diff options
| -rw-r--r-- | include/config.h | 42 | ||||
| -rw-r--r-- | include/libstate.h | 7 | ||||
| -rw-r--r-- | include/stl_util.h | 2 | ||||
| -rw-r--r-- | modules/es_egd/es_egd.cpp | 3 | ||||
| -rw-r--r-- | modules/es_unix/es_unix.cpp | 2 | ||||
| -rw-r--r-- | src/asn1_str.cpp | 3 | ||||
| -rw-r--r-- | src/asn1_tm.cpp | 4 | ||||
| -rw-r--r-- | src/base.cpp | 9 | ||||
| -rw-r--r-- | src/config.cpp | 135 | ||||
| -rw-r--r-- | src/crl_ent.cpp | 3 | ||||
| -rw-r--r-- | src/dl_group.cpp | 4 | ||||
| -rw-r--r-- | src/es_file.cpp | 3 | ||||
| -rw-r--r-- | src/inifile.cpp | 24 | ||||
| -rw-r--r-- | src/init_def.cpp | 5 | ||||
| -rw-r--r-- | src/libstate.cpp | 76 | ||||
| -rw-r--r-- | src/mem_pool.cpp | 2 | ||||
| -rw-r--r-- | src/modules.cpp | 1 | ||||
| -rw-r--r-- | src/oids.cpp | 16 | ||||
| -rw-r--r-- | src/pem.cpp | 9 | ||||
| -rw-r--r-- | src/pk_core.cpp | 4 | ||||
| -rw-r--r-- | src/pk_keys.cpp | 2 | ||||
| -rw-r--r-- | src/pkcs8.cpp | 8 | ||||
| -rw-r--r-- | src/policy.cpp | 413 | ||||
| -rw-r--r-- | src/x509_ca.cpp | 8 | ||||
| -rw-r--r-- | src/x509_crl.cpp | 2 | ||||
| -rw-r--r-- | src/x509_ext.cpp | 2 | ||||
| -rw-r--r-- | src/x509opt.cpp | 6 | ||||
| -rw-r--r-- | src/x509self.cpp | 2 | ||||
| -rw-r--r-- | src/x509stor.cpp | 4 |
29 files changed, 417 insertions, 384 deletions
diff --git a/include/config.h b/include/config.h index 6bf0122f6..61a22d46d 100644 --- a/include/config.h +++ b/include/config.h @@ -10,32 +10,40 @@ #include <botan/enums.h> #include <string> #include <vector> +#include <map> namespace Botan { -class Library_State; - -namespace Config { - /************************************************* -* Load a configuration file * +* Library Configuration Settings * *************************************************/ -void load(const std::string&); -void load(const std::string&, Library_State&); +class Config + { + public: + std::string get(const std::string&, const std::string&) const; + bool is_set(const std::string&, const std::string&) const; + void set(const std::string&, const std::string&, + const std::string&, bool = true); + + u32bit option_as_u32bit(const std::string&) const; + u32bit option_as_time(const std::string&) const; + bool option_as_bool(const std::string&) const; + std::vector<std::string> option_as_list(const std::string&) const; + + std::string deref_alias(const std::string&) const; + std::string option(const std::string&) const; + + void load_inifile(const std::string&); + private: + std::map<std::string, std::string> settings; + }; /************************************************* -* Set an option * +* Hook for the global config * *************************************************/ -void set(const std::string&, const std::string&, bool = true); +Config& global_config(); -/************************************************* -* Get the value of some option * -*************************************************/ -std::vector<std::string> get_list(const std::string&); -std::string get_string(const std::string&); -u32bit get_u32bit(const std::string&); -u32bit get_time(const std::string&); -bool get_bool(const std::string&); +namespace ConfigXXX { /************************************************* * Choose the signature format for a PK algorithm * diff --git a/include/libstate.h b/include/libstate.h index a7972b7b3..ebc42ac01 100644 --- a/include/libstate.h +++ b/include/libstate.h @@ -45,10 +45,7 @@ class Library_State void set_timer(class Timer*); u64bit system_clock() const; - void set_option(const std::string&, const std::string&, - const std::string&, bool = true); - std::string get_option(const std::string&, const std::string&) const; - bool option_set(const std::string&, const std::string&) const; + class Config& config() const; void add_engine(class Engine*); @@ -73,10 +70,10 @@ class Library_State class Mutex_Factory* mutex_factory; class Timer* timer; + class Config* config_obj; class X509_GlobalState* x509_state_obj; std::map<std::string, class Mutex*> locks; - std::map<std::string, std::string> settings; std::map<std::string, Allocator*> alloc_factory; mutable Allocator* cached_default_allocator; diff --git a/include/stl_util.h b/include/stl_util.h index 5ecbe0d9c..f1ffbff52 100644 --- a/include/stl_util.h +++ b/include/stl_util.h @@ -13,7 +13,7 @@ namespace Botan { /************************************************* * Copy-on-Predicate Algorithm * *************************************************/ -template <typename InputIterator, typename OutputIterator, typename Predicate> +template<typename InputIterator, typename OutputIterator, typename Predicate> OutputIterator copy_if(InputIterator current, InputIterator end, OutputIterator dest, Predicate copy_p) { diff --git a/modules/es_egd/es_egd.cpp b/modules/es_egd/es_egd.cpp index 3f6f2b29b..adc71b9c0 100644 --- a/modules/es_egd/es_egd.cpp +++ b/modules/es_egd/es_egd.cpp @@ -26,7 +26,8 @@ namespace Botan { EGD_EntropySource::EGD_EntropySource(const std::string& egd_paths) { std::vector<std::string> path_list = split_on(egd_paths, ':'); - std::vector<std::string> defaults = Config::get_list("rng/egd_path"); + std::vector<std::string> defaults = + global_config().option_as_list("rng/egd_path"); for(u32bit j = 0; j != path_list.size(); j++) paths.push_back(path_list[j]); diff --git a/modules/es_unix/es_unix.cpp b/modules/es_unix/es_unix.cpp index f3dc835f9..c956e8fa5 100644 --- a/modules/es_unix/es_unix.cpp +++ b/modules/es_unix/es_unix.cpp @@ -80,7 +80,7 @@ void Unix_EntropySource::gather(u32bit target_amount) u32bit Unix_EntropySource::gather_from(const Unix_Program& prog) { const std::string BASE_PATH = "/bin:/sbin:/usr/bin:/usr/sbin"; - const std::string EXTRA_PATH = Config::get_string("rng/unix_path"); + const std::string EXTRA_PATH = global_config().option("rng/unix_path"); std::string PATH = BASE_PATH; if(EXTRA_PATH != "") diff --git a/src/asn1_str.cpp b/src/asn1_str.cpp index 79c7933f7..00e75c6be 100644 --- a/src/asn1_str.cpp +++ b/src/asn1_str.cpp @@ -46,7 +46,8 @@ ASN1_Tag choose_encoding(const std::string& str) for(u32bit j = 0; j != str.size(); ++j) if(!IS_PRINTABLE[(byte)str[j]]) { - const std::string type = Config::get_string("x509/ca/str_type"); + const std::string type = global_config().option("x509/ca/str_type"); + if(type == "utf8") return UTF8_STRING; if(type == "latin1") return T61_STRING; throw Invalid_Argument("Bad setting for x509/ca/str_type: " + type); diff --git a/src/asn1_tm.cpp b/src/asn1_tm.cpp index c9315d739..624478386 100644 --- a/src/asn1_tm.cpp +++ b/src/asn1_tm.cpp @@ -292,7 +292,9 @@ bool operator>=(const X509_Time& t1, const X509_Time& t2) s32bit validity_check(const X509_Time& start, const X509_Time& end, u64bit current_time) { - const u32bit ALLOWABLE_SLIP = Config::get_time("x509/validity_slack"); + const u32bit ALLOWABLE_SLIP = + global_config().option_as_time("x509/validity_slack"); + const s32bit NOT_YET_VALID = -1, VALID_TIME = 0, EXPIRED = 1; if(start.cmp(current_time + ALLOWABLE_SLIP) > 0) diff --git a/src/base.cpp b/src/base.cpp index 839829ba5..678640fd6 100644 --- a/src/base.cpp +++ b/src/base.cpp @@ -221,12 +221,13 @@ void RandomNumberGenerator::add_entropy(const byte random[], u32bit length) u32bit RandomNumberGenerator::add_entropy(EntropySource& source, bool slow_poll) { - u32bit poll_for = 0; - + std::string poll_type; if(slow_poll) - poll_for = Config::get_u32bit("rng/slow_poll_request"); + poll_type = "rng/slow_poll_request"; else - poll_for = Config::get_u32bit("rng/fast_poll_request"); + poll_type = "rng/fast_poll_request"; + + u32bit poll_for = global_config().option_as_u32bit(poll_type); SecureVector<byte> buffer(poll_for ? poll_for : 256); diff --git a/src/config.cpp b/src/config.cpp index 61e481197..337deae2b 100644 --- a/src/config.cpp +++ b/src/config.cpp @@ -8,50 +8,101 @@ #include <botan/lookup.h> #include <botan/charset.h> #include <botan/parsing.h> +#include <botan/stl_util.h> +#include <botan/mutex.h> #include <string> namespace Botan { -namespace Config { +/************************************************* +* Get the global configuration object * +*************************************************/ +Config& global_config() + { + return global_state().config(); + } /************************************************* -* Set an option * +* Get a configuration value * *************************************************/ -void set(const std::string& name, const std::string& value, bool overwrite) +std::string Config::get(const std::string& section, + const std::string& key) const { - global_state().set_option("conf", name, value, overwrite); + Named_Mutex_Holder lock("config"); + + return search_map<std::string, std::string>(settings, + section + "/" + key, ""); + } + +/************************************************* +* See if a particular option has been set * +*************************************************/ +bool Config::is_set(const std::string& section, + const std::string& key) const + { + Named_Mutex_Holder lock("config"); + + return search_map(settings, section + "/" + key, false, true); + } + +/************************************************* +* Set a configuration value * +*************************************************/ +void Config::set(const std::string& section, const std::string& key, + const std::string& value, bool overwrite) + { + Named_Mutex_Holder lock("config"); + + std::string full_key = section + "/" + key; + + std::map<std::string, std::string>::const_iterator i = + settings.find(full_key); + + if(overwrite || i == settings.end() || i->second == "") + settings[full_key] = value; + } + +/************************************************* +* Dereference an alias to a fixed name * +*************************************************/ +std::string Config::deref_alias(const std::string& key) const + { + std::string result = key; + while(is_set("alias", result)) + result = get("alias", result); + return result; } /************************************************* -* Get the value of an option as a string * +* Get an option value * *************************************************/ -std::string get_string(const std::string& name) +std::string Config::option(const std::string& key) const { - return global_state().get_option("conf", name); + return get("option", key); } /************************************************* -* Get the value as a list of strings * +* Get the config setting as a list of strings * *************************************************/ -std::vector<std::string> get_list(const std::string& name) +std::vector<std::string> Config::option_as_list(const std::string& key) const { - return split_on(get_string(name), ':'); + return split_on(option(key), ':'); } /************************************************* -* Get the value as a u32bit * +* Get the config setting as a u32bit * *************************************************/ -u32bit get_u32bit(const std::string& name) +u32bit Config::option_as_u32bit(const std::string& key) const { - return parse_expr(get_string(name)); + return parse_expr(option(key)); } /************************************************* -* Get the value as a time * +* Get the config setting as a time * *************************************************/ -u32bit get_time(const std::string& name) +u32bit Config::option_as_time(const std::string& key) const { - const std::string timespec = get_string(name); + const std::string timespec = option(key); if(timespec == "") return 0; @@ -73,25 +124,40 @@ u32bit get_time(const std::string& name) else if(suffix == 'y') scale = 365 * 24 * 60 * 60; else - throw Decoding_Error("Config::get_time: Unknown time value " + value); + throw Decoding_Error( + "Config::option_as_time: Unknown time value " + value + ); return scale * to_u32bit(value); } /************************************************* -* Get the value as a boolean * +* Get the config setting as a boolean * *************************************************/ -bool get_bool(const std::string& name) +bool Config::option_as_bool(const std::string& key) const { - const std::string value = get_string(name); + const std::string value = option(key); if(value == "0" || value == "false") return false; if(value == "1" || value == "true") return true; - throw Decoding_Error("Config::get_bool: Unknown boolean value " + value); + + throw Decoding_Error( + "Config::option_as_bool: Unknown boolean value " + value + ); } /************************************************* +* Dereference an alias * +*************************************************/ +std::string deref_alias(const std::string& name) + { + return global_config().deref_alias(name); + } + +namespace ConfigXXX { + +/************************************************* * Choose the signature format for a PK algorithm * *************************************************/ void choose_sig_format(const std::string& algo_name, std::string& padding, @@ -109,10 +175,13 @@ void choose_sig_format(const std::string& algo_name, std::string& padding, { if(algo_name == "RSA") { - hash = deref_alias(get_string("x509/ca/rsa_hash")); + hash = global_state().config().option("x509/ca/rsa_hash"); + if(hash == "") throw Invalid_State("No value set for x509/ca/rsa_hash"); + hash = global_state().config().deref_alias(hash); + padding = "EMSA3(" + hash + ")"; format = IEEE_1363; } @@ -128,26 +197,4 @@ void choose_sig_format(const std::string& algo_name, std::string& padding, } -/************************************************* -* Add an alias for an algorithm * -*************************************************/ -void add_alias(const std::string& alias, const std::string& official_name) - { - if(alias == "" || official_name == "") - return; - - global_state().set_option("alias", alias, official_name); - } - -/************************************************* -* Dereference an alias * -*************************************************/ -std::string deref_alias(const std::string& name) - { - std::string result = name; - while(global_state().option_set("alias", result)) - result = global_state().get_option("alias", result); - return result; - } - } diff --git a/src/crl_ent.cpp b/src/crl_ent.cpp index e36d71843..5576c0eba 100644 --- a/src/crl_ent.cpp +++ b/src/crl_ent.cpp @@ -91,7 +91,8 @@ void CRL_Entry::decode_from(BER_Decoder& source) if(source.more_items()) { - std::string action = Config::get_string("x509/crl/unknown_critical"); + std::string action = + global_config().option("x509/crl/unknown_critical"); if(action != "throw" && action != "ignore") throw Invalid_Argument("Bad setting x509/crl/unknown_critical: " diff --git a/src/dl_group.cpp b/src/dl_group.cpp index fffc64185..3ef9512f4 100644 --- a/src/dl_group.cpp +++ b/src/dl_group.cpp @@ -4,7 +4,7 @@ *************************************************/ #include <botan/dl_group.h> -#include <botan/libstate.h> +#include <botan/config.h> #include <botan/parsing.h> #include <botan/numthry.h> #include <botan/der_enc.h> @@ -28,7 +28,7 @@ DL_Group::DL_Group() *************************************************/ DL_Group::DL_Group(const std::string& type) { - DataSource_Memory pem(global_state().get_option("dl", type)); + DataSource_Memory pem(global_config().get("dl", type)); PEM_decode(pem); } diff --git a/src/es_file.cpp b/src/es_file.cpp index 3b0061853..4d9a52d82 100644 --- a/src/es_file.cpp +++ b/src/es_file.cpp @@ -14,7 +14,8 @@ namespace Botan { *************************************************/ u32bit File_EntropySource::slow_poll(byte output[], u32bit length) { - std::vector<std::string> sources = Config::get_list("rng/es_files"); + std::vector<std::string> sources = + global_config().option_as_list("rng/es_files"); u32bit read = 0; for(u32bit j = 0; j != sources.size(); ++j) diff --git a/src/inifile.cpp b/src/inifile.cpp index 0923aa584..3fb263aaa 100644 --- a/src/inifile.cpp +++ b/src/inifile.cpp @@ -4,9 +4,9 @@ *************************************************/ #include <botan/config.h> -#include <botan/libstate.h> #include <botan/charset.h> #include <botan/parsing.h> +#include <botan/exceptn.h> #include <fstream> #include <map> @@ -72,20 +72,10 @@ std::string interpolate(const std::string& value, } -namespace Config { - /************************************************* * Load a configuration file * *************************************************/ -void load(const std::string& fsname) - { - load(fsname, global_state()); - } - -/************************************************* -* Load a configuration file * -*************************************************/ -void load(const std::string& fsname, Library_State& state) +void Config::load_inifile(const std::string& fsname) { std::ifstream config(fsname.c_str()); @@ -135,16 +125,14 @@ void load(const std::string& fsname, Library_State& state) if(section == "oids") { - state.set_option("oid2str", name, value, false); - state.set_option("str2oid", value, name, false); + set("oid2str", name, value, false); + set("str2oid", value, name, false); } else if(section == "aliases") - state.set_option("alias", name, value); + set("alias", name, value); else - state.set_option("conf", section + '/' + name, value); + set("conf", section + '/' + name, value); } } } - -} diff --git a/src/init_def.cpp b/src/init_def.cpp index 38d683dea..513454292 100644 --- a/src/init_def.cpp +++ b/src/init_def.cpp @@ -55,12 +55,13 @@ void initialize(const std::string& arg_string) global_state().load(modules); if(args.config_file() != "") - Config::load(args.config_file(), global_state()); + global_config().load_inifile(args.config_file()); global_state().set_transcoder(new Default_Charset_Transcoder); global_state().set_prng(new ANSI_X931_RNG); - const u32bit min_entropy = Config::get_u32bit("rng/min_entropy"); + const u32bit min_entropy = + global_config().option_as_u32bit("rng/min_entropy"); if(min_entropy != 0 && args.seed_rng()) { diff --git a/src/libstate.cpp b/src/libstate.cpp index 36d6299ad..dd81342bc 100644 --- a/src/libstate.cpp +++ b/src/libstate.cpp @@ -4,6 +4,7 @@ *************************************************/ #include <botan/libstate.h> +#include <botan/config.h> #include <botan/modules.h> #include <botan/engine.h> #include <botan/x509stat.h> @@ -23,6 +24,9 @@ Library_State* global_lib_state = 0; } +/************************************************* +* Access the global state object * +*************************************************/ Library_State& global_state() { if(!global_lib_state) @@ -33,11 +37,17 @@ Library_State& global_state() return (*global_lib_state); } +/************************************************* +* Set a new global state object * +*************************************************/ void set_global_state(Library_State* new_state) { delete swap_global_state(new_state); } +/************************************************* +* Swap two global state objects * +*************************************************/ Library_State* swap_global_state(Library_State* new_state) { Library_State* old_state = global_lib_state; @@ -84,10 +94,7 @@ Allocator* Library_State::get_allocator(const std::string& type) const if(!cached_default_allocator) { - const std::string key_name = "conf/base/default_allocator"; - - Named_Mutex_Holder lock("settings"); - std::string chosen = search_map(settings, key_name); + std::string chosen = config().option("base/default_allocator"); if(chosen == "") chosen = "malloc"; @@ -116,7 +123,7 @@ void Library_State::add_allocator(Allocator* allocator, alloc_factory[type] = allocator; if(set_as_default) - set_option("conf", "base/default_allocator", type); + config().set("conf", "base/default_allocator", type); } /************************************************* @@ -213,51 +220,6 @@ u32bit Library_State::seed_prng(bool slow_poll, u32bit bits_to_get) } /************************************************* -* Set a named option * -*************************************************/ -void Library_State::set_option(const std::string& section, - const std::string& name, - const std::string& value, - bool overwrite) - { - Named_Mutex_Holder lock("settings"); - - std::map<std::string, std::string>::const_iterator i = settings.find(name); - - if(overwrite || i == settings.end() || i->second == "") - { - const std::string full_name = section + "/" + name; - settings[full_name] = value; - - if(full_name == "base/default_allocator") - cached_default_allocator = 0; - } - } - -/************************************************* -* Get the value of the named option * -*************************************************/ -std::string Library_State::get_option(const std::string& section, - const std::string& name) const - { - Named_Mutex_Holder lock("settings"); - - return search_map<std::string, std::string>(settings, - section + "/" + name, ""); - } - -/************************************************* -* See if a particular option has been set * -*************************************************/ -bool Library_State::option_set(const std::string& section, - const std::string& name) const - { - Named_Mutex_Holder lock("settings"); - - return search_map(settings, section + "/" + name, false, true); - } - -/************************************************* * Get an engine out of the list * *************************************************/ Engine* Library_State::get_engine_n(u32bit n) const @@ -311,7 +273,7 @@ void Library_State::set_x509_state(X509_GlobalState* new_x509_state_obj) } /************************************************* -* Set the X509 global state class * +* Get the X509 global state class * *************************************************/ X509_GlobalState& Library_State::x509_state() { @@ -322,6 +284,17 @@ X509_GlobalState& Library_State::x509_state() } /************************************************* +* Set the configuration object * +*************************************************/ +Config& Library_State::config() const + { + if(!config_obj) + throw Invalid_State("Library_State::config(): No config set"); + + return (*config_obj); + } + +/************************************************* * Load modules * *************************************************/ void Library_State::load(Modules& modules) @@ -354,6 +327,7 @@ Library_State::Library_State(Mutex_Factory* mutex_factory) this->mutex_factory = mutex_factory; this->timer = new Timer(); this->transcoder = 0; + this->config_obj = new Config(); locks["settings"] = get_mutex(); locks["allocator"] = get_mutex(); diff --git a/src/mem_pool.cpp b/src/mem_pool.cpp index 8658fa2df..00a9f2d06 100644 --- a/src/mem_pool.cpp +++ b/src/mem_pool.cpp @@ -22,7 +22,7 @@ u32bit choose_pref_size(u32bit provided) if(provided) return provided; - u32bit result = Config::get_u32bit("base/memory_chunk"); + u32bit result = global_config().option_as_u32bit("base/memory_chunk"); if(result) return result; diff --git a/src/modules.cpp b/src/modules.cpp index 1216fc3b9..92a5c8e75 100644 --- a/src/modules.cpp +++ b/src/modules.cpp @@ -4,7 +4,6 @@ *************************************************/ #include <botan/modules.h> -#include <botan/libstate.h> #include <botan/defalloc.h> #include <botan/eng_def.h> #include <botan/es_file.h> diff --git a/src/oids.cpp b/src/oids.cpp index df6a09f94..4c56ff558 100644 --- a/src/oids.cpp +++ b/src/oids.cpp @@ -4,7 +4,7 @@ *************************************************/ #include <botan/oids.h> -#include <botan/libstate.h> +#include <botan/config.h> namespace Botan { @@ -17,10 +17,10 @@ void add_oid(const OID& oid, const std::string& name) { const std::string oid_str = oid.as_string(); - if(!global_state().option_set("oid2str", oid_str)) - global_state().set_option("oid2str", oid_str, name); - if(!global_state().option_set("str2oid", name)) - global_state().set_option("str2oid", name, oid_str); + if(!global_config().is_set("oid2str", oid_str)) + global_config().set("oid2str", oid_str, name); + if(!global_config().is_set("str2oid", name)) + global_config().set("str2oid", name, oid_str); } /************************************************* @@ -28,7 +28,7 @@ void add_oid(const OID& oid, const std::string& name) *************************************************/ std::string lookup(const OID& oid) { - return global_state().get_option("oid2str", oid.as_string()); + return global_config().get("oid2str", oid.as_string()); } /************************************************* @@ -36,7 +36,7 @@ std::string lookup(const OID& oid) *************************************************/ OID lookup(const std::string& name) { - return OID(global_state().get_option("str2oid", name)); + return OID(global_config().get("str2oid", name)); } /************************************************* @@ -44,7 +44,7 @@ OID lookup(const std::string& name) *************************************************/ bool have_oid(const std::string& name) { - return global_state().option_set("str2oid", name); + return global_config().is_set("str2oid", name); } } diff --git a/src/pem.cpp b/src/pem.cpp index 9a0f3c31e..aec036cb4 100644 --- a/src/pem.cpp +++ b/src/pem.cpp @@ -17,7 +17,7 @@ namespace PEM_Code { *************************************************/ std::string encode(const byte der[], u32bit length, const std::string& label) { - const u32bit PEM_WIDTH = Config::get_u32bit("pem/width"); + const u32bit PEM_WIDTH = global_config().option_as_u32bit("pem/width"); if(PEM_WIDTH < 50 || PEM_WIDTH > 76) throw Encoding_Error("PEM: Invalid line width " + to_string(PEM_WIDTH)); @@ -57,7 +57,8 @@ SecureVector<byte> decode_check_label(DataSource& source, *************************************************/ SecureVector<byte> decode(DataSource& source, std::string& label) { - const u32bit RANDOM_CHAR_LIMIT = Config::get_u32bit("pem/forgive"); + const u32bit RANDOM_CHAR_LIMIT = + global_config().option_as_u32bit("pem/forgive"); const std::string PEM_HEADER1 = "-----BEGIN "; const std::string PEM_HEADER2 = "-----"; @@ -117,7 +118,9 @@ SecureVector<byte> decode(DataSource& source, std::string& label) *************************************************/ bool matches(DataSource& source, const std::string& extra) { - const u32bit PEM_SEARCH_RANGE = Config::get_u32bit("pem/search"); + const u32bit PEM_SEARCH_RANGE = + global_config().option_as_u32bit("pem/search"); + const std::string PEM_HEADER = "-----BEGIN " + extra; SecureVector<byte> search_buf(PEM_SEARCH_RANGE); diff --git a/src/pk_core.cpp b/src/pk_core.cpp index 3f4a4850d..1adc2de64 100644 --- a/src/pk_core.cpp +++ b/src/pk_core.cpp @@ -18,7 +18,9 @@ namespace { *************************************************/ BigInt blinding_factor(u32bit modulus_size) { - const u32bit BLINDING_BITS = Config::get_u32bit("pk/blinder_size"); + const u32bit BLINDING_BITS = + global_config().option_as_u32bit("pk/blinder_size"); + if(BLINDING_BITS == 0) return 0; return random_integer(std::min(modulus_size - 1, BLINDING_BITS)); diff --git a/src/pk_keys.cpp b/src/pk_keys.cpp index fc8029f94..4a175e17c 100644 --- a/src/pk_keys.cpp +++ b/src/pk_keys.cpp @@ -16,7 +16,7 @@ namespace { *************************************************/ bool key_check_level(const std::string& type) { - const std::string setting = Config::get_string("pk/test/" + type); + const std::string setting = global_config().option("pk/test/" + type); if(setting == "basic") return false; return true; diff --git a/src/pkcs8.cpp b/src/pkcs8.cpp index 32408eb43..8be9c3353 100644 --- a/src/pkcs8.cpp +++ b/src/pkcs8.cpp @@ -82,12 +82,14 @@ SecureVector<byte> PKCS8_decode(DataSource& source, const User_Interface& ui, if(!is_encrypted) key = key_data; - const u32bit max_tries = Config::get_u32bit("base/pkcs8_tries"); + const u32bit MAX_TRIES = + global_config().option_as_u32bit("base/pkcs8_tries"); + u32bit tries = 0; while(true) { try { - if(max_tries && tries >= max_tries) + if(MAX_TRIES && tries >= MAX_TRIES) break; if(is_encrypted) @@ -167,7 +169,7 @@ void encrypt_key(const PKCS8_PrivateKey& key, Pipe& pipe, const std::string& pass, const std::string& pbe_algo, X509_Encoding encoding) { - const std::string DEFAULT_PBE = Config::get_string("base/default_pbe"); + const std::string DEFAULT_PBE = global_config().option("base/default_pbe"); Pipe raw_key; raw_key.start_msg(); diff --git a/src/policy.cpp b/src/policy.cpp index 3ec3227db..e4fa78edf 100644 --- a/src/policy.cpp +++ b/src/policy.cpp @@ -4,6 +4,7 @@ *************************************************/ #include <botan/libstate.h> +#include <botan/config.h> namespace Botan { @@ -12,229 +13,229 @@ namespace { /************************************************* * OID loading helper function * *************************************************/ -void add_oid(Library_State* state, +void add_oid(Config& config, const std::string& oid_str, const std::string& name) { - if(!state->option_set("oid2str", oid_str)) - state->set_option("oid2str", oid_str, name); - if(!state->option_set("str2oid", name)) - state->set_option("str2oid", name, oid_str); + if(!config.is_set("oid2str", oid_str)) + config.set("oid2str", oid_str, name); + if(!config.is_set("str2oid", name)) + config.set("str2oid", name, oid_str); } /************************************************* * Load all of the default OIDs * *************************************************/ -void set_default_oids(Library_State* state) +void set_default_oids(Config& config) { - add_oid(state, "1.2.840.113549.1.1.1", "RSA"); - add_oid(state, "2.5.8.1.1", "RSA"); - add_oid(state, "1.2.840.10040.4.1", "DSA"); - add_oid(state, "1.2.840.10046.2.1", "DH"); - add_oid(state, "1.3.6.1.4.1.3029.1.2.1", "ELG"); - - add_oid(state, "1.3.14.3.2.7", "DES/CBC"); - add_oid(state, "1.2.840.113549.3.7", "TripleDES/CBC"); - add_oid(state, "1.2.840.113549.3.2", "RC2/CBC"); - add_oid(state, "1.2.840.113533.7.66.10", "CAST-128/CBC"); - add_oid(state, "2.16.840.1.101.3.4.1.2", "AES-128/CBC"); - add_oid(state, "2.16.840.1.101.3.4.1.22", "AES-192/CBC"); - add_oid(state, "2.16.840.1.101.3.4.1.42", "AES-256/CBC"); - - add_oid(state, "1.2.840.113549.2.5", "MD5"); - add_oid(state, "1.3.14.3.2.26", "SHA-160"); - add_oid(state, "1.3.6.1.4.1.11591.12.2", "Tiger(24,3)"); - - add_oid(state, "1.2.840.113549.1.9.16.3.6", "KeyWrap.TripleDES"); - add_oid(state, "1.2.840.113549.1.9.16.3.7", "KeyWrap.RC2"); - add_oid(state, "1.2.840.113533.7.66.15", "KeyWrap.CAST-128"); - add_oid(state, "2.16.840.1.101.3.4.1.5", "KeyWrap.AES-128"); - add_oid(state, "2.16.840.1.101.3.4.1.25", "KeyWrap.AES-192"); - add_oid(state, "2.16.840.1.101.3.4.1.45", "KeyWrap.AES-256"); - - add_oid(state, "1.2.840.113549.1.9.16.3.8", "Compression.Zlib"); - - add_oid(state, "1.2.840.113549.1.1.1", "RSA/EME-PKCS1-v1_5"); - add_oid(state, "1.2.840.113549.1.1.2", "RSA/EMSA3(MD2)"); - add_oid(state, "1.2.840.113549.1.1.4", "RSA/EMSA3(MD5)"); - add_oid(state, "1.2.840.113549.1.1.5", "RSA/EMSA3(SHA-160)"); - add_oid(state, "1.2.840.113549.1.1.11", "RSA/EMSA3(SHA-256)"); - add_oid(state, "1.2.840.113549.1.1.12", "RSA/EMSA3(SHA-384)"); - add_oid(state, "1.2.840.113549.1.1.13", "RSA/EMSA3(SHA-512)"); - add_oid(state, "1.3.36.3.3.1.2", "RSA/EMSA3(RIPEMD-160)"); - add_oid(state, "1.2.840.10040.4.3", "DSA/EMSA1(SHA-160)"); - - add_oid(state, "2.5.4.3", "X520.CommonName"); - add_oid(state, "2.5.4.4", "X520.Surname"); - add_oid(state, "2.5.4.5", "X520.SerialNumber"); - add_oid(state, "2.5.4.6", "X520.Country"); - add_oid(state, "2.5.4.7", "X520.Locality"); - add_oid(state, "2.5.4.8", "X520.State"); - add_oid(state, "2.5.4.10", "X520.Organization"); - add_oid(state, "2.5.4.11", "X520.OrganizationalUnit"); - add_oid(state, "2.5.4.12", "X520.Title"); - add_oid(state, "2.5.4.42", "X520.GivenName"); - add_oid(state, "2.5.4.43", "X520.Initials"); - add_oid(state, "2.5.4.44", "X520.GenerationalQualifier"); - add_oid(state, "2.5.4.46", "X520.DNQualifier"); - add_oid(state, "2.5.4.65", "X520.Pseudonym"); - - add_oid(state, "1.2.840.113549.1.5.12", "PKCS5.PBKDF2"); - add_oid(state, "1.2.840.113549.1.5.1", "PBE-PKCS5v15(MD2,DES/CBC)"); - add_oid(state, "1.2.840.113549.1.5.4", "PBE-PKCS5v15(MD2,RC2/CBC)"); - add_oid(state, "1.2.840.113549.1.5.3", "PBE-PKCS5v15(MD5,DES/CBC)"); - add_oid(state, "1.2.840.113549.1.5.6", "PBE-PKCS5v15(MD5,RC2/CBC)"); - add_oid(state, "1.2.840.113549.1.5.10", "PBE-PKCS5v15(SHA-160,DES/CBC)"); - add_oid(state, "1.2.840.113549.1.5.11", "PBE-PKCS5v15(SHA-160,RC2/CBC)"); - add_oid(state, "1.2.840.113549.1.5.13", "PBE-PKCS5v20"); - - add_oid(state, "1.2.840.113549.1.9.1", "PKCS9.EmailAddress"); - add_oid(state, "1.2.840.113549.1.9.2", "PKCS9.UnstructuredName"); - add_oid(state, "1.2.840.113549.1.9.3", "PKCS9.ContentType"); - add_oid(state, "1.2.840.113549.1.9.4", "PKCS9.MessageDigest"); - add_oid(state, "1.2.840.113549.1.9.7", "PKCS9.ChallengePassword"); - add_oid(state, "1.2.840.113549.1.9.14", "PKCS9.ExtensionRequest"); - - add_oid(state, "1.2.840.113549.1.7.1", "CMS.DataContent"); - add_oid(state, "1.2.840.113549.1.7.2", "CMS.SignedData"); - add_oid(state, "1.2.840.113549.1.7.3", "CMS.EnvelopedData"); - add_oid(state, "1.2.840.113549.1.7.5", "CMS.DigestedData"); - add_oid(state, "1.2.840.113549.1.7.6", "CMS.EncryptedData"); - add_oid(state, "1.2.840.113549.1.9.16.1.2", "CMS.AuthenticatedData"); - add_oid(state, "1.2.840.113549.1.9.16.1.9", "CMS.CompressedData"); - - add_oid(state, "2.5.29.14", "X509v3.SubjectKeyIdentifier"); - add_oid(state, "2.5.29.15", "X509v3.KeyUsage"); - add_oid(state, "2.5.29.17", "X509v3.SubjectAlternativeName"); - add_oid(state, "2.5.29.18", "X509v3.IssuerAlternativeName"); - add_oid(state, "2.5.29.19", "X509v3.BasicConstraints"); - add_oid(state, "2.5.29.20", "X509v3.CRLNumber"); - add_oid(state, "2.5.29.21", "X509v3.ReasonCode"); - add_oid(state, "2.5.29.23", "X509v3.HoldInstructionCode"); - add_oid(state, "2.5.29.24", "X509v3.InvalidityDate"); - add_oid(state, "2.5.29.32", "X509v3.CertificatePolicies"); - add_oid(state, "2.5.29.35", "X509v3.AuthorityKeyIdentifier"); - add_oid(state, "2.5.29.36", "X509v3.PolicyConstraints"); - add_oid(state, "2.5.29.37", "X509v3.ExtendedKeyUsage"); - - add_oid(state, "2.5.29.32.0", "X509v3.AnyPolicy"); - - add_oid(state, "1.3.6.1.5.5.7.3.1", "PKIX.ServerAuth"); - add_oid(state, "1.3.6.1.5.5.7.3.2", "PKIX.ClientAuth"); - add_oid(state, "1.3.6.1.5.5.7.3.3", "PKIX.CodeSigning"); - add_oid(state, "1.3.6.1.5.5.7.3.4", "PKIX.EmailProtection"); - add_oid(state, "1.3.6.1.5.5.7.3.5", "PKIX.IPsecEndSystem"); - add_oid(state, "1.3.6.1.5.5.7.3.6", "PKIX.IPsecTunnel"); - add_oid(state, "1.3.6.1.5.5.7.3.7", "PKIX.IPsecUser"); - add_oid(state, "1.3.6.1.5.5.7.3.8", "PKIX.TimeStamping"); - add_oid(state, "1.3.6.1.5.5.7.3.9", "PKIX.OCSPSigning"); - - add_oid(state, "1.3.6.1.5.5.7.8.5", "PKIX.XMPPAddr"); + add_oid(config, "1.2.840.113549.1.1.1", "RSA"); + add_oid(config, "2.5.8.1.1", "RSA"); + add_oid(config, "1.2.840.10040.4.1", "DSA"); + add_oid(config, "1.2.840.10046.2.1", "DH"); + add_oid(config, "1.3.6.1.4.1.3029.1.2.1", "ELG"); + + add_oid(config, "1.3.14.3.2.7", "DES/CBC"); + add_oid(config, "1.2.840.113549.3.7", "TripleDES/CBC"); + add_oid(config, "1.2.840.113549.3.2", "RC2/CBC"); + add_oid(config, "1.2.840.113533.7.66.10", "CAST-128/CBC"); + add_oid(config, "2.16.840.1.101.3.4.1.2", "AES-128/CBC"); + add_oid(config, "2.16.840.1.101.3.4.1.22", "AES-192/CBC"); + add_oid(config, "2.16.840.1.101.3.4.1.42", "AES-256/CBC"); + + add_oid(config, "1.2.840.113549.2.5", "MD5"); + add_oid(config, "1.3.14.3.2.26", "SHA-160"); + add_oid(config, "1.3.6.1.4.1.11591.12.2", "Tiger(24,3)"); + + add_oid(config, "1.2.840.113549.1.9.16.3.6", "KeyWrap.TripleDES"); + add_oid(config, "1.2.840.113549.1.9.16.3.7", "KeyWrap.RC2"); + add_oid(config, "1.2.840.113533.7.66.15", "KeyWrap.CAST-128"); + add_oid(config, "2.16.840.1.101.3.4.1.5", "KeyWrap.AES-128"); + add_oid(config, "2.16.840.1.101.3.4.1.25", "KeyWrap.AES-192"); + add_oid(config, "2.16.840.1.101.3.4.1.45", "KeyWrap.AES-256"); + + add_oid(config, "1.2.840.113549.1.9.16.3.8", "Compression.Zlib"); + + add_oid(config, "1.2.840.113549.1.1.1", "RSA/EME-PKCS1-v1_5"); + add_oid(config, "1.2.840.113549.1.1.2", "RSA/EMSA3(MD2)"); + add_oid(config, "1.2.840.113549.1.1.4", "RSA/EMSA3(MD5)"); + add_oid(config, "1.2.840.113549.1.1.5", "RSA/EMSA3(SHA-160)"); + add_oid(config, "1.2.840.113549.1.1.11", "RSA/EMSA3(SHA-256)"); + add_oid(config, "1.2.840.113549.1.1.12", "RSA/EMSA3(SHA-384)"); + add_oid(config, "1.2.840.113549.1.1.13", "RSA/EMSA3(SHA-512)"); + add_oid(config, "1.3.36.3.3.1.2", "RSA/EMSA3(RIPEMD-160)"); + add_oid(config, "1.2.840.10040.4.3", "DSA/EMSA1(SHA-160)"); + + add_oid(config, "2.5.4.3", "X520.CommonName"); + add_oid(config, "2.5.4.4", "X520.Surname"); + add_oid(config, "2.5.4.5", "X520.SerialNumber"); + add_oid(config, "2.5.4.6", "X520.Country"); + add_oid(config, "2.5.4.7", "X520.Locality"); + add_oid(config, "2.5.4.8", "X520.Config"); + add_oid(config, "2.5.4.10", "X520.Organization"); + add_oid(config, "2.5.4.11", "X520.OrganizationalUnit"); + add_oid(config, "2.5.4.12", "X520.Title"); + add_oid(config, "2.5.4.42", "X520.GivenName"); + add_oid(config, "2.5.4.43", "X520.Initials"); + add_oid(config, "2.5.4.44", "X520.GenerationalQualifier"); + add_oid(config, "2.5.4.46", "X520.DNQualifier"); + add_oid(config, "2.5.4.65", "X520.Pseudonym"); + + add_oid(config, "1.2.840.113549.1.5.12", "PKCS5.PBKDF2"); + add_oid(config, "1.2.840.113549.1.5.1", "PBE-PKCS5v15(MD2,DES/CBC)"); + add_oid(config, "1.2.840.113549.1.5.4", "PBE-PKCS5v15(MD2,RC2/CBC)"); + add_oid(config, "1.2.840.113549.1.5.3", "PBE-PKCS5v15(MD5,DES/CBC)"); + add_oid(config, "1.2.840.113549.1.5.6", "PBE-PKCS5v15(MD5,RC2/CBC)"); + add_oid(config, "1.2.840.113549.1.5.10", "PBE-PKCS5v15(SHA-160,DES/CBC)"); + add_oid(config, "1.2.840.113549.1.5.11", "PBE-PKCS5v15(SHA-160,RC2/CBC)"); + add_oid(config, "1.2.840.113549.1.5.13", "PBE-PKCS5v20"); + + add_oid(config, "1.2.840.113549.1.9.1", "PKCS9.EmailAddress"); + add_oid(config, "1.2.840.113549.1.9.2", "PKCS9.UnstructuredName"); + add_oid(config, "1.2.840.113549.1.9.3", "PKCS9.ContentType"); + add_oid(config, "1.2.840.113549.1.9.4", "PKCS9.MessageDigest"); + add_oid(config, "1.2.840.113549.1.9.7", "PKCS9.ChallengePassword"); + add_oid(config, "1.2.840.113549.1.9.14", "PKCS9.ExtensionRequest"); + + add_oid(config, "1.2.840.113549.1.7.1", "CMS.DataContent"); + add_oid(config, "1.2.840.113549.1.7.2", "CMS.SignedData"); + add_oid(config, "1.2.840.113549.1.7.3", "CMS.EnvelopedData"); + add_oid(config, "1.2.840.113549.1.7.5", "CMS.DigestedData"); + add_oid(config, "1.2.840.113549.1.7.6", "CMS.EncryptedData"); + add_oid(config, "1.2.840.113549.1.9.16.1.2", "CMS.AuthenticatedData"); + add_oid(config, "1.2.840.113549.1.9.16.1.9", "CMS.CompressedData"); + + add_oid(config, "2.5.29.14", "X509v3.SubjectKeyIdentifier"); + add_oid(config, "2.5.29.15", "X509v3.KeyUsage"); + add_oid(config, "2.5.29.17", "X509v3.SubjectAlternativeName"); + add_oid(config, "2.5.29.18", "X509v3.IssuerAlternativeName"); + add_oid(config, "2.5.29.19", "X509v3.BasicConstraints"); + add_oid(config, "2.5.29.20", "X509v3.CRLNumber"); + add_oid(config, "2.5.29.21", "X509v3.ReasonCode"); + add_oid(config, "2.5.29.23", "X509v3.HoldInstructionCode"); + add_oid(config, "2.5.29.24", "X509v3.InvalidityDate"); + add_oid(config, "2.5.29.32", "X509v3.CertificatePolicies"); + add_oid(config, "2.5.29.35", "X509v3.AuthorityKeyIdentifier"); + add_oid(config, "2.5.29.36", "X509v3.PolicyConstraints"); + add_oid(config, "2.5.29.37", "X509v3.ExtendedKeyUsage"); + + add_oid(config, "2.5.29.32.0", "X509v3.AnyPolicy"); + + add_oid(config, "1.3.6.1.5.5.7.3.1", "PKIX.ServerAuth"); + add_oid(config, "1.3.6.1.5.5.7.3.2", "PKIX.ClientAuth"); + add_oid(config, "1.3.6.1.5.5.7.3.3", "PKIX.CodeSigning"); + add_oid(config, "1.3.6.1.5.5.7.3.4", "PKIX.EmailProtection"); + add_oid(config, "1.3.6.1.5.5.7.3.5", "PKIX.IPsecEndSystem"); + add_oid(config, "1.3.6.1.5.5.7.3.6", "PKIX.IPsecTunnel"); + add_oid(config, "1.3.6.1.5.5.7.3.7", "PKIX.IPsecUser"); + add_oid(config, "1.3.6.1.5.5.7.3.8", "PKIX.TimeStamping"); + add_oid(config, "1.3.6.1.5.5.7.3.9", "PKIX.OCSPSigning"); + + add_oid(config, "1.3.6.1.5.5.7.8.5", "PKIX.XMPPAddr"); } /************************************************* * Set the default algorithm aliases * *************************************************/ -void set_default_aliases(Library_State* state) +void set_default_aliases(Config& config) { - state->set_option("alias", "OpenPGP.Cipher.1", "IDEA"); - state->set_option("alias", "OpenPGP.Cipher.2", "TripleDES"); - state->set_option("alias", "OpenPGP.Cipher.3", "CAST-128"); - state->set_option("alias", "OpenPGP.Cipher.4", "Blowfish"); - state->set_option("alias", "OpenPGP.Cipher.5", "SAFER-SK(13)"); - state->set_option("alias", "OpenPGP.Cipher.7", "AES-128"); - state->set_option("alias", "OpenPGP.Cipher.8", "AES-192"); - state->set_option("alias", "OpenPGP.Cipher.9", "AES-256"); - state->set_option("alias", "OpenPGP.Cipher.10", "Twofish"); - - state->set_option("alias", "OpenPGP.Digest.1", "MD5"); - state->set_option("alias", "OpenPGP.Digest.2", "SHA-1"); - state->set_option("alias", "OpenPGP.Digest.3", "RIPEMD-160"); - state->set_option("alias", "OpenPGP.Digest.5", "MD2"); - state->set_option("alias", "OpenPGP.Digest.6", "Tiger(24,3)"); - state->set_option("alias", "OpenPGP.Digest.7", "HAVAL(20,5)"); - state->set_option("alias", "OpenPGP.Digest.8", "SHA-256"); - - state->set_option("alias", "TLS.Digest.0", "Parallel(MD5,SHA-160)"); - - state->set_option("alias", "EME-PKCS1-v1_5", "PKCS1v15"); - state->set_option("alias", "OAEP-MGF1", "EME1"); - state->set_option("alias", "EME-OAEP", "EME1"); - state->set_option("alias", "X9.31", "EMSA2"); - state->set_option("alias", "EMSA-PKCS1-v1_5", "EMSA3"); - state->set_option("alias", "PSS-MGF1", "EMSA4"); - state->set_option("alias", "EMSA-PSS", "EMSA4"); - - state->set_option("alias", "Rijndael", "AES"); - state->set_option("alias", "3DES", "TripleDES"); - state->set_option("alias", "DES-EDE", "TripleDES"); - state->set_option("alias", "CAST5", "CAST-128"); - state->set_option("alias", "SHA1", "SHA-160"); - state->set_option("alias", "SHA-1", "SHA-160"); - state->set_option("alias", "SEAL", "SEAL-3.0-BE"); - state->set_option("alias", "MARK-4", "ARC4(256)"); - state->set_option("alias", "OMAC", "CMAC"); + config.set("alias", "OpenPGP.Cipher.1", "IDEA"); + config.set("alias", "OpenPGP.Cipher.2", "TripleDES"); + config.set("alias", "OpenPGP.Cipher.3", "CAST-128"); + config.set("alias", "OpenPGP.Cipher.4", "Blowfish"); + config.set("alias", "OpenPGP.Cipher.5", "SAFER-SK(13)"); + config.set("alias", "OpenPGP.Cipher.7", "AES-128"); + config.set("alias", "OpenPGP.Cipher.8", "AES-192"); + config.set("alias", "OpenPGP.Cipher.9", "AES-256"); + config.set("alias", "OpenPGP.Cipher.10", "Twofish"); + + config.set("alias", "OpenPGP.Digest.1", "MD5"); + config.set("alias", "OpenPGP.Digest.2", "SHA-1"); + config.set("alias", "OpenPGP.Digest.3", "RIPEMD-160"); + config.set("alias", "OpenPGP.Digest.5", "MD2"); + config.set("alias", "OpenPGP.Digest.6", "Tiger(24,3)"); + config.set("alias", "OpenPGP.Digest.7", "HAVAL(20,5)"); + config.set("alias", "OpenPGP.Digest.8", "SHA-256"); + + config.set("alias", "TLS.Digest.0", "Parallel(MD5,SHA-160)"); + + config.set("alias", "EME-PKCS1-v1_5", "PKCS1v15"); + config.set("alias", "OAEP-MGF1", "EME1"); + config.set("alias", "EME-OAEP", "EME1"); + config.set("alias", "X9.31", "EMSA2"); + config.set("alias", "EMSA-PKCS1-v1_5", "EMSA3"); + config.set("alias", "PSS-MGF1", "EMSA4"); + config.set("alias", "EMSA-PSS", "EMSA4"); + + config.set("alias", "Rijndael", "AES"); + config.set("alias", "3DES", "TripleDES"); + config.set("alias", "DES-EDE", "TripleDES"); + config.set("alias", "CAST5", "CAST-128"); + config.set("alias", "SHA1", "SHA-160"); + config.set("alias", "SHA-1", "SHA-160"); + config.set("alias", "SEAL", "SEAL-3.0-BE"); + config.set("alias", "MARK-4", "ARC4(256)"); + config.set("alias", "OMAC", "CMAC"); } /************************************************* * Set the default configuration toggles * *************************************************/ -void set_default_config(Library_State* state) +void set_default_config(Config& config) { - state->set_option("conf", "base/memory_chunk", "64*1024"); - state->set_option("conf", "base/pkcs8_tries", "3"); - state->set_option("conf", "base/default_pbe", + config.set("conf", "base/memory_chunk", "64*1024"); + config.set("conf", "base/pkcs8_tries", "3"); + config.set("conf", "base/default_pbe", "PBE-PKCS5v20(SHA-1,TripleDES/CBC)"); - state->set_option("conf", "base/default_allocator", "malloc"); - - state->set_option("conf", "pk/blinder_size", "64"); - state->set_option("conf", "pk/test/public", "basic"); - state->set_option("conf", "pk/test/private", "basic"); - state->set_option("conf", "pk/test/private_gen", "all"); - - state->set_option("conf", "pem/search", "4*1024"); - state->set_option("conf", "pem/forgive", "8"); - state->set_option("conf", "pem/width", "64"); - - state->set_option("conf", "rng/min_entropy", "256", false); - state->set_option("conf", "rng/ms_capi_prov_type", "INTEL_SEC:RSA_FULL"); - state->set_option("conf", "rng/unix_path", "/usr/ucb:/usr/etc:/etc"); - state->set_option("conf", "rng/es_files", "/dev/urandom:/dev/random"); - state->set_option("conf", "rng/egd_path", + config.set("conf", "base/default_allocator", "malloc"); + + config.set("conf", "pk/blinder_size", "64"); + config.set("conf", "pk/test/public", "basic"); + config.set("conf", "pk/test/private", "basic"); + config.set("conf", "pk/test/private_gen", "all"); + + config.set("conf", "pem/search", "4*1024"); + config.set("conf", "pem/forgive", "8"); + config.set("conf", "pem/width", "64"); + + config.set("conf", "rng/min_entropy", "256", false); + config.set("conf", "rng/ms_capi_prov_type", "INTEL_SEC:RSA_FULL"); + config.set("conf", "rng/unix_path", "/usr/ucb:/usr/etc:/etc"); + config.set("conf", "rng/es_files", "/dev/urandom:/dev/random"); + config.set("conf", "rng/egd_path", "/var/run/egd-pool:/dev/egd-pool"); - state->set_option("conf", "rng/slow_poll_request", "256"); - state->set_option("conf", "rng/fast_poll_request", "64"); - - state->set_option("conf", "x509/validity_slack", "24h"); - state->set_option("conf", "x509/v1_assume_ca", "false"); - state->set_option("conf", "x509/cache_verify_results", "30m"); - - state->set_option("conf", "x509/ca/allow_ca", "false"); - state->set_option("conf", "x509/ca/basic_constraints", "always"); - state->set_option("conf", "x509/ca/default_expire", "1y"); - state->set_option("conf", "x509/ca/signing_offset", "30s"); - state->set_option("conf", "x509/ca/rsa_hash", "SHA-1"); - state->set_option("conf", "x509/ca/str_type", "latin1"); - - state->set_option("conf", "x509/crl/unknown_critical", "ignore"); - state->set_option("conf", "x509/crl/next_update", "7d"); - - state->set_option("conf", "x509/exts/basic_constraints", "critical"); - state->set_option("conf", "x509/exts/subject_key_id", "yes"); - state->set_option("conf", "x509/exts/authority_key_id", "yes"); - state->set_option("conf", "x509/exts/subject_alternative_name", "yes"); - state->set_option("conf", "x509/exts/issuer_alternative_name", "no"); - state->set_option("conf", "x509/exts/key_usage", "critical"); - state->set_option("conf", "x509/exts/extended_key_usage", "yes"); - state->set_option("conf", "x509/exts/crl_number", "yes"); + config.set("conf", "rng/slow_poll_request", "256"); + config.set("conf", "rng/fast_poll_request", "64"); + + config.set("conf", "x509/validity_slack", "24h"); + config.set("conf", "x509/v1_assume_ca", "false"); + config.set("conf", "x509/cache_verify_results", "30m"); + + config.set("conf", "x509/ca/allow_ca", "false"); + config.set("conf", "x509/ca/basic_constraints", "always"); + config.set("conf", "x509/ca/default_expire", "1y"); + config.set("conf", "x509/ca/signing_offset", "30s"); + config.set("conf", "x509/ca/rsa_hash", "SHA-1"); + config.set("conf", "x509/ca/str_type", "latin1"); + + config.set("conf", "x509/crl/unknown_critical", "ignore"); + config.set("conf", "x509/crl/next_update", "7d"); + + config.set("conf", "x509/exts/basic_constraints", "critical"); + config.set("conf", "x509/exts/subject_key_id", "yes"); + config.set("conf", "x509/exts/authority_key_id", "yes"); + config.set("conf", "x509/exts/subject_alternative_name", "yes"); + config.set("conf", "x509/exts/issuer_alternative_name", "no"); + config.set("conf", "x509/exts/key_usage", "critical"); + config.set("conf", "x509/exts/extended_key_usage", "yes"); + config.set("conf", "x509/exts/crl_number", "yes"); } /************************************************* * Set the built-in discrete log groups * *************************************************/ -void set_default_dl_groups(Library_State* state) +void set_default_dl_groups(Config& config) { - state->set_option("dl", "modp/ietf/768", + config.set("dl", "modp/ietf/768", "-----BEGIN X942 DH PARAMETERS-----" "MIHIAmEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxObIlFK" "CHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjo2IP//" @@ -243,7 +244,7 @@ void set_default_dl_groups(Library_State* state) "HRsQf/////////8=" "-----END X942 DH PARAMETERS-----"); - state->set_option("dl", "modp/ietf/1024", + config.set("dl", "modp/ietf/1024", "-----BEGIN X942 DH PARAMETERS-----" "MIIBCgKBgQD//////////8kP2qIhaMI0xMZii4DcHNEpAk4IimfMdAILvqY7E5si" "UUoIeY40BN3vlRmzzTpDGzArCm3yXxQ3T+E1bW1RwkXkhbV2Yl5+xvRMQummN+1r" @@ -253,7 +254,7 @@ void set_default_dl_groups(Library_State* state) "Nf2tRM/S10+SCL4lj/MklDMo9nMpwP//////////" "-----END X942 DH PARAMETERS-----"); - state->set_option("dl", "modp/ietf/1536", + config.set("dl", "modp/ietf/1536", "-----BEGIN X942 DH PARAMETERS-----" "MIIBigKBwQD//////////8kP2qIhaMI0xMZii4DcHNEpAk4IimfMdAILvqY7E5si" "UUoIeY40BN3vlRmzzTpDGzArCm3yXxQ3T+E1bW1RwkXkhbV2Yl5+xvRMQummN+1r" @@ -266,7 +267,7 @@ void set_default_dl_groups(Library_State* state) "NgRlEbmT//////////8=" "-----END X942 DH PARAMETERS-----"); - state->set_option("dl", "modp/ietf/2048", + config.set("dl", "modp/ietf/2048", "-----BEGIN X942 DH PARAMETERS-----" "MIICDAKCAQEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb" "IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft" @@ -281,7 +282,7 @@ void set_default_dl_groups(Library_State* state) "2uKu+DemKWTvFeX7SqwLjBzKpL51SrVyiukTDEx9AogKuUctRVZVNH//////////" "-----END X942 DH PARAMETERS-----"); - state->set_option("dl", "modp/ietf/3072", + config.set("dl", "modp/ietf/3072", "-----BEGIN X942 DH PARAMETERS-----" "MIIDDAKCAYEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb" "IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft" @@ -302,7 +303,7 @@ void set_default_dl_groups(Library_State* state) "JcFokFSdaWV//////////w==" "-----END X942 DH PARAMETERS-----"); - state->set_option("dl", "modp/ietf/4096", + config.set("dl", "modp/ietf/4096", "-----BEGIN X942 DH PARAMETERS-----" "MIIEDAKCAgEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb" "IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft" @@ -328,7 +329,7 @@ void set_default_dl_groups(Library_State* state) "ydp1TEbH7uDDf9vuSFNgR6b6GuSaAxjM//////////8=" "-----END X942 DH PARAMETERS-----"); - state->set_option("dl", "dsa/jce/512", + config.set("dl", "dsa/jce/512", "-----BEGIN DSA PARAMETERS-----" "MIGdAkEA/KaCzo4Syrom78z3EQ5SbbB4sF7ey80etKII864WF64B81uRpH5t9jQT" "xeEu0ImbzRMqzVDZkVG9xD7nN1kuFwIVAJYu3cw2nLqOuyYO5rahJtk0bjjFAkEA" @@ -336,7 +337,7 @@ void set_default_dl_groups(Library_State* state) "fM76DQqGvl3/3dDRFD3NdQ==" "-----END DSA PARAMETERS-----"); - state->set_option("dl", "dsa/jce/768", + config.set("dl", "dsa/jce/768", "-----BEGIN DSA PARAMETERS-----" "MIHdAmEA6eZCWZ01XzfJf/01ZxILjiXJzUPpJ7OpZw++xdiQFBki0sOzrSSACTeZ" "hp0ehGqrSfqwrSbSzmoiIZ1HC859d31KIfvpwnC1f2BwAvPO+Dk2lM9F7jaIwRqM" @@ -345,7 +346,7 @@ void set_default_dl_groups(Library_State* state) "CjBTjf9rP8ds+xMcnnlltYhYqwpDtVczWRKoqlR/lWg=" "-----END DSA PARAMETERS-----"); - state->set_option("dl", "dsa/jce/1024", + config.set("dl", "dsa/jce/1024", "-----BEGIN DSA PARAMETERS-----" "MIIBHgKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9" "jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX" @@ -364,10 +365,10 @@ void set_default_dl_groups(Library_State* state) *************************************************/ void Library_State::set_default_policy() { - set_default_config(this); - set_default_aliases(this); - set_default_oids(this); - set_default_dl_groups(this); + set_default_config(config()); + set_default_aliases(config()); + set_default_oids(config()); + set_default_dl_groups(config()); } } diff --git a/src/x509_ca.cpp b/src/x509_ca.cpp index 0efb66744..23e79356f 100644 --- a/src/x509_ca.cpp +++ b/src/x509_ca.cpp @@ -37,7 +37,7 @@ X509_CA::X509_CA(const X509_Certificate& c, std::string padding; Signature_Format format; - Config::choose_sig_format(key.algo_name(), padding, format); + ConfigXXX::choose_sig_format(key.algo_name(), padding, format); ca_sig_algo.oid = OIDS::lookup(key.algo_name() + "/" + padding); ca_sig_algo.parameters = key.DER_encode_params(); @@ -52,7 +52,7 @@ X509_CA::X509_CA(const X509_Certificate& c, X509_Certificate X509_CA::sign_request(const PKCS10_Request& req, u32bit expire_time) const { - if(req.is_CA() && !Config::get_bool("x509/ca/allow_ca")) + if(req.is_CA() && !global_config().option_as_bool("x509/ca/allow_ca")) throw Policy_Violation("X509_CA: Attempted to sign new CA certificate"); Key_Constraints constraints; @@ -65,7 +65,7 @@ X509_Certificate X509_CA::sign_request(const PKCS10_Request& req, } if(expire_time == 0) - expire_time = Config::get_time("x509/ca/default_expire"); + expire_time = global_config().option_as_time("x509/ca/default_expire"); const u64bit current_time = system_time(); @@ -204,7 +204,7 @@ X509_CRL X509_CA::make_crl(const std::vector<CRL_Entry>& revoked, const u32bit X509_CRL_VERSION = 2; if(next_update == 0) - next_update = Config::get_time("x509/crl/next_update"); + next_update = global_config().option_as_time("x509/crl/next_update"); const u64bit current_time = system_time(); diff --git a/src/x509_crl.cpp b/src/x509_crl.cpp index ebb69f528..70e0bd8a1 100644 --- a/src/x509_crl.cpp +++ b/src/x509_crl.cpp @@ -80,7 +80,7 @@ void X509_CRL::force_decode() { BER_Decoder crl_options(next.value); - std::string action = Config::get_string("x509/crl/unknown_critical"); + std::string action = global_config().option("x509/crl/unknown_critical"); if(action != "throw" && action != "ignore") throw Invalid_Argument("Bad value of x509/crl/unknown_critical: " + action); diff --git a/src/x509_ext.cpp b/src/x509_ext.cpp index ae5116024..f979f55ee 100644 --- a/src/x509_ext.cpp +++ b/src/x509_ext.cpp @@ -38,7 +38,7 @@ void Extensions::encode_into(DER_Encoder& to_object) const std::string setting; if(ext->config_id() != "") - setting = Config::get_string("x509/exts/" + ext->config_id()); + setting = global_config().option("x509/exts/" + ext->config_id()); if(setting == "") setting = "yes"; diff --git a/src/x509opt.cpp b/src/x509opt.cpp index 65cc16c19..4c8abf53c 100644 --- a/src/x509opt.cpp +++ b/src/x509opt.cpp @@ -79,8 +79,10 @@ void X509_Cert_Options::sanity_check() const *************************************************/ X509_Cert_Options::X509_Cert_Options(const std::string& initial_opts) { - const u32bit DEFAULT_EXPIRE = Config::get_time("x509/ca/default_expire"); - const u32bit OFFSET_FROM_NOW = Config::get_time("x509/ca/signing_offset"); + const u32bit DEFAULT_EXPIRE = + global_config().option_as_time("x509/ca/default_expire"); + const u32bit OFFSET_FROM_NOW = + global_config().option_as_time("x509/ca/signing_offset"); is_CA = false; path_limit = 0; diff --git a/src/x509self.cpp b/src/x509self.cpp index fadcf0c39..da75aff18 100644 --- a/src/x509self.cpp +++ b/src/x509self.cpp @@ -63,7 +63,7 @@ PK_Signer* choose_sig_format(const PKCS8_PrivateKey& key, { std::string padding; Signature_Format format; - Config::choose_sig_format(key.algo_name(), padding, format); + ConfigXXX::choose_sig_format(key.algo_name(), padding, format); sig_algo.oid = OIDS::lookup(key.algo_name() + "/" + padding); sig_algo.parameters = key.DER_encode_params(); diff --git a/src/x509stor.cpp b/src/x509stor.cpp index 1be8ec85d..350cf965e 100644 --- a/src/x509stor.cpp +++ b/src/x509stor.cpp @@ -658,7 +658,9 @@ bool X509_Store::Cert_Info::is_verified() const if(result != VERIFIED && result != CERT_NOT_YET_VALID) return true; - const u32bit CACHE_TIME = Config::get_time("x509/cache_verify_results"); + const u32bit CACHE_TIME = + global_config().option_as_time("x509/cache_verify_results"); + const u64bit current_time = system_time(); if(current_time > last_checked + CACHE_TIME) |