aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-04-25 14:30:52 +0000
committerlloyd <[email protected]>2012-04-25 14:30:52 +0000
commit28c64de10a4a6621e79879fe3047983bb8da9904 (patch)
tree46587772bebc38ee512111a0d23862f1f9837433 /src/tls
parentb72a44475d06263e1492f8913310b5f29515cba6 (diff)
Huge pile of post merge fixups, mtn really fucked that merge
Diffstat (limited to 'src/tls')
-rw-r--r--src/tls/c_hello.cpp7
-rw-r--r--src/tls/c_kex.cpp4
-rw-r--r--src/tls/hello_verify.cpp2
-rw-r--r--src/tls/rec_read.cpp3
-rw-r--r--src/tls/s_kex.cpp10
-rw-r--r--src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp46
-rw-r--r--src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h6
-rw-r--r--src/tls/tls_alert.cpp3
-rw-r--r--src/tls/tls_channel.cpp9
-rw-r--r--src/tls/tls_channel.h10
-rw-r--r--src/tls/tls_ciphersuite.cpp3
-rw-r--r--src/tls/tls_client.cpp10
-rw-r--r--src/tls/tls_client.h10
-rw-r--r--src/tls/tls_extensions.cpp3
-rw-r--r--src/tls/tls_handshake_hash.cpp6
-rw-r--r--src/tls/tls_handshake_state.cpp7
-rw-r--r--src/tls/tls_handshake_state.h17
-rw-r--r--src/tls/tls_heartbeats.cpp2
-rw-r--r--src/tls/tls_record.h14
-rw-r--r--src/tls/tls_server.cpp12
-rw-r--r--src/tls/tls_server.h6
-rw-r--r--src/tls/tls_session.cpp23
-rw-r--r--src/tls/tls_session.h12
-rw-r--r--src/tls/tls_session_manager.cpp30
-rw-r--r--src/tls/tls_session_manager.h10
25 files changed, 112 insertions, 153 deletions
diff --git a/src/tls/c_hello.cpp b/src/tls/c_hello.cpp
index 056a7550f..df3957a4b 100644
--- a/src/tls/c_hello.cpp
+++ b/src/tls/c_hello.cpp
@@ -11,7 +11,7 @@
#include <botan/internal/tls_extensions.h>
#include <botan/tls_record.h>
#include <botan/internal/stl_util.h>
-#include <botan/time.h>
+#include <chrono>
namespace Botan {
@@ -24,7 +24,10 @@ enum {
MemoryVector<byte> make_hello_random(RandomNumberGenerator& rng)
{
MemoryVector<byte> buf(32);
- const u32bit time32 = system_time();
+
+ const u32bit time32 = static_cast<u32bit>(
+ std::chrono::system_clock::to_time_t(std::chrono::system_clock::now()));
+
store_be(time32, buf);
rng.randomize(&buf[4], buf.size() - 4);
return buf;
diff --git a/src/tls/c_kex.cpp b/src/tls/c_kex.cpp
index 13925a482..f97081383 100644
--- a/src/tls/c_kex.cpp
+++ b/src/tls/c_kex.cpp
@@ -149,7 +149,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer,
const std::string name = Supported_Elliptic_Curves::curve_id_to_name(curve_id);
if(name == "")
- throw Decoding_Error("Server sent unknown named curve " + to_string(curve_id));
+ throw Decoding_Error("Server sent unknown named curve " + std::to_string(curve_id));
EC_Group group(name);
@@ -216,7 +216,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer,
if(peer_certs.empty())
throw Internal_Error("No certificate and no server key exchange");
- std::auto_ptr<Public_Key> pub_key(peer_certs[0].subject_public_key());
+ std::unique_ptr<Public_Key> pub_key(peer_certs[0].subject_public_key());
if(const RSA_PublicKey* rsa_pub = dynamic_cast<const RSA_PublicKey*>(pub_key.get()))
{
diff --git a/src/tls/hello_verify.cpp b/src/tls/hello_verify.cpp
index c7aae94a1..e844d7f72 100644
--- a/src/tls/hello_verify.cpp
+++ b/src/tls/hello_verify.cpp
@@ -29,7 +29,7 @@ Hello_Verify_Request::Hello_Verify_Request(const MemoryVector<byte>& client_hell
const std::string& client_identity,
const SymmetricKey& secret_key)
{
- std::auto_ptr<MessageAuthenticationCode> hmac(get_mac("HMAC(SHA-256)"));
+ std::unique_ptr<MessageAuthenticationCode> hmac(get_mac("HMAC(SHA-256)"));
hmac->set_key(secret_key);
hmac->update_be(client_hello_bits.size());
diff --git a/src/tls/rec_read.cpp b/src/tls/rec_read.cpp
index 5d46ec1fa..b240f4703 100644
--- a/src/tls/rec_read.cpp
+++ b/src/tls/rec_read.cpp
@@ -220,7 +220,8 @@ size_t Record_Reader::add_input(const byte input_array[], size_t input_sz,
m_readbuf[0] != HEARTBEAT)
{
throw Unexpected_Message(
- "Unknown record type " + to_string(m_readbuf[0]) + " from counterparty");
+ "Unknown record type " + std::to_string(m_readbuf[0]) +
+ " from counterparty");
}
const size_t record_len = make_u16bit(m_readbuf[3], m_readbuf[4]);
diff --git a/src/tls/s_kex.cpp b/src/tls/s_kex.cpp
index 95518aa32..34cd872ac 100644
--- a/src/tls/s_kex.cpp
+++ b/src/tls/s_kex.cpp
@@ -48,7 +48,7 @@ Server_Key_Exchange::Server_Key_Exchange(Record_Writer& writer,
if(kex_algo == "DH" || kex_algo == "DHE_PSK")
{
- std::auto_ptr<DH_PrivateKey> dh(new DH_PrivateKey(rng, policy.dh_group()));
+ std::unique_ptr<DH_PrivateKey> dh(new DH_PrivateKey(rng, policy.dh_group()));
append_tls_length_value(m_params, BigInt::encode(dh->get_domain().get_p()), 2);
append_tls_length_value(m_params, BigInt::encode(dh->get_domain().get_g()), 2);
@@ -71,7 +71,7 @@ Server_Key_Exchange::Server_Key_Exchange(Record_Writer& writer,
EC_Group ec_group(curve_name);
- std::auto_ptr<ECDH_PrivateKey> ecdh(new ECDH_PrivateKey(rng, ec_group));
+ std::unique_ptr<ECDH_PrivateKey> ecdh(new ECDH_PrivateKey(rng, ec_group));
const std::string ecdh_domain_oid = ecdh->domain().get_oid();
const std::string domain = OIDS::lookup(OID(ecdh_domain_oid));
@@ -190,7 +190,7 @@ Server_Key_Exchange::Server_Key_Exchange(const MemoryRegion<byte>& buf,
if(name == "")
throw Decoding_Error("Server_Key_Exchange: Server sent unknown named curve " +
- to_string(curve_id));
+ std::to_string(curve_id));
m_params.push_back(curve_type);
m_params.push_back(get_byte(0, curve_id));
@@ -261,7 +261,7 @@ MemoryVector<byte> Server_Key_Exchange::serialize() const
bool Server_Key_Exchange::verify(const X509_Certificate& cert,
Handshake_State* state) const
{
- std::auto_ptr<Public_Key> key(cert.subject_public_key());
+ std::unique_ptr<Public_Key> key(cert.subject_public_key());
std::pair<std::string, Signature_Format> format =
state->understand_sig_format(key.get(), m_hash_algo, m_sig_algo, false);
@@ -290,5 +290,3 @@ SRP6_Server_Session& Server_Key_Exchange::server_srp_params()
}
}
-
-}
diff --git a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp
index aa9385d70..f4d0e1034 100644
--- a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp
+++ b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp
@@ -9,9 +9,9 @@
#include <botan/internal/assert.h>
#include <botan/lookup.h>
#include <botan/hex.h>
-#include <botan/time.h>
#include <botan/loadstor.h>
#include <memory>
+#include <chrono>
#include <sqlite3.h>
@@ -47,6 +47,12 @@ class sqlite3_statement
throw std::runtime_error("sqlite3_bind_int failed, code " + std::to_string(rc));
}
+ void bind(int column, std::chrono::system_clock::time_point time)
+ {
+ const int timeval = std::chrono::duration_cast<std::chrono::seconds>(time.time_since_epoch()).count();
+ bind(column, timeval);
+ }
+
void bind(int column, const MemoryRegion<byte>& val)
{
int rc = sqlite3_bind_blob(m_stmt, column, &val[0], val.size(), SQLITE_TRANSIENT);
@@ -86,38 +92,6 @@ class sqlite3_statement
{}
}
- std::pair<const byte*, size_t> get_blob(int column)
- {
- BOTAN_ASSERT(sqlite3_column_type(m_stmt, 0) == SQLITE_BLOB,
- "Return value is a blob");
-
- const void* session_blob = sqlite3_column_blob(m_stmt, column);
- const int session_blob_size = sqlite3_column_bytes(m_stmt, column);
-
- BOTAN_ASSERT(session_blob_size >= 0, "Blob size is non-negative");
-
- return std::make_pair(static_cast<const byte*>(session_blob),
- static_cast<size_t>(session_blob_size));
- }
-
- size_t get_size_t(int column)
- {
- BOTAN_ASSERT(sqlite3_column_type(m_stmt, column) == SQLITE_INTEGER,
- "Return count is an integer");
-
- const int sessions_int = sqlite3_column_int(m_stmt, column);
-
- BOTAN_ASSERT(sessions_int >= 0, "Expected size_t is non-negative");
-
- return static_cast<size_t>(sessions_int);
- }
-
- void spin()
- {
- while(sqlite3_step(m_stmt) == SQLITE_ROW)
- {}
- }
-
int step()
{
return sqlite3_step(m_stmt);
@@ -161,7 +135,7 @@ SymmetricKey derive_key(const std::string& passphrase,
size_t iterations,
size_t& check_val)
{
- std::auto_ptr<PBKDF> pbkdf(get_pbkdf("PBKDF2(SHA-512)"));
+ std::unique_ptr<PBKDF> pbkdf(get_pbkdf("PBKDF2(SHA-512)"));
SecureVector<byte> x = pbkdf->derive_key(32 + 3,
passphrase,
@@ -178,7 +152,7 @@ Session_Manager_SQLite::Session_Manager_SQLite(const std::string& passphrase,
RandomNumberGenerator& rng,
const std::string& db_filename,
size_t max_sessions,
- u32bit session_lifetime) :
+ std::chrono::seconds session_lifetime) :
m_rng(rng),
m_max_sessions(max_sessions),
m_session_lifetime(session_lifetime)
@@ -355,7 +329,7 @@ void Session_Manager_SQLite::prune_session_cache()
{
sqlite3_statement remove_expired(m_db, "delete from tls_sessions where session_start <= ?1");
- remove_expired.bind(1, system_time() - m_session_lifetime);
+ remove_expired.bind(1, std::chrono::system_clock::now() - m_session_lifetime);
remove_expired.spin();
diff --git a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h
index 57e5a58f6..cac7affd0 100644
--- a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h
+++ b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h
@@ -36,7 +36,7 @@ class BOTAN_DLL Session_Manager_SQLite : public Session_Manager
RandomNumberGenerator& rng,
const std::string& db_filename,
size_t max_sessions = 1000,
- u32bit session_lifetime = 7200);
+ std::chrono::seconds session_lifetime = std::chrono::seconds(7200));
~Session_Manager_SQLite();
@@ -50,7 +50,7 @@ class BOTAN_DLL Session_Manager_SQLite : public Session_Manager
void save(const Session& session_data);
- u32bit session_lifetime() const { return m_session_lifetime; }
+ std::chrono::seconds session_lifetime() const { return m_session_lifetime; }
private:
Session_Manager_SQLite(const Session_Manager_SQLite&);
Session_Manager_SQLite& operator=(const Session_Manager_SQLite&);
@@ -60,7 +60,7 @@ class BOTAN_DLL Session_Manager_SQLite : public Session_Manager
SymmetricKey m_session_key;
RandomNumberGenerator& m_rng;
size_t m_max_sessions;
- u32bit m_session_lifetime;
+ std::chrono::seconds m_session_lifetime;
class sqlite3* m_db;
};
diff --git a/src/tls/tls_alert.cpp b/src/tls/tls_alert.cpp
index 9b37a282f..dee082bac 100644
--- a/src/tls/tls_alert.cpp
+++ b/src/tls/tls_alert.cpp
@@ -114,10 +114,9 @@ std::string Alert::type_string() const
* compiler can warn us that it is not included in the switch
* statement.
*/
- return "unrecognized_alert_" + to_string(type());
+ return "unrecognized_alert_" + std::to_string(type());
}
-
}
}
diff --git a/src/tls/tls_channel.cpp b/src/tls/tls_channel.cpp
index 86d9db8bd..7a66eb946 100644
--- a/src/tls/tls_channel.cpp
+++ b/src/tls/tls_channel.cpp
@@ -16,9 +16,9 @@ namespace Botan {
namespace TLS {
-Channel::Channel(std::tr1::function<void (const byte[], size_t)> socket_output_fn,
- std::tr1::function<void (const byte[], size_t, Alert)> proc_fn,
- std::tr1::function<bool (const Session&)> handshake_complete) :
+Channel::Channel(std::function<void (const byte[], size_t)> socket_output_fn,
+ std::function<void (const byte[], size_t, Alert)> proc_fn,
+ std::function<bool (const Session&)> handshake_complete) :
proc_fn(proc_fn),
handshake_fn(handshake_complete),
writer(socket_output_fn),
@@ -128,7 +128,7 @@ size_t Channel::received_data(const byte buf[], size_t buf_size)
}
else
throw Unexpected_Message("Unknown TLS message type " +
- to_string(rec_type) + " received");
+ std::to_string(rec_type) + " received");
}
return 0; // on a record boundary
@@ -324,4 +324,3 @@ void Channel::Secure_Renegotiation_State::update(Finished* client_finished,
}
-}
diff --git a/src/tls/tls_channel.h b/src/tls/tls_channel.h
index 257745d80..d1131460b 100644
--- a/src/tls/tls_channel.h
+++ b/src/tls/tls_channel.h
@@ -76,9 +76,9 @@ class BOTAN_DLL Channel
*/
std::vector<X509_Certificate> peer_cert_chain() const { return peer_certs; }
- Channel(std::tr1::function<void (const byte[], size_t)> socket_output_fn,
- std::tr1::function<void (const byte[], size_t, Alert)> proc_fn,
- std::tr1::function<bool (const Session&)> handshake_complete);
+ Channel(std::function<void (const byte[], size_t)> socket_output_fn,
+ std::function<void (const byte[], size_t, Alert)> proc_fn,
+ std::function<bool (const Session&)> handshake_complete);
virtual ~Channel();
protected:
@@ -99,8 +99,8 @@ class BOTAN_DLL Channel
virtual void alert_notify(const Alert& alert) = 0;
- std::tr1::function<void (const byte[], size_t, Alert)> proc_fn;
- std::tr1::function<bool (const Session&)> handshake_fn;
+ std::function<void (const byte[], size_t, Alert)> proc_fn;
+ std::function<bool (const Session&)> handshake_fn;
Record_Writer writer;
Record_Reader reader;
diff --git a/src/tls/tls_ciphersuite.cpp b/src/tls/tls_ciphersuite.cpp
index 798df0186..e3bda06e4 100644
--- a/src/tls/tls_ciphersuite.cpp
+++ b/src/tls/tls_ciphersuite.cpp
@@ -79,7 +79,7 @@ std::string Ciphersuite::to_string() const
if(cipher_algo() == "3DES")
out << "3DES_EDE";
else if(cipher_algo() == "Camellia")
- out << "CAMELLIA_" << Botan::to_string(8*cipher_keylen());
+ out << "CAMELLIA_" << std::to_string(8*cipher_keylen());
else
out << replace_char(cipher_algo(), '-', '_');
@@ -102,4 +102,3 @@ std::string Ciphersuite::to_string() const
}
-}
diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp
index 63d0ee148..dd17db2cf 100644
--- a/src/tls/tls_client.cpp
+++ b/src/tls/tls_client.cpp
@@ -18,15 +18,15 @@ namespace TLS {
/*
* TLS Client Constructor
*/
-Client::Client(std::tr1::function<void (const byte[], size_t)> output_fn,
- std::tr1::function<void (const byte[], size_t, Alert)> proc_fn,
- std::tr1::function<bool (const Session&)> handshake_fn,
+Client::Client(std::function<void (const byte[], size_t)> output_fn,
+ std::function<void (const byte[], size_t, Alert)> proc_fn,
+ std::function<bool (const Session&)> handshake_fn,
Session_Manager& session_manager,
Credentials_Manager& creds,
const Policy& policy,
RandomNumberGenerator& rng,
const std::string& hostname,
- std::tr1::function<std::string (std::vector<std::string>)> next_protocol) :
+ std::function<std::string (std::vector<std::string>)> next_protocol) :
Channel(output_fn, proc_fn, handshake_fn),
policy(policy),
rng(rng),
@@ -314,7 +314,7 @@ void Client::process_handshake_msg(Handshake_Type type,
throw TLS_Exception(Alert::BAD_CERTIFICATE, e.what());
}
- std::auto_ptr<Public_Key> peer_key(peer_certs[0].subject_public_key());
+ std::unique_ptr<Public_Key> peer_key(peer_certs[0].subject_public_key());
if(peer_key->algo_name() != state->suite.sig_algo())
throw TLS_Exception(Alert::ILLEGAL_PARAMETER,
diff --git a/src/tls/tls_client.h b/src/tls/tls_client.h
index 4efe2a2df..297c5f611 100644
--- a/src/tls/tls_client.h
+++ b/src/tls/tls_client.h
@@ -42,16 +42,16 @@ class BOTAN_DLL Client : public Channel
* called with the list of protocols the server advertised;
* the client should return the protocol it would like to use.
*/
- Client(std::tr1::function<void (const byte[], size_t)> socket_output_fn,
- std::tr1::function<void (const byte[], size_t, Alert)> proc_fn,
- std::tr1::function<bool (const Session&)> handshake_complete,
+ Client(std::function<void (const byte[], size_t)> socket_output_fn,
+ std::function<void (const byte[], size_t, Alert)> proc_fn,
+ std::function<bool (const Session&)> handshake_complete,
Session_Manager& session_manager,
Credentials_Manager& creds,
const Policy& policy,
RandomNumberGenerator& rng,
const std::string& servername = "",
- std::tr1::function<std::string (std::vector<std::string>)> next_protocol =
- std::tr1::function<std::string (std::vector<std::string>)>());
+ std::function<std::string (std::vector<std::string>)> next_protocol =
+ std::function<std::string (std::vector<std::string>)>());
void renegotiate(bool force_full_renegotiation);
private:
diff --git a/src/tls/tls_extensions.cpp b/src/tls/tls_extensions.cpp
index f1361bbb9..6d69bfb9b 100644
--- a/src/tls/tls_extensions.cpp
+++ b/src/tls/tls_extensions.cpp
@@ -245,7 +245,8 @@ Maximum_Fragment_Length::Maximum_Fragment_Length(size_t max_fragment)
else if(max_fragment == 4096)
val = 4;
else
- throw std::invalid_argument("Bad setting " + to_string(max_fragment) +
+ throw std::invalid_argument("Bad setting " +
+ std::to_string(max_fragment) +
" for maximum fragment size");
}
diff --git a/src/tls/tls_handshake_hash.cpp b/src/tls/tls_handshake_hash.cpp
