diff options
-rw-r--r-- | src/algo_factory/algo_cache.h | 7 | ||||
-rw-r--r-- | src/libstate/libstate.cpp | 19 | ||||
-rw-r--r-- | src/libstate/libstate.h | 14 | ||||
-rw-r--r-- | src/libstate/policy.cpp | 66 | ||||
-rw-r--r-- | src/libstate/scan_name.cpp | 28 | ||||
-rw-r--r-- | src/libstate/scan_name.h | 8 | ||||
-rw-r--r-- | src/passhash/bcrypt/bcrypt.cpp | 1 | ||||
-rw-r--r-- | src/pbe/get_pbe.cpp | 4 | ||||
-rw-r--r-- | src/tls/tls_handshake_hash.cpp | 2 | ||||
-rw-r--r-- | src/tls/tls_handshake_state.cpp | 4 |
10 files changed, 67 insertions, 86 deletions
diff --git a/src/algo_factory/algo_cache.h b/src/algo_factory/algo_cache.h index 11a5580fb..3bd9f0031 100644 --- a/src/algo_factory/algo_cache.h +++ b/src/algo_factory/algo_cache.h @@ -131,13 +131,12 @@ const T* Algorithm_Cache<T>::get(const std::string& algo_spec, for(auto i = algo->second.begin(); i != algo->second.end(); ++i) { - const std::string prov_name = i->first; - const size_t prov_weight = static_provider_weight(prov_name); - // preferred prov exists, return immediately - if(prov_name == pref_provider) + if(i->first == pref_provider) return i->second; + const size_t prov_weight = static_provider_weight(i->first); + if(prototype == nullptr || prov_weight > prototype_prov_weight) { prototype = i->second; diff --git a/src/libstate/libstate.cpp b/src/libstate/libstate.cpp index 358bba191..226027631 100644 --- a/src/libstate/libstate.cpp +++ b/src/libstate/libstate.cpp @@ -79,25 +79,6 @@ void Library_State::set(const std::string& section, const std::string& key, } /* -* Add an alias -*/ -void Library_State::add_alias(const std::string& key, const std::string& value) - { - set("alias", key, value); - } - -/* -* Dereference an alias to a fixed name -*/ -std::string Library_State::deref_alias(const std::string& key) - { - std::string result = key; - while(is_set("alias", result)) - result = get("alias", result); - return result; - } - -/* * Return a reference to the Algorithm_Factory */ Algorithm_Factory& Library_State::algorithm_factory() const diff --git a/src/libstate/libstate.h b/src/libstate/libstate.h index af24000a5..76f9cfce9 100644 --- a/src/libstate/libstate.h +++ b/src/libstate/libstate.h @@ -77,20 +77,6 @@ class BOTAN_DLL Library_State const std::string& value, bool overwrite = true); - /** - * Add a parameter value to the "alias" section. - * @param key the name of the parameter which shall have a new alias - * @param value the new alias - */ - void add_alias(const std::string& key, - const std::string& value); - - /** - * Resolve an alias. - * @param alias the alias to resolve. - * @return what the alias stands for - */ - std::string deref_alias(const std::string& alias); private: static std::vector<std::unique_ptr<EntropySource>> entropy_sources(); diff --git a/src/libstate/policy.cpp b/src/libstate/policy.cpp index 1208cbcbc..827841dd3 100644 --- a/src/libstate/policy.cpp +++ b/src/libstate/policy.cpp @@ -6,6 +6,7 @@ */ #include <botan/libstate.h> +#include <botan/scan_name.h> namespace Botan { @@ -249,52 +250,37 @@ void set_default_oids(Library_State& config) add_oid(config, "1.2.643.2.2.36.0", "gost_256A"); /* CVC */ - add_oid(config, "0.4.0.127.0.7.3.1.2.1", - "CertificateHolderAuthorizationTemplate"); + add_oid(config, "0.4.0.127.0.7.3.1.2.1", "CertificateHolderAuthorizationTemplate"); } /* * Set the default algorithm aliases */ -void set_default_aliases(Library_State& config) +void