diff options
Diffstat (limited to 'src/ssl')
-rw-r--r-- | src/ssl/cert_req.cpp | 31 | ||||
-rw-r--r-- | src/ssl/cert_ver.cpp | 2 | ||||
-rw-r--r-- | src/ssl/hello.cpp | 50 | ||||
-rw-r--r-- | src/ssl/rec_read.cpp | 16 | ||||
-rw-r--r-- | src/ssl/rec_wri.cpp | 10 | ||||
-rw-r--r-- | src/ssl/s_kex.cpp | 14 | ||||
-rw-r--r-- | src/ssl/tls_client.cpp | 4 | ||||
-rw-r--r-- | src/ssl/tls_handshake_hash.cpp | 12 | ||||
-rw-r--r-- | src/ssl/tls_policy.cpp | 30 | ||||
-rw-r--r-- | src/ssl/tls_server.cpp | 40 |
10 files changed, 108 insertions, 101 deletions
diff --git a/src/ssl/cert_req.cpp b/src/ssl/cert_req.cpp index e72ffe735..b8b2624bf 100644 --- a/src/ssl/cert_req.cpp +++ b/src/ssl/cert_req.cpp @@ -21,7 +21,7 @@ Certificate_Req::Certificate_Req(Record_Writer& writer, HandshakeHash& hash, const std::vector<X509_Certificate>& certs) { - for(u32bit i = 0; i != certs.size(); i++) + for(size_t i = 0; i != certs.size(); ++i) names.push_back(certs[i].subject_dn()); // FIXME: should be able to choose what to ask for @@ -41,7 +41,7 @@ SecureVector<byte> Certificate_Req::serialize() const append_tls_length_value(buf, types, 1); DER_Encoder encoder; - for(u32bit i = 0; i != names.size(); i++) + for(size_t i = 0; i != names.size(); ++i) encoder.encode(names[i]); append_tls_length_value(buf, encoder.get_contents(), 2); @@ -57,15 +57,15 @@ void Certificate_Req::deserialize(const MemoryRegion<byte>& buf) if(buf.size() < 4) throw Decoding_Error("Certificate_Req: Bad certificate request"); - u32bit types_size = buf[0]; + size_t types_size = buf[0]; if(buf.size() < types_size + 3) throw Decoding_Error("Certificate_Req: Bad certificate request"); - for(u32bit i = 0; i != types_size; i++) + for(size_t i = 0; i != types_size; ++i) types.push_back(static_cast<Certificate_Type>(buf[i+1])); - u32bit names_size = make_u16bit(buf[types_size+2], buf[types_size+3]); + size_t names_size = make_u16bit(buf[types_size+2], buf[types_size+3]); if(buf.size() != names_size + types_size + 3) throw Decoding_Error("Certificate_Req: Bad certificate request"); @@ -98,18 +98,18 @@ SecureVector<byte> Certificate::serialize() const { SecureVector<byte> buf(3); - for(u32bit i = 0; i != certs.size(); i++) + for(size_t i = 0; i != certs.size(); ++i) { SecureVector<byte> raw_cert = certs[i].BER_encode(); - u32bit cert_size = raw_cert.size(); - for(u32bit j = 0; j != 3; j++) - buf.push_back(get_byte(j+1, cert_size)); + const size_t cert_size = raw_cert.size(); + for(size_t i = 0; i != 3; ++i) + buf.push_back(get_byte<u32bit>(i+1, cert_size)); buf += raw_cert; } - u32bit buf_size = buf.size() - 3; - for(u32bit i = 0; i != 3; i++) - buf[i] = get_byte(i+1, buf_size); + const size_t buf_size = buf.size() - 3; + for(size_t i = 0; i != 3; ++i) + buf[i] = get_byte<u32bit>(i+1, buf_size); return buf; } @@ -122,7 +122,7 @@ void Certificate::deserialize(const MemoryRegion<byte>& buf) if(buf.size() < 3) throw Decoding_Error("Certificate: Message malformed"); - u32bit total_size = make_u32bit(0, buf[0], buf[1], buf[2]); + const size_t total_size = make_u32bit(0, buf[0], buf[1], buf[2]); SecureQueue queue; queue.write(&buf[3], buf.size() - 3); @@ -137,9 +137,10 @@ void Certificate::deserialize(const MemoryRegion<byte>& buf) byte len[3]; queue.read(len, 3); - u32bit cert_size = make_u32bit(0, len[0], len[1], len[2]); - u32bit original_size = queue.size(); + const size_t cert_size = make_u32bit(0, len[0], len[1], len[2]); + const size_t original_size = queue.size(); + X509_Certificate cert(queue); if(queue.size() + cert_size != original_size) throw Decoding_Error("Certificate: Message malformed"); diff --git a/src/ssl/cert_ver.cpp b/src/ssl/cert_ver.cpp index 293f643dc..3220a8c9e 100644 --- a/src/ssl/cert_ver.cpp +++ b/src/ssl/cert_ver.cpp @@ -50,7 +50,7 @@ SecureVector<byte> Certificate_Verify::serialize() const { SecureVector<byte> buf; - u16bit sig_len = signature.size(); + const u16bit sig_len = signature.size(); buf.push_back(get_byte(0, sig_len)); buf.push_back(get_byte(1, sig_len)); buf += signature; diff --git a/src/ssl/hello.cpp b/src/ssl/hello.cpp index a06fd75b4..1efef9213 100644 --- a/src/ssl/hello.cpp +++ b/src/ssl/hello.cpp @@ -10,7 +10,7 @@ namespace Botan { -/** +/* * Encode and send a Handshake message */ void HandshakeMessage::send(Record_Writer& writer, HandshakeHash& hash) const @@ -18,12 +18,12 @@ void HandshakeMessage::send(Record_Writer& writer, HandshakeHash& hash) const SecureVector<byte> buf = serialize(); SecureVector<byte> send_buf(4); - u32bit buf_size = buf.size(); + const size_t buf_size = buf.size(); send_buf[0] = type(); - send_buf[1] = get_byte(1, buf_size); - send_buf[2] = get_byte(2, buf_size); - send_buf[3] = get_byte(3, buf_size); + + for(size_t i = 1; i != 4; ++i) + send_buf[i] = get_byte<u32bit>(i, buf_size); send_buf += buf; @@ -33,7 +33,7 @@ void HandshakeMessage::send(Record_Writer& writer, HandshakeHash& hash) const writer.flush(); } -/** +/* * Create a new Hello Request message */ Hello_Request::Hello_Request(Record_Writer& writer) @@ -42,7 +42,7 @@ Hello_Request::Hello_Request(Record_Writer& writer) send(writer, dummy); } -/** +/* * Serialize a Hello Request message */ SecureVector<byte> Hello_Request::serialize() const @@ -50,7 +50,7 @@ SecureVector<byte> Hello_Request::serialize() const return SecureVector<byte>(); } -/** +/* * Deserialize a Hello Request message */ void Hello_Request::deserialize(const MemoryRegion<byte>& buf) @@ -59,7 +59,7 @@ void Hello_Request::deserialize(const MemoryRegion<byte>& buf) throw Decoding_Error("Hello_Request: Must be empty, and is not"); } -/** +/* * Create a new Client Hello message */ Client_Hello::Client_Hello(RandomNumberGenerator& rng, @@ -76,7 +76,7 @@ Client_Hello::Client_Hello(RandomNumberGenerator& rng, send(writer, hash); } -/** +/* * Serialize a Client Hello message */ SecureVector<byte> Client_Hello::serialize() const @@ -99,11 +99,11 @@ void Client_Hello::deserialize_sslv2(const MemoryRegion<byte>& buf) if(buf.size() < 12 || buf[0] != 1) throw Decoding_Error("Client_Hello: SSLv2 hello corrupted"); - const u32bit cipher_spec_len = make_u16bit(buf[3], buf[4]); - const u32bit sess_id_len = make_u16bit(buf[5], buf[6]); - const u32bit challenge_len = make_u16bit(buf[7], buf[8]); + const size_t cipher_spec_len = make_u16bit(buf[3], buf[4]); + const size_t sess_id_len = make_u16bit(buf[5], buf[6]); + const size_t challenge_len = make_u16bit(buf[7], buf[8]); - const u32bit expected_size = + const size_t expected_size = (9 + sess_id_len + cipher_spec_len + challenge_len); if(buf.size() != expected_size) @@ -115,7 +115,7 @@ void Client_Hello::deserialize_sslv2(const MemoryRegion<byte>& buf) throw Decoding_Error("Client_Hello: SSLv2 hello corrupted"); } - for(u32bit i = 9; i != 9 + cipher_spec_len; i += 3) + for(size_t i = 9; i != 9 + cipher_spec_len; i += 3) { if(buf[i] != 0) // a SSLv2 cipherspec; ignore it continue; @@ -128,7 +128,7 @@ void Client_Hello::deserialize_sslv2(const MemoryRegion<byte>& buf) c_random.set(&buf[9+cipher_spec_len+sess_id_len], challenge_len); } -/** +/* * Deserialize a Client Hello message */ void Client_Hello::deserialize(const MemoryRegion<byte>& buf) @@ -196,18 +196,18 @@ void Client_Hello::deserialize(const MemoryRegion<byte>& buf) } } -/** +/* * Check if we offered this ciphersuite */ bool Client_Hello::offered_suite(u16bit ciphersuite) const { - for(u32bit i = 0; i != suites.size(); i++) + for(size_t i = 0; i != suites.size(); ++i) if(suites[i] == ciphersuite) return true; return false; } -/** +/* * Create a new Server Hello message */ Server_Hello::Server_Hello(RandomNumberGenerator& rng, @@ -220,7 +220,7 @@ Server_Hello::Server_Hello(RandomNumberGenerator& rng, { bool have_rsa = false, have_dsa = false; - for(u32bit i = 0; i != certs.size(); i++) + for(size_t i = 0; i != certs.size(); ++i) { Public_Key* key = certs[i].subject_public_key(); if(key->algo_name() == "RSA") @@ -244,7 +244,7 @@ Server_Hello::Server_Hello(RandomNumberGenerator& rng, send(writer, hash); } -/** +/* * Serialize a Server Hello message */ SecureVector<byte> Server_Hello::serialize() const @@ -265,7 +265,7 @@ SecureVector<byte> Server_Hello::serialize() const return buf; } -/** +/* * Deserialize a Server Hello message */ void Server_Hello::deserialize(const MemoryRegion<byte>& buf) @@ -292,7 +292,7 @@ void Server_Hello::deserialize(const MemoryRegion<byte>& buf) comp_algo = reader.get_byte(); } -/** +/* * Create a new Server Hello Done message */ Server_Hello_Done::Server_Hello_Done(Record_Writer& writer, @@ -301,7 +301,7 @@ Server_Hello_Done::Server_Hello_Done(Record_Writer& writer, send(writer, hash); } -/** +/* * Serialize a Server Hello Done message */ SecureVector<byte> Server_Hello_Done::serialize() const @@ -309,7 +309,7 @@ SecureVector<byte> Server_Hello_Done::serialize() const return SecureVector<byte>(); } -/** +/* * Deserialize a Server Hello Done message */ void Server_Hello_Done::deserialize(const MemoryRegion<byte>& buf) diff --git a/src/ssl/rec_read.cpp b/src/ssl/rec_read.cpp index 0886a688f..e34359862 100644 --- a/src/ssl/rec_read.cpp +++ b/src/ssl/rec_read.cpp @@ -206,8 +206,8 @@ size_t Record_Reader::get_record(byte& msg_type, } else { - for(size_t j = 0; j != pad_size; j++) - if(plaintext[plaintext.size()-j-1] != pad_value) + for(size_t i = 0; i != pad_size; ++i) + if(plaintext[plaintext.size()-i-1] != pad_value) pad_size = 0; } } @@ -222,16 +222,16 @@ size_t Record_Reader::get_record(byte& msg_type, const u16bit plain_length = plaintext.size() - (mac_size + pad_size + iv_size); mac.start_msg(); - for(size_t j = 0; j != 8; j++) - mac.write(get_byte(j, seq_no)); + for(size_t i = 0; i != 8; ++i) + mac.write(get_byte(i, seq_no)); mac.write(header[0]); // msg_type if(version != SSL_V3) - for(size_t j = 0; j != 2; j++) - mac.write(get_byte(j, version)); + for(size_t i = 0; i != 2; ++i) + mac.write(get_byte(i, version)); - for(size_t j = 0; j != 2; j++) - mac.write(get_byte(j, plain_length)); + for(size_t i = 0; i != 2; ++i) + mac.write(get_byte(i, plain_length)); mac.write(&plaintext[iv_size], plain_length); mac.end_msg(); diff --git a/src/ssl/rec_wri.cpp b/src/ssl/rec_wri.cpp index addb159ef..57eb62f6e 100644 --- a/src/ssl/rec_wri.cpp +++ b/src/ssl/rec_wri.cpp @@ -190,8 +190,8 @@ void Record_Writer::send_record(byte type, const byte buf[], size_t length) else { mac.start_msg(); - for(size_t j = 0; j != 8; j++) - mac.write(get_byte(j, seq_no)); + for(size_t i = 0; i != 8; ++i) + mac.write(get_byte(i, seq_no)); mac.write(type); if(major > 3 || (major == 3 && minor != 0)) @@ -230,7 +230,7 @@ void Record_Writer::send_record(byte type, const byte buf[], size_t length) size_t pad_val = (block_size - (1 + length + buf_mac.size())) % block_size; - for(size_t j = 0; j != pad_val + 1; j++) + for(size_t i = 0; i != pad_val + 1; ++i) cipher.write(pad_val); } cipher.end_msg(); @@ -254,8 +254,8 @@ void Record_Writer::send_record(byte type, byte major, byte minor, "Record_Writer: Record is too big"); byte header[5] = { type, major, minor, 0 }; - for(size_t j = 0; j != 2; j++) - header[j+3] = get_byte<u16bit>(j, length); + for(size_t i = 0; i != 2; ++i) + header[i+3] = get_byte<u16bit>(i, length); socket.write(header, 5); socket.write(out, length); diff --git a/src/ssl/s_kex.cpp b/src/ssl/s_kex.cpp index f9a595fe9..757738859 100644 --- a/src/ssl/s_kex.cpp +++ b/src/ssl/s_kex.cpp @@ -86,8 +86,8 @@ SecureVector<byte> Server_Key_Exchange::serialize_params() const { SecureVector<byte> buf; - for(u32bit j = 0; j != params.size(); j++) - append_tls_length_value(buf, BigInt::encode(params[j]), 2); + for(size_t i = 0; i != params.size(); ++i) + append_tls_length_value(buf, BigInt::encode(params[i]), 2); return buf; } @@ -101,20 +101,20 @@ void Server_Key_Exchange::deserialize(const MemoryRegion<byte>& buf) throw Decoding_Error("Server_Key_Exchange: Packet corrupted"); SecureVector<byte> values[4]; - u32bit so_far = 0; + size_t so_far = 0; - for(u32bit j = 0; j != 4; j++) + for(size_t i = 0; i != 4; ++i) { - u16bit len = make_u16bit(buf[so_far], buf[so_far+1]); + const u16bit len = make_u16bit(buf[so_far], buf[so_far+1]); so_far += 2; if(len + so_far > buf.size()) throw Decoding_Error("Server_Key_Exchange: Packet corrupted"); - values[j].set(&buf[so_far], len); + values[i].set(&buf[so_far], len); so_far += len; - if(j == 2 && so_far == buf.size()) + if(i == 2 && so_far == buf.size()) break; } diff --git a/src/ssl/tls_client.cpp b/src/ssl/tls_client.cpp index 18f6981e3..976b7c917 100644 --- a/src/ssl/tls_client.cpp +++ b/src/ssl/tls_client.cpp @@ -383,9 +383,9 @@ void TLS_Client::process_handshake_msg(Handshake_Type type, if(type != HANDSHAKE_CCS && type != HELLO_REQUEST && type != FINISHED) { state->hash.update(static_cast<byte>(type)); - const u32bit record_length = contents.size(); + const size_t record_length = contents.size(); for(size_t i = 0; i != 3; i++) - state->hash.update(get_byte(i+1, record_length)); + state->hash.update(get_byte<u32bit>(i+1, record_length)); state->hash.update(contents); } diff --git a/src/ssl/tls_handshake_hash.cpp b/src/ssl/tls_handshake_hash.cpp index 93442cad1..7c1e2e385 100644 --- a/src/ssl/tls_handshake_hash.cpp +++ b/src/ssl/tls_handshake_hash.cpp @@ -45,15 +45,19 @@ SecureVector<byte> HandshakeHash::final_ssl3(const MemoryRegion<byte>& secret) md5.update(secret); sha1.update(secret); - for(u32bit j = 0; j != 48; j++) md5.update(PAD_INNER); - for(u32bit j = 0; j != 40; j++) sha1.update(PAD_INNER); + for(size_t i = 0; i != 48; ++i) + md5.update(PAD_INNER); + for(size_t i = 0; i != 40; ++i) + sha1.update(PAD_INNER); SecureVector<byte> inner_md5 = md5.final(), inner_sha1 = sha1.final(); md5.update(secret); sha1.update(secret); - for(u32bit j = 0; j != 48; j++) md5.update(PAD_OUTER); - for(u32bit j = 0; j != 40; j++) sha1.update(PAD_OUTER); + for(size_t i = 0; i != 48; ++i) + md5.update(PAD_OUTER); + for(size_t i = 0; i != 40; ++i) + sha1.update(PAD_OUTER); md5.update(inner_md5); sha1.update(inner_sha1); diff --git a/src/ssl/tls_policy.cpp b/src/ssl/tls_policy.cpp index e7e25a877..38fcf58cc 100644 --- a/src/ssl/tls_policy.cpp +++ b/src/ssl/tls_policy.cpp @@ -10,7 +10,7 @@ namespace Botan { -/** +/* * Return allowed ciphersuites */ std::vector<u16bit> TLS_Policy::ciphersuites() const @@ -18,7 +18,7 @@ std::vector<u16bit> TLS_Policy::ciphersuites() const return suite_list(allow_static_rsa(), allow_edh_rsa(), allow_edh_dsa()); } -/** +/* * Return allowed ciphersuites */ std::vector<u16bit> TLS_Policy::suite_list(bool use_rsa, @@ -60,7 +60,7 @@ std::vector<u16bit> TLS_Policy::suite_list(bool use_rsa, return suites; } -/** +/* * Return allowed compression algorithms */ std::vector<byte> TLS_Policy::compression() const @@ -70,7 +70,7 @@ std::vector<byte> TLS_Policy::compression() const return algs; } -/** +/* * Choose which ciphersuite to use */ u16bit TLS_Policy::choose_suite(const std::vector<u16bit>& c_suites, @@ -84,30 +84,30 @@ u16bit TLS_Policy::choose_suite(const std::vector<u16bit>& c_suites, std::vector<u16bit> s_suites = suite_list(use_static_rsa, use_edh_rsa, use_edh_dsa); - for(u32bit j = 0; j != s_suites.size(); j++) - for(u32bit k = 0; k != c_suites.size(); k++) - if(s_suites[j] == c_suites[k]) - return s_suites[j]; + for(size_t i = 0; i != s_suites.size(); ++i) + for(size_t j = 0; j != c_suites.size(); ++j) + if(s_suites[i] == c_suites[j]) + return s_suites[i]; return 0; } -/** +/* * Choose which compression algorithm to use */ byte TLS_Policy::choose_compression(const std::vector<byte>& c_comp) const { std::vector<byte> s_comp = compression(); - for(u32bit j = 0; j != s_comp.size(); j++) - for(u32bit k = 0; k != c_comp.size(); k++) - if(s_comp[j] == c_comp[k]) - return s_comp[j]; + for(size_t i = 0; i != s_comp.size(); ++i) + for(size_t j = 0; j != c_comp.size(); ++j) + if(s_comp[i] == c_comp[j]) + return s_comp[i]; return NO_COMPRESSION; } -/** +/* * Return the group to use for empheral DH */ DL_Group TLS_Policy::dh_group() const @@ -115,7 +115,7 @@ DL_Group TLS_Policy::dh_group() const return DL_Group("modp/ietf/1024"); } -/** +/* * Default certificate check */ bool TLS_Policy::check_cert(const std::vector<X509_Certificate>& certs) const diff --git a/src/ssl/tls_server.cpp b/src/ssl/tls_server.cpp index 8a5cefa02..5412771ff 100644 --- a/src/ssl/tls_server.cpp +++ b/src/ssl/tls_server.cpp @@ -16,7 +16,7 @@ namespace Botan { namespace { -/** +/* * Choose what version to respond with */ Version_Code choose_version(Version_Code client, Version_Code minimum) @@ -31,7 +31,7 @@ Version_Code choose_version(Version_Code client, Version_Code minimum) } // FIXME: checks are wrong for session reuse (add a flag for that) -/** +/* * Verify the state transition is allowed */ void server_check_state(Handshake_Type new_msg, Handshake_State* state) @@ -82,7 +82,7 @@ void server_check_state(Handshake_Type new_msg, Handshake_State* state) } -/** +/* * TLS Server Constructor */ TLS_Server::TLS_Server(const TLS_Policy& pol, @@ -120,7 +120,7 @@ TLS_Server::TLS_Server(const TLS_Policy& pol, } } -/** +/* * TLS Server Destructor */ TLS_Server::~TLS_Server() @@ -130,7 +130,7 @@ TLS_Server::~TLS_Server() delete state; } -/** +/* * Return the peer's certificate chain */ std::vector<X509_Certificate> TLS_Server::peer_cert_chain() const @@ -138,7 +138,7 @@ std::vector<X509_Certificate> TLS_Server::peer_cert_chain() const return peer_certs; } -/** +/* * Write to a TLS connection */ void TLS_Server::write(const byte buf[], size_t length) @@ -149,7 +149,7 @@ void TLS_Server::write(const byte buf[], size_t length) writer.send(APPLICATION_DATA, buf, length); } -/** +/* * Read from a TLS connection */ size_t TLS_Server::read(byte out[], size_t length) @@ -171,7 +171,7 @@ size_t TLS_Server::read(byte out[], size_t length) return got; } -/** +/* * Check connection status */ bool TLS_Server::is_closed() const @@ -181,7 +181,7 @@ bool TLS_Server::is_closed() const return false; } -/** +/* * Close a TLS connection */ void TLS_Server::close() @@ -189,7 +189,7 @@ void TLS_Server::close() close(WARNING, CLOSE_NOTIFY); } -/** +/* * Close a TLS connection */ void TLS_Server::close(Alert_Level level, Alert_Type alert_code) @@ -205,7 +205,7 @@ void TLS_Server::close(Alert_Level level, Alert_Type alert_code) } } -/** +/* * Iterate the TLS state machine */ void TLS_Server::state_machine() @@ -264,7 +264,7 @@ void TLS_Server::state_machine() throw Unexpected_Message("Unknown message type recieved"); } -/** +/* * Split up and process handshake messages */ void TLS_Server::read_handshake(byte rec_type, @@ -320,7 +320,7 @@ void TLS_Server::read_handshake(byte rec_type, } } -/** +/* * Process a handshake message */ void TLS_Server::process_handshake_msg(Handshake_Type type, @@ -333,13 +333,13 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, if(type != HANDSHAKE_CCS && type != FINISHED) { - if(type != CLIENT_HELLO_SSLV2) { state->hash.update(static_cast<byte>(type)); - u32bit record_length = contents.size(); + + const size_t record_length = contents.size(); for(size_t i = 0; i != 3; i++) - state->hash.update(get_byte(i+1, record_length)); + state->hash.update(get_byte<u32bit>(i+1, record_length)); } state->hash.update(contents); @@ -449,9 +449,11 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, "Finished message didn't verify"); state->hash.update(static_cast<byte>(type)); - u32bit record_length = contents.size(); + + const size_t record_length = contents.size(); for(size_t i = 0; i != 3; i++) - state->hash.update(get_byte(i+1, record_length)); + state->hash.update(get_byte<u32bit>(i+1, record_length)); + state->hash.update(contents); writer.send(CHANGE_CIPHER_SPEC, 1); @@ -471,7 +473,7 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, throw Unexpected_Message("Unknown handshake message recieved"); } -/** +/* * Perform a server-side TLS handshake */ void TLS_Server::do_handshake() |