index d0c74136b..02516632e 100644
--- a/src/tls/tls_handshake_hash.cpp
+++ b/src/tls/tls_handshake_hash.cpp
@@ -35,7 +35,7 @@ SecureVector<byte> Handshake_Hash::final(Protocol_Version version,
{
Algorithm_Factory& af = global_state().algorithm_factory();
- std::auto_ptr<HashFunction> hash;
+ std::unique_ptr<HashFunction> hash;
if(version == Protocol_Version::TLS_V10 || version == Protocol_Version::TLS_V11)
{
@@ -65,8 +65,8 @@ SecureVector<byte> Handshake_Hash::final_ssl3(const MemoryRegion<byte>& secret)
Algorithm_Factory& af = global_state().algorithm_factory();
- std::auto_ptr<HashFunction> md5(af.make_hash_function("MD5"));
- std::auto_ptr<HashFunction> sha1(af.make_hash_function("SHA-1"));
+ std::unique_ptr<HashFunction> md5(af.make_hash_function("MD5"));
+ std::unique_ptr<HashFunction> sha1(af.make_hash_function("SHA-1"));
md5->update(data);
sha1->update(data);
diff --git a/src/tls/tls_handshake_state.cpp b/src/tls/tls_handshake_state.cpp
index 1a55305e3..f5a9f899c 100644
--- a/src/tls/tls_handshake_state.cpp
+++ b/src/tls/tls_handshake_state.cpp
@@ -68,7 +68,8 @@ u32bit bitmask_for_handshake_type(Handshake_Type type)
return 0;
default:
- throw Internal_Error("Unknown handshake type " + to_string(type));
+ throw Internal_Error("Unknown handshake type " +
+ std::to_string(type));
}
return 0;
@@ -123,8 +124,8 @@ void Handshake_State::confirm_transition_to(Handshake_Type handshake_msg)
if(!ok)
throw Unexpected_Message("Unexpected state transition in handshake, got " +
- to_string(handshake_msg) + " mask is " +
- to_string(hand_expecting_mask));
+ std::to_string(handshake_msg) + " mask is " +
+ std::to_string(hand_expecting_mask));
/* We don't know what to expect next, so force a call to
set_expected_next; if it doesn't happen, the next transition
diff --git a/src/tls/tls_handshake_state.h b/src/tls/tls_handshake_state.h
index ec4c2fea8..364c715f8 100644
--- a/src/tls/tls_handshake_state.h
+++ b/src/tls/tls_handshake_state.h
@@ -14,22 +14,9 @@
#include <botan/pk_keys.h>
#include <botan/pubkey.h>
+#include <functional>
#include <utility>
-#if defined(BOTAN_USE_STD_TR1)
-
-#if defined(BOTAN_BUILD_COMPILER_IS_MSVC)
- #include <functional>
-#else
- #include <tr1/functional>
-#endif
-
-#elif defined(BOTAN_USE_BOOST_TR1)
- #include <boost/tr1/functional.hpp>
-#else
- #error "No TR1 library defined for use"
-#endif
-
namespace Botan {
class KDF;
@@ -109,7 +96,7 @@ class Handshake_State
/**
* Used by client using NPN
*/
- std::tr1::function<std::string (std::vector<std::string>)> client_npn_cb;
+ std::function<std::string (std::vector<std::string>)> client_npn_cb;
Handshake_Reader* handshake_reader() { return m_handshake_reader; }
private:
diff --git a/src/tls/tls_heartbeats.cpp b/src/tls/tls_heartbeats.cpp
index a77d23534..059772d34 100644
--- a/src/tls/tls_heartbeats.cpp
+++ b/src/tls/tls_heartbeats.cpp
@@ -68,7 +68,7 @@ Heartbeat_Support_Indicator::Heartbeat_Support_Indicator(TLS_Data_Reader& reader
if(code != 1 && code != 2)
throw TLS_Exception(Alert::ILLEGAL_PARAMETER,
- "Unknown heartbeat code " + to_string(code));
+ "Unknown heartbeat code " + std::to_string(code));
m_peer_allowed_to_send = (code == 1);
}
diff --git a/src/tls/tls_record.h b/src/tls/tls_record.h
index 680ec8f7b..3b44ee1c6 100644
--- a/src/tls/tls_record.h
+++ b/src/tls/tls_record.h
@@ -22,16 +22,6 @@ namespace Botan {
namespace TLS {
-#elif defined(BOTAN_USE_BOOST_TR1)
- #include <boost/tr1/functional.hpp>
-#else
- #error "No TR1 library defined for use"
-#endif
-
-namespace Botan {
-
-namespace TLS {
-
class Session_Keys;
/**
@@ -61,7 +51,7 @@ class BOTAN_DLL Record_Writer
void set_maximum_fragment_size(size_t max_fragment);
- Record_Writer(std::tr1::function<void (const byte[], size_t)> output_fn);
+ Record_Writer(std::function<void (const byte[], size_t)> output_fn);
~Record_Writer() { delete m_mac; }
private:
@@ -70,7 +60,7 @@ class BOTAN_DLL Record_Writer
void send_record(byte type, const byte input[], size_t length);
