aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/algo_factory/algo_cache.h7
-rw-r--r--src/libstate/libstate.cpp19
-rw-r--r--src/libstate/libstate.h14
-rw-r--r--src/libstate/policy.cpp66
-rw-r--r--src/libstate/scan_name.cpp28
-rw-r--r--src/libstate/scan_name.h8
-rw-r--r--src/passhash/bcrypt/bcrypt.cpp1
-rw-r--r--src/pbe/get_pbe.cpp4
-rw-r--r--src/tls/tls_handshake_hash.cpp2
-rw-r--r--src/tls/tls_handshake_state.cpp4
10 files changed, 67 insertions, 86 deletions
diff --git a/src/algo_factory/algo_cache.h b/src/algo_factory/algo_cache.h
index 11a5580fb..3bd9f0031 100644
--- a/src/algo_factory/algo_cache.h
+++ b/src/algo_factory/algo_cache.h
@@ -131,13 +131,12 @@ const T* Algorithm_Cache<T>::get(const std::string& algo_spec,
for(auto i = algo->second.begin(); i != algo->second.end(); ++i)
{
- const std::string prov_name = i->first;
- const size_t prov_weight = static_provider_weight(prov_name);
-
// preferred prov exists, return immediately
- if(prov_name == pref_provider)
+ if(i->first == pref_provider)
return i->second;
+ const size_t prov_weight = static_provider_weight(i->first);
+
if(prototype == nullptr || prov_weight > prototype_prov_weight)
{
prototype = i->second;
diff --git a/src/libstate/libstate.cpp b/src/libstate/libstate.cpp
index 358bba191..226027631 100644
--- a/src/libstate/libstate.cpp
+++ b/src/libstate/libstate.cpp
@@ -79,25 +79,6 @@ void Library_State::set(const std::string& section, const std::string& key,
}
/*
-* Add an alias
-*/
-void Library_State::add_alias(const std::string& key, const std::string& value)
- {
- set("alias", key, value);
- }
-
-/*
-* Dereference an alias to a fixed name
-*/
-std::string Library_State::deref_alias(const std::string& key)
- {
- std::string result = key;
- while(is_set("alias", result))
- result = get("alias", result);
- return result;
- }
-
-/*
* Return a reference to the Algorithm_Factory
*/
Algorithm_Factory& Library_State::algorithm_factory() const
diff --git a/src/libstate/libstate.h b/src/libstate/libstate.h
index af24000a5..76f9cfce9 100644
--- a/src/libstate/libstate.h
+++ b/src/libstate/libstate.h
@@ -77,20 +77,6 @@ class BOTAN_DLL Library_State
const std::string& value,
bool overwrite = true);
- /**
- * Add a parameter value to the "alias" section.
- * @param key the name of the parameter which shall have a new alias
- * @param value the new alias
- */
- void add_alias(const std::string& key,
- const std::string& value);
-
- /**
- * Resolve an alias.
- * @param alias the alias to resolve.
- * @return what the alias stands for
- */
- std::string deref_alias(const std::string& alias);
private:
static std::vector<std::unique_ptr<EntropySource>> entropy_sources();
diff --git a/src/libstate/policy.cpp b/src/libstate/policy.cpp
index 1208cbcbc..827841dd3 100644
--- a/src/libstate/policy.cpp
+++ b/src/libstate/policy.cpp
@@ -6,6 +6,7 @@
*/
#include <botan/libstate.h>
+#include <botan/scan_name.h>
namespace Botan {
@@ -249,52 +250,37 @@ void set_default_oids(Library_State& config)
add_oid(config, "1.2.643.2.2.36.0", "gost_256A");
/* CVC */
- add_oid(config, "0.4.0.127.0.7.3.1.2.1",
- "CertificateHolderAuthorizationTemplate");
+ add_oid(config, "0.4.0.127.0.7.3.1.2.1", "CertificateHolderAuthorizationTemplate");
}
/*
* Set the default algorithm aliases
*/
-void set_default_aliases(Library_State& config)
+void set_default_aliases(Library_State& )
{
- config.add_alias("OpenPGP.Cipher.1", "IDEA");
- config.add_alias("OpenPGP.Cipher.2", "TripleDES");
- config.add_alias("OpenPGP.Cipher.3", "CAST-128");
- config.add_alias("OpenPGP.Cipher.4", "Blowfish");
- config.add_alias("OpenPGP.Cipher.5", "SAFER-SK(13)");
- config.add_alias("OpenPGP.Cipher.7", "AES-128");
- config.add_alias("OpenPGP.Cipher.8", "AES-192");
- config.add_alias("OpenPGP.Cipher.9", "AES-256");
- config.add_alias("OpenPGP.Cipher.10", "Twofish");
-
- config.add_alias("OpenPGP.Digest.1", "MD5");
- config.add_alias("OpenPGP.Digest.2", "SHA-1");
- config.add_alias("OpenPGP.Digest.3", "RIPEMD-160");
- config.add_alias("OpenPGP.Digest.5", "MD2");
- config.add_alias("OpenPGP.Digest.6", "Tiger(24,3)");
- config.add_alias("OpenPGP.Digest.8", "SHA-256");
-
- config.add_alias("TLS.Digest.0", "Parallel(MD5,SHA-160)");
-
- config.add_alias("EME-PKCS1-v1_5", "PKCS1v15");
- config.add_alias("OAEP-MGF1", "EME1");
- config.add_alias("EME-OAEP", "EME1");
- config.add_alias("X9.31", "EMSA2");
- config.add_alias("EMSA-PKCS1-v1_5", "EMSA3");
- config.add_alias("PSS-MGF1", "EMSA4");
- config.add_alias("EMSA-PSS", "EMSA4");
-
- config.add_alias("3DES", "TripleDES");
- config.add_alias("DES-EDE", "TripleDES");
- config.add_alias("CAST5", "CAST-128");
- config.add_alias("SHA1", "SHA-160");
- config.add_alias("SHA-1", "SHA-160");
- config.add_alias("MARK-4", "RC4(256)");
- config.add_alias("ARC4", "RC4");
- config.add_alias("OMAC", "CMAC");
- config.add_alias("GOST", "GOST-28147-89");
- config.add_alias("GOST-34.11", "GOST-R-34.11-94");
+ // common variations worth supporting
+ // SHA-1 alone requires supporting something
+ SCAN_Name::add_alias("EME-PKCS1-v1_5", "PKCS1v15");
+ SCAN_Name::add_alias("3DES", "TripleDES");
+ SCAN_Name::add_alias("DES-EDE", "TripleDES");
+ SCAN_Name::add_alias("CAST5", "CAST-128");
+ SCAN_Name::add_alias("SHA1", "SHA-160");
+ SCAN_Name::add_alias("SHA-1", "SHA-160");
+ SCAN_Name::add_alias("MARK-4", "RC4(256)");
+ SCAN_Name::add_alias("ARC4", "RC4");
+ SCAN_Name::add_alias("OMAC", "CMAC");
+
+ // should be renamed in sources
+ SCAN_Name::add_alias("OAEP-MGF1", "EME1");
+ SCAN_Name::add_alias("EME-OAEP", "EME1");
+ SCAN_Name::add_alias("X9.31", "EMSA2");
+ SCAN_Name::add_alias("EMSA-PKCS1-v1_5", "EMSA3");
+ SCAN_Name::add_alias("PSS-MGF1", "EMSA4");
+ SCAN_Name::add_alias("EMSA-PSS", "EMSA4");
+
+ // probably can be removed
+ SCAN_Name::add_alias("GOST", "GOST-28147-89");
+ SCAN_Name::add_alias("GOST-34.11", "GOST-R-34.11-94");
}
}
diff --git a/src/libstate/scan_name.cpp b/src/libstate/scan_name.cpp
index a17dc4ad0..396f3ca8b 100644
--- a/src/libstate/scan_name.cpp
+++ b/src/libstate/scan_name.cpp
@@ -7,7 +7,6 @@
#include <botan/scan_name.h>
#include <botan/parsing.h>
-#include <botan/libstate.h>
#include <botan/exceptn.h>
#include <stdexcept>
@@ -58,11 +57,14 @@ std::pair<size_t, std::string>
deref_aliases(const std::pair<size_t, std::string>& in)
{
return std::make_pair(in.first,
- global_state().deref_alias(in.second));
+ SCAN_Name::deref_alias(in.second));
}
}
+std::mutex SCAN_Name::s_alias_map_mutex;
+std::map<std::string, std::string> SCAN_Name::s_alias_map;
+
SCAN_Name::SCAN_Name(std::string algo_spec)
{
orig_algo_spec = algo_spec;
@@ -73,7 +75,7 @@ SCAN_Name::SCAN_Name(std::string algo_spec)
std::string decoding_error = "Bad SCAN name '" + algo_spec + "': ";
- algo_spec = global_state().deref_alias(algo_spec);
+ algo_spec = SCAN_Name::deref_alias(algo_spec);
for(size_t i = 0; i != algo_spec.size(); ++i)
{
@@ -171,4 +173,24 @@ size_t SCAN_Name::arg_as_integer(size_t i, size_t def_value) const
return to_u32bit(args[i]);
}
+void SCAN_Name::add_alias(const std::string& alias, const std::string& basename)
+ {
+ std::lock_guard<std::mutex> lock(s_alias_map_mutex);
+
+ if(s_alias_map.find(alias) == s_alias_map.end())
+ s_alias_map[alias] = basename;
+ }
+
+std::string SCAN_Name::deref_alias(const std::string& alias)
+ {
+ std::lock_guard<std::mutex> lock(s_alias_map_mutex);
+
+ std::string name = alias;
+
+ for(auto i = s_alias_map.find(name); i != s_alias_map.end(); i = s_alias_map.find(name))
+ name = i->second;
+
+ return name;
+ }
+
}
diff --git a/src/libstate/scan_name.h b/src/libstate/scan_name.h
index 3e1728f29..608bae16f 100644
--- a/src/libstate/scan_name.h
+++ b/src/libstate/scan_name.h
@@ -11,6 +11,8 @@
#include <botan/types.h>
#include <string>
#include <vector>
+#include <mutex>
+#include <map>
namespace Botan {
@@ -86,7 +88,13 @@ class BOTAN_DLL SCAN_Name
std::string cipher_mode_pad() const
{ return (mode_info.size() >= 2) ? mode_info[1] : ""; }
+ static void add_alias(const std::string& alias, const std::string& basename);
+
+ static std::string deref_alias(const std::string& alias);
private:
+ static std::mutex s_alias_map_mutex;
+ static std::map<std::string, std::string> s_alias_map;
+
std::string orig_algo_spec;
std::string alg_name;
std::vector<std::string> args;
diff --git a/src/passhash/bcrypt/bcrypt.cpp b/src/passhash/bcrypt/bcrypt.cpp
index eeb99399f..5ee75f4ed 100644
--- a/src/passhash/bcrypt/bcrypt.cpp
+++ b/src/passhash/bcrypt/bcrypt.cpp
@@ -7,7 +7,6 @@
#include <botan/bcrypt.h>
#include <botan/loadstor.h>
-#include <botan/libstate.h>
#include <botan/blowfish.h>
#include <botan/base64.h>
diff --git a/src/pbe/get_pbe.cpp b/src/pbe/get_pbe.cpp
index 65c73eb31..4ec518776 100644
--- a/src/pbe/get_pbe.cpp
+++ b/src/pbe/get_pbe.cpp
@@ -40,7 +40,7 @@ PBE* get_pbe(const std::string& algo_spec,
if(cipher_spec.size() != 2)
throw Invalid_Argument("PBE: Invalid cipher spec " + cipher);
- const std::string cipher_algo = global_state().deref_alias(cipher_spec[0]);
+ const std::string cipher_algo = SCAN_Name::deref_alias(cipher_spec[0]);
const std::string cipher_mode = cipher_spec[1];
if(cipher_mode != "CBC")
@@ -104,7 +104,7 @@ PBE* get_pbe(const OID& pbe_oid,
if(cipher_spec.size() != 2)
throw Invalid_Argument("PBE: Invalid cipher spec " + cipher);
- const std::string cipher_algo = global_state().deref_alias(cipher_spec[0]);
+ const std::string cipher_algo = SCAN_Name::deref_alias(cipher_spec[0]);
const std::string cipher_mode = cipher_spec[1];
if(cipher_mode != "CBC")
diff --git a/src/tls/tls_handshake_hash.cpp b/src/tls/tls_handshake_hash.cpp
index 440c6fb82..4e7a0b9b7 100644
--- a/src/tls/tls_handshake_hash.cpp
+++ b/src/tls/tls_handshake_hash.cpp
@@ -33,7 +33,7 @@ secure_vector<byte> Handshake_Hash::final(Protocol_Version version,
hash.reset(af.make_hash_function(mac_algo));
}
else
- hash.reset(af.make_hash_function("TLS.Digest.0"));
+ hash.reset(af.make_hash_function("Parallel(MD5,SHA-160)"));
hash->update(data);
return hash->final();
diff --git a/src/tls/tls_handshake_state.cpp b/src/tls/tls_handshake_state.cpp
index 8b5de810f..84b22cc09 100644
--- a/src/tls/tls_handshake_state.cpp
+++ b/src/tls/tls_handshake_state.cpp
@@ -296,7 +296,7 @@ std::string choose_hash(const std::string& sig_algo,
return "Raw";
if(sig_algo == "RSA")
- return "TLS.Digest.0";
+ return "Parallel(MD5,SHA-160)";
if(sig_algo == "DSA")
return "SHA-1";
@@ -412,7 +412,7 @@ Handshake_State::understand_sig_format(const Public_Key& key,
}
else if(!this->version().supports_negotiable_signature_algorithms())
{
- hash_algo = "TLS.Digest.0";
+ hash_algo = "Parallel(MD5,SHA-160)";
}
const std::string padding = "EMSA3(" + hash_algo + ")";