diff options
Diffstat (limited to 'src')
28 files changed, 117 insertions, 157 deletions
diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt index 835627eb0..d22ae6202 100644 --- a/src/build-data/cc/gcc.txt +++ b/src/build-data/cc/gcc.txt @@ -1,6 +1,6 @@ macro_name GCC -binary_name g++-4.7.0 +binary_name g++-4.6.0 compile_option "-c " output_to_option "-o " @@ -8,7 +8,7 @@ add_include_dir_option -I add_lib_dir_option -L add_lib_option -l -lang_flags "-D_REENTRANT -std=c++11" +lang_flags "-D_REENTRANT -std=c++0x" warning_flags "-W -Wall" maintainer_warning_flags "-Werror -Wall -Wextra -Wstrict-aliasing -Wstrict-overflow=5 -Wcast-align -Wmissing-declarations -Wpointer-arith -Wcast-qual -Wold-style-cast" diff --git a/src/constructs/srp6/srp6.cpp b/src/constructs/srp6/srp6.cpp index 9ce0d18be..0eccdc154 100644 --- a/src/constructs/srp6/srp6.cpp +++ b/src/constructs/srp6/srp6.cpp @@ -77,7 +77,7 @@ std::string srp6_group_identifier(const BigInt& N, const BigInt& g) */ try { - const std::string group_name = "modp/srp/" + to_string(N.bits()); + const std::string group_name = "modp/srp/" + std::to_string(N.bits()); DL_Group group(group_name); diff --git a/src/credentials/credentials_manager.cpp b/src/credentials/credentials_manager.cpp index 88b653df5..07d2979f9 100644 --- a/src/credentials/credentials_manager.cpp +++ b/src/credentials/credentials_manager.cpp @@ -125,7 +125,8 @@ void Credentials_Manager::verify_certificate_chain( } if(result != VERIFIED) - throw std::runtime_error("Certificate did not validate, code " + to_string(result)); + throw std::runtime_error("Certificate did not validate, code " + + std::to_string(result)); #else // New X.509 API diff --git a/src/tls/c_hello.cpp b/src/tls/c_hello.cpp index 056a7550f..df3957a4b 100644 --- a/src/tls/c_hello.cpp +++ b/src/tls/c_hello.cpp @@ -11,7 +11,7 @@ #include <botan/internal/tls_extensions.h> #include <botan/tls_record.h> #include <botan/internal/stl_util.h> -#include <botan/time.h> +#include <chrono> namespace Botan { @@ -24,7 +24,10 @@ enum { MemoryVector<byte> make_hello_random(RandomNumberGenerator& rng) { MemoryVector<byte> buf(32); - const u32bit time32 = system_time(); + + const u32bit time32 = static_cast<u32bit>( + std::chrono::system_clock::to_time_t(std::chrono::system_clock::now())); + store_be(time32, buf); rng.randomize(&buf[4], buf.size() - 4); return buf; diff --git a/src/tls/c_kex.cpp b/src/tls/c_kex.cpp index 13925a482..f97081383 100644 --- a/src/tls/c_kex.cpp +++ b/src/tls/c_kex.cpp @@ -149,7 +149,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, const std::string name = Supported_Elliptic_Curves::curve_id_to_name(curve_id); if(name == "") - throw Decoding_Error("Server sent unknown named curve " + to_string(curve_id)); + throw Decoding_Error("Server sent unknown named curve " + std::to_string(curve_id)); EC_Group group(name); @@ -216,7 +216,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, if(peer_certs.empty()) throw Internal_Error("No certificate and no server key exchange"); - std::auto_ptr<Public_Key> pub_key(peer_certs[0].subject_public_key()); + std::unique_ptr<Public_Key> pub_key(peer_certs[0].subject_public_key()); if(const RSA_PublicKey* rsa_pub = dynamic_cast<const RSA_PublicKey*>(pub_key.get())) { diff --git a/src/tls/hello_verify.cpp b/src/tls/hello_verify.cpp index c7aae94a1..e844d7f72 100644 --- a/src/tls/hello_verify.cpp +++ b/src/tls/hello_verify.cpp @@ -29,7 +29,7 @@ Hello_Verify_Request::Hello_Verify_Request(const MemoryVector<byte>& client_hell const std::string& client_identity, const SymmetricKey& secret_key) { - std::auto_ptr<MessageAuthenticationCode> hmac(get_mac("HMAC(SHA-256)")); + std::unique_ptr<MessageAuthenticationCode> hmac(get_mac("HMAC(SHA-256)")); hmac->set_key(secret_key); hmac->update_be(client_hello_bits.size()); diff --git a/src/tls/rec_read.cpp b/src/tls/rec_read.cpp index 5d46ec1fa..b240f4703 100644 --- a/src/tls/rec_read.cpp +++ b/src/tls/rec_read.cpp @@ -220,7 +220,8 @@ size_t Record_Reader::add_input(const byte input_array[], size_t input_sz, m_readbuf[0] != HEARTBEAT) { throw Unexpected_Message( - "Unknown record type " + to_string(m_readbuf[0]) + " from counterparty"); + "Unknown record type " + std::to_string(m_readbuf[0]) + + " from counterparty"); } const size_t record_len = make_u16bit(m_readbuf[3], m_readbuf[4]); diff --git a/src/tls/s_kex.cpp b/src/tls/s_kex.cpp index 95518aa32..34cd872ac 100644 --- a/src/tls/s_kex.cpp +++ b/src/tls/s_kex.cpp @@ -48,7 +48,7 @@ Server_Key_Exchange::Server_Key_Exchange(Record_Writer& writer, if(kex_algo == "DH" || kex_algo == "DHE_PSK") { - std::auto_ptr<DH_PrivateKey> dh(new DH_PrivateKey(rng, policy.dh_group())); + std::unique_ptr<DH_PrivateKey> dh(new DH_PrivateKey(rng, policy.dh_group())); append_tls_length_value(m_params, BigInt::encode(dh->get_domain().get_p()), 2); append_tls_length_value(m_params, BigInt::encode(dh->get_domain().get_g()), 2); @@ -71,7 +71,7 @@ Server_Key_Exchange::Server_Key_Exchange(Record_Writer& writer, EC_Group ec_group(curve_name); - std::auto_ptr<ECDH_PrivateKey> ecdh(new ECDH_PrivateKey(rng, ec_group)); + std::unique_ptr<ECDH_PrivateKey> ecdh(new ECDH_PrivateKey(rng, ec_group)); const std::string ecdh_domain_oid = ecdh->domain().get_oid(); const std::string domain = OIDS::lookup(OID(ecdh_domain_oid)); @@ -190,7 +190,7 @@ Server_Key_Exchange::Server_Key_Exchange(const MemoryRegion<byte>& buf, if(name == "") throw Decoding_Error("Server_Key_Exchange: Server sent unknown named curve " + - to_string(curve_id)); + std::to_string(curve_id)); m_params.push_back(curve_type); m_params.push_back(get_byte(0, curve_id)); @@ -261,7 +261,7 @@ MemoryVector<byte> Server_Key_Exchange::serialize() const bool Server_Key_Exchange::verify(const X509_Certificate& cert, Handshake_State* state) const { - std::auto_ptr<Public_Key> key(cert.subject_public_key()); + std::unique_ptr<Public_Key> key(cert.subject_public_key()); std::pair<std::string, Signature_Format> format = state->understand_sig_format(key.get(), m_hash_algo, m_sig_algo, false); @@ -290,5 +290,3 @@ SRP6_Server_Session& Server_Key_Exchange::server_srp_params() } } - -} diff --git a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp index aa9385d70..f4d0e1034 100644 --- a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp +++ b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp @@ -9,9 +9,9 @@ #include <botan/internal/assert.h> #include <botan/lookup.h> #include <botan/hex.h> -#include <botan/time.h> #include <botan/loadstor.h> #include <memory> +#include <chrono> #include <sqlite3.h> @@ -47,6 +47,12 @@ class sqlite3_statement throw std::runtime_error("sqlite3_bind_int failed, code " + std::to_string(rc)); } + void bind(int column, std::chrono::system_clock::time_point time) + { + const int timeval = std::chrono::duration_cast<std::chrono::seconds>(time.time_since_epoch()).count(); + bind(column, timeval); + } + void bind(int column, const MemoryRegion<byte>& val) { int rc = sqlite3_bind_blob(m_stmt, column, &val[0], val.size(), SQLITE_TRANSIENT); @@ -86,38 +92,6 @@ class sqlite3_statement {} } - std::pair<const byte*, size_t> get_blob(int column) - { - BOTAN_ASSERT(sqlite3_column_type(m_stmt, 0) == SQLITE_BLOB, - "Return value is a blob"); - - const void* session_blob = sqlite3_column_blob(m_stmt, column); - const int session_blob_size = sqlite3_column_bytes(m_stmt, column); - - BOTAN_ASSERT(session_blob_size >= 0, "Blob size is non-negative"); - - return std::make_pair(static_cast<const byte*>(session_blob), - static_cast<size_t>(session_blob_size)); - } - - size_t get_size_t(int column) - { - BOTAN_ASSERT(sqlite3_column_type(m_stmt, column) == SQLITE_INTEGER, - "Return count is an integer"); - - const int sessions_int = sqlite3_column_int(m_stmt, column); - - BOTAN_ASSERT(sessions_int >= 0, "Expected size_t is non-negative"); - - return static_cast<size_t>(sessions_int); - } - - void spin() - { - while(sqlite3_step(m_stmt) == SQLITE_ROW) - {} - } - int step() { return sqlite3_step(m_stmt); @@ -161,7 +135,7 @@ SymmetricKey derive_key(const std::string& passphrase, size_t iterations, size_t& check_val) { - std::auto_ptr<PBKDF> pbkdf(get_pbkdf("PBKDF2(SHA-512)")); + std::unique_ptr<PBKDF> pbkdf(get_pbkdf("PBKDF2(SHA-512)")); SecureVector<byte> x = pbkdf->derive_key(32 + 3, passphrase, @@ -178,7 +152,7 @@ Session_Manager_SQLite::Session_Manager_SQLite(const std::string& passphrase, RandomNumberGenerator& rng, const std::string& db_filename, size_t max_sessions, - u32bit session_lifetime) : + std::chrono::seconds session_lifetime) : m_rng(rng), m_max_sessions(max_sessions), m_session_lifetime(session_lifetime) @@ -355,7 +329,7 @@ void Session_Manager_SQLite::prune_session_cache() { sqlite3_statement remove_expired(m_db, "delete from tls_sessions where session_start <= ?1"); - remove_expired.bind(1, system_time() - m_session_lifetime); + remove_expired.bind(1, std::chrono::system_clock::now() - m_session_lifetime); remove_expired.spin(); diff --git a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h index 57e5a58f6..cac7affd0 100644 --- a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h +++ b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h @@ -36,7 +36,7 @@ class BOTAN_DLL Session_Manager_SQLite : public Session_Manager RandomNumberGenerator& rng, const std::string& db_filename, size_t max_sessions = 1000, - u32bit session_lifetime = 7200); + std::chrono::seconds session_lifetime = std::chrono::seconds(7200)); ~Session_Manager_SQLite(); @@ -50,7 +50,7 @@ class BOTAN_DLL Session_Manager_SQLite : public Session_Manager void save(const Session& session_data); - u32bit session_lifetime() const { return m_session_lifetime; } + std::chrono::seconds session_lifetime() const { return m_session_lifetime; } private: Session_Manager_SQLite(const Session_Manager_SQLite&); Session_Manager_SQLite& operator=(const Session_Manager_SQLite&); @@ -60,7 +60,7 @@ class BOTAN_DLL Session_Manager_SQLite : public Session_Manager SymmetricKey m_session_key; RandomNumberGenerator& m_rng; size_t m_max_sessions; - u32bit m_session_lifetime; + std::chrono::seconds m_session_lifetime; class sqlite3* m_db; }; diff --git a/src/tls/tls_alert.cpp b/src/tls/tls_alert.cpp index 9b37a282f..dee082bac 100644 --- a/src/tls/tls_alert.cpp +++ b/src/tls/tls_alert.cpp @@ -114,10 +114,9 @@ std::string Alert::type_string() const * compiler can warn us that it is not included in the switch * statement. */ - return "unrecognized_alert_" + to_string(type()); + return "unrecognized_alert_" + std::to_string(type()); } - } } diff --git a/src/tls/tls_channel.cpp b/src/tls/tls_channel.cpp index 86d9db8bd..7a66eb946 100644 --- a/src/tls/tls_channel.cpp +++ b/src/tls/tls_channel.cpp @@ -16,9 +16,9 @@ namespace Botan { namespace TLS { -Channel::Channel(std::tr1::function<void (const byte[], size_t)> socket_output_fn, - std::tr1::function<void (const byte[], size_t, Alert)> proc_fn, - std::tr1::function<bool (const Session&)> handshake_complete) : +Channel::Channel(std::function<void (const byte[], size_t)> socket_output_fn, + std::function<void (const byte[], size_t, Alert)> proc_fn, + std::function<bool (const Session&)> handshake_complete) : proc_fn(proc_fn), handshake_fn(handshake_complete), writer(socket_output_fn), @@ -128,7 +128,7 @@ size_t Channel::received_data(const byte buf[], size_t buf_size) } else throw Unexpected_Message("Unknown TLS message type " + - to_string(rec_type) + " received"); + std::to_string(rec_type) + " received"); } return 0; // on a record boundary @@ -324,4 +324,3 @@ void Channel::Secure_Renegotiation_State::update(Finished* client_finished, } -} diff --git a/src/tls/tls_channel.h b/src/tls/tls_channel.h index 257745d80..d1131460b 100644 --- a/src/tls/tls_channel.h +++ b/src/tls/tls_channel.h @@ -76,9 +76,9 @@ class BOTAN_DLL Channel */ std::vector<X509_Certificate> peer_cert_chain() const { return peer_certs; } - Channel(std::tr1::function<void (const byte[], size_t)> socket_output_fn, - std::tr1::function<void (const byte[], size_t, Alert)> proc_fn, - std::tr1::function<bool (const Session&)> handshake_complete); + Channel(std::function<void (const byte[], size_t)> socket_output_fn, + std::function<void (const byte[], size_t, Alert)> proc_fn, + std::function<bool (const Session&)> handshake_complete); virtual ~Channel(); protected: @@ -99,8 +99,8 @@ class BOTAN_DLL Channel virtual void alert_notify(const Alert& alert) = 0; - std::tr1::function<void (const byte[], size_t, Alert)> proc_fn; - std::tr1::function<bool (const Session&)> handshake_fn; + std::function<void (const byte[], size_t, Alert)> proc_fn; + std::function<bool (const Session&)> handshake_fn; Record_Writer writer; Record_Reader reader; diff --git a/src/tls/tls_ciphersuite.cpp b/src/tls/tls_ciphersuite.cpp index 798df0186..e3bda06e4 100644 --- a/src/tls/tls_ciphersuite.cpp +++ b/src/tls/tls_ciphersuite.cpp @@ -79,7 +79,7 @@ std::string Ciphersuite::to_string() const if(cipher_algo() == "3DES") out << "3DES_EDE"; else if(cipher_algo() == "Camellia") - out << "CAMELLIA_" << Botan::to_string(8*cipher_keylen()); + out << "CAMELLIA_" << std::to_string(8*cipher_keylen()); else out << replace_char(cipher_algo(), '-', '_'); @@ -102,4 +102,3 @@ std::string Ciphersuite::to_string() const } -} diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp index 63d0ee148..dd17db2cf 100644 --- a/src/tls/tls_client.cpp +++ b/src/tls/tls_client.cpp @@ -18,15 +18,15 @@ namespace TLS { /* * TLS Client Constructor */ -Client::Client(std::tr1::function<void (const byte[], size_t)> output_fn, - std::tr1::function<void (const byte[], size_t, Alert)> proc_fn, - std::tr1::function<bool (const Session&)> handshake_fn, +Client::Client(std::function<void (const byte[], size_t)> output_fn, + std::function<void (const byte[], size_t, Alert)> proc_fn, + std::function<bool (const Session&)> handshake_fn, Session_Manager& session_manager, Credentials_Manager& creds, const Policy& policy, RandomNumberGenerator& rng, const std::string& hostname, - std::tr1::function<std::string (std::vector<std::string>)> next_protocol) : + std::function<std::string (std::vector<std::string>)> next_protocol) : Channel(output_fn, proc_fn, handshake_fn), policy(policy), rng(rng), @@ -314,7 +314,7 @@ void Client::process_handshake_msg(Handshake_Type type, throw TLS_Exception(Alert::BAD_CERTIFICATE, e.what()); } - std::auto_ptr<Public_Key> peer_key(peer_certs[0].subject_public_key()); + std::unique_ptr<Public_Key> peer_key(peer_certs[0].subject_public_key()); if(peer_key->algo_name() != state->suite.sig_algo()) throw TLS_Exception(Alert::ILLEGAL_PARAMETER, diff --git a/src/tls/tls_client.h b/src/tls/tls_client.h index 4efe2a2df..297c5f611 100644 --- a/src/tls/tls_client.h +++ b/src/tls/tls_client.h @@ -42,16 +42,16 @@ class BOTAN_DLL Client : public Channel * called with the list of protocols the server advertised; * the client should return the protocol it would like to use. */ - Client(std::tr1::function<void (const byte[], size_t)> socket_output_fn, - std::tr1::function<void (const byte[], size_t, Alert)> proc_fn, - std::tr1::function<bool (const Session&)> handshake_complete, + Client(std::function<void (const byte[], size_t)> socket_output_fn, + std::function<void (const byte[], size_t, Alert)> proc_fn, + std::function<bool (const Session&)> handshake_complete, Session_Manager& session_manager, Credentials_Manager& creds, const Policy& policy, RandomNumberGenerator& rng, const std::string& servername = "", - std::tr1::function<std::string (std::vector<std::string>)> next_protocol = - std::tr1::function<std::string (std::vector<std::string>)>()); + std::function<std::string (std::vector<std::string>)> next_protocol = + std::function<std::string (std::vector<std::string>)>()); void renegotiate(bool force_full_renegotiation); private: diff --git a/src/tls/tls_extensions.cpp b/src/tls/tls_extensions.cpp index f1361bbb9..6d69bfb9b 100644 --- a/src/tls/tls_extensions.cpp +++ b/src/tls/tls_extensions.cpp @@ -245,7 +245,8 @@ Maximum_Fragment_Length::Maximum_Fragment_Length(size_t max_fragment) else if(max_fragment == 4096) val = 4; else - throw std::invalid_argument("Bad setting " + to_string(max_fragment) + + throw std::invalid_argument("Bad setting " + + std::to_string(max_fragment) + " for maximum fragment size"); } diff --git a/src/tls/tls_handshake_hash.cpp b/src/tls/tls_handshake_hash.cpp index d0c74136b..02516632e 100644 --- a/src/tls/tls_handshake_hash.cpp +++ b/src/tls/tls_handshake_hash.cpp @@ -35,7 +35,7 @@ SecureVector<byte> Handshake_Hash::final(Protocol_Version version, { Algorithm_Factory& af = global_state().algorithm_factory(); - std::auto_ptr<HashFunction> hash; + std::unique_ptr<HashFunction> hash; if(version == Protocol_Version::TLS_V10 || version == Protocol_Version::TLS_V11) { @@ -65,8 +65,8 @@ SecureVector<byte> Handshake_Hash::final_ssl3(const MemoryRegion<byte>& secret) Algorithm_Factory& af = global_state().algorithm_factory(); - std::auto_ptr<HashFunction> md5(af.make_hash_function("MD5")); - std::auto_ptr<HashFunction> sha1(af.make_hash_function("SHA-1")); + std::unique_ptr<HashFunction> md5(af.make_hash_function("MD5")); + std::unique_ptr<HashFunction> sha1(af.make_hash_function("SHA-1")); md5->update(data); sha1->update(data); diff --git a/src/tls/tls_handshake_state.cpp b/src/tls/tls_handshake_state.cpp index 1a55305e3..f5a9f899c 100644 --- a/src/tls/tls_handshake_state.cpp +++ b/src/tls/tls_handshake_state.cpp @@ -68,7 +68,8 @@ u32bit bitmask_for_handshake_type(Handshake_Type type) return 0; default: - throw Internal_Error("Unknown handshake type " + to_string(type)); + throw Internal_Error("Unknown handshake type " + + std::to_string(type)); } return 0; @@ -123,8 +124,8 @@ void Handshake_State::confirm_transition_to(Handshake_Type handshake_msg) if(!ok) throw Unexpected_Message("Unexpected state transition in handshake, got " + - to_string(handshake_msg) + " mask is " + - to_string(hand_expecting_mask)); + std::to_string(handshake_msg) + " mask is " + + std::to_string(hand_expecting_mask)); /* We don't know what to expect next, so force a call to set_expected_next; if it doesn't happen, the next transition diff --git a/src/tls/tls_handshake_state.h b/src/tls/tls_handshake_state.h index ec4c2fea8..364c715f8 100644 --- a/src/tls/tls_handshake_state.h +++ b/src/tls/tls_handshake_state.h @@ -14,22 +14,9 @@ #include <botan/pk_keys.h> #include <botan/pubkey.h> +#include <functional> #include <utility> -#if defined(BOTAN_USE_STD_TR1) - -#if defined(BOTAN_BUILD_COMPILER_IS_MSVC) - #include <functional> -#else - #include <tr1/functional> -#endif - -#elif defined(BOTAN_USE_BOOST_TR1) - #include <boost/tr1/functional.hpp> -#else - #error "No TR1 library defined for use" -#endif - namespace Botan { class KDF; @@ -109,7 +96,7 @@ class Handshake_State /** * Used by client using NPN */ - std::tr1::function<std::string (std::vector<std::string>)> client_npn_cb; + std::function<std::string (std::vector<std::string>)> client_npn_cb; Handshake_Reader* handshake_reader() { return m_handshake_reader; } private: diff --git a/src/tls/tls_heartbeats.cpp b/src/tls/tls_heartbeats.cpp index a77d23534..059772d34 100644 --- a/src/tls/tls_heartbeats.cpp +++ b/src/tls/tls_heartbeats.cpp @@ -68,7 +68,7 @@ Heartbeat_Support_Indicator::Heartbeat_Support_Indicator(TLS_Data_Reader& reader if(code != 1 && code != 2) throw TLS_Exception(Alert::ILLEGAL_PARAMETER, - "Unknown heartbeat code " + to_string(code)); + "Unknown heartbeat code " + std::to_string(code)); m_peer_allowed_to_send = (code == 1); } diff --git a/src/tls/tls_record.h b/src/tls/tls_record.h index 680ec8f7b..3b44ee1c6 100644 --- a/src/tls/tls_record.h +++ b/src/tls/tls_record.h @@ -22,16 +22,6 @@ namespace Botan { namespace TLS { -#elif defined(BOTAN_USE_BOOST_TR1) - #include <boost/tr1/functional.hpp> -#else - #error "No TR1 library defined for use" -#endif - -namespace Botan { - -namespace TLS { - class Session_Keys; /** @@ -61,7 +51,7 @@ class BOTAN_DLL Record_Writer void set_maximum_fragment_size(size_t max_fragment); - Record_Writer(std::tr1::function<void (const byte[], size_t)> output_fn); + Record_Writer(std::function<void (const byte[], size_t)> output_fn); ~Record_Writer() { delete m_mac; } private: @@ -70,7 +60,7 @@ class BOTAN_DLL Record_Writer void send_record(byte type, const byte input[], size_t length); - std::tr1::function<void (const byte[], size_t)> m_output_fn; + std::function<void (const byte[], size_t)> m_output_fn; MemoryVector<byte> m_writebuf; diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index 9da4ca3b8..1e8c73ec3 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -22,7 +22,7 @@ bool check_for_resume(Session& session_info, Session_Manager& session_manager, Credentials_Manager& credentials, Client_Hello* client_hello, - u32bit session_ticket_lifetime) + std::chrono::seconds session_ticket_lifetime) { const MemoryVector<byte>& client_session_id = client_hello->session_id(); const MemoryVector<byte>& session_ticket = client_hello->session_ticket(); @@ -45,7 +45,7 @@ bool check_for_resume(Session& session_info, session_ticket, credentials.psk("tls-server", "session-ticket", "")); - if(session_ticket_lifetime && + if(session_ticket_lifetime != std::chrono::seconds(0) && session_info.session_age() > session_ticket_lifetime) return false; // ticket has expired } @@ -184,9 +184,9 @@ get_server_certs(const std::string& hostname, /* * TLS Server Constructor */ -Server::Server(std::tr1::function<void (const byte[], size_t)> output_fn, - std::tr1::function<void (const byte[], size_t, Alert)> proc_fn, - std::tr1::function<bool (const Session&)> handshake_fn, +Server::Server(std::function<void (const byte[], size_t)> output_fn, + std::function<void (const byte[], size_t, Alert)> proc_fn, + std::function<bool (const Session&)> handshake_fn, Session_Manager& session_manager, Credentials_Manager& creds, const Policy& policy, @@ -302,7 +302,7 @@ void Server::process_handshake_msg(Handshake_Type type, session_manager, creds, state->client_hello, - policy.session_ticket_lifetime()); + std::chrono::seconds(policy.session_ticket_lifetime())); bool have_session_ticket_key = false; diff --git a/src/tls/tls_server.h b/src/tls/tls_server.h index 6ade91afc..684021ebc 100644 --- a/src/tls/tls_server.h +++ b/src/tls/tls_server.h @@ -26,9 +26,9 @@ class BOTAN_DLL Server : public Channel /** * Server initialization */ - Server(std::tr1::function<void (const byte[], size_t)> socket_output_fn, - std::tr1::function<void (const byte[], size_t, Alert)> proc_fn, - std::tr1::function<bool (const Session&)> handshake_complete, + Server(std::function<void (const byte[], size_t)> socket_output_fn, + std::function<void (const byte[], size_t, Alert)> proc_fn, + std::function<bool (const Session&)> handshake_complete, Session_Manager& session_manager, Credentials_Manager& creds, const Policy& policy, diff --git a/src/tls/tls_session.cpp b/src/tls/tls_session.cpp index 0e8bf3051..dac38e67b 100644 --- a/src/tls/tls_session.cpp +++ b/src/tls/tls_session.cpp @@ -10,7 +10,6 @@ #include <botan/ber_dec.h> #include <botan/asn1_str.h> #include <botan/pem.h> -#include <botan/time.h> #include <botan/lookup.h> #include <botan/loadstor.h> #include <memory> @@ -31,7 +30,7 @@ Session::Session(const MemoryRegion<byte>& session_identifier, const MemoryRegion<byte>& ticket, const std::string& sni_hostname, const std::string& srp_identifier) : - m_start_time(system_time()), + m_start_time(std::chrono::system_clock::now()), m_identifier(session_identifier), m_session_ticket(ticket), m_master_secret(master_secret), @@ -64,11 +63,13 @@ Session::Session(const byte ber[], size_t ber_len) MemoryVector<byte> peer_cert_bits; + size_t start_time = 0; + BER_Decoder(ber, ber_len) .start_cons(SEQUENCE) .decode_and_check(static_cast<size_t>(TLS_SESSION_PARAM_STRUCT_VERSION), "Unknown version in session structure") - .decode_integer_type(m_start_time) + .decode_integer_type(start_time) .decode_integer_type(major_version) .decode_integer_type(minor_version) .decode(m_identifier, OCTET_STRING) @@ -86,6 +87,7 @@ Session::Session(const byte ber[], size_t ber_len) .verify_end(); m_version = Protocol_Version(major_version, minor_version); + m_start_time = std::chrono::system_clock::from_time_t(start_time); m_sni_hostname = sni_hostname_str.value(); m_srp_identifier = srp_identifier_str.value(); m_connection_side = static_cast<Connection_Side>(side_code); @@ -108,7 +110,7 @@ SecureVector<byte> Session::DER_encode() const return DER_Encoder() .start_cons(SEQUENCE) .encode(static_cast<size_t>(TLS_SESSION_PARAM_STRUCT_VERSION)) - .encode(static_cast<size_t>(m_start_time)) + .encode(static_cast<size_t>(std::chrono::system_clock::to_time_t(m_start_time))) .encode(static_cast<size_t>(m_version.major_version())) .encode(static_cast<size_t>(m_version.minor_version())) .encode(m_identifier, OCTET_STRING) @@ -131,9 +133,10 @@ std::string Session::PEM_encode() const return PEM_Code::encode(this->DER_encode(), "SSL SESSION"); } -u32bit Session::session_age() const +std::chrono::seconds Session::session_age() const { - return (system_time() - m_start_time); + return std::chrono::duration_cast<std::chrono::seconds>( + std::chrono::system_clock::now() - m_start_time); } namespace { @@ -155,7 +158,7 @@ MemoryVector<byte> Session::encrypt(const SymmetricKey& master_key, RandomNumberGenerator& rng) const { - std::auto_ptr<KDF> kdf(get_kdf(SESSION_CRYPTO_KDF)); + std::unique_ptr<KDF> kdf(get_kdf(SESSION_CRYPTO_KDF)); SymmetricKey cipher_key = kdf->derive_key(CIPHER_KEY_LENGTH, @@ -169,7 +172,7 @@ Session::encrypt(const SymmetricKey& master_key, InitializationVector cipher_iv(rng, 16); - std::auto_ptr<MessageAuthenticationCode> mac(get_mac(SESSION_CRYPTO_MAC)); + std::unique_ptr<MessageAuthenticationCode> mac(get_mac(SESSION_CRYPTO_MAC)); mac->set_key(mac_key); Pipe pipe(get_cipher(SESSION_CRYPTO_CIPHER, cipher_key, cipher_iv, ENCRYPTION)); @@ -203,14 +206,14 @@ Session Session::decrypt(const byte buf[], size_t buf_len, if(load_be<u32bit>(buf, 0) != SESSION_CRYPTO_MAGIC) throw Decoding_Error("Unknown header value in encrypted session"); - std::auto_ptr<KDF> kdf(get_kdf(SESSION_CRYPTO_KDF)); + std::unique_ptr<KDF> kdf(get_kdf(SESSION_CRYPTO_KDF)); SymmetricKey mac_key = kdf->derive_key(MAC_KEY_LENGTH, master_key.bits_of(), "tls.session.mac-key"); - std::auto_ptr<MessageAuthenticationCode> mac(get_mac(SESSION_CRYPTO_MAC)); + std::unique_ptr<MessageAuthenticationCode> mac(get_mac(SESSION_CRYPTO_MAC)); mac->set_key(mac_key); mac->update(&buf[0], buf_len - MAC_OUTPUT_LENGTH); diff --git a/src/tls/tls_session.h b/src/tls/tls_session.h index 290ee6dcc..a2b341a30 100644 --- a/src/tls/tls_session.h +++ b/src/tls/tls_session.h @@ -14,6 +14,7 @@ #include <botan/tls_magic.h> #include <botan/secmem.h> #include <botan/symkey.h> +#include <chrono> namespace Botan { @@ -30,7 +31,7 @@ class BOTAN_DLL Session * Uninitialized session */ Session() : - m_start_time(0), + m_start_time(std::chrono::system_clock::time_point::min()), m_version(), m_ciphersuite(0), m_compression_method(0), @@ -172,14 +173,15 @@ class BOTAN_DLL Session std::vector<X509_Certificate> peer_certs() const { return m_peer_certs; } /** - * Get the time this session began (seconds since Epoch) + * Get the wall clock time this session began */ - u64bit start_time() const { return m_start_time; } + std::chrono::system_clock::time_point start_time() const + { return m_start_time; } /** * Return how long this session has existed (in seconds) */ - u32bit session_age() const; + std::chrono::seconds session_age() const; /** * Return the session ticket the server gave us @@ -189,7 +191,7 @@ class BOTAN_DLL Session private: enum { TLS_SESSION_PARAM_STRUCT_VERSION = 0x2994e300 }; - u64bit m_start_time; + std::chrono::system_clock::time_point m_start_time; MemoryVector<byte> m_identifier; MemoryVector<byte> m_session_ticket; // only used by client side diff --git a/src/tls/tls_session_manager.cpp b/src/tls/tls_session_manager.cpp index 69823e8bd..d103df35f 100644 --- a/src/tls/tls_session_manager.cpp +++ b/src/tls/tls_session_manager.cpp @@ -18,7 +18,7 @@ bool Session_Manager_In_Memory::load_from_session_str( { // assert(lock is held) - auto i = sessions.find(session_str); + auto i = m_sessions.find(session_str); if(i == m_sessions.end()) return false; @@ -26,7 +26,7 @@ bool Session_Manager_In_Memory::load_from_session_str( // if session has expired, remove it const auto now = std::chrono::system_clock::now(); - if(i->second.start_time() + session_lifetime < now) + if(i->second.start_time() + session_lifetime() < now) { m_sessions.erase(i); return false; @@ -39,7 +39,7 @@ bool Session_Manager_In_Memory::load_from_session_str( bool Session_Manager_In_Memory::load_from_session_id( const MemoryRegion<byte>& session_id, Session& session) { - std::lock_guard<std::mutex> lock(mutex); + std::lock_guard<std::mutex> lock(m_mutex); return load_from_session_str(hex_encode(session_id), session); } @@ -47,23 +47,23 @@ bool Session_Manager_In_Memory::load_from_session_id( bool Session_Manager_In_Memory::load_from_host_info( const std::string& hostname, u16bit port, Session& session) { - std::lock_guard<std::mutex> lock(mutex); + std::lock_guard<std::mutex> lock(m_mutex); std::map<std::string, std::string>::iterator i; if(port > 0) - i = host_sessions.find(hostname + ":" + std::to_string(port)); + i = m_host_sessions.find(hostname + ":" + std::to_string(port)); else - i = host_sessions.find(hostname); + i = m_host_sessions.find(hostname); - if(i == host_sessions.end()) + if(i == m_host_sessions.end()) return false; if(load_from_session_str(i->second, session)) return true; - // was removed from sessions map, remove host_sessions entry - host_sessions.erase(i); + // was removed from sessions map, remove m_host_sessions entry + m_host_sessions.erase(i); return false; } @@ -71,9 +71,9 @@ bool Session_Manager_In_Memory::load_from_host_info( void Session_Manager_In_Memory::remove_entry( const MemoryRegion<byte>& session_id) { - std::lock_guard<std::mutex> lock(mutex); + std::lock_guard<std::mutex> lock(m_mutex); - auto i = sessions.find(hex_encode(session_id)); + auto i = m_sessions.find(hex_encode(session_id)); if(i != m_sessions.end()) m_sessions.erase(i); @@ -81,9 +81,9 @@ void Session_Manager_In_Memory::remove_entry( void Session_Manager_In_Memory::save(const Session& session) { - std::lock_guard<std::mutex> lock(mutex); + std::lock_guard<std::mutex> lock(m_mutex); - if(max_sessions != 0) + if(m_max_sessions != 0) { /* This removes randomly based on ordering of session ids. @@ -95,10 +95,10 @@ void Session_Manager_In_Memory::save(const Session& session) const std::string session_id_str = hex_encode(session.session_id()); - sessions[session_id_str] = session; + m_sessions[session_id_str] = session; if(session.side() == CLIENT && session.sni_hostname() != "") - host_sessions[session.sni_hostname()] = session_id_str; + m_host_sessions[session.sni_hostname()] = session_id_str; } } diff --git a/src/tls/tls_session_manager.h b/src/tls/tls_session_manager.h index 8a4f31b78..84d51406d 100644 --- a/src/tls/tls_session_manager.h +++ b/src/tls/tls_session_manager.h @@ -70,7 +70,7 @@ class BOTAN_DLL Session_Manager * sessions are not resumed. Returns 0 if unknown/no explicit * expiration policy. */ - virtual u32bit session_lifetime() const = 0; + virtual std::chrono::seconds session_lifetime() const = 0; virtual ~Session_Manager() {} }; @@ -89,7 +89,7 @@ class BOTAN_DLL Session_Manager_In_Memory : public Session_Manager * seconds have elapsed from initial handshake. */ Session_Manager_In_Memory(size_t max_sessions = 1000, - u32bit session_lifetime = 7200) : + std::chrono::seconds session_lifetime = std::chrono::seconds(7200)) : m_max_sessions(max_sessions), m_session_lifetime(session_lifetime) {} @@ -104,15 +104,17 @@ class BOTAN_DLL Session_Manager_In_Memory : public Session_Manager void save(const Session& session_data); - u32bit session_lifetime() const { return m_session_lifetime; } + std::chrono::seconds session_lifetime() const { return m_session_lifetime; } private: bool load_from_session_str(const std::string& session_str, Session& session); + std::mutex m_mutex; + size_t m_max_sessions; - u32bit m_session_lifetime; + std::chrono::seconds m_session_lifetime; std::map<std::string, Session> m_sessions; // hex(session_id) -> session std::map<std::string, std::string> m_host_sessions; |