aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2016-02-07 01:17:47 -0500
committerJack Lloyd <[email protected]>2016-02-07 02:30:54 -0500
commit3fcb235c98a78a3cf98633a6a6067b82d2a8b871 (patch)
tree30feb856393f4f6ec61666f94390e27ca5bd93c3 /src
parent45d2ae1b48aeebd00567d820dfb8fe261bb50be9 (diff)
Remove TLS heartbeat support.
The signature of the alert callback remains unchanged to avoid breaking applications, though now the buffer parameter is never set.
Diffstat (limited to 'src')
-rw-r--r--src/cli/tls_client.cpp2
-rw-r--r--src/lib/tls/info.txt1
-rw-r--r--src/lib/tls/msg_client_hello.cpp6
-rw-r--r--src/lib/tls/msg_server_hello.cpp6
-rw-r--r--src/lib/tls/tls_alert.cpp3
-rw-r--r--src/lib/tls/tls_alert.h3
-rw-r--r--src/lib/tls/tls_channel.cpp52
-rw-r--r--src/lib/tls/tls_channel.h22
-rw-r--r--src/lib/tls/tls_extensions.cpp3
-rw-r--r--src/lib/tls/tls_extensions.h26
-rw-r--r--src/lib/tls/tls_heartbeats.cpp90
-rw-r--r--src/lib/tls/tls_heartbeats.h44
-rw-r--r--src/lib/tls/tls_magic.h1
-rw-r--r--src/lib/tls/tls_messages.h24
-rw-r--r--src/lib/tls/tls_policy.cpp2
-rw-r--r--src/lib/tls/tls_policy.h8
16 files changed, 1 insertions, 292 deletions
diff --git a/src/cli/tls_client.cpp b/src/cli/tls_client.cpp
index a16f1ef88..62c909d5d 100644
--- a/src/cli/tls_client.cpp
+++ b/src/cli/tls_client.cpp
@@ -175,8 +175,6 @@ class TLS_Client final : public Command
client.close();
}
}
- else if(buf[0] == 'H')
- client.heartbeat(&buf[1], got-1);
else
client.send(buf, got);
}
diff --git a/src/lib/tls/info.txt b/src/lib/tls/info.txt
index 1b0cf1415..50b6dbbdf 100644
--- a/src/lib/tls/info.txt
+++ b/src/lib/tls/info.txt
@@ -25,7 +25,6 @@ tls_extensions.h
tls_handshake_hash.h
tls_handshake_io.h
tls_handshake_state.h
-tls_heartbeats.h
tls_messages.h
tls_reader.h
tls_record.h
diff --git a/src/lib/tls/msg_client_hello.cpp b/src/lib/tls/msg_client_hello.cpp
index fffb321d6..34edac29c 100644
--- a/src/lib/tls/msg_client_hello.cpp
+++ b/src/lib/tls/msg_client_hello.cpp
@@ -87,9 +87,6 @@ Client_Hello::Client_Hello(Handshake_IO& io,
m_extensions.add(new Session_Ticket());
m_extensions.add(new Supported_Elliptic_Curves(policy.allowed_ecc_curves()));
- if(policy.negotiate_heartbeat_support())
- m_extensions.add(new Heartbeat_Support_Indicator(true));
-
if(m_version.supports_negotiable_signature_algorithms())
m_extensions.add(new Signature_Algorithms(policy.allowed_signature_hashes(),
policy.allowed_signature_methods()));
@@ -144,9 +141,6 @@ Client_Hello::Client_Hello(Handshake_IO& io,
m_extensions.add(new Session_Ticket(session.session_ticket()));
m_extensions.add(new Supported_Elliptic_Curves(policy.allowed_ecc_curves()));
- if(policy.negotiate_heartbeat_support())
- m_extensions.add(new Heartbeat_Support_Indicator(true));
-
if(session.fragment_size() != 0)
m_extensions.add(new Maximum_Fragment_Length(session.fragment_size()));
diff --git a/src/lib/tls/msg_server_hello.cpp b/src/lib/tls/msg_server_hello.cpp
index 8d61fb23c..bbc483a4e 100644
--- a/src/lib/tls/msg_server_hello.cpp
+++ b/src/lib/tls/msg_server_hello.cpp
@@ -47,9 +47,6 @@ Server_Hello::Server_Hello(Handshake_IO& io,
if(size_t max_fragment_size = client_hello.fragment_size())
m_extensions.add(new Maximum_Fragment_Length(max_fragment_size));
- if(policy.negotiate_heartbeat_support() && client_hello.supports_heartbeats())
- m_extensions.add(new Heartbeat_Support_Indicator(true));
-
if(!next_protocol.empty() && client_hello.supports_alpn())
m_extensions.add(new Application_Layer_Protocol_Notification(next_protocol));
@@ -105,9 +102,6 @@ Server_Hello::Server_Hello(Handshake_IO& io,
if(size_t max_fragment_size = resumed_session.fragment_size())
m_extensions.add(new Maximum_Fragment_Length(max_fragment_size));
- if(policy.negotiate_heartbeat_support() && client_hello.supports_heartbeats())
- m_extensions.add(new Heartbeat_Support_Indicator(true));
-
if(!next_protocol.empty() && client_hello.supports_alpn())
m_extensions.add(new Application_Layer_Protocol_Notification(next_protocol));
diff --git a/src/lib/tls/tls_alert.cpp b/src/lib/tls/tls_alert.cpp
index 5cfb1b0b1..6cecb3bbe 100644
--- a/src/lib/tls/tls_alert.cpp
+++ b/src/lib/tls/tls_alert.cpp
@@ -108,9 +108,6 @@ std::string Alert::type_string() const
case NULL_ALERT:
return "none";
-
- case HEARTBEAT_PAYLOAD:
- return "heartbeat_payload";
}
/*
diff --git a/src/lib/tls/tls_alert.h b/src/lib/tls/tls_alert.h
index 81946d9db..2c82514a3 100644
--- a/src/lib/tls/tls_alert.h
+++ b/src/lib/tls/tls_alert.h
@@ -60,8 +60,7 @@ class BOTAN_DLL Alert
NO_APPLICATION_PROTOCOL = 120, // RFC 7301
// pseudo alert values
- NULL_ALERT = 256,
- HEARTBEAT_PAYLOAD = 257
+ NULL_ALERT = 256
};
/**
diff --git a/src/lib/tls/tls_channel.cpp b/src/lib/tls/tls_channel.cpp
index c7adc18cd..44627e7bc 100644
--- a/src/lib/tls/tls_channel.cpp
+++ b/src/lib/tls/tls_channel.cpp
@@ -8,7 +8,6 @@
#include <botan/tls_channel.h>
#include <botan/internal/tls_handshake_state.h>
#include <botan/internal/tls_messages.h>
-#include <botan/internal/tls_heartbeats.h>
#include <botan/internal/tls_record.h>
#include <botan/internal/tls_seq_numbers.h>
#include <botan/internal/rounding.h>
@@ -269,20 +268,6 @@ void Channel::activate_session()
}
}
-bool Channel::peer_supports_heartbeats() const
- {
- if(auto active = active_state())
- return active->server_hello()->supports_heartbeats();
- return false;
- }
-
-bool Channel::heartbeat_sending_allowed() const
- {
- if(auto active = active_state())
- return active->server_hello()->peer_can_send_heartbeats();
- return false;
- }
-
size_t Channel::received_data(const std::vector<byte>& buf)
{
return this->received_data(buf.data(), buf.size());
@@ -394,31 +379,6 @@ size_t Channel::received_data(const byte input[], size_t input_size)
}
}
}
- else if(record_type == HEARTBEAT && peer_supports_heartbeats())
- {
- if(!active_state())
- throw Unexpected_Message("Heartbeat sent before handshake done");
-
- Heartbeat_Message heartbeat(unlock(record));
-
- const std::vector<byte>& payload = heartbeat.payload();
-
- if(heartbeat.is_request())
- {
- if(!pending_state())
- {
- const std::vector<byte> padding = unlock(rng().random_vec(16));
- Heartbeat_Message response(Heartbeat_Message::RESPONSE,
- payload.data(), payload.size(), padding);
-
- send_record(HEARTBEAT, response.contents());
- }
- }
- else
- {
- m_alert_cb(Alert(Alert::HEARTBEAT_PAYLOAD), payload.data(), payload.size());
- }
- }
else if(record_type == APPLICATION_DATA)
{
if(!active_state())
@@ -486,18 +446,6 @@ size_t Channel::received_data(const byte input[], size_t input_size)
}
}
-void Channel::heartbeat(const byte payload[], size_t payload_size, size_t pad_size)
- {
- if(heartbeat_sending_allowed())
- {
- const std::vector<byte> padding = unlock(rng().random_vec(pad_size + 16));
- Heartbeat_Message heartbeat(Heartbeat_Message::REQUEST,
- payload, payload_size, padding);
-
- send_record(HEARTBEAT, heartbeat.contents());
- }
- }
-
void Channel::write_record(Connection_Cipher_State* cipher_state, u16bit epoch,
byte record_type, const byte input[], size_t length)
{
diff --git a/src/lib/tls/tls_channel.h b/src/lib/tls/tls_channel.h
index 9ef2d17c4..aca5c7138 100644
--- a/src/lib/tls/tls_channel.h
+++ b/src/lib/tls/tls_channel.h
@@ -161,28 +161,6 @@ class BOTAN_DLL Channel
*/
bool timeout_check();
- /**
- * @return true iff the peer supports heartbeat messages
- */
- bool peer_supports_heartbeats() const;
-
- /**
- * @return true iff we are allowed to send heartbeat messages
- */
- bool heartbeat_sending_allowed() const;
-
- /**
- * Attempt to send a heartbeat message (if negotiated with counterparty)
- * @param payload will be echoed back
- * @param payload_size size of payload in bytes
- * @param pad_bytes include 16 + pad_bytes extra bytes in the message (not echoed)
- */
- void heartbeat(const byte payload[], size_t payload_size, size_t pad_bytes = 0);
-
- /**
- * Attempt to send a heartbeat message (if negotiated with counterparty)
- */
- void heartbeat() { heartbeat(nullptr, 0); }
protected:
virtual void process_handshake_msg(const Handshake_State* active_state,
diff --git a/src/lib/tls/tls_extensions.cpp b/src/lib/tls/tls_extensions.cpp
index 421c9e38c..6bf32f1f1 100644
--- a/src/lib/tls/tls_extensions.cpp
+++ b/src/lib/tls/tls_extensions.cpp
@@ -48,9 +48,6 @@ Extension* make_extension(TLS_Data_Reader& reader,
case TLSEXT_EXTENDED_MASTER_SECRET:
return new Extended_Master_Secret(reader, size);
- case TLSEXT_HEARTBEAT_SUPPORT:
- return new Heartbeat_Support_Indicator(reader, size);
-
case TLSEXT_SESSION_TICKET:
return new Session_Ticket(reader, size);
diff --git a/src/lib/tls/tls_extensions.h b/src/lib/tls/tls_extensions.h
index 62ea8ef1e..8b2cbc096 100644
--- a/src/lib/tls/tls_extensions.h
+++ b/src/lib/tls/tls_extensions.h
@@ -325,32 +325,6 @@ class Signature_Algorithms final : public Extension
};
/**
-* Heartbeat Extension (RFC 6520)
-*/
-class Heartbeat_Support_Indicator final : public Extension
- {
- public:
- static Handshake_Extension_Type static_type()
- { return TLSEXT_HEARTBEAT_SUPPORT; }
-
- Handshake_Extension_Type type() const override { return static_type(); }
-
- bool peer_allowed_to_send() const { return m_peer_allowed_to_send; }
-
- std::vector<byte> serialize() const override;
-
- bool empty() const override { return false; }
-
- Heartbeat_Support_Indicator(bool peer_allowed_to_send) :
- m_peer_allowed_to_send(peer_allowed_to_send) {}
-
- Heartbeat_Support_Indicator(TLS_Data_Reader& reader, u16bit extension_size);
-
- private:
- bool m_peer_allowed_to_send;
- };
-
-/**
* Used to indicate SRTP algorithms for DTLS (RFC 5764)
*/
class SRTP_Protection_Profiles final : public Extension
diff --git a/src/lib/tls/tls_heartbeats.cpp b/src/lib/tls/tls_heartbeats.cpp
deleted file mode 100644
index 14f7db51c..000000000
--- a/src/lib/tls/tls_heartbeats.cpp
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
-* TLS Heartbeats
-* (C) 2012,2015 Jack Lloyd
-*
-* Botan is released under the Simplified BSD License (see license.txt)
-*/
-
-#include <botan/internal/tls_heartbeats.h>
-#include <botan/internal/tls_extensions.h>
-#include <botan/internal/tls_reader.h>
-#include <botan/tls_exceptn.h>
-
-namespace Botan {
-
-namespace TLS {
-
-Heartbeat_Message::Heartbeat_Message(const std::vector<byte>& buf)
- {
- TLS_Data_Reader reader("Heartbeat", buf);
-
- const byte type = reader.get_byte();
-
- if(type != 1 && type != 2)
- throw TLS_Exception(Alert::ILLEGAL_PARAMETER,
- "Unknown heartbeat message type");
-
- m_type = static_cast<Type>(type);
-
- m_payload = reader.get_range<byte>(2, 0, 16*1024);
-
- m_padding = reader.get_remaining();
-
- if(m_padding.size() < 16)
- throw Decoding_Error("Invalid heartbeat padding");
- }
-
-Heartbeat_Message::Heartbeat_Message(Type type,
- const byte payload[],
- size_t payload_len,
- const std::vector<byte>& padding) :
- m_type(type),
- m_payload(payload, payload + payload_len),
- m_padding(padding)
- {
- if(payload_len >= 64*1024)
- throw Exception("Heartbeat payload too long");
- if(m_padding.size() < 16)
- throw Exception("Invalid heartbeat padding length");
- }
-
-std::vector<byte> Heartbeat_Message::contents() const
- {
- //std::vector<byte> send_buf(3 + m_payload.size() + 16);
- std::vector<byte> send_buf;
- send_buf.reserve(3 + m_payload.size() + m_padding.size());
-
- send_buf.push_back(m_type);
- send_buf.push_back(get_byte<u16bit>(0, m_payload.size()));
- send_buf.push_back(get_byte<u16bit>(1, m_payload.size()));
- send_buf += m_payload;
- send_buf += m_padding;
-
- return send_buf;
- }
-
-std::vector<byte> Heartbeat_Support_Indicator::serialize() const
- {
- std::vector<byte> heartbeat(1);
- heartbeat[0] = (m_peer_allowed_to_send ? 1 : 2);
- return heartbeat;
- }
-
-Heartbeat_Support_Indicator::Heartbeat_Support_Indicator(TLS_Data_Reader& reader,
- u16bit extension_size)
- {
- if(extension_size != 1)
- throw Decoding_Error("Strange size for heartbeat extension");
-
- const byte code = reader.get_byte();
-
- if(code != 1 && code != 2)
- throw TLS_Exception(Alert::ILLEGAL_PARAMETER,
- "Unknown heartbeat code " + std::to_string(code));
-
- m_peer_allowed_to_send = (code == 1);
- }
-
-}
-
-}
diff --git a/src/lib/tls/tls_heartbeats.h b/src/lib/tls/tls_heartbeats.h
deleted file mode 100644
index dcb63babe..000000000
--- a/src/lib/tls/tls_heartbeats.h
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
-* TLS Heartbeats
-* (C) 2012,2015 Jack Lloyd
-*
-* Botan is released under the Simplified BSD License (see license.txt)
-*/
-
-#ifndef BOTAN_TLS_HEARTBEATS_H__
-#define BOTAN_TLS_HEARTBEATS_H__
-
-#include <botan/secmem.h>
-
-namespace Botan {
-
-namespace TLS {
-
-/**
-* TLS Heartbeat message
-*/
-class Heartbeat_Message
- {
- public:
- enum Type { REQUEST = 1, RESPONSE = 2 };
-
- std::vector<byte> contents() const;
-
- const std::vector<byte>& payload() const { return m_payload; }
-
- bool is_request() const { return m_type == REQUEST; }
-
- Heartbeat_Message(const std::vector<byte>& buf);
-
- Heartbeat_Message(Type type, const byte payload[], size_t payload_len,
- const std::vector<byte>& padding);
- private:
- Type m_type;
- std::vector<byte> m_payload, m_padding;
- };
-
-}
-
-}
-
-#endif
diff --git a/src/lib/tls/tls_magic.h b/src/lib/tls/tls_magic.h
index 6db908b08..798e428ff 100644
--- a/src/lib/tls/tls_magic.h
+++ b/src/lib/tls/tls_magic.h
@@ -31,7 +31,6 @@ enum Record_Type {
ALERT = 21,
HANDSHAKE = 22,
APPLICATION_DATA = 23,
- HEARTBEAT = 24,
NO_RECORD = 256
};
diff --git a/src/lib/tls/tls_messages.h b/src/lib/tls/tls_messages.h
index c09e4fe77..ba05ee9a7 100644
--- a/src/lib/tls/tls_messages.h
+++ b/src/lib/tls/tls_messages.h
@@ -150,18 +150,6 @@ class Client_Hello final : public Handshake_Message
return std::vector<std::string>();
}
- bool supports_heartbeats() const
- {
- return m_extensions.has<Heartbeat_Support_Indicator>();
- }
-
- bool peer_can_send_heartbeats() const
- {
- if(Heartbeat_Support_Indicator* hb = m_extensions.get<Heartbeat_Support_Indicator>())
- return hb->peer_allowed_to_send();
- return false;
- }
-
std::vector<u16bit> srtp_profiles() const
{
if(SRTP_Protection_Profiles* srtp = m_extensions.get<SRTP_Protection_Profiles>())
@@ -254,18 +242,6 @@ class Server_Hello final : public Handshake_Message
return m_extensions.has<Session_Ticket>();
}
- bool supports_heartbeats() const
- {
- return m_extensions.has<Heartbeat_Support_Indicator>();
- }
-
- bool peer_can_send_heartbeats() const
- {
- if(auto hb = m_extensions.get<Heartbeat_Support_Indicator>())
- return hb->peer_allowed_to_send();
- return false;
- }
-
u16bit srtp_profile() const
{
if(auto srtp = m_extensions.get<SRTP_Protection_Profiles>())
diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp
index 28ef2f1eb..096dffb4a 100644
--- a/src/lib/tls/tls_policy.cpp
+++ b/src/lib/tls/tls_policy.cpp
@@ -167,7 +167,6 @@ bool Policy::acceptable_ciphersuite(const Ciphersuite&) const
return true;
}
-bool Policy::negotiate_heartbeat_support() const { return false; }
bool Policy::allow_server_initiated_renegotiation() const { return false; }
bool Policy::allow_insecure_renegotiation() const { return false; }
bool Policy::include_time_in_hello_random() const { return true; }
@@ -348,7 +347,6 @@ void Policy::print(std::ostream& o) const
print_vec(o, "key_exchange_methods", allowed_key_exchange_methods());
print_vec(o, "ecc_curves", allowed_ecc_curves());
- print_bool(o, "negotiate_heartbeat_support", negotiate_heartbeat_support());
print_bool(o, "allow_insecure_renegotiation", allow_insecure_renegotiation());
print_bool(o, "include_time_in_hello_random", include_time_in_hello_random());
print_bool(o, "allow_server_initiated_renegotiation", allow_server_initiated_renegotiation());
diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h
index 0d8ebc7a1..c1f40df17 100644
--- a/src/lib/tls/tls_policy.h
+++ b/src/lib/tls/tls_policy.h
@@ -77,11 +77,6 @@ class BOTAN_DLL Policy
virtual std::string choose_curve(const std::vector<std::string>& curve_names) const;
/**
- * Attempt to negotiate the use of the heartbeat extension
- */
- virtual bool negotiate_heartbeat_support() const;
-
- /**
* Allow renegotiation even if the counterparty doesn't
* support the secure renegotiation extension.
*
@@ -269,9 +264,6 @@ class BOTAN_DLL Text_Policy : public Policy
std::vector<std::string> allowed_ecc_curves() const override
{ return get_list("ecc_curves", Policy::allowed_ecc_curves()); }
- bool negotiate_heartbeat_support() const override
- { return get_bool("negotiate_heartbeat_support", Policy::negotiate_heartbeat_support()); }
-
bool allow_insecure_renegotiation() const override
{ return get_bool("allow_insecure_renegotiation", Policy::allow_insecure_renegotiation()); }