21943010187

Committed 12 Feb 2026 10:33AM UTC coverage: 90.061% (-0.006%) from 90.067%

Build # 21943010187

Build Type

Pull #5318

github

Committed by

web-flow

Commit Message

Merge 005a803db into f97d7db3f

Pull Request Pull Request #5318: Allow disabling TLS 1.2 at Build Time

Run Details

102245 of 113528 relevant lines covered (90.06%)

11733046.67 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

81.82

/src/lib/tls/tls_client.cpp

/*
* TLS Client
* (C) 2004-2011,2012,2015,2016 Jack Lloyd
*     2016 Matthias Gierlings
*     2017 Harry Reimann, Rohde & Schwarz Cybersecurity
*     2021 Elektrobit Automotive GmbH
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/tls_client.h>

#include <botan/tls_policy.h>
#include <botan/internal/tls_channel_impl.h>

#if defined(BOTAN_HAS_TLS_12)
   #include <botan/internal/tls_client_impl_12.h>
#endif

#if defined(BOTAN_HAS_TLS_13)
   #include <botan/internal/tls_client_impl_13.h>
#endif

namespace Botan::TLS {

/*
* TLS Client Constructor
*/
Client::Client(const std::shared_ptr<Callbacks>& callbacks,
               const std::shared_ptr<Session_Manager>& session_manager,
               const std::shared_ptr<Credentials_Manager>& creds,
               const std::shared_ptr<const Policy>& policy,
               const std::shared_ptr<RandomNumberGenerator>& rng,
               Server_Information info,
               Protocol_Version offer_version,
               const std::vector<std::string>& next_protocols,
               size_t io_buf_sz) {
   BOTAN_ARG_CHECK(policy->acceptable_protocol_version(offer_version),
                   "Policy does not allow to offer requested protocol version");

#if defined(BOTAN_HAS_TLS_13)
   if(offer_version == Protocol_Version::TLS_V13) {
      m_impl = std::make_unique<Client_Impl_13>(
         callbacks, session_manager, creds, policy, rng, std::move(info), next_protocols);

      if(m_impl->expects_downgrade()) {
         m_impl->set_io_buffer_size(io_buf_sz);
      }

      if(m_impl->is_downgrading()) {
         // TLS 1.3 implementation found a resumable TLS 1.2 session and
         // requested a downgrade right away.
         downgrade();
      }

      return;
   }
#endif

#if defined(BOTAN_HAS_TLS_12)
   if(offer_version.is_pre_tls_13()) {
      m_impl = std::make_unique<Client_Impl_12>(callbacks,
                                                session_manager,
                                                creds,
                                                policy,
                                                rng,
                                                std::move(info),
                                                offer_version.is_datagram_protocol(),
                                                next_protocols,
                                                io_buf_sz);
      return;
   }
#endif

   BOTAN_UNUSED(callbacks, session_manager, creds, policy, rng, info, offer_version, next_protocols, io_buf_sz);
   throw Not_Implemented("Requested TLS version to be offered is not available in this build");
}

Client::~Client() = default;

size_t Client::downgrade() {
   BOTAN_ASSERT_NOMSG(m_impl->is_downgrading());

#if defined(BOTAN_HAS_TLS_12)
   auto info = m_impl->extract_downgrade_info();
   m_impl = std::make_unique<Client_Impl_12>(*info);

   if(!info->peer_transcript.empty()) {
      // replay peer data received so far
      return m_impl->from_peer(info->peer_transcript);
   } else {
      // the downgrade happened due to a resumable TLS 1.2 session
      // before any data was transferred
      return 0;
   }
#else
   // If TLS 1.2 is not available, we will never downgrade, the downgrade info
   // won't even be created and `is_downgrading()` would always return false.
   BOTAN_ASSERT_UNREACHABLE();
#endif
}

size_t Client::from_peer(std::span<const uint8_t> data) {
   auto read = m_impl->from_peer(data);

   if(m_impl->is_downgrading()) {
      read = downgrade();
   }

   return read;
}

bool Client::is_handshake_complete() const {
   return m_impl->is_handshake_complete();
}

bool Client::is_active() const {
   return m_impl->is_active();
}

bool Client::is_closed() const {
   return m_impl->is_closed();
}

bool Client::is_closed_for_reading() const {
   return m_impl->is_closed_for_reading();
}

bool Client::is_closed_for_writing() const {
   return m_impl->is_closed_for_writing();
}

std::vector<X509_Certificate> Client::peer_cert_chain() const {
   return m_impl->peer_cert_chain();
}

std::shared_ptr<const Public_Key> Client::peer_raw_public_key() const {
   return m_impl->peer_raw_public_key();
}

std::optional<std::string> Client::external_psk_identity() const {
   return m_impl->external_psk_identity();
}

