aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorlloyd <[email protected]>2008-09-29 03:08:47 +0000
committerlloyd <[email protected]>2008-09-29 03:08:47 +0000
commit8479818176b1b80376541e33e49d65589e8feabb (patch)
treef17e9e17286766ada342bc1a9778b98122a378e0 /src
parent9e3118d4ded9af1f75ec0512fa9a6bc3725a6ae1 (diff)
Remove more dependencies on the global state object.
New argument to X509_CRL constructor, a boolean that specifies if an exception should be thrown upon encountering an unknown extension type marked as critical. Previously this was controlled globally via the x509/crl/unknown_critical policy flag.
Diffstat (limited to 'src')
-rw-r--r--src/asn1/asn1_str.cpp2
-rw-r--r--src/core/policy.cpp7
-rw-r--r--src/pk_pad/emsa2/emsa2.cpp11
-rw-r--r--src/pk_pad/emsa3/emsa3.cpp2
-rw-r--r--src/pk_pad/hash_id/hash_id.cpp12
-rw-r--r--src/x509/crl_ent.cpp16
-rw-r--r--src/x509/crl_ent.h3
-rw-r--r--src/x509/x509_ca.cpp16
-rw-r--r--src/x509/x509_crl.cpp16
-rw-r--r--src/x509/x509_crl.h6
10 files changed, 34 insertions, 57 deletions
diff --git a/src/asn1/asn1_str.cpp b/src/asn1/asn1_str.cpp
index eadc7a75d..bca1bf3c3 100644
--- a/src/asn1/asn1_str.cpp
+++ b/src/asn1/asn1_str.cpp
@@ -49,7 +49,7 @@ ASN1_Tag choose_encoding(const std::string& str,
{
if(type == "utf8") return UTF8_STRING;
if(type == "latin1") return T61_STRING;
- throw Invalid_Argument("Bad setting for x509/ca/str_type: " + type);
+ throw Invalid_Argument("choose_encoding: Bad string type " + type);
}
}
return PRINTABLE_STRING;
diff --git a/src/core/policy.cpp b/src/core/policy.cpp
index 606250690..39810760b 100644
--- a/src/core/policy.cpp
+++ b/src/core/policy.cpp
@@ -218,13 +218,6 @@ void set_default_config(Library_State& config)
config.set_option("pk/test/private", "basic");
config.set_option("pk/test/private_gen", "all");
- config.set_option("x509/ca/allow_ca", "false");
- config.set_option("x509/ca/basic_constraints", "always");
- config.set_option("x509/ca/rsa_hash", "SHA-1");
-
- config.set_option("x509/crl/unknown_critical", "ignore");
- config.set_option("x509/crl/next_update", "7d");
-
config.set_option("x509/exts/basic_constraints", "critical");
config.set_option("x509/exts/subject_key_id", "yes");
config.set_option("x509/exts/authority_key_id", "yes");
diff --git a/src/pk_pad/emsa2/emsa2.cpp b/src/pk_pad/emsa2/emsa2.cpp
index 24292d390..9f5f4b277 100644
--- a/src/pk_pad/emsa2/emsa2.cpp
+++ b/src/pk_pad/emsa2/emsa2.cpp
@@ -96,11 +96,16 @@ bool EMSA2::verify(const MemoryRegion<byte>& coded,
*************************************************/
EMSA2::EMSA2(const std::string& hash_name)
{
- hash_id = ieee1363_hash_id(hash_name);
- if(hash_id == 0)
- throw Encoding_Error("EMSA2 cannot be used with " + hash->name());
hash = get_hash(hash_name);
empty_hash = hash->final();
+
+ hash_id = ieee1363_hash_id(hash->name());
+
+ if(hash_id == 0)
+ {
+ delete hash;
+ throw Encoding_Error("EMSA2 cannot be used with " + hash->name());
+ }
}
}
diff --git a/src/pk_pad/emsa3/emsa3.cpp b/src/pk_pad/emsa3/emsa3.cpp
index 60880d1aa..255366503 100644
--- a/src/pk_pad/emsa3/emsa3.cpp
+++ b/src/pk_pad/emsa3/emsa3.cpp
@@ -90,8 +90,8 @@ bool EMSA3::verify(const MemoryRegion<byte>& coded,
*************************************************/
EMSA3::EMSA3(const std::string& hash_name)
{
- hash_id = pkcs_hash_id(hash_name);
hash = get_hash(hash_name);
+ hash_id = pkcs_hash_id(hash->name());
}
}
diff --git a/src/pk_pad/hash_id/hash_id.cpp b/src/pk_pad/hash_id/hash_id.cpp
index 27225b3b5..123a0de0e 100644
--- a/src/pk_pad/hash_id/hash_id.cpp
+++ b/src/pk_pad/hash_id/hash_id.cpp
@@ -4,7 +4,7 @@
*************************************************/
#include <botan/hash_id.h>
-#include <botan/libstate.h>
+#include <botan/exceptn.h>
namespace Botan {
@@ -51,10 +51,8 @@ const byte TIGER_ID[] = {
/*************************************************
* Return the HashID, as specified by PKCS *
*************************************************/
-MemoryVector<byte> pkcs_hash_id(const std::string& name_or_alias)
+MemoryVector<byte> pkcs_hash_id(const std::string& name)
{
- const std::string name = global_state().deref_alias(name_or_alias);
-
MemoryVector<byte> out;
if(name == "Parallel(MD5,SHA-160)")
@@ -82,16 +80,14 @@ MemoryVector<byte> pkcs_hash_id(const std::string& name_or_alias)
if(out.size())
return out;
- throw Invalid_Argument("No PKCS #1 identifier for " + name_or_alias);
+ throw Invalid_Argument("No PKCS #1 identifier for " + name);
}
/*************************************************
* Return the HashID, as specified by IEEE 1363 *
*************************************************/
-byte ieee1363_hash_id(const std::string& name_or_alias)
+byte ieee1363_hash_id(const std::string& name)
{
- const std::string name = global_state().deref_alias(name_or_alias);
-
if(name == "RIPEMD-160") return 0x31;
if(name == "RIPEMD-128") return 0x32;
if(name == "SHA-160") return 0x33;
diff --git a/src/x509/crl_ent.cpp b/src/x509/crl_ent.cpp
index 4a85b99c2..dbf550f13 100644
--- a/src/x509/crl_ent.cpp
+++ b/src/x509/crl_ent.cpp
@@ -8,7 +8,6 @@
#include <botan/der_enc.h>
#include <botan/ber_dec.h>
#include <botan/bigint.h>
-#include <botan/libstate.h>
#include <botan/oids.h>
#include <botan/util.h>
@@ -17,7 +16,8 @@ namespace Botan {
/*************************************************
* Create a CRL_Entry *
*************************************************/
-CRL_Entry::CRL_Entry()
+CRL_Entry::CRL_Entry(bool t_on_unknown_crit) :
+ throw_on_unknown_critical(t_on_unknown_crit)
{
reason = UNSPECIFIED;
}
@@ -25,7 +25,8 @@ CRL_Entry::CRL_Entry()
/*************************************************
* Create a CRL_Entry *
*************************************************/
-CRL_Entry::CRL_Entry(const X509_Certificate& cert, CRL_Code why)
+CRL_Entry::CRL_Entry(const X509_Certificate& cert, CRL_Code why) :
+ throw_on_unknown_critical(false)
{
serial = cert.serial_number();
time = X509_Time(system_time());
@@ -91,14 +92,7 @@ void CRL_Entry::decode_from(BER_Decoder& source)
if(source.more_items())
{
- std::string action =
- global_state().option("x509/crl/unknown_critical");
-
- if(action != "throw" && action != "ignore")
- throw Invalid_Argument("Bad setting x509/crl/unknown_critical: "
- + action);
-
- Extensions extensions(action == "throw");
+ Extensions extensions(throw_on_unknown_critical);
source.decode(extensions);
Data_Store info;
extensions.contents_to(info, info);
diff --git a/src/x509/crl_ent.h b/src/x509/crl_ent.h
index 05a9338b3..8aa567a2a 100644
--- a/src/x509/crl_ent.h
+++ b/src/x509/crl_ent.h
@@ -23,10 +23,11 @@ class BOTAN_DLL CRL_Entry : public ASN1_Object
X509_Time expire_time() const { return time; }
CRL_Code reason_code() const { return reason; }
- CRL_Entry();
+ CRL_Entry(bool throw_on_unknown_critical_extension = false);
CRL_Entry(const X509_Certificate&, CRL_Code = UNSPECIFIED);
private:
+ bool throw_on_unknown_critical;
MemoryVector<byte> serial;
X509_Time time;
CRL_Code reason;
diff --git a/src/x509/x509_ca.cpp b/src/x509/x509_ca.cpp
index d455e4988..16cfc662c 100644
--- a/src/x509/x509_ca.cpp
+++ b/src/x509/x509_ca.cpp
@@ -7,7 +7,6 @@
#include <botan/x509stor.h>
#include <botan/der_enc.h>
#include <botan/ber_dec.h>
-#include <botan/libstate.h>
#include <botan/lookup.h>
#include <botan/look_pk.h>
#include <botan/numthry.h>
@@ -187,8 +186,7 @@ X509_CRL X509_CA::make_crl(const std::vector<CRL_Entry>& revoked,
const u32bit X509_CRL_VERSION = 2;
if(next_update == 0)
- next_update = timespec_to_u32bit(
- global_state().option("x509/crl/next_update"));
+ next_update = timespec_to_u32bit("7d");
// Totally stupid: ties encoding logic to the return of std::time!!
const u64bit current_time = system_time();
@@ -252,20 +250,12 @@ PK_Signer* choose_sig_format(const Private_Key& key,
if(algo_name == "RSA")
{
- std::string hash = global_state().option("x509/ca/rsa_hash");
-
- if(hash == "")
- throw Invalid_State("No value set for x509/ca/rsa_hash");
-
- hash = global_state().deref_alias(hash);
-
- padding = "EMSA3(" + hash + ")";
+ padding = "EMSA3(SHA-160)";
format = IEEE_1363;
}
else if(algo_name == "DSA")
{
- std::string hash = global_state().deref_alias("SHA-1");
- padding = "EMSA1(" + hash + ")";
+ padding = "EMSA1(SHA-160)";
format = DER_SEQUENCE;
}
else
diff --git a/src/x509/x509_crl.cpp b/src/x509/x509_crl.cpp
index 306c78bd1..6805abef6 100644
--- a/src/x509/x509_crl.cpp
+++ b/src/x509/x509_crl.cpp
@@ -8,7 +8,6 @@
#include <botan/ber_dec.h>
#include <botan/parsing.h>
#include <botan/bigint.h>
-#include <botan/libstate.h>
#include <botan/oids.h>
namespace Botan {
@@ -16,7 +15,8 @@ namespace Botan {
/*************************************************
* Load a X.509 CRL *
*************************************************/
-X509_CRL::X509_CRL(DataSource& in) : X509_Object(in, "X509 CRL/CRL")
+X509_CRL::X509_CRL(DataSource& in, bool touc) :
+ X509_Object(in, "X509 CRL/CRL"), throw_on_unknown_critical(touc)
{
do_decode();
}
@@ -24,7 +24,8 @@ X509_CRL::X509_CRL(DataSource& in) : X509_Object(in, "X509 CRL/CRL")
/*************************************************
* Load a X.509 CRL *
*************************************************/
-X509_CRL::X509_CRL(const std::string& in) : X509_Object(in, "CRL/X509 CRL")
+X509_CRL::X509_CRL(const std::string& in, bool touc) :
+ X509_Object(in, "CRL/X509 CRL"), throw_on_unknown_critical(touc)
{
do_decode();
}
@@ -66,7 +67,7 @@ void X509_CRL::force_decode()
while(cert_list.more_items())
{
- CRL_Entry entry;
+ CRL_Entry entry(throw_on_unknown_critical);
cert_list.decode(entry);
revoked.push_back(entry);
}
@@ -78,12 +79,7 @@ void X509_CRL::force_decode()
{
BER_Decoder crl_options(next.value);
- std::string action = global_state().option("x509/crl/unknown_critical");
- if(action != "throw" && action != "ignore")
- throw Invalid_Argument("Bad value of x509/crl/unknown_critical: "
- + action);
-
- Extensions extensions(action == "throw");
+ Extensions extensions(throw_on_unknown_critical);
crl_options.decode(extensions).verify_end();
diff --git a/src/x509/x509_crl.h b/src/x509/x509_crl.h
index f7623b940..ec73e9fdf 100644
--- a/src/x509/x509_crl.h
+++ b/src/x509/x509_crl.h
@@ -33,10 +33,12 @@ class BOTAN_DLL X509_CRL : public X509_Object
X509_Time this_update() const;
X509_Time next_update() const;
- X509_CRL(DataSource&);
- X509_CRL(const std::string&);
+ X509_CRL(DataSource&, bool throw_on_unknown_critical = false);
+ X509_CRL(const std::string&, bool throw_on_unknown_critical = false);
private:
void force_decode();
+
+ bool throw_on_unknown_critical;
std::vector<CRL_Entry> revoked;
Data_Store info;
};