diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/alloc/secmem.h | 2 | ||||
-rw-r--r-- | src/cert/x509/x509_ca.cpp | 12 | ||||
-rw-r--r-- | src/cert/x509/x509_ext.cpp | 65 | ||||
-rw-r--r-- | src/cert/x509/x509_ext.h | 5 | ||||
-rw-r--r-- | src/cert/x509/x509_obj.cpp | 4 | ||||
-rw-r--r-- | src/cert/x509/x509self.cpp | 13 | ||||
-rw-r--r-- | src/libstate/libstate.cpp | 34 | ||||
-rw-r--r-- | src/libstate/libstate.h | 38 | ||||
-rw-r--r-- | src/libstate/policy.cpp | 20 | ||||
-rw-r--r-- | src/pubkey/dh/dh.cpp | 2 | ||||
-rw-r--r-- | src/pubkey/dsa/dsa.cpp | 27 | ||||
-rw-r--r-- | src/pubkey/elgamal/elgamal.cpp | 2 | ||||
-rw-r--r-- | src/pubkey/nr/nr.cpp | 21 | ||||
-rw-r--r-- | src/pubkey/rsa/rsa.cpp | 2 | ||||
-rw-r--r-- | src/pubkey/rsa/rsa.h | 5 |
15 files changed, 104 insertions, 148 deletions
diff --git a/src/alloc/secmem.h b/src/alloc/secmem.h index fd08c6198..42b5c7a2d 100644 --- a/src/alloc/secmem.h +++ b/src/alloc/secmem.h @@ -210,7 +210,7 @@ class MemoryRegion } void deallocate(T* p, u32bit n) - { alloc->deallocate(p, sizeof(T)*n); } + { if(alloc && p && n) alloc->deallocate(p, sizeof(T)*n); } T* buf; u32bit used; diff --git a/src/cert/x509/x509_ca.cpp b/src/cert/x509/x509_ca.cpp index 3eb7ff77e..5af824946 100644 --- a/src/cert/x509/x509_ca.cpp +++ b/src/cert/x509/x509_ca.cpp @@ -59,19 +59,21 @@ X509_Certificate X509_CA::sign_request(const PKCS10_Request& req, Extensions extensions; + extensions.add( + new Cert_Extension::Basic_Constraints(req.is_CA(), req.path_limit()), + true); + + extensions.add(new Cert_Extension::Key_Usage(constraints), true); + extensions.add(new Cert_Extension::Authority_Key_ID(cert.subject_key_id())); extensions.add(new Cert_Extension::Subject_Key_ID(req.raw_public_key())); extensions.add( - new Cert_Extension::Basic_Constraints(req.is_CA(), req.path_limit())); + new Cert_Extension::Subject_Alternative_Name(req.subject_alt_name())); - extensions.add(new Cert_Extension::Key_Usage(constraints)); extensions.add( new Cert_Extension::Extended_Key_Usage(req.ex_constraints())); - extensions.add( - new Cert_Extension::Subject_Alternative_Name(req.subject_alt_name())); - return make_cert(signer, rng, ca_sig_algo, req.raw_public_key(), not_before, not_after, diff --git a/src/cert/x509/x509_ext.cpp b/src/cert/x509/x509_ext.cpp index 69b21d8b3..3e51d1fa2 100644 --- a/src/cert/x509/x509_ext.cpp +++ b/src/cert/x509/x509_ext.cpp @@ -1,6 +1,6 @@ /* * X.509 Certificate Extensions -* (C) 1999-2007 Jack Lloyd +* (C) 1999-2010 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -10,7 +10,6 @@ #include <botan/der_enc.h> #include <botan/ber_dec.h> #include <botan/oids.h> -#include <botan/libstate.h> #include <botan/internal/bit_ops.h> #include <algorithm> #include <memory> @@ -52,12 +51,14 @@ Extensions::Extensions(const Extensions& extensions) : ASN1_Object() */ Extensions& Extensions::operator=(const Extensions& other) { - for(u32bit j = 0; j != extensions.size(); ++j) - delete extensions[j]; + for(u32bit i = 0; i != extensions.size(); ++i) + delete extensions[i].first; extensions.clear(); - for(u32bit j = 0; j != other.extensions.size(); ++j) - extensions.push_back(other.extensions[j]->copy()); + for(u32bit i = 0; i != other.extensions.size(); ++i) + extensions.push_back( + std::make_pair(other.extensions[i].first->copy(), + other.extensions[i].second)); return (*this); } @@ -70,30 +71,22 @@ OID Certificate_Extension::oid_of() const return OIDS::lookup(oid_name()); } +void Extensions::add(Certificate_Extension* extn, bool critical) + { + extensions.push_back(std::make_pair(extn, critical)); + } + /* * Encode an Extensions list */ void Extensions::encode_into(DER_Encoder& to_object) const { - for(u32bit j = 0; j != extensions.size(); ++j) + for(u32bit i = 0; i != extensions.size(); ++i) { - const Certificate_Extension* ext = extensions[j]; - - std::string setting; - - if(ext->config_id() != "") - setting = global_state().option("x509/exts/" + ext->config_id()); - - if(setting == "") - setting = "yes"; - - if(setting != "yes" && setting != "no" && setting != "critical") - throw Invalid_Argument("X509_CA:: Invalid value for option " - "x509/exts/" + ext->config_id() + " of " + - setting); + const Certificate_Extension* ext = extensions[i].first; + const bool is_critical = extensions[i].second; - bool is_critical = (setting == "critical"); - bool should_encode = ext->should_encode() && (setting != "no"); + const bool should_encode = ext->should_encode(); if(should_encode) { @@ -111,8 +104,8 @@ void Extensions::encode_into(DER_Encoder& to_object) const */ void Extensions::decode_from(BER_Decoder& from_source) { - for(u32bit j = 0; j != extensions.size(); ++j) - delete extensions[j]; + for(u32bit i = 0; i != extensions.size(); ++i) + delete extensions[i].first; extensions.clear(); BER_Decoder sequence = from_source.start_cons(SEQUENCE); @@ -142,7 +135,7 @@ void Extensions::decode_from(BER_Decoder& from_source) ext->decode_inner(value); - extensions.push_back(ext); + extensions.push_back(std::make_pair(ext, critical)); } sequence.verify_end(); } @@ -153,8 +146,8 @@ void Extensions::decode_from(BER_Decoder& from_source) void Extensions::contents_to(Data_Store& subject_info, Data_Store& issuer_info) const { - for(u32bit j = 0; j != extensions.size(); ++j) - extensions[j]->contents_to(subject_info, issuer_info); + for(u32bit i = 0; i != extensions.size(); ++i) + extensions[i].first->contents_to(subject_info, issuer_info); } /* @@ -162,8 +155,8 @@ void Extensions::contents_to(Data_Store& subject_info, */ Extensions::~Extensions() { - for(u32bit j = 0; j != extensions.size(); ++j) - delete extensions[j]; + for(u32bit i = 0; i != extensions.size(); ++i) + delete extensions[i].first; } namespace Cert_Extension { @@ -262,8 +255,8 @@ void Key_Usage::decode_inner(const MemoryRegion<byte>& in) obj.value[obj.value.size()-1] &= (0xFF << obj.value[0]); u16bit usage = 0; - for(u32bit j = 1; j != obj.value.size(); ++j) - usage = (obj.value[j] << 8) | usage; + for(u32bit i = 1; i != obj.value.size(); ++i) + usage = (obj.value[i] << 8) | usage; constraints = Key_Constraints(usage); } @@ -434,8 +427,8 @@ void Extended_Key_Usage::decode_inner(const MemoryRegion<byte>& in) */ void Extended_Key_Usage::contents_to(Data_Store& subject, Data_Store&) const { - for(u32bit j = 0; j != oids.size(); ++j) - subject.add("X509v3.ExtendedKeyUsage", oids[j].as_string()); + for(u32bit i = 0; i != oids.size(); ++i) + subject.add("X509v3.ExtendedKeyUsage", oids[i].as_string()); } namespace { @@ -503,8 +496,8 @@ void Certificate_Policies::decode_inner(const MemoryRegion<byte>& in) */ void Certificate_Policies::contents_to(Data_Store& info, Data_Store&) const { - for(u32bit j = 0; j != oids.size(); ++j) - info.add("X509v3.ExtendedKeyUsage", oids[j].as_string()); + for(u32bit i = 0; i != oids.size(); ++i) + info.add("X509v3.ExtendedKeyUsage", oids[i].as_string()); } /* diff --git a/src/cert/x509/x509_ext.h b/src/cert/x509/x509_ext.h index 108215ee7..a5bfd357f 100644 --- a/src/cert/x509/x509_ext.h +++ b/src/cert/x509/x509_ext.h @@ -49,8 +49,7 @@ class BOTAN_DLL Extensions : public ASN1_Object void contents_to(Data_Store&, Data_Store&) const; - void add(Certificate_Extension* extn) - { extensions.push_back(extn); } + void add(Certificate_Extension* extn, bool critical = false); Extensions& operator=(const Extensions&); @@ -60,7 +59,7 @@ class BOTAN_DLL Extensions : public ASN1_Object private: static Certificate_Extension* get_extension(const OID&); - std::vector<Certificate_Extension*> extensions; + std::vector<std::pair<Certificate_Extension*, bool> > extensions; bool should_throw; }; diff --git a/src/cert/x509/x509_obj.cpp b/src/cert/x509/x509_obj.cpp index 820972614..1c8066c56 100644 --- a/src/cert/x509/x509_obj.cpp +++ b/src/cert/x509/x509_obj.cpp @@ -61,9 +61,9 @@ void X509_Object::init(DataSource& in, const std::string& labels) decode_info(ber); } } - catch(Decoding_Error) + catch(Decoding_Error& e) { - throw Decoding_Error(PEM_label_pref + " decoding failed"); + throw Decoding_Error(PEM_label_pref + " decoding failed: " + e.what()); } } diff --git a/src/cert/x509/x509self.cpp b/src/cert/x509/x509self.cpp index 1f647f8bb..d87c5e060 100644 --- a/src/cert/x509/x509self.cpp +++ b/src/cert/x509/x509self.cpp @@ -79,14 +79,19 @@ X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts, Extensions extensions; - extensions.add(new Cert_Extension::Subject_Key_ID(pub_key)); - extensions.add(new Cert_Extension::Key_Usage(constraints)); extensions.add( - new Cert_Extension::Extended_Key_Usage(opts.ex_constraints)); + new Cert_Extension::Basic_Constraints(opts.is_CA, opts.path_limit), + true); + + extensions.add(new Cert_Extension::Key_Usage(constraints), true); + + extensions.add(new Cert_Extension::Subject_Key_ID(pub_key)); + extensions.add( new Cert_Extension::Subject_Alternative_Name(subject_alt)); + extensions.add( - new Cert_Extension::Basic_Constraints(opts.is_CA, opts.path_limit)); + new Cert_Extension::Extended_Key_Usage(opts.ex_constraints)); return X509_CA::make_cert(signer.get(), rng, sig_algo, pub_key, opts.start, opts.end, diff --git a/src/libstate/libstate.cpp b/src/libstate/libstate.cpp index fccedacdf..c2e0ae80d 100644 --- a/src/libstate/libstate.cpp +++ b/src/libstate/libstate.cpp @@ -1,6 +1,6 @@ /* * Library Internal/Global State -* (C) 1999-2008 Jack Lloyd +* (C) 1999-2010 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -99,13 +99,9 @@ Allocator* Library_State::get_allocator(const std::string& type) if(!cached_default_allocator) { - std::string chosen = this->option("base/default_allocator"); - - if(chosen == "") - chosen = "malloc"; - cached_default_allocator = - search_map<std::string, Allocator*>(alloc_factory, chosen, 0); + search_map<std::string, Allocator*>(alloc_factory, + default_allocator_name, 0); } return cached_default_allocator; @@ -134,7 +130,7 @@ void Library_State::set_default_allocator(const std::string& type) std::lock_guard<std::mutex> lock(allocator_lock); - this->set("conf", "base/default_allocator", type); + default_allocator_name = type; cached_default_allocator = 0; } @@ -196,27 +192,10 @@ std::string Library_State::deref_alias(const std::string& key) return result; } -/* -* Set/Add an option -*/ -void Library_State::set_option(const std::string& key, - const std::string& value) - { - set("conf", key, value); - } - -/* -* Get an option value -*/ -std::string Library_State::option(const std::string& key) - { - return get("conf", key); - } - /** Return a reference to the Algorithm_Factory */ -Algorithm_Factory& Library_State::algorithm_factory() +Algorithm_Factory& Library_State::algorithm_factory() const { if(!m_algorithm_factory) throw Invalid_State("Uninitialized in Library_State::algorithm_factory"); @@ -232,6 +211,7 @@ void Library_State::initialize() throw Invalid_State("Library_State has already been initialized"); cached_default_allocator = 0; + default_allocator_name = "locking"; add_allocator(new Malloc_Allocator); add_allocator(new Locking_Allocator); @@ -240,8 +220,6 @@ void Library_State::initialize() add_allocator(new MemoryMapping_Allocator); #endif - set_default_allocator("locking"); - load_default_config(); std::vector<Engine*> engines = { diff --git a/src/libstate/libstate.h b/src/libstate/libstate.h index 