Remove algo factory, engines, global RNG, global state, etc.

Convert all uses of Algorithm_Factory and the engines to using Algo_Registry The shared pool of entropy sources remains but is moved to EntropySource. With that and few remaining initializations (default OIDs and aliases) moved elsewhere, the global state is empty and init and shutdown are no-ops. Remove almost all of the headers and code for handling the global state, except LibraryInitializer which remains as a compatability stub. Update seeding for blinding so only one hacky almost-global RNG instance needs to be setup instead of across all pubkey uses (it uses either the system RNG or an AutoSeeded_RNG if the system RNG is not available).
author: lloyd <[email protected]> 2015-02-04 04:03:38 +0000
committer: lloyd <[email protected]> 2015-02-04 04:03:38 +0000
commit: 0dd060fed07b0060f94e3bae62e125a85c1bb877 (patch)
tree: ed4bc7a961e2b30f17ed5e80769c84b0c313c8b7 /src/lib/tls
parent: f9a7c85b74be0f4a7273e8e0591703af83036e81 (diff)
7 files changed, 45 insertions, 20 deletions
diff --git a/src/lib/tls/msg_hello_verify.cpp b/src/lib/tls/msg_hello_verify.cpp
index 8f209998f..a3c439750 100644
--- a/src/lib/tls/msg_hello_verify.cpp
+++ b/src/lib/tls/msg_hello_verify.cpp
@@ -6,6 +6,7 @@
 */
 
 #include <botan/internal/tls_messages.h>
+#include <botan/mac.h>
 #include <botan/lookup.h>
 
 namespace Botan {
diff --git a/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp b/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp
index 665a2ded6..c67dc7997 100644
--- a/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp
+++ b/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp
@@ -7,6 +7,7 @@
 
 #include <botan/tls_session_manager_sql.h>
 #include <botan/database.h>
+#include <botan/pbkdf.h>
 #include <botan/lookup.h>
 #include <botan/hex.h>
 #include <botan/loadstor.h>
diff --git a/src/lib/tls/tls_ciphersuite.cpp b/src/lib/tls/tls_ciphersuite.cpp
index b2ff2476b..31c688c51 100644
--- a/src/lib/tls/tls_ciphersuite.cpp
+++ b/src/lib/tls/tls_ciphersuite.cpp
@@ -6,8 +6,12 @@
 */
 
 #include <botan/tls_ciphersuite.h>
-#include <botan/libstate.h>
 #include <botan/parsing.h>
+#include <botan/internal/algo_registry.h>
+#include <botan/block_cipher.h>
+#include <botan/stream_cipher.h>
+#include <botan/hash.h>
+#include <botan/mac.h>
 #include <sstream>
 #include <stdexcept>
 
@@ -96,14 +100,32 @@ bool Ciphersuite::ecc_ciphersuite() const
    return (sig_algo() == "ECDSA" || kex_algo() == "ECDH" || kex_algo() == "ECDHE_PSK");
    }
 
+namespace {
+
+bool have_hash(const std::string& prf)
+   {
+   if(Algo_Registry<HashFunction>::global_registry().providers_of(prf).size() > 0)
+      return true;
+   return false;
+   }
+
+bool have_cipher(const std::string& cipher)
+   {
+   if(Algo_Registry<BlockCipher>::global_registry().providers_of(cipher).size() > 0)
+      return true;
+   if(Algo_Registry<StreamCipher>::global_registry().providers_of(cipher).size() > 0)
+      return true;
+   return false;
+   }
+
+}
+
 bool Ciphersuite::valid() const
    {
    if(!m_cipher_keylen) // uninitialized object
       return false;
 
-   Algorithm_Factory& af = global_state().algorithm_factory();
-
-   if(!af.prototype_hash_function(prf_algo()))
+   if(!have_hash(prf_algo()))
       return false;
 
    if(mac_algo() == "AEAD")
@@ -118,7 +140,7 @@ bool Ciphersuite::valid() const
          {
          auto cipher_and_mode = split_on(cipher_algo(), '/');
          BOTAN_ASSERT(cipher_and_mode.size() == 2, "Expected format for AEAD algo");
-         if(!af.prototype_block_cipher(cipher_and_mode[0]))
+         if(!have_cipher(cipher_and_mode[0]))
             return false;
 
          const auto mode = cipher_and_mode[1];
@@ -141,11 +163,10 @@ bool Ciphersuite::valid() const
       }
    else
       {
-      if(!af.prototype_block_cipher(cipher_algo()) &&
-         !af.prototype_stream_cipher(cipher_algo()))
+      // Old non-AEAD schemes
+      if(!have_cipher(cipher_algo()))
          return false;
-
-      if(!af.prototype_hash_function(mac_algo()))
+      if(!have_hash(mac_algo())) // HMAC
          return false;
       }
 
diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp
index 75df6332a..bdc64283c 100644
--- a/src/lib/tls/tls_client.cpp
+++ b/src/lib/tls/tls_client.cpp
@@ -10,6 +10,7 @@
 #include <botan/internal/tls_messages.h>
 #include <botan/internal/stl_util.h>
 #include <iterator>
+#include <sstream>
 
 namespace Botan {
 
@@ -227,11 +228,15 @@ void Client::process_handshake_msg(const Handshake_State* active_state,
                           client_extn.begin(), server_extn.end(),
                           std::back_inserter(diff));
 
-      for(auto i : diff)
+      if(!diff.empty())
          {
-         throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
-                             "Server sent extension " + std::to_string(i) +
-                             " but we did not request it");
+         // Server sent us back an extension we did not send!
+
+         std::ostringstream msg;
+         msg << "Server replied with " << diff.size() << " unsupported extensions:";
+         for(auto&& d : diff)
+            msg << " " << static_cast<int>(d);
+         throw TLS_Exception(Alert::HANDSHAKE_FAILURE, msg.str());
          }
 
       if(u16bit srtp = state.server_hello()->srtp_profile())
diff --git a/src/lib/tls/tls_handshake_hash.cpp b/src/lib/tls/tls_handshake_hash.cpp
index abbd725f6..76766c5fc 100644
--- a/src/lib/tls/tls_handshake_hash.cpp
+++ b/src/lib/tls/tls_handshake_hash.cpp
@@ -7,7 +7,7 @@
 
 #include <botan/internal/tls_handshake_hash.h>
 #include <botan/tls_exceptn.h>
-#include <botan/algo_registry.h>
+#include <botan/internal/algo_registry.h>
 #include <botan/hash.h>
 
 namespace Botan {
diff --git a/src/lib/tls/tls_handshake_state.cpp b/src/lib/tls/tls_handshake_state.cpp
index 883527810..f0d80556d 100644
--- a/src/lib/tls/tls_handshake_state.cpp
+++ b/src/lib/tls/tls_handshake_state.cpp
@@ -265,13 +265,9 @@ KDF* Handshake_State::protocol_specific_prf() const
 
       return get_kdf("TLS-12-PRF(" + prf_algo + ")");
       }
-   else
-      {
-      // TLS v1.0, v1.1 and DTLS v1.0
-      return get_kdf("TLS-PRF");
-      }
 
-   throw Internal_Error("Unknown version code " + version().to_string());
+   // Old PRF used in TLS v1.0, v1.1 and DTLS v1.0
+   return get_kdf("TLS-PRF");
    }
 
 namespace {
diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp
index 56648edb3..521e7e4c1 100644
--- a/src/lib/tls/tls_record.cpp
+++ b/src/lib/tls/tls_record.cpp
@@ -14,6 +14,7 @@
 #include <botan/internal/rounding.h>
 #include <botan/internal/xor_buf.h>
 #include <botan/lookup.h>
+#include <botan/rng.h>
 
 namespace Botan {
author	lloyd <[email protected]>	2015-02-04 04:03:38 +0000
committer	lloyd <[email protected]>	2015-02-04 04:03:38 +0000
commit	0dd060fed07b0060f94e3bae62e125a85c1bb877 (patch)
tree	ed4bc7a961e2b30f17ed5e80769c84b0c313c8b7 /src/lib/tls
parent	f9a7c85b74be0f4a7273e8e0591703af83036e81 (diff)