/src/gnutls/lib/hello_ext.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright (C) 2001-2018 Free Software Foundation, Inc. |
3 | | * Copyright (C) 2015-2018 Red Hat, Inc. |
4 | | * |
5 | | * Author: Nikos Mavrogiannopoulos, Simon Josefsson |
6 | | * |
7 | | * This file is part of GnuTLS. |
8 | | * |
9 | | * The GnuTLS is free software; you can redistribute it and/or |
10 | | * modify it under the terms of the GNU Lesser General Public License |
11 | | * as published by the Free Software Foundation; either version 2.1 of |
12 | | * the License, or (at your option) any later version. |
13 | | * |
14 | | * This library is distributed in the hope that it will be useful, but |
15 | | * WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
17 | | * Lesser General Public License for more details. |
18 | | * |
19 | | * You should have received a copy of the GNU Lesser General Public License |
20 | | * along with this program. If not, see <https://www.gnu.org/licenses/> |
21 | | * |
22 | | */ |
23 | | |
24 | | /* Functions that relate to the TLS hello extension parsing. |
25 | | * Hello extensions are packets appended in the TLS hello packet, and |
26 | | * allow for extra functionality. |
27 | | */ |
28 | | |
29 | | #include "gnutls_int.h" |
30 | | #include "hello_ext.h" |
31 | | #include "errors.h" |
32 | | #include "ext/max_record.h" |
33 | | #include "ext/server_name.h" |
34 | | #include "ext/srp.h" |
35 | | #include "ext/heartbeat.h" |
36 | | #include "ext/session_ticket.h" |
37 | | #include "ext/safe_renegotiation.h" |
38 | | #include "ext/signature.h" |
39 | | #include "ext/safe_renegotiation.h" |
40 | | #include "ext/supported_groups.h" |
41 | | #include "ext/ec_point_formats.h" |
42 | | #include "ext/status_request.h" |
43 | | #include "ext/ext_master_secret.h" |
44 | | #include "ext/supported_versions.h" |
45 | | #include "ext/post_handshake.h" |
46 | | #include "ext/srtp.h" |
47 | | #include "ext/alpn.h" |
48 | | #include "ext/dumbfw.h" |
49 | | #include "ext/key_share.h" |
50 | | #include "ext/pre_shared_key.h" |
51 | | #include "ext/psk_ke_modes.h" |
52 | | #include "ext/etm.h" |
53 | | #include "ext/cookie.h" |
54 | | #include "ext/early_data.h" |
55 | | #include "ext/record_size_limit.h" |
56 | | #include "extv.h" |
57 | | #include "num.h" |
58 | | #include "ext/client_cert_type.h" |
59 | | #include "ext/server_cert_type.h" |
60 | | #include "ext/compress_certificate.h" |
61 | | #include "intprops.h" |
62 | | #include "verify.h" |
63 | | |
64 | | verify(GNUTLS_EXTENSION_MAX < GNUTLS_EXTENSION_MAX_VALUE); |
65 | | verify(GNUTLS_EXTENSION_MAX < MAX_EXT_TYPES); |
66 | | |
67 | | /* we must provide at least 16 extensions for users to register; |
68 | | * increase GNUTLS_EXTENSION_MAX_VALUE, MAX_EXT_TYPES and used_exts |
69 | | * type if this fails |
70 | | */ |
71 | | verify(GNUTLS_EXTENSION_MAX_VALUE - GNUTLS_EXTENSION_MAX >= 16); |
72 | | |
73 | | /* MAX_EXT_TYPES must fit in a single byte, to generate random |
74 | | * permutation at once. |
75 | | */ |
76 | | verify(MAX_EXT_TYPES <= UINT8_MAX); |
77 | | |
78 | | static void unset_ext_data(gnutls_session_t session, |
79 | | const struct hello_ext_entry_st *, unsigned idx); |
80 | | |
81 | | static void unset_resumed_ext_data(gnutls_session_t session, |
82 | | const struct hello_ext_entry_st *, |
83 | | unsigned idx); |
84 | | |
85 | | static hello_ext_entry_st const *extfunc[MAX_EXT_TYPES + 1] = { |
86 | | [GNUTLS_EXTENSION_EXT_MASTER_SECRET] = &ext_mod_ext_master_secret, |
87 | | [GNUTLS_EXTENSION_SUPPORTED_VERSIONS] = &ext_mod_supported_versions, |
88 | | [GNUTLS_EXTENSION_POST_HANDSHAKE] = &ext_mod_post_handshake, |
89 | | [GNUTLS_EXTENSION_ETM] = &ext_mod_etm, |
90 | | #ifdef ENABLE_OCSP |
91 | | [GNUTLS_EXTENSION_STATUS_REQUEST] = &ext_mod_status_request, |
92 | | #endif |
93 | | [GNUTLS_EXTENSION_SERVER_NAME] = &ext_mod_server_name, |
94 | | [GNUTLS_EXTENSION_SAFE_RENEGOTIATION] = &ext_mod_sr, |
95 | | #ifdef ENABLE_SRP |
96 | | [GNUTLS_EXTENSION_SRP] = &ext_mod_srp, |
97 | | #endif |
98 | | #ifdef ENABLE_HEARTBEAT |
99 | | [GNUTLS_EXTENSION_HEARTBEAT] = &ext_mod_heartbeat, |
100 | | #endif |
101 | | [GNUTLS_EXTENSION_SESSION_TICKET] = &ext_mod_session_ticket, |
102 | | [GNUTLS_EXTENSION_CLIENT_CERT_TYPE] = &ext_mod_client_cert_type, |
103 | | [GNUTLS_EXTENSION_SERVER_CERT_TYPE] = &ext_mod_server_cert_type, |
104 | | [GNUTLS_EXTENSION_SUPPORTED_GROUPS] = &ext_mod_supported_groups, |
105 | | [GNUTLS_EXTENSION_SUPPORTED_EC_POINT_FORMATS] = |
106 | | &ext_mod_supported_ec_point_formats, |
107 | | [GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS] = &ext_mod_sig, |
108 | | [GNUTLS_EXTENSION_KEY_SHARE] = &ext_mod_key_share, |
109 | | [GNUTLS_EXTENSION_COOKIE] = &ext_mod_cookie, |
110 | | [GNUTLS_EXTENSION_EARLY_DATA] = &ext_mod_early_data, |
111 | | #ifdef ENABLE_DTLS_SRTP |
112 | | [GNUTLS_EXTENSION_SRTP] = &ext_mod_srtp, |
113 | | #endif |
114 | | #ifdef ENABLE_ALPN |
115 | | [GNUTLS_EXTENSION_ALPN] = &ext_mod_alpn, |
116 | | #endif |
117 | | [GNUTLS_EXTENSION_RECORD_SIZE_LIMIT] = &ext_mod_record_size_limit, |
118 | | [GNUTLS_EXTENSION_MAX_RECORD_SIZE] = &ext_mod_max_record_size, |
119 | | [GNUTLS_EXTENSION_PSK_KE_MODES] = &ext_mod_psk_ke_modes, |
120 | | [GNUTLS_EXTENSION_COMPRESS_CERTIFICATE] = &ext_mod_compress_certificate, |
121 | | [GNUTLS_EXTENSION_PRE_SHARED_KEY] = &ext_mod_pre_shared_key, |
122 | | /* This must be the last extension registered. |
123 | | */ |
124 | | [GNUTLS_EXTENSION_DUMBFW] = &ext_mod_dumbfw, |
125 | | }; |
126 | | |
127 | | static const hello_ext_entry_st *gid_to_ext_entry(gnutls_session_t session, |
128 | | extensions_t id) |
129 | 0 | { |
130 | 0 | unsigned i; |
131 | |
|
