aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/cert/x509
diff options
context:
space:
mode:
authorlloyd <[email protected]>2015-02-04 04:03:38 +0000
committerlloyd <[email protected]>2015-02-04 04:03:38 +0000
commit0dd060fed07b0060f94e3bae62e125a85c1bb877 (patch)
treeed4bc7a961e2b30f17ed5e80769c84b0c313c8b7 /src/lib/cert/x509
parentf9a7c85b74be0f4a7273e8e0591703af83036e81 (diff)
Remove algo factory, engines, global RNG, global state, etc.
Convert all uses of Algorithm_Factory and the engines to using Algo_Registry The shared pool of entropy sources remains but is moved to EntropySource. With that and few remaining initializations (default OIDs and aliases) moved elsewhere, the global state is empty and init and shutdown are no-ops. Remove almost all of the headers and code for handling the global state, except LibraryInitializer which remains as a compatability stub. Update seeding for blinding so only one hacky almost-global RNG instance needs to be setup instead of across all pubkey uses (it uses either the system RNG or an AutoSeeded_RNG if the system RNG is not available).
Diffstat (limited to 'src/lib/cert/x509')
-rw-r--r--src/lib/cert/x509/info.txt1
-rw-r--r--src/lib/cert/x509/x509_ca.cpp15
-rw-r--r--src/lib/cert/x509/x509_obj.cpp2
-rw-r--r--src/lib/cert/x509/x509cert.cpp1
-rw-r--r--src/lib/cert/x509/x509path.cpp13
5 files changed, 21 insertions, 11 deletions
diff --git a/src/lib/cert/x509/info.txt b/src/lib/cert/x509/info.txt
index a74fd6631..39e51a625 100644
--- a/src/lib/cert/x509/info.txt
+++ b/src/lib/cert/x509/info.txt
@@ -2,6 +2,7 @@ define X509_CERTIFICATES 20131128
define OCSP 20131128
<requires>
+asn1
datastor
http_util
</requires>
diff --git a/src/lib/cert/x509/x509_ca.cpp b/src/lib/cert/x509/x509_ca.cpp
index 7703c49fd..e6f689016 100644
--- a/src/lib/cert/x509/x509_ca.cpp
+++ b/src/lib/cert/x509/x509_ca.cpp
@@ -13,6 +13,7 @@
#include <botan/parsing.h>
#include <botan/lookup.h>
#include <botan/oids.h>
+#include <botan/hash.h>
#include <botan/key_constraint.h>
#include <algorithm>
#include <typeinfo>
@@ -218,17 +219,16 @@ PK_Signer* choose_sig_format(const Private_Key& key,
const std::string& hash_fn,
AlgorithmIdentifier& sig_algo)
{
- std::string padding;
-
const std::string algo_name = key.algo_name();
- const HashFunction* proto_hash = retrieve_hash(hash_fn);
- if(!proto_hash)
+ std::unique_ptr<HashFunction> hash(get_hash(hash_fn));
+ if(!hash)
throw Algorithm_Not_Found(hash_fn);
- if(key.max_input_bits() < proto_hash->output_length()*8)
+ if(key.max_input_bits() < hash->output_length() * 8)
throw Invalid_Argument("Key is too small for chosen hash function");
+ std::string padding;
if(algo_name == "RSA")
padding = "EMSA3";
else if(algo_name == "DSA")
@@ -238,10 +238,9 @@ PK_Signer* choose_sig_format(const Private_Key& key,
else
throw Invalid_Argument("Unknown X.509 signing key type: " + algo_name);
- Signature_Format format =
- (key.message_parts() > 1) ? DER_SEQUENCE : IEEE_1363;
+ const Signature_Format format = (key.message_parts() > 1) ? DER_SEQUENCE : IEEE_1363;
- padding = padding + '(' + proto_hash->name() + ')';
+ padding = padding + '(' + hash->name() + ')';
sig_algo.oid = OIDS::lookup(algo_name + "/" + padding);
sig_algo.parameters = key.algorithm_identifier().parameters;
diff --git a/src/lib/cert/x509/x509_obj.cpp b/src/lib/cert/x509/x509_obj.cpp
index 746fc7312..71449098e 100644
--- a/src/lib/cert/x509/x509_obj.cpp
+++ b/src/lib/cert/x509/x509_obj.cpp
@@ -175,6 +175,8 @@ std::string X509_Object::hash_used_for_signature() const
*/
bool X509_Object::check_signature(const Public_Key* pub_key) const
{
+ if(!pub_key)
+ throw std::runtime_error("No key provided for " + PEM_label_pref + " signature check");
std::unique_ptr<const Public_Key> key(pub_key);
return check_signature(*key);
}
diff --git a/src/lib/cert/x509/x509cert.cpp b/src/lib/cert/x509/x509cert.cpp
index f901001ac..b04e7c462 100644
--- a/src/lib/cert/x509/x509cert.cpp
+++ b/src/lib/cert/x509/x509cert.cpp
@@ -15,6 +15,7 @@
#include <botan/lookup.h>
#include <botan/oids.h>
#include <botan/pem.h>
+#include <botan/hash.h>
#include <botan/hex.h>
#include <algorithm>
#include <iterator>
diff --git a/src/lib/cert/x509/x509path.cpp b/src/lib/cert/x509/x509path.cpp
index 111c4c3b7..fa6d34a2d 100644
--- a/src/lib/cert/x509/x509path.cpp
+++ b/src/lib/cert/x509/x509path.cpp
@@ -124,11 +124,18 @@ check_chain(const std::vector<X509_Certificate>& cert_path,
std::unique_ptr<Public_Key> issuer_key(issuer.subject_public_key());
- if(subject.check_signature(*issuer_key) == false)
+ if(!issuer_key)
+ {
status.insert(Certificate_Status_Code::SIGNATURE_ERROR);
+ }
+ else
+ {
+ if(subject.check_signature(*issuer_key) == false)
+ status.insert(Certificate_Status_Code::SIGNATURE_ERROR);
- if(issuer_key->estimated_strength() < restrictions.minimum_key_strength())
- status.insert(Certificate_Status_Code::SIGNATURE_METHOD_TOO_WEAK);
+ if(issuer_key->estimated_strength() < restrictions.minimum_key_strength())
+ status.insert(Certificate_Status_Code::SIGNATURE_METHOD_TOO_WEAK);
+ }
// Allow untrusted hashes on self-signed roots
if(!trusted_hashes.empty() && !at_self_signed_root)