aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-02-20 18:33:49 +0000
committerlloyd <[email protected]>2012-02-20 18:33:49 +0000
commit7fb2de6b49d8bf42ede7b4dfda7c358bb67e5c9f (patch)
tree32319c62e13572276b52c467e4c53d4646de6cc9 /src/tls
parent8c2dc1a6c3bf352a56622d569dc855ca8d6ab5e0 (diff)
Merge fixups. Add locking to default session manager. Use chrono lib
and unique_ptr.
Diffstat (limited to 'src/tls')
-rw-r--r--src/tls/c_hello.cpp7
-rw-r--r--src/tls/c_kex.cpp5
-rw-r--r--src/tls/finished.cpp2
-rw-r--r--src/tls/rec_read.cpp2
-rw-r--r--src/tls/rec_wri.cpp6
-rw-r--r--src/tls/s_kex.cpp6
-rw-r--r--src/tls/tls_alert.cpp4
-rw-r--r--src/tls/tls_channel.cpp8
-rw-r--r--src/tls/tls_channel.h10
-rw-r--r--src/tls/tls_ciphersuite.cpp2
-rw-r--r--src/tls/tls_client.cpp10
-rw-r--r--src/tls/tls_client.h20
-rw-r--r--src/tls/tls_extensions.cpp2
-rw-r--r--src/tls/tls_handshake_hash.cpp6
-rw-r--r--src/tls/tls_handshake_state.cpp6
-rw-r--r--src/tls/tls_handshake_state.h17
-rw-r--r--src/tls/tls_reader.h4
-rw-r--r--src/tls/tls_record.h2
-rw-r--r--src/tls/tls_server.cpp6
-rw-r--r--src/tls/tls_server.h18
-rw-r--r--src/tls/tls_session.cpp9
-rw-r--r--src/tls/tls_session.h8
-rw-r--r--src/tls/tls_session_key.cpp2
-rw-r--r--src/tls/tls_session_manager.cpp24
-rw-r--r--src/tls/tls_session_manager.h11
-rw-r--r--src/tls/tls_version.cpp4
26 files changed, 105 insertions, 96 deletions
diff --git a/src/tls/c_hello.cpp b/src/tls/c_hello.cpp
index ecb6f43d6..6743254a5 100644
--- a/src/tls/c_hello.cpp
+++ b/src/tls/c_hello.cpp
@@ -11,7 +11,7 @@
#include <botan/internal/tls_extensions.h>
#include <botan/tls_record.h>
#include <botan/internal/stl_util.h>
-#include <botan/time.h>
+#include <chrono>
namespace Botan {
@@ -20,7 +20,10 @@ namespace TLS {
MemoryVector<byte> make_hello_random(RandomNumberGenerator& rng)
{
MemoryVector<byte> buf(32);
- const u32bit time32 = system_time();
+
+ const u32bit time32 = static_cast<u32bit>(
+ std::chrono::system_clock::to_time_t(std::chrono::system_clock::now()));
+
store_be(time32, buf);
rng.randomize(&buf[4], buf.size() - 4);
return buf;
diff --git a/src/tls/c_kex.cpp b/src/tls/c_kex.cpp
index 58e458e81..6728b4877 100644
--- a/src/tls/c_kex.cpp
+++ b/src/tls/c_kex.cpp
@@ -146,7 +146,8 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer,
const std::string name = Supported_Elliptic_Curves::curve_id_to_name(curve_id);
if(name == "")
- throw Decoding_Error("Server sent unknown named curve " + to_string(curve_id));
+ throw Decoding_Error("Server sent unknown named curve " +
+ std::to_string(curve_id));
EC_Group group(name);
@@ -186,7 +187,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer,
if(peer_certs.empty())
throw Internal_Error("No certificate and no server key exchange");
- std::auto_ptr<Public_Key> pub_key(peer_certs[0].subject_public_key());
+ std::unique_ptr<Public_Key> pub_key(peer_certs[0].subject_public_key());
if(const RSA_PublicKey* rsa_pub = dynamic_cast<const RSA_PublicKey*>(pub_key.get()))
{
diff --git a/src/tls/finished.cpp b/src/tls/finished.cpp
index 18cc51b96..b4c9bdc3d 100644
--- a/src/tls/finished.cpp
+++ b/src/tls/finished.cpp
@@ -46,7 +46,7 @@ MemoryVector<byte> finished_compute_verify(Handshake_State* state,
0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x66, 0x69, 0x6E, 0x69,
0x73, 0x68, 0x65, 0x64 };
- std::auto_ptr<KDF> prf(state->protocol_specific_prf());
+ std::unique_ptr<KDF> prf(state->protocol_specific_prf());
MemoryVector<byte> input;
if(side == CLIENT)
diff --git a/src/tls/rec_read.cpp b/src/tls/rec_read.cpp
index d1fab4692..bd6ae5af9 100644
--- a/src/tls/rec_read.cpp
+++ b/src/tls/rec_read.cpp
@@ -219,7 +219,7 @@ size_t Record_Reader::add_input(const byte input_array[], size_t input_sz,
m_readbuf[0] != APPLICATION_DATA)
{
throw Unexpected_Message(
- "Unknown record type " + to_string(m_readbuf[0]) + " from counterparty");
+ "Unknown record type " + std::to_string(m_readbuf[0]) + " from counterparty");
}
const size_t record_len = make_u16bit(m_readbuf[3], m_readbuf[4]);
diff --git a/src/tls/rec_wri.cpp b/src/tls/rec_wri.cpp
index 602d25397..633b63720 100644
--- a/src/tls/rec_wri.cpp
+++ b/src/tls/rec_wri.cpp
@@ -21,7 +21,7 @@ namespace TLS {
/*
* Record_Writer Constructor
*/
-Record_Writer::Record_Writer(std::tr1::function<void (const byte[], size_t)> out) :
+Record_Writer::Record_Writer(std::function<void (const byte[], size_t)> out) :
m_output_fn(out), m_writebuf(TLS_HEADER_SIZE + MAX_CIPHERTEXT_SIZE)
{
m_mac = 0;
@@ -286,8 +286,8 @@ void Record_Writer::send_record(byte type, const byte input[], size_t length)
*/
void Record_Writer::send_alert(const Alert& alert)
{
- const byte alert_bits[2] = { alert.is_fatal() ? 2 : 1,
- alert.type() };
+ const byte alert_bits[2] = { static_cast<byte>(alert.is_fatal() ? 2 : 1),
+ static_cast<byte>(alert.type()) };
send(ALERT, alert_bits, sizeof(alert_bits));
}
diff --git a/src/tls/s_kex.cpp b/src/tls/s_kex.cpp
index 6a5cdfa33..945c574b9 100644
--- a/src/tls/s_kex.cpp
+++ b/src/tls/s_kex.cpp
@@ -46,7 +46,7 @@ Server_Key_Exchange::Server_Key_Exchange(Record_Writer& writer,
if(kex_algo == "DH" || kex_algo == "DHE_PSK")
{
- std::auto_ptr<DH_PrivateKey> dh(new DH_PrivateKey(rng, policy.dh_group()));
+ std::unique_ptr<DH_PrivateKey> dh(new DH_PrivateKey(rng, policy.dh_group()));
append_tls_length_value(m_params, BigInt::encode(dh->get_domain().get_p()), 2);
append_tls_length_value(m_params, BigInt::encode(dh->get_domain().get_g()), 2);
@@ -69,7 +69,7 @@ Server_Key_Exchange::Server_Key_Exchange(Record_Writer& writer,
EC_Group ec_group(curve_name);
- std::auto_ptr<ECDH_PrivateKey> ecdh(new ECDH_PrivateKey(rng, ec_group));
+ std::unique_ptr<ECDH_PrivateKey> ecdh(new ECDH_PrivateKey(rng, ec_group));
const std::string ecdh_domain_oid = ecdh->domain().get_oid();
const std::string domain = OIDS::lookup(OID(ecdh_domain_oid));
@@ -159,7 +159,7 @@ Server_Key_Exchange::Server_Key_Exchange(const MemoryRegion<byte>& buf,
if(name == "")
throw Decoding_Error("Server_Key_Exchange: Server sent unknown named curve " +
- to_string(curve_id));
+ std::to_string(curve_id));
m_params.push_back(curve_type);
m_params.push_back(get_byte(0, curve_id));
diff --git a/src/tls/tls_alert.cpp b/src/tls/tls_alert.cpp
index b526eeac3..30c51d4c8 100644
--- a/src/tls/tls_alert.cpp
+++ b/src/tls/tls_alert.cpp
@@ -15,7 +15,7 @@ namespace TLS {
Alert::Alert(const MemoryRegion<byte>& buf)
{
if(buf.size() != 2)
- throw Decoding_Error("Alert: Bad size " + to_string(buf.size()) +
+ throw Decoding_Error("Alert: Bad size " + std::to_string(buf.size()) +
" for alert message");
if(buf[0] == 1) fatal = false;
@@ -106,7 +106,7 @@ std::string Alert::type_string() const
* compiler can warn us that it is not included in the switch
* statement.
*/
- return "unrecognized_alert_" + to_string(type());
+ return "unrecognized_alert_" + std::to_string(type());
}
diff --git a/src/tls/tls_channel.cpp b/src/tls/tls_channel.cpp
index d737ef237..fa240cc23 100644
--- a/src/tls/tls_channel.cpp
+++ b/src/tls/tls_channel.cpp
@@ -15,9 +15,9 @@ namespace Botan {
namespace TLS {
-Channel::Channel(std::tr1::function<void (const byte[], size_t)> socket_output_fn,
- std::tr1::function<void (const byte[], size_t, Alert)> proc_fn,
- std::tr1::function<bool (const Session&)> handshake_complete) :
+Channel::Channel(std::function<void (const byte[], size_t)> socket_output_fn,
+ std::function<void (const byte[], size_t, Alert)> proc_fn,
+ std::function<bool (const Session&)> handshake_complete) :
proc_fn(proc_fn),
handshake_fn(handshake_complete),
writer(socket_output_fn),
@@ -106,7 +106,7 @@ size_t Channel::received_data(const byte buf[], size_t buf_size)
}
else
throw Unexpected_Message("Unknown TLS message type " +
- to_string(rec_type) + " received");
+ std::to_string(rec_type) + " received");
}
return 0; // on a record boundary
diff --git a/src/tls/tls_channel.h b/src/tls/tls_channel.h
index aa171ca4b..c85b32ba0 100644
--- a/src/tls/tls_channel.h
+++ b/src/tls/tls_channel.h
@@ -62,9 +62,9 @@ class BOTAN_DLL Channel
*/
std::vector<X509_Certificate> peer_cert_chain() const { return peer_certs; }
- Channel(std::tr1::function<void (const byte[], size_t)> socket_output_fn,
- std::tr1::function<void (const byte[], size_t, Alert)> proc_fn,
- std::tr1::function<bool (const Session&)> handshake_complete);
+ Channel(std::function<void (const byte[], size_t)> socket_output_fn,
+ std::function<void (const byte[], size_t, Alert)> proc_fn,
+ std::function<bool (const Session&)> handshake_complete);
virtual ~Channel();
protected:
@@ -85,8 +85,8 @@ class BOTAN_DLL Channel
virtual void alert_notify(const Alert& alert) = 0;
- std::tr1::function<void (const byte[], size_t, Alert)> proc_fn;
- std::tr1::function<bool (const Session&)> handshake_fn;
+ std::function<void (const byte[], size_t, Alert)> proc_fn;
+ std::function<bool (const Session&)> handshake_fn;
Record_Writer writer;
Record_Reader reader;
diff --git a/src/tls/tls_ciphersuite.cpp b/src/tls/tls_ciphersuite.cpp
index 82e2cdd28..22815a048 100644
--- a/src/tls/tls_ciphersuite.cpp
+++ b/src/tls/tls_ciphersuite.cpp
@@ -310,7 +310,7 @@ std::string Ciphersuite::to_string() const
if(cipher_algo() == "3DES")
out << "3DES_EDE";
if(cipher_algo() == "Camellia")
- out << "CAMELLIA_" << Botan::to_string(8*cipher_keylen());
+ out << "CAMELLIA_" << std::to_string(8*cipher_keylen());
else
out << replace_char(cipher_algo(), '-', '_');
diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp
index 8b5ea9347..2dd30819f 100644
--- a/src/tls/tls_client.cpp
+++ b/src/tls/tls_client.cpp
@@ -18,15 +18,15 @@ namespace TLS {
/*
* TLS Client Constructor
*/
-Client::Client(std::tr1::function<void (const byte[], size_t)> output_fn,
- std::tr1::function<void (const byte[], size_t, Alert)> proc_fn,
- std::tr1::function<bool (const Session&)> handshake_fn,
+Client::Client(std::function<void (const byte[], size_t)> output_fn,
+ std::function<void (const byte[], size_t, Alert)> proc_fn,
+ std::function<bool (const Session&)> handshake_fn,
Session_Manager& session_manager,
Credentials_Manager& creds,
const Policy& policy,
RandomNumberGenerator& rng,
const std::string& hostname,
- std::tr1::function<std::string (std::vector<std::string>)> next_protocol) :
+ std::function<std::string (std::vector<std::string>)> next_protocol) :
Channel(output_fn, proc_fn, handshake_fn),
policy(policy),
rng(rng),
@@ -274,7 +274,7 @@ void Client::process_handshake_msg(Handshake_Type type,
throw TLS_Exception(Alert::BAD_CERTIFICATE, e.what());
}
- std::auto_ptr<Public_Key> peer_key(peer_certs[0].subject_public_key());
+ std::unique_ptr<Public_Key> peer_key(peer_certs[0].subject_public_key());
if(peer_key->algo_name() != state->suite.sig_algo())
throw TLS_Exception(Alert::ILLEGAL_PARAMETER,
diff --git a/src/tls/tls_client.h b/src/tls/tls_client.h
index f5528f4c1..cd972fa28 100644
--- a/src/tls/tls_client.h
+++ b/src/tls/tls_client.h
@@ -42,16 +42,16 @@ class BOTAN_DLL Client : public Channel
* called with the list of protocols the server advertised;
* the client should return the protocol it would like to use.
*/
- Client(std::tr1::function<void (const byte[], size_t)> socket_output_fn,
- std::tr1::function<void (const byte[], size_t, Alert)> proc_fn,
- std::tr1::function<bool (const Session&)> handshake_complete,
- Session_Manager& session_manager,
- Credentials_Manager& creds,
- const Policy& policy,
- RandomNumberGenerator& rng,
- const std::string& servername = "",
- std::tr1::function<std::string (std::vector<std::string>)> next_protocol =
- std::tr1::function<std::string (std::vector<std::string>)>());
+ Client(std::function<void (const byte[], size_t)> socket_output_fn,
+ std::function<void (const byte[], size_t, Alert)> proc_fn,
+ std::function<bool (const Session&)> handshake_complete,
+ Session_Manager& session_manager,
+ Credentials_Manager& creds,
+ const Policy& policy,
+ RandomNumberGenerator& rng,
+ const std::string& servername = "",
+ std::function<std::string (std::vector<std::string>)> next_protocol =
+ std::function<std::string (std::vector<std::string>)>());
void renegotiate();
private:
diff --git a/src/tls/tls_extensions.cpp b/src/tls/tls_extensions.cpp
index 5d345cc9b..7162dcf40 100644
--- a/src/tls/tls_extensions.cpp
+++ b/src/tls/tls_extensions.cpp
@@ -239,7 +239,7 @@ Maximum_Fragment_Length::Maximum_Fragment_Length(size_t max_fragment)
else if(max_fragment == 4096)
val = 4;
else
- throw std::invalid_argument("Bad setting " + to_string(max_fragment) +
+ throw std::invalid_argument("Bad setting " + std::to_string(max_fragment) +
" for maximum fragment size");
}
diff --git a/src/tls/tls_handshake_hash.cpp b/src/tls/tls_handshake_hash.cpp
index 61295a95c..a9bd8dccf 100644
--- a/src/tls/tls_handshake_hash.cpp
+++ b/src/tls/tls_handshake_hash.cpp
@@ -35,7 +35,7 @@ SecureVector<byte> Handshake_Hash::final(Protocol_Version version,
{
Algorithm_Factory& af = global_state().algorithm_factory();
- std::auto_ptr<HashFunction> hash;
+ std::unique_ptr<HashFunction> hash;
if(version == Protocol_Version::TLS_V10 || version == Protocol_Version::TLS_V11)
{
@@ -65,8 +65,8 @@ SecureVector<byte> Handshake_Hash::final_ssl3(const MemoryRegion<byte>& secret)
Algorithm_Factory& af = global_state().algorithm_factory();
- std::auto_ptr<HashFunction> md5(af.make_hash_function("MD5"));
- std::auto_ptr<HashFunction> sha1(af.make_hash_function("SHA-1"));
+ std::unique_ptr<HashFunction> md5(af.make_hash_function("MD5"));
+ std::unique_ptr<HashFunction> sha1(af.make_hash_function("SHA-1"));
md5->update(data);
sha1->update(data);
diff --git a/src/tls/tls_handshake_state.cpp b/src/tls/tls_handshake_state.cpp
index 9087031b6..86e6e0b55 100644
--- a/src/tls/tls_handshake_state.cpp
+++ b/src/tls/tls_handshake_state.cpp
@@ -65,7 +65,7 @@ u32bit bitmask_for_handshake_type(Handshake_Type type)
return 0;
default:
- throw Internal_Error("Unknown handshake type " + to_string(type));
+ throw Internal_Error("Unknown handshake type " + std::to_string(type));
}
return 0;
@@ -110,8 +110,8 @@ void Handshake_State::confirm_transition_to(Handshake_Type handshake_msg)
if(!ok)
throw Unexpected_Message("Unexpected state transition in handshake, got " +
- to_string(handshake_msg) + " mask is " +
- to_string(hand_expecting_mask));
+ std::to_string(handshake_msg) + " mask is " +
+ std::to_string(hand_expecting_mask));
/* We don't know what to expect next, so force a call to
set_expected_next; if it doesn't happen, the next transition
diff --git a/src/tls/tls_handshake_state.h b/src/tls/tls_handshake_state.h
index 5be5c3620..4e1cb2f25 100644
--- a/src/tls/tls_handshake_state.h
+++ b/src/tls/tls_handshake_state.h
@@ -15,20 +15,7 @@
#include <botan/pubkey.h>
#include <utility>
-
-#if defined(BOTAN_USE_STD_TR1)
-
-#if defined(BOTAN_BUILD_COMPILER_IS_MSVC)
- #include <functional>
-#else
- #include <tr1/functional>
-#endif
-
-#elif defined(BOTAN_USE_BOOST_TR1)
- #include <boost/tr1/functional.hpp>
-#else
- #error "No TR1 library defined for use"
-#endif
+#include <functional>
namespace Botan {
@@ -99,7 +86,7 @@ class Handshake_State
/**
* Used by client using NPN
*/
- std::tr1::function<std::string (std::vector<std::string>)> client_npn_cb;
+ std::function<std::string (std::vector<std::string>)> client_npn_cb;
private:
u32bit hand_expecting_mask, hand_received_mask;
diff --git a/src/tls/tls_reader.h b/src/tls/tls_reader.h
index 162f691aa..8c2e9efe2 100644
--- a/src/tls/tls_reader.h
+++ b/src/tls/tls_reader.h
@@ -154,8 +154,8 @@ class TLS_Data_Reader
{
if(buf.size() - offset < n)
{
- throw Decoding_Error("TLS_Data_Reader: Expected " + to_string(n) +
- " bytes remaining, only " + to_string(buf.size()-offset) +
+ throw Decoding_Error("TLS_Data_Reader: Expected " + std::to_string(n) +
+ " bytes remaining, only " + std::to_string(buf.size()-offset) +
" left");
}
}
diff --git a/src/tls/tls_record.h b/src/tls/tls_record.h
index f91cb6fe2..6634810df 100644
--- a/src/tls/tls_record.h
+++ b/src/tls/tls_record.h
@@ -55,7 +55,7 @@ class BOTAN_DLL Record_Writer
void send_record(byte type, const byte input[], size_t length);
- std::tr1::function<void (const byte[], size_t)> m_output_fn;
+ std::function<void (const byte[], size_t)> m_output_fn;
MemoryVector<byte> m_writebuf;
diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp
index a7857edf3..129d5346d 100644
--- a/src/tls/tls_server.cpp
+++ b/src/tls/tls_server.cpp
@@ -87,9 +87,9 @@ get_server_certs(const std::string& hostname,
/*
* TLS Server Constructor
*/
-Server::Server(std::tr1::function<void (const byte[], size_t)> output_fn,
- std::tr1::function<void (const byte[], size_t, Alert)> proc_fn,
- std::tr1::function<bool (const Session&)> handshake_fn,
+Server::Server(std::function<void (const byte[], size_t)> output_fn,
+ std::function<void (const byte[], size_t, Alert)> proc_fn,
+ std::function<bool (const Session&)> handshake_fn,
Session_Manager& session_manager,
Credentials_Manager& creds,
const Policy& policy,
diff --git a/src/tls/tls_server.h b/src/tls/tls_server.h
index bb385e420..a90982066 100644
--- a/src/tls/tls_server.h
+++ b/src/tls/tls_server.h
@@ -26,15 +26,15 @@ class BOTAN_DLL Server : public Channel
/**
* Server initialization
*/
- Server(std::tr1::function<void (const byte[], size_t)> socket_output_fn,
- std::tr1::function<void (const byte[], size_t, Alert)> proc_fn,
- std::tr1::function<bool (const Session&)> handshake_complete,
- Session_Manager& session_manager,
- Credentials_Manager& creds,
- const Policy& policy,
- RandomNumberGenerator& rng,
- const std::vector<std::string>& protocols =
- std::vector<std::string>());
+ Server(std::function<void (const byte[], size_t)> socket_output_fn,
+ std::function<void (const byte[], size_t, Alert)> proc_fn,
+ std::function<bool (const Session&)> handshake_complete,
+ Session_Manager& session_manager,
+ Credentials_Manager& creds,
+ const Policy& policy,
+ RandomNumberGenerator& rng,
+ const std::vector<std::string>& protocols =
+ std::vector<std::string>());
void renegotiate();
diff --git a/src/tls/tls_session.cpp b/src/tls/tls_session.cpp
index 2e25a8ab3..6a485fd44 100644
--- a/src/tls/tls_session.cpp
+++ b/src/tls/tls_session.cpp
@@ -27,7 +27,7 @@ Session::Session(const MemoryRegion<byte>& session_identifier,
const std::vector<X509_Certificate>& certs,
const std::string& sni_hostname,
const std::string& srp_identifier) :
- m_start_time(system_time()),
+ m_start_time(std::chrono::system_clock::now()),
m_identifier(session_identifier),
m_master_secret(master_secret),
m_version(version),
@@ -54,12 +54,14 @@ Session::Session(const byte ber[], size_t ber_len)
MemoryVector<byte> peer_cert_bits;
+ size_t start_time = 0;
+
BER_Decoder(ber, ber_len)
.start_cons(SEQUENCE)
.decode_and_check(static_cast<size_t>(TLS_SESSION_PARAM_STRUCT_VERSION),
"Unknown version in session structure")
.decode(m_identifier, OCTET_STRING)
- .decode_integer_type(m_start_time)
+ .decode_integer_type(start_time)
.decode_integer_type(major_version)
.decode_integer_type(minor_version)
.decode_integer_type(m_ciphersuite)
@@ -75,6 +77,7 @@ Session::Session(const byte ber[], size_t ber_len)
.verify_end();
m_version = Protocol_Version(major_version, minor_version);
+ m_start_time = std::chrono::system_clock::from_time_t(start_time);
m_sni_hostname = sni_hostname_str.value();
m_srp_identifier = srp_identifier_str.value();
m_connection_side = static_cast<Connection_Side>(side_code);
@@ -105,7 +108,7 @@ SecureVector<byte> Session::DER_encode() const
.start_cons(SEQUENCE)
.encode(static_cast<size_t>(TLS_SESSION_PARAM_STRUCT_VERSION))
.encode(m_identifier, OCTET_STRING)
- .encode(static_cast<size_t>(m_start_time))
+ .encode(static_cast<size_t>(std::chrono::system_clock::to_time_t(m_start_time)))
.encode(static_cast<size_t>(m_version.major_version()))
.encode(static_cast<size_t>(m_version.minor_version()))
.encode(static_cast<size_t>(m_ciphersuite))
diff --git a/src/tls/tls_session.h b/src/tls/tls_session.h
index 96b6d6daf..82c202ebe 100644
--- a/src/tls/tls_session.h
+++ b/src/tls/tls_session.h
@@ -13,6 +13,7 @@
#include <botan/tls_ciphersuite.h>
#include <botan/tls_magic.h>
#include <botan/secmem.h>
+#include <chrono>
namespace Botan {
@@ -29,7 +30,7 @@ class BOTAN_DLL Session
* Uninitialized session
*/
Session() :
- m_start_time(0),
+ m_start_time(std::chrono::system_clock::time_point::min()),
m_version(),
m_ciphersuite(0),
m_compression_method(0),
@@ -144,12 +145,13 @@ class BOTAN_DLL Session
/**
* Get the time this session began (seconds since Epoch)
*/
- u64bit start_time() const { return m_start_time; }
+ std::chrono::system_clock::time_point start_time() const
+ { return m_start_time; }
private:
enum { TLS_SESSION_PARAM_STRUCT_VERSION = 1 };
- u64bit m_start_time;
+ std::chrono::system_clock::time_point m_start_time;
MemoryVector<byte> m_identifier;
SecureVector<byte> m_master_secret;
diff --git a/src/tls/tls_session_key.cpp b/src/tls/tls_session_key.cpp
index 83ac7540b..0f520d140 100644
--- a/src/tls/tls_session_key.cpp
+++ b/src/tls/tls_session_key.cpp
@@ -37,7 +37,7 @@ Session_Keys::Session_Keys(Handshake_State* state,
const byte KEY_GEN_MAGIC[] = {
0x6B, 0x65, 0x79, 0x20, 0x65, 0x78, 0x70, 0x61, 0x6E, 0x73, 0x69, 0x6F, 0x6E };
- std::auto_ptr<KDF> prf(state->protocol_specific_prf());
+ std::unique_ptr<KDF> prf(state->protocol_specific_prf());
if(resuming)
{
diff --git a/src/tls/tls_session_manager.cpp b/src/tls/tls_session_manager.cpp
index 59fc75b9f..4c6bc1a47 100644
--- a/src/tls/tls_session_manager.cpp
+++ b/src/tls/tls_session_manager.cpp
@@ -7,7 +7,7 @@
#include <botan/tls_session_manager.h>
#include <botan/hex.h>
-#include <botan/time.h>
+#include <chrono>
namespace Botan {
@@ -16,13 +16,16 @@ namespace TLS {
bool Session_Manager_In_Memory::load_from_session_str(
const std::string& session_str, Session& session)
{
- std::map<std::string, Session>::iterator i = sessions.find(session_str);
+ // assert(lock is held)
+
+ auto i = sessions.find(session_str);
if(i == sessions.end())
return false;
- // session has expired, remove it
- const u64bit now = system_time();
+ // if session has expired, remove it
+ const auto now = std::chrono::system_clock::now();
+
if(i->second.start_time() + session_lifetime < now)
{
sessions.erase(i);
@@ -36,16 +39,20 @@ bool Session_Manager_In_Memory::load_from_session_str(
bool Session_Manager_In_Memory::load_from_session_id(
