aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/alloc/secmem.h2
-rw-r--r--src/cert/x509/x509_ca.cpp12
-rw-r--r--src/cert/x509/x509_ext.cpp65
-rw-r--r--src/cert/x509/x509_ext.h5
-rw-r--r--src/cert/x509/x509_obj.cpp4
-rw-r--r--src/cert/x509/x509self.cpp13
-rw-r--r--src/libstate/libstate.cpp34
-rw-r--r--src/libstate/libstate.h38
-rw-r--r--src/libstate/policy.cpp20
-rw-r--r--src/pubkey/dh/dh.cpp2
-rw-r--r--src/pubkey/dsa/dsa.cpp27
-rw-r--r--src/pubkey/elgamal/elgamal.cpp2
-rw-r--r--src/pubkey/nr/nr.cpp21
-rw-r--r--src/pubkey/rsa/rsa.cpp2
-rw-r--r--src/pubkey/rsa/rsa.h5
15 files changed, 104 insertions, 148 deletions
diff --git a/src/alloc/secmem.h b/src/alloc/secmem.h
index fd08c6198..42b5c7a2d 100644
--- a/src/alloc/secmem.h
+++ b/src/alloc/secmem.h
@@ -210,7 +210,7 @@ class MemoryRegion
}
void deallocate(T* p, u32bit n)
- { alloc->deallocate(p, sizeof(T)*n); }
+ { if(alloc && p && n) alloc->deallocate(p, sizeof(T)*n); }
T* buf;
u32bit used;
diff --git a/src/cert/x509/x509_ca.cpp b/src/cert/x509/x509_ca.cpp
index 3eb7ff77e..5af824946 100644
--- a/src/cert/x509/x509_ca.cpp
+++ b/src/cert/x509/x509_ca.cpp
@@ -59,19 +59,21 @@ X509_Certificate X509_CA::sign_request(const PKCS10_Request& req,
Extensions extensions;
+ extensions.add(
+ new Cert_Extension::Basic_Constraints(req.is_CA(), req.path_limit()),
+ true);
+
+ extensions.add(new Cert_Extension::Key_Usage(constraints), true);
+
extensions.add(new Cert_Extension::Authority_Key_ID(cert.subject_key_id()));
extensions.add(new Cert_Extension::Subject_Key_ID(req.raw_public_key()));
extensions.add(
- new Cert_Extension::Basic_Constraints(req.is_CA(), req.path_limit()));
+ new Cert_Extension::Subject_Alternative_Name(req.subject_alt_name()));
- extensions.add(new Cert_Extension::Key_Usage(constraints));
extensions.add(
new Cert_Extension::Extended_Key_Usage(req.ex_constraints()));
- extensions.add(
- new Cert_Extension::Subject_Alternative_Name(req.subject_alt_name()));
-
return make_cert(signer, rng, ca_sig_algo,
req.raw_public_key(),
not_before, not_after,
diff --git a/src/cert/x509/x509_ext.cpp b/src/cert/x509/x509_ext.cpp
index 69b21d8b3..3e51d1fa2 100644
--- a/src/cert/x509/x509_ext.cpp
+++ b/src/cert/x509/x509_ext.cpp
@@ -1,6 +1,6 @@
/*
* X.509 Certificate Extensions
-* (C) 1999-2007 Jack Lloyd
+* (C) 1999-2010 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/
@@ -10,7 +10,6 @@
#include <botan/der_enc.h>
#include <botan/ber_dec.h>
#include <botan/oids.h>
-#include <botan/libstate.h>
#include <botan/internal/bit_ops.h>
#include <algorithm>
#include <memory>
@@ -52,12 +51,14 @@ Extensions::Extensions(const Extensions& extensions) : ASN1_Object()
*/
Extensions& Extensions::operator=(const Extensions& other)
{
- for(u32bit j = 0; j != extensions.size(); ++j)
- delete extensions[j];
+ for(u32bit i = 0; i != extensions.size(); ++i)
+ delete extensions[i].first;
extensions.clear();
- for(u32bit j = 0; j != other.extensions.size(); ++j)
- extensions.push_back(other.extensions[j]->copy());
+ for(u32bit i = 0; i != other.extensions.size(); ++i)
+ extensions.push_back(
+ std::make_pair(other.extensions[i].first->copy(),
+ other.extensions[i].second));
return (*this);
}
@@ -70,30 +71,22 @@ OID Certificate_Extension::oid_of() const
return OIDS::lookup(oid_name());
}
+void Extensions::add(Certificate_Extension* extn, bool critical)
+ {
+ extensions.push_back(std::make_pair(extn, critical));
+ }
+
/*
* Encode an Extensions list
*/
void Extensions::encode_into(DER_Encoder& to_object) const
{
- for(u32bit j = 0; j != extensions.size(); ++j)
+ for(u32bit i = 0; i != extensions.size(); ++i)
{
- const Certificate_Extension* ext = extensions[j];
-
- std::string setting;
-
- if(ext->config_id() != "")
- setting = global_state().option("x509/exts/" + ext->config_id());
-
- if(setting == "")
- setting = "yes";
-
- if(setting != "yes" && setting != "no" && setting != "critical")
- throw Invalid_Argument("X509_CA:: Invalid value for option "
- "x509/exts/" + ext->config_id() + " of " +
- setting);
+ const Certificate_Extension* ext = extensions[i].first;
+ const bool is_critical = extensions[i].second;
- bool is_critical = (setting == "critical");
- bool should_encode = ext->should_encode() && (setting != "no");
+ const bool should_encode = ext->should_encode();
if(should_encode)
{
@@ -111,8 +104,8 @@ void Extensions::encode_into(DER_Encoder& to_object) const
*/
void Extensions::decode_from(BER_Decoder& from_source)
{
- for(u32bit j = 0; j != extensions.size(); ++j)
- delete extensions[j];
+ for(u32bit i = 0; i != extensions.size(); ++i)
+ delete extensions[i].first;
extensions.clear();
BER_Decoder sequence = from_source.start_cons(SEQUENCE);
@@ -142,7 +135,7 @@ void Extensions::decode_from(BER_Decoder& from_source)
ext->decode_inner(value);
- extensions.push_back(ext);
+ extensions.push_back(std::make_pair(ext, critical));
}
sequence.verify_end();
}
@@ -153,8 +146,8 @@ void Extensions::decode_from(BER_Decoder& from_source)
void Extensions::contents_to(Data_Store& subject_info,
Data_Store& issuer_info) const
{
- for(u32bit j = 0; j != extensions.size(); ++j)
- extensions[j]->contents_to(subject_info, issuer_info);
+ for(u32bit i = 0; i != extensions.size(); ++i)
+ extensions[i].first->contents_to(subject_info, issuer_info);
}
/*
@@ -162,8 +155,8 @@ void Extensions::contents_to(Data_Store& subject_info,
*/
Extensions::~Extensions()
{
- for(u32bit j = 0; j != extensions.size(); ++j)
- delete extensions[j];
+ for(u32bit i = 0; i != extensions.size(); ++i)
+ delete extensions[i].first;
}
namespace Cert_Extension {
@@ -262,8 +255,8 @@ void Key_Usage::decode_inner(const MemoryRegion<byte>& in)
obj.value[obj.value.size()-1] &= (0xFF << obj.value[0]);
u16bit usage = 0;
- for(u32bit j = 1; j != obj.value.size(); ++j)
- usage = (obj.value[j] << 8) | usage;
+ for(u32bit i = 1; i != obj.value.size(); ++i)
+ usage = (obj.value[i] << 8) | usage;
constraints = Key_Constraints(usage);
}
@@ -434,8 +427,8 @@ void Extended_Key_Usage::decode_inner(const MemoryRegion<byte>& in)
*/
void Extended_Key_Usage::contents_to(Data_Store& subject, Data_Store&) const
{
- for(u32bit j = 0; j != oids.size(); ++j)
- subject.add("X509v3.ExtendedKeyUsage", oids[j].as_string());
+ for(u32bit i = 0; i != oids.size(); ++i)
+ subject.add("X509v3.ExtendedKeyUsage", oids[i].as_string());
}
namespace {
@@ -503,8 +496,8 @@ void Certificate_Policies::decode_inner(const MemoryRegion<byte>& in)
*/
void Certificate_Policies::contents_to(Data_Store& info, Data_Store&) const
{
- for(u32bit j = 0; j != oids.size(); ++j)
- info.add("X509v3.ExtendedKeyUsage", oids[j].as_string());
+ for(u32bit i = 0; i != oids.size(); ++i)
+ info.add("X509v3.ExtendedKeyUsage", oids[i].as_string());
}
/*
diff --git a/src/cert/x509/x509_ext.h b/src/cert/x509/x509_ext.h
index 108215ee7..a5bfd357f 100644
--- a/src/cert/x509/x509_ext.h
+++ b/src/cert/x509/x509_ext.h
@@ -49,8 +49,7 @@ class BOTAN_DLL Extensions : public ASN1_Object
void contents_to(Data_Store&, Data_Store&) const;
- void add(Certificate_Extension* extn)
- { extensions.push_back(extn); }
+ void add(Certificate_Extension* extn, bool critical = false);
Extensions& operator=(const Extensions&);
@@ -60,7 +59,7 @@ class BOTAN_DLL Extensions : public ASN1_Object
private:
static Certificate_Extension* get_extension(const OID&);
- std::vector<Certificate_Extension*> extensions;
+ std::vector<std::pair<Certificate_Extension*, bool> > extensions;
bool should_throw;
};
diff --git a/src/cert/x509/x509_obj.cpp b/src/cert/x509/x509_obj.cpp
index 820972614..1c8066c56 100644
--- a/src/cert/x509/x509_obj.cpp
+++ b/src/cert/x509/x509_obj.cpp
@@ -61,9 +61,9 @@ void X509_Object::init(DataSource& in, const std::string& labels)
decode_info(ber);
}
}
- catch(Decoding_Error)
+ catch(Decoding_Error& e)
{
- throw Decoding_Error(PEM_label_pref + " decoding failed");
+ throw Decoding_Error(PEM_label_pref + " decoding failed: " + e.what());
}
}
diff --git a/src/cert/x509/x509self.cpp b/src/cert/x509/x509self.cpp
index 1f647f8bb..d87c5e060 100644
--- a/src/cert/x509/x509self.cpp
+++ b/src/cert/x509/x509self.cpp
@@ -79,14 +79,19 @@ X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts,
Extensions extensions;
- extensions.add(new Cert_Extension::Subject_Key_ID(pub_key));
- extensions.add(new Cert_Extension::Key_Usage(constraints));
extensions.add(
- new Cert_Extension::Extended_Key_Usage(opts.ex_constraints));
+ new Cert_Extension::Basic_Constraints(opts.is_CA, opts.path_limit),
+ true);
+
+ extensions.add(new Cert_Extension::Key_Usage(constraints), true);
+
+ extensions.add(new Cert_Extension::Subject_Key_ID(pub_key));
+
extensions.add(
new Cert_Extension::Subject_Alternative_Name(subject_alt));
+
extensions.add(
- new Cert_Extension::Basic_Constraints(opts.is_CA, opts.path_limit));
+ new Cert_Extension::Extended_Key_Usage(opts.ex_constraints));
return X509_CA::make_cert(signer.get(), rng, sig_algo, pub_key,
opts.start, opts.end,
diff --git a/src/libstate/libstate.cpp b/src/libstate/libstate.cpp
index fccedacdf..c2e0ae80d 100644
--- a/src/libstate/libstate.cpp
+++ b/src/libstate/libstate.cpp
@@ -1,6 +1,6 @@
/*
* Library Internal/Global State
-* (C) 1999-2008 Jack Lloyd
+* (C) 1999-2010 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/
@@ -99,13 +99,9 @@ Allocator* Library_State::get_allocator(const std::string& type)
if(!cached_default_allocator)
{
- std::string chosen = this->option("base/default_allocator");
-
- if(chosen == "")
- chosen = "malloc";
-
cached_default_allocator =
- search_map<std::string, Allocator*>(alloc_factory, chosen, 0);
+ search_map<std::string, Allocator*>(alloc_factory,
+ default_allocator_name, 0);
}
return cached_default_allocator;
@@ -134,7 +130,7 @@ void Library_State::set_default_allocator(const std::string& type)
std::lock_guard<std::mutex> lock(allocator_lock);
- this->set("conf", "base/default_allocator", type);
+ default_allocator_name = type;
cached_default_allocator = 0;
}
@@ -196,27 +192,10 @@ std::string Library_State::deref_alias(const std::string& key)
return result;
}
-/*
-* Set/Add an option
-*/
-void Library_State::set_option(const std::string& key,
- const std::string& value)
- {
- set("conf", key, value);
- }
-
-/*
-* Get an option value
-*/
-std::string Library_State::option(const std::string& key)
- {
- return get("conf", key);
- }
-
/**
Return a reference to the Algorithm_Factory
*/
-Algorithm_Factory& Library_State::algorithm_factory()
+Algorithm_Factory& Library_State::algorithm_factory() const
{
if(!m_algorithm_factory)
throw Invalid_State("Uninitialized in Library_State::algorithm_factory");
@@ -232,6 +211,7 @@ void Library_State::initialize()
throw Invalid_State("Library_State has already been initialized");
cached_default_allocator = 0;
+ default_allocator_name = "locking";
add_allocator(new Malloc_Allocator);
add_allocator(new Locking_Allocator);
@@ -240,8 +220,6 @@ void Library_State::initialize()
add_allocator(new MemoryMapping_Allocator);
#endif
- set_default_allocator("locking");
-
load_default_config();
std::vector<Engine*> engines = {
diff --git a/src/libstate/libstate.h b/src/libstate/libstate.h
index 5a84f9cb1..36c428ecb 100644
--- a/src/libstate/libstate.h
+++ b/src/libstate/libstate.h
@@ -36,7 +36,7 @@ class BOTAN_DLL Library_State
/**
* @return the global Algorithm_Factory
*/
- Algorithm_Factory& algorithm_factory();
+ Algorithm_Factory& algorithm_factory() const;
/**
* @param name the name of the allocator
@@ -90,21 +90,6 @@ class BOTAN_DLL Library_State
bool overwrite = true);
/**
- * Get a parameters value out of the "conf" section (
- * referred to as option).
- * @param key the desired keys name
- */
- std::string option(const std::string& key);
-
- /**
- * Set an option.
- * @param key the key of the option to set
- * @param value the value to set
- */
- void set_option(const std::string& key,
- const std::string& value);
-
- /**
* Add a parameter value to the "alias" section.
* @param key the name of the parameter which shall have a new alias
* @param value the new alias
@@ -125,6 +110,7 @@ class BOTAN_DLL Library_State
std::map<std::string, std::string> config;
std::mutex allocator_lock;
+ std::string default_allocator_name;
std::map<std::string, Allocator*> alloc_factory;
mutable Allocator* cached_default_allocator;
std::vector<Allocator*> allocators;
@@ -132,12 +118,24 @@ class BOTAN_DLL Library_State
Algorithm_Factory* m_algorithm_factory;
};
-/*
-* Global State
+/**
+* Access the global library state
+* @return reference to the global library state
*/
BOTAN_DLL Library_State& global_state();
-BOTAN_DLL void set_global_state(Library_State*);
-BOTAN_DLL Library_State* swap_global_state(Library_State*);
+
+/**
+* Set the global state object
+* @param state the new global state to use
+*/
+BOTAN_DLL void set_global_state(Library_State* state);
+
+/**
+* Swap the current state for another
+* @param new_state the new state object to use
+* @return the previous state (or NULL if none)
+*/
+BOTAN_DLL Library_State* swap_global_state(Library_State* new_state);
}
diff --git a/src/libstate/policy.cpp b/src/libstate/policy.cpp
index d792443a0..803ca518e 100644
--- a/src/libstate/policy.cpp
+++ b/src/libstate/policy.cpp
@@ -1,6 +1,6 @@
/*
* Default Policy
-* (C) 1999-2008 Jack Lloyd
+* (C) 1999-2010 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/
@@ -280,23 +280,6 @@ void set_default_aliases(Library_State& config)
}
/*
-* Set the default configuration toggles
-*/
-void set_default_config(Library_State& config)
- {
- config.set_option("base/default_allocator", "malloc");
-
- config.set_option("x509/exts/basic_constraints", "critical");
- config.set_option("x509/exts/subject_key_id", "yes");
- config.set_option("x509/exts/authority_key_id", "yes");
- config.set_option("x509/exts/subject_alternative_name", "yes");
- config.set_option("x509/exts/issuer_alternative_name", "no");
- config.set_option("x509/exts/key_usage", "critical");
- config.set_option("x509/exts/extended_key_usage", "yes");
- config.set_option("x509/exts/crl_number", "yes");
- }
-
-/*
* Set the built-in discrete log groups
*/
void set_default_dl_groups(Library_State& config)
@@ -812,7 +795,6 @@ void set_default_dl_groups(Library_State& config)
*/
void Library_State::load_default_config()
{
- set_default_config(*this);
set_default_aliases(*this);
set_default_oids(*this);
set_default_dl_groups(*this);
diff --git a/src/pubkey/dh/dh.cpp b/src/pubkey/dh/dh.cpp
index b491be7bc..1a6c6986d 100644
--- a/src/pubkey/dh/dh.cpp
+++ b/src/pubkey/dh/dh.cpp
@@ -78,7 +78,7 @@ MemoryVector<byte> DH_PrivateKey::public_value() const
DH_KA_Operation::DH_KA_Operation(const DH_PrivateKey& dh) :
p(dh.group_p()), powermod_x_p(dh.get_x(), p)
{
- BigInt k = Blinder::choose_nonce(powermod_x_p(2), p);
+ BigInt k = Blinder::choose_nonce(powermod_x_p(dh.get_y()), p);
blinder = Blinder(k, powermod_x_p(inverse_mod(k, p)), p);
}
diff --git a/src/pubkey/dsa/dsa.cpp b/src/pubkey/dsa/dsa.cpp
index 2b9a73015..ca396204a 100644
--- a/src/pubkey/dsa/dsa.cpp
+++ b/src/pubkey/dsa/dsa.cpp
@@ -91,22 +91,23 @@ DSA_Signature_Operation::sign(const byte msg[], u32bit msg_len,
{
rng.add_entropy(msg, msg_len);
- BigInt k;
- do
- k.randomize(rng, q.bits());
- while(k >= q);
-
- auto future_r = std::async(std::launch::async,
- [&]() { return mod_q.reduce(powermod_g_p(k)); });
