/src/gnutls/lib/extv.c

Source
/*
 * Copyright (C) 2017-2018 Red Hat, Inc.
 *
 * Author: Nikos Mavrogiannopoulos
 *
 * This file is part of GnuTLS.
 *
 * The GnuTLS is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public License
 * as published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>
 *
 */

#include "gnutls_int.h"
#include "hello_ext.h"
#include "errors.h"
#include "extv.h"

/* Iterates through all extensions found, and calls the cb()
 * function with their data */
int _gnutls_extv_parse(void *ctx, gnutls_ext_raw_process_func cb,
           const uint8_t *data, int data_size)
{
  int next, ret;
  int pos = 0;
  uint16_t tls_id;
  const uint8_t *sdata;
  uint16_t size;

  if (data_size == 0)
    return 0;

  DECR_LENGTH_RET(data_size, 2, GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
  next = _gnutls_read_uint16(data);
  pos += 2;

  DECR_LENGTH_RET(data_size, next, GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);

  if (next == 0 &&
      data_size ==
        0) /* field is present, but has zero length? Ignore it. */
    return 0;
  else if (data_size > 0) /* forbid unaccounted data */
    return gnutls_assert_val(GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);

  do {
    DECR_LENGTH_RET(next, 2, GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
    tls_id = _gnutls_read_uint16(&data[pos]);
    pos += 2;

    DECR_LENGTH_RET(next, 2, GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
    size = _gnutls_read_uint16(&data[pos]);
    pos += 2;

    DECR_LENGTH_RET(next, size,
        GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
    sdata = &data[pos];
    pos += size;

    ret = cb(ctx, tls_id, sdata, size);
    if (ret < 0)
      return gnutls_assert_val(ret);
  } while (next > 2);

  /* forbid leftovers */
  if (next > 0)
    return gnutls_assert_val(GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);

  return 0;
}

#define HANDSHAKE_SESSION_ID_POS (34)
/**
 * gnutls_ext_raw_parse:
 * @ctx: a pointer to pass to callback function
 * @cb: callback function to process each extension found
 * @data: TLS extension data
 * @flags: should be zero or %GNUTLS_EXT_RAW_FLAG_TLS_CLIENT_HELLO or %GNUTLS_EXT_RAW_FLAG_DTLS_CLIENT_HELLO
 *
 * This function iterates through the TLS extensions as passed in
 * @data, passing the individual extension data to callback. The
 * @data must conform to Extension extensions<0..2^16-1> format.
 *
 * If flags is %GNUTLS_EXT_RAW_TLS_FLAG_CLIENT_HELLO then this function
 * will parse the extension data from the position, as if the packet in
 * @data is a client hello (without record or handshake headers) -
 * as provided by gnutls_handshake_set_hook_function().
 *
 * The return value of the callback will be propagated.
 *
 * Returns: %GNUTLS_E_SUCCESS on success, or an error code. On unknown
 *   flags it returns %GNUTLS_E_INVALID_REQUEST.
 *
 * Since: 3.6.3
 **/
int gnutls_ext_raw_parse(void *ctx, gnutls_ext_raw_process_func cb,
       const gnutls_datum_t *data, unsigned int flags)
{
  if (flags & GNUTLS_EXT_RAW_FLAG_TLS_CLIENT_HELLO) {
    size_t size = data->size;
    size_t len;
    uint8_t *p = data->data;

    DECR_LEN(size, HANDSHAKE_SESSION_ID_POS);

    if (p[0] != 0x03)
      return gnutls_assert_val(
        GNUTLS_E_UNSUPPORTED_VERSION_PACKET);

    p += HANDSHAKE_SESSION_ID_POS;

    /* skip session id */
    DECR_LEN(size, 1);
    len = p[0];
    p++;
    DECR_LEN(size, len);
    p += len;

    /* CipherSuites */
    DECR_LEN(size, 2);
    len = _gnutls_read_uint16(p);
    p += 2;
    DECR_LEN(size, len);
    p += len;

