diff options
Diffstat (limited to 'src/ssl')
| -rw-r--r-- | src/ssl/hello.cpp | 5 | ||||
| -rw-r--r-- | src/ssl/info.txt | 10 | ||||
| -rw-r--r-- | src/ssl/rec_read.cpp | 4 | ||||
| -rw-r--r-- | src/ssl/socket.h | 46 | ||||
| -rw-r--r-- | src/ssl/tls_alerts.h | 2 | ||||
| -rw-r--r-- | src/ssl/tls_client.cpp | 8 | ||||
| -rw-r--r-- | src/ssl/tls_exceptn.h | 2 | ||||
| -rw-r--r-- | src/ssl/tls_handshake_hash.h | 2 | ||||
| -rw-r--r-- | src/ssl/tls_messages.h | 22 | ||||
| -rw-r--r-- | src/ssl/tls_record.h | 1 | ||||
| -rw-r--r-- | src/ssl/tls_server.cpp | 4 | ||||
| -rw-r--r-- | src/ssl/unix_socket/info.txt | 20 | ||||
| -rw-r--r-- | src/ssl/unix_socket/unx_sock.cpp | 206 | ||||
| -rw-r--r-- | src/ssl/unix_socket/unx_sock.h | 62 |
14 files changed, 33 insertions, 361 deletions
diff --git a/src/ssl/hello.cpp b/src/ssl/hello.cpp index bec316bb1..2c5a9d2ea 100644 --- a/src/ssl/hello.cpp +++ b/src/ssl/hello.cpp @@ -177,8 +177,9 @@ void Client_Hello::deserialize(const MemoryRegion<byte>& buf) std::vector<byte> name = reader.get_range_vector<byte>(2, 1, 65535); - requested_hostname.assign((const char*)&name[0], - name.size()); + requested_hostname.assign( + reinterpret_cast<const char*>(&name[0]), + name.size()); name_bytes -= (2 + name.size()); } diff --git a/src/ssl/info.txt b/src/ssl/info.txt index 1f11772cd..910ed7e97 100644 --- a/src/ssl/info.txt +++ b/src/ssl/info.txt @@ -1,7 +1,11 @@ define SSL_TLS +<comment> +The SSL/TLS code is complex, new, and not yet reviewed, there may be +serious bugs or security issues. +</comment> + <header:public> -socket.h tls_client.h tls_connection.h tls_exceptn.h @@ -51,11 +55,11 @@ emsa3 filters hmac md5 +prf_ssl3 +prf_tls rng rsa sha1 ssl3mac -ssl_prf -tls_prf x509cert </requires> diff --git a/src/ssl/rec_read.cpp b/src/ssl/rec_read.cpp index 042aae0c9..4e5b69780 100644 --- a/src/ssl/rec_read.cpp +++ b/src/ssl/rec_read.cpp @@ -223,7 +223,7 @@ size_t Record_Reader::get_record(byte& msg_type, throw Decoding_Error("Record_Reader: Record truncated"); const size_t mac_offset = plaintext.size() - (mac_size + pad_size); - SecureVector<byte> recieved_mac(&plaintext[mac_offset], + SecureVector<byte> received_mac(&plaintext[mac_offset], mac_size); const u16bit plain_length = plaintext.size() - (mac_size + pad_size + iv_size); @@ -242,7 +242,7 @@ size_t Record_Reader::get_record(byte& msg_type, SecureVector<byte> computed_mac = mac->final(); - if(recieved_mac != computed_mac) + if(received_mac != computed_mac) throw TLS_Exception(BAD_RECORD_MAC, "Record_Reader: MAC failure"); msg_type = header[0]; diff --git a/src/ssl/socket.h b/src/ssl/socket.h deleted file mode 100644 index 6d88bd48a..000000000 --- a/src/ssl/socket.h +++ /dev/null @@ -1,46 +0,0 @@ -/* -* Socket Interface -* (C) 2004-2006 Jack Lloyd -* -* Released under the terms of the Botan license -*/ - -#ifndef BOTAN_TLS_SOCKET_H__ -#define BOTAN_TLS_SOCKET_H__ - -#include <botan/types.h> -#include <string> - -namespace Botan { - -/** -* Socket Base Class -*/ -class BOTAN_DLL Socket - { - public: - virtual size_t read(byte[], size_t) = 0; - virtual void write(const byte[], size_t) = 0; - - virtual std::string peer_id() const = 0; - - virtual void close() = 0; - - virtual ~Socket() {} - }; - -/** -* Server Socket Base Class -*/ -class BOTAN_DLL Server_Socket - { - public: - virtual Socket* accept() = 0; - virtual void close() = 0; - - virtual ~Server_Socket() {} - }; - -} - -#endif diff --git a/src/ssl/tls_alerts.h b/src/ssl/tls_alerts.h index f189cf507..241599aa8 100644 --- a/src/ssl/tls_alerts.h +++ b/src/ssl/tls_alerts.h @@ -15,7 +15,7 @@ namespace Botan { /** * SSL/TLS Alert Message */ -class BOTAN_DLL Alert +class Alert { public: /** diff --git a/src/ssl/tls_client.cpp b/src/ssl/tls_client.cpp index 03c8117cc..eeb99e24d 100644 --- a/src/ssl/tls_client.cpp +++ b/src/ssl/tls_client.cpp @@ -294,7 +294,7 @@ void TLS_Client::state_machine() } } else - throw Unexpected_Message("Unknown message type recieved"); + throw Unexpected_Message("Unknown message type received"); } /** @@ -440,7 +440,7 @@ void TLS_Client::process_handshake_msg(Handshake_Type type, is_rsa = true; else throw TLS_Exception(UNSUPPORTED_CERTIFICATE, - "Unknown key type recieved in server kex"); + "Unknown key type received in server kex"); if((is_dsa && state->suite.sig_type() != TLS_ALGO_SIGNER_DSA) || (is_rsa && state->suite.sig_type() != TLS_ALGO_SIGNER_RSA)) @@ -469,7 +469,7 @@ void TLS_Client::process_handshake_msg(Handshake_Type type, is_rsa = true; else throw TLS_Exception(HANDSHAKE_FAILURE, - "Unknown key type recieved in server kex"); + "Unknown key type received in server kex"); if((is_dh && state->suite.kex_type() != TLS_ALGO_KEYEXCH_DH) || (is_rsa && state->suite.kex_type() != TLS_ALGO_KEYEXCH_RSA)) @@ -560,7 +560,7 @@ void TLS_Client::process_handshake_msg(Handshake_Type type, active = true; } else - throw Unexpected_Message("Unknown handshake message recieved"); + throw Unexpected_Message("Unknown handshake message received"); } /** diff --git a/src/ssl/tls_exceptn.h b/src/ssl/tls_exceptn.h index a9efc718a..37b9c0d27 100644 --- a/src/ssl/tls_exceptn.h +++ b/src/ssl/tls_exceptn.h @@ -32,7 +32,7 @@ class BOTAN_DLL TLS_Exception : public Exception /** * Unexpected_Message Exception */ -struct Unexpected_Message : public TLS_Exception +struct BOTAN_DLL Unexpected_Message : public TLS_Exception { Unexpected_Message(const std::string& err) : TLS_Exception(UNEXPECTED_MESSAGE, err) {} diff --git a/src/ssl/tls_handshake_hash.h b/src/ssl/tls_handshake_hash.h index ceaa55584..cea612a71 100644 --- a/src/ssl/tls_handshake_hash.h +++ b/src/ssl/tls_handshake_hash.h @@ -17,7 +17,7 @@ using namespace Botan; /** * TLS Handshake Hash */ -class BOTAN_DLL HandshakeHash +class HandshakeHash { public: void update(const byte in[], size_t length) diff --git a/src/ssl/tls_messages.h b/src/ssl/tls_messages.h index c5d4d8cb8..0b3553ac0 100644 --- a/src/ssl/tls_messages.h +++ b/src/ssl/tls_messages.h @@ -21,7 +21,7 @@ namespace Botan { /** * TLS Handshake Message Base Class */ -class BOTAN_DLL HandshakeMessage +class HandshakeMessage { public: void send(Record_Writer&, HandshakeHash&) const; @@ -38,7 +38,7 @@ class BOTAN_DLL HandshakeMessage /** * Client Hello Message */ -class BOTAN_DLL Client_Hello : public HandshakeMessage +class Client_Hello : public HandshakeMessage { public: Handshake_Type type() const { return CLIENT_HELLO; } @@ -80,7 +80,7 @@ class BOTAN_DLL Client_Hello : public HandshakeMessage /** * Client Key Exchange Message */ -class BOTAN_DLL Client_Key_Exchange : public HandshakeMessage +class Client_Key_Exchange : public HandshakeMessage { public: Handshake_Type type() const { return CLIENT_KEX; } @@ -112,7 +112,7 @@ class BOTAN_DLL Client_Key_Exchange : public HandshakeMessage /** * Certificate Message */ -class BOTAN_DLL Certificate : public HandshakeMessage +class Certificate : public HandshakeMessage { public: Handshake_Type type() const { return CERTIFICATE; } @@ -130,7 +130,7 @@ class BOTAN_DLL Certificate : public HandshakeMessage /** * Certificate Request Message */ -class BOTAN_DLL Certificate_Req : public HandshakeMessage +class Certificate_Req : public HandshakeMessage { public: Handshake_Type type() const { return CERTIFICATE_REQUEST; } @@ -157,7 +157,7 @@ class BOTAN_DLL Certificate_Req : public HandshakeMessage /** * Certificate Verify Message */ -class BOTAN_DLL Certificate_Verify : public HandshakeMessage +class Certificate_Verify : public HandshakeMessage { public: Handshake_Type type() const { return CERTIFICATE_VERIFY; } @@ -179,7 +179,7 @@ class BOTAN_DLL Certificate_Verify : public HandshakeMessage /** * Finished Message */ -class BOTAN_DLL Finished : public HandshakeMessage +class Finished : public HandshakeMessage { public: Handshake_Type type() const { return FINISHED; } @@ -205,7 +205,7 @@ class BOTAN_DLL Finished : public HandshakeMessage /** * Hello Request Message */ -class BOTAN_DLL Hello_Request : public HandshakeMessage +class Hello_Request : public HandshakeMessage { public: Handshake_Type type() const { return HELLO_REQUEST; } @@ -220,7 +220,7 @@ class BOTAN_DLL Hello_Request : public HandshakeMessage /** * Server Hello Message */ -class BOTAN_DLL Server_Hello : public HandshakeMessage +class Server_Hello : public HandshakeMessage { public: Handshake_Type type() const { return SERVER_HELLO; } @@ -250,7 +250,7 @@ class BOTAN_DLL Server_Hello : public HandshakeMessage /** * Server Key Exchange Message */ -class BOTAN_DLL Server_Key_Exchange : public HandshakeMessage +class Server_Key_Exchange : public HandshakeMessage { public: Handshake_Type type() const { return SERVER_KEX; } @@ -277,7 +277,7 @@ class BOTAN_DLL Server_Key_Exchange : public HandshakeMessage /** * Server Hello Done Message */ -class BOTAN_DLL Server_Hello_Done : public HandshakeMessage +class Server_Hello_Done : public HandshakeMessage { public: Handshake_Type type() const { return SERVER_HELLO_DONE; } diff --git a/src/ssl/tls_record.h b/src/ssl/tls_record.h index b4c052a1c..7d3bc4c6a 100644 --- a/src/ssl/tls_record.h +++ b/src/ssl/tls_record.h @@ -1,3 +1,4 @@ +1 /* * TLS Record Handling * (C) 2004-2010 Jack Lloyd diff --git a/src/ssl/tls_server.cpp b/src/ssl/tls_server.cpp index 20e98797f..1f301e6b1 100644 --- a/src/ssl/tls_server.cpp +++ b/src/ssl/tls_server.cpp @@ -262,7 +262,7 @@ void TLS_Server::state_machine() } } else - throw Unexpected_Message("Unknown message type recieved"); + throw Unexpected_Message("Unknown message type received"); } /* @@ -471,7 +471,7 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, active = true; } else - throw Unexpected_Message("Unknown handshake message recieved"); + throw Unexpected_Message("Unknown handshake message received"); } /* diff --git a/src/ssl/unix_socket/info.txt b/src/ssl/unix_socket/info.txt deleted file mode 100644 index 15fc50f5b..000000000 --- a/src/ssl/unix_socket/info.txt +++ /dev/null @@ -1,20 +0,0 @@ -define UNIX_SOCKET - -<source> -unx_sock.cpp -</source> - -<header:public> -unx_sock.h -</header:public> - -<requires> -ssl -</requires> - -<os> -linux -freebsd -netbsd -solaris -</os> diff --git a/src/ssl/unix_socket/unx_sock.cpp b/src/ssl/unix_socket/unx_sock.cpp deleted file mode 100644 index a7c19b70c..000000000 --- a/src/ssl/unix_socket/unx_sock.cpp +++ /dev/null @@ -1,206 +0,0 @@ -/* -* Unix Socket -* (C) 2004-2010 Jack Lloyd -* -* Released under the terms of the Botan license -*/ - -#include <botan/unx_sock.h> -#include <botan/exceptn.h> - -#include <sys/types.h> -#include <sys/socket.h> -#include <sys/time.h> -#include <netinet/in.h> -#include <netdb.h> -#include <unistd.h> -#include <errno.h> -#include <string.h> - -namespace Botan { - -/** -* Unix Socket Constructor -*/ -Unix_Socket::Unix_Socket(const std::string& host, u16bit port) : peer(host) - { - sockfd = -1; - - hostent* host_addr = ::gethostbyname(host.c_str()); - - if(host_addr == 0) - throw Stream_IO_Error("Unix_Socket: gethostbyname failed for " + host); - if(host_addr->h_addrtype != AF_INET) // FIXME - throw Stream_IO_Error("Unix_Socket: " + host + " has IPv6 address"); - - int fd = ::socket(PF_INET, SOCK_STREAM, 0); - if(fd == -1) - throw Stream_IO_Error("Unix_Socket: Unable to acquire socket"); - - sockaddr_in socket_info; - ::memset(&socket_info, 0, sizeof(socket_info)); - socket_info.sin_family = AF_INET; - socket_info.sin_port = htons(port); - - ::memcpy(&socket_info.sin_addr, - host_addr->h_addr, - host_addr->h_length); - - socket_info.sin_addr = *(struct in_addr*)host_addr->h_addr; // FIXME - - if(::connect(fd, (sockaddr*)&socket_info, sizeof(struct sockaddr)) != 0) - { - ::close(fd); - throw Stream_IO_Error("Unix_Socket: connect failed"); - } - - sockfd = fd; - } - -/** -* Unix Socket Constructor -*/ -Unix_Socket::Unix_Socket(int fd, const std::string& peer_id) - { - sockfd = fd; - peer = peer_id; - } - -/** -* Read from a Unix socket -*/ -size_t Unix_Socket::read(byte buf[], size_t length) - { - if(sockfd == -1) - throw Stream_IO_Error("Unix_Socket::read: Socket not connected"); - - size_t got = 0; - - while(length) - { - ssize_t this_time = ::recv(sockfd, buf + got, length, MSG_NOSIGNAL); - - if(this_time == 0) - break; - - if(this_time == -1) - { - if(errno == EINTR) - this_time = 0; - else - throw Stream_IO_Error("Unix_Socket::read: Socket read failed"); - } - - got += this_time; - length -= this_time; - } - return got; - } - -/** -* Write to a Unix socket -*/ -void Unix_Socket::write(const byte buf[], size_t length) - { - if(sockfd == -1) - throw Stream_IO_Error("Unix_Socket::write: Socket not connected"); - - size_t offset = 0; - while(length) - { - ssize_t sent = ::send(sockfd, buf + offset, length, MSG_NOSIGNAL); - - if(sent == -1) - { - if(errno == EINTR) - sent = 0; - else - throw Stream_IO_Error("Unix_Socket::write: Socket write failed"); - } - - offset += sent; - length -= sent; - } - } - -/** -* Close a Unix socket -*/ -void Unix_Socket::close() - { - if(sockfd != -1) - { - if(::close(sockfd) != 0) - throw Stream_IO_Error("Unix_Socket::close failed"); - sockfd = -1; - } - } - -/** -* Return the peer's name -*/ -std::string Unix_Socket::peer_id() const - { - return peer; - } - -/** -* Unix Server Socket Constructor -*/ -Unix_Server_Socket::Unix_Server_Socket(u16bit port) - { - sockfd = -1; - - int fd = ::socket(PF_INET, SOCK_STREAM, 0); - if(fd == -1) - throw Stream_IO_Error("Unix_Server_Socket: Unable to acquire socket"); - - sockaddr_in socket_info; - ::memset(&socket_info, 0, sizeof(socket_info)); - socket_info.sin_family = AF_INET; - socket_info.sin_port = htons(port); - - // FIXME: support limiting listeners - socket_info.sin_addr.s_addr = INADDR_ANY; - - if(::bind(fd, (sockaddr*)&socket_info, sizeof(struct sockaddr)) != 0) - { - ::close(fd); - throw Stream_IO_Error("Unix_Server_Socket: bind failed"); - } - - if(listen(fd, 100) != 0) // FIXME: totally arbitrary - { - ::close(fd); - throw Stream_IO_Error("Unix_Server_Socket: listen failed"); - } - - sockfd = fd; - } - -/** -* Close a Unix socket -*/ -void Unix_Server_Socket::close() - { - if(sockfd != -1) - { - if(::close(sockfd) != 0) - throw Stream_IO_Error("Unix_Server_Socket::close failed"); - sockfd = -1; - } - } - -/** -* Accept a new connection -*/ -Socket* Unix_Server_Socket::accept() - { - // FIXME: grab IP of remote side, use gethostbyaddr, store as peer_id - int retval = ::accept(sockfd, 0, 0); - if(retval == -1) - throw Stream_IO_Error("Unix_Server_Socket: accept failed"); - return new Unix_Socket(retval); - } - -} diff --git a/src/ssl/unix_socket/unx_sock.h b/src/ssl/unix_socket/unx_sock.h deleted file mode 100644 index 58c7ada69..000000000 --- a/src/ssl/unix_socket/unx_sock.h +++ /dev/null @@ -1,62 +0,0 @@ -/* -* Unix Socket -* (C) 2004-2006 Jack Lloyd -* -* Released under the terms of the Botan license -*/ - -#ifndef BOTAN_TLS_SOCKET_UNIX_H__ -#define BOTAN_TLS_SOCKET_UNIX_H__ - -#include <botan/socket.h> - -namespace Botan { - -/** - FIXME: the current socket interface is totally unusable - It has to handle (cleanly): - - TCP, UDP, and SCTP, where UDP is only usable with DTLS and - TCP/SCTP is only usable with TLS. - - Alternate socket interfaces (ACE, Netxx, whatever) with - minimal wrapping needed. -*/ - - -/** -* Unix Socket Base Class -*/ -class BOTAN_DLL Unix_Socket : public Socket - { - public: - size_t read(byte[], size_t); - void write(const byte[], size_t); - - std::string peer_id() const; - - void close(); - Unix_Socket(int, const std::string& = ""); - Unix_Socket(const std::string&, u16bit); - ~Unix_Socket() { close(); } - private: - std::string peer; - int sockfd; - }; - -/** -* Unix Server Socket Base Class -*/ -class BOTAN_DLL Unix_Server_Socket : public Server_Socket - { - public: - Socket* accept(); - void close(); - - Unix_Server_Socket(u16bit); - ~Unix_Server_Socket() { close(); } - private: - int sockfd; - }; - -} - -#endif |