aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls
diff options
context:
space:
mode:
Diffstat (limited to 'src/tls')
-rw-r--r--src/tls/tls_channel.cpp11
-rw-r--r--src/tls/tls_channel.h3
-rw-r--r--src/tls/tls_client.cpp36
-rw-r--r--src/tls/tls_server.cpp41
4 files changed, 43 insertions, 48 deletions
diff --git a/src/tls/tls_channel.cpp b/src/tls/tls_channel.cpp
index d77f6dbcf..89896aa7a 100644
--- a/src/tls/tls_channel.cpp
+++ b/src/tls/tls_channel.cpp
@@ -35,8 +35,6 @@ Channel::Channel(std::function<void (const byte[], size_t)> socket_output_fn,
Channel::~Channel()
{
- delete m_state;
- m_state = nullptr;
}
size_t Channel::received_data(const byte buf[], size_t buf_size)
@@ -132,8 +130,7 @@ size_t Channel::received_data(const byte buf[], size_t buf_size)
m_connection_closed = true;
- delete m_state;
- m_state = nullptr;
+ m_state.reset();
m_writer.reset();
m_reader.reset();
@@ -177,7 +174,7 @@ void Channel::read_handshake(byte rec_type,
if(rec_type == HANDSHAKE)
{
if(!m_state)
- m_state = new_handshake_state();
+ m_state.reset(new_handshake_state());
m_state->handshake_reader().add_input(&rec_buf[0], rec_buf.size());
}
@@ -261,9 +258,7 @@ void Channel::send_alert(const Alert& alert)
{
m_connection_closed = true;
- delete m_state;
- m_state = nullptr;
-
+ m_state.reset();
m_writer.reset();
}
}
diff --git a/src/tls/tls_channel.h b/src/tls/tls_channel.h
index bd81a1745..c75d7723e 100644
--- a/src/tls/tls_channel.h
+++ b/src/tls/tls_channel.h
@@ -16,6 +16,7 @@
#include <botan/x509cert.h>
#include <vector>
#include <string>
+#include <memory>
namespace Botan {
@@ -149,7 +150,7 @@ class BOTAN_DLL Channel
std::function<void (const byte[], size_t, Alert)> m_proc_fn;
std::function<bool (const Session&)> m_handshake_fn;
- class Handshake_State* m_state;
+ std::unique_ptr<class Handshake_State> m_state;
Session_Manager& m_session_manager;
Record_Writer m_writer;
diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp
index 1fd4e0383..4db5002cd 100644
--- a/src/tls/tls_client.cpp
+++ b/src/tls/tls_client.cpp
@@ -57,7 +57,7 @@ void Client::renegotiate(bool force_full_renegotiation)
if(m_state && m_state->client_hello)
return; // currently in active handshake
- delete m_state;
+ m_state.reset();
const Protocol_Version version = m_reader.get_version();
@@ -69,7 +69,7 @@ void Client::initiate_handshake(bool force_full_renegotiation,
const std::string& srp_identifier,
std::function<std::string (std::vector<std::string>)> next_protocol)
{
- m_state = new_handshake_state();
+ m_state.reset(new_handshake_state());
m_state->set_expected_next(SERVER_HELLO);
m_state->client_npn_cb = next_protocol;
@@ -119,10 +119,7 @@ void Client::alert_notify(const Alert& alert)
if(alert.type() == Alert::NO_RENEGOTIATION)
{
if(m_handshake_completed && m_state)
- {
- delete m_state;
- m_state = nullptr;
- }
+ m_state.reset();
}
}
@@ -145,8 +142,7 @@ void Client::process_handshake_msg(Handshake_Type type,
if(!m_secure_renegotiation.supported() && !m_policy.allow_insecure_renegotiation())
{
- delete m_state;
- m_state = nullptr;
+ m_state.reset();
// RFC 5746 section 4.2
send_alert(Alert(Alert::NO_RENEGOTIATION));
@@ -222,9 +218,9 @@ void Client::process_handshake_msg(Handshake_Type type,
throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
"Server resumed session but with wrong version");
- m_state->keys = Session_Keys(m_state,
- m_state->resume_master_secret,
- true);
+ m_state->keys = Session_Keys(m_state.get(),
+ m_state->resume_master_secret,
+ true);
// The server is not strictly required to send us a new ticket
if(m_state->server_hello->supports_session_ticket())
@@ -322,7 +318,7 @@ void Client::process_handshake_msg(Handshake_Type type,
if(m_state->suite.sig_algo() != "")
{
- if(!m_state->server_kex->verify(m_peer_certs[0], m_state))
+ if(!m_state->server_kex->verify(m_peer_certs[0], m_state.get()))
{
throw TLS_Exception(Alert::DECRYPT_ERROR,
"Bad signature on server key exchange");
@@ -355,14 +351,14 @@ void Client::process_handshake_msg(Handshake_Type type,
m_state->client_kex =
new Client_Key_Exchange(m_state->handshake_writer(),
- m_state,
+ m_state.get(),
m_policy,
m_creds,
m_peer_certs,
m_hostname,
m_rng);
- m_state->keys = Session_Keys(m_state,
+ m_state->keys = Session_Keys(m_state.get(),
m_state->client_kex->pre_master_secret(),
false);
@@ -375,7 +371,7 @@ void Client::process_handshake_msg(Handshake_Type type,
m_hostname);
m_state->client_verify = new Certificate_Verify(m_state->handshake_writer(),
- m_state,
+ m_state.get(),
m_policy,
m_rng,
private_key);
@@ -394,7 +390,8 @@ void Client::process_handshake_msg(Handshake_Type type,
m_state->next_protocol = new Next_Protocol(m_state->handshake_writer(), m_state->hash, protocol);
}
- m_state->client_finished = new Finished(m_state->handshake_writer(), m_state, CLIENT);
+ m_state->client_finished = new Finished(m_state->handshake_writer(),
+ m_state.get(), CLIENT);
if(m_state->server_hello->supports_session_ticket())
m_state->set_expected_next(NEW_SESSION_TICKET);
@@ -420,7 +417,7 @@ void Client::process_handshake_msg(Handshake_Type type,
m_state->server_finished = new Finished(contents);
- if(!m_state->server_finished->verify(m_state, SERVER))
+ if(!m_state->server_finished->verify(m_state.get(), SERVER))
throw TLS_Exception(Alert::DECRYPT_ERROR,
"Finished message didn't verify");
@@ -434,7 +431,7 @@ void Client::process_handshake_msg(Handshake_Type type,
m_state->server_hello->compression_method());
m_state->client_finished = new Finished(m_state->handshake_writer(),
- m_state, CLIENT);
+ m_state.get(), CLIENT);
}
m_secure_renegotiation.update(m_state->client_finished, m_state->server_finished);
@@ -471,8 +468,7 @@ void Client::process_handshake_msg(Handshake_Type type,
m_session_manager.remove_entry(session_info.session_id());
}
- delete m_state;
- m_state = nullptr;
+ m_state.reset();
m_handshake_completed = true;
m_active_session = session_info.session_id();
}
diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp
index f4ae71b2e..386e5fcf6 100644
--- a/src/tls/tls_server.cpp
+++ b/src/tls/tls_server.cpp
@@ -219,7 +219,7 @@ void Server::renegotiate(bool force_full_renegotiation)
if(m_state)
return; // currently in handshake
- m_state = new_handshake_state();
+ m_state.reset(new_handshake_state());
m_state->allow_session_resumption = !force_full_renegotiation;
m_state->set_expected_next(CLIENT_HELLO);
@@ -231,10 +231,7 @@ void Server::alert_notify(const Alert& alert)
if(alert.type() == Alert::NO_RENEGOTIATION)
{
if(m_handshake_completed && m_state)
- {
- delete m_state;
- m_state = nullptr;
- }
+ m_state.reset();
}
}
@@ -246,7 +243,7 @@ void Server::read_handshake(byte rec_type,
{
if(rec_type == HANDSHAKE && !m_state)
{
- m_state = new_handshake_state();
+ m_state.reset(new_handshake_state());
m_state->set_expected_next(CLIENT_HELLO);
}
@@ -284,8 +281,7 @@ void Server::process_handshake_msg(Handshake_Type type,
if(!m_policy.allow_insecure_renegotiation() &&
!(m_secure_renegotiation.initial_handshake() || m_secure_renegotiation.supported()))
{
- delete m_state;
- m_state = nullptr;
+ m_state.reset();
send_alert(Alert(Alert::NO_RENEGOTIATION));
return;
}
@@ -405,7 +401,7 @@ void Server::process_handshake_msg(Handshake_Type type,
m_state->suite = Ciphersuite::by_id(m_state->server_hello->ciphersuite());
- m_state->keys = Session_Keys(m_state, session_info.master_secret(), true);
+ m_state->keys = Session_Keys(m_state.get(), session_info.master_secret(), true);
if(!m_handshake_fn(session_info))
{
@@ -446,7 +442,8 @@ void Server::process_handshake_msg(Handshake_Type type,
m_writer.activate(SERVER, m_state->suite, m_state->keys,
m_state->server_hello->compression_method());
- m_state->server_finished = new Finished(m_state->handshake_writer(), m_state, SERVER);
+ m_state->server_finished = new Finished(m_state->handshake_writer(),
+ m_state.get(), SERVER);
m_state->set_expected_next(HANDSHAKE_CCS);
}
@@ -535,7 +532,7 @@ void Server::process_handshake_msg(Handshake_Type type,
{
m_state->server_kex =
new Server_Key_Exchange(m_state->handshake_writer(),
- m_state,
+ m_state.get(),
m_policy,
m_creds,
m_rng,
@@ -580,9 +577,16 @@ void Server::process_handshake_msg(Handshake_Type type,
else
m_state->set_expected_next(HANDSHAKE_CCS);
- m_state->client_kex = new Client_Key_Exchange(contents, m_state, m_creds, m_policy, m_rng);
+ m_state->client_kex = new Client_Key_Exchange(contents,
+ m_state.get(),
+ m_creds,
+ m_policy,
+ m_rng);
+
+ m_state->keys = Session_Keys(m_state.get(),
+ m_state->client_kex->pre_master_secret(),
+ false);
- m_state->keys = Session_Keys(m_state, m_state->client_kex->pre_master_secret(), false);
}
else if(type == CERTIFICATE_VERIFY)
{
@@ -591,7 +595,7 @@ void Server::process_handshake_msg(Handshake_Type type,
m_peer_certs = m_state->client_certs->cert_chain();
const bool sig_valid =
- m_state->client_verify->verify(m_peer_certs[0], m_state);
+ m_state->client_verify->verify(m_peer_certs[0], m_state.get());
m_state->hash.update(m_state->handshake_writer().format(contents, type));
@@ -638,7 +642,7 @@ void Server::process_handshake_msg(Handshake_Type type,
m_state->client_finished = new Finished(contents);
- if(!m_state->client_finished->verify(m_state, CLIENT))
+ if(!m_state->client_finished->verify(m_state.get(), CLIENT))
throw TLS_Exception(Alert::DECRYPT_ERROR,
"Finished message didn't verify");
@@ -695,17 +699,16 @@ void Server::process_handshake_msg(Handshake_Type type,
m_writer.activate(SERVER, m_state->suite, m_state->keys,
m_state->server_hello->compression_method());
- m_state->server_finished = new Finished(m_state->handshake_writer(), m_state, SERVER);
+ m_state->server_finished = new Finished(m_state->handshake_writer(),
+ m_state.get(), SERVER);
}
m_secure_renegotiation.update(m_state->client_finished,
m_state->server_finished);
m_active_session = m_state->server_hello->session_id();
- delete m_state;
- m_state = nullptr;
+ m_state.reset();
m_handshake_completed = true;
-
}
else
throw Unexpected_Message("Unknown handshake message received");