aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls
diff options
context:
space:
mode:
authorSimon Warta <[email protected]>2015-06-24 12:08:01 +0200
committerSimon Warta <[email protected]>2015-06-24 12:08:01 +0200
commitdb0dde7107dbe4155a856c20342ca57e09bd329c (patch)
treee4e031c3f2380b6b2c612388de9fd5f3d9e47dfa /src/lib/tls
parent0e251f31e4567787e6dff9ab874dcd422ca5fb62 (diff)
parent28b2beef62d4b465193659545e857f253d59f817 (diff)
Merge pull request #134 from webmaster128/bounds-check2
Bounds check round 2
Diffstat (limited to 'src/lib/tls')
-rw-r--r--src/lib/tls/msg_cert_req.cpp2
-rw-r--r--src/lib/tls/msg_client_hello.cpp4
-rw-r--r--src/lib/tls/msg_session_ticket.cpp2
-rw-r--r--src/lib/tls/sessions_sql/tls_session_manager_sql.cpp2
-rw-r--r--src/lib/tls/tls_blocking.cpp8
-rw-r--r--src/lib/tls/tls_channel.cpp18
-rw-r--r--src/lib/tls/tls_channel.h2
-rw-r--r--src/lib/tls/tls_handshake_io.cpp8
-rw-r--r--src/lib/tls/tls_reader.h6
-rw-r--r--src/lib/tls/tls_record.cpp26
-rw-r--r--src/lib/tls/tls_session.cpp8
-rw-r--r--src/lib/tls/tls_session.h2
12 files changed, 44 insertions, 44 deletions
diff --git a/src/lib/tls/msg_cert_req.cpp b/src/lib/tls/msg_cert_req.cpp
index eacdcacac..aaaf754c8 100644
--- a/src/lib/tls/msg_cert_req.cpp
+++ b/src/lib/tls/msg_cert_req.cpp
@@ -119,7 +119,7 @@ Certificate_Req::Certificate_Req(const std::vector<byte>& buf,
{
std::vector<byte> name_bits = reader.get_range_vector<byte>(2, 0, 65535);
- BER_Decoder decoder(&name_bits[0], name_bits.size());
+ BER_Decoder decoder(name_bits.data(), name_bits.size());
X509_DN name;
decoder.decode(name);
m_names.push_back(name);
diff --git a/src/lib/tls/msg_client_hello.cpp b/src/lib/tls/msg_client_hello.cpp
index 8b75e93d6..82ba6f4f6 100644
--- a/src/lib/tls/msg_client_hello.cpp
+++ b/src/lib/tls/msg_client_hello.cpp
@@ -25,14 +25,14 @@ std::vector<byte> make_hello_random(RandomNumberGenerator& rng,
const Policy& policy)
{
std::vector<byte> buf(32);
- rng.randomize(&buf[0], buf.size());
+ rng.randomize(buf.data(), buf.size());
if(policy.include_time_in_hello_random())
{
const u32bit time32 = static_cast<u32bit>(
std::chrono::system_clock::to_time_t(std::chrono::system_clock::now()));
- store_be(time32, &buf[0]);
+ store_be(time32, buf.data());
}
return buf;
diff --git a/src/lib/tls/msg_session_ticket.cpp b/src/lib/tls/msg_session_ticket.cpp
index 26dc250c3..3fe6e64cf 100644
--- a/src/lib/tls/msg_session_ticket.cpp
+++ b/src/lib/tls/msg_session_ticket.cpp
@@ -45,7 +45,7 @@ New_Session_Ticket::New_Session_Ticket(const std::vector<byte>& buf)
std::vector<byte> New_Session_Ticket::serialize() const
{
std::vector<byte> buf(4);
- store_be(m_ticket_lifetime_hint, &buf[0]);
+ store_be(m_ticket_lifetime_hint, buf.data());
append_tls_length_value(buf, m_ticket, 2);
return buf;
}
diff --git a/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp b/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp
index c67dc7997..508f8ff2f 100644
--- a/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp
+++ b/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp
@@ -102,7 +102,7 @@ Session_Manager_SQL::Session_Manager_SQL(std::shared_ptr<SQL_Database> db,
const size_t iterations = 256 * 1024;
size_t check_val = 0;
- m_session_key = derive_key(passphrase, &salt[0], salt.size(),
+ m_session_key = derive_key(passphrase, salt.data(), salt.size(),
iterations, check_val);
auto stmt = m_db->new_statement("insert into tls_sessions_metadata values(?1, ?2, ?3)");
diff --git a/src/lib/tls/tls_blocking.cpp b/src/lib/tls/tls_blocking.cpp
index b46961f9d..f88b7896c 100644
--- a/src/lib/tls/tls_blocking.cpp
+++ b/src/lib/tls/tls_blocking.cpp
@@ -58,8 +58,8 @@ void Blocking_Client::do_handshake()
while(!m_channel.is_closed() && !m_channel.is_active())
{
- const size_t from_socket = m_read(&readbuf[0], readbuf.size());
- m_channel.received_data(&readbuf[0], from_socket);
+ const size_t from_socket = m_read(readbuf.data(), readbuf.size());
+ m_channel.received_data(readbuf.data(), from_socket);
}
}
@@ -69,8 +69,8 @@ size_t Blocking_Client::read(byte buf[], size_t buf_len)
while(m_plaintext.empty() && !m_channel.is_closed())
{
- const size_t from_socket = m_read(&readbuf[0], readbuf.size());
- m_channel.received_data(&readbuf[0], from_socket);
+ const size_t from_socket = m_read(readbuf.data(), readbuf.size());
+ m_channel.received_data(readbuf.data(), from_socket);
}
const size_t returned = std::min(buf_len, m_plaintext.size());
diff --git a/src/lib/tls/tls_channel.cpp b/src/lib/tls/tls_channel.cpp
index e784566cd..e2b1aad9d 100644
--- a/src/lib/tls/tls_channel.cpp
+++ b/src/lib/tls/tls_channel.cpp
@@ -285,7 +285,7 @@ bool Channel::heartbeat_sending_allowed() const
size_t Channel::received_data(const std::vector<byte>& buf)
{
- return this->received_data(&buf[0], buf.size());
+ return this->received_data(buf.data(), buf.size());
}
size_t Channel::received_data(const byte input[], size_t input_size)
@@ -407,14 +407,14 @@ size_t Channel::received_data(const byte input[], size_t input_size)
{
const std::vector<byte> padding = unlock(rng().random_vec(16));
Heartbeat_Message response(Heartbeat_Message::RESPONSE,
- &payload[0], payload.size(), padding);
+ payload.data(), payload.size(), padding);
send_record(HEARTBEAT, response.contents());
}
}
else
{
- m_alert_cb(Alert(Alert::HEARTBEAT_PAYLOAD), &payload[0], payload.size());
+ m_alert_cb(Alert(Alert::HEARTBEAT_PAYLOAD), payload.data(), payload.size());
}
}
else if(record_type == APPLICATION_DATA)
@@ -428,7 +428,7 @@ size_t Channel::received_data(const byte input[], size_t input_size)
* following record. Avoid spurious callbacks.
*/
if(record.size() > 0)
- m_data_cb(&record[0], record.size());
+ m_data_cb(record.data(), record.size());
}
else if(record_type == ALERT)
{
@@ -513,7 +513,7 @@ void Channel::write_record(Connection_Cipher_State* cipher_state, u16bit epoch,
cipher_state,
m_rng);
- m_output_fn(&m_writebuf[0], m_writebuf.size());
+ m_output_fn(m_writebuf.data(), m_writebuf.size());
}
void Channel::send_record_array(u16bit epoch, byte type, const byte input[], size_t length)
@@ -537,7 +537,7 @@ void Channel::send_record_array(u16bit epoch, byte type, const byte input[], siz
if(type == APPLICATION_DATA && cipher_state->cbc_without_explicit_iv())
{
- write_record(cipher_state.get(), epoch, type, &input[0], 1);
+ write_record(cipher_state.get(), epoch, type, input, 1);
input += 1;
length -= 1;
}
@@ -547,7 +547,7 @@ void Channel::send_record_array(u16bit epoch, byte type, const byte input[], siz
while(length)
{
const size_t sending = std::min(length, max_fragment_size);
- write_record(cipher_state.get(), epoch, type, &input[0], sending);
+ write_record(cipher_state.get(), epoch, type, input, sending);
input += sending;
length -= sending;
@@ -557,13 +557,13 @@ void Channel::send_record_array(u16bit epoch, byte type, const byte input[], siz
void Channel::send_record(byte record_type, const std::vector<byte>& record)
{
send_record_array(sequence_numbers().current_write_epoch(),
- record_type, &record[0], record.size());
+ record_type, record.data(), record.size());
}
void Channel::send_record_under_epoch(u16bit epoch, byte record_type,
const std::vector<byte>& record)
{
- send_record_array(epoch, record_type, &record[0], record.size());
+ send_record_array(epoch, record_type, record.data(), record.size());
}
void Channel::send(const byte buf[], size_t buf_size)
diff --git a/src/lib/tls/tls_channel.h b/src/lib/tls/tls_channel.h
index 713d4c1b9..4e6874a16 100644
--- a/src/lib/tls/tls_channel.h
+++ b/src/lib/tls/tls_channel.h
@@ -84,7 +84,7 @@ class BOTAN_DLL Channel
template<typename Alloc>
void send(const std::vector<unsigned char, Alloc>& val)
{
- send(&val[0], val.size());
+ send(val.data(), val.size());
}
/**
diff --git a/src/lib/tls/tls_handshake_io.cpp b/src/lib/tls/tls_handshake_io.cpp
index ef766679f..d4633becd 100644
--- a/src/lib/tls/tls_handshake_io.cpp
+++ b/src/lib/tls/tls_handshake_io.cpp
@@ -95,7 +95,7 @@ Stream_Handshake_IO::format(const std::vector<byte>& msg,
store_be24(&send_buf[1], buf_size);
- copy_mem(&send_buf[4], &msg[0], msg.size());
+ copy_mem(&send_buf[4], msg.data(), msg.size());
return send_buf;
}
@@ -194,7 +194,7 @@ void Datagram_Handshake_IO::add_record(const std::vector<byte>& record,
const size_t DTLS_HANDSHAKE_HEADER_LEN = 12;
- const byte* record_bits = &record[0];
+ const byte* record_bits = record.data();
size_t record_size = record.size();
while(record_size)
@@ -350,7 +350,7 @@ Datagram_Handshake_IO::format_fragment(const byte fragment[],
store_be24(&send_buf[6], frag_offset);
store_be24(&send_buf[9], frag_len);
- copy_mem(&send_buf[12], &fragment[0], frag_len);
+ copy_mem(&send_buf[12], fragment, frag_len);
return send_buf;
}
@@ -360,7 +360,7 @@ Datagram_Handshake_IO::format_w_seq(const std::vector<byte>& msg,
Handshake_Type type,
u16bit msg_sequence) const
{
- return format_fragment(&msg[0], msg.size(), 0, msg.size(), type, msg_sequence);
+ return format_fragment(msg.data(), msg.size(), 0, msg.size(), type, msg_sequence);
}
std::vector<byte>
diff --git a/src/lib/tls/tls_reader.h b/src/lib/tls/tls_reader.h
index f24543edb..c2aef3163 100644
--- a/src/lib/tls/tls_reader.h
+++ b/src/lib/tls/tls_reader.h
@@ -118,7 +118,7 @@ class TLS_Data_Reader
std::vector<byte> v =
get_range_vector<byte>(len_bytes, min_bytes, max_bytes);
- return std::string(reinterpret_cast<char*>(&v[0]), v.size());
+ return std::string(reinterpret_cast<char*>(v.data()), v.size());
}
template<typename T>
@@ -209,7 +209,7 @@ void append_tls_length_value(std::vector<byte, Alloc>& buf,
const std::vector<T, Alloc2>& vals,
size_t tag_size)
{
- append_tls_length_value(buf, &vals[0], vals.size(), tag_size);
+ append_tls_length_value(buf, vals.data(), vals.size(), tag_size);
}
template<typename Alloc>
@@ -218,7 +218,7 @@ void append_tls_length_value(std::vector<byte, Alloc>& buf,
size_t tag_size)
{
append_tls_length_value(buf,
- reinterpret_cast<const byte*>(&str[0]),
+ reinterpret_cast<const byte*>(str.data()),
str.size(),
tag_size);
}
diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp
index fb8079bdc..c384611e9 100644
--- a/src/lib/tls/tls_record.cpp
+++ b/src/lib/tls/tls_record.cpp
@@ -151,7 +151,7 @@ void write_record(secure_vector<byte>& output,
output.push_back(get_byte<u16bit>(0, msg_length));
output.push_back(get_byte<u16bit>(1, msg_length));
- output.insert(output.end(), &msg[0], &msg[msg_length]);
+ output.insert(output.end(), msg, msg + msg_length);
return;
}
@@ -175,7 +175,7 @@ void write_record(secure_vector<byte>& output,
BOTAN_ASSERT(aead->start(nonce).empty(), "AEAD doesn't return anything from start");
const size_t offset = output.size();
- output += std::make_pair(&msg[0], msg_length);
+ output += std::make_pair(msg, msg_length);
aead->finish(output, offset);
BOTAN_ASSERT(output.size() == offset + ctext_size, "Expected size");
@@ -211,7 +211,7 @@ void write_record(secure_vector<byte>& output,
rng.randomize(&output[output.size() - iv_size], iv_size);
}
- output.insert(output.end(), &msg[0], &msg[msg_length]);
+ output.insert(output.end(), msg, msg + msg_length);
output.resize(output.size() + mac_size);
cs->mac()->final(&output[output.size() - mac_size]);
@@ -242,8 +242,8 @@ void write_record(secure_vector<byte>& output,
const size_t blocks = buf_size / block_size;
- xor_buf(&buf[0], &cbc_state[0], block_size);
- bc->encrypt(&buf[0]);
+ xor_buf(buf, cbc_state.data(), block_size);
+ bc->encrypt(buf);
for(size_t i = 1; i < blocks; ++i)
{
@@ -271,7 +271,7 @@ size_t fill_buffer_to(secure_vector<byte>& readbuf,
const size_t taken = std::min(input_size, desired - readbuf.size());
- readbuf.insert(readbuf.end(), &input[0], &input[taken]);
+ readbuf.insert(readbuf.end(), input, input + taken);
input_consumed += taken;
input_size -= taken;
input += taken;
@@ -332,10 +332,10 @@ void cbc_decrypt_record(byte record_contents[], size_t record_len,
byte* buf = record_contents;
secure_vector<byte> last_ciphertext(block_size);
- copy_mem(&last_ciphertext[0], &buf[0], block_size);
+ copy_mem(last_ciphertext.data(), buf, block_size);
- bc.decrypt(&buf[0]);
- xor_buf(&buf[0], &cs.cbc_state()[0], block_size);
+ bc.decrypt(buf);
+ xor_buf(buf, &cs.cbc_state()[0], block_size);
secure_vector<byte> last_ciphertext2;
@@ -343,7 +343,7 @@ void cbc_decrypt_record(byte record_contents[], size_t record_len,
{
last_ciphertext2.assign(&buf[block_size*i], &buf[block_size*(i+1)]);
bc.decrypt(&buf[block_size*i]);
- xor_buf(&buf[block_size*i], &last_ciphertext[0], block_size);
+ xor_buf(&buf[block_size*i], last_ciphertext.data(), block_size);
std::swap(last_ciphertext, last_ciphertext2);
}
@@ -372,7 +372,7 @@ void decrypt_record(secure_vector<byte>& output,
output += aead->start(nonce);
const size_t offset = output.size();
- output += std::make_pair(&msg[0], msg_length);
+ output += std::make_pair(msg, msg_length);
aead->finish(output, offset);
BOTAN_ASSERT(output.size() == ptext_size + offset, "Produced expected size");
@@ -415,11 +415,11 @@ void decrypt_record(secure_vector<byte>& output,
cs.mac()->update(plaintext_block, plaintext_length);
std::vector<byte> mac_buf(mac_size);
- cs.mac()->final(&mac_buf[0]);
+ cs.mac()->final(mac_buf.data());
const size_t mac_offset = record_len - (mac_size + pad_size);
- const bool mac_bad = !same_mem(&record_contents[mac_offset], &mac_buf[0], mac_size);
+ const bool mac_bad = !same_mem(&record_contents[mac_offset], mac_buf.data(), mac_size);
if(mac_bad || padding_bad)
throw TLS_Exception(Alert::BAD_RECORD_MAC, "Message authentication failure");
diff --git a/src/lib/tls/tls_session.cpp b/src/lib/tls/tls_session.cpp
index 28cb8b420..8cb1a2aa7 100644
--- a/src/lib/tls/tls_session.cpp
+++ b/src/lib/tls/tls_session.cpp
@@ -50,7 +50,7 @@ Session::Session(const std::string& pem)
{
secure_vector<byte> der = PEM_Code::decode_check_label(pem, "TLS SESSION");
- *this = Session(&der[0], der.size());
+ *this = Session(der.data(), der.size());
}
Session::Session(const byte ber[], size_t ber_len)
@@ -105,7 +105,7 @@ Session::Session(const byte ber[], size_t ber_len)
if(!peer_cert_bits.empty())
{
- DataSource_Memory certs(&peer_cert_bits[0], peer_cert_bits.size());
+ DataSource_Memory certs(peer_cert_bits.data(), peer_cert_bits.size());
while(!certs.end_of_data())
m_peer_certs.push_back(X509_Certificate(certs));
@@ -169,7 +169,7 @@ Session::encrypt(const SymmetricKey& key, RandomNumberGenerator& rng) const
secure_vector<byte> buf = nonce;
buf += bits;
- aead->start(&buf[0], nonce_len);
+ aead->start(buf.data(), nonce_len);
aead->finish(buf, nonce_len);
return unlock(buf);
}
@@ -194,7 +194,7 @@ Session Session::decrypt(const byte in[], size_t in_len, const SymmetricKey& key
secure_vector<byte> buf(in + nonce_len, in + in_len);
aead->finish(buf, 0);
- return Session(&buf[0], buf.size());
+ return Session(buf.data(), buf.size());
}
catch(std::exception& e)
{
diff --git a/src/lib/tls/tls_session.h b/src/lib/tls/tls_session.h
index d7dcc90cb..81c662507 100644
--- a/src/lib/tls/tls_session.h
+++ b/src/lib/tls/tls_session.h
@@ -99,7 +99,7 @@ class BOTAN_DLL Session
static inline Session decrypt(const std::vector<byte>& ctext,
const SymmetricKey& key)
{
- return Session::decrypt(&ctext[0], ctext.size(), key);
+ return Session::decrypt(ctext.data(), ctext.size(), key);
}
/**