SymmetricKey Client::key_material_export(std::string_view label, std::string_view context, size_t length) const {
   return m_impl->key_material_export(label, context, length);
}

void Client::renegotiate(bool force_full_renegotiation) {
   m_impl->renegotiate(force_full_renegotiation);
}

void Client::update_traffic_keys(bool request_peer_update) {
   m_impl->update_traffic_keys(request_peer_update);
}

bool Client::secure_renegotiation_supported() const {
   return m_impl->secure_renegotiation_supported();
}

void Client::to_peer(std::span<const uint8_t> data) {
   m_impl->to_peer(data);
}

void Client::send_alert(const Alert& alert) {
   m_impl->send_alert(alert);
}

void Client::send_warning_alert(Alert::Type type) {
   m_impl->send_warning_alert(type);
}

void Client::send_fatal_alert(Alert::Type type) {
   m_impl->send_fatal_alert(type);
}

void Client::close() {
   m_impl->close();
}

bool Client::timeout_check() {
   return m_impl->timeout_check();
}

std::string Client::application_protocol() const {
   return m_impl->application_protocol();
}

}  // namespace Botan::TLS

1	/*
2	* TLS Client
3	* (C) 2004-2011,2012,2015,2016 Jack Lloyd
4	* 2016 Matthias Gierlings
5	* 2017 Harry Reimann, Rohde & Schwarz Cybersecurity
6	* 2021 Elektrobit Automotive GmbH
7	*
8	* Botan is released under the Simplified BSD License (see license.txt)
9	*/
10
11	#include <botan/tls_client.h>
12
13	#include <botan/tls_policy.h>
14	#include <botan/internal/tls_channel_impl.h>
15
16	#if defined(BOTAN_HAS_TLS_12)
17	#include <botan/internal/tls_client_impl_12.h>
18	#endif
19
20	#if defined(BOTAN_HAS_TLS_13)
21	#include <botan/internal/tls_client_impl_13.h>
22	#endif
23
24	namespace Botan::TLS {
25
26	/*
27	* TLS Client Constructor
28	*/
29	Client::Client(const std::shared_ptr<Callbacks>& callbacks,	3,651✔
30	const std::shared_ptr<Session_Manager>& session_manager,
31	const std::shared_ptr<Credentials_Manager>& creds,
32	const std::shared_ptr<const Policy>& policy,
33	const std::shared_ptr<RandomNumberGenerator>& rng,
34	Server_Information info,
35	Protocol_Version offer_version,
36	const std::vector<std::string>& next_protocols,
37	size_t io_buf_sz) {	3,651✔
38	BOTAN_ARG_CHECK(policy->acceptable_protocol_version(offer_version),	3,651✔
39	"Policy does not allow to offer requested protocol version");
40
41	#if defined(BOTAN_HAS_TLS_13)
42	if(offer_version == Protocol_Version::TLS_V13) {	3,651✔
43	m_impl = std::make_unique<Client_Impl_13>(	1,104✔
44	callbacks, session_manager, creds, policy, rng, std::move(info), next_protocols);	1,104✔
45
46	if(m_impl->expects_downgrade()) {	1,104✔
47	m_impl->set_io_buffer_size(io_buf_sz);	1,075✔
48	}
49
50	if(m_impl->is_downgrading()) {	1,104✔
51	// TLS 1.3 implementation found a resumable TLS 1.2 session and
52	// requested a downgrade right away.
53	downgrade();	116✔
54	}
55
56	return;	1,104✔
57	}
58	#endif
59
60	#if defined(BOTAN_HAS_TLS_12)
61	if(offer_version.is_pre_tls_13()) {	2,547✔
62	m_impl = std::make_unique<Client_Impl_12>(callbacks,	7,641✔
63	session_manager,
64	creds,
65	policy,
66	rng,
67	std::move(info),
68	offer_version.is_datagram_protocol(),	2,547✔
69	next_protocols,
70	io_buf_sz);	2,547✔
71	return;	2,547✔
72	}
73	#endif
74
75	BOTAN_UNUSED(callbacks, session_manager, creds, policy, rng, info, offer_version, next_protocols, io_buf_sz);	×
76	throw Not_Implemented("Requested TLS version to be offered is not available in this build");	×
77	}	×
78
79	Client::~Client() = default;	5,291✔
80
81	size_t Client::downgrade() {	603✔
82	BOTAN_ASSERT_NOMSG(m_impl->is_downgrading());	603✔
83
84	#if defined(BOTAN_HAS_TLS_12)
85	auto info = m_impl->extract_downgrade_info();	603✔
86	m_impl = std::make_unique<Client_Impl_12>(*info);	1,206✔
87
88	if(!info->peer_transcript.empty()) {	603✔
89	// replay peer data received so far
90	return m_impl->from_peer(info->peer_transcript);	487✔
91	} else {
92	// the downgrade happened due to a resumable TLS 1.2 session
93	// before any data was transferred
94	return 0;
95	}
96	#else
97	// If TLS 1.2 is not available, we will never downgrade, the downgrade info
98	// won't even be created and `is_downgrading()` would always return false.
99	BOTAN_ASSERT_UNREACHABLE();
100	#endif
101	}	603✔
102
103	size_t Client::from_peer(std::span<const uint8_t> data) {	88,778✔
104	auto read = m_impl->from_peer(data);	88,778✔
105
106	if(m_impl->is_downgrading()) {	86,417✔
107	read = downgrade();	487✔
108	}
109
110	return read;	86,320✔
111	}
112
113	bool Client::is_handshake_complete() const {	130✔
114	return m_impl->is_handshake_complete();	130✔
115	}
116
117	bool Client::is_active() const {	2,358✔
118	return m_impl->is_active();	2,358✔
119	}
120
121	bool Client::is_closed() const {	562✔
122	return m_impl->is_closed();	562✔
123	}
124
125	bool Client::is_closed_for_reading() const {	×
126	return m_impl->is_closed_for_reading();	×
127	}
128
129	bool Client::is_closed_for_writing() const {	×
130	return m_impl->is_closed_for_writing();	×
131	}
132
133	std::vector<X509_Certificate> Client::peer_cert_chain() const {	×
134	return m_impl->peer_cert_chain();	×
135	}
136
137	std::shared_ptr<const Public_Key> Client::peer_raw_public_key() const {	1✔
138	return m_impl->peer_raw_public_key();	1✔
139	}
140
141	std::optional<std::string> Client::external_psk_identity() const {	×
142	return m_impl->external_psk_identity();	×
143	}
144
145	SymmetricKey Client::key_material_export(std::string_view label, std::string_view context, size_t length) const {	212✔
146	return m_impl->key_material_export(label, context, length);	212✔
147	}
148
149	void Client::renegotiate(bool force_full_renegotiation) {	×
150	m_impl->renegotiate(force_full_renegotiation);	×
151	}	×
152
153	void Client::update_traffic_keys(bool request_peer_update) {	1✔
154	m_impl->update_traffic_keys(request_peer_update);	1✔
155	}	1✔
156
157	bool Client::secure_renegotiation_supported() const {	11✔
158	return m_impl->secure_renegotiation_supported();	11✔
159	}
160
161	void Client::to_peer(std::span<const uint8_t> data) {	1,755✔
162	m_impl->to_peer(data);	1,755✔
163	}	1,755✔
164
165	void Client::send_alert(const Alert& alert) {	934✔
166	m_impl->send_alert(alert);	934✔
167	}	934✔
168
169	void Client::send_warning_alert(Alert::Type type) {	119✔
170	m_impl->send_warning_alert(type);	119✔
171	}	119✔
172
173	void Client::send_fatal_alert(Alert::Type type) {	16✔
174	m_impl->send_fatal_alert(type);	16✔
175	}	16✔
176
177	void Client::close() {	193✔
178	m_impl->close();	193✔
179	}	193✔
180
181	bool Client::timeout_check() {	49✔
182	return m_impl->timeout_check();	49✔
183	}
184
185	std::string Client::application_protocol() const {	1,188✔
186	return m_impl->application_protocol();	1,188✔
187	}
188
189	} // namespace Botan::TLS

randombit / botan / 21943010187

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous