21943010187

Committed 12 Feb 2026 10:33AM UTC coverage: 90.061% (-0.006%) from 90.067%

Build # 21943010187

Build Type

Pull #5318

github

Committed by

web-flow

Commit Message

Merge 005a803db into f97d7db3f

Pull Request Pull Request #5318: Allow disabling TLS 1.2 at Build Time

Run Details

102245 of 113528 relevant lines covered (90.06%)

11733046.67 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

70.83

/src/lib/tls/tls_server.cpp

/*
* TLS Server
* (C) 2004-2011,2012,2016 Jack Lloyd
*     2016 Matthias Gierlings
*     2021 Elektrobit Automotive GmbH
*     2022 René Meusel, Hannes Rantzsch - neXenio GmbH
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/tls_server.h>

#include <botan/tls_policy.h>
#include <botan/internal/tls_channel_impl.h>

#if defined(BOTAN_HAS_TLS_12)
   #include <botan/internal/tls_server_impl_12.h>
#endif

#if defined(BOTAN_HAS_TLS_13)
   #include <botan/internal/tls_server_impl_13.h>
#endif

namespace Botan::TLS {

/*
* TLS Server Constructor
*/
Server::Server(const std::shared_ptr<Callbacks>& callbacks,
               const std::shared_ptr<Session_Manager>& session_manager,
               const std::shared_ptr<Credentials_Manager>& creds,
               const std::shared_ptr<const Policy>& policy,
               const std::shared_ptr<RandomNumberGenerator>& rng,
               bool is_datagram,
               size_t io_buf_sz) {
   const auto max_version = policy->latest_supported_version(is_datagram);

#if defined(BOTAN_HAS_TLS_13)
   if(!max_version.is_pre_tls_13()) {
      m_impl = std::make_unique<Server_Impl_13>(callbacks, session_manager, creds, policy, rng);

      if(m_impl->expects_downgrade()) {
         m_impl->set_io_buffer_size(io_buf_sz);
      }

      return;
   }
#endif

#if defined(BOTAN_HAS_TLS_12)
   if(max_version.is_pre_tls_13()) {
      m_impl = std::make_unique<Server_Impl_12>(callbacks, session_manager, creds, policy, rng, is_datagram, io_buf_sz);
      return;
   }
#endif

   BOTAN_UNUSED(max_version, callbacks, session_manager, creds, policy, rng, is_datagram, io_buf_sz);
   throw Not_Implemented("Requested TLS server version is not available in this build");
}

Server::~Server() = default;

size_t Server::from_peer(std::span<const uint8_t> data) {
   auto read = m_impl->from_peer(data);

#if defined(BOTAN_HAS_TLS_12)
   // If TLS 1.2 is not available, we will never downgrade, the downgrade info
   // won't even be created and `is_downgrading()` would always return false.
   if(m_impl->is_downgrading()) {
      auto info = m_impl->extract_downgrade_info();
      m_impl = std::make_unique<Server_Impl_12>(*info);

      // replay peer data received so far
      read = m_impl->from_peer(info->peer_transcript);
   }
#endif

   return read;
}

bool Server::is_handshake_complete() const {
   return m_impl->is_handshake_complete();
}

bool Server::is_active() const {
   return m_impl->is_active();
}

bool Server::is_closed() const {
   return m_impl->is_closed();
}

bool Server::is_closed_for_reading() const {
   return m_impl->is_closed_for_reading();
}

bool Server::is_closed_for_writing() const {
   return m_impl->is_closed_for_writing();
}

std::vector<X509_Certificate> Server::peer_cert_chain() const {
   return m_impl->peer_cert_chain();
}

std::shared_ptr<const Public_Key> Server::peer_raw_public_key() const {
   return m_impl->peer_raw_public_key();
}

std::optional<std::string> Server::external_psk_identity() const {
   return m_impl->external_psk_identity();
}

SymmetricKey Server::key_material_export(std::string_view label, std::string_view context, size_t length) const {
   return m_impl->key_material_export(label, context, length);
}

void Server::renegotiate(bool force_full_renegotiation) {
   m_impl->renegotiate(force_full_renegotiation);
}

bool Server::new_session_ticket_supported() const {
   return m_impl->new_session_ticket_supported();
}

size_t Server::send_new_session_tickets(const size_t tickets) {
   return m_impl->send_new_session_tickets(tickets);
}

void Server::update_traffic_keys(bool request_peer_update) {
   m_impl->update_traffic_keys(request_peer_update);
}

bool Server::secure_renegotiation_supported() const {
   return m_impl->secure_renegotiation_supported();
}

void Server::to_peer(std::span<const uint8_t> data) {
   m_impl->to_peer(data);
}

void Server::send_alert(const Alert& alert) {
   m_impl->send_alert(alert);
}

void Server::send_warning_alert(Alert::Type type) {
   m_impl->send_warning_alert(type);
}

void Server::send_fatal_alert(Alert::Type type) {
   m_impl->send_fatal_alert(type);
}

void Server::close() {
   m_impl->close();
}

bool Server::timeout_check() {
   return m_impl->timeout_check();
}

std::string Server::application_protocol() const {
   return m_impl->application_protocol();
}
}  // namespace Botan::TLS

1	/*
2	* TLS Server
3	* (C) 2004-2011,2012,2016 Jack Lloyd
4	* 2016 Matthias Gierlings
5	* 2021 Elektrobit Automotive GmbH
6	* 2022 René Meusel, Hannes Rantzsch - neXenio GmbH
7	*
8	* Botan is released under the Simplified BSD License (see license.txt)
9	*/
10
11	#include <botan/tls_server.h>
12
13	#include <botan/tls_policy.h>
14	#include <botan/internal/tls_channel_impl.h>
15
16	#if defined(BOTAN_HAS_TLS_12)
17	#include <botan/internal/tls_server_impl_12.h>
18	#endif
19
20	#if defined(BOTAN_HAS_TLS_13)
21	#include <botan/internal/tls_server_impl_13.h>
22	#endif
23
24	namespace Botan::TLS {
25
26	/*
27	* TLS Server Constructor
28	*/
29	Server::Server(const std::shared_ptr<Callbacks>& callbacks,	2,555✔
30	const std::shared_ptr<Session_Manager>& session_manager,
31	const std::shared_ptr<Credentials_Manager>& creds,
32	const std::shared_ptr<const Policy>& policy,
33	const std::shared_ptr<RandomNumberGenerator>& rng,
34	bool is_datagram,
35	size_t io_buf_sz) {	2,555✔
36	const auto max_version = policy->latest_supported_version(is_datagram);	2,555✔
37
38	#if defined(BOTAN_HAS_TLS_13)
39	if(!max_version.is_pre_tls_13()) {	2,555✔
40	m_impl = std::make_unique<Server_Impl_13>(callbacks, session_manager, creds, policy, rng);	2,036✔
41
42	if(m_impl->expects_downgrade()) {	2,036✔
43	m_impl->set_io_buffer_size(io_buf_sz);	2,014✔
44	}
45
46	return;	2,036✔
47	}
48	#endif
49
50	#if defined(BOTAN_HAS_TLS_12)
51	if(max_version.is_pre_tls_13()) {	519✔
52	m_impl = std::make_unique<Server_Impl_12>(callbacks, session_manager, creds, policy, rng, is_datagram, io_buf_sz);	519✔
53	return;	519✔
54	}
55	#endif
56
57	BOTAN_UNUSED(max_version, callbacks, session_manager, creds, policy, rng, is_datagram, io_buf_sz);	×
58	throw Not_Implemented("Requested TLS server version is not available in this build");	×
59	}	×
60
61	Server::~Server() = default;	3,960✔
62
63	size_t Server::from_peer(std::span<const uint8_t> data) {	115,660✔
64	auto read = m_impl->from_peer(data);	115,660✔
65
66	#if defined(BOTAN_HAS_TLS_12)
67	// If TLS 1.2 is not available, we will never downgrade, the downgrade info
68	// won't even be created and `is_downgrading()` would always return false.
69	if(m_impl->is_downgrading()) {	114,255✔
70	auto info = m_impl->extract_downgrade_info();	503✔
71	m_impl = std::make_unique<Server_Impl_12>(*info);	1,006✔
72
73	// replay peer data received so far
74	read = m_impl->from_peer(info->peer_transcript);	503✔
75	}	503✔
76	#endif
77
78	return read;	114,231✔
79	}
80
81	bool Server::is_handshake_complete() const {	169✔
82	return m_impl->is_handshake_complete();	169✔
83	}
84
85	bool Server::is_active() const {	2,152✔
86	return m_impl->is_active();	2,152✔
87	}
88
89	bool Server::is_closed() const {	220✔
90	return m_impl->is_closed();	220✔
91	}
92
93	bool Server::is_closed_for_reading() const {	×
94	return m_impl->is_closed_for_reading();	×
95	}
96
97	bool Server::is_closed_for_writing() const {	×
98	return m_impl->is_closed_for_writing();	×
99	}
100
101	std::vector<X509_Certificate> Server::peer_cert_chain() const {	122✔
102	return m_impl->peer_cert_chain();	122✔
103	}
104
105	std::shared_ptr<const Public_Key> Server::peer_raw_public_key() const {	1✔
106	return m_impl->peer_raw_public_key();	1✔
107	}
108
109	std::optional<std::string> Server::external_psk_identity() const {	×
110	return m_impl->external_psk_identity();	×
111	}
112
113	SymmetricKey Server::key_material_export(std::string_view label, std::string_view context, size_t length) const {	203✔
114	return m_impl->key_material_export(label, context, length);	203✔
115	}
116
117	void Server::renegotiate(bool force_full_renegotiation) {	×
118	m_impl->renegotiate(force_full_renegotiation);	×
119	}	×
120
121	bool Server::new_session_ticket_supported() const {	×
122	return m_impl->new_session_ticket_supported();	×
123	}
124
125	size_t Server::send_new_session_tickets(const size_t tickets) {	1✔
126	return m_impl->send_new_session_tickets(tickets);	1✔
127	}
128
129	void Server::update_traffic_keys(bool request_peer_update) {	1✔
130	m_impl->update_traffic_keys(request_peer_update);	1✔
131	}	1✔
132
133	bool Server::secure_renegotiation_supported() const {	×
134	return m_impl->secure_renegotiation_supported();	×
135	}
136
137	void Server::to_peer(std::span<const uint8_t> data) {	1,244✔
138	m_impl->to_peer(data);	1,244✔
139	}	1,244✔
140
141	void Server::send_alert(const Alert& alert) {	914✔
142	m_impl->send_alert(alert);	914✔
143	}	914✔
144
145	void Server::send_warning_alert(Alert::Type type) {	125✔
146	m_impl->send_warning_alert(type);	125✔
147	}	125✔
148
149	void Server::send_fatal_alert(Alert::Type type) {	×
150	m_impl->send_fatal_alert(type);	×
151	}	×
152
153	void Server::close() {	48✔
154	m_impl->close();	48✔
155	}	48✔
156
157	bool Server::timeout_check() {	×
158	return m_impl->timeout_check();	×
159	}
160
161	std::string Server::application_protocol() const {	1,052✔
162	return m_impl->application_protocol();	1,052✔
163	}
164	} // namespace Botan::TLS

randombit / botan / 21943010187

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous