byte>& sig) const; + const std::vector<byte>& sig) const; /** * Write this object DER encoded into a specified pipe. @@ -69,7 +70,7 @@ class BOTAN_DLL EAC_Signed_Object * BER encode this object. * @return result containing the BER representation of this object. */ - secure_vector<byte> BER_encode() const; + std::vector<byte> BER_encode() const; /** * PEM encode this object. @@ -83,7 +84,7 @@ class BOTAN_DLL EAC_Signed_Object EAC_Signed_Object() {} AlgorithmIdentifier sig_algo; - secure_vector<byte> tbs_bits; + std::vector<byte> tbs_bits; std::string PEM_label_pref; std::vector<std::string> PEM_labels_allowed; private: diff --git a/src/cms/cms_dec.h b/src/cms/cms_dec.h index 8c2057c2a..96a5d7c8e 100644 --- a/src/cms/cms_dec.h +++ b/src/cms/cms_dec.h @@ -9,7 +9,7 @@ #define BOTAN_CMS_DECODER_H__ #include <botan/x509cert.h> -#include <botan/x509stor.h> +#include <botan/x509_crl.h> #include <botan/pkcs8.h> #include <botan/ber_dec.h> diff --git a/src/cms/cms_enc.h b/src/cms/cms_enc.h index c86dbe58e..fc501c691 100644 --- a/src/cms/cms_enc.h +++ b/src/cms/cms_enc.h @@ -9,7 +9,6 @@ #define BOTAN_CMS_ENCODER_H__ #include <botan/x509cert.h> -#include <botan/x509stor.h> #include <botan/pkcs8.h> #include <botan/symkey.h> diff --git a/src/cms/info.txt b/src/cms/info.txt index 0e74caa49..4d50d7112 100644 --- a/src/cms/info.txt +++ b/src/cms/info.txt @@ -2,6 +2,10 @@ define CMS load_on never +<warning> +Currently broken, needs much love and updating before useful +</warning> + <requires> asn1 bigint diff --git a/src/engine/gnump/gmp_mem.cpp b/src/engine/gnump/gmp_mem.cpp index 7cf11654d..b5a5a303e 100644 --- a/src/engine/gnump/gmp_mem.cpp +++ b/src/engine/gnump/gmp_mem.cpp @@ -7,6 +7,7 @@ #include <botan/internal/gnump_engine.h> #include <cstring> +#include <atomic> #include <gmp.h> namespace Botan { @@ -14,36 +15,44 @@ namespace Botan { namespace { /* -* Allocator used by GNU MP +* For keeping track of existing GMP_Engines and only +* resetting the memory when none are in use. */ -Allocator* gmp_alloc = 0; -size_t gmp_alloc_refcnt = 0; +std::atomic<size_t> gmp_alloc_refcnt(0); /* * Allocation Function for GNU MP */ void* gmp_malloc(size_t n) { - return gmp_alloc->allocate(n); + // Maintain alignment, mlock goes for sizeof(T) alignment + if(n % 8 == 0) + return secure_allocator<u64bit>().allocate(n / 8); + else if(n % 4 == 0) + return secure_allocator<u32bit>().allocate(n / 4); + else if(n % 2 == 0) + return secure_allocator<u16bit>().allocate(n / 2); + + return secure_allocator<byte>().allocate(n); } /* -* Reallocation Function for GNU MP +* Deallocation Function for GNU MP */ -void* gmp_realloc(void* ptr, size_t old_n, size_t new_n) +void gmp_free(void* ptr, size_t n) { - void* new_buf = gmp_alloc->allocate(new_n); - std::memcpy(new_buf, ptr, std::min(old_n, new_n)); - gmp_alloc->deallocate(ptr, old_n); - return new_buf; + secure_allocator<byte>().deallocate(static_cast<byte*>(ptr), n); } /* -* Deallocation Function for GNU MP +* Reallocation Function for GNU MP */ -void gmp_free(void* ptr, size_t n) +void* gmp_realloc(void* ptr, size_t old_n, size_t new_n) { - gmp_alloc->deallocate(ptr, n); + void* new_buf = gmp_malloc(new_n); + std::memcpy(new_buf, ptr, std::min(old_n, new_n)); + gmp_free(ptr, old_n); + return new_buf; } } @@ -53,24 +62,22 @@ void gmp_free(void* ptr, size_t n) */ GMP_Engine::GMP_Engine() { - if(gmp_alloc == 0) - { - gmp_alloc = Allocator::get(true); + /* + if(gmp_alloc_refcnt == 0) mp_set_memory_functions(gmp_malloc, gmp_realloc, gmp_free); - } - ++gmp_alloc_refcnt; + gmp_alloc_refcnt++; + */ } GMP_Engine::~GMP_Engine() { + /* --gmp_alloc_refcnt; if(gmp_alloc_refcnt == 0) - { mp_set_memory_functions(NULL, NULL, NULL); - gmp_alloc = 0; - } + */ } } diff --git a/src/engine/gnump/gmp_wrap.cpp b/src/engine/gnump/gmp_wrap.cpp index 107823ab3..22c46c7ad 100644 --- a/src/engine/gnump/gmp_wrap.cpp +++ b/src/engine/gnump/gmp_wrap.cpp @@ -87,7 +87,10 @@ BigInt GMP_MPZ::to_bigint() const { BigInt out(BigInt::Positive, (bytes() + sizeof(word) - 1) / sizeof(word)); size_t dummy = 0; - mpz_export(out.get_reg(), &dummy, -1, sizeof(word), 0, 0, value); + + auto reg = out.get_reg(); + + mpz_export(®[0], &dummy, -1, sizeof(word), 0, 0, value); if(mpz_sgn(value) < 0) out.flip_sign(); diff --git a/src/engine/gnump/gmp_wrap.h b/src/engine/gnump/gmp_wrap.h index 0a786f3ee..291d65a01 100644 --- a/src/engine/gnump/gmp_wrap.h +++ b/src/engine/gnump/gmp_wrap.h @@ -26,7 +26,7 @@ class GMP_MPZ size_t bytes() const; secure_vector<byte> to_bytes() const - { return BigInt::encode(to_bigint()); } + { return BigInt::encode_locked(to_bigint()); } GMP_MPZ& operator=(const GMP_MPZ&); diff --git a/src/engine/gnump/gnump_pk.cpp b/src/engine/gnump/gnump_pk.cpp index b2a2f9352..e9f5d29df 100644 --- a/src/engine/gnump/gnump_pk.cpp +++ b/src/engine/gnump/gnump_pk.cpp @@ -105,8 +105,8 @@ GMP_DSA_Signature_Operation::sign(const byte msg[], size_t msg_len, throw Internal_Error("GMP_DSA_Op::sign: r or s was zero"); secure_vector<byte> output(2*q_bytes); - r.encode(output, q_bytes); - s.encode(output + q_bytes, q_bytes); + r.encode(&output[0], q_bytes); + s.encode(&output[q_bytes], q_bytes); return output; } @@ -203,7 +203,7 @@ class GMP_RSA_Private_Operation : public PK_Ops::Signature, secure_vector<byte> decrypt(const byte msg[], size_t msg_len) { BigInt m(msg, msg_len); - return BigInt::encode(private_op(m)); + return BigInt::encode_locked(private_op(m)); } private: @@ -248,7 +248,7 @@ class GMP_RSA_Public_Operation : public PK_Ops::Verification, secure_vector<byte> verify_mr(const byte msg[], size_t msg_len) { BigInt m(msg, msg_len); - return BigInt::encode(public_op(m)); + return BigInt::encode_locked(public_op(m)); } private: diff --git a/src/engine/openssl/bn_powm.cpp b/src/engine/openssl/bn_powm.cpp index abf4f47c9..ac06fbe77 100644 --- a/src/engine/openssl/bn_powm.cpp +++ b/src/engine/openssl/bn_powm.cpp @@ -36,7 +36,7 @@ class OpenSSL_Modular_Exponentiator : public Modular_Exponentiator BigInt OpenSSL_Modular_Exponentiator::execute() const { OSSL_BN r; - BN_mod_exp(r.value, base.value, exp.value, mod.value, ctx.value); + BN_mod_exp(r.ptr(), base.ptr(), exp.ptr(), mod.ptr(), ctx.ptr()); return r.to_bigint(); } @@ -46,7 +46,7 @@ BigInt OpenSSL_Modular_Exponentiator::execute() const * Return the OpenSSL-based modular exponentiator */ Modular_Exponentiator* OpenSSL_Engine::mod_exp(const BigInt& n, - Power_Mod::Usage_Hints) const + Power_Mod::Usage_Hints) const { return new OpenSSL_Modular_Exponentiator(n); } diff --git a/src/engine/openssl/bn_wrap.cpp b/src/engine/openssl/bn_wrap.cpp index 0ac31f61b..0a7e42368 100644 --- a/src/engine/openssl/bn_wrap.cpp +++ b/src/engine/openssl/bn_wrap.cpp @@ -14,10 +14,10 @@ namespace Botan { */ OSSL_BN::OSSL_BN(const BigInt& in) { - value = BN_new(); - secure_vector<byte> encoding = BigInt::encode(in); + m_bn = BN_new(); + secure_vector<byte> encoding = BigInt::encode_locked(in); if(in != 0) - BN_bin2bn(encoding, encoding.size(), value); + BN_bin2bn(&encoding[0], encoding.size(), m_bn); } /* @@ -25,8 +25,8 @@ OSSL_BN::OSSL_BN(const BigInt& in) */ OSSL_BN::OSSL_BN(const byte in[], size_t length) { - value = BN_new(); - BN_bin2bn(in, length, value); + m_bn = BN_new(); + BN_bin2bn(in, length, m_bn); } /* @@ -34,7 +34,7 @@ OSSL_BN::OSSL_BN(const byte in[], size_t length) */ OSSL_BN::OSSL_BN(const OSSL_BN& other) { - value = BN_dup(other.value); + m_bn = BN_dup(other.m_bn); } /* @@ -42,7 +42,7 @@ OSSL_BN::OSSL_BN(const OSSL_BN& other) */ OSSL_BN::~OSSL_BN() { - BN_clear_free(value); + BN_clear_free(m_bn); } /* @@ -50,7 +50,7 @@ OSSL_BN::~OSSL_BN() */ OSSL_BN& OSSL_BN::operator=(const OSSL_BN& other) { - BN_copy(value, other.value); + BN_copy(m_bn, other.m_bn); return (*this); } @@ -59,7 +59,7 @@ OSSL_BN& OSSL_BN::operator=(const OSSL_BN& other) */ void OSSL_BN::encode(byte out[], size_t length) const { - BN_bn2bin(value, out + (length - bytes())); + BN_bn2bin(m_bn, out + (length - bytes())); } /* @@ -67,7 +67,7 @@ void OSSL_BN::encode(byte out[], size_t length) const */ size_t OSSL_BN::bytes() const { - return BN_num_bytes(value); + return BN_num_bytes(m_bn); } /* @@ -76,7 +76,7 @@ size_t OSSL_BN::bytes() const BigInt OSSL_BN::to_bigint() const { secure_vector<byte> out(bytes()); - BN_bn2bin(value, out); + BN_bn2bin(m_bn, &out[0]); return BigInt::decode(out); } @@ -85,7 +85,7 @@ BigInt OSSL_BN::to_bigint() const */ OSSL_BN_CTX::OSSL_BN_CTX() { - value = BN_CTX_new(); + m_ctx = BN_CTX_new(); } /* @@ -93,7 +93,7 @@ OSSL_BN_CTX::OSSL_BN_CTX() */ OSSL_BN_CTX::OSSL_BN_CTX(const OSSL_BN_CTX&) { - value = BN_CTX_new(); + m_ctx = BN_CTX_new(); } /* @@ -101,7 +101,7 @@ OSSL_BN_CTX::OSSL_BN_CTX(const OSSL_BN_CTX&) */ OSSL_BN_CTX::~OSSL_BN_CTX() { - BN_CTX_free(value); + BN_CTX_free(m_ctx); } /* @@ -109,7 +109,7 @@ OSSL_BN_CTX::~OSSL_BN_CTX() */ OSSL_BN_CTX& OSSL_BN_CTX::operator=(const OSSL_BN_CTX&) { - value = BN_CTX_new(); + m_ctx = BN_CTX_new(); return (*this); } diff --git a/src/engine/openssl/bn_wrap.h b/src/engine/openssl/bn_wrap.h index 177dbd8c7..12bcec152 100644 --- a/src/engine/openssl/bn_wrap.h +++ b/src/engine/openssl/bn_wrap.h @@ -19,14 +19,12 @@ namespace Botan { class OSSL_BN { public: - BIGNUM* value; - BigInt to_bigint() const; void encode(byte[], size_t) const; size_t bytes() const; secure_vector<byte> to_bytes() const - { return BigInt::encode(to_bigint()); } + { return BigInt::encode_locked(to_bigint()); } OSSL_BN& operator=(const OSSL_BN&); @@ -34,6 +32,10 @@ class OSSL_BN OSSL_BN(const BigInt& = 0); OSSL_BN(const byte[], size_t); ~OSSL_BN(); + + BIGNUM* ptr() const { return m_bn; } + private: + BIGNUM* m_bn; }; /** @@ -42,13 +44,15 @@ class OSSL_BN class OSSL_BN_CTX { public: - BN_CTX* value; - OSSL_BN_CTX& operator=(const OSSL_BN_CTX&); OSSL_BN_CTX(); OSSL_BN_CTX(const OSSL_BN_CTX&); ~OSSL_BN_CTX(); + + BN_CTX* ptr() const { return m_ctx; } + private: + BN_CTX* m_ctx; }; } diff --git a/src/engine/openssl/ossl_bc.cpp b/src/engine/openssl/ossl_bc.cpp index d419f56be..b3b509c36 100644 --- a/src/engine/openssl/ossl_bc.cpp +++ b/src/engine/openssl/ossl_bc.cpp @@ -123,7 +123,7 @@ void EVP_BlockCipher::decrypt_n(const byte in[], byte out[], */ void EVP_BlockCipher::key_schedule(const byte key[], size_t length) { - secure_vector<byte> full_key(key, length); + secure_vector<byte> full_key(key, key + length); if(cipher_name == "TripleDES" && length == 16) { @@ -141,8 +141,8 @@ void EVP_BlockCipher::key_schedule(const byte key[], size_t length) EVP_CIPHER_CTX_ctrl(&decrypt, EVP_CTRL_SET_RC2_KEY_BITS, length*8, 0); } - EVP_EncryptInit_ex(&encrypt, 0, 0, full_key.begin(), 0); - EVP_DecryptInit_ex(&decrypt, 0, 0, full_key.begin(), 0); + EVP_EncryptInit_ex(&encrypt, 0, 0, &full_key[0], 0); + EVP_DecryptInit_ex(&decrypt, 0, 0, &full_key[0], 0); } /* diff --git a/src/engine/openssl/ossl_pk.cpp b/src/engine/openssl/ossl_pk.cpp index 2557ec297..943204375 100644 --- a/src/engine/openssl/ossl_pk.cpp +++ b/src/engine/openssl/ossl_pk.cpp @@ -39,7 +39,7 @@ class OSSL_DH_KA_Operation : public PK_Ops::Key_Agreement secure_vector<byte> agree(const byte w[], size_t w_len) { OSSL_BN i(w, w_len), r; - BN_mod_exp(r.value, i.value, x.value, p.value, ctx.value); + BN_mod_exp(r.ptr(), i.ptr(), x.ptr(), p.ptr(), ctx.ptr()); return r.to_bytes(); } @@ -90,22 +90,22 @@ OSSL_DSA_Signature_Operation::sign(const byte msg[], size_t msg_len, OSSL_BN k(k_bn); OSSL_BN r; - BN_mod_exp(r.value, g.value, k.value, p.value, ctx.value); - BN_nnmod(r.value, r.value, q.value, ctx.value); + BN_mod_exp(r.ptr(), g.ptr(), k.ptr(), p.ptr(), ctx.ptr()); + BN_nnmod(r.ptr(), r.ptr(), q.ptr(), ctx.ptr()); - BN_mod_inverse(k.value, k.value, q.value, ctx.value); + BN_mod_inverse(k.ptr(), k.ptr(), q.ptr(), ctx.ptr()); OSSL_BN s; - BN_mul(s.value, x.value, r.value, ctx.value); - BN_add(s.value, s.value, i.value); - BN_mod_mul(s.value, s.value, k.value, q.value, ctx.value); + BN_mul(s.ptr(), x.ptr(), r.ptr(), ctx.ptr()); + BN_add(s.ptr(), s.ptr(), i.ptr()); + BN_mod_mul(s.ptr(), s.ptr(), k.ptr(), q.ptr(), ctx.ptr()); - if(BN_is_zero(r.value) || BN_is_zero(s.value)) + if(BN_is_zero(r.ptr()) || BN_is_zero(s.ptr())) throw Internal_Error("OpenSSL_DSA_Op::sign: r or s was zero"); secure_vector<byte> output(2*q_bytes); - r.encode(output, q_bytes); - s.encode(output + q_bytes, q_bytes); + r.encode(&output[0], q_bytes); + s.encode(&output[q_bytes], q_bytes); return output; } @@ -145,26 +145,26 @@ bool OSSL_DSA_Verification_Operation::verify(const byte msg[], size_t msg_len, OSSL_BN s(sig + q_bytes, q_bytes); OSSL_BN i(msg, msg_len); - if(BN_is_zero(r.value) || BN_cmp(r.value, q.value) >= 0) + if(BN_is_zero(r.ptr()) || BN_cmp(r.ptr(), q.ptr()) >= 0) return false; - if(BN_is_zero(s.value) || BN_cmp(s.value, q.value) >= 0) + if(BN_is_zero(s.ptr()) || BN_cmp(s.ptr(), q.ptr()) >= 0) return false; - if(BN_mod_inverse(s.value, s.value, q.value, ctx.value) == 0) + if(BN_mod_inverse(s.ptr(), s.ptr(), q.ptr(), ctx.ptr()) == 0) return false; OSSL_BN si; - BN_mod_mul(si.value, s.value, i.value, q.value, ctx.value); - BN_mod_exp(si.value, g.value, si.value, p.value, ctx.value); + BN_mod_mul(si.ptr(), s.ptr(), i.ptr(), q.ptr(), ctx.ptr()); + BN_mod_exp(si.ptr(), g.ptr(), si.ptr(), p.ptr(), ctx.ptr()); OSSL_BN sr; - BN_mod_mul(sr.value, s.value, r.value, q.value, ctx.value); - BN_mod_exp(sr.value, y.value, sr.value, p.value, ctx.value); + BN_mod_mul(sr.ptr(), s.ptr(), r.ptr(), q.ptr(), ctx.ptr()); + BN_mod_exp(sr.ptr(), y.ptr(), sr.ptr(), p.ptr(), ctx.ptr()); - BN_mod_mul(si.value, si.value, sr.value, p.value, ctx.value); - BN_nnmod(si.value, si.value, q.value, ctx.value); + BN_mod_mul(si.ptr(), si.ptr(), sr.ptr(), p.ptr(), ctx.ptr()); + BN_nnmod(si.ptr(), si.ptr(), q.ptr(), ctx.ptr()); - if(BN_cmp(si.value, r.value) == 0) + if(BN_cmp(si.ptr(), r.ptr()) == 0) return true; return false; @@ -202,7 +202,7 @@ class OSSL_RSA_Private_Operation : public PK_Ops::Signature, secure_vector<byte> decrypt(const byte msg[], size_t msg_len) { BigInt m(msg, msg_len); - return BigInt::encode(private_op(m)); + return BigInt::encode_locked(private_op(m)); } private: @@ -217,12 +217,12 @@ BigInt OSSL_RSA_Private_Operation::private_op(const BigInt& m) const { OSSL_BN j1, j2, h(m); - BN_mod_exp(j1.value, h.value, d1.value, p.value, ctx.value); - BN_mod_exp(j2.value, h.value, d2.value, q.value, ctx.value); - BN_sub(h.value, j1.value, j2.value); - BN_mod_mul(h.value, h.value, c.value, p.value, ctx.value); - BN_mul(h.value, h.value, q.value, ctx.value); - BN_add(h.value, h.value, j2.value); + BN_mod_exp(j1.ptr(), h.ptr(), d1.ptr(), p.ptr(), ctx.ptr()); + BN_mod_exp(j2.ptr(), h.ptr(), d2.ptr(), q.ptr(), ctx.ptr()); + BN_sub(h.ptr(), j1.ptr(), j2.ptr()); + BN_mod_mul(h.ptr(), h.ptr(), c.ptr(), p.ptr(), ctx.ptr()); + BN_mul(h.ptr(), h.ptr(), q.ptr(), ctx.ptr()); + BN_add(h.ptr(), h.ptr(), j2.ptr()); return h.to_bigint(); } @@ -247,7 +247,7 @@ class OSSL_RSA_Public_Operation : public PK_Ops::Verification, secure_vector<byte> verify_mr(const byte msg[], size_t msg_len) { BigInt m(msg, msg_len); - return BigInt::encode(public_op(m)); + return BigInt::encode_locked(public_op(m)); } private: @@ -257,7 +257,7 @@ class OSSL_RSA_Public_Operation : public PK_Ops::Verification, throw Invalid_Argument("RSA public op - input is too large"); OSSL_BN m_bn(m), r; - BN_mod_exp(r.value, m_bn.value, e.value, mod.value, ctx.value); + BN_mod_exp(r.ptr(), m_bn.ptr(), e.ptr(), mod.ptr(), ctx.ptr()); return r.to_bigint(); } diff --git a/src/filters/bzip2/bzip2.cpp b/src/filters/bzip2/bzip2.cpp index 18a53558c..b5d48b0ed 100644 --- a/src/filters/bzip2/bzip2.cpp +++ b/src/filters/bzip2/bzip2.cpp @@ -26,9 +26,6 @@ class Bzip_Alloc_Info { public: std::map<void*, size_t> current_allocs; - Allocator* alloc; - - Bzip_Alloc_Info() { alloc = Allocator::get(false); } }; /* @@ -37,8 +34,11 @@ class Bzip_Alloc_Info void* bzip_malloc(void* info_ptr, int n, int size) { Bzip_Alloc_Info* info = static_cast<Bzip_Alloc_Info*>(info_ptr); - void* ptr = info->alloc->allocate(n * size); - info->current_allocs[ptr] = n * size; + + const size_t total_sz = n * size; + + void* ptr = std::malloc(total_sz); + info->current_allocs[ptr] = total_sz; return ptr; } @@ -51,7 +51,9 @@ void bzip_free(void* info_ptr, void* ptr) auto i = info->current_allocs.find(ptr); if(i == info->current_allocs.end()) throw Invalid_Argument("bzip_free: Got pointer not allocated by us"); - info->alloc->deallocate(ptr, i->second); + + std::memset(ptr, 0, i->second); + std::free(ptr); } } @@ -119,7 +121,7 @@ void Bzip_Compression::write(const byte input[], size_t length) while(bz->stream.avail_in != 0) { - bz->stream.next_out = reinterpret_cast<char*>(buffer.begin()); + bz->stream.next_out = reinterpret_cast<char*>(&buffer[0]); bz->stream.avail_out = buffer.size(); BZ2_bzCompress(&(bz->stream), BZ_RUN); send(buffer, buffer.size() - bz->stream.avail_out); @@ -137,7 +139,7 @@ void Bzip_Compression::end_msg() int rc = BZ_OK; while(rc != BZ_STREAM_END) { - bz->stream.next_out = reinterpret_cast<char*>(buffer.begin()); + bz->stream.next_out = reinterpret_cast<char*>(&buffer[0]); bz->stream.avail_out = buffer.size(); rc = BZ2_bzCompress(&(bz->stream), BZ_FINISH); send(buffer, buffer.size() - bz->stream.avail_out); @@ -156,7 +158,7 @@ void Bzip_Compression::flush() int rc = BZ_OK; while(rc != BZ_RUN_OK) { - bz->stream.next_out = reinterpret_cast<char*>(buffer.begin()); + bz->stream.next_out = reinterpret_cast<char*>(&buffer[0]); bz->stream.avail_out = buffer.size(); rc = BZ2_bzCompress(&(bz->stream), BZ_FLUSH); send(buffer, buffer.size() - bz->stream.avail_out); @@ -202,7 +204,7 @@ void Bzip_Decompression::write(const byte input_arr[], size_t length) while(bz->stream.avail_in != 0) { - bz->stream.next_out = reinterpret_cast<char*>(buffer.begin()); + bz->stream.next_out = reinterpret_cast<char*>(&buffer[0]); bz->stream.avail_out = buffer.size(); int rc = BZ2_bzDecompress(&(bz->stream)); @@ -261,7 +263,7 @@ void Bzip_Decompression::end_msg() int rc = BZ_OK; while(rc != BZ_STREAM_END) { - bz->stream.next_out = reinterpret_cast<char*>(buffer.begin()); + bz->stream.next_out = reinterpret_cast<char*>(&buffer[0]); bz->stream.avail_out = buffer.size(); rc = BZ2_bzDecompress(&(bz->stream)); diff --git a/src/filters/zlib/zlib.cpp b/src/filters/zlib/zlib.cpp index 169146826..0086a7828 100644 --- a/src/filters/zlib/zlib.cpp +++ b/src/filters/zlib/zlib.cpp @@ -25,9 +25,6 @@ class Zlib_Alloc_Info { public: std::map<void*, size_t> current_allocs; - Allocator* alloc; - - Zlib_Alloc_Info() { alloc = Allocator::get(false); } }; /* @@ -36,8 +33,11 @@ class Zlib_Alloc_Info void* zlib_malloc(void* info_ptr, unsigned int n, unsigned int size) { Zlib_Alloc_Info* info = static_cast<Zlib_Alloc_Info*>(info_ptr); - void* ptr = info->alloc->allocate(n * size); - info->current_allocs[ptr] = n * size; + + const size_t total_sz = n * size; + + void* ptr = std::malloc(total_sz); + info->current_allocs[ptr] = total_sz; return ptr; } @@ -50,7 +50,9 @@ void zlib_free(void* info_ptr, void* ptr) auto i = info->current_allocs.find(ptr); if(i == info->current_allocs.end()) throw Invalid_Argument("zlib_free: Got pointer not allocated by us"); - info->alloc->deallocate(ptr, i->second); + + std::memset(ptr, 0, i->second); + std::free(ptr); } } @@ -130,10 +132,10 @@ void Zlib_Compression::write(const byte input[], size_t length) while(zlib->stream.avail_in != 0) { - zlib->stream.next_out = static_cast<Bytef*>(buffer.begin()); + zlib->stream.next_out = static_cast<Bytef*>(&buffer[0]); zlib->stream.avail_out = buffer.size(); deflate(&(zlib->stream), Z_NO_FLUSH); - send(buffer.begin(), buffer.size() - zlib->stream.avail_out); + send(&buffer[0], buffer.size() - zlib->stream.avail_out); } } @@ -148,11 +150,11 @@ void Zlib_Compression::end_msg() int rc = Z_OK; while(rc != Z_STREAM_END) { - zlib->stream.next_out = reinterpret_cast<Bytef*>(buffer.begin()); + zlib->stream.next_out = reinterpret_cast<Bytef*>(&buffer[0]); zlib->stream.avail_out = buffer.size(); rc = deflate(&(zlib->stream), Z_FINISH); - send(buffer.begin(), buffer.size() - zlib->stream.avail_out); + send(&buffer[0], buffer.size() - zlib->stream.avail_out); } clear(); @@ -169,10 +171,10 @@ void Zlib_Compression::flush() while(true) { zlib->stream.avail_out = buffer.size(); - zlib->stream.next_out = reinterpret_cast<Bytef*>(buffer.begin()); + zlib->stream.next_out = reinterpret_cast<Bytef*>(&buffer[0]); deflate(&(zlib->stream), Z_FULL_FLUSH); - send(buffer.begin(), buffer.size() - zlib->stream.avail_out); + send(&buffer[0], buffer.size() - zlib->stream.avail_out); if(zlib->stream.avail_out == buffer.size()) break; @@ -232,7 +234,7 @@ void Zlib_Decompression::write(const byte input_arr[], size_t length) while(zlib->stream.avail_in != 0) { - zlib->stream.next_out = reinterpret_cast<Bytef*>(buffer.begin()); + zlib->stream.next_out = reinterpret_cast<Bytef*>(&buffer[0]); zlib->stream.avail_out = buffer.size(); int rc = inflate(&(zlib->stream), Z_SYNC_FLUSH); @@ -250,7 +252,7 @@ void Zlib_Decompression::write(const byte input_arr[], size_t length) throw std::runtime_error("Zlib decompression: Unknown error"); } - send(buffer.begin(), buffer.size() - zlib->stream.avail_out); + send(&buffer[0], buffer.size() - zlib->stream.avail_out); if(rc == Z_STREAM_END) { @@ -279,7 +281,7 @@ void Zlib_Decompression::end_msg() while(rc != Z_STREAM_END) { - zlib->stream.next_out = reinterpret_cast<Bytef*>(buffer.begin()); + zlib->stream.next_out = reinterpret_cast<Bytef*>(&buffer[0]); zlib->stream.avail_out = buffer.size(); rc = inflate(&(zlib->stream), Z_SYNC_FLUSH); @@ -289,7 +291,7 @@ void Zlib_Decompression::end_msg() throw Decoding_Error("Zlib_Decompression: Error finalizing"); } - send(buffer.begin(), buffer.size() - zlib->stream.avail_out); + send(&buffer[0], buffer.size() - zlib->stream.avail_out); } clear(); diff --git a/src/tls/info.txt b/src/tls/info.txt index 9c0051abd..1863be577 100644 --- a/src/tls/info.txt +++ b/src/tls/info.txt @@ -2,10 +2,10 @@ define TLS load_on auto -<comment> +<warning> The TLS code is complex, new, and not yet reviewed, there may be serious bugs or security issues. -</comment> +</warning> <header:public> tls_alert.h |