aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/cert/x509/x509_ca.cpp3
-rw-r--r--src/cert/x509/x509_crl.cpp6
-rw-r--r--src/cert/x509/x509_obj.cpp2
-rw-r--r--src/cert/x509/x509path.cpp8
-rw-r--r--src/cert/x509/x509path.h5
-rw-r--r--src/credentials/credentials_manager.cpp40
-rw-r--r--src/credentials/info.txt3
-rw-r--r--src/filters/modes/mode_pad/mode_pad.cpp7
-rw-r--r--src/pbe/pbes1/pbes1.cpp9
-rw-r--r--src/pbe/pbes2/pbes2.cpp11
-rw-r--r--src/stream/arc4/arc4.cpp4
-rw-r--r--src/stream/wid_wake/wid_wake.cpp4
12 files changed, 33 insertions, 69 deletions
diff --git a/src/cert/x509/x509_ca.cpp b/src/cert/x509/x509_ca.cpp
index 9633d1466..486d769ef 100644
--- a/src/cert/x509/x509_ca.cpp
+++ b/src/cert/x509/x509_ca.cpp
@@ -13,7 +13,6 @@
#include <botan/parsing.h>
#include <botan/lookup.h>
#include <botan/oids.h>
-#include <botan/time.h>
#include <botan/key_constraint.h>
#include <algorithm>
#include <typeinfo>
@@ -58,7 +57,7 @@ X509_Certificate X509_CA::sign_request(const PKCS10_Request& req,
else
{
std::unique_ptr<Public_Key> key(req.subject_public_key());
- constraints = X509::find_constraints(*key, req.constraints());
+ constraints = find_constraints(*key, req.constraints());
}
Extensions extensions;
diff --git a/src/cert/x509/x509_crl.cpp b/src/cert/x509/x509_crl.cpp
index 1d6393470..29495a627 100644
--- a/src/cert/x509/x509_crl.cpp
+++ b/src/cert/x509/x509_crl.cpp
@@ -51,14 +51,14 @@ bool X509_CRL::is_revoked(const X509_Certificate& cert) const
if(cert.issuer_dn() != issuer_dn())
return false;
- MemoryVector<byte> crl_akid = authority_key_id();
- MemoryVector<byte> cert_akid = cert.authority_key_id();
+ std::vector<byte> crl_akid = authority_key_id();
+ std::vector<byte> cert_akid = cert.authority_key_id();
if(!crl_akid.empty() && !cert_akid.empty())
if(crl_akid != cert_akid)
return false;
- MemoryVector<byte> cert_serial = cert.serial_number();
+ std::vector<byte> cert_serial = cert.serial_number();
bool is_revoked = false;
diff --git a/src/cert/x509/x509_obj.cpp b/src/cert/x509/x509_obj.cpp
index af8be0384..4270dfec2 100644
--- a/src/cert/x509/x509_obj.cpp
+++ b/src/cert/x509/x509_obj.cpp
@@ -177,7 +177,7 @@ std::string X509_Object::hash_used_for_signature() const
*/
bool X509_Object::check_signature(const Public_Key* pub_key) const
{
- std::unique_ptr<Public_Key> key(pub_key);
+ std::unique_ptr<const Public_Key> key(pub_key);
return check_signature(*key);
}
diff --git a/src/cert/x509/x509path.cpp b/src/cert/x509/x509path.cpp
index 1d0667f85..159787800 100644
--- a/src/cert/x509/x509path.cpp
+++ b/src/cert/x509/x509path.cpp
@@ -33,7 +33,7 @@ X509_Certificate find_issuing_cert(const X509_Certificate& cert,
const std::vector<Certificate_Store*>& certstores)
{
const X509_DN issuer_dn = cert.issuer_dn();
- const MemoryVector<byte> auth_key_id = cert.authority_key_id();
+ const std::vector<byte> auth_key_id = cert.authority_key_id();
for(size_t i = 0; i != certstores.size(); ++i)
{
@@ -55,7 +55,7 @@ std::vector<X509_CRL> find_crls_from(const X509_Certificate& cert,
const std::vector<Certificate_Store*>& certstores)
{
const X509_DN issuer_dn = cert.subject_dn();
- const MemoryVector<byte> auth_key_id = cert.subject_key_id();
+ const std::vector<byte> auth_key_id = cert.subject_key_id();
for(size_t i = 0; i != certstores.size(); ++i)
{
@@ -143,7 +143,7 @@ std::string Path_Validation_Result::result_string() const
return "CA certificate not allowed to issue CRLs";
default:
- return "Unknown code " + to_string(m_result);
+ return "Unknown code " + std::to_string(m_result);
}
}
@@ -210,7 +210,7 @@ Path_Validation_Result x509_path_validate(
const bool self_signed_ee_cert = (cert_path.size() == 1);
- X509_Time current_time(system_time());
+ X509_Time current_time(std::chrono::system_clock::now());
for(size_t i = 0; i != cert_path.size(); ++i)
{
diff --git a/src/cert/x509/x509path.h b/src/cert/x509/x509path.h
index fc784d429..18129a236 100644
--- a/src/cert/x509/x509path.h
+++ b/src/cert/x509/x509path.h
@@ -10,12 +10,7 @@
#include <botan/x509cert.h>
#include <botan/certstor.h>
-<<<<<<< variant A
#include <set>
->>>>>>> variant B
-#include <functional>
-####### Ancestor
-======= end
namespace Botan {
diff --git a/src/credentials/credentials_manager.cpp b/src/credentials/credentials_manager.cpp
index adb3a64fc..a1f2c90df 100644
--- a/src/credentials/credentials_manager.cpp
+++ b/src/credentials/credentials_manager.cpp
@@ -6,7 +6,7 @@
*/
#include <botan/credentials_manager.h>
-#include <botan/x509stor.h>
+#include <botan/x509path.h>
namespace Botan {
@@ -104,46 +104,22 @@ void Credentials_Manager::verify_certificate_chain(
if(purported_hostname != "" && !cert_chain[0].matches_dns_name(purported_hostname))
throw std::runtime_error("Certificate did not match hostname");
-#if 1
- std::vector<X509_Certificate> CAs = trusted_certificate_authorities(type, purported_hostname);
+ auto trusted_CAs = trusted_certificate_authorities(type, purported_hostname);
- X509_Store store;
-
- for(size_t i = 0; i != CAs.size(); ++i)
- store.add_cert(CAs[i], true);
- for(size_t i = 0; i != cert_chain.size(); ++i)
- store.add_cert(cert_chain[i]);
-
- X509_Code result = store.validate_cert(cert_chain[0], X509_Store::TLS_SERVER);
-
- if(CAs.empty())
- {
- if(result == CERT_ISSUER_NOT_FOUND)
- return;
- if(result == CANNOT_ESTABLISH_TRUST)
- return;
- }
-
- if(result != VERIFIED)
- throw std::runtime_error("Certificate did not validate, code " +
- std::to_string(result));
-#else
-
- // New X.509 API
- const Certificate_Store& CAs =
- trusted_certificate_authorities(type, purported_hostname);
+ Certificate_Store_In_Memory CAs;
+ for(auto cert : trusted_CAs)
+ CAs.add_certificate(cert);
Path_Validation_Result result =
x509_path_validate(cert_chain,
Path_Validation_Restrictions(),
- store);
+ CAs);
if(!result.successful_validation())
- throw std::runtime_error("Certificate validation failure: " + result.as_string());
+ throw std::runtime_error("Certificate validation failure: " + result.result_string());
- if(!CAs.certificate_known(result.trust_root())
+ if(!CAs.certificate_known(result.trust_root()))
throw std::runtime_error("Certificate chain roots in unknown/untrusted CA");
-#endif
}
}
diff --git a/src/credentials/info.txt b/src/credentials/info.txt
index 689c4f1ae..529011585 100644
--- a/src/credentials/info.txt
+++ b/src/credentials/info.txt
@@ -1,6 +1,5 @@