132 | 0 | assert(id < MAX_EXT_TYPES); |
133 | |
|
134 | 0 | for (i = 0; i < session->internals.rexts_size; i++) { |
135 | 0 | if (session->internals.rexts[i].gid == id) { |
136 | 0 | return &session->internals.rexts[i]; |
137 | 0 | } |
138 | 0 | } |
139 | | |
140 | 0 | return extfunc[id]; |
141 | 0 | } |
142 | | |
143 | | static const hello_ext_entry_st * |
144 | | tls_id_to_ext_entry(gnutls_session_t session, uint16_t tls_id, |
145 | | gnutls_ext_parse_type_t parse_point) |
146 | 0 | { |
147 | 0 | unsigned i; |
148 | 0 | const hello_ext_entry_st *e; |
149 | |
|
150 | 0 | for (i = 0; i < session->internals.rexts_size; i++) { |
151 | 0 | if (session->internals.rexts[i].tls_id == tls_id) { |
152 | 0 | e = &session->internals.rexts[i]; |
153 | 0 | goto done; |
154 | 0 | } |
155 | 0 | } |
156 | | |
157 | 0 | for (i = 0; i < MAX_EXT_TYPES; i++) { |
158 | 0 | if (!extfunc[i]) |
159 | 0 | continue; |
160 | | |
161 | 0 | if (extfunc[i]->tls_id == tls_id) { |
162 | 0 | e = extfunc[i]; |
163 | 0 | goto done; |
164 | 0 | } |
165 | 0 | } |
166 | | |
167 | 0 | return NULL; |
168 | 0 | done: |
169 | 0 | if (parse_point == GNUTLS_EXT_ANY || |
170 | 0 | (IS_SERVER(session) && e->server_parse_point == parse_point) || |
171 | 0 | (!IS_SERVER(session) && e->client_parse_point == parse_point)) { |
172 | 0 | return e; |
173 | 0 | } else { |
174 | 0 | return NULL; |
175 | 0 | } |
176 | 0 | } |
177 | | |
178 | | /** |
179 | | * gnutls_ext_get_name: |
180 | | * @ext: is a TLS extension numeric ID |
181 | | * |
182 | | * Convert a TLS extension numeric ID to a printable string. |
183 | | * |
184 | | * Returns: a pointer to a string that contains the name of the |
185 | | * specified cipher, or %NULL. |
186 | | **/ |
187 | | const char *gnutls_ext_get_name(unsigned int ext) |
188 | 0 | { |
189 | 0 | size_t i; |
190 | |
|
191 | 0 | for (i = 0; i < MAX_EXT_TYPES; i++) { |
192 | 0 | if (!extfunc[i]) |
193 | 0 | continue; |
194 | | |
195 | 0 | if (extfunc[i]->tls_id == ext) |
196 | 0 | return extfunc[i]->name; |
197 | 0 | } |
198 | | |
199 | 0 | return NULL; |
200 | 0 | } |
201 | | |
202 | | /* Returns %GNUTLS_EXTENSION_INVALID on error |
203 | | */ |
204 | | static unsigned tls_id_to_gid(gnutls_session_t session, unsigned tls_id) |
205 | 0 | { |
206 | 0 | unsigned i; |
207 | |
|
208 | 0 | for (i = 0; i < session->internals.rexts_size; i++) { |
209 | 0 | if (session->internals.rexts[i].tls_id == tls_id) |
210 | 0 | return session->internals.rexts[i].gid; |
211 | 0 | } |
212 | | |
213 | 0 | for (i = 0; i < MAX_EXT_TYPES; i++) { |
214 | 0 | if (!extfunc[i]) |
215 | 0 | continue; |
216 | | |
217 | 0 | if (extfunc[i]->tls_id == tls_id) |
218 | 0 | return extfunc[i]->gid; |
219 | 0 | } |
220 | | |
221 | 0 | return GNUTLS_EXTENSION_INVALID; |
222 | 0 | } |
223 | | |
224 | | typedef struct hello_ext_ctx_st { |
225 | | gnutls_session_t session; |
226 | | gnutls_ext_flags_t msg; |
227 | | gnutls_ext_parse_type_t parse_point; |
228 | | const hello_ext_entry_st *ext; /* used during send */ |
229 | | unsigned seen_pre_shared_key; |
230 | | } hello_ext_ctx_st; |
231 | | |
232 | | static int hello_ext_parse(void *_ctx, unsigned tls_id, const uint8_t *data, |
233 | | unsigned data_size) |
234 | 0 | { |
235 | 0 | hello_ext_ctx_st *ctx = _ctx; |
236 | 0 | gnutls_session_t session = ctx->session; |
237 | 0 | const hello_ext_entry_st *ext; |
238 | 0 | int ret; |
239 | |
|
240 | 0 | if (tls_id == PRE_SHARED_KEY_TLS_ID) { |
241 | 0 | ctx->seen_pre_shared_key = 1; |
242 | 0 | } else if (ctx->seen_pre_shared_key && |
243 | 0 | session->security_parameters.entity == GNUTLS_SERVER) { |
244 | | /* the pre-shared key extension must always be the last one, |
245 | | * draft-ietf-tls-tls13-28: 4.2.11 */ |
246 | 0 | return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); |
247 | 0 | } |
248 | | |
249 | 0 | ext = tls_id_to_ext_entry(session, tls_id, ctx->parse_point); |
250 | 0 | if (ext == NULL || ext->recv_func == NULL) { |
251 | 0 | goto ignore; |
252 | 0 | } |
253 | | |
254 | | /* we do not hard fail when extensions defined for TLS are used for |
255 | | * DTLS and vice-versa. They may extend their role in the future. */ |
256 | 0 | if (IS_DTLS(session)) { |
257 | 0 | if (!(ext->validity & GNUTLS_EXT_FLAG_DTLS)) { |
258 | 0 | gnutls_assert(); |
259 | 0 | goto ignore; |
260 | 0 | } |
261 | 0 | } else { |
262 | 0 | if (!(ext->validity & GNUTLS_EXT_FLAG_TLS)) { |
263 | 0 | gnutls_assert(); |
264 | 0 | goto ignore; |
265 | 0 | } |
266 | 0 | } |
267 | | |
268 | 0 | if (session->security_parameters.entity == GNUTLS_CLIENT) { |
269 | 0 | if (!(ext->validity & GNUTLS_EXT_FLAG_IGNORE_CLIENT_REQUEST) && |
270 | 0 | !_gnutls_hello_ext_is_present(session, ext->gid)) { |
271 | 0 | _gnutls_debug_log( |
272 | 0 | "EXT[%p]: Received unexpected extension '%s/%d'\n", |
273 | 0 | session, ext->name, (int)tls_id); |
274 | 0 | return gnutls_assert_val( |
275 | 0 | GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION); |
276 | 0 | } |
277 | 0 | } |
278 | | |
279 | 0 | if ((ext->validity & ctx->msg) == 0) { |
280 | 0 | _gnutls_debug_log( |
281 | 0 | "EXT[%p]: Received unexpected extension (%s/%d) for '%s'\n", |
282 | 0 | session, ext->name, (int)tls_id, |
283 | 0 | ext_msg_validity_to_str(ctx->msg)); |
284 | 0 | return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION); |
285 | 0 | } |
286 | | |
287 | 0 | if (session->security_parameters.entity == GNUTLS_SERVER) { |
288 | 0 | ret = _gnutls_hello_ext_save(session, ext->gid, 1); |
289 | 0 | if (ret == 0) |
290 | 0 | return gnutls_assert_val( |
291 | 0 | GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION); |
292 | 0 | } |
293 | | |
294 | 0 | _gnutls_handshake_log("EXT[%p]: Parsing extension '%s/%d' (%d bytes)\n", |
295 | 0 | session, ext->name, (int)tls_id, data_size); |
296 | |
|
297 | 0 | _gnutls_ext_set_msg(session, ctx->msg); |
298 | 0 | if ((ret = ext->recv_func(session, data, data_size)) < 0) { |
299 | 0 | gnutls_assert(); |
300 | 0 | return ret; |
301 | 0 | } |
302 | | |
303 | 0 | return 0; |
304 | | |
305 | 0 | ignore: |
306 | 0 | if (ext) { |
307 | 0 | _gnutls_handshake_log("EXT[%p]: Ignoring extension '%s/%d'\n", |
308 | 0 | session, ext->name, (int)tls_id); |
309 | 0 | } |
310 | 0 | return 0; |
311 | 0 | } |
312 | | |
313 | | int _gnutls_parse_hello_extensions(gnutls_session_t session, |
314 | | gnutls_ext_flags_t msg, |
315 | | gnutls_ext_parse_type_t parse_point, |
316 | | const uint8_t *data, int data_size) |
317 | 0 | { |
318 | 0 | int ret; |
319 | 0 | hello_ext_ctx_st ctx; |
320 | |
|
321 | 0 | msg &= GNUTLS_EXT_FLAG_SET_ONLY_FLAGS_MASK; |
322 | |
|
323 | 0 | ctx.session = session; |
324 | 0 | ctx.msg = msg; |
325 | 0 | ctx.parse_point = parse_point; |
326 | 0 | ctx.seen_pre_shared_key = 0; |
327 | |
|
328 | 0 | ret = _gnutls_extv_parse(&ctx, hello_ext_parse, data, data_size); |
329 | 0 | if (ret < 0) |
330 | 0 | return gnutls_assert_val(ret); |
331 | | |
332 | 0 | return 0; |
333 | 0 | } |
334 | | |
335 | | static int hello_ext_send(void *_ctx, gnutls_buffer_st *buf) |
336 | 0 | { |
337 | 0 | hello_ext_ctx_st *ctx = _ctx; |
338 | 0 | int ret; |
339 | 0 | const hello_ext_entry_st *p = ctx->ext; |
340 | 0 | gnutls_session_t session = ctx->session; |
341 | 0 | int appended; |
342 | 0 | size_t size_prev; |
343 | |
|
344 | 0 | if (unlikely(p->send_func == NULL)) |
345 | 0 | return 0; |
346 | | |
347 | 0 | if (ctx->parse_point != GNUTLS_EXT_ANY && |
348 | 0 | ((IS_SERVER(session) && p->server_parse_point != ctx->parse_point) || |
349 | 0 | (!IS_SERVER(session) && |
350 | 0 | p->client_parse_point != ctx->parse_point))) { |
351 | 0 | return 0; |
352 | 0 | } |
353 | | |
354 | 0 | if (IS_DTLS(session)) { |
355 | 0 | if (!(p->validity & GNUTLS_EXT_FLAG_DTLS)) { |
356 | 0 | gnutls_assert(); |
357 | 0 | goto skip; |
358 | 0 | } |
359 | 0 | } else { |
360 | 0 | if (!(p->validity & GNUTLS_EXT_FLAG_TLS)) { |
361 | 0 | gnutls_assert(); |
362 | 0 | goto skip; |
363 | 0 | } |
364 | 0 | } |
365 | | |
366 | 0 | if ((ctx->msg & p->validity) == 0) { |
367 | 0 | goto skip; |
368 | 0 | } else { |
369 | 0 | _gnutls_handshake_log( |
370 | 0 | "EXT[%p]: Preparing extension (%s/%d) for '%s'\n", |
371 | 0 | session, p->name, (int)p->tls_id, |
372 | 0 | ext_msg_validity_to_str(ctx->msg)); |
373 | 0 | } |
374 | | |
375 | | /* ensure we don't send something twice (i.e, overridden extensions in |
376 | | * client), and ensure we are sending only what we received in server. */ |
377 | 0 | ret = _gnutls_hello_ext_is_present(session, p->gid); |
378 | |
|
379 | 0 | if (session->security_parameters.entity == GNUTLS_SERVER) { |