const MemoryRegion<byte>& session_id, Session& session)
{
+ std::lock_guard<std::mutex> lock(mutex);
+
return load_from_session_str(hex_encode(session_id), session);
}
bool Session_Manager_In_Memory::load_from_host_info(
const std::string& hostname, u16bit port, Session& session)
{
+ std::lock_guard<std::mutex> lock(mutex);
+
std::map<std::string, std::string>::iterator i;
if(port > 0)
- i = host_sessions.find(hostname + ":" + to_string(port));
+ i = host_sessions.find(hostname + ":" + std::to_string(port));
else
i = host_sessions.find(hostname);
@@ -64,8 +71,9 @@ bool Session_Manager_In_Memory::load_from_host_info(
void Session_Manager_In_Memory::remove_entry(
const MemoryRegion<byte>& session_id)
{
- std::map<std::string, Session>::iterator i =
- sessions.find(hex_encode(session_id));
+ std::lock_guard<std::mutex> lock(mutex);
+
+ auto i = sessions.find(hex_encode(session_id));
if(i != sessions.end())
sessions.erase(i);
@@ -73,6 +81,8 @@ void Session_Manager_In_Memory::remove_entry(
void Session_Manager_In_Memory::save(const Session& session)
{
+ std::lock_guard<std::mutex> lock(mutex);
+
if(max_sessions != 0)
{
/*
diff --git a/src/tls/tls_session_manager.h b/src/tls/tls_session_manager.h
index c25fecac4..4152f2392 100644
--- a/src/tls/tls_session_manager.h
+++ b/src/tls/tls_session_manager.h
@@ -9,6 +9,8 @@
#define TLS_SESSION_MANAGER_H__
#include <botan/tls_session.h>
+#include <mutex>
+#include <chrono>
#include <map>
namespace Botan {
@@ -69,8 +71,6 @@ class BOTAN_DLL Session_Manager
/**
* A simple implementation of Session_Manager that just saves
* values in memory, with no persistance abilities
-*
-* @todo add locking
*/
class BOTAN_DLL Session_Manager_In_Memory : public Session_Manager
{
@@ -82,7 +82,7 @@ class BOTAN_DLL Session_Manager_In_Memory : public Session_Manager
* seconds have elapsed from initial handshake.
*/
Session_Manager_In_Memory(size_t max_sessions = 1000,
- size_t session_lifetime = 7200) :
+ std::chrono::seconds session_lifetime = std::chrono::seconds(7200)) :
max_sessions(max_sessions),
session_lifetime(session_lifetime)
{}
@@ -101,7 +101,10 @@ class BOTAN_DLL Session_Manager_In_Memory : public Session_Manager
bool load_from_session_str(const std::string& session_str,
Session& session);
- size_t max_sessions, session_lifetime;
+ std::mutex mutex;
+
+ size_t max_sessions;
+ std::chrono::seconds session_lifetime;
std::map<std::string, Session> sessions; // hex(session_id) -> session
std::map<std::string, std::string> host_sessions;
diff --git a/src/tls/tls_version.cpp b/src/tls/tls_version.cpp
index 4445998eb..82dce0be9 100644
--- a/src/tls/tls_version.cpp
+++ b/src/tls/tls_version.cpp
@@ -19,13 +19,13 @@ std::string Protocol_Version::to_string() const
// Some very new or very old protocol?
if(maj != 3)
- return "Protocol " + Botan::to_string(maj) + "." + Botan::to_string(min);
+ return "Protocol " + std::to_string(maj) + "." + std::to_string(min);
if(maj == 3 && min == 0)
return "SSL v3";
// The TLS v1.[0123...] case
- return "TLS v1." + Botan::to_string(min-1);
+ return "TLS v1." + std::to_string(min-1);
}
}