Hide Algorithm_Factory and use the functions in lookup.h internally.

Fix two memory leaks (in TLS and modes) caused by calling get_foo and
then cloning the result before saving it (leaking the original object),
a holdover from the conversion between construction techniques in 1.11.14

3 files changed, 26 insertions, 37 deletions

diff --git a/src/lib/misc/benchmark/benchmark.cpp b/src/lib/misc/benchmark/benchmark.cpp
index 3e8a29349..c30b20698 100644
--- a/src/lib/misc/benchmark/benchmark.cpp
+++ b/src/lib/misc/benchmark/benchmark.cpp
@@ -6,7 +6,7 @@
 */
 
 #include <botan/benchmark.h>
-#include <botan/internal/algo_registry.h>
+#include <botan/lookup.h>
 #include <botan/buf_comp.h>
 #include <botan/cipher_mode.h>
 #include <botan/block_cipher.h>
@@ -55,7 +55,7 @@ time_algorithm_ops(const std::string& name,
 
    const double mb_mult = buffer.size() / static_cast<double>(Mebibyte);
 
-   if(BlockCipher* p = make_a<BlockCipher>(name, provider))
+   if(BlockCipher* p = get_block_cipher(name, provider))
       {
       std::unique_ptr<BlockCipher> bc(p);
 
@@ -67,7 +67,7 @@ time_algorithm_ops(const std::string& name,
             { "decrypt", mb_mult * time_op(runtime / 2, [&]() { bc->decrypt(buffer); }) },
          });
       }
-   else if(StreamCipher* p = make_a<StreamCipher>(name, provider))
+   else if(StreamCipher* p = get_stream_cipher(name, provider))
       {
       std::unique_ptr<StreamCipher> sc(p);
 
@@ -78,7 +78,7 @@ time_algorithm_ops(const std::string& name,
             { "", mb_mult * time_op(runtime, [&]() { sc->encipher(buffer); }) },
          });
       }
-   else if(HashFunction* p = make_a<HashFunction>(name, provider))
+   else if(HashFunction* p = get_hash_function(name, provider))
       {
       std::unique_ptr<HashFunction> h(p);
 
@@ -86,7 +86,7 @@ time_algorithm_ops(const std::string& name,
             { "", mb_mult * time_op(runtime, [&]() { h->update(buffer); }) },
          });
       }
-   else if(MessageAuthenticationCode* p = make_a<MessageAuthenticationCode>(name, provider))
+   else if(MessageAuthenticationCode* p = get_mac(name, provider))
       {
       std::unique_ptr<MessageAuthenticationCode> mac(p);
 
@@ -136,10 +136,10 @@ std::set<std::string> get_all_providers_of(const std::string& algo)
 
    auto add_to_set = [&provs](const std::vector<std::string>& str) { for(auto&& s : str) { provs.insert(s); } };
 
-   add_to_set(Algo_Registry<BlockCipher>::global_registry().providers_of(algo));
-   add_to_set(Algo_Registry<StreamCipher>::global_registry().providers_of(algo));
-   add_to_set(Algo_Registry<HashFunction>::global_registry().providers_of(algo));
-   add_to_set(Algo_Registry<MessageAuthenticationCode>::global_registry().providers_of(algo));
+   add_to_set(get_block_cipher_providers(algo));
+   add_to_set(get_stream_cipher_providers(algo));
+   add_to_set(get_hash_function_providers(algo));
+   add_to_set(get_mac_providers(algo));
 
    return provs;
    }
diff --git a/src/lib/misc/pbes2/pbes2.cpp b/src/lib/misc/pbes2/pbes2.cpp
index e46286906..435caaab1 100644
--- a/src/lib/misc/pbes2/pbes2.cpp
+++ b/src/lib/misc/pbes2/pbes2.cpp
@@ -6,9 +6,9 @@
 */
 
 #include <botan/pbes2.h>
-#include <botan/internal/algo_registry.h>
 #include <botan/cipher_mode.h>
-#include <botan/pbkdf2.h>
+#include <botan/lookup.h>
+#include <botan/pbkdf.h>
 #include <botan/der_enc.h>
 #include <botan/ber_dec.h>
 #include <botan/parsing.h>
@@ -82,15 +82,15 @@ pbes2_encrypt(const secure_vector<byte>& key_bits,
 
    std::unique_ptr<Cipher_Mode> enc(get_cipher_mode(cipher, ENCRYPTION));
 
-   PKCS5_PBKDF2 pbkdf(Algo_Registry<MessageAuthenticationCode>::global_registry().make(prf));
+   std::unique_ptr<PBKDF> pbkdf(get_pbkdf("PBKDF2(" + prf + ")"));
 
    const size_t key_length = enc->key_spec().maximum_keylength();
    size_t iterations = 0;
 
    secure_vector<byte> iv = rng.random_vec(enc->default_nonce_length());
 
-   enc->set_key(pbkdf.derive_key(key_length, passphrase, &salt[0], salt.size(),
-                                msec, iterations).bits_of());
+   enc->set_key(pbkdf->derive_key(key_length, passphrase, &salt[0], salt.size(),
+                                  msec, iterations).bits_of());
 
    enc->start(iv);
    secure_vector<byte> buf = key_bits;
@@ -151,15 +151,15 @@ pbes2_decrypt(const secure_vector<byte>& key_bits,
    BER_Decoder(enc_algo.parameters).decode(iv, OCTET_STRING).verify_end();
 
    const std::string prf = OIDS::lookup(prf_algo.oid);
-   PKCS5_PBKDF2 pbkdf(Algo_Registry<MessageAuthenticationCode>::global_registry().make(prf));
+
+   std::unique_ptr<PBKDF> pbkdf(get_pbkdf("PBKDF2(" + prf + ")"));
 
    std::unique_ptr<Cipher_Mode> dec(get_cipher_mode(cipher, DECRYPTION));
 
    if(key_length == 0)
       key_length = dec->key_spec().maximum_keylength();
 
-   dec->set_key(pbkdf.derive_key(key_length, passphrase, &salt[0], salt.size(),
-                                 iterations).bits_of());
+   dec->set_key(pbkdf->pbkdf_iterations(key_length, passphrase, &salt[0], salt.size(), iterations));
 
    dec->start(iv);
 
diff --git a/src/lib/misc/rfc3394/rfc3394.cpp b/src/lib/misc/rfc3394/rfc3394.cpp
index 422f2a2dd..11791418b 100644
--- a/src/lib/misc/rfc3394/rfc3394.cpp
+++ b/src/lib/misc/rfc3394/rfc3394.cpp
@@ -6,7 +6,7 @@
 */
 
 #include <botan/rfc3394.h>
-#include <botan/internal/algo_registry.h>
+#include <botan/lookup.h>
 #include <botan/block_cipher.h>
 #include <botan/loadstor.h>
 #include <botan/exceptn.h>
@@ -14,30 +14,16 @@
 
 namespace Botan {
 
-namespace {
-
-BlockCipher* make_aes(size_t keylength)
-   {
-   auto& block_ciphers = Algo_Registry<BlockCipher>::global_registry();
-   if(keylength == 16)
-      return block_ciphers.make("AES-128");
-   else if(keylength == 24)
-      return block_ciphers.make("AES-192");
-   else if(keylength == 32)
-      return block_ciphers.make("AES-256");
-   else
-      throw std::invalid_argument("Bad KEK length for NIST keywrap");
-   }
-
-}
-
 secure_vector<byte> rfc3394_keywrap(const secure_vector<byte>& key,
                                     const SymmetricKey& kek)
    {
    if(key.size() % 8 != 0)
       throw std::invalid_argument("Bad input key size for NIST key wrap");
 
-   std::unique_ptr<BlockCipher> aes(make_aes(kek.length()));
+   if(kek.size() != 16 && kek.size() != 24 && kek.size() != 32)
+      throw std::invalid_argument("Bad KEK length " + std::to_string(kek.size()) + " for NIST key wrap");
+
+   std::unique_ptr<BlockCipher> aes(make_block_cipher("AES-" + std::to_string(8*kek.size())));
    aes->set_key(kek);
 
    const size_t n = key.size() / 8;
@@ -78,7 +64,10 @@ secure_vector<byte> rfc3394_keyunwrap(const secure_vector<byte>& key,
    if(key.size() < 16 || key.size() % 8 != 0)
       throw std::invalid_argument("Bad input key size for NIST key unwrap");
 
-   std::unique_ptr<BlockCipher> aes(make_aes(kek.length()));
+   if(kek.size() != 16 && kek.size() != 24 && kek.size() != 32)
+      throw std::invalid_argument("Bad KEK length " + std::to_string(kek.size()) + " for NIST key unwrap");
+
+   std::unique_ptr<BlockCipher> aes(make_block_cipher("AES-" + std::to_string(8*kek.size())));
    aes->set_key(kek);
 
    const size_t n = (key.size() - 8) / 8;