aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2016-02-07 01:17:47 -0500
committerJack Lloyd <[email protected]>2016-02-07 02:30:54 -0500
commit3fcb235c98a78a3cf98633a6a6067b82d2a8b871 (patch)
tree30feb856393f4f6ec61666f94390e27ca5bd93c3
parent45d2ae1b48aeebd00567d820dfb8fe261bb50be9 (diff)
Remove TLS heartbeat support.
The signature of the alert callback remains unchanged to avoid breaking applications, though now the buffer parameter is never set.
-rw-r--r--src/cli/tls_client.cpp2
-rw-r--r--src/lib/tls/info.txt1
-rw-r--r--src/lib/tls/msg_client_hello.cpp6
-rw-r--r--src/lib/tls/msg_server_hello.cpp6
-rw-r--r--src/lib/tls/tls_alert.cpp3
-rw-r--r--src/lib/tls/tls_alert.h3
-rw-r--r--src/lib/tls/tls_channel.cpp52
-rw-r--r--src/lib/tls/tls_channel.h22
-rw-r--r--src/lib/tls/tls_extensions.cpp3
-rw-r--r--src/lib/tls/tls_extensions.h26
-rw-r--r--src/lib/tls/tls_heartbeats.cpp90
-rw-r--r--src/lib/tls/tls_heartbeats.h44
-rw-r--r--src/lib/tls/tls_magic.h1
-rw-r--r--src/lib/tls/tls_messages.h24
-rw-r--r--src/lib/tls/tls_policy.cpp2
-rw-r--r--src/lib/tls/tls_policy.h8
16 files changed, 1 insertions, 292 deletions
diff --git a/src/cli/tls_client.cpp b/src/cli/tls_client.cpp
index a16f1ef88..62c909d5d 100644
--- a/src/cli/tls_client.cpp
+++ b/src/cli/tls_client.cpp
@@ -175,8 +175,6 @@ class TLS_Client final : public Command
client.close();
}
}
- else if(buf[0] == 'H')
- client.heartbeat(&buf[1], got-1);
else
client.send(buf, got);
}
diff --git a/src/lib/tls/info.txt b/src/lib/tls/info.txt
index 1b0cf1415..50b6dbbdf 100644
--- a/src/lib/tls/info.txt
+++ b/src/lib/tls/info.txt
@@ -25,7 +25,6 @@ tls_extensions.h
tls_handshake_hash.h
tls_handshake_io.h
tls_handshake_state.h
-tls_heartbeats.h
tls_messages.h
tls_reader.h
tls_record.h
diff --git a/src/lib/tls/msg_client_hello.cpp b/src/lib/tls/msg_client_hello.cpp
index fffb321d6..34edac29c 100644
--- a/src/lib/tls/msg_client_hello.cpp
+++ b/src/lib/tls/msg_client_hello.cpp
@@ -87,9 +87,6 @@ Client_Hello::Client_Hello(Handshake_IO& io,
m_extensions.add(new Session_Ticket());
m_extensions.add(new Supported_Elliptic_Curves(policy.allowed_ecc_curves()));
- if(policy.negotiate_heartbeat_support())
- m_extensions.add(new Heartbeat_Support_Indicator(true));
-
if(m_version.supports_negotiable_signature_algorithms())
m_extensions.add(new Signature_Algorithms(policy.allowed_signature_hashes(),
policy.allowed_signature_methods()));
@@ -144,9 +141,6 @@ Client_Hello::Client_Hello(Handshake_IO& io,
m_extensions.add(new Session_Ticket(session.session_ticket()));
m_extensions.add(new Supported_Elliptic_Curves(policy.allowed_ecc_curves()));
- if(policy.negotiate_heartbeat_support())
- m_extensions.add(new Heartbeat_Support_Indicator(true));
-
if(session.fragment_size() != 0)
m_extensions.add(new Maximum_Fragment_Length(session.fragment_size()));
diff --git a/src/lib/tls/msg_server_hello.cpp b/src/lib/tls/msg_server_hello.cpp
index 8d61fb23c..bbc483a4e 100644
--- a/src/lib/tls/msg_server_hello.cpp
+++ b/src/lib/tls/msg_server_hello.cpp
@@ -47,9 +47,6 @@ Server_Hello::Server_Hello(Handshake_IO& io,
if(size_t max_fragment_size = client_hello.fragment_size())
m_extensions.add(new Maximum_Fragment_Length(max_fragment_size));
- if(policy.negotiate_heartbeat_support() && client_hello.supports_heartbeats())
- m_extensions.add(new Heartbeat_Support_Indicator(true));
-
if(!next_protocol.empty() && client_hello.supports_alpn())
m_extensions.add(new Application_Layer_Protocol_Notification(next_protocol));
@@ -105,9 +102,6 @@ Server_Hello::Server_Hello(Handshake_IO& io,
if(size_t max_fragment_size = resumed_session.fragment_size())
m_extensions.add(new Maximum_Fragment_Length(max_fragment_size));
- if(policy.negotiate_heartbeat_support() && client_hello.supports_heartbeats())
- m_extensions.add(new Heartbeat_Support_Indicator(true));
-
if(!next_protocol.empty() && client_hello.supports_alpn())
m_extensions.add(new Application_Layer_Protocol_Notification(next_protocol));
diff --git a/src/lib/tls/tls_alert.cpp b/src/lib/tls/tls_alert.cpp
index 5cfb1b0b1..6cecb3bbe 100644
--- a/src/lib/tls/tls_alert.cpp
+++ b/src/lib/tls/tls_alert.cpp
@@ -108,9 +108,6 @@ std::string Alert::type_string() const
case NULL_ALERT:
return "none";
-
- case HEARTBEAT_PAYLOAD:
- return "heartbeat_payload";
}
/*
diff --git a/src/lib/tls/tls_alert.h b/src/lib/tls/tls_alert.h
index 81946d9db..2c82514a3 100644
--- a/src/lib/tls/tls_alert.h
+++ b/src/lib/tls/tls_alert.h
@@ -60,8 +60,7 @@ class BOTAN_DLL Alert
NO_APPLICATION_PROTOCOL = 120, // RFC 7301
// pseudo alert values
- NULL_ALERT = 256,
- HEARTBEAT_PAYLOAD = 257
+ NULL_ALERT = 256
};
/**
diff --git a/src/lib/tls/tls_channel.cpp b/src/lib/tls/tls_channel.cpp
index c7adc18cd..44627e7bc 100644
--- a/src/lib/tls/tls_channel.cpp
+++ b/src/lib/tls/tls_channel.cpp
@@ -8,7 +8,6 @@
#include <botan/tls_channel.h>
#include <botan/internal/tls_handshake_state.h>
#include <botan/internal/tls_messages.h>
-#include <botan/internal/tls_heartbeats.h>
#include <botan/internal/tls_record.h>
#include <botan/internal/tls_seq_numbers.h>
#include <botan/internal/rounding.h>
@@ -269,20 +268,6 @@ void Channel::activate_session()
}
}
-bool Channel::peer_supports_heartbeats() const
- {
- if(auto active = active_state())
- return active->server_hello()->supports_heartbeats();
- return false;
- }
-
-bool Channel::heartbeat_sending_allowed() const
- {
- if(auto active = active_state())
- return active->server_hello()->peer_can_send_heartbeats();
- return false;
- }
-
size_t Channel::received_data(const std::vector<byte>& buf)
{
return this->received_data(buf.data(), buf.size());
@@ -394,31 +379,6 @@ size_t Channel::received_data(const byte input[], size_t input_size)
}
}
}
- else if(record_type == HEARTBEAT && peer_supports_heartbeats())
- {
- if(!active_state())
- throw Unexpected_Message("Heartbeat sent before handshake done");
-
- Heartbeat_Message heartbeat(unlock(record));
-
- const std::vector<byte>& payload = heartbeat.payload();
-
- if(heartbeat.is_request())
- {
- if(!pending_state())
- {
- const std::vector<byte> padding = unlock(rng().random_vec(16));
- Heartbeat_Message response(Heartbeat_Message::RESPONSE,
- payload.data(), payload.size(), padding);
-
- send_record(HEARTBEAT, response.contents());
- }
- }
- else
- {
- m_alert_cb(Alert(Alert::HEARTBEAT_PAYLOAD), payload.data(), payload.size());
- }
- }
else if(record_type == APPLICATION_DATA)
{
if(!active_state())
@@ -486,18 +446,6 @@ size_t Channel::received_data(const byte input[], size_t input_size)
}
}
-void Channel::heartbeat(const byte payload[], size_t payload_size, size_t pad_size)
- {
- if(heartbeat_sending_allowed())
- {
- const std::vector<byte> padding = unlock(rng().random_vec(pad_size + 16));
- Heartbeat_Message heartbeat(Heartbeat_Message::REQUEST,
- payload, payload_size, padding);
-
- send_record(HEARTBEAT, heartbeat.contents());
- }
- }
-
void Channel::write_record(Connection_Cipher_State* cipher_state, u16bit epoch,
byte record_type, const byte input[], size_t length)
{
diff --git a/src/lib/tls/tls_channel.h b/src/lib/tls/tls_channel.h
index 9ef2d17c4..aca5c7138 100644
--- a/src/lib/tls/tls_channel.h
+++ b/src/lib/tls/tls_channel.h
@@ -161,28 +161,6 @@ class BOTAN_DLL Channel
*/
bool timeout_check();
- /**
- * @return true iff the peer supports heartbeat messages
- */
- bool peer_supports_heartbeats() const;
-
- /**
- * @return true iff we are allowed to send heartbeat messages
- */
- bool heartbeat_sending_allowed() const;
-
- /**
- * Attempt to send a heartbeat message (if negotiated with counterparty)
- * @param payload will be echoed back
- * @param payload_size size of payload in bytes
- * @param pad_bytes include 16 + pad_bytes extra bytes in the message (not echoed)
- */
- void heartbeat(const byte payload[], size_t payload_size, size_t pad_bytes = 0);
-
- /**
- * Attempt to send a heartbeat message (if negotiated with counterparty)
- */
- void heartbeat() { heartbeat(nullptr, 0); }
protected:
virtual void process_handshake_msg(const Handshake_State* active_state,
diff --git a/src/lib/tls/tls_extensions.cpp b/src/lib/tls/tls_extensions.cpp
index 421c9e38c..6bf32f1f1 100644
--- a/src/lib/tls/tls_extensions.cpp
+++ b/src/lib/tls/tls_extensions.cpp
@@ -48,9 +48,6 @@ Extension* make_extension(TLS_Data_Reader& reader,
case TLSEXT_EXTENDED_MASTER_SECRET:
return new Extended_Master_Secret(reader, size);
- case TLSEXT_HEARTBEAT_SUPPORT:
- return new Heartbeat_Support_Indicator(reader, size);
-
case TLSEXT_SESSION_TICKET:
return new Session_Ticket(reader, size);
diff --git a/src/lib/tls/tls_extensions.h b/src/lib/tls/tls_extensions.h
index 62ea8ef1e..8b2cbc096 100644
--- a/src/lib/tls/tls_extensions.h
+++ b/src/lib/tls/tls_extensions.h
@@ -325,32 +325,6 @@ class Signature_Algorithms final : public Extension
};
/**
-* Heartbeat Extension (RFC 6520)
-*/
-class Heartbeat_Support_Indicator final : public Extension
- {
- public:
- static Handshake_Extension_Type static_type()
- { return TLSEXT_HEARTBEAT_SUPPORT; }
-
- Handshake_Extension_Type type() const override { return static_type(); }
-
- bool peer_allowed_to_send() const { return m_peer_allowed_to_send; }
-
- std::vector<byte> serialize() const override;
-
- bool empty() const override { return false; }
-
- Heartbeat_Support_Indicator(bool peer_allowed_to_send) :
- m_peer_allowed_to_send(peer_allowed_to_send) {}
-
- Heartbeat_Support_Indicator(TLS_Data_Reader& reader, u16bit extension_size);
-
- private:
- bool m_peer_allowed_to_send;
- };
-
-/**
* Used to indicate SRTP algorithms for DTLS (RFC 5764)
*/
class SRTP_Protection_Profiles final : public Extension
diff --git a/src/lib/tls/tls_heartbeats.cpp b/src/lib/tls/tls_heartbeats.cpp
deleted file mode 100644
index 14f7db51c..000000000
--- a/src/lib/tls/tls_heartbeats.cpp
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
-* TLS Heartbeats
-* (C) 2012,2015 Jack Lloyd
-*
-* Botan is released under the Simplified BSD License (see license.txt)
-*/
-
-#include <botan/internal/tls_heartbeats.h>
-#include <botan/internal/tls_extensions.h>
-#include <botan/internal/tls_reader.h>
-#include <botan/tls_exceptn.h>
-
-namespace Botan {
-
-namespace TLS {
-
-Heartbeat_Message::Heartbeat_Message(const std::vector<byte>& buf)
- {
- TLS_Data_Reader reader("Heartbeat", buf);
-
- const byte type = reader.get_byte();
-
- if(type != 1 && type != 2)
- throw TLS_Exception(Alert::ILLEGAL_PARAMETER,
- "Unknown heartbeat message type");
-
- m_type = static_cast<Type>(type);
-
- m_payload = reader.get_range<byte>(2, 0, 16*1024);
-
- m_padding = reader.get_remaining();
-
- if(m_padding.size() < 16)
- throw Decoding_Error("Invalid heartbeat padding");
- }
-
-Heartbeat_Message::Heartbeat_Message(Type type,
- const byte payload[],
- size_t payload_len,
- const std::vector<byte>& padding) :
- m_type(type),
- m_payload(payload, payload + payload_len),
- m_padding(padding)
- {
- if(payload_len >= 64*1024)
- throw Exception("Heartbeat payload too long");
- if(m_padding.size() < 16)
- throw Exception("Invalid heartbeat padding length");
- }
-
-std::vector<byte> Heartbeat_Message::contents() const
- {
- //std::vector<byte> send_buf(3 + m_payload.size() + 16);
- std::vector<byte> send_buf;
- send_buf.reserve(3 + m_payload.size() + m_padding.size());
-
- send_buf.push_back(m_type);
- send_buf.push_back(get_byte<u16bit>(0, m_payload.size()));
- send_buf.push_back(get_byte<u16bit>(1, m_payload.size()));
- send_buf += m_payload;
- send_buf += m_padding;
-
- return send_buf;
- }
-
-std::vector<byte> Heartbeat_Support_Indicator::serialize() const
- {
- std::vector<byte> heartbeat(1);
- heartbeat[0] = (m_peer_allowed_to_send ? 1 : 2);
- return heartbeat;
- }
-
-Heartbeat_Support_Indicator::Heartbeat_Support_Indicator(TLS_Data_Reader& reader,
- u16bit extension_size)
- {
- if(extension_size != 1)
- throw Decoding_Error("Strange size for heartbeat extension");
-
- const byte code = reader.get_byte();
-
- if(code != 1 && code != 2)
- throw TLS_Exception(Alert::ILLEGAL_PARAMETER,
- "Unknown heartbeat code " + std::to_string(code));
-
- m_peer_allowed_to_send = (code == 1);
- }
-
-}
-
-}
diff --git a/src/lib/tls/tls_heartbeats.h b/src/lib/tls/tls_heartbeats.h
deleted file mode 100644
index dcb63babe..000000000
--- a/src/lib/tls/tls_heartbeats.h
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
-* TLS Heartbeats
-* (C) 2012,2015 Jack Lloyd
-*
-* Botan is released under the Simplified BSD License (see license.txt)
-*/
-
-#ifndef BOTAN_TLS_HEARTBEATS_H__
-#define BOTAN_TLS_HEARTBEATS_H__
-
-#include <botan/secmem.h>
-
-namespace Botan {
-
-namespace TLS {
-
-/**
-* TLS Heartbeat message
-*/
-class Heartbeat_Message
- {
- public:
- enum Type { REQUEST = 1, RESPONSE = 2 };
-
- std::vector<byte> contents() const;
-
- const std::vector<byte>& payload() const { return m_payload; }
-
- bool is_request() const { return m_type == REQUEST; }
-
- Heartbeat_Message(const std::vector<byte>& buf);
-
- Heartbeat_Message(Type type, const byte payload[], size_t payload_len,
- const std::vector<byte>& padding);
- private:
- Type m_type;
- std::vector<byte> m_payload, m_padding;
- };
-
-}
-
-}
-
-#endif
diff --git a/src/lib/tls/tls_magic.h b/src/lib/tls/tls_magic.h
index 6db908b08..798e428ff 100644
--- a/src/lib/tls/tls_magic.h
+++ b/src/lib/tls/tls_magic.h
@@ -31,7 +31,6 @@ enum Record_Type {
ALERT = 21,
HANDSHAKE = 22,
APPLICATION_DATA = 23,
- HEARTBEAT = 24,
NO_RECORD = 256
};
diff --git a/src/lib/tls/tls_messages.h b/src/lib/tls/tls_messages.h
index c09e4fe77..ba05ee9a7 100644
--- a/src/lib/tls/tls_messages.h
+++ b/src/lib/tls/tls_messages.h
@@ -150,18 +150,6 @@ class Client_Hello final : public Handshake_Message
return std::vector<std::string>();
}
- bool supports_heartbeats() const
- {
- return m_extensions.has<Heartbeat_Support_Indicator>();
- }
-
- bool peer_can_send_heartbeats() const
- {
- if(Heartbeat_Support_Indicator* hb = m_extensions.get<Heartbeat_Support_Indicator>())
- return hb->peer_allowed_to_send();
- return false;
- }
-
std::vector<u16bit> srtp_profiles() const
{
if(SRTP_Protection_Profiles* srtp = m_extensions.get<SRTP_Protection_Profiles>())
@@ -254,18 +242,6 @@ class Server_Hello final : public Handshake_Message
return m_extensions.has<Session_Ticket>();
}
- bool supports_heartbeats() const
- {
- return m_extensions.has<Heartbeat_Support_Indicator>();
- }
-
- bool peer_can_send_heartbeats() const
- {
- if(auto hb = m_extensions.get<Heartbeat_Support_Indicator>())
- return hb->peer_allowed_to_send();
- return false;
- }
-
u16bit srtp_profile() const
{
if(auto srtp = m_extensions.get<SRTP_Protection_Profiles>())
diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp
index 28ef2f1eb..096dffb4a 100644
--- a/src/lib/tls/tls_policy.cpp
+++ b/src/lib/tls/tls_policy.cpp
@@ -167,7 +167,6 @@ bool Policy::acceptable_ciphersuite(const Ciphersuite&) const
return true;
}
-bool Policy::negotiate_heartbeat_support() const { return false; }
bool Policy::allow_server_initiated_renegotiation() const { return false; }
bool Policy::allow_insecure_renegotiation() const { return false; }
bool Policy::include_time_in_hello_random() const { return true; }
@@ -348,7 +347,6 @@ void Policy::print(std::ostream& o) const
print_vec(o, "key_exchange_methods", allowed_key_exchange_methods());
print_vec(o, "ecc_curves", allowed_ecc_curves());
- print_bool(o, "negotiate_heartbeat_support", negotiate_heartbeat_support());
print_bool(o, "allow_insecure_renegotiation", allow_insecure_renegotiation());
print_bool(o, "include_time_in_hello_random", include_time_in_hello_random());
print_bool(o, "allow_server_initiated_renegotiation", allow_server_initiated_renegotiation());
diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h
index 0d8ebc7a1..c1f40df17 100644
--- a/src/lib/tls/tls_policy.h
+++ b/src/lib/tls/tls_policy.h
@@ -77,11 +77,6 @@ class BOTAN_DLL Policy
virtual std::string choose_curve(const std::vector<std::string>& curve_names) const;
/**
- * Attempt to negotiate the use of the heartbeat extension
- */
- virtual bool negotiate_heartbeat_support() const;
-
- /**
* Allow renegotiation even if the counterparty doesn't
* support the secure renegotiation extension.
*
@@ -269,9 +264,6 @@ class BOTAN_DLL Text_Policy : public Policy
std::vector<std::string> allowed_ecc_curves() const override
{ return get_list("ecc_curves", Policy::allowed_ecc_curves()); }
- bool negotiate_heartbeat_support() const override
- { return get_bool("negotiate_heartbeat_support", Policy::negotiate_heartbeat_support()); }
-
bool allow_insecure_renegotiation() const override
{ return get_bool("allow_insecure_renegotiation", Policy::allow_insecure_renegotiation()); }