380 | | /* if client didn't advertise and the override flag is not present */ |
381 | 0 | if (!(p->validity & GNUTLS_EXT_FLAG_IGNORE_CLIENT_REQUEST) && |
382 | 0 | ret == 0) |
383 | 0 | return 0; |
384 | 0 | } else { |
385 | 0 | if (ret != 0) /* already sent */ |
386 | 0 | return 0; |
387 | 0 | } |
388 | | |
389 | 0 | size_prev = buf->length; |
390 | |
|
391 | 0 | _gnutls_ext_set_msg(session, ctx->msg); |
392 | 0 | ret = p->send_func(session, buf); |
393 | 0 | if (ret < 0 && ret != GNUTLS_E_INT_RET_0) { |
394 | 0 | return gnutls_assert_val(ret); |
395 | 0 | } |
396 | | |
397 | 0 | appended = buf->length - size_prev; |
398 | | |
399 | | /* add this extension to the extension list, to know which extensions |
400 | | * to expect. |
401 | | */ |
402 | 0 | if ((appended > 0 || ret == GNUTLS_E_INT_RET_0) && |
403 | 0 | session->security_parameters.entity == GNUTLS_CLIENT) { |
404 | 0 | _gnutls_hello_ext_save(session, p->gid, 0); |
405 | 0 | } |
406 | |
|
407 | 0 | return ret; |
408 | | |
409 | 0 | skip: |
410 | 0 | _gnutls_handshake_log( |
411 | 0 | "EXT[%p]: Not sending extension (%s/%d) for '%s'\n", session, |
412 | 0 | p->name, (int)p->tls_id, ext_msg_validity_to_str(ctx->msg)); |
413 | 0 | return 0; |
414 | 0 | } |
415 | | |
416 | | static inline void swap_exts(extensions_t *exts, size_t index1, size_t index2) |
417 | 0 | { |
418 | 0 | extensions_t temp = exts[index1]; |
419 | 0 | exts[index1] = exts[index2]; |
420 | 0 | exts[index2] = temp; |
421 | 0 | } |
422 | | |
423 | | static int shuffle_exts(extensions_t *exts, size_t size) |
424 | 0 | { |
425 | 0 | uint8_t permutation[MAX_EXT_TYPES]; |
426 | 0 | size_t i; |
427 | 0 | int ret; |
428 | |
|
429 | 0 | assert(size <= MAX_EXT_TYPES); |
430 | |
|
431 | 0 | if (unlikely(size == 0)) |
432 | 0 | return 0; |
433 | | |
434 | | /* Generate random permutation, assuming MAX_EXT_TYPES <= |
435 | | * UINT8_MAX. |
436 | | */ |
437 | 0 | ret = gnutls_rnd(GNUTLS_RND_RANDOM, permutation, size); |
438 | 0 | if (ret < 0) |
439 | 0 | return gnutls_assert_val(ret); |
440 | | |
441 | 0 | for (i = size - 1; i > 0; i--) { |
442 | 0 | extensions_t j = permutation[i] % (i + 1); |
443 | 0 | swap_exts(exts, i, j); |
444 | 0 | } |
445 | |
|
446 | 0 | return 0; |
447 | 0 | } |
448 | | |
449 | | int _gnutls_gen_hello_extensions(gnutls_session_t session, |
450 | | gnutls_buffer_st *buf, gnutls_ext_flags_t msg, |
451 | | gnutls_ext_parse_type_t parse_point) |
452 | 0 | { |
453 | 0 | int pos, ret; |
454 | 0 | size_t i; |
455 | 0 | hello_ext_ctx_st ctx; |
456 | |
|
457 | 0 | msg &= GNUTLS_EXT_FLAG_SET_ONLY_FLAGS_MASK; |
458 | |
|
459 | 0 | ctx.session = session; |
460 | 0 | ctx.msg = msg; |
461 | 0 | ctx.parse_point = parse_point; |
462 | |
|
463 | 0 | ret = _gnutls_extv_append_init(buf); |
464 | 0 | if (ret < 0) |
465 | 0 | return gnutls_assert_val(ret); |
466 | | |
467 | 0 | pos = ret; |
468 | 0 | _gnutls_ext_set_extensions_offset(session, pos); |
469 | |
|
470 | 0 | for (i = 0; i < session->internals.rexts_size; i++) { |
471 | 0 | ctx.ext = &session->internals.rexts[i]; |
472 | 0 | ret = _gnutls_extv_append(buf, |
473 | 0 | session->internals.rexts[i].tls_id, |
474 | 0 | &ctx, hello_ext_send); |
475 | 0 | if (ret < 0) |
476 | 0 | return gnutls_assert_val(ret); |
477 | | |
478 | 0 | if (ret > 0) |
479 | 0 | _gnutls_handshake_log( |
480 | 0 | "EXT[%p]: Sending extension %s/%d (%d bytes)\n", |
481 | 0 | session, ctx.ext->name, (int)ctx.ext->tls_id, |
482 | 0 | ret - 4); |
483 | 0 | } |
484 | | |
485 | 0 | if (msg & GNUTLS_EXT_FLAG_CLIENT_HELLO && |
486 | 0 | !session->internals.client_hello_exts_set) { |
487 | | /* Initializing extensions array */ |
488 | 0 | for (i = 0; i < MAX_EXT_TYPES; i++) { |
489 | 0 | session->internals.client_hello_exts[i] = i; |
490 | 0 | } |
491 | |
|
492 | 0 | if (!session->internals.priorities->no_shuffle_extensions) { |
493 | | /* Ordering padding and pre_shared_key as last extensions */ |
494 | 0 | swap_exts(session->internals.client_hello_exts, |
495 | 0 | MAX_EXT_TYPES - 2, GNUTLS_EXTENSION_DUMBFW); |
496 | 0 | swap_exts(session->internals.client_hello_exts, |
497 | 0 | MAX_EXT_TYPES - 1, |
498 | 0 | GNUTLS_EXTENSION_PRE_SHARED_KEY); |
499 | |
|
500 | 0 | ret = shuffle_exts(session->internals.client_hello_exts, |
501 | 0 | MAX_EXT_TYPES - 2); |
502 | 0 | if (ret < 0) |
503 | 0 | return gnutls_assert_val(ret); |
504 | 0 | } |
505 | 0 | session->internals.client_hello_exts_set = true; |
506 | 0 | } |
507 | | |
508 | | /* hello_ext_send() ensures we don't send duplicates, in case |
509 | | * of overridden extensions */ |
510 | 0 | for (i = 0; i < MAX_EXT_TYPES; i++) { |
511 | 0 | size_t ii; |
512 | |
|
513 | 0 | if (msg & GNUTLS_EXT_FLAG_CLIENT_HELLO) |
514 | 0 | ii = session->internals.client_hello_exts[i]; |
515 | 0 | else |
516 | 0 | ii = i; |
517 | |
|
518 | 0 | if (!extfunc[ii]) |
519 | 0 | continue; |
520 | | |
521 | 0 | ctx.ext = extfunc[ii]; |
522 | 0 | ret = _gnutls_extv_append(buf, extfunc[ii]->tls_id, &ctx, |
523 | 0 | hello_ext_send); |
524 | 0 | if (ret < 0) |
525 | 0 | return gnutls_assert_val(ret); |
526 | | |
527 | 0 | if (ret > 0) |
528 | 0 | _gnutls_handshake_log( |
529 | 0 | "EXT[%p]: Sending extension %s/%d (%d bytes)\n", |
530 | 0 | session, ctx.ext->name, (int)ctx.ext->tls_id, |
531 | 0 | ret - 4); |
532 | 0 | } |
533 | | |
534 | 0 | ret = _gnutls_extv_append_final(buf, pos, !(msg & GNUTLS_EXT_FLAG_EE)); |
535 | 0 | if (ret < 0) |
536 | 0 | return gnutls_assert_val(ret); |
537 | | |
538 | 0 | return 0; |
539 | 0 | } |
540 | | |
541 | | /* Global deinit and init of global extensions */ |
542 | | int _gnutls_hello_ext_init(void) |
543 | 4 | { |
544 | 4 | return GNUTLS_E_SUCCESS; |
