diff options
Diffstat (limited to 'src/tls')
-rw-r--r-- | src/tls/tls_channel.cpp | 11 | ||||
-rw-r--r-- | src/tls/tls_channel.h | 3 | ||||
-rw-r--r-- | src/tls/tls_client.cpp | 36 | ||||
-rw-r--r-- | src/tls/tls_server.cpp | 41 |
4 files changed, 43 insertions, 48 deletions
diff --git a/src/tls/tls_channel.cpp b/src/tls/tls_channel.cpp index d77f6dbcf..89896aa7a 100644 --- a/src/tls/tls_channel.cpp +++ b/src/tls/tls_channel.cpp @@ -35,8 +35,6 @@ Channel::Channel(std::function<void (const byte[], size_t)> socket_output_fn, Channel::~Channel() { - delete m_state; - m_state = nullptr; } size_t Channel::received_data(const byte buf[], size_t buf_size) @@ -132,8 +130,7 @@ size_t Channel::received_data(const byte buf[], size_t buf_size) m_connection_closed = true; - delete m_state; - m_state = nullptr; + m_state.reset(); m_writer.reset(); m_reader.reset(); @@ -177,7 +174,7 @@ void Channel::read_handshake(byte rec_type, if(rec_type == HANDSHAKE) { if(!m_state) - m_state = new_handshake_state(); + m_state.reset(new_handshake_state()); m_state->handshake_reader().add_input(&rec_buf[0], rec_buf.size()); } @@ -261,9 +258,7 @@ void Channel::send_alert(const Alert& alert) { m_connection_closed = true; - delete m_state; - m_state = nullptr; - + m_state.reset(); m_writer.reset(); } } diff --git a/src/tls/tls_channel.h b/src/tls/tls_channel.h index bd81a1745..c75d7723e 100644 --- a/src/tls/tls_channel.h +++ b/src/tls/tls_channel.h @@ -16,6 +16,7 @@ #include <botan/x509cert.h> #include <vector> #include <string> +#include <memory> namespace Botan { @@ -149,7 +150,7 @@ class BOTAN_DLL Channel std::function<void (const byte[], size_t, Alert)> m_proc_fn; std::function<bool (const Session&)> m_handshake_fn; - class Handshake_State* m_state; + std::unique_ptr<class Handshake_State> m_state; Session_Manager& m_session_manager; Record_Writer m_writer; diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp index 1fd4e0383..4db5002cd 100644 --- a/src/tls/tls_client.cpp +++ b/src/tls/tls_client.cpp @@ -57,7 +57,7 @@ void Client::renegotiate(bool force_full_renegotiation) if(m_state && m_state->client_hello) return; // currently in active handshake - delete m_state; + m_state.reset(); const Protocol_Version version = m_reader.get_version(); @@ -69,7 +69,7 @@ void Client::initiate_handshake(bool force_full_renegotiation, const std::string& srp_identifier, std::function<std::string (std::vector<std::string>)> next_protocol) { - m_state = new_handshake_state(); + m_state.reset(new_handshake_state()); m_state->set_expected_next(SERVER_HELLO); m_state->client_npn_cb = next_protocol; @@ -119,10 +119,7 @@ void Client::alert_notify(const Alert& alert) if(alert.type() == Alert::NO_RENEGOTIATION) { if(m_handshake_completed && m_state) - { - delete m_state; - m_state = nullptr; - } + m_state.reset(); } } @@ -145,8 +142,7 @@ void Client::process_handshake_msg(Handshake_Type type, if(!m_secure_renegotiation.supported() && !m_policy.allow_insecure_renegotiation()) { - delete m_state; - m_state = nullptr; + m_state.reset(); // RFC 5746 section 4.2 send_alert(Alert(Alert::NO_RENEGOTIATION)); @@ -222,9 +218,9 @@ void Client::process_handshake_msg(Handshake_Type type, throw TLS_Exception(Alert::HANDSHAKE_FAILURE, "Server resumed session but with wrong version"); - m_state->keys = Session_Keys(m_state, - m_state->resume_master_secret, - true); + m_state->keys = Session_Keys(m_state.get(), + m_state->resume_master_secret, + true); // The server is not strictly required to send us a new ticket if(m_state->server_hello->supports_session_ticket()) @@ -322,7 +318,7 @@ void Client::process_handshake_msg(Handshake_Type type, if(m_state->suite.sig_algo() != "") { - if(!m_state->server_kex->verify(m_peer_certs[0], m_state)) + if(!m_state->server_kex->verify(m_peer_certs[0], m_state.get())) { throw TLS_Exception(Alert::DECRYPT_ERROR, "Bad signature on server key exchange"); @@ -355,14 +351,14 @@ void Client::process_handshake_msg(Handshake_Type type, m_state->client_kex = new Client_Key_Exchange(m_state->handshake_writer(), - m_state, + m_state.get(), m_policy, m_creds, m_peer_certs, m_hostname, m_rng); - m_state->keys = Session_Keys(m_state, + m_state->keys = Session_Keys(m_state.get(), m_state->client_kex->pre_master_secret(), false); @@ -375,7 +371,7 @@ void Client::process_handshake_msg(Handshake_Type type, m_hostname); m_state->client_verify = new Certificate_Verify(m_state->handshake_writer(), - m_state, + m_state.get(), m_policy, m_rng, private_key); @@ -394,7 +390,8 @@ void Client::process_handshake_msg(Handshake_Type type, m_state->next_protocol = new Next_Protocol(m_state->handshake_writer(), m_state->hash, protocol); } - m_state->client_finished = new Finished(m_state->handshake_writer(), m_state, CLIENT); + m_state->client_finished = new Finished(m_state->handshake_writer(), + m_state.get(), CLIENT); if(m_state->server_hello->supports_session_ticket()) m_state->set_expected_next(NEW_SESSION_TICKET); @@ -420,7 +417,7 @@ void Client::process_handshake_msg(Handshake_Type type, m_state->server_finished = new Finished(contents); - if(!m_state->server_finished->verify(m_state, SERVER)) + if(!m_state->server_finished->verify(m_state.get(), SERVER)) throw TLS_Exception(Alert::DECRYPT_ERROR, "Finished message didn't verify"); @@ -434,7 +431,7 @@ void Client::process_handshake_msg(Handshake_Type type, m_state->server_hello->compression_method()); m_state->client_finished = new Finished(m_state->handshake_writer(), - m_state, CLIENT); + m_state.get(), CLIENT); } m_secure_renegotiation.update(m_state->client_finished, m_state->server_finished); @@ -471,8 +468,7 @@ void Client::process_handshake_msg(Handshake_Type type, m_session_manager.remove_entry(session_info.session_id()); } - delete m_state; - m_state = nullptr; + m_state.reset(); m_handshake_completed = true; m_active_session = session_info.session_id(); } diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index f4ae71b2e..386e5fcf6 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -219,7 +219,7 @@ void Server::renegotiate(bool force_full_renegotiation) if(m_state) return; // currently in handshake - m_state = new_handshake_state(); + m_state.reset(new_handshake_state()); m_state->allow_session_resumption = !force_full_renegotiation; m_state->set_expected_next(CLIENT_HELLO); @@ -231,10 +231,7 @@ void Server::alert_notify(const Alert& alert) if(alert.type() == Alert::NO_RENEGOTIATION) { if(m_handshake_completed && m_state) - { - delete m_state; - m_state = nullptr; - } + m_state.reset(); } } @@ -246,7 +243,7 @@ void Server::read_handshake(byte rec_type, { if(rec_type == HANDSHAKE && !m_state) { - m_state = new_handshake_state(); + m_state.reset(new_handshake_state()); m_state->set_expected_next(CLIENT_HELLO); } @@ -284,8 +281,7 @@ void Server::process_handshake_msg(Handshake_Type type, if(!m_policy.allow_insecure_renegotiation() && !(m_secure_renegotiation.initial_handshake() || m_secure_renegotiation.supported())) { - delete m_state; - m_state = nullptr; + m_state.reset(); send_alert(Alert(Alert::NO_RENEGOTIATION)); return; } @@ -405,7 +401,7 @@ void Server::process_handshake_msg(Handshake_Type type, m_state->suite = Ciphersuite::by_id(m_state->server_hello->ciphersuite()); - m_state->keys = Session_Keys(m_state, session_info.master_secret(), true); + m_state->keys = Session_Keys(m_state.get(), session_info.master_secret(), true); if(!m_handshake_fn(session_info)) { @@ -446,7 +442,8 @@ void Server::process_handshake_msg(Handshake_Type type, m_writer.activate(SERVER, m_state->suite, m_state->keys, m_state->server_hello->compression_method()); - m_state->server_finished = new Finished(m_state->handshake_writer(), m_state, SERVER); + m_state->server_finished = new Finished(m_state->handshake_writer(), + m_state.get(), SERVER); m_state->set_expected_next(HANDSHAKE_CCS); } @@ -535,7 +532,7 @@ void Server::process_handshake_msg(Handshake_Type type, { m_state->server_kex = new Server_Key_Exchange(m_state->handshake_writer(), - m_state, + m_state.get(), m_policy, m_creds, m_rng, @@ -580,9 +577,16 @@ void Server::process_handshake_msg(Handshake_Type type, else m_state->set_expected_next(HANDSHAKE_CCS); - m_state->client_kex = new Client_Key_Exchange(contents, m_state, m_creds, m_policy, m_rng); + m_state->client_kex = new Client_Key_Exchange(contents, + m_state.get(), + m_creds, + m_policy, + m_rng); + + m_state->keys = Session_Keys(m_state.get(), + m_state->client_kex->pre_master_secret(), + false); - m_state->keys = Session_Keys(m_state, m_state->client_kex->pre_master_secret(), false); } else if(type == CERTIFICATE_VERIFY) { @@ -591,7 +595,7 @@ void Server::process_handshake_msg(Handshake_Type type, m_peer_certs = m_state->client_certs->cert_chain(); const bool sig_valid = - m_state->client_verify->verify(m_peer_certs[0], m_state); + m_state->client_verify->verify(m_peer_certs[0], m_state.get()); m_state->hash.update(m_state->handshake_writer().format(contents, type)); @@ -638,7 +642,7 @@ void Server::process_handshake_msg(Handshake_Type type, m_state->client_finished = new Finished(contents); - if(!m_state->client_finished->verify(m_state, CLIENT)) + if(!m_state->client_finished->verify(m_state.get(), CLIENT)) throw TLS_Exception(Alert::DECRYPT_ERROR, "Finished message didn't verify"); @@ -695,17 +699,16 @@ void Server::process_handshake_msg(Handshake_Type type, m_writer.activate(SERVER, m_state->suite, m_state->keys, m_state->server_hello->compression_method()); - m_state->server_finished = new Finished(m_state->handshake_writer(), m_state, SERVER); + m_state->server_finished = new Finished(m_state->handshake_writer(), + m_state.get(), SERVER); } m_secure_renegotiation.update(m_state->client_finished, m_state->server_finished); m_active_session = m_state->server_hello->session_id(); - delete m_state; - m_state = nullptr; + m_state.reset(); m_handshake_completed = true; - } else throw Unexpected_Message("Unknown handshake message received"); |