-
BigInt i(msg, msg_len);
+ BigInt r = 0, s = 0;
- BigInt s = inverse_mod(k, q);
- BigInt r = future_r.get();
- s = mod_q.multiply(s, mul_add(x, r, i));
+ while(r == 0 || s == 0)
+ {
+ BigInt k;
+ do
+ k.randomize(rng, q.bits());
+ while(k >= q);
- if(r.is_zero() || s.is_zero())
- throw Internal_Error("DSA signature gen failure: r or s was zero");
+ auto future_r = std::async(std::launch::async,
+ [&]() { return mod_q.reduce(powermod_g_p(k)); });
+
+ s = inverse_mod(k, q);
+ r = future_r.get();
+ s = mod_q.multiply(s, mul_add(x, r, i));
+ }
SecureVector<byte> output(2*q.bytes());
r.binary_encode(output + (output.size() / 2 - r.bytes()));
diff --git a/src/pubkey/elgamal/elgamal.cpp b/src/pubkey/elgamal/elgamal.cpp
index b9c4803f3..3ae0f5aae 100644
--- a/src/pubkey/elgamal/elgamal.cpp
+++ b/src/pubkey/elgamal/elgamal.cpp
@@ -118,7 +118,7 @@ ElGamal_Decryption_Operation::ElGamal_Decryption_Operation(const ElGamal_Private
powermod_x_p = Fixed_Exponent_Power_Mod(key.get_x(), p);
mod_p = Modular_Reducer(p);
- BigInt k = Blinder::choose_nonce(powermod_x_p(2), p);
+ BigInt k = Blinder::choose_nonce(powermod_x_p(key.get_y()), p);
blinder = Blinder(k, powermod_x_p(k), p);
}
diff --git a/src/pubkey/nr/nr.cpp b/src/pubkey/nr/nr.cpp
index 440fa22e4..50cf080fb 100644
--- a/src/pubkey/nr/nr.cpp
+++ b/src/pubkey/nr/nr.cpp
@@ -100,20 +100,23 @@ NR_Signature_Operation::sign(const byte msg[], u32bit msg_len,
{
rng.add_entropy(msg, msg_len);
- BigInt k;
- do
- k.randomize(rng, q.bits());
- while(k >= q);
-
BigInt f(msg, msg_len);
if(f >= q)
throw Invalid_Argument("NR_Signature_Operation: Input is out of range");
- BigInt c = mod_q.reduce(powermod_g_p(k) + f);
- if(c.is_zero())
- throw Internal_Error("NR_Signature_Operation: c was zero");
- BigInt d = mod_q.reduce(k - x * c);
+ BigInt c, d;
+
+ while(c == 0)
+ {
+ BigInt k;
+ do
+ k.randomize(rng, q.bits());
+ while(k >= q);
+
+ c = mod_q.reduce(powermod_g_p(k) + f);
+ d = mod_q.reduce(k - x * c);
+ }
SecureVector<byte> output(2*q.bytes());
c.binary_encode(output + (output.size() / 2 - c.bytes()));
diff --git a/src/pubkey/rsa/rsa.cpp b/src/pubkey/rsa/rsa.cpp
index e27b2056d..51c9fd19c 100644
--- a/src/pubkey/rsa/rsa.cpp
+++ b/src/pubkey/rsa/rsa.cpp
@@ -101,7 +101,7 @@ BigInt RSA_Private_Operation::private_op(const BigInt& m) const
SecureVector<byte>
RSA_Private_Operation::sign(const byte msg[], u32bit msg_len,
- RandomNumberGenerator& rng)
+ RandomNumberGenerator&)
{
/* We don't check signatures against powermod_e_n here because
PK_Signer checks verification consistency for all signature
diff --git a/src/pubkey/rsa/rsa.h b/src/pubkey/rsa/rsa.h
index 72cd80fef..7d517e986 100644
--- a/src/pubkey/rsa/rsa.h
+++ b/src/pubkey/rsa/rsa.h
@@ -22,9 +22,6 @@ class BOTAN_DLL RSA_PublicKey : public virtual IF_Scheme_PublicKey
public:
std::string algo_name() const { return "RSA"; }
- SecureVector<byte> encrypt(const byte[], u32bit,
- RandomNumberGenerator& rng) const;
-
RSA_PublicKey(const AlgorithmIdentifier& alg_id,
const MemoryRegion<byte>& key_bits) :
IF_Scheme_PublicKey(alg_id, key_bits)
@@ -50,8 +47,6 @@ class BOTAN_DLL RSA_PrivateKey : public RSA_PublicKey,
public IF_Scheme_PrivateKey
{
public:
- SecureVector<byte> decrypt(const byte[], u32bit) const;
-
bool check_key(RandomNumberGenerator& rng, bool) const;
RSA_PrivateKey(const AlgorithmIdentifier& alg_id,