545 | 4 | } |
546 | | |
547 | | void _gnutls_hello_ext_deinit(void) |
548 | 0 | { |
549 | 0 | unsigned i; |
550 | |
|
551 | 0 | for (i = 0; i < MAX_EXT_TYPES; i++) { |
552 | 0 | if (!extfunc[i]) |
553 | 0 | continue; |
554 | | |
555 | 0 | if (extfunc[i]->free_struct != 0) { |
556 | 0 | gnutls_free(((hello_ext_entry_st *)extfunc[i])->name); |
557 | 0 | gnutls_free(extfunc[i]); |
558 | 0 | } |
559 | 0 | } |
560 | 0 | } |
561 | | |
562 | | /* Packing of extension data (for use in resumption) */ |
563 | | static int pack_extension(gnutls_session_t session, |
564 | | const hello_ext_entry_st *extp, |
565 | | gnutls_buffer_st *packed) |
566 | 0 | { |
567 | 0 | int ret; |
568 | 0 | int size_offset; |
569 | 0 | int cur_size; |
570 | 0 | gnutls_ext_priv_data_t data; |
571 | 0 | int rval = 0; |
572 | |
|
573 | 0 | ret = _gnutls_hello_ext_get_priv(session, extp->gid, &data); |
574 | 0 | if (ret >= 0 && extp->pack_func != NULL) { |
575 | 0 | BUFFER_APPEND_NUM(packed, extp->gid); |
576 | |
|
577 | 0 | size_offset = packed->length; |
578 | 0 | BUFFER_APPEND_NUM(packed, 0); |
579 | |
|
580 | 0 | cur_size = packed->length; |
581 | |
|
582 | 0 | ret = extp->pack_func(data, packed); |
583 | 0 | if (ret < 0) { |
584 | 0 | gnutls_assert(); |
585 | 0 | return ret; |
586 | 0 | } |
587 | | |
588 | 0 | rval = 1; |
589 | | /* write the actual size */ |
590 | 0 | _gnutls_write_uint32(packed->length - cur_size, |
591 | 0 | packed->data + size_offset); |
592 | 0 | } |
593 | | |
594 | 0 | return rval; |
595 | 0 | } |
596 | | |
597 | | int _gnutls_hello_ext_pack(gnutls_session_t session, gnutls_buffer_st *packed) |
598 | 0 | { |
599 | 0 | unsigned int i; |
600 | 0 | int ret; |
601 | 0 | int total_exts_pos; |
602 | 0 | int n_exts = 0; |
603 | 0 | const struct hello_ext_entry_st *ext; |
604 | |
|
605 | 0 | total_exts_pos = packed->length; |
606 | 0 | BUFFER_APPEND_NUM(packed, 0); |
607 | |
|
608 | 0 | for (i = 0; i <= GNUTLS_EXTENSION_MAX_VALUE; i++) { |
609 | 0 | if (session->internals.used_exts & ((ext_track_t)1 << i)) { |
610 | 0 | ext = gid_to_ext_entry(session, i); |
611 | 0 | if (ext == NULL) |
612 | 0 | continue; |
613 | | |
614 | 0 | ret = pack_extension(session, ext, packed); |
615 | 0 | if (ret < 0) |
616 | 0 | return gnutls_assert_val(ret); |
617 | | |
618 | 0 | if (ret > 0) |
619 | 0 | n_exts++; |
620 | 0 | } |
621 | 0 | } |
622 | | |
623 | 0 | _gnutls_write_uint32(n_exts, packed->data + total_exts_pos); |
624 | |
|
625 | 0 | return 0; |
626 | 0 | } |
627 | | |
628 | | int _gnutls_ext_set_full_client_hello(gnutls_session_t session, |
629 | | handshake_buffer_st *recv_buf) |
630 | 0 | { |
631 | 0 | int ret; |
632 | 0 | gnutls_buffer_st *buf = &session->internals.full_client_hello; |
633 | |
|
634 | 0 | _gnutls_buffer_clear(buf); |
635 | |
|
636 | 0 | if ((ret = _gnutls_buffer_append_prefix(buf, 8, recv_buf->htype)) < 0) