diff options
author | Jack Lloyd <[email protected]> | 2016-02-07 01:17:47 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2016-02-07 02:30:54 -0500 |
commit | 3fcb235c98a78a3cf98633a6a6067b82d2a8b871 (patch) | |
tree | 30feb856393f4f6ec61666f94390e27ca5bd93c3 /src | |
parent | 45d2ae1b48aeebd00567d820dfb8fe261bb50be9 (diff) |
Remove TLS heartbeat support.
The signature of the alert callback remains unchanged to avoid
breaking applications, though now the buffer parameter is never set.
Diffstat (limited to 'src')
-rw-r--r-- | src/cli/tls_client.cpp | 2 | ||||
-rw-r--r-- | src/lib/tls/info.txt | 1 | ||||
-rw-r--r-- | src/lib/tls/msg_client_hello.cpp | 6 | ||||
-rw-r--r-- | src/lib/tls/msg_server_hello.cpp | 6 | ||||
-rw-r--r-- | src/lib/tls/tls_alert.cpp | 3 | ||||
-rw-r--r-- | src/lib/tls/tls_alert.h | 3 | ||||
-rw-r--r-- | src/lib/tls/tls_channel.cpp | 52 | ||||
-rw-r--r-- | src/lib/tls/tls_channel.h | 22 | ||||
-rw-r--r-- | src/lib/tls/tls_extensions.cpp | 3 | ||||
-rw-r--r-- | src/lib/tls/tls_extensions.h | 26 | ||||
-rw-r--r-- | src/lib/tls/tls_heartbeats.cpp | 90 | ||||
-rw-r--r-- | src/lib/tls/tls_heartbeats.h | 44 | ||||
-rw-r--r-- | src/lib/tls/tls_magic.h | 1 | ||||
-rw-r--r-- | src/lib/tls/tls_messages.h | 24 | ||||
-rw-r--r-- | src/lib/tls/tls_policy.cpp | 2 | ||||
-rw-r--r-- | src/lib/tls/tls_policy.h | 8 |
16 files changed, 1 insertions, 292 deletions
diff --git a/src/cli/tls_client.cpp b/src/cli/tls_client.cpp index a16f1ef88..62c909d5d 100644 --- a/src/cli/tls_client.cpp +++ b/src/cli/tls_client.cpp @@ -175,8 +175,6 @@ class TLS_Client final : public Command client.close(); } } - else if(buf[0] == 'H') - client.heartbeat(&buf[1], got-1); else client.send(buf, got); } diff --git a/src/lib/tls/info.txt b/src/lib/tls/info.txt index 1b0cf1415..50b6dbbdf 100644 --- a/src/lib/tls/info.txt +++ b/src/lib/tls/info.txt @@ -25,7 +25,6 @@ tls_extensions.h tls_handshake_hash.h tls_handshake_io.h tls_handshake_state.h -tls_heartbeats.h tls_messages.h tls_reader.h tls_record.h diff --git a/src/lib/tls/msg_client_hello.cpp b/src/lib/tls/msg_client_hello.cpp index fffb321d6..34edac29c 100644 --- a/src/lib/tls/msg_client_hello.cpp +++ b/src/lib/tls/msg_client_hello.cpp @@ -87,9 +87,6 @@ Client_Hello::Client_Hello(Handshake_IO& io, m_extensions.add(new Session_Ticket()); m_extensions.add(new Supported_Elliptic_Curves(policy.allowed_ecc_curves())); - if(policy.negotiate_heartbeat_support()) - m_extensions.add(new Heartbeat_Support_Indicator(true)); - if(m_version.supports_negotiable_signature_algorithms()) m_extensions.add(new Signature_Algorithms(policy.allowed_signature_hashes(), policy.allowed_signature_methods())); @@ -144,9 +141,6 @@ Client_Hello::Client_Hello(Handshake_IO& io, m_extensions.add(new Session_Ticket(session.session_ticket())); m_extensions.add(new Supported_Elliptic_Curves(policy.allowed_ecc_curves())); - if(policy.negotiate_heartbeat_support()) - m_extensions.add(new Heartbeat_Support_Indicator(true)); - if(session.fragment_size() != 0) m_extensions.add(new Maximum_Fragment_Length(session.fragment_size())); diff --git a/src/lib/tls/msg_server_hello.cpp b/src/lib/tls/msg_server_hello.cpp index 8d61fb23c..bbc483a4e 100644 --- a/src/lib/tls/msg_server_hello.cpp +++ b/src/lib/tls/msg_server_hello.cpp @@ -47,9 +47,6 @@ Server_Hello::Server_Hello(Handshake_IO& io, if(size_t max_fragment_size = client_hello.fragment_size()) m_extensions.add(new Maximum_Fragment_Length(max_fragment_size)); - if(policy.negotiate_heartbeat_support() && client_hello.supports_heartbeats()) - m_extensions.add(new Heartbeat_Support_Indicator(true)); - if(!next_protocol.empty() && client_hello.supports_alpn()) m_extensions.add(new Application_Layer_Protocol_Notification(next_protocol)); @@ -105,9 +102,6 @@ Server_Hello::Server_Hello(Handshake_IO& io, if(size_t max_fragment_size = resumed_session.fragment_size()) m_extensions.add(new Maximum_Fragment_Length(max_fragment_size)); - if(policy.negotiate_heartbeat_support() && client_hello.supports_heartbeats()) - m_extensions.add(new Heartbeat_Support_Indicator(true)); - if(!next_protocol.empty() && client_hello.supports_alpn()) m_extensions.add(new Application_Layer_Protocol_Notification(next_protocol)); diff --git a/src/lib/tls/tls_alert.cpp b/src/lib/tls/tls_alert.cpp index 5cfb1b0b1..6cecb3bbe 100644 --- a/src/lib/tls/tls_alert.cpp +++ b/src/lib/tls/tls_alert.cpp @@ -108,9 +108,6 @@ std::string Alert::type_string() const case NULL_ALERT: return "none"; - - case HEARTBEAT_PAYLOAD: - return "heartbeat_payload"; } /* diff --git a/src/lib/tls/tls_alert.h b/src/lib/tls/tls_alert.h index 81946d9db..2c82514a3 100644 --- a/src/lib/tls/tls_alert.h +++ b/src/lib/tls/tls_alert.h @@ -60,8 +60,7 @@ class BOTAN_DLL Alert NO_APPLICATION_PROTOCOL = 120, // RFC 7301 // pseudo alert values - NULL_ALERT = 256, - HEARTBEAT_PAYLOAD = 257 + NULL_ALERT = 256 }; /** diff --git a/src/lib/tls/tls_channel.cpp b/src/lib/tls/tls_channel.cpp index c7adc18cd..44627e7bc 100644 --- a/src/lib/tls/tls_channel.cpp +++ b/src/lib/tls/tls_channel.cpp @@ -8,7 +8,6 @@ #include <botan/tls_channel.h> #include <botan/internal/tls_handshake_state.h> #include <botan/internal/tls_messages.h> -#include <botan/internal/tls_heartbeats.h> #include <botan/internal/tls_record.h> #include <botan/internal/tls_seq_numbers.h> #include <botan/internal/rounding.h> @@ -269,20 +268,6 @@ void Channel::activate_session() } } -bool Channel::peer_supports_heartbeats() const - { - if(auto active = active_state()) - return active->server_hello()->supports_heartbeats(); - return false; - } - -bool Channel::heartbeat_sending_allowed() const - { - if(auto active = active_state()) - return active->server_hello()->peer_can_send_heartbeats(); - return false; - } - size_t Channel::received_data(const std::vector<byte>& buf) { return this->received_data(buf.data(), buf.size()); @@ -394,31 +379,6 @@ size_t Channel::received_data(const byte input[], size_t input_size) } } } - else if(record_type == HEARTBEAT && peer_supports_heartbeats()) - { - if(!active_state()) - throw Unexpected_Message("Heartbeat sent before handshake done"); - - Heartbeat_Message heartbeat(unlock(record)); - - const std::vector<byte>& payload = heartbeat.payload(); - - if(heartbeat.is_request()) - { - if(!pending_state()) - { - const std::vector<byte> padding = unlock(rng().random_vec(16)); - Heartbeat_Message response(Heartbeat_Message::RESPONSE, - payload.data(), payload.size(), padding); - - send_record(HEARTBEAT, response.contents()); - } - } - else - { - m_alert_cb(Alert(Alert::HEARTBEAT_PAYLOAD), payload.data(), payload.size()); - } - } else if(record_type == APPLICATION_DATA) { if(!active_state()) @@ -486,18 +446,6 @@ size_t Channel::received_data(const byte input[], size_t input_size) } } -void Channel::heartbeat(const byte payload[], size_t payload_size, size_t pad_size) - { - if(heartbeat_sending_allowed()) - { - const std::vector<byte> padding = unlock(rng().random_vec(pad_size + 16)); - Heartbeat_Message heartbeat(Heartbeat_Message::REQUEST, - payload, payload_size, padding); - - send_record(HEARTBEAT, heartbeat.contents()); - } - } - void Channel::write_record(Connection_Cipher_State* cipher_state, u16bit epoch, byte record_type, const byte input[], size_t length) { diff --git a/src/lib/tls/tls_channel.h b/src/lib/tls/tls_channel.h index 9ef2d17c4..aca5c7138 100644 --- a/src/lib/tls/tls_channel.h +++ b/src/lib/tls/tls_channel.h @@ -161,28 +161,6 @@ class BOTAN_DLL Channel */ bool timeout_check(); - /** - * @return true iff the peer supports heartbeat messages - */ - bool peer_supports_heartbeats() const; - - /** - * @return true iff we are allowed to send heartbeat messages - */ - bool heartbeat_sending_allowed() const; - - /** - * Attempt to send a heartbeat message (if negotiated with counterparty) - * @param payload will be echoed back - * @param payload_size size of payload in bytes - * @param pad_bytes include 16 + pad_bytes extra bytes in the message (not echoed) - */ - void heartbeat(const byte payload[], size_t payload_size, size_t pad_bytes = 0); - - /** - * Attempt to send a heartbeat message (if negotiated with counterparty) - */ - void heartbeat() { heartbeat(nullptr, 0); } protected: virtual void process_handshake_msg(const Handshake_State* active_state, diff --git a/src/lib/tls/tls_extensions.cpp b/src/lib/tls/tls_extensions.cpp index 421c9e38c..6bf32f1f1 100644 --- a/src/lib/tls/tls_extensions.cpp +++ b/src/lib/tls/tls_extensions.cpp @@ -48,9 +48,6 @@ Extension* make_extension(TLS_Data_Reader& reader, case TLSEXT_EXTENDED_MASTER_SECRET: return new Extended_Master_Secret(reader, size); - case TLSEXT_HEARTBEAT_SUPPORT: - return new Heartbeat_Support_Indicator(reader, size); - case TLSEXT_SESSION_TICKET: return new Session_Ticket(reader, size); diff --git a/src/lib/tls/tls_extensions.h b/src/lib/tls/tls_extensions.h index 62ea8ef1e..8b2cbc096 100644 --- a/src/lib/tls/tls_extensions.h +++ b/src/lib/tls/tls_extensions.h @@ -325,32 +325,6 @@ class Signature_Algorithms final : public Extension }; /** -* Heartbeat Extension (RFC 6520) -*/ -class Heartbeat_Support_Indicator final : public Extension - { - public: - static Handshake_Extension_Type static_type() - { return TLSEXT_HEARTBEAT_SUPPORT; } - - Handshake_Extension_Type type() const override { return static_type(); } - - bool peer_allowed_to_send() const { return m_peer_allowed_to_send; } - - std::vector<byte> serialize() const override; - - bool empty() const override { return false; } - - Heartbeat_Support_Indicator(bool peer_allowed_to_send) : - m_peer_allowed_to_send(peer_allowed_to_send) {} - - Heartbeat_Support_Indicator(TLS_Data_Reader& reader, u16bit extension_size); - - private: - bool m_peer_allowed_to_send; - }; - -/** * Used to indicate SRTP algorithms for DTLS (RFC 5764) */ class SRTP_Protection_Profiles final : public Extension diff --git a/src/lib/tls/tls_heartbeats.cpp b/src/lib/tls/tls_heartbeats.cpp deleted file mode 100644 index 14f7db51c..000000000 --- a/src/lib/tls/tls_heartbeats.cpp +++ /dev/null @@ -1,90 +0,0 @@ -/* -* TLS Heartbeats -* (C) 2012,2015 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/internal/tls_heartbeats.h> -#include <botan/internal/tls_extensions.h> -#include <botan/internal/tls_reader.h> -#include <botan/tls_exceptn.h> - -namespace Botan { - -namespace TLS { - -Heartbeat_Message::Heartbeat_Message(const std::vector<byte>& buf) - { - TLS_Data_Reader reader("Heartbeat", buf); - - const byte type = reader.get_byte(); - - if(type != 1 && type != 2) - throw TLS_Exception(Alert::ILLEGAL_PARAMETER, - "Unknown heartbeat message type"); - - m_type = static_cast<Type>(type); - - m_payload = reader.get_range<byte>(2, 0, 16*1024); - - m_padding = reader.get_remaining(); - - if(m_padding.size() < 16) - throw Decoding_Error("Invalid heartbeat padding"); - } - -Heartbeat_Message::Heartbeat_Message(Type type, - const byte payload[], - size_t payload_len, - const std::vector<byte>& padding) : - m_type(type), - m_payload(payload, payload + payload_len), - m_padding(padding) - { - if(payload_len >= 64*1024) - throw Exception("Heartbeat payload too long"); - if(m_padding.size() < 16) - throw Exception("Invalid heartbeat padding length"); - } - -std::vector<byte> Heartbeat_Message::contents() const - { - //std::vector<byte> send_buf(3 + m_payload.size() + 16); - std::vector<byte> send_buf; - send_buf.reserve(3 + m_payload.size() + m_padding.size()); - - send_buf.push_back(m_type); - send_buf.push_back(get_byte<u16bit>(0, m_payload.size())); - send_buf.push_back(get_byte<u16bit>(1, m_payload.size())); - send_buf += m_payload; - send_buf += m_padding; - - return send_buf; - } - -std::vector<byte> Heartbeat_Support_Indicator::serialize() const - { - std::vector<byte> heartbeat(1); - heartbeat[0] = (m_peer_allowed_to_send ? 1 : 2); - return heartbeat; - } - -Heartbeat_Support_Indicator::Heartbeat_Support_Indicator(TLS_Data_Reader& reader, - u16bit extension_size) - { - if(extension_size != 1) - throw Decoding_Error("Strange size for heartbeat extension"); - - const byte code = reader.get_byte(); - - if(code != 1 && code != 2) - throw TLS_Exception(Alert::ILLEGAL_PARAMETER, - "Unknown heartbeat code " + std::to_string(code)); - - m_peer_allowed_to_send = (code == 1); - } - -} - -} diff --git a/src/lib/tls/tls_heartbeats.h b/src/lib/tls/tls_heartbeats.h deleted file mode 100644 index dcb63babe..000000000 --- a/src/lib/tls/tls_heartbeats.h +++ /dev/null @@ -1,44 +0,0 @@ -/* -* TLS Heartbeats -* (C) 2012,2015 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_TLS_HEARTBEATS_H__ -#define BOTAN_TLS_HEARTBEATS_H__ - -#include <botan/secmem.h> - -namespace Botan { - -namespace TLS { - -/** -* TLS Heartbeat message -*/ -class Heartbeat_Message - { - public: - enum Type { REQUEST = 1, RESPONSE = 2 }; - - std::vector<byte> contents() const; - - const std::vector<byte>& payload() const { return m_payload; } - - bool is_request() const { return m_type == REQUEST; } - - Heartbeat_Message(const std::vector<byte>& buf); - - Heartbeat_Message(Type type, const byte payload[], size_t payload_len, - const std::vector<byte>& padding); - private: - Type m_type; - std::vector<byte> m_payload, m_padding; - }; - -} - -} - -#endif diff --git a/src/lib/tls/tls_magic.h b/src/lib/tls/tls_magic.h index 6db908b08..798e428ff 100644 --- a/src/lib/tls/tls_magic.h +++ b/src/lib/tls/tls_magic.h @@ -31,7 +31,6 @@ enum Record_Type { ALERT = 21, HANDSHAKE = 22, APPLICATION_DATA = 23, - HEARTBEAT = 24, NO_RECORD = 256 }; diff --git a/src/lib/tls/tls_messages.h b/src/lib/tls/tls_messages.h index c09e4fe77..ba05ee9a7 100644 --- a/src/lib/tls/tls_messages.h +++ b/src/lib/tls/tls_messages.h @@ -150,18 +150,6 @@ class Client_Hello final : public Handshake_Message return std::vector<std::string>(); } - bool supports_heartbeats() const - { - return m_extensions.has<Heartbeat_Support_Indicator>(); - } - - bool peer_can_send_heartbeats() const - { - if(Heartbeat_Support_Indicator* hb = m_extensions.get<Heartbeat_Support_Indicator>()) - return hb->peer_allowed_to_send(); - return false; - } - std::vector<u16bit> srtp_profiles() const { if(SRTP_Protection_Profiles* srtp = m_extensions.get<SRTP_Protection_Profiles>()) @@ -254,18 +242,6 @@ class Server_Hello final : public Handshake_Message return m_extensions.has<Session_Ticket>(); } - bool supports_heartbeats() const - { - return m_extensions.has<Heartbeat_Support_Indicator>(); - } - - bool peer_can_send_heartbeats() const - { - if(auto hb = m_extensions.get<Heartbeat_Support_Indicator>()) - return hb->peer_allowed_to_send(); - return false; - } - u16bit srtp_profile() const { if(auto srtp = m_extensions.get<SRTP_Protection_Profiles>()) diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp index 28ef2f1eb..096dffb4a 100644 --- a/src/lib/tls/tls_policy.cpp +++ b/src/lib/tls/tls_policy.cpp @@ -167,7 +167,6 @@ bool Policy::acceptable_ciphersuite(const Ciphersuite&) const return true; } -bool Policy::negotiate_heartbeat_support() const { return false; } bool Policy::allow_server_initiated_renegotiation() const { return false; } bool Policy::allow_insecure_renegotiation() const { return false; } bool Policy::include_time_in_hello_random() const { return true; } @@ -348,7 +347,6 @@ void Policy::print(std::ostream& o) const print_vec(o, "key_exchange_methods", allowed_key_exchange_methods()); print_vec(o, "ecc_curves", allowed_ecc_curves()); - print_bool(o, "negotiate_heartbeat_support", negotiate_heartbeat_support()); print_bool(o, "allow_insecure_renegotiation", allow_insecure_renegotiation()); print_bool(o, "include_time_in_hello_random", include_time_in_hello_random()); print_bool(o, "allow_server_initiated_renegotiation", allow_server_initiated_renegotiation()); diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h index 0d8ebc7a1..c1f40df17 100644 --- a/src/lib/tls/tls_policy.h +++ b/src/lib/tls/tls_policy.h @@ -77,11 +77,6 @@ class BOTAN_DLL Policy virtual std::string choose_curve(const std::vector<std::string>& curve_names) const; /** - * Attempt to negotiate the use of the heartbeat extension - */ - virtual bool negotiate_heartbeat_support() const; - - /** * Allow renegotiation even if the counterparty doesn't * support the secure renegotiation extension. * @@ -269,9 +264,6 @@ class BOTAN_DLL Text_Policy : public Policy std::vector<std::string> allowed_ecc_curves() const override { return get_list("ecc_curves", Policy::allowed_ecc_curves()); } - bool negotiate_heartbeat_support() const override - { return get_bool("negotiate_heartbeat_support", Policy::negotiate_heartbeat_support()); } - bool allow_insecure_renegotiation() const override { return get_bool("allow_insecure_renegotiation", Policy::allow_insecure_renegotiation()); } |