diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/cert/x509/x509_ca.cpp | 3 | ||||
-rw-r--r-- | src/cert/x509/x509_crl.cpp | 6 | ||||
-rw-r--r-- | src/cert/x509/x509_obj.cpp | 2 | ||||
-rw-r--r-- | src/cert/x509/x509path.cpp | 8 | ||||
-rw-r--r-- | src/cert/x509/x509path.h | 5 | ||||
-rw-r--r-- | src/credentials/credentials_manager.cpp | 40 | ||||
-rw-r--r-- | src/credentials/info.txt | 3 | ||||
-rw-r--r-- | src/filters/modes/mode_pad/mode_pad.cpp | 7 | ||||
-rw-r--r-- | src/pbe/pbes1/pbes1.cpp | 9 | ||||
-rw-r--r-- | src/pbe/pbes2/pbes2.cpp | 11 | ||||
-rw-r--r-- | src/stream/arc4/arc4.cpp | 4 | ||||
-rw-r--r-- | src/stream/wid_wake/wid_wake.cpp | 4 |
12 files changed, 33 insertions, 69 deletions
diff --git a/src/cert/x509/x509_ca.cpp b/src/cert/x509/x509_ca.cpp index 9633d1466..486d769ef 100644 --- a/src/cert/x509/x509_ca.cpp +++ b/src/cert/x509/x509_ca.cpp @@ -13,7 +13,6 @@ #include <botan/parsing.h> #include <botan/lookup.h> #include <botan/oids.h> -#include <botan/time.h> #include <botan/key_constraint.h> #include <algorithm> #include <typeinfo> @@ -58,7 +57,7 @@ X509_Certificate X509_CA::sign_request(const PKCS10_Request& req, else { std::unique_ptr<Public_Key> key(req.subject_public_key()); - constraints = X509::find_constraints(*key, req.constraints()); + constraints = find_constraints(*key, req.constraints()); } Extensions extensions; diff --git a/src/cert/x509/x509_crl.cpp b/src/cert/x509/x509_crl.cpp index 1d6393470..29495a627 100644 --- a/src/cert/x509/x509_crl.cpp +++ b/src/cert/x509/x509_crl.cpp @@ -51,14 +51,14 @@ bool X509_CRL::is_revoked(const X509_Certificate& cert) const if(cert.issuer_dn() != issuer_dn()) return false; - MemoryVector<byte> crl_akid = authority_key_id(); - MemoryVector<byte> cert_akid = cert.authority_key_id(); + std::vector<byte> crl_akid = authority_key_id(); + std::vector<byte> cert_akid = cert.authority_key_id(); if(!crl_akid.empty() && !cert_akid.empty()) if(crl_akid != cert_akid) return false; - MemoryVector<byte> cert_serial = cert.serial_number(); + std::vector<byte> cert_serial = cert.serial_number(); bool is_revoked = false; diff --git a/src/cert/x509/x509_obj.cpp b/src/cert/x509/x509_obj.cpp index af8be0384..4270dfec2 100644 --- a/src/cert/x509/x509_obj.cpp +++ b/src/cert/x509/x509_obj.cpp @@ -177,7 +177,7 @@ std::string X509_Object::hash_used_for_signature() const */ bool X509_Object::check_signature(const Public_Key* pub_key) const { - std::unique_ptr<Public_Key> key(pub_key); + std::unique_ptr<const Public_Key> key(pub_key); return check_signature(*key); } diff --git a/src/cert/x509/x509path.cpp b/src/cert/x509/x509path.cpp index 1d0667f85..159787800 100644 --- a/src/cert/x509/x509path.cpp +++ b/src/cert/x509/x509path.cpp @@ -33,7 +33,7 @@ X509_Certificate find_issuing_cert(const X509_Certificate& cert, const std::vector<Certificate_Store*>& certstores) { const X509_DN issuer_dn = cert.issuer_dn(); - const MemoryVector<byte> auth_key_id = cert.authority_key_id(); + const std::vector<byte> auth_key_id = cert.authority_key_id(); for(size_t i = 0; i != certstores.size(); ++i) { @@ -55,7 +55,7 @@ std::vector<X509_CRL> find_crls_from(const X509_Certificate& cert, const std::vector<Certificate_Store*>& certstores) { const X509_DN issuer_dn = cert.subject_dn(); - const MemoryVector<byte> auth_key_id = cert.subject_key_id(); + const std::vector<byte> auth_key_id = cert.subject_key_id(); for(size_t i = 0; i != certstores.size(); ++i) { @@ -143,7 +143,7 @@ std::string Path_Validation_Result::result_string() const return "CA certificate not allowed to issue CRLs"; default: - return "Unknown code " + to_string(m_result); + return "Unknown code " + std::to_string(m_result); } } @@ -210,7 +210,7 @@ Path_Validation_Result x509_path_validate( const bool self_signed_ee_cert = (cert_path.size() == 1); - X509_Time current_time(system_time()); + X509_Time current_time(std::chrono::system_clock::now()); for(size_t i = 0; i != cert_path.size(); ++i) { diff --git a/src/cert/x509/x509path.h b/src/cert/x509/x509path.h index fc784d429..18129a236 100644 --- a/src/cert/x509/x509path.h +++ b/src/cert/x509/x509path.h @@ -10,12 +10,7 @@ #include <botan/x509cert.h> #include <botan/certstor.h> -<<<<<<< variant A #include <set> ->>>>>>> variant B -#include <functional> -####### Ancestor -======= end namespace Botan { diff --git a/src/credentials/credentials_manager.cpp b/src/credentials/credentials_manager.cpp index adb3a64fc..a1f2c90df 100644 --- a/src/credentials/credentials_manager.cpp +++ b/src/credentials/credentials_manager.cpp @@ -6,7 +6,7 @@ */ #include <botan/credentials_manager.h> -#include <botan/x509stor.h> +#include <botan/x509path.h> namespace Botan { @@ -104,46 +104,22 @@ void Credentials_Manager::verify_certificate_chain( if(purported_hostname != "" && !cert_chain[0].matches_dns_name(purported_hostname)) throw std::runtime_error("Certificate did not match hostname"); -#if 1 - std::vector<X509_Certificate> CAs = trusted_certificate_authorities(type, purported_hostname); + auto trusted_CAs = trusted_certificate_authorities(type, purported_hostname); - X509_Store store; - - for(size_t i = 0; i != CAs.size(); ++i) - store.add_cert(CAs[i], true); - for(size_t i = 0; i != cert_chain.size(); ++i) - store.add_cert(cert_chain[i]); - - X509_Code result = store.validate_cert(cert_chain[0], X509_Store::TLS_SERVER); - - if(CAs.empty()) - { - if(result == CERT_ISSUER_NOT_FOUND) - return; - if(result == CANNOT_ESTABLISH_TRUST) - return; - } - - if(result != VERIFIED) - throw std::runtime_error("Certificate did not validate, code " + - std::to_string(result)); -#else - - // New X.509 API - const Certificate_Store& CAs = - trusted_certificate_authorities(type, purported_hostname); + Certificate_Store_In_Memory CAs; + for(auto cert : trusted_CAs) + CAs.add_certificate(cert); Path_Validation_Result result = x509_path_validate(cert_chain, Path_Validation_Restrictions(), - store); + CAs); if(!result.successful_validation()) - throw std::runtime_error("Certificate validation failure: " + result.as_string()); + throw std::runtime_error("Certificate validation failure: " + result.result_string()); - if(!CAs.certificate_known(result.trust_root()) + if(!CAs.certificate_known(result.trust_root())) throw std::runtime_error("Certificate chain roots in unknown/untrusted CA"); -#endif } } diff --git a/src/credentials/info.txt b/src/credentials/info.txt index 689c4f1ae..529011585 100644 --- a/src/credentials/info.txt +++ b/src/credentials/info.txt @@ -1,6 +1,5 @@ define CREDENTIALS_MANAGER <requires> -x509cert -x509store +x509 </requires> diff --git a/src/filters/modes/mode_pad/mode_pad.cpp b/src/filters/modes/mode_pad/mode_pad.cpp index 495a0abe9..f5d544e92 100644 --- a/src/filters/modes/mode_pad/mode_pad.cpp +++ b/src/filters/modes/mode_pad/mode_pad.cpp @@ -40,11 +40,14 @@ void PKCS7_Padding::pad(byte block[], size_t size, size_t position) const size_t PKCS7_Padding::unpad(const byte block[], size_t size) const { size_t position = block[size-1]; + if(position > size) - throw Decoding_Error(name()); + throw Decoding_Error("Bad padding in " + name()); + for(size_t j = size-position; j != size-1; ++j) if(block[j] != position) - throw Decoding_Error(name()); + throw Decoding_Error("Bad padding in " + name()); + return (size-position); } diff --git a/src/pbe/pbes1/pbes1.cpp b/src/pbe/pbes1/pbes1.cpp index 0e5e8284c..41a793a24 100644 --- a/src/pbe/pbes1/pbes1.cpp +++ b/src/pbe/pbes1/pbes1.cpp @@ -19,13 +19,8 @@ namespace Botan { */ void PBE_PKCS5v15::write(const byte input[], size_t length) { - while(length) - { - size_t put = std::min(DEFAULT_BUFFERSIZE, length); - pipe.write(input, length); - flush_pipe(true); - length -= put; - } + pipe.write(input, length); + flush_pipe(true); } /* diff --git a/src/pbe/pbes2/pbes2.cpp b/src/pbe/pbes2/pbes2.cpp index 752a4fb6d..0036359cc 100644 --- a/src/pbe/pbes2/pbes2.cpp +++ b/src/pbe/pbes2/pbes2.cpp @@ -26,13 +26,8 @@ namespace Botan { */ void PBE_PKCS5v20::write(const byte input[], size_t length) { - while(length) - { - size_t put = std::min(DEFAULT_BUFFERSIZE, length); - pipe.write(input, length); - flush_pipe(true); - length -= put; - } + pipe.write(input, length); + flush_pipe(true); } /* @@ -75,7 +70,7 @@ void PBE_PKCS5v20::flush_pipe(bool safe_to_skip) secure_vector<byte> buffer(DEFAULT_BUFFERSIZE); while(pipe.remaining()) { - size_t got = pipe.read(&buffer[0], buffer.size()); + const size_t got = pipe.read(&buffer[0], buffer.size()); send(buffer, got); } } diff --git a/src/stream/arc4/arc4.cpp b/src/stream/arc4/arc4.cpp index 13eb6ff9e..16c6058d2 100644 --- a/src/stream/arc4/arc4.cpp +++ b/src/stream/arc4/arc4.cpp @@ -7,7 +7,7 @@ #include <botan/arc4.h> #include <botan/internal/xor_buf.h> -#include <botan/parsing.h> +#include <botan/internal/rounding.h> namespace Botan { @@ -62,7 +62,7 @@ void ARC4::generate() void ARC4::key_schedule(const byte key[], size_t length) { state.resize(256); - buffer.resize(DEFAULT_BUFFERSIZE); + buffer.resize(round_up<size_t>(DEFAULT_BUFFERSIZE, 4)); position = X = Y = 0; diff --git a/src/stream/wid_wake/wid_wake.cpp b/src/stream/wid_wake/wid_wake.cpp index e4ab6477f..0f56148a5 100644 --- a/src/stream/wid_wake/wid_wake.cpp +++ b/src/stream/wid_wake/wid_wake.cpp @@ -8,6 +8,7 @@ #include <botan/wid_wake.h> #include <botan/loadstor.h> #include <botan/internal/xor_buf.h> +#include <botan/internal/rounding.h> namespace Botan { @@ -76,7 +77,8 @@ void WiderWake_41_BE::key_schedule(const byte key[], size_t) { t_key.resize(4); state.resize(5); - buffer.resize(DEFAULT_BUFFERSIZE); + buffer.resize( + round_up<size_t>(std::max<size_t>(8*4, DEFAULT_BUFFERSIZE), 8)); for(size_t i = 0; i != 4; ++i) t_key[i] = load_be<u32bit>(key, i); |