randombit · reneme · Mar 14, 2023 · Mar 10, 2023 · Mar 10, 2023 · Mar 10, 2023
diff --git a/doc/migration_guide.rst b/doc/migration_guide.rst
@@ -63,6 +63,12 @@ is mandatory to implement by applications, though. Additionally there are a few
 backward incompatible changes in callbacks that might require attention by some
 applications:
 
+tls_record_received() / tls_emit_data()
+"""""""""""""""""""""""""""""""""""""""
+
+Those callbacks now take `std::span<const uint8_t>` instead of `const uint8_t*`
+with a `size_t` buffer length.
+
 tls_verify_cert_chain()
 """""""""""""""""""""""
 

diff --git a/src/bogo_shim/bogo_shim.cpp b/src/bogo_shim/bogo_shim.cpp
@@ -1368,32 +1368,32 @@ class Shim_Callbacks final : public Botan::TLS::Callbacks
 
       bool saw_close_notify() const { return m_got_close; }
 
-      void tls_emit_data(const uint8_t data[], size_t size) override
+      void tls_emit_data(std::span<const uint8_t> data) override
          {
-         shim_log("sending record of len " + std::to_string(size));
+         shim_log("sending record of len " + std::to_string(data.size()));
 
          if(m_args.option_used("write-settings"))
             {
             // TODO: the transcript option should probably be used differently
             std::cout << ">>>" << std::endl
-                            << Botan::hex_encode(data, size) << std::endl
+                            << Botan::hex_encode(data) << std::endl
                             << ">>>" << std::endl;
             }
 
          if(m_is_datagram)
             {
-            std::vector<uint8_t> packet(size + 5);
+            std::vector<uint8_t> packet(data.size() + 5);
 
             packet[0] = 'P';
             for(size_t i = 0; i != 4; ++i)
-               packet[i+1] = static_cast<uint8_t>((size >> (24-8*i)) & 0xFF);
-            std::memcpy(packet.data() + 5, data, size);
+               packet[i+1] = static_cast<uint8_t>((data.size() >> (24-8*i)) & 0xFF);
+            std::memcpy(packet.data() + 5, data.data(), data.size());
 
             m_socket.write(packet.data(), packet.size());
             }
          else
             {
-            m_socket.write(data, size);
+            m_socket.write(data.data(), data.size());
             }
          }
 
@@ -1414,9 +1414,9 @@ class Shim_Callbacks final : public Botan::TLS::Callbacks
           return {};
           }
 
-      void tls_record_received(uint64_t /*seq_no*/, const uint8_t data[], size_t size) override
+      void tls_record_received(uint64_t /*seq_no*/, std::span<const uint8_t> data) override
          {
-         if(size == 0)
+         if(data.empty())
             {
             m_empty_records += 1;
             if(m_empty_records > 32)
@@ -1427,11 +1427,11 @@ class Shim_Callbacks final : public Botan::TLS::Callbacks
             m_empty_records = 0;
             }
 
-         shim_log("Reflecting application_data len " + std::to_string(size));
+         shim_log("Reflecting application_data len " + std::to_string(data.size()));
 
-         std::vector<uint8_t> buf(data, data + size);
-         for(size_t i = 0; i != size; ++i)
-            buf[i] ^= 0xFF;
+         std::vector<uint8_t> buf(data.begin(), data.end());
+         for(auto& b : buf)
+            b ^= 0xFF;
 
          m_channel->send(buf);
          }

diff --git a/src/cli/tls_client.cpp b/src/cli/tls_client.cpp
@@ -366,18 +366,16 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks
             }
          }
 
-      void tls_emit_data(const uint8_t buf[], size_t length) override
+      void tls_emit_data(std::span<const uint8_t> buf) override
          {
-         size_t offset = 0;
-
          if(flag_set("debug"))
             {
-            output() << "<< " << Botan::hex_encode(buf, length) << "\n";
+            output() << "<< " << Botan::hex_encode(buf) << "\n";
             }
 
-         while(length)
+         while(!buf.empty())
             {
-            ssize_t sent = ::send(m_sockfd, buf + offset, length, MSG_NOSIGNAL);
+            ssize_t sent = ::send(m_sockfd, buf.data(), buf.size(), MSG_NOSIGNAL);
 
             if(sent == -1)
                {
@@ -391,8 +389,7 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks
                   }
                }
 
-            offset += sent;
-            length -= sent;
+            buf = buf.subspan(sent);
             }
          }
 
@@ -401,11 +398,11 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks
          output() << "Alert: " << alert.type_string() << "\n";
          }
 
-      void tls_record_received(uint64_t /*seq_no*/, const uint8_t buf[], size_t buf_size) override
+      void tls_record_received(uint64_t /*seq_no*/, std::span<const uint8_t> buf) override
          {
-         for(size_t i = 0; i != buf_size; ++i)
+         for(const auto c : buf)
             {
-            output() << buf[i];
+            output() << c;
             }
          }
 

diff --git a/src/cli/tls_http_server.cpp b/src/cli/tls_http_server.cpp
@@ -112,9 +112,9 @@ class HTTP_Parser final
 
       HTTP_Parser(Callbacks& cb) : m_cb(cb) {}
 
-      void consume_input(const uint8_t buf[], size_t buf_len)
+      void consume_input(std::span<const uint8_t> buf)
          {
-         m_req_buf.append(reinterpret_cast<const char*>(buf), buf_len);
+         m_req_buf.append(reinterpret_cast<const char*>(buf.data()), buf.size());
 
          std::istringstream strm(m_req_buf);
 
@@ -251,20 +251,20 @@ class TLS_Asio_HTTP_Session final : public std::enable_shared_from_this<TLS_Asio
             {
             m_client_socket.close();
             }
-         tls_emit_data(nullptr, 0); // initiate another write if needed
+         tls_emit_data({}); // initiate another write if needed
          }
 
       std::string tls_server_choose_app_protocol(const std::vector<std::string>& /*client_protos*/) override
          {
          return "http/1.1";
          }
 
-      void tls_record_received(uint64_t /*rec_no*/, const uint8_t buf[], size_t buf_len) override
+      void tls_record_received(uint64_t /*rec_no*/, std::span<const uint8_t> buf) override
          {
          if(!m_http_parser)
             m_http_parser.reset(new HTTP_Parser(*this));
 
-         m_http_parser->consume_input(buf, buf_len);
+         m_http_parser->consume_input(buf);
          }
 
       std::string summarize_request(const HTTP_Parser::Request& request)
@@ -318,11 +318,11 @@ class TLS_Asio_HTTP_Session final : public std::enable_shared_from_this<TLS_Asio
          m_tls.close();
          }
 
-      void tls_emit_data(const uint8_t buf[], size_t buf_len) override
+      void tls_emit_data(std::span<const uint8_t> buf) override
          {
-         if(buf_len > 0)
+         if(!buf.empty())
             {
-            m_s2c_pending.insert(m_s2c_pending.end(), buf, buf + buf_len);
+            m_s2c_pending.insert(m_s2c_pending.end(), buf.begin(), buf.end());
             }
 
          // no write now active and we still have output pending

diff --git a/src/cli/tls_proxy.cpp b/src/cli/tls_proxy.cpp
@@ -206,7 +206,7 @@ class tls_proxy_session final : public std::enable_shared_from_this<tls_proxy_se
             {
             m_client_socket.close();
             }
-         tls_emit_data(nullptr, 0); // initiate another write if needed
+         tls_emit_data({}); // initiate another write if needed
          }
 
       void handle_server_write_completion(const boost::system::error_code& error)
@@ -219,20 +219,20 @@ class tls_proxy_session final : public std::enable_shared_from_this<tls_proxy_se
             }
 
          m_p2s.clear();
-         proxy_write_to_server(nullptr, 0); // initiate another write if needed
+         proxy_write_to_server({}); // initiate another write if needed
          }
 
-      void tls_record_received(uint64_t /*rec_no*/, const uint8_t buf[], size_t buf_len) override
+      void tls_record_received(uint64_t /*rec_no*/, std::span<const uint8_t> buf) override
          {
          // Immediately bounce message to server
-         proxy_write_to_server(buf, buf_len);
+         proxy_write_to_server(buf);
          }
 
-      void tls_emit_data(const uint8_t buf[], size_t buf_len) override
+      void tls_emit_data(std::span<const uint8_t> buf) override
          {
-         if(buf_len > 0)
+         if(!buf.empty())
             {
-            m_p2c_pending.insert(m_p2c_pending.end(), buf, buf + buf_len);
+            m_p2c_pending.insert(m_p2c_pending.end(), buf.begin(), buf.end());
             }
 
          // no write now active and we still have output pending
@@ -253,11 +253,11 @@ class tls_proxy_session final : public std::enable_shared_from_this<tls_proxy_se
             }
          }
 
-      void proxy_write_to_server(const uint8_t buf[], size_t buf_len)
+      void proxy_write_to_server(std::span<const uint8_t> buf)
          {
-         if(buf_len > 0)
+         if(!buf.empty())
             {
-            m_p2s_pending.insert(m_p2s_pending.end(), buf, buf + buf_len);
+            m_p2s_pending.insert(m_p2s_pending.end(), buf.begin(), buf.end());
             }
 
          // no write now active and we still have output pending
@@ -324,7 +324,7 @@ class tls_proxy_session final : public std::enable_shared_from_this<tls_proxy_se
                return;
                }
             server_read(boost::system::error_code(), 0); // start read loop
-            proxy_write_to_server(nullptr, 0);
+            proxy_write_to_server({});
             };
          async_connect(m_server_socket, m_server_endpoints, onConnect);
          }

diff --git a/src/cli/tls_server.cpp b/src/cli/tls_server.cpp
@@ -298,9 +298,9 @@ class TLS_Server final : public Command, public Botan::TLS::Callbacks
          return true;
          }
 
-      void tls_record_received(uint64_t /*seq_no*/, const uint8_t input[], size_t input_len) override
+      void tls_record_received(uint64_t /*seq_no*/, std::span<const uint8_t> input) override
          {
-         for(size_t i = 0; i != input_len; ++i)
+         for(size_t i = 0; i != input.size(); ++i)
             {
             const char c = static_cast<char>(input[i]);
             m_line_buf += c;
@@ -312,26 +312,26 @@ class TLS_Server final : public Command, public Botan::TLS::Callbacks
             }
          }
 
-      void tls_emit_data(const uint8_t buf[], size_t length) override
+      void tls_emit_data(std::span<const uint8_t> buf) override
          {
          if(m_is_tcp)
             {
-            ssize_t sent = ::send(m_socket, buf, static_cast<sendrecv_len_type>(length), MSG_NOSIGNAL);
+            ssize_t sent = ::send(m_socket, buf.data(), static_cast<sendrecv_len_type>(buf.size()), MSG_NOSIGNAL);
 
             if(sent == -1)
                {
                error_output() << "Error writing to socket - " << err_to_string(errno) << std::endl;
                }
-            else if(sent != static_cast<ssize_t>(length))
+            else if(sent != static_cast<ssize_t>(buf.size()))
                {
-               error_output() << "Packet of length " << length << " truncated to " << sent << std::endl;
+               error_output() << "Packet of length " << buf.size() << " truncated to " << sent << std::endl;
                }
             }
          else
             {
-            while(length)
+            while(!buf.empty())
                {
-               ssize_t sent = ::send(m_socket, buf, static_cast<sendrecv_len_type>(length), MSG_NOSIGNAL);
+               ssize_t sent = ::send(m_socket, buf.data(), static_cast<sendrecv_len_type>(buf.size()), MSG_NOSIGNAL);
 
                if(sent == -1)
                   {
@@ -345,8 +345,7 @@ class TLS_Server final : public Command, public Botan::TLS::Callbacks
                      }
                   }
 
-               buf += sent;
-               length -= sent;
+               buf = buf.subspan(sent);
                }
             }
          }

diff --git a/src/examples/tls_client.cpp b/src/examples/tls_client.cpp
@@ -15,11 +15,11 @@
  */
 class Callbacks : public Botan::TLS::Callbacks {
 public:
-  void tls_emit_data(const uint8_t data[], size_t size) override {
+  void tls_emit_data(std::span<const uint8_t> data) override {
     // send data to tls server, e.g., using BSD sockets or boost asio
   }
 
-  void tls_record_received(uint64_t seq_no, const uint8_t data[], size_t size) override {
+  void tls_record_received(uint64_t seq_no, std::span<const uint8_t> data) override {
     // process full TLS record received by tls server, e.g.,
     // by passing it to the application
   }

diff --git a/src/examples/tls_custom_curves_client.cpp b/src/examples/tls_custom_curves_client.cpp
@@ -16,11 +16,11 @@
  */
 class Callbacks : public Botan::TLS::Callbacks {
 public:
-  void tls_emit_data(const uint8_t data[], size_t size) override {
+  void tls_emit_data(std::span<const uint8_t> data) override {
     // send data to tls server, e.g., using BSD sockets or boost asio
   }
 
-  void tls_record_received(uint64_t seq_no, const uint8_t data[], size_t size) override {
+  void tls_record_received(uint64_t seq_no, std::span<const uint8_t> data) override {
     // process full TLS record received by tls server, e.g.,
     // by passing it to the application
   }

diff --git a/src/examples/tls_custom_curves_server.cpp b/src/examples/tls_custom_curves_server.cpp
@@ -20,11 +20,11 @@
  */
 class Callbacks : public Botan::TLS::Callbacks {
 public:
-  void tls_emit_data(const uint8_t data[], size_t size) override {
+  void tls_emit_data(std::span<const uint8_t> data) override {
     // send data to tls client, e.g., using BSD sockets or boost asio
   }
 
-  void tls_record_received(uint64_t seq_no, const uint8_t data[], size_t size) override {
+  void tls_record_received(uint64_t seq_no, std::span<const uint8_t> data) override {
     // process full TLS record received by tls client, e.g.,
     // by passing it to the application
   }

diff --git a/src/examples/tls_proxy.cpp b/src/examples/tls_proxy.cpp
@@ -19,11 +19,11 @@
  */
 class Callbacks : public Botan::TLS::Callbacks {
 public:
-  void tls_emit_data(const uint8_t data[], size_t size) override {
+  void tls_emit_data(std::span<const uint8_t> data) override {
     // send data to tls client, e.g., using BSD sockets or boost asio
   }
 
-  void tls_record_received(uint64_t seq_no, const uint8_t data[], size_t size) override {
+  void tls_record_received(uint64_t seq_no, std::span<const uint8_t> data) override {
     // process full TLS record received by tls client, e.g.,
     // by passing it to the application
   }

diff --git a/src/fuzzer/tls_13_handshake_layer.cpp b/src/fuzzer/tls_13_handshake_layer.cpp
@@ -13,7 +13,7 @@
 
 namespace {
 
-Botan::TLS::Handshake_Layer prepare(const Botan::secure_vector<uint8_t>& data)
+Botan::TLS::Handshake_Layer prepare(std::span<const uint8_t> data)
    {
    Botan::TLS::Handshake_Layer hl(Botan::TLS::Connection_Side::Client);
    hl.copy_data(data);
@@ -29,12 +29,11 @@ void fuzz(const uint8_t in[], size_t len)
 
    try
       {
-      Botan::secure_vector<uint8_t> v(in, in + len);
-      auto hl1 = prepare(v);
+      auto hl1 = prepare(std::span(in, len));
       Botan::TLS::Transcript_Hash_State ths("SHA-256");
       while (hl1.next_message(policy, ths).has_value()) {};
 
-      auto hl2 = prepare(v);
+      auto hl2 = prepare(std::span(in, len));
       while (hl2.next_post_handshake_message(policy).has_value()) {};
       }
    catch(Botan::Exception& e) {}

diff --git a/src/fuzzer/tls_client.cpp b/src/fuzzer/tls_client.cpp
@@ -39,12 +39,12 @@ class Fuzzer_TLS_Policy : public Botan::TLS::Policy
 class Fuzzer_TLS_Client_Callbacks : public Botan::TLS::Callbacks
    {
    public:
-       void tls_emit_data(const uint8_t[], size_t) override
+       void tls_emit_data(std::span<const uint8_t>) override
          {
          // discard
          }
 
-      void tls_record_received(uint64_t, const uint8_t[], size_t) override
+      void tls_record_received(uint64_t, std::span<const uint8_t>) override
          {
          // ignore peer data
          }