5a84f9cb1..36c428ecb 100644 --- a/src/libstate/libstate.h +++ b/src/libstate/libstate.h @@ -36,7 +36,7 @@ class BOTAN_DLL Library_State /** * @return the global Algorithm_Factory */ - Algorithm_Factory& algorithm_factory(); + Algorithm_Factory& algorithm_factory() const; /** * @param name the name of the allocator @@ -90,21 +90,6 @@ class BOTAN_DLL Library_State bool overwrite = true); /** - * Get a parameters value out of the "conf" section ( - * referred to as option). - * @param key the desired keys name - */ - std::string option(const std::string& key); - - /** - * Set an option. - * @param key the key of the option to set - * @param value the value to set - */ - void set_option(const std::string& key, - const std::string& value); - - /** * Add a parameter value to the "alias" section. * @param key the name of the parameter which shall have a new alias * @param value the new alias @@ -125,6 +110,7 @@ class BOTAN_DLL Library_State std::map<std::string, std::string> config; std::mutex allocator_lock; + std::string default_allocator_name; std::map<std::string, Allocator*> alloc_factory; mutable Allocator* cached_default_allocator; std::vector<Allocator*> allocators; @@ -132,12 +118,24 @@ class BOTAN_DLL Library_State Algorithm_Factory* m_algorithm_factory; }; -/* -* Global State +/** +* Access the global library state +* @return reference to the global library state */ BOTAN_DLL Library_State& global_state(); -BOTAN_DLL void set_global_state(Library_State*); -BOTAN_DLL Library_State* swap_global_state(Library_State*); + +/** +* Set the global state object +* @param state the new global state to use +*/ +BOTAN_DLL void set_global_state(Library_State* state); + +/** +* Swap the current state for another +* @param new_state the new state object to use +* @return the previous state (or NULL if none) +*/ +BOTAN_DLL Library_State* swap_global_state(Library_State* new_state); } diff --git a/src/libstate/policy.cpp b/src/libstate/policy.cpp index d792443a0..803ca518e 100644 --- a/src/libstate/policy.cpp +++ b/src/libstate/policy.cpp @@ -1,6 +1,6 @@ /* * Default Policy -* (C) 1999-2008 Jack Lloyd +* (C) 1999-2010 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -280,23 +280,6 @@ void set_default_aliases(Library_State& config) } /* -* Set the default configuration toggles -*/ -void set_default_config(Library_State& config) - { - config.set_option("base/default_allocator", "malloc"); - - config.set_option("x509/exts/basic_constraints", "critical"); - config.set_option("x509/exts/subject_key_id", "yes"); - config.set_option("x509/exts/authority_key_id", "yes"); - config.set_option("x509/exts/subject_alternative_name", "yes"); - config.set_option("x509/exts/issuer_alternative_name", "no"); - config.set_option("x509/exts/key_usage", "critical"); - config.set_option("x509/exts/extended_key_usage", "yes"); - config.set_option("x509/exts/crl_number", "yes"); - } - -/* * Set the built-in discrete log groups */ void set_default_dl_groups(Library_State& config) @@ -812,7 +795,6 @@ void set_default_dl_groups(Library_State& config) */ void Library_State::load_default_config() { - set_default_config(*this); set_default_aliases(*this); set_default_oids(*this); set_default_dl_groups(*this); diff --git a/src/pubkey/dh/dh.cpp b/src/pubkey/dh/dh.cpp index b491be7bc..1a6c6986d 100644 --- a/src/pubkey/dh/dh.cpp +++ b/src/pubkey/dh/dh.cpp @@ -78,7 +78,7 @@ MemoryVector<byte> DH_PrivateKey::public_value() const DH_KA_Operation::DH_KA_Operation(const DH_PrivateKey& dh) : p(dh.group_p()), powermod_x_p(dh.get_x(), p) { - BigInt k = Blinder::choose_nonce(powermod_x_p(2), p); + BigInt k = Blinder::choose_nonce(powermod_x_p(dh.get_y()), p); blinder = Blinder(k, powermod_x_p(inverse_mod(k, p)), p); } diff --git a/src/pubkey/dsa/dsa.cpp b/src/pubkey/dsa/dsa.cpp index 2b9a73015..ca396204a 100644 --- a/src/pubkey/dsa/dsa.cpp +++ b/src/pubkey/dsa/dsa.cpp @@ -91,22 +91,23 @@ DSA_Signature_Operation::sign(const byte msg[], u32bit msg_len, { rng.add_entropy(msg, msg_len); - BigInt k; - do - k.randomize(rng, q.bits()); - while(k >= q); - - auto future_r = std::async(std::launch::async, - [&]() { return mod_q.reduce(powermod_g_p(k)); }); - BigInt i(msg, msg_len); + BigInt r = 0, s = 0; - BigInt s = inverse_mod(k, q); - BigInt r = future_r.get(); - s = mod_q.multiply(s, mul_add(x, r, i)); + while(r == 0 || s == 0) + { + BigInt k; + do + k.randomize(rng, q.bits()); + while(k >= q); - if(r.is_zero() || s.is_zero()) - throw Internal_Error("DSA signature gen failure: r or s was zero"); + auto future_r = std::async(std::launch::async, + [&]() { return mod_q.reduce(powermod_g_p(k)); }); + + s = inverse_mod(k, q); + r = future_r.get(); + s = mod_q.multiply(s, mul_add(x, r, i)); + } SecureVector<byte> output(2*q.bytes()); r.binary_encode(output + (output.size() / 2 - r.bytes())); diff --git a/src/pubkey/elgamal/elgamal.cpp b/src/pubkey/elgamal/elgamal.cpp index b9c4803f3..3ae0f5aae 100644 --- a/src/pubkey/elgamal/elgamal.cpp +++ b/src/pubkey/elgamal/elgamal.cpp @@ -118,7 +118,7 @@ ElGamal_Decryption_Operation::ElGamal_Decryption_Operation(const ElGamal_Private powermod_x_p = Fixed_Exponent_Power_Mod(key.get_x(), p); mod_p = Modular_Reducer(p); - BigInt k = Blinder::choose_nonce(powermod_x_p(2), p); + BigInt k = Blinder::choose_nonce(powermod_x_p(key.get_y()), p); blinder = Blinder(k, powermod_x_p(k), p); } diff --git a/src/pubkey/nr/nr.cpp b/src/pubkey/nr/nr.cpp index 440fa22e4..50cf080fb 100644 --- a/src/pubkey/nr/nr.cpp +++ b/src/pubkey/nr/nr.cpp @@ -100,20 +100,23 @@ NR_Signature_Operation::sign(const byte msg[], u32bit msg_len, { rng.add_entropy(msg, msg_len); - BigInt k; - do - k.randomize(rng, q.bits()); - while(k >= q); - BigInt f(msg, msg_len); if(f >= q) throw Invalid_Argument("NR_Signature_Operation: Input is out of range"); - BigInt c = mod_q.reduce(powermod_g_p(k) + f); - if(c.is_zero()) - throw Internal_Error("NR_Signature_Operation: c was zero"); - BigInt d = mod_q.reduce(k - x * c); + BigInt c, d; + + while(c == 0) + { + BigInt k; + do + k.randomize(rng, q.bits()); + while(k >= q); + + c = mod_q.reduce(powermod_g_p(k) + f); + d = mod_q.reduce(k - x * c); + } SecureVector<byte> output(2*q.bytes()); c.binary_encode(output + (output.size() / 2 - c.bytes())); diff --git a/src/pubkey/rsa/rsa.cpp b/src/pubkey/rsa/rsa.cpp index e27b2056d..51c9fd19c 100644 --- a/src/pubkey/rsa/rsa.cpp +++ b/src/pubkey/rsa/rsa.cpp @@ -101,7 +101,7 @@ BigInt RSA_Private_Operation::private_op(const BigInt& m) const SecureVector<byte> RSA_Private_Operation::sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) + RandomNumberGenerator&) { /* We don't check signatures against powermod_e_n here because PK_Signer checks verification consistency for all signature diff --git a/src/pubkey/rsa/rsa.h b/src/pubkey/rsa/rsa.h index 72cd80fef..7d517e986 100644 --- a/src/pubkey/rsa/rsa.h +++ b/src/pubkey/rsa/rsa.h @@ -22,9 +22,6 @@ class BOTAN_DLL RSA_PublicKey : public virtual IF_Scheme_PublicKey public: std::string algo_name() const { return "RSA"; } - SecureVector<byte> encrypt(const byte[], u32bit, - RandomNumberGenerator& rng) const; - RSA_PublicKey(const AlgorithmIdentifier& alg_id, const MemoryRegion<byte>& key_bits) : IF_Scheme_PublicKey(alg_id, key_bits) @@ -50,8 +47,6 @@ class BOTAN_DLL RSA_PrivateKey : public RSA_PublicKey, public IF_Scheme_PrivateKey { public: - SecureVector<byte> decrypt(const byte[], u32bit) const; - bool check_key(RandomNumberGenerator& rng, bool) const; RSA_PrivateKey(const AlgorithmIdentifier& alg_id, |