    /* legacy_compression_methods */
    DECR_LEN(size, 1);
    len = p[0];
    p++;
    DECR_LEN(size, len);
    p += len;

    if (size == 0)
      return gnutls_assert_val(
        GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);

    return _gnutls_extv_parse(ctx, cb, p, size);
  } else if (flags & GNUTLS_EXT_RAW_FLAG_DTLS_CLIENT_HELLO) {
    size_t size = data->size;
    size_t len;
    uint8_t *p = data->data;

    DECR_LEN(size, HANDSHAKE_SESSION_ID_POS);

    if (p[0] != 254)
      return gnutls_assert_val(
        GNUTLS_E_UNSUPPORTED_VERSION_PACKET);

    p += HANDSHAKE_SESSION_ID_POS;

    /* skip session id */
    DECR_LEN(size, 1);
    len = p[0];
    p++;
    DECR_LEN(size, len);
    p += len;

    /* skip cookie */
    DECR_LEN(size, 1);
    len = p[0];
    p++;
    DECR_LEN(size, len);
    p += len;

    /* CipherSuites */
    DECR_LEN(size, 2);
    len = _gnutls_read_uint16(p);
    p += 2;
    DECR_LEN(size, len);
    p += len;

    /* legacy_compression_methods */
    DECR_LEN(size, 1);
    len = p[0];
    p++;
    DECR_LEN(size, len);
    p += len;

    if (size == 0)
      return gnutls_assert_val(
        GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);

    return _gnutls_extv_parse(ctx, cb, p, size);
  }

  if (flags != 0)
    return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);

  return _gnutls_extv_parse(ctx, cb, data->data, data->size);
}

/* Returns:
 *  * On success the number of bytes appended (always positive), or zero if not sent
 *  * On failure, a negative error code.
 */
int _gnutls_extv_append(gnutls_buffer_st *buf, uint16_t tls_id, void *ctx,
      int (*cb)(void *ctx, gnutls_buffer_st *buf))
{
  int size_pos, appended, ret;
  size_t size_prev;

  ret = _gnutls_buffer_append_prefix(buf, 16, tls_id);
  if (ret < 0)
    return gnutls_assert_val(ret);

  size_pos = buf->length;
  ret = _gnutls_buffer_append_prefix(buf, 16, 0);
  if (ret < 0)
    return gnutls_assert_val(ret);

  size_prev = buf->length;
  ret = cb(ctx, buf);
  if (ret < 0 && ret != GNUTLS_E_INT_RET_0) {
    return gnutls_assert_val(ret);
  }

  /* returning GNUTLS_E_INT_RET_0 means to send an empty
   * extension of this type.
   */
  appended = buf->length - size_prev;

  if (appended > 0 || ret == GNUTLS_E_INT_RET_0) {
    if (ret == GNUTLS_E_INT_RET_0)
      appended = 0;

    /* write the real size */
    _gnutls_write_uint16(appended, &buf->data[size_pos]);
  } else if (appended == 0) {
    buf->length -= 4; /* reset type and size */
    return 0;
  }

  return appended + 4;
}

Coverage Report

Created: 2026-06-08 06:48

Line	Count	Source
1		/*
2		* Copyright (C) 2017-2018 Red Hat, Inc.
3		*
4		* Author: Nikos Mavrogiannopoulos
5		*
6		* This file is part of GnuTLS.
7		*
8		* The GnuTLS is free software; you can redistribute it and/or
9		* modify it under the terms of the GNU Lesser General Public License
10		* as published by the Free Software Foundation; either version 2.1 of
11		* the License, or (at your option) any later version.
12		*
13		* This library is distributed in the hope that it will be useful, but
14		* WITHOUT ANY WARRANTY; without even the implied warranty of
15		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16		* Lesser General Public License for more details.
17		*
18		* You should have received a copy of the GNU Lesser General Public License
19		* along with this program. If not, see <https://www.gnu.org/licenses/>
20		*
21		*/
22
23		#include "gnutls_int.h"
24		#include "hello_ext.h"
25		#include "errors.h"
26		#include "extv.h"
27
28		/* Iterates through all extensions found, and calls the cb()
29		* function with their data */
30		int _gnutls_extv_parse(void *ctx, gnutls_ext_raw_process_func cb,
31		const uint8_t *data, int data_size)
32	140k	{
33	140k	int next, ret;
34	140k	int pos = 0;
35	140k	uint16_t tls_id;
36	140k	const uint8_t *sdata;
37	140k	uint16_t size;
38
39	140k	if (data_size == 0)
40	33.9k	return 0;
41
42	106k	DECR_LENGTH_RET(data_size, 2, GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
43	106k	next = _gnutls_read_uint16(data);
44	106k	pos += 2;
45
46	106k	DECR_LENGTH_RET(data_size, next, GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
47
48	106k	if (next == 0 &&
49	5.19k	data_size ==
50	5.19k	0) /* field is present, but has zero length? Ignore it. */
51	4.83k	return 0;
52	101k	else if (data_size > 0) /* forbid unaccounted data */
53	677	return gnutls_assert_val(GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
54
55	379k	do {
56	379k	DECR_LENGTH_RET(next, 2, GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
57	379k	tls_id = _gnutls_read_uint16(&data[pos]);
58	379k	pos += 2;
59
60	379k	DECR_LENGTH_RET(next, 2, GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
61	379k	size = _gnutls_read_uint16(&data[pos]);
62	379k	pos += 2;
63
64	379k	DECR_LENGTH_RET(next, size,
65	378k	GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
66	378k	sdata = &data[pos];
67	378k	pos += size;
68
69	378k	ret = cb(ctx, tls_id, sdata, size);
70	378k	if (ret < 0)
71	4.06k	return gnutls_assert_val(ret);
72	378k	} while (next > 2);
73
74		/* forbid leftovers */
75	96.1k	if (next > 0)
76	32	return gnutls_assert_val(GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
77
78	96.1k	return 0;
79	96.1k	}
80
81	431	#define HANDSHAKE_SESSION_ID_POS (34)
82		/**
83		* gnutls_ext_raw_parse:
84		* @ctx: a pointer to pass to callback function
85		* @cb: callback function to process each extension found
86		* @data: TLS extension data
87		* @flags: should be zero or %GNUTLS_EXT_RAW_FLAG_TLS_CLIENT_HELLO or %GNUTLS_EXT_RAW_FLAG_DTLS_CLIENT_HELLO
88		*
89		* This function iterates through the TLS extensions as passed in
90		* @data, passing the individual extension data to callback. The
91		* @data must conform to Extension extensions<0..2^16-1> format.
92		*
93		* If flags is %GNUTLS_EXT_RAW_TLS_FLAG_CLIENT_HELLO then this function
94		* will parse the extension data from the position, as if the packet in
95		* @data is a client hello (without record or handshake headers) -
96		* as provided by gnutls_handshake_set_hook_function().
97		*
98		* The return value of the callback will be propagated.
99		*
100		* Returns: %GNUTLS_E_SUCCESS on success, or an error code. On unknown
101		* flags it returns %GNUTLS_E_INVALID_REQUEST.
102		*
103		* Since: 3.6.3
104		**/
105		int gnutls_ext_raw_parse(void *ctx, gnutls_ext_raw_process_func cb,
106		const gnutls_datum_t *data, unsigned int flags)
107	1.83k	{
108	1.83k	if (flags & GNUTLS_EXT_RAW_FLAG_TLS_CLIENT_HELLO) {
109	613	size_t size = data->size;
110	613	size_t len;
111	613	uint8_t *p = data->data;
112
113	613	DECR_LEN(size, HANDSHAKE_SESSION_ID_POS);
114
115	541	if (p[0] != 0x03)
116	347	return gnutls_assert_val(
117	541	GNUTLS_E_UNSUPPORTED_VERSION_PACKET);
118
119	194	p += HANDSHAKE_SESSION_ID_POS;
120
121		/* skip session id */
122	194	DECR_LEN(size, 1);
123	193	len = p[0];
124	193	p++;
125	193	DECR_LEN(size, len);
126	183	p += len;
127
128		/* CipherSuites */
129	183	DECR_LEN(size, 2);
130	180	len = _gnutls_read_uint16(p);
131	180	p += 2;
132	180	DECR_LEN(size, len);
133	154	p += len;
134
135		/* legacy_compression_methods */
136	154	DECR_LEN(size, 1);
137	153	len = p[0];
138	153	p++;
139	153	DECR_LEN(size, len);
140	135	p += len;
141
142	135	if (size == 0)
143	13	return gnutls_assert_val(
144	135	GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
145
146	122	return _gnutls_extv_parse(ctx, cb, p, size);
147	1.22k	} else if (flags & GNUTLS_EXT_RAW_FLAG_DTLS_CLIENT_HELLO) {
148	613	size_t size = data->size;
149	613	size_t len;
150	613	uint8_t *p = data->data;
151
152	613	DECR_LEN(size, HANDSHAKE_SESSION_ID_POS);
153
154	541	if (p[0] != 254)
155	304	return gnutls_assert_val(
156	541	GNUTLS_E_UNSUPPORTED_VERSION_PACKET);
157
158	237	p += HANDSHAKE_SESSION_ID_POS;
159
160		/* skip session id */
161	237	DECR_LEN(size, 1);
162	236	len = p[0];
163	236	p++;
164	236	DECR_LEN(size, len);
165	228	p += len;
166
167		/* skip cookie */
168	228	DECR_LEN(size, 1);
169	227	len = p[0];
170	227	p++;
171	227	DECR_LEN(size, len);
172	216	p += len;
173
174		/* CipherSuites */
175	216	DECR_LEN(size, 2);
176	206	len = _gnutls_read_uint16(p);
177	206	p += 2;
178	206	DECR_LEN(size, len);
179	181	p += len;
180
181		/* legacy_compression_methods */
182	181	DECR_LEN(size, 1);
183	180	len = p[0];
184	180	p++;
185	180	DECR_LEN(size, len);
186	165	p += len;
187
188	165	if (size == 0)
189	11	return gnutls_assert_val(
190	165	GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
191
192	154	return _gnutls_extv_parse(ctx, cb, p, size);
193	165	}
194
195	613	if (flags != 0)
196	0	return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
197
198	613	return _gnutls_extv_parse(ctx, cb, data->data, data->size);
199	613	}
200
201		/* Returns:
202		* * On success the number of bytes appended (always positive), or zero if not sent
203		* * On failure, a negative error code.
204		*/
205		int _gnutls_extv_append(gnutls_buffer_st buf, uint16_t tls_id, void ctx,
206		int (cb)(void ctx, gnutls_buffer_st *buf))
207	833k	{
208	833k	int size_pos, appended, ret;
209	833k	size_t size_prev;
210
211	833k	ret = _gnutls_buffer_append_prefix(buf, 16, tls_id);
212	833k	if (ret < 0)
213	0	return gnutls_assert_val(ret);
214
215	833k	size_pos = buf->length;
216	833k	ret = _gnutls_buffer_append_prefix(buf, 16, 0);
217	833k	if (ret < 0)
218	0	return gnutls_assert_val(ret);
219
220	833k	size_prev = buf->length;
221	833k	ret = cb(ctx, buf);
222	833k	if (ret < 0 && ret != GNUTLS_E_INT_RET_0) {
223	58	return gnutls_assert_val(ret);
224	58	}
225
226		/* returning GNUTLS_E_INT_RET_0 means to send an empty
227		* extension of this type.
228		*/
229	833k	appended = buf->length - size_prev;
230
231	833k	if (appended > 0 \|\| ret == GNUTLS_E_INT_RET_0) {
232	400k	if (ret == GNUTLS_E_INT_RET_0)
233	94.7k	appended = 0;
234
235		/* write the real size */
236	400k	_gnutls_write_uint16(appended, &buf->data[size_pos]);
237	432k	} else if (appended == 0) {
238	432k	buf->length -= 4; /* reset type and size */
239	432k	return 0;
240	432k	}
241
242	400k	return appended + 4;
243	833k	}