22093983912

Committed 17 Feb 2026 10:00AM UTC coverage: 90.027% (-0.001%) from 90.028%

Build # 22093983912

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #5347 from randombit/jack/tls-header-patrol-2

Changes to reduce dependencies in TLS sources/headers

Run Details

102345 of 113683 relevant lines covered (90.03%)

11397934.0 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

81.82

/src/lib/tls/tls_client.cpp

/*
* TLS Client
* (C) 2004-2011,2012,2015,2016 Jack Lloyd
*     2016 Matthias Gierlings
*     2017 Harry Reimann, Rohde & Schwarz Cybersecurity
*     2021 Elektrobit Automotive GmbH
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/tls_client.h>

#include <botan/tls_policy.h>
#include <botan/x509cert.h>
#include <botan/internal/tls_channel_impl.h>

#if defined(BOTAN_HAS_TLS_12)
   #include <botan/internal/tls_client_impl_12.h>
#endif

#if defined(BOTAN_HAS_TLS_13)
   #include <botan/internal/tls_client_impl_13.h>
#endif

namespace Botan::TLS {

/*
* TLS Client Constructor
*/
Client::Client(const std::shared_ptr<Callbacks>& callbacks,
               const std::shared_ptr<Session_Manager>& session_manager,
               const std::shared_ptr<Credentials_Manager>& creds,
               const std::shared_ptr<const Policy>& policy,
               const std::shared_ptr<RandomNumberGenerator>& rng,
               Server_Information info,
               Protocol_Version offer_version,
               const std::vector<std::string>& next_protocols,
               size_t io_buf_sz) {
   BOTAN_ARG_CHECK(policy->acceptable_protocol_version(offer_version),
                   "Policy does not allow to offer requested protocol version");

#if defined(BOTAN_HAS_TLS_13)
   if(offer_version == Protocol_Version::TLS_V13) {
      m_impl = std::make_unique<Client_Impl_13>(
         callbacks, session_manager, creds, policy, rng, std::move(info), next_protocols);

      if(m_impl->expects_downgrade()) {
         m_impl->set_io_buffer_size(io_buf_sz);
      }

      if(m_impl->is_downgrading()) {
         // TLS 1.3 implementation found a resumable TLS 1.2 session and
         // requested a downgrade right away.
         downgrade();
      }

      return;
   }
#endif

#if defined(BOTAN_HAS_TLS_12)
   if(offer_version.is_pre_tls_13()) {
      m_impl = std::make_unique<Client_Impl_12>(callbacks,
                                                session_manager,
                                                creds,
                                                policy,
                                                rng,
                                                std::move(info),
                                                offer_version.is_datagram_protocol(),
                                                next_protocols,
                                                io_buf_sz);
      return;
   }
#endif

   BOTAN_UNUSED(callbacks, session_manager, creds, policy, rng, info, offer_version, next_protocols, io_buf_sz);
   throw Not_Implemented("Requested TLS version to be offered is not available in this build");
}

Client::~Client() = default;

size_t Client::downgrade() {
   BOTAN_ASSERT_NOMSG(m_impl->is_downgrading());

#if defined(BOTAN_HAS_TLS_12)
   auto info = m_impl->extract_downgrade_info();
   m_impl = std::make_unique<Client_Impl_12>(*info);

   if(!info->peer_transcript.empty()) {
      // replay peer data received so far
      return m_impl->from_peer(info->peer_transcript);
   } else {
      // the downgrade happened due to a resumable TLS 1.2 session
      // before any data was transferred
      return 0;
   }
#else
   // If TLS 1.2 is not available, we will never downgrade, the downgrade info
   // won't even be created and `is_downgrading()` would always return false.
   BOTAN_ASSERT_UNREACHABLE();
#endif
}

size_t Client::from_peer(std::span<const uint8_t> data) {
   auto read = m_impl->from_peer(data);

   if(m_impl->is_downgrading()) {
      read = downgrade();
   }

   return read;
}

bool Client::is_handshake_complete() const {
   return m_impl->is_handshake_complete();
}

bool Client::is_active() const {
   return m_impl->is_active();
}

bool Client::is_closed() const {
   return m_impl->is_closed();
}

bool Client::is_closed_for_reading() const {
   return m_impl->is_closed_for_reading();
}

bool Client::is_closed_for_writing() const {
   return m_impl->is_closed_for_writing();
}

std::vector<X509_Certificate> Client::peer_cert_chain() const {
   return m_impl->peer_cert_chain();
}

std::shared_ptr<const Public_Key> Client::peer_raw_public_key() const {
   return m_impl->peer_raw_public_key();
}

std::optional<std::string> Client::external_psk_identity() const {
   return m_impl->external_psk_identity();
}

SymmetricKey Client::key_material_export(std::string_view label, std::string_view context, size_t length) const {
   return m_impl->key_material_export(label, context, length);
}

void Client::renegotiate(bool force_full_renegotiation) {
   m_impl->renegotiate(force_full_renegotiation);
}

void Client::update_traffic_keys(bool request_peer_update) {
   m_impl->update_traffic_keys(request_peer_update);
}

bool Client::secure_renegotiation_supported() const {
   return m_impl->secure_renegotiation_supported();
}

void Client::to_peer(std::span<const uint8_t> data) {
   m_impl->to_peer(data);
}

void Client::send_alert(const Alert& alert) {
   m_impl->send_alert(alert);
}

void Client::send_warning_alert(Alert::Type type) {
   m_impl->send_warning_alert(type);
}

void Client::send_fatal_alert(Alert::Type type) {
   m_impl->send_fatal_alert(type);
}

void Client::close() {
   m_impl->close();
}

bool Client::timeout_check() {
   return m_impl->timeout_check();
}

std::string Client::application_protocol() const {
   return m_impl->application_protocol();
}

}  // namespace Botan::TLS

1	/*
2	* TLS Client
3	* (C) 2004-2011,2012,2015,2016 Jack Lloyd
4	* 2016 Matthias Gierlings
5	* 2017 Harry Reimann, Rohde & Schwarz Cybersecurity
6	* 2021 Elektrobit Automotive GmbH
7	*
8	* Botan is released under the Simplified BSD License (see license.txt)
9	*/
10
11	#include <botan/tls_client.h>
12
13	#include <botan/tls_policy.h>
14	#include <botan/x509cert.h>
15	#include <botan/internal/tls_channel_impl.h>
16
17	#if defined(BOTAN_HAS_TLS_12)
18	#include <botan/internal/tls_client_impl_12.h>
19	#endif
20
21	#if defined(BOTAN_HAS_TLS_13)
22	#include <botan/internal/tls_client_impl_13.h>
23	#endif
24
25	namespace Botan::TLS {
26
27	/*
28	* TLS Client Constructor
29	*/
30	Client::Client(const std::shared_ptr<Callbacks>& callbacks,	3,651✔
31	const std::shared_ptr<Session_Manager>& session_manager,
32	const std::shared_ptr<Credentials_Manager>& creds,
33	const std::shared_ptr<const Policy>& policy,
34	const std::shared_ptr<RandomNumberGenerator>& rng,
35	Server_Information info,
36	Protocol_Version offer_version,
37	const std::vector<std::string>& next_protocols,
38	size_t io_buf_sz) {	3,651✔
39	BOTAN_ARG_CHECK(policy->acceptable_protocol_version(offer_version),	3,651✔
40	"Policy does not allow to offer requested protocol version");
41
42	#if defined(BOTAN_HAS_TLS_13)
43	if(offer_version == Protocol_Version::TLS_V13) {	3,651✔
44	m_impl = std::make_unique<Client_Impl_13>(	1,104✔
45	callbacks, session_manager, creds, policy, rng, std::move(info), next_protocols);	1,104✔
46
47	if(m_impl->expects_downgrade()) {	1,104✔
48	m_impl->set_io_buffer_size(io_buf_sz);	1,075✔
49	}
50
51	if(m_impl->is_downgrading()) {	1,104✔
52	// TLS 1.3 implementation found a resumable TLS 1.2 session and
53	// requested a downgrade right away.
54	downgrade();	116✔
55	}
56
57	return;	1,104✔
58	}
59	#endif
60
61	#if defined(BOTAN_HAS_TLS_12)
62	if(offer_version.is_pre_tls_13()) {	2,547✔
63	m_impl = std::make_unique<Client_Impl_12>(callbacks,	7,641✔
64	session_manager,
65	creds,
66	policy,
67	rng,
68	std::move(info),
69	offer_version.is_datagram_protocol(),	2,547✔
70	next_protocols,
71	io_buf_sz);	2,547✔
72	return;	2,547✔
73	}
74	#endif
75
76	BOTAN_UNUSED(callbacks, session_manager, creds, policy, rng, info, offer_version, next_protocols, io_buf_sz);	×
77	throw Not_Implemented("Requested TLS version to be offered is not available in this build");	×
78	}	×
79
80	Client::~Client() = default;	5,291✔
81
82	size_t Client::downgrade() {	603✔
83	BOTAN_ASSERT_NOMSG(m_impl->is_downgrading());	603✔
84
85	#if defined(BOTAN_HAS_TLS_12)
86	auto info = m_impl->extract_downgrade_info();	603✔
87	m_impl = std::make_unique<Client_Impl_12>(*info);	1,206✔
88
89	if(!info->peer_transcript.empty()) {	603✔
90	// replay peer data received so far
91	return m_impl->from_peer(info->peer_transcript);	487✔
92	} else {
93	// the downgrade happened due to a resumable TLS 1.2 session
94	// before any data was transferred
95	return 0;
96	}
97	#else
98	// If TLS 1.2 is not available, we will never downgrade, the downgrade info
99	// won't even be created and `is_downgrading()` would always return false.
100	BOTAN_ASSERT_UNREACHABLE();
101	#endif
102	}	603✔
103
104	size_t Client::from_peer(std::span<const uint8_t> data) {	91,864✔
105	auto read = m_impl->from_peer(data);	91,864✔
106
107	if(m_impl->is_downgrading()) {	89,494✔
108	read = downgrade();	487✔
109	}
110
111	return read;	89,406✔
112	}
113
114	bool Client::is_handshake_complete() const {	130✔
115	return m_impl->is_handshake_complete();	130✔
116	}
117
118	bool Client::is_active() const {	2,357✔
119	return m_impl->is_active();	2,357✔
120	}
121
122	bool Client::is_closed() const {	564✔
123	return m_impl->is_closed();	564✔
124	}
125
126	bool Client::is_closed_for_reading() const {	×
127	return m_impl->is_closed_for_reading();	×
128	}
129
130	bool Client::is_closed_for_writing() const {	×
131	return m_impl->is_closed_for_writing();	×
132	}
133
134	std::vector<X509_Certificate> Client::peer_cert_chain() const {	×
135	return m_impl->peer_cert_chain();	×
136	}
137
138	std::shared_ptr<const Public_Key> Client::peer_raw_public_key() const {	1✔
139	return m_impl->peer_raw_public_key();	1✔
140	}
141
142	std::optional<std::string> Client::external_psk_identity() const {	×
143	return m_impl->external_psk_identity();	×
144	}
145
146	SymmetricKey Client::key_material_export(std::string_view label, std::string_view context, size_t length) const {	212✔
147	return m_impl->key_material_export(label, context, length);	212✔
148	}
149
150	void Client::renegotiate(bool force_full_renegotiation) {	×
151	m_impl->renegotiate(force_full_renegotiation);	×
152	}	×
153
154	void Client::update_traffic_keys(bool request_peer_update) {	1✔
155	m_impl->update_traffic_keys(request_peer_update);	1✔
156	}	1✔
157
158	bool Client::secure_renegotiation_supported() const {	11✔
159	return m_impl->secure_renegotiation_supported();	11✔
160	}
161
162	void Client::to_peer(std::span<const uint8_t> data) {	1,779✔
163	m_impl->to_peer(data);	1,779✔
164	}	1,779✔
165
166	void Client::send_alert(const Alert& alert) {	934✔
167	m_impl->send_alert(alert);	934✔
168	}	934✔
169
170	void Client::send_warning_alert(Alert::Type type) {	119✔
171	m_impl->send_warning_alert(type);	119✔
172	}	119✔
173
174	void Client::send_fatal_alert(Alert::Type type) {	16✔
175	m_impl->send_fatal_alert(type);	16✔
176	}	16✔
177
178	void Client::close() {	193✔
179	m_impl->close();	193✔
180	}	193✔
181
182	bool Client::timeout_check() {	51✔
183	return m_impl->timeout_check();	51✔
184	}
185
186	std::string Client::application_protocol() const {	1,188✔
187	return m_impl->application_protocol();	1,188✔
188	}
189
190	} // namespace Botan::TLS

randombit / botan / 22093983912

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous