This resolves a medium vulnerability described in the
Beast Hybrid Assessment Report by Bishop Fox, where masks generated
for use with outgoing WebSocket client frames use an insufficient
source of entropy and a non-cryptographically secure pseudo-random
number generator.
By default, all newly constructed WebSocket streams will use a
uniquely seeded secure PRNG (ChaCha20 in counter mode). As this may
result in increased CPU resource consumption, the function
websocket::stream::secure_prng() may be used to select a faster but
less secure PRNG, for the case where the caller knows that the secure
generator is not necessary.
On some systems, std::random_device may produce insufficient entropy
to securely seed the PRNG. As this condition cannot be detected by
Beast, callers may use the function websocket::seed_prng() called
once at startup to provide at least 256 bits of entropy which will
be used to uniquely seed all subsequent PRNGs.
The ssl_stream wrapper provides C++11 move semantics for ssl::stream,
as well as incorporating the flat_stream workaround for a performance
problem with ssl::stream writes and buffer sequences having length
greater than one.
fix#949
* New error codes are introduced for WebSocket failures
* More verbose messages for error codes
* Error codes are mapped to conditions for ease of testing
* error::failed and error::handshake_failed are deprecated (don't use)
Actions Required:
* Code which explicitly compares error_code values against the
constant `websocket::error::handshake_failed` should compare
against `websocket::condition::handshake_failed` instead.
* Code which explicitly compares error_code values against the
constant `websocket::error::failed` should compare
against `websocket::condition::protocol_violation` instead.
Body::reader and Body::writer meanings are reversed, for
consistency with the names of the stream operations:
* Body::reader is used for read, read_some, async_read, async_read_some
* Body::writer is used for write, write_some, async_write, async_write_some
Actions Required:
* Swap the reader and writer names for user defined Body types
* Swap use of is_body_reader and is_body_writer
* Fields::writer replaces Fields::reader
* The FieldsWriter concept is renamed from FieldsReader
Actions Required:
* Rename reader to writer for user defined Fields
fix#769
The following classes are removed:
* handler_type
* async_result
* async_completion
* is_dynamic_buffer
* is_const_buffer_sequence
* is_mutable_buffer_sequence
* handler_alloc
Actions Required:
* Use BOOST_ASIO_HANDLER_TYPE instead of handler_type
* Use BOOST_ASIO_INITFN_RESULT_TYPE instead of async_result
* Use boost::asio::async_completion
* Use boost::asio::is_dynamic_buffer
* Use boost::asio::is_const_buffer_sequence
* Use boost::asio::is_mutable_buffer_sequence
* boost::asio::associated_allocator_t replaces handler_alloc
fix#773
* buffer_cat is renamed to buffers_cat
* buffer_cat_view is renamed to buffers_cat_view
Actions Required:
* Use buffers_cat instead of buffer_cat
* Use buffers_cat_view instead of buffer_cat_view
fix#773
* buffer_prefix is renamed to buffers_prefix
* buffer_prefix_view is renamed to buffers_prefix_view
Actions Required:
* Use buffers_prefix instead of buffer_prefix
* Use buffers_prefix_view instead of buffer_prefix_view
* teardown_tag is replaced with teardown_role, a client/server
flag used to determine whether the shutdown is performed
before or after reading the EOF. This is in accordance with
RFC6455 7.1.1:
https://tools.ietf.org/html/rfc6455#section-7.1.1
Actions Required:
* Modify signatures of teardown and async_teardown to use
teardown_role instead of teardown_tag
* Change calls to teardown and async_teardown to pass the
correct role: client or server depending on context.
* The drain_buffer dynamic buffer is no longer a public interface.
Actions Required:
* Replace code which uses drain_buffer. For websocket::stream,
it is no longer necessary to manually drain the connection
after closing.
* static_buffer is added
Note this is the same name from two versions ago, when
static_buffer was renamed to flat_static_buffer for
consistency and to clear the name for a circular static
buffer.
Actions Required:
* Callers who depend on static_buffer returning sequences of
exactly length one should switch to flat_static_buffer.
New buffer sequence classes are provided to allow full
control over the serialization of chunk-encoded message
payloads:
* chunk_header
A ConstBufferSequence representing the chunk header.
It includes a hexadecimal-encoded size, an optional
set of chunk extensions, and the trailing CRLF
required to denote the end of the chunk header.
This allows the caller to manually serialize the chunk
body in one or more calls to a stream output function.
The caller must also output an object of type `chunk_crlf`
to the stream to indicate the end of the chunk body.
* chunk_crlf
A small ConstBufferSequence that simply represents
the two character sequence "\r\n" (CRLF). This is needed
for the case where the caller wants to output a chunk
body as a series of buffers (i.e. "chunking a chunk").
* chunk_body
A ConstBufferSequence representing a complete chunk.
This includes the size, an optional set of chunk extensions,
a caller provided buffer containing the body, and the
required CRLF that follows.
* chunk_final
A ConstBufferSequence representing a final chunk. It
includes an optional set of caller-provided field trailers
* chunk_extensions
A container for building a set of chunk extensions to use
during serialization. The use of the container is optional,
callers may provide their own buffer containing a correctly
formatted set of chunk extensions, or they may use their
own convenience container which meets the requirements.
The basic_fields container is modified to allow construction
outside the context of a message. The container can be used
to provide trailers to `chunk_final`.
Actions Required:
* Remove references to ChunkDecorators. Use the new chunk-encoding
buffer sequences to manually produce a chunked payload body in
the case where control over the chunk-extensions and/or trailers
is required.