- std::tr1::function<void (const byte[], size_t)> m_output_fn;
+ std::function<void (const byte[], size_t)> m_output_fn;
MemoryVector<byte> m_writebuf;
diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp
index 9da4ca3b8..1e8c73ec3 100644
--- a/src/tls/tls_server.cpp
+++ b/src/tls/tls_server.cpp
@@ -22,7 +22,7 @@ bool check_for_resume(Session& session_info,
Session_Manager& session_manager,
Credentials_Manager& credentials,
Client_Hello* client_hello,
- u32bit session_ticket_lifetime)
+ std::chrono::seconds session_ticket_lifetime)
{
const MemoryVector<byte>& client_session_id = client_hello->session_id();
const MemoryVector<byte>& session_ticket = client_hello->session_ticket();
@@ -45,7 +45,7 @@ bool check_for_resume(Session& session_info,
session_ticket,
credentials.psk("tls-server", "session-ticket", ""));
- if(session_ticket_lifetime &&
+ if(session_ticket_lifetime != std::chrono::seconds(0) &&
session_info.session_age() > session_ticket_lifetime)
return false; // ticket has expired
}
@@ -184,9 +184,9 @@ get_server_certs(const std::string& hostname,
/*
* TLS Server Constructor
*/
-Server::Server(std::tr1::function<void (const byte[], size_t)> output_fn,
- std::tr1::function<void (const byte[], size_t, Alert)> proc_fn,
- std::tr1::function<bool (const Session&)> handshake_fn,
+Server::Server(std::function<void (const byte[], size_t)> output_fn,
+ std::function<void (const byte[], size_t, Alert)> proc_fn,
+ std::function<bool (const Session&)> handshake_fn,
Session_Manager& session_manager,
Credentials_Manager& creds,
const Policy& policy,
@@ -302,7 +302,7 @@ void Server::process_handshake_msg(Handshake_Type type,
session_manager,
creds,
state->client_hello,
- policy.session_ticket_lifetime());
+ std::chrono::seconds(policy.session_ticket_lifetime()));
bool have_session_ticket_key = false;
diff --git a/src/tls/tls_server.h b/src/tls/tls_server.h
index 6ade91afc..684021ebc 100644
--- a/src/tls/tls_server.h
+++ b/src/tls/tls_server.h
@@ -26,9 +26,9 @@ class BOTAN_DLL Server : public Channel
/**
* Server initialization
*/
- Server(std::tr1::function<void (const byte[], size_t)> socket_output_fn,
- std::tr1::function<void (const byte[], size_t, Alert)> proc_fn,
- std::tr1::function<bool (const Session&)> handshake_complete,
+ Server(std::function<void (const byte[], size_t)> socket_output_fn,
+ std::function<void (const byte[], size_t, Alert)> proc_fn,
+ std::function<bool (const Session&)> handshake_complete,
Session_Manager& session_manager,
Credentials_Manager& creds,
const Policy& policy,
diff --git a/src/tls/tls_session.cpp b/src/tls/tls_session.cpp
index 0e8bf3051..dac38e67b 100644
--- a/src/tls/tls_session.cpp
+++ b/src/tls/tls_session.cpp
@@ -10,7 +10,6 @@
#include <botan/ber_dec.h>
#include <botan/asn1_str.h>
#include <botan/pem.h>
-#include <botan/time.h>
#include <botan/lookup.h>
#include <botan/loadstor.h>
#include <memory>
@@ -31,7 +30,7 @@ Session::Session(const MemoryRegion<byte>& session_identifier,
const MemoryRegion<byte>& ticket,
const std::string& sni_hostname,
const std::string& srp_identifier) :
- m_start_time(system_time()),
+ m_start_time(std::chrono::system_clock::now()),
m_identifier(session_identifier),
m_session_ticket(ticket),
m_master_secret(master_secret),
@@ -64,11 +63,13 @@ Session::Session(const byte ber[], size_t ber_len)
MemoryVector<byte> peer_cert_bits;
+ size_t start_time = 0;
+
BER_Decoder(ber, ber_len)
.start_cons(SEQUENCE)
.decode_and_check(static_cast<size_t>(TLS_SESSION_PARAM_STRUCT_VERSION),
"Unknown version in session structure")
- .decode_integer_type(m_start_time)
+ .decode_integer_type(start_time)
.decode_integer_type(major_version)
.decode_integer_type(minor_version)
.decode(m_identifier, OCTET_STRING)
@@ -86,6 +87,7 @@ Session::Session(const byte ber[], size_t ber_len)
.verify_end();
m_version = Protocol_Version(major_version, minor_version);
+ m_start_time = std::chrono::system_clock::from_time_t(start_time);
m_sni_hostname = sni_hostname_str.value();
m_srp_identifier = srp_identifier_str.value();
m_connection_side = static_cast<Connection_Side>(side_code);
@@ -108,7 +110,7 @@ SecureVector<byte> Session::DER_encode() const
return DER_Encoder()
.start_cons(SEQUENCE)
.encode(static_cast<size_t>(TLS_SESSION_PARAM_STRUCT_VERSION))
- .encode(static_cast<size_t>(m_start_time))
+ .encode(static_cast<size_t>(std::chrono::system_clock::to_time_t(m_start_time)))
.encode(static_cast<size_t>(m_version.major_version()))
.encode(static_cast<size_t>(m_version.minor_version()))
.encode(m_identifier, OCTET_STRING)
@@ -131,9 +133,10 @@ std::string Session::PEM_encode() const
return PEM_Code::encode(this->DER_encode(), "SSL SESSION");
}
-u32bit Session::session_age() const
+std::chrono::seconds Session::session_age() const
{
- return (system_time() - m_start_time);
+ return std::chrono::duration_cast<std::chrono::seconds>(
+ std::chrono::system_clock::now() - m_start_time);
}
namespace {
@@ -155,7 +158,7 @@ MemoryVector<byte>
Session::encrypt(const SymmetricKey& master_key,
RandomNumberGenerator& rng) const
{
- std::auto_ptr<KDF> kdf(get_kdf(SESSION_CRYPTO_KDF));
+ std::unique_ptr<KDF> kdf(get_kdf(SESSION_CRYPTO_KDF));
SymmetricKey cipher_key =
kdf->derive_key(CIPHER_KEY_LENGTH,
@@ -169,7 +172,7 @@ Session::encrypt(const SymmetricKey& master_key,
InitializationVector cipher_iv(rng, 16);
- std::auto_ptr<MessageAuthenticationCode> mac(get_mac(SESSION_CRYPTO_MAC));
+ std::unique_ptr<MessageAuthenticationCode> mac(get_mac(SESSION_CRYPTO_MAC));
mac->set_key(mac_key);
Pipe pipe(get_cipher(SESSION_CRYPTO_CIPHER, cipher_key, cipher_iv, ENCRYPTION));
@@ -203,14 +206,14 @@ Session Session::decrypt(const byte buf[], size_t buf_len,
if(load_be<u32bit>(buf, 0) != SESSION_CRYPTO_MAGIC)
throw Decoding_Error("Unknown header value in encrypted session");
- std::auto_ptr<KDF> kdf(get_kdf(SESSION_CRYPTO_KDF));
+ std::unique_ptr<KDF> kdf(get_kdf(SESSION_CRYPTO_KDF));
SymmetricKey mac_key =
kdf->derive_key(MAC_KEY_LENGTH,
master_key.bits_of(),
"tls.session.mac-key");
- std::auto_ptr<MessageAuthenticationCode> mac(get_mac(SESSION_CRYPTO_MAC));
+ std::unique_ptr<MessageAuthenticationCode> mac(get_mac(SESSION_CRYPTO_MAC));
mac->set_key(mac_key);
mac->update(&buf[0], buf_len - MAC_OUTPUT_LENGTH);
diff --git a/src/tls/tls_session.h b/src/tls/tls_session.h
index 290ee6dcc..a2b341a30 100644
--- a/src/tls/tls_session.h
+++ b/src/tls/tls_session.h
@@ -14,6 +14,7 @@
#include <botan/tls_magic.h>
#include <botan/secmem.h>
#include <botan/symkey.h>
+#include <chrono>
namespace Botan {
@@ -30,7 +31,7 @@ class BOTAN_DLL Session
* Uninitialized session
*/
Session() :
- m_start_time(0),
+ m_start_time(std::chrono::system_clock::time_point::min()),
m_version(),
m_ciphersuite(0),
m_compression_method(0),
@@ -172,14 +173,15 @@ class BOTAN_DLL Session
std::vector<X509_Certificate> peer_certs() const { return m_peer_certs; }
/**
- * Get the time this session began (seconds since Epoch)
+ * Get the wall clock time this session began
*/
- u64bit start_time() const { return m_start_time; }
+ std::chrono::system_clock::time_point start_time() const
+ { return m_start_time; }
/**
* Return how long this session has existed (in seconds)
*/
- u32bit session_age() const;
+ std::chrono::seconds session_age() const;
/**
* Return the session ticket the server gave us
@@ -189,7 +191,7 @@ class BOTAN_DLL Session
private:
enum { TLS_SESSION_PARAM_STRUCT_VERSION = 0x2994e300 };
- u64bit m_start_time;
+ std::chrono::system_clock::time_point m_start_time;
MemoryVector<byte> m_identifier;
MemoryVector<byte> m_session_ticket; // only used by client side
diff --git a/src/tls/tls_session_manager.cpp b/src/tls/tls_session_manager.cpp
index 69823e8bd..d103df35f 100644
--- a/src/tls/tls_session_manager.cpp
+++ b/src/tls/tls_session_manager.cpp
@@ -18,7 +18,7 @@ bool Session_Manager_In_Memory::load_from_session_str(
{
// assert(lock is held)
- auto i = sessions.find(session_str);
+ auto i = m_sessions.find(session_str);
if(i == m_sessions.end())
return false;
@@ -26,7 +26,7 @@ bool Session_Manager_In_Memory::load_from_session_str(
// if session has expired, remove it
const auto now = std::chrono::system_clock::now();
- if(i->second.start_time() + session_lifetime < now)
+ if(i->second.start_time() + session_lifetime() < now)
{
m_sessions.erase(i);
return false;
@@ -39,7 +39,7 @@ bool Session_Manager_In_Memory::load_from_session_str(
bool Session_Manager_In_Memory::load_from_session_id(
const MemoryRegion<byte>& session_id, Session& session)
{
- std::lock_guard<std::mutex> lock(mutex);
+ std::lock_guard<std::mutex> lock(m_mutex);
return load_from_session_str(hex_encode(session_id), session);
}
@@ -47,23 +47,23 @@ bool Session_Manager_In_Memory::load_from_session_id(
bool Session_Manager_In_Memory::load_from_host_info(
const std::string& hostname, u16bit port, Session& session)
{
- std::lock_guard<std::mutex> lock(mutex);
+ std::lock_guard<std::mutex> lock(m_mutex);
std::map<std::string, std::string>::iterator i;
if(port > 0)
- i = host_sessions.find(hostname + ":" + std::to_string(port));
+ i = m_host_sessions.find(hostname + ":" + std::to_string(port));
else
- i = host_sessions.find(hostname);
+ i = m_host_sessions.find(hostname);
- if(i == host_sessions.end())
+ if(i == m_host_sessions.end())
return false;
if(load_from_session_str(i->second, session))
return true;
- // was removed from sessions map, remove host_sessions entry
- host_sessions.erase(i);
+ // was removed from sessions map, remove m_host_sessions entry
+ m_host_sessions.erase(i);
return false;
}
@@ -71,9 +71,9 @@ bool Session_Manager_In_Memory::load_from_host_info(
void Session_Manager_In_Memory::remove_entry(
const MemoryRegion<byte>& session_id)
{
- std::lock_guard<std::mutex> lock(mutex);
+ std::lock_guard<std::mutex> lock(m_mutex);
- auto i = sessions.find(hex_encode(session_id));
+ auto i = m_sessions.find(hex_encode(session_id));
if(i != m_sessions.end())
m_sessions.erase(i);
@@ -81,9 +81,9 @@ void Session_Manager_In_Memory::remove_entry(
void Session_Manager_In_Memory::save(const Session& session)
{
- std::lock_guard<std::mutex> lock(mutex);
+ std::lock_guard<std::mutex> lock(m_mutex);
- if(max_sessions != 0)
+ if(m_max_sessions != 0)
{
/*
This removes randomly based on ordering of session ids.
@@ -95,10 +95,10 @@ void Session_Manager_In_Memory::save(const Session& session)
const std::string session_id_str = hex_encode(session.session_id());
- sessions[session_id_str] = session;
+ m_sessions[session_id_str] = session;
if(session.side() == CLIENT && session.sni_hostname() != "")
- host_sessions[session.sni_hostname()] = session_id_str;
+ m_host_sessions[session.sni_hostname()] = session_id_str;
}
}
diff --git a/src/tls/tls_session_manager.h b/src/tls/tls_session_manager.h
index 8a4f31b78..84d51406d 100644
--- a/src/tls/tls_session_manager.h
+++ b/src/tls/tls_session_manager.h
@@ -70,7 +70,7 @@ class BOTAN_DLL Session_Manager
* sessions are not resumed. Returns 0 if unknown/no explicit
* expiration policy.
*/
- virtual u32bit session_lifetime() const = 0;
+ virtual std::chrono::seconds session_lifetime() const = 0;
virtual ~Session_Manager() {}
};
@@ -89,7 +89,7 @@ class BOTAN_DLL Session_Manager_In_Memory : public Session_Manager
* seconds have elapsed from initial handshake.
*/
Session_Manager_In_Memory(size_t max_sessions = 1000,
- u32bit session_lifetime = 7200) :
+ std::chrono::seconds session_lifetime = std::chrono::seconds(7200)) :
m_max_sessions(max_sessions),
m_session_lifetime(session_lifetime)
{}
@@ -104,15 +104,17 @@ class BOTAN_DLL Session_Manager_In_Memory : public Session_Manager
void save(const Session& session_data);
- u32bit session_lifetime() const { return m_session_lifetime; }
+ std::chrono::seconds session_lifetime() const { return m_session_lifetime; }
private:
bool load_from_session_str(const std::string& session_str,
Session& session);
+ std::mutex m_mutex;
+
size_t m_max_sessions;
- u32bit m_session_lifetime;
+ std::chrono::seconds m_session_lifetime;
std::map<std::string, Session> m_sessions; // hex(session_id) -> session
std::map<std::string, std::string> m_host_sessions;