Remove algo factory, engines, global RNG, global state, etc.

Convert all uses of Algorithm_Factory and the engines to using Algo_Registry

The shared pool of entropy sources remains but is moved to EntropySource.
With that and few remaining initializations (default OIDs and aliases)
moved elsewhere, the global state is empty and init and shutdown are no-ops.
Remove almost all of the headers and code for handling the global
state, except LibraryInitializer which remains as a compatability stub.

Update seeding for blinding so only one hacky almost-global RNG
instance needs to be setup instead of across all pubkey uses (it uses
either the system RNG or an AutoSeeded_RNG if the system RNG is not
available).

6 files changed, 21 insertions, 12 deletions

diff --git a/src/lib/cert/cvc/info.txt b/src/lib/cert/cvc/info.txt
index 1d8e54dc4..e3da5435e 100644
--- a/src/lib/cert/cvc/info.txt
+++ b/src/lib/cert/cvc/info.txt
@@ -29,7 +29,6 @@ asn1
 bigint
 ecdsa
 filters
-libstate
 oid_lookup
 pem
 pubkey
diff --git a/src/lib/cert/x509/info.txt b/src/lib/cert/x509/info.txt
index a74fd6631..39e51a625 100644
--- a/src/lib/cert/x509/info.txt
+++ b/src/lib/cert/x509/info.txt
@@ -2,6 +2,7 @@ define X509_CERTIFICATES 20131128
 define OCSP 20131128
 
 <requires>
+asn1
 datastor
 http_util
 </requires>
diff --git a/src/lib/cert/x509/x509_ca.cpp b/src/lib/cert/x509/x509_ca.cpp
index 7703c49fd..e6f689016 100644
--- a/src/lib/cert/x509/x509_ca.cpp
+++ b/src/lib/cert/x509/x509_ca.cpp
@@ -13,6 +13,7 @@
 #include <botan/parsing.h>
 #include <botan/lookup.h>
 #include <botan/oids.h>
+#include <botan/hash.h>
 #include <botan/key_constraint.h>
 #include <algorithm>
 #include <typeinfo>
@@ -218,17 +219,16 @@ PK_Signer* choose_sig_format(const Private_Key& key,
                              const std::string& hash_fn,
                              AlgorithmIdentifier& sig_algo)
    {
-   std::string padding;
-
    const std::string algo_name = key.algo_name();
 
-   const HashFunction* proto_hash = retrieve_hash(hash_fn);
-   if(!proto_hash)
+   std::unique_ptr<HashFunction> hash(get_hash(hash_fn));
+   if(!hash)
       throw Algorithm_Not_Found(hash_fn);
 
-   if(key.max_input_bits() < proto_hash->output_length()*8)
+   if(key.max_input_bits() < hash->output_length() * 8)
       throw Invalid_Argument("Key is too small for chosen hash function");
 
+   std::string padding;
    if(algo_name == "RSA")
       padding = "EMSA3";
    else if(algo_name == "DSA")
@@ -238,10 +238,9 @@ PK_Signer* choose_sig_format(const Private_Key& key,
    else
       throw Invalid_Argument("Unknown X.509 signing key type: " + algo_name);
 
-   Signature_Format format =
-      (key.message_parts() > 1) ? DER_SEQUENCE : IEEE_1363;
+   const Signature_Format format = (key.message_parts() > 1) ? DER_SEQUENCE : IEEE_1363;
 
-   padding = padding + '(' + proto_hash->name() + ')';
+   padding = padding + '(' + hash->name() + ')';
 
    sig_algo.oid = OIDS::lookup(algo_name + "/" + padding);
    sig_algo.parameters = key.algorithm_identifier().parameters;
diff --git a/src/lib/cert/x509/x509_obj.cpp b/src/lib/cert/x509/x509_obj.cpp
index 746fc7312..71449098e 100644
--- a/src/lib/cert/x509/x509_obj.cpp
+++ b/src/lib/cert/x509/x509_obj.cpp
@@ -175,6 +175,8 @@ std::string X509_Object::hash_used_for_signature() const
 */
 bool X509_Object::check_signature(const Public_Key* pub_key) const
    {
+   if(!pub_key)
+      throw std::runtime_error("No key provided for " + PEM_label_pref + " signature check");
    std::unique_ptr<const Public_Key> key(pub_key);
    return check_signature(*key);
    }
diff --git a/src/lib/cert/x509/x509cert.cpp b/src/lib/cert/x509/x509cert.cpp
index f901001ac..b04e7c462 100644
--- a/src/lib/cert/x509/x509cert.cpp
+++ b/src/lib/cert/x509/x509cert.cpp
@@ -15,6 +15,7 @@
 #include <botan/lookup.h>
 #include <botan/oids.h>
 #include <botan/pem.h>
+#include <botan/hash.h>
 #include <botan/hex.h>
 #include <algorithm>
 #include <iterator>
diff --git a/src/lib/cert/x509/x509path.cpp b/src/lib/cert/x509/x509path.cpp
index 111c4c3b7..fa6d34a2d 100644
--- a/src/lib/cert/x509/x509path.cpp
+++ b/src/lib/cert/x509/x509path.cpp
@@ -124,11 +124,18 @@ check_chain(const std::vector<X509_Certificate>& cert_path,
 
       std::unique_ptr<Public_Key> issuer_key(issuer.subject_public_key());
 
-      if(subject.check_signature(*issuer_key) == false)
+      if(!issuer_key)
+         {
          status.insert(Certificate_Status_Code::SIGNATURE_ERROR);
+         }
+      else
+         {
+         if(subject.check_signature(*issuer_key) == false)
+            status.insert(Certificate_Status_Code::SIGNATURE_ERROR);
 
-      if(issuer_key->estimated_strength() < restrictions.minimum_key_strength())
-         status.insert(Certificate_Status_Code::SIGNATURE_METHOD_TOO_WEAK);
+         if(issuer_key->estimated_strength() < restrictions.minimum_key_strength())
+            status.insert(Certificate_Status_Code::SIGNATURE_METHOD_TOO_WEAK);
+         }
 
       // Allow untrusted hashes on self-signed roots
       if(!trusted_hashes.empty() && !at_self_signed_root)