diff options
author | lloyd <[email protected]> | 2012-02-20 18:33:49 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-02-20 18:33:49 +0000 |
commit | 7fb2de6b49d8bf42ede7b4dfda7c358bb67e5c9f (patch) | |
tree | 32319c62e13572276b52c467e4c53d4646de6cc9 /src/tls | |
parent | 8c2dc1a6c3bf352a56622d569dc855ca8d6ab5e0 (diff) |
Merge fixups. Add locking to default session manager. Use chrono lib
and unique_ptr.
Diffstat (limited to 'src/tls')
-rw-r--r-- | src/tls/c_hello.cpp | 7 | ||||
-rw-r--r-- | src/tls/c_kex.cpp | 5 | ||||
-rw-r--r-- | src/tls/finished.cpp | 2 | ||||
-rw-r--r-- | src/tls/rec_read.cpp | 2 | ||||
-rw-r--r-- | src/tls/rec_wri.cpp | 6 | ||||
-rw-r--r-- | src/tls/s_kex.cpp | 6 | ||||
-rw-r--r-- | src/tls/tls_alert.cpp | 4 | ||||
-rw-r--r-- | src/tls/tls_channel.cpp | 8 | ||||
-rw-r--r-- | src/tls/tls_channel.h | 10 | ||||
-rw-r--r-- | src/tls/tls_ciphersuite.cpp | 2 | ||||
-rw-r--r-- | src/tls/tls_client.cpp | 10 | ||||
-rw-r--r-- | src/tls/tls_client.h | 20 | ||||
-rw-r--r-- | src/tls/tls_extensions.cpp | 2 | ||||
-rw-r--r-- | src/tls/tls_handshake_hash.cpp | 6 | ||||
-rw-r--r-- | src/tls/tls_handshake_state.cpp | 6 | ||||
-rw-r--r-- | src/tls/tls_handshake_state.h | 17 | ||||
-rw-r--r-- | src/tls/tls_reader.h | 4 | ||||
-rw-r--r-- | src/tls/tls_record.h | 2 | ||||
-rw-r--r-- | src/tls/tls_server.cpp | 6 | ||||
-rw-r--r-- | src/tls/tls_server.h | 18 | ||||
-rw-r--r-- | src/tls/tls_session.cpp | 9 | ||||
-rw-r--r-- | src/tls/tls_session.h | 8 | ||||
-rw-r--r-- | src/tls/tls_session_key.cpp | 2 | ||||
-rw-r--r-- | src/tls/tls_session_manager.cpp | 24 | ||||
-rw-r--r-- | src/tls/tls_session_manager.h | 11 | ||||
-rw-r--r-- | src/tls/tls_version.cpp | 4 |
26 files changed, 105 insertions, 96 deletions
diff --git a/src/tls/c_hello.cpp b/src/tls/c_hello.cpp index ecb6f43d6..6743254a5 100644 --- a/src/tls/c_hello.cpp +++ b/src/tls/c_hello.cpp @@ -11,7 +11,7 @@ #include <botan/internal/tls_extensions.h> #include <botan/tls_record.h> #include <botan/internal/stl_util.h> -#include <botan/time.h> +#include <chrono> namespace Botan { @@ -20,7 +20,10 @@ namespace TLS { MemoryVector<byte> make_hello_random(RandomNumberGenerator& rng) { MemoryVector<byte> buf(32); - const u32bit time32 = system_time(); + + const u32bit time32 = static_cast<u32bit>( + std::chrono::system_clock::to_time_t(std::chrono::system_clock::now())); + store_be(time32, buf); rng.randomize(&buf[4], buf.size() - 4); return buf; diff --git a/src/tls/c_kex.cpp b/src/tls/c_kex.cpp index 58e458e81..6728b4877 100644 --- a/src/tls/c_kex.cpp +++ b/src/tls/c_kex.cpp @@ -146,7 +146,8 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, const std::string name = Supported_Elliptic_Curves::curve_id_to_name(curve_id); if(name == "") - throw Decoding_Error("Server sent unknown named curve " + to_string(curve_id)); + throw Decoding_Error("Server sent unknown named curve " + + std::to_string(curve_id)); EC_Group group(name); @@ -186,7 +187,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, if(peer_certs.empty()) throw Internal_Error("No certificate and no server key exchange"); - std::auto_ptr<Public_Key> pub_key(peer_certs[0].subject_public_key()); + std::unique_ptr<Public_Key> pub_key(peer_certs[0].subject_public_key()); if(const RSA_PublicKey* rsa_pub = dynamic_cast<const RSA_PublicKey*>(pub_key.get())) { diff --git a/src/tls/finished.cpp b/src/tls/finished.cpp index 18cc51b96..b4c9bdc3d 100644 --- a/src/tls/finished.cpp +++ b/src/tls/finished.cpp @@ -46,7 +46,7 @@ MemoryVector<byte> finished_compute_verify(Handshake_State* state, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x66, 0x69, 0x6E, 0x69, 0x73, 0x68, 0x65, 0x64 }; - std::auto_ptr<KDF> prf(state->protocol_specific_prf()); + std::unique_ptr<KDF> prf(state->protocol_specific_prf()); MemoryVector<byte> input; if(side == CLIENT) diff --git a/src/tls/rec_read.cpp b/src/tls/rec_read.cpp index d1fab4692..bd6ae5af9 100644 --- a/src/tls/rec_read.cpp +++ b/src/tls/rec_read.cpp @@ -219,7 +219,7 @@ size_t Record_Reader::add_input(const byte input_array[], size_t input_sz, m_readbuf[0] != APPLICATION_DATA) { throw Unexpected_Message( - "Unknown record type " + to_string(m_readbuf[0]) + " from counterparty"); + "Unknown record type " + std::to_string(m_readbuf[0]) + " from counterparty"); } const size_t record_len = make_u16bit(m_readbuf[3], m_readbuf[4]); diff --git a/src/tls/rec_wri.cpp b/src/tls/rec_wri.cpp index 602d25397..633b63720 100644 --- a/src/tls/rec_wri.cpp +++ b/src/tls/rec_wri.cpp @@ -21,7 +21,7 @@ namespace TLS { /* * Record_Writer Constructor */ -Record_Writer::Record_Writer(std::tr1::function<void (const byte[], size_t)> out) : +Record_Writer::Record_Writer(std::function<void (const byte[], size_t)> out) : m_output_fn(out), m_writebuf(TLS_HEADER_SIZE + MAX_CIPHERTEXT_SIZE) { m_mac = 0; @@ -286,8 +286,8 @@ void Record_Writer::send_record(byte type, const byte input[], size_t length) */ void Record_Writer::send_alert(const Alert& alert) { - const byte alert_bits[2] = { alert.is_fatal() ? 2 : 1, - alert.type() }; + const byte alert_bits[2] = { static_cast<byte>(alert.is_fatal() ? 2 : 1), + static_cast<byte>(alert.type()) }; send(ALERT, alert_bits, sizeof(alert_bits)); } diff --git a/src/tls/s_kex.cpp b/src/tls/s_kex.cpp index 6a5cdfa33..945c574b9 100644 --- a/src/tls/s_kex.cpp +++ b/src/tls/s_kex.cpp @@ -46,7 +46,7 @@ Server_Key_Exchange::Server_Key_Exchange(Record_Writer& writer, if(kex_algo == "DH" || kex_algo == "DHE_PSK") { - std::auto_ptr<DH_PrivateKey> dh(new DH_PrivateKey(rng, policy.dh_group())); + std::unique_ptr<DH_PrivateKey> dh(new DH_PrivateKey(rng, policy.dh_group())); append_tls_length_value(m_params, BigInt::encode(dh->get_domain().get_p()), 2); append_tls_length_value(m_params, BigInt::encode(dh->get_domain().get_g()), 2); @@ -69,7 +69,7 @@ Server_Key_Exchange::Server_Key_Exchange(Record_Writer& writer, EC_Group ec_group(curve_name); - std::auto_ptr<ECDH_PrivateKey> ecdh(new ECDH_PrivateKey(rng, ec_group)); + std::unique_ptr<ECDH_PrivateKey> ecdh(new ECDH_PrivateKey(rng, ec_group)); const std::string ecdh_domain_oid = ecdh->domain().get_oid(); const std::string domain = OIDS::lookup(OID(ecdh_domain_oid)); @@ -159,7 +159,7 @@ Server_Key_Exchange::Server_Key_Exchange(const MemoryRegion<byte>& buf, if(name == "") throw Decoding_Error("Server_Key_Exchange: Server sent unknown named curve " + - to_string(curve_id)); + std::to_string(curve_id)); m_params.push_back(curve_type); m_params.push_back(get_byte(0, curve_id)); diff --git a/src/tls/tls_alert.cpp b/src/tls/tls_alert.cpp index b526eeac3..30c51d4c8 100644 --- a/src/tls/tls_alert.cpp +++ b/src/tls/tls_alert.cpp @@ -15,7 +15,7 @@ namespace TLS { Alert::Alert(const MemoryRegion<byte>& buf) { if(buf.size() != 2) - throw Decoding_Error("Alert: Bad size " + to_string(buf.size()) + + throw Decoding_Error("Alert: Bad size " + std::to_string(buf.size()) + " for alert message"); if(buf[0] == 1) fatal = false; @@ -106,7 +106,7 @@ std::string Alert::type_string() const * compiler can warn us that it is not included in the switch * statement. */ - return "unrecognized_alert_" + to_string(type()); + return "unrecognized_alert_" + std::to_string(type()); } diff --git a/src/tls/tls_channel.cpp b/src/tls/tls_channel.cpp index d737ef237..fa240cc23 100644 --- a/src/tls/tls_channel.cpp +++ b/src/tls/tls_channel.cpp @@ -15,9 +15,9 @@ namespace Botan { namespace TLS { -Channel::Channel(std::tr1::function<void (const byte[], size_t)> socket_output_fn, - std::tr1::function<void (const byte[], size_t, Alert)> proc_fn, - std::tr1::function<bool (const Session&)> handshake_complete) : +Channel::Channel(std::function<void (const byte[], size_t)> socket_output_fn, + std::function<void (const byte[], size_t, Alert)> proc_fn, + std::function<bool (const Session&)> handshake_complete) : proc_fn(proc_fn), handshake_fn(handshake_complete), writer(socket_output_fn), @@ -106,7 +106,7 @@ size_t Channel::received_data(const byte buf[], size_t buf_size) } else throw Unexpected_Message("Unknown TLS message type " + - to_string(rec_type) + " received"); + std::to_string(rec_type) + " received"); } return 0; // on a record boundary diff --git a/src/tls/tls_channel.h b/src/tls/tls_channel.h index aa171ca4b..c85b32ba0 100644 --- a/src/tls/tls_channel.h +++ b/src/tls/tls_channel.h @@ -62,9 +62,9 @@ class BOTAN_DLL Channel */ std::vector<X509_Certificate> peer_cert_chain() const { return peer_certs; } - Channel(std::tr1::function<void (const byte[], size_t)> socket_output_fn, - std::tr1::function<void (const byte[], size_t, Alert)> proc_fn, - std::tr1::function<bool (const Session&)> handshake_complete); + Channel(std::function<void (const byte[], size_t)> socket_output_fn, + std::function<void (const byte[], size_t, Alert)> proc_fn, + std::function<bool (const Session&)> handshake_complete); virtual ~Channel(); protected: @@ -85,8 +85,8 @@ class BOTAN_DLL Channel virtual void alert_notify(const Alert& alert) = 0; - std::tr1::function<void (const byte[], size_t, Alert)> proc_fn; - std::tr1::function<bool (const Session&)> handshake_fn; + std::function<void (const byte[], size_t, Alert)> proc_fn; + std::function<bool (const Session&)> handshake_fn; Record_Writer writer; Record_Reader reader; diff --git a/src/tls/tls_ciphersuite.cpp b/src/tls/tls_ciphersuite.cpp index 82e2cdd28..22815a048 100644 --- a/src/tls/tls_ciphersuite.cpp +++ b/src/tls/tls_ciphersuite.cpp @@ -310,7 +310,7 @@ std::string Ciphersuite::to_string() const if(cipher_algo() == "3DES") out << "3DES_EDE"; if(cipher_algo() == "Camellia") - out << "CAMELLIA_" << Botan::to_string(8*cipher_keylen()); + out << "CAMELLIA_" << std::to_string(8*cipher_keylen()); else out << replace_char(cipher_algo(), '-', '_'); diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp index 8b5ea9347..2dd30819f 100644 --- a/src/tls/tls_client.cpp +++ b/src/tls/tls_client.cpp @@ -18,15 +18,15 @@ namespace TLS { /* * TLS Client Constructor */ -Client::Client(std::tr1::function<void (const byte[], size_t)> output_fn, - std::tr1::function<void (const byte[], size_t, Alert)> proc_fn, - std::tr1::function<bool (const Session&)> handshake_fn, +Client::Client(std::function<void (const byte[], size_t)> output_fn, + std::function<void (const byte[], size_t, Alert)> proc_fn, + std::function<bool (const Session&)> handshake_fn, Session_Manager& session_manager, Credentials_Manager& creds, const Policy& policy, RandomNumberGenerator& rng, const std::string& hostname, - std::tr1::function<std::string (std::vector<std::string>)> next_protocol) : + std::function<std::string (std::vector<std::string>)> next_protocol) : Channel(output_fn, proc_fn, handshake_fn), policy(policy), rng(rng), @@ -274,7 +274,7 @@ void Client::process_handshake_msg(Handshake_Type type, throw TLS_Exception(Alert::BAD_CERTIFICATE, e.what()); } - std::auto_ptr<Public_Key> peer_key(peer_certs[0].subject_public_key()); + std::unique_ptr<Public_Key> peer_key(peer_certs[0].subject_public_key()); if(peer_key->algo_name() != state->suite.sig_algo()) throw TLS_Exception(Alert::ILLEGAL_PARAMETER, diff --git a/src/tls/tls_client.h b/src/tls/tls_client.h index f5528f4c1..cd972fa28 100644 --- a/src/tls/tls_client.h +++ b/src/tls/tls_client.h @@ -42,16 +42,16 @@ class BOTAN_DLL Client : public Channel * called with the list of protocols the server advertised; * the client should return the protocol it would like to use. */ - Client(std::tr1::function<void (const byte[], size_t)> socket_output_fn, - std::tr1::function<void (const byte[], size_t, Alert)> proc_fn, - std::tr1::function<bool (const Session&)> handshake_complete, - Session_Manager& session_manager, - Credentials_Manager& creds, - const Policy& policy, - RandomNumberGenerator& rng, - const std::string& servername = "", - std::tr1::function<std::string (std::vector<std::string>)> next_protocol = - std::tr1::function<std::string (std::vector<std::string>)>()); + Client(std::function<void (const byte[], size_t)> socket_output_fn, + std::function<void (const byte[], size_t, Alert)> proc_fn, + std::function<bool (const Session&)> handshake_complete, + Session_Manager& session_manager, + Credentials_Manager& creds, + const Policy& policy, + RandomNumberGenerator& rng, + const std::string& servername = "", + std::function<std::string (std::vector<std::string>)> next_protocol = + std::function<std::string (std::vector<std::string>)>()); void renegotiate(); private: diff --git a/src/tls/tls_extensions.cpp b/src/tls/tls_extensions.cpp index 5d345cc9b..7162dcf40 100644 --- a/src/tls/tls_extensions.cpp +++ b/src/tls/tls_extensions.cpp @@ -239,7 +239,7 @@ Maximum_Fragment_Length::Maximum_Fragment_Length(size_t max_fragment) else if(max_fragment == 4096) val = 4; else - throw std::invalid_argument("Bad setting " + to_string(max_fragment) + + throw std::invalid_argument("Bad setting " + std::to_string(max_fragment) + " for maximum fragment size"); } diff --git a/src/tls/tls_handshake_hash.cpp b/src/tls/tls_handshake_hash.cpp index 61295a95c..a9bd8dccf 100644 --- a/src/tls/tls_handshake_hash.cpp +++ b/src/tls/tls_handshake_hash.cpp @@ -35,7 +35,7 @@ SecureVector<byte> Handshake_Hash::final(Protocol_Version version, { Algorithm_Factory& af = global_state().algorithm_factory(); - std::auto_ptr<HashFunction> hash; + std::unique_ptr<HashFunction> hash; if(version == Protocol_Version::TLS_V10 || version == Protocol_Version::TLS_V11) { @@ -65,8 +65,8 @@ SecureVector<byte> Handshake_Hash::final_ssl3(const MemoryRegion<byte>& secret) Algorithm_Factory& af = global_state().algorithm_factory(); - std::auto_ptr<HashFunction> md5(af.make_hash_function("MD5")); - std::auto_ptr<HashFunction> sha1(af.make_hash_function("SHA-1")); + std::unique_ptr<HashFunction> md5(af.make_hash_function("MD5")); + std::unique_ptr<HashFunction> sha1(af.make_hash_function("SHA-1")); md5->update(data); sha1->update(data); diff --git a/src/tls/tls_handshake_state.cpp b/src/tls/tls_handshake_state.cpp index 9087031b6..86e6e0b55 100644 --- a/src/tls/tls_handshake_state.cpp +++ b/src/tls/tls_handshake_state.cpp @@ -65,7 +65,7 @@ u32bit bitmask_for_handshake_type(Handshake_Type type) return 0; default: - throw Internal_Error("Unknown handshake type " + to_string(type)); + throw Internal_Error("Unknown handshake type " + std::to_string(type)); } return 0; @@ -110,8 +110,8 @@ void Handshake_State::confirm_transition_to(Handshake_Type handshake_msg) if(!ok) throw Unexpected_Message("Unexpected state transition in handshake, got " + - to_string(handshake_msg) + " mask is " + - to_string(hand_expecting_mask)); + std::to_string(handshake_msg) + " mask is " + + std::to_string(hand_expecting_mask)); /* We don't know what to expect next, so force a call to set_expected_next; if it doesn't happen, the next transition diff --git a/src/tls/tls_handshake_state.h b/src/tls/tls_handshake_state.h index 5be5c3620..4e1cb2f25 100644 --- a/src/tls/tls_handshake_state.h +++ b/src/tls/tls_handshake_state.h @@ -15,20 +15,7 @@ #include <botan/pubkey.h> #include <utility> - -#if defined(BOTAN_USE_STD_TR1) - -#if defined(BOTAN_BUILD_COMPILER_IS_MSVC) - #include <functional> -#else - #include <tr1/functional> -#endif - -#elif defined(BOTAN_USE_BOOST_TR1) - #include <boost/tr1/functional.hpp> -#else - #error "No TR1 library defined for use" -#endif +#include <functional> namespace Botan { @@ -99,7 +86,7 @@ class Handshake_State /** * Used by client using NPN */ - std::tr1::function<std::string (std::vector<std::string>)> client_npn_cb; + std::function<std::string (std::vector<std::string>)> client_npn_cb; private: u32bit hand_expecting_mask, hand_received_mask; diff --git a/src/tls/tls_reader.h b/src/tls/tls_reader.h index 162f691aa..8c2e9efe2 100644 --- a/src/tls/tls_reader.h +++ b/src/tls/tls_reader.h @@ -154,8 +154,8 @@ class TLS_Data_Reader { if(buf.size() - offset < n) { - throw Decoding_Error("TLS_Data_Reader: Expected " + to_string(n) + - " bytes remaining, only " + to_string(buf.size()-offset) + + throw Decoding_Error("TLS_Data_Reader: Expected " + std::to_string(n) + + " bytes remaining, only " + std::to_string(buf.size()-offset) + " left"); } } diff --git a/src/tls/tls_record.h b/src/tls/tls_record.h index f91cb6fe2..6634810df 100644 --- a/src/tls/tls_record.h +++ b/src/tls/tls_record.h @@ -55,7 +55,7 @@ class BOTAN_DLL Record_Writer void send_record(byte type, const byte input[], size_t length); - std::tr1::function<void (const byte[], size_t)> m_output_fn; + std::function<void (const byte[], size_t)> m_output_fn; MemoryVector<byte> m_writebuf; diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index a7857edf3..129d5346d 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -87,9 +87,9 @@ get_server_certs(const std::string& hostname, /* * TLS Server Constructor */ -Server::Server(std::tr1::function<void (const byte[], size_t)> output_fn, - std::tr1::function<void (const byte[], size_t, Alert)> proc_fn, - std::tr1::function<bool (const Session&)> handshake_fn, +Server::Server(std::function<void (const byte[], size_t)> output_fn, + std::function<void (const byte[], size_t, Alert)> proc_fn, + std::function<bool (const Session&)> handshake_fn, Session_Manager& session_manager, Credentials_Manager& creds, const Policy& policy, diff --git a/src/tls/tls_server.h b/src/tls/tls_server.h index bb385e420..a90982066 100644 --- a/src/tls/tls_server.h +++ b/src/tls/tls_server.h @@ -26,15 +26,15 @@ class BOTAN_DLL Server : public Channel /** * Server initialization */ - Server(std::tr1::function<void (const byte[], size_t)> socket_output_fn, - std::tr1::function<void (const byte[], size_t, Alert)> proc_fn, - std::tr1::function<bool (const Session&)> handshake_complete, - Session_Manager& session_manager, - Credentials_Manager& creds, - const Policy& policy, - RandomNumberGenerator& rng, - const std::vector<std::string>& protocols = - std::vector<std::string>()); + Server(std::function<void (const byte[], size_t)> socket_output_fn, + std::function<void (const byte[], size_t, Alert)> proc_fn, + std::function<bool (const Session&)> handshake_complete, + Session_Manager& session_manager, + Credentials_Manager& creds, + const Policy& policy, + RandomNumberGenerator& rng, + const std::vector<std::string>& protocols = + std::vector<std::string>()); void renegotiate(); diff --git a/src/tls/tls_session.cpp b/src/tls/tls_session.cpp index 2e25a8ab3..6a485fd44 100644 --- a/src/tls/tls_session.cpp +++ b/src/tls/tls_session.cpp @@ -27,7 +27,7 @@ Session::Session(const MemoryRegion<byte>& session_identifier, const std::vector<X509_Certificate>& certs, const std::string& sni_hostname, const std::string& srp_identifier) : - m_start_time(system_time()), + m_start_time(std::chrono::system_clock::now()), m_identifier(session_identifier), m_master_secret(master_secret), m_version(version), @@ -54,12 +54,14 @@ Session::Session(const byte ber[], size_t ber_len) MemoryVector<byte> peer_cert_bits; + size_t start_time = 0; + BER_Decoder(ber, ber_len) .start_cons(SEQUENCE) .decode_and_check(static_cast<size_t>(TLS_SESSION_PARAM_STRUCT_VERSION), "Unknown version in session structure") .decode(m_identifier, OCTET_STRING) - .decode_integer_type(m_start_time) + .decode_integer_type(start_time) .decode_integer_type(major_version) .decode_integer_type(minor_version) .decode_integer_type(m_ciphersuite) @@ -75,6 +77,7 @@ Session::Session(const byte ber[], size_t ber_len) .verify_end(); m_version = Protocol_Version(major_version, minor_version); + m_start_time = std::chrono::system_clock::from_time_t(start_time); m_sni_hostname = sni_hostname_str.value(); m_srp_identifier = srp_identifier_str.value(); m_connection_side = static_cast<Connection_Side>(side_code); @@ -105,7 +108,7 @@ SecureVector<byte> Session::DER_encode() const .start_cons(SEQUENCE) .encode(static_cast<size_t>(TLS_SESSION_PARAM_STRUCT_VERSION)) .encode(m_identifier, OCTET_STRING) - .encode(static_cast<size_t>(m_start_time)) + .encode(static_cast<size_t>(std::chrono::system_clock::to_time_t(m_start_time))) .encode(static_cast<size_t>(m_version.major_version())) .encode(static_cast<size_t>(m_version.minor_version())) .encode(static_cast<size_t>(m_ciphersuite)) diff --git a/src/tls/tls_session.h b/src/tls/tls_session.h index 96b6d6daf..82c202ebe 100644 --- a/src/tls/tls_session.h +++ b/src/tls/tls_session.h @@ -13,6 +13,7 @@ #include <botan/tls_ciphersuite.h> #include <botan/tls_magic.h> #include <botan/secmem.h> +#include <chrono> namespace Botan { @@ -29,7 +30,7 @@ class BOTAN_DLL Session * Uninitialized session */ Session() : - m_start_time(0), + m_start_time(std::chrono::system_clock::time_point::min()), m_version(), m_ciphersuite(0), m_compression_method(0), @@ -144,12 +145,13 @@ class BOTAN_DLL Session /** * Get the time this session began (seconds since Epoch) */ - u64bit start_time() const { return m_start_time; } + std::chrono::system_clock::time_point start_time() const + { return m_start_time; } private: enum { TLS_SESSION_PARAM_STRUCT_VERSION = 1 }; - u64bit m_start_time; + std::chrono::system_clock::time_point m_start_time; MemoryVector<byte> m_identifier; SecureVector<byte> m_master_secret; diff --git a/src/tls/tls_session_key.cpp b/src/tls/tls_session_key.cpp index 83ac7540b..0f520d140 100644 --- a/src/tls/tls_session_key.cpp +++ b/src/tls/tls_session_key.cpp @@ -37,7 +37,7 @@ Session_Keys::Session_Keys(Handshake_State* state, const byte KEY_GEN_MAGIC[] = { 0x6B, 0x65, 0x79, 0x20, 0x65, 0x78, 0x70, 0x61, 0x6E, 0x73, 0x69, 0x6F, 0x6E }; - std::auto_ptr<KDF> prf(state->protocol_specific_prf()); + std::unique_ptr<KDF> prf(state->protocol_specific_prf()); if(resuming) { diff --git a/src/tls/tls_session_manager.cpp b/src/tls/tls_session_manager.cpp index 59fc75b9f..4c6bc1a47 100644 --- a/src/tls/tls_session_manager.cpp +++ b/src/tls/tls_session_manager.cpp @@ -7,7 +7,7 @@ #include <botan/tls_session_manager.h> #include <botan/hex.h> -#include <botan/time.h> +#include <chrono> namespace Botan { @@ -16,13 +16,16 @@ namespace TLS { bool Session_Manager_In_Memory::load_from_session_str( const std::string& session_str, Session& session) { - std::map<std::string, Session>::iterator i = sessions.find(session_str); + // assert(lock is held) + + auto i = sessions.find(session_str); if(i == sessions.end()) return false; - // session has expired, remove it - const u64bit now = system_time(); + // if session has expired, remove it + const auto now = std::chrono::system_clock::now(); + if(i->second.start_time() + session_lifetime < now) { sessions.erase(i); @@ -36,16 +39,20 @@ bool Session_Manager_In_Memory::load_from_session_str( bool Session_Manager_In_Memory::load_from_session_id( const MemoryRegion<byte>& session_id, Session& session) { + std::lock_guard<std::mutex> lock(mutex); + return load_from_session_str(hex_encode(session_id), session); } bool Session_Manager_In_Memory::load_from_host_info( const std::string& hostname, u16bit port, Session& session) { + std::lock_guard<std::mutex> lock(mutex); + std::map<std::string, std::string>::iterator i; if(port > 0) - i = host_sessions.find(hostname + ":" + to_string(port)); + i = host_sessions.find(hostname + ":" + std::to_string(port)); else i = host_sessions.find(hostname); @@ -64,8 +71,9 @@ bool Session_Manager_In_Memory::load_from_host_info( void Session_Manager_In_Memory::remove_entry( const MemoryRegion<byte>& session_id) { - std::map<std::string, Session>::iterator i = - sessions.find(hex_encode(session_id)); + std::lock_guard<std::mutex> lock(mutex); + + auto i = sessions.find(hex_encode(session_id)); if(i != sessions.end()) sessions.erase(i); @@ -73,6 +81,8 @@ void Session_Manager_In_Memory::remove_entry( void Session_Manager_In_Memory::save(const Session& session) { + std::lock_guard<std::mutex> lock(mutex); + if(max_sessions != 0) { /* diff --git a/src/tls/tls_session_manager.h b/src/tls/tls_session_manager.h index c25fecac4..4152f2392 100644 --- a/src/tls/tls_session_manager.h +++ b/src/tls/tls_session_manager.h @@ -9,6 +9,8 @@ #define TLS_SESSION_MANAGER_H__ #include <botan/tls_session.h> +#include <mutex> +#include <chrono> #include <map> namespace Botan { @@ -69,8 +71,6 @@ class BOTAN_DLL Session_Manager /** * A simple implementation of Session_Manager that just saves * values in memory, with no persistance abilities -* -* @todo add locking */ class BOTAN_DLL Session_Manager_In_Memory : public Session_Manager { @@ -82,7 +82,7 @@ class BOTAN_DLL Session_Manager_In_Memory : public Session_Manager * seconds have elapsed from initial handshake. */ Session_Manager_In_Memory(size_t max_sessions = 1000, - size_t session_lifetime = 7200) : + std::chrono::seconds session_lifetime = std::chrono::seconds(7200)) : max_sessions(max_sessions), session_lifetime(session_lifetime) {} @@ -101,7 +101,10 @@ class BOTAN_DLL Session_Manager_In_Memory : public Session_Manager bool load_from_session_str(const std::string& session_str, Session& session); - size_t max_sessions, session_lifetime; + std::mutex mutex; + + size_t max_sessions; + std::chrono::seconds session_lifetime; std::map<std::string, Session> sessions; // hex(session_id) -> session std::map<std::string, std::string> host_sessions; diff --git a/src/tls/tls_version.cpp b/src/tls/tls_version.cpp index 4445998eb..82dce0be9 100644 --- a/src/tls/tls_version.cpp +++ b/src/tls/tls_version.cpp @@ -19,13 +19,13 @@ std::string Protocol_Version::to_string() const // Some very new or very old protocol? if(maj != 3) - return "Protocol " + Botan::to_string(maj) + "." + Botan::to_string(min); + return "Protocol " + std::to_string(maj) + "." + std::to_string(min); if(maj == 3 && min == 0) return "SSL v3"; // The TLS v1.[0123...] case - return "TLS v1." + Botan::to_string(min-1); + return "TLS v1." + std::to_string(min-1); } } |