set_default_aliases(Library_State& ) { - config.add_alias("OpenPGP.Cipher.1", "IDEA"); - config.add_alias("OpenPGP.Cipher.2", "TripleDES"); - config.add_alias("OpenPGP.Cipher.3", "CAST-128"); - config.add_alias("OpenPGP.Cipher.4", "Blowfish"); - config.add_alias("OpenPGP.Cipher.5", "SAFER-SK(13)"); - config.add_alias("OpenPGP.Cipher.7", "AES-128"); - config.add_alias("OpenPGP.Cipher.8", "AES-192"); - config.add_alias("OpenPGP.Cipher.9", "AES-256"); - config.add_alias("OpenPGP.Cipher.10", "Twofish"); - - config.add_alias("OpenPGP.Digest.1", "MD5"); - config.add_alias("OpenPGP.Digest.2", "SHA-1"); - config.add_alias("OpenPGP.Digest.3", "RIPEMD-160"); - config.add_alias("OpenPGP.Digest.5", "MD2"); - config.add_alias("OpenPGP.Digest.6", "Tiger(24,3)"); - config.add_alias("OpenPGP.Digest.8", "SHA-256"); - - config.add_alias("TLS.Digest.0", "Parallel(MD5,SHA-160)"); - - config.add_alias("EME-PKCS1-v1_5", "PKCS1v15"); - config.add_alias("OAEP-MGF1", "EME1"); - config.add_alias("EME-OAEP", "EME1"); - config.add_alias("X9.31", "EMSA2"); - config.add_alias("EMSA-PKCS1-v1_5", "EMSA3"); - config.add_alias("PSS-MGF1", "EMSA4"); - config.add_alias("EMSA-PSS", "EMSA4"); - - config.add_alias("3DES", "TripleDES"); - config.add_alias("DES-EDE", "TripleDES"); - config.add_alias("CAST5", "CAST-128"); - config.add_alias("SHA1", "SHA-160"); - config.add_alias("SHA-1", "SHA-160"); - config.add_alias("MARK-4", "RC4(256)"); - config.add_alias("ARC4", "RC4"); - config.add_alias("OMAC", "CMAC"); - config.add_alias("GOST", "GOST-28147-89"); - config.add_alias("GOST-34.11", "GOST-R-34.11-94"); + // common variations worth supporting + // SHA-1 alone requires supporting something + SCAN_Name::add_alias("EME-PKCS1-v1_5", "PKCS1v15"); + SCAN_Name::add_alias("3DES", "TripleDES"); + SCAN_Name::add_alias("DES-EDE", "TripleDES"); + SCAN_Name::add_alias("CAST5", "CAST-128"); + SCAN_Name::add_alias("SHA1", "SHA-160"); + SCAN_Name::add_alias("SHA-1", "SHA-160"); + SCAN_Name::add_alias("MARK-4", "RC4(256)"); + SCAN_Name::add_alias("ARC4", "RC4"); + SCAN_Name::add_alias("OMAC", "CMAC"); + + // should be renamed in sources + SCAN_Name::add_alias("OAEP-MGF1", "EME1"); + SCAN_Name::add_alias("EME-OAEP", "EME1"); + SCAN_Name::add_alias("X9.31", "EMSA2"); + SCAN_Name::add_alias("EMSA-PKCS1-v1_5", "EMSA3"); + SCAN_Name::add_alias("PSS-MGF1", "EMSA4"); + SCAN_Name::add_alias("EMSA-PSS", "EMSA4"); + + // probably can be removed + SCAN_Name::add_alias("GOST", "GOST-28147-89"); + SCAN_Name::add_alias("GOST-34.11", "GOST-R-34.11-94"); } } diff --git a/src/libstate/scan_name.cpp b/src/libstate/scan_name.cpp index a17dc4ad0..396f3ca8b 100644 --- a/src/libstate/scan_name.cpp +++ b/src/libstate/scan_name.cpp @@ -7,7 +7,6 @@ #include <botan/scan_name.h> #include <botan/parsing.h> -#include <botan/libstate.h> #include <botan/exceptn.h> #include <stdexcept> @@ -58,11 +57,14 @@ std::pair<size_t, std::string> deref_aliases(const std::pair<size_t, std::string>& in) { return std::make_pair(in.first, - global_state().deref_alias(in.second)); + SCAN_Name::deref_alias(in.second)); } } +std::mutex SCAN_Name::s_alias_map_mutex; +std::map<std::string, std::string> SCAN_Name::s_alias_map; + SCAN_Name::SCAN_Name(std::string algo_spec) { orig_algo_spec = algo_spec; @@ -73,7 +75,7 @@ SCAN_Name::SCAN_Name(std::string algo_spec) std::string decoding_error = "Bad SCAN name '" + algo_spec + "': "; - algo_spec = global_state().deref_alias(algo_spec); + algo_spec = SCAN_Name::deref_alias(algo_spec); for(size_t i = 0; i != algo_spec.size(); ++i) { @@ -171,4 +173,24 @@ size_t SCAN_Name::arg_as_integer(size_t i, size_t def_value) const return to_u32bit(args[i]); } +void SCAN_Name::add_alias(const std::string& alias, const std::string& basename) + { + std::lock_guard<std::mutex> lock(s_alias_map_mutex); + + if(s_alias_map.find(alias) == s_alias_map.end()) + s_alias_map[alias] = basename; + } + +std::string SCAN_Name::deref_alias(const std::string& alias) + { + std::lock_guard<std::mutex> lock(s_alias_map_mutex); + + std::string name = alias; + + for(auto i = s_alias_map.find(name); i != s_alias_map.end(); i = s_alias_map.find(name)) + name = i->second; + + return name; + } + } diff --git a/src/libstate/scan_name.h b/src/libstate/scan_name.h index 3e1728f29..608bae16f 100644 --- a/src/libstate/scan_name.h +++ b/src/libstate/scan_name.h @@ -11,6 +11,8 @@ #include <botan/types.h> #include <string> #include <vector> +#include <mutex> +#include <map> namespace Botan { @@ -86,7 +88,13 @@ class BOTAN_DLL SCAN_Name std::string cipher_mode_pad() const { return (mode_info.size() >= 2) ? mode_info[1] : ""; } + static void add_alias(const std::string& alias, const std::string& basename); + + static std::string deref_alias(const std::string& alias); private: + static std::mutex s_alias_map_mutex; + static std::map<std::string, std::string> s_alias_map; + std::string orig_algo_spec; std::string alg_name; std::vector<std::string> args; diff --git a/src/passhash/bcrypt/bcrypt.cpp b/src/passhash/bcrypt/bcrypt.cpp index eeb99399f..5ee75f4ed 100644 --- a/src/passhash/bcrypt/bcrypt.cpp +++ b/src/passhash/bcrypt/bcrypt.cpp @@ -7,7 +7,6 @@ #include <botan/bcrypt.h> #include <botan/loadstor.h> -#include <botan/libstate.h> #include <botan/blowfish.h> #include <botan/base64.h> diff --git a/src/pbe/get_pbe.cpp b/src/pbe/get_pbe.cpp index 65c73eb31..4ec518776 100644 --- a/src/pbe/get_pbe.cpp +++ b/src/pbe/get_pbe.cpp @@ -40,7 +40,7 @@ PBE* get_pbe(const std::string& algo_spec, if(cipher_spec.size() != 2) throw Invalid_Argument("PBE: Invalid cipher spec " + cipher); - const std::string cipher_algo = global_state().deref_alias(cipher_spec[0]); + const std::string cipher_algo = SCAN_Name::deref_alias(cipher_spec[0]); const std::string cipher_mode = cipher_spec[1]; if(cipher_mode != "CBC") @@ -104,7 +104,7 @@ PBE* get_pbe(const OID& pbe_oid, if(cipher_spec.size() != 2) throw Invalid_Argument("PBE: Invalid cipher spec " + cipher); - const std::string cipher_algo = global_state().deref_alias(cipher_spec[0]); + const std::string cipher_algo = SCAN_Name::deref_alias(cipher_spec[0]); const std::string cipher_mode = cipher_spec[1]; if(cipher_mode != "CBC") diff --git a/src/tls/tls_handshake_hash.cpp b/src/tls/tls_handshake_hash.cpp index 440c6fb82..4e7a0b9b7 100644 --- a/src/tls/tls_handshake_hash.cpp +++ b/src/tls/tls_handshake_hash.cpp @@ -33,7 +33,7 @@ secure_vector<byte> Handshake_Hash::final(Protocol_Version version, hash.reset(af.make_hash_function(mac_algo)); } else - hash.reset(af.make_hash_function("TLS.Digest.0")); + hash.reset(af.make_hash_function("Parallel(MD5,SHA-160)")); hash->update(data); return hash->final(); diff --git a/src/tls/tls_handshake_state.cpp b/src/tls/tls_handshake_state.cpp index 8b5de810f..84b22cc09 100644 --- a/src/tls/tls_handshake_state.cpp +++ b/src/tls/tls_handshake_state.cpp @@ -296,7 +296,7 @@ std::string choose_hash(const std::string& sig_algo, return "Raw"; if(sig_algo == "RSA") - return "TLS.Digest.0"; + return "Parallel(MD5,SHA-160)"; if(sig_algo == "DSA") return "SHA-1"; @@ -412,7 +412,7 @@ Handshake_State::understand_sig_format(const Public_Key& key, } else if(!this->version().supports_negotiable_signature_algorithms()) { - hash_algo = "TLS.Digest.0"; + hash_algo = "Parallel(MD5,SHA-160)"; } const std::string padding = "EMSA3(" + hash_algo + ")"; |