define CREDENTIALS_MANAGER
<requires>
-x509cert
-x509store
+x509
</requires>
diff --git a/src/filters/modes/mode_pad/mode_pad.cpp b/src/filters/modes/mode_pad/mode_pad.cpp
index 495a0abe9..f5d544e92 100644
--- a/src/filters/modes/mode_pad/mode_pad.cpp
+++ b/src/filters/modes/mode_pad/mode_pad.cpp
@@ -40,11 +40,14 @@ void PKCS7_Padding::pad(byte block[], size_t size, size_t position) const
size_t PKCS7_Padding::unpad(const byte block[], size_t size) const
{
size_t position = block[size-1];
+
if(position > size)
- throw Decoding_Error(name());
+ throw Decoding_Error("Bad padding in " + name());
+
for(size_t j = size-position; j != size-1; ++j)
if(block[j] != position)
- throw Decoding_Error(name());
+ throw Decoding_Error("Bad padding in " + name());
+
return (size-position);
}
diff --git a/src/pbe/pbes1/pbes1.cpp b/src/pbe/pbes1/pbes1.cpp
index 0e5e8284c..41a793a24 100644
--- a/src/pbe/pbes1/pbes1.cpp
+++ b/src/pbe/pbes1/pbes1.cpp
@@ -19,13 +19,8 @@ namespace Botan {
*/
void PBE_PKCS5v15::write(const byte input[], size_t length)
{
- while(length)
- {
- size_t put = std::min(DEFAULT_BUFFERSIZE, length);
- pipe.write(input, length);
- flush_pipe(true);
- length -= put;
- }
+ pipe.write(input, length);
+ flush_pipe(true);
}
/*
diff --git a/src/pbe/pbes2/pbes2.cpp b/src/pbe/pbes2/pbes2.cpp
index 752a4fb6d..0036359cc 100644
--- a/src/pbe/pbes2/pbes2.cpp
+++ b/src/pbe/pbes2/pbes2.cpp
@@ -26,13 +26,8 @@ namespace Botan {
*/
void PBE_PKCS5v20::write(const byte input[], size_t length)
{
- while(length)
- {
- size_t put = std::min(DEFAULT_BUFFERSIZE, length);
- pipe.write(input, length);
- flush_pipe(true);
- length -= put;
- }
+ pipe.write(input, length);
+ flush_pipe(true);
}
/*
@@ -75,7 +70,7 @@ void PBE_PKCS5v20::flush_pipe(bool safe_to_skip)
secure_vector<byte> buffer(DEFAULT_BUFFERSIZE);
while(pipe.remaining())
{
- size_t got = pipe.read(&buffer[0], buffer.size());
+ const size_t got = pipe.read(&buffer[0], buffer.size());
send(buffer, got);
}
}
diff --git a/src/stream/arc4/arc4.cpp b/src/stream/arc4/arc4.cpp
index 13eb6ff9e..16c6058d2 100644
--- a/src/stream/arc4/arc4.cpp
+++ b/src/stream/arc4/arc4.cpp
@@ -7,7 +7,7 @@
#include <botan/arc4.h>
#include <botan/internal/xor_buf.h>
-#include <botan/parsing.h>
+#include <botan/internal/rounding.h>
namespace Botan {
@@ -62,7 +62,7 @@ void ARC4::generate()
void ARC4::key_schedule(const byte key[], size_t length)
{
state.resize(256);
- buffer.resize(DEFAULT_BUFFERSIZE);
+ buffer.resize(round_up<size_t>(DEFAULT_BUFFERSIZE, 4));
position = X = Y = 0;
diff --git a/src/stream/wid_wake/wid_wake.cpp b/src/stream/wid_wake/wid_wake.cpp
index e4ab6477f..0f56148a5 100644
--- a/src/stream/wid_wake/wid_wake.cpp
+++ b/src/stream/wid_wake/wid_wake.cpp
@@ -8,6 +8,7 @@
#include <botan/wid_wake.h>
#include <botan/loadstor.h>
#include <botan/internal/xor_buf.h>
+#include <botan/internal/rounding.h>
namespace Botan {
@@ -76,7 +77,8 @@ void WiderWake_41_BE::key_schedule(const byte key[], size_t)
{
t_key.resize(4);
state.resize(5);
- buffer.resize(DEFAULT_BUFFERSIZE);
+ buffer.resize(
+ round_up<size_t>(std::max<size_t>(8*4, DEFAULT_BUFFERSIZE), 8));
for(size_t i = 0; i != 4; ++i)
t_key[i] = load_be<u32bit>(key, i);