diff options
| author | Jack Lloyd <[email protected]> | 2020-11-08 07:05:11 -0500 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2020-11-08 07:05:11 -0500 |
| commit | eb5f0f69456bde196d3a9049933e0697779128c8 (patch) | |
| tree | 982f80cb0c52ecfab1150273979c36cdd0efdec3 | |
| parent | 84ab2bc6fa19254d1abcedcdc1b71be84c1c1728 (diff) | |
Remove deprecated TLS interfaces
| -rw-r--r-- | src/lib/tls/tls_callbacks.h | 119 | ||||
| -rw-r--r-- | src/lib/tls/tls_channel.cpp | 38 | ||||
| -rw-r--r-- | src/lib/tls/tls_channel.h | 21 | ||||
| -rw-r--r-- | src/lib/tls/tls_client.cpp | 52 | ||||
| -rw-r--r-- | src/lib/tls/tls_client.h | 71 | ||||
| -rw-r--r-- | src/lib/tls/tls_server.cpp | 37 | ||||
| -rw-r--r-- | src/lib/tls/tls_server.h | 38 |
7 files changed, 5 insertions, 371 deletions
diff --git a/src/lib/tls/tls_callbacks.h b/src/lib/tls/tls_callbacks.h index 995c02e2d..795663e22 100644 --- a/src/lib/tls/tls_callbacks.h +++ b/src/lib/tls/tls_callbacks.h @@ -358,125 +358,6 @@ class BOTAN_PUBLIC_API(2,0) Callbacks } }; -/** -* TLS::Callbacks using std::function for compatability with the old API signatures. -* This type is only provided for backward compatibility. -* New implementations should derive from TLS::Callbacks instead. -*/ -class BOTAN_PUBLIC_API(2,0) Compat_Callbacks final : public Callbacks - { - public: - typedef std::function<void (const uint8_t[], size_t)> output_fn; - typedef std::function<void (const uint8_t[], size_t)> data_cb; - typedef std::function<void (Alert, const uint8_t[], size_t)> alert_cb; - typedef std::function<bool (const Session&)> handshake_cb; - typedef std::function<void (const Handshake_Message&)> handshake_msg_cb; - typedef std::function<std::string (std::vector<std::string>)> next_protocol_fn; - - /** - * @param data_output_fn is called with data for the outbound socket - * - * @param app_data_cb is called when new application data is received - * - * @param recv_alert_cb is called when a TLS alert is received - * - * @param hs_cb is called when a handshake is completed - * - * @param hs_msg_cb is called for each handshake message received - * - * @param next_proto is called with ALPN protocol data sent by the client - */ - BOTAN_DEPRECATED("Use TLS::Callbacks (virtual interface).") - Compat_Callbacks(output_fn data_output_fn, data_cb app_data_cb, alert_cb recv_alert_cb, - handshake_cb hs_cb, handshake_msg_cb hs_msg_cb = nullptr, - next_protocol_fn next_proto = nullptr) - : m_output_function(data_output_fn), m_app_data_cb(app_data_cb), - m_alert_cb(std::bind(recv_alert_cb, std::placeholders::_1, nullptr, 0)), - m_hs_cb(hs_cb), m_hs_msg_cb(hs_msg_cb), m_next_proto(next_proto) {} - - BOTAN_DEPRECATED("Use TLS::Callbacks (virtual interface).") - Compat_Callbacks(output_fn data_output_fn, data_cb app_data_cb, - std::function<void (Alert)> recv_alert_cb, - handshake_cb hs_cb, - handshake_msg_cb hs_msg_cb = nullptr, - next_protocol_fn next_proto = nullptr) - : m_output_function(data_output_fn), m_app_data_cb(app_data_cb), - m_alert_cb(recv_alert_cb), - m_hs_cb(hs_cb), m_hs_msg_cb(hs_msg_cb), m_next_proto(next_proto) {} - - enum class SILENCE_DEPRECATION_WARNING { PLEASE = 0 }; - Compat_Callbacks(SILENCE_DEPRECATION_WARNING, - output_fn data_output_fn, data_cb app_data_cb, - std::function<void (Alert)> recv_alert_cb, - handshake_cb hs_cb, - handshake_msg_cb hs_msg_cb = nullptr, - next_protocol_fn next_proto = nullptr) - : m_output_function(data_output_fn), - m_app_data_cb(app_data_cb), - m_alert_cb(recv_alert_cb), - m_hs_cb(hs_cb), - m_hs_msg_cb(hs_msg_cb), - m_next_proto(next_proto) {} - - Compat_Callbacks(SILENCE_DEPRECATION_WARNING, - output_fn data_output_fn, data_cb app_data_cb, alert_cb recv_alert_cb, - handshake_cb hs_cb, handshake_msg_cb hs_msg_cb = nullptr, - next_protocol_fn next_proto = nullptr) - : m_output_function(data_output_fn), m_app_data_cb(app_data_cb), - m_alert_cb(std::bind(recv_alert_cb, std::placeholders::_1, nullptr, 0)), - m_hs_cb(hs_cb), m_hs_msg_cb(hs_msg_cb), m_next_proto(next_proto) {} - - - void tls_emit_data(const uint8_t data[], size_t size) override - { - BOTAN_ASSERT(m_output_function != nullptr, - "Invalid TLS output function callback."); - m_output_function(data, size); - } - - void tls_record_received(uint64_t /*seq_no*/, const uint8_t data[], size_t size) override - { - BOTAN_ASSERT(m_app_data_cb != nullptr, - "Invalid TLS app data callback."); - m_app_data_cb(data, size); - } - - void tls_alert(Alert alert) override - { - BOTAN_ASSERT(m_alert_cb != nullptr, - "Invalid TLS alert callback."); - m_alert_cb(alert); - } - - bool tls_session_established(const Session& session) override - { - BOTAN_ASSERT(m_hs_cb != nullptr, - "Invalid TLS handshake callback."); - return m_hs_cb(session); - } - - std::string tls_server_choose_app_protocol(const std::vector<std::string>& client_protos) override - { - if(m_next_proto != nullptr) { return m_next_proto(client_protos); } - return ""; - } - - void tls_inspect_handshake_msg(const Handshake_Message& hmsg) override - { - // The handshake message callback is optional so we can - // not assume it has been set. - if(m_hs_msg_cb != nullptr) { m_hs_msg_cb(hmsg); } - } - - private: - const output_fn m_output_function; - const data_cb m_app_data_cb; - const std::function<void (Alert)> m_alert_cb; - const handshake_cb m_hs_cb; - const handshake_msg_cb m_hs_msg_cb; - const next_protocol_fn m_next_proto; - }; - } } diff --git a/src/lib/tls/tls_channel.cpp b/src/lib/tls/tls_channel.cpp index 64a557691..1a3a61f05 100644 --- a/src/lib/tls/tls_channel.cpp +++ b/src/lib/tls/tls_channel.cpp @@ -38,46 +38,12 @@ Channel::Channel(Callbacks& callbacks, m_rng(rng), m_has_been_closed(false) { - init(reserved_io_buffer_size); - } - -Channel::Channel(output_fn out, - data_cb app_data_cb, - alert_cb recv_alert_cb, - handshake_cb hs_cb, - handshake_msg_cb hs_msg_cb, - Session_Manager& session_manager, - RandomNumberGenerator& rng, - const Policy& policy, - bool is_server, - bool is_datagram, - size_t io_buf_sz) : - m_is_server(is_server), - m_is_datagram(is_datagram), - m_compat_callbacks(new Compat_Callbacks( - /* - this Channel constructor is also deprecated so its ok that it - relies on a deprecated API - */ - Compat_Callbacks::SILENCE_DEPRECATION_WARNING::PLEASE, - out, app_data_cb, recv_alert_cb, hs_cb, hs_msg_cb)), - m_callbacks(*m_compat_callbacks.get()), - m_session_manager(session_manager), - m_policy(policy), - m_rng(rng), - m_has_been_closed(false) - { - init(io_buf_sz); - } - -void Channel::init(size_t io_buf_sz) - { /* epoch 0 is plaintext, thus null cipher state */ m_write_cipher_states[0] = nullptr; m_read_cipher_states[0] = nullptr; - m_writebuf.reserve(io_buf_sz); - m_readbuf.reserve(io_buf_sz); + m_writebuf.reserve(reserved_io_buffer_size); + m_readbuf.reserve(reserved_io_buffer_size); } void Channel::reset_state() diff --git a/src/lib/tls/tls_channel.h b/src/lib/tls/tls_channel.h index 046560e22..35f81cc1a 100644 --- a/src/lib/tls/tls_channel.h +++ b/src/lib/tls/tls_channel.h @@ -66,24 +66,6 @@ class BOTAN_PUBLIC_API(2,0) Channel bool is_datagram, size_t io_buf_sz = IO_BUF_DEFAULT_SIZE); - /** - * DEPRECATED. This constructor is only provided for backward - * compatibility and should not be used in new implementations. - * (Not marked deprecated since it is only called internally, by - * other deprecated constructors) - */ - Channel(output_fn out, - data_cb app_data_cb, - alert_cb alert_cb, - handshake_cb hs_cb, - handshake_msg_cb hs_msg_cb, - Session_Manager& session_manager, - RandomNumberGenerator& rng, - const Policy& policy, - bool is_server, - bool is_datagram, - size_t io_buf_sz = IO_BUF_DEFAULT_SIZE); - Channel(const Channel&) = delete; Channel& operator=(const Channel&) = delete; @@ -244,8 +226,6 @@ class BOTAN_PUBLIC_API(2,0) Channel void reset_active_association_state(); private: - void init(size_t io_buf_sze); - void send_record(uint8_t record_type, const std::vector<uint8_t>& record); void send_record_under_epoch(uint16_t epoch, uint8_t record_type, @@ -284,7 +264,6 @@ class BOTAN_PUBLIC_API(2,0) Channel const bool m_is_datagram; /* callbacks */ - std::unique_ptr<Compat_Callbacks> m_compat_callbacks; Callbacks& m_callbacks; /* external state */ diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp index e5d90c950..091e649a9 100644 --- a/src/lib/tls/tls_client.cpp +++ b/src/lib/tls/tls_client.cpp @@ -68,63 +68,17 @@ Client::Client(Callbacks& callbacks, RandomNumberGenerator& rng, const Server_Information& info, const Protocol_Version& offer_version, - const std::vector<std::string>& next_protos, + const std::vector<std::string>& next_protocols, size_t io_buf_sz) : Channel(callbacks, session_manager, rng, policy, false, offer_version.is_datagram_protocol(), io_buf_sz), m_creds(creds), m_info(info) { - init(offer_version, next_protos); - } - -Client::Client(output_fn data_output_fn, - data_cb proc_cb, - alert_cb recv_alert_cb, - handshake_cb hs_cb, - Session_Manager& session_manager, - Credentials_Manager& creds, - const Policy& policy, - RandomNumberGenerator& rng, - const Server_Information& info, - const Protocol_Version& offer_version, - const std::vector<std::string>& next_protos, - size_t io_buf_sz) : - Channel(data_output_fn, proc_cb, recv_alert_cb, hs_cb, Channel::handshake_msg_cb(), - session_manager, rng, policy, false, offer_version.is_datagram_protocol(), io_buf_sz), - m_creds(creds), - m_info(info) - { - init(offer_version, next_protos); - } - -Client::Client(output_fn data_output_fn, - data_cb proc_cb, - alert_cb recv_alert_cb, - handshake_cb hs_cb, - handshake_msg_cb hs_msg_cb, - Session_Manager& session_manager, - Credentials_Manager& creds, - const Policy& policy, - RandomNumberGenerator& rng, - const Server_Information& info, - const Protocol_Version& offer_version, - const std::vector<std::string>& next_protos) : - Channel(data_output_fn, proc_cb, recv_alert_cb, hs_cb, hs_msg_cb, - session_manager, rng, policy, false, offer_version.is_datagram_protocol()), - m_creds(creds), - m_info(info) - { - init(offer_version, next_protos); - } - -void Client::init(const Protocol_Version& protocol_version, - const std::vector<std::string>& next_protocols) - { const std::string srp_identifier = m_creds.srp_identifier("tls-client", m_info.hostname()); - Handshake_State& state = create_handshake_state(protocol_version); - send_client_hello(state, false, protocol_version, + Handshake_State& state = create_handshake_state(offer_version); + send_client_hello(state, false, offer_version, srp_identifier, next_protocols); } diff --git a/src/lib/tls/tls_client.h b/src/lib/tls/tls_client.h index 0e08b4595..7440e59ef 100644 --- a/src/lib/tls/tls_client.h +++ b/src/lib/tls/tls_client.h @@ -62,81 +62,10 @@ class BOTAN_PUBLIC_API(2,0) Client final : public Channel ); /** - * DEPRECATED. This constructor is only provided for backward - * compatibility and should not be used in new code. It will be - * removed in a future release. - * - * Set up a new TLS client session - * - * @param data_output_fn is called with data for the outbound socket - * - * @param app_data_cb is called when new application data is received - * - * @param recv_alert_cb is called when a TLS alert is received - * - * @param hs_cb is called when a handshake is completed - * - * @param session_manager manages session state - * - * @param creds manages application/user credentials - * - * @param policy specifies other connection policy information - * - * @param rng a random number generator - * - * @param server_info is identifying information about the TLS server - * - * @param offer_version specifies which version we will offer - * to the TLS server. - * - * @param next_protocols specifies protocols to advertise with ALPN - * - * @param reserved_io_buffer_size This many bytes of memory will - * be preallocated for the read and write buffers. Smaller - * values just mean reallocations and copies are more likely. - */ - BOTAN_DEPRECATED("Use TLS::Client(TLS::Callbacks ...)") - Client(output_fn data_output_fn, - data_cb app_data_cb, - alert_cb recv_alert_cb, - handshake_cb hs_cb, - Session_Manager& session_manager, - Credentials_Manager& creds, - const Policy& policy, - RandomNumberGenerator& rng, - const Server_Information& server_info = Server_Information(), - const Protocol_Version& offer_version = Protocol_Version::latest_tls_version(), - const std::vector<std::string>& next_protocols = {}, - size_t reserved_io_buffer_size = TLS::Client::IO_BUF_DEFAULT_SIZE - ); - - /** - * DEPRECATED. This constructor is only provided for backward - * compatibility and should not be used in new implementations. - */ - BOTAN_DEPRECATED("Use TLS::Client(TLS::Callbacks ...)") - Client(output_fn out, - data_cb app_data_cb, - alert_cb alert_cb, - handshake_cb hs_cb, - handshake_msg_cb hs_msg_cb, - Session_Manager& session_manager, - Credentials_Manager& creds, - const Policy& policy, - RandomNumberGenerator& rng, - const Server_Information& server_info = Server_Information(), - const Protocol_Version& offer_version = Protocol_Version::latest_tls_version(), - const std::vector<std::string>& next_protocols = {} - ); - - /** * @return network protocol as advertised by the TLS server, if server sent the ALPN extension */ std::string application_protocol() const override { return m_application_protocol; } private: - void init(const Protocol_Version& protocol_version, - const std::vector<std::string>& next_protocols); - std::vector<X509_Certificate> get_peer_cert_chain(const Handshake_State& state) const override; diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp index e2a0bf242..62fdd2d90 100644 --- a/src/lib/tls/tls_server.cpp +++ b/src/lib/tls/tls_server.cpp @@ -308,43 +308,6 @@ Server::Server(Callbacks& callbacks, { } -Server::Server(output_fn output, - data_cb got_data_cb, - alert_cb recv_alert_cb, - handshake_cb hs_cb, - Session_Manager& session_manager, - Credentials_Manager& creds, - const Policy& policy, - RandomNumberGenerator& rng, - next_protocol_fn next_proto, - bool is_datagram, - size_t io_buf_sz) : - Channel(output, got_data_cb, recv_alert_cb, hs_cb, - Channel::handshake_msg_cb(), session_manager, - rng, policy, true, is_datagram, io_buf_sz), - m_creds(creds), - m_choose_next_protocol(next_proto) - { - } - -Server::Server(output_fn output, - data_cb got_data_cb, - alert_cb recv_alert_cb, - handshake_cb hs_cb, - handshake_msg_cb hs_msg_cb, - Session_Manager& session_manager, - Credentials_Manager& creds, - const Policy& policy, - RandomNumberGenerator& rng, - next_protocol_fn next_proto, - bool is_datagram) : - Channel(output, got_data_cb, recv_alert_cb, hs_cb, hs_msg_cb, - session_manager, rng, policy, true, is_datagram), - m_creds(creds), - m_choose_next_protocol(next_proto) - { - } - Handshake_State* Server::new_handshake_state(Handshake_IO* io) { std::unique_ptr<Handshake_State> state(new Server_Handshake_State(io, callbacks())); diff --git a/src/lib/tls/tls_server.h b/src/lib/tls/tls_server.h index c601e8c6e..f5b480334 100644 --- a/src/lib/tls/tls_server.h +++ b/src/lib/tls/tls_server.h @@ -59,44 +59,6 @@ class BOTAN_PUBLIC_API(2,0) Server final : public Channel ); /** - * DEPRECATED. This constructor is only provided for backward - * compatibility and should not be used in new implementations. - * It will be removed in a future release. - */ - BOTAN_DEPRECATED("Use TLS::Server(TLS::Callbacks ...)") - Server(output_fn output, - data_cb data_cb, - alert_cb recv_alert_cb, - handshake_cb hs_cb, - Session_Manager& session_manager, - Credentials_Manager& creds, - const Policy& policy, - RandomNumberGenerator& rng, - next_protocol_fn next_proto = next_protocol_fn(), - bool is_datagram = false, - size_t reserved_io_buffer_size = TLS::Server::IO_BUF_DEFAULT_SIZE - ); - - /** - * DEPRECATED. This constructor is only provided for backward - * compatibility and should not be used in new implementations. - * It will be removed in a future release. - */ - BOTAN_DEPRECATED("Use TLS::Server(TLS::Callbacks ...)") - Server(output_fn output, - data_cb data_cb, - alert_cb recv_alert_cb, - handshake_cb hs_cb, - handshake_msg_cb hs_msg_cb, - Session_Manager& session_manager, - Credentials_Manager& creds, - const Policy& policy, - RandomNumberGenerator& rng, - next_protocol_fn next_proto = next_protocol_fn(), - bool is_datagram = false - ); - - /** * Return the protocol notification set by the client (using the * ALPN extension) for this connection, if any. This value is not * tied to the session and a later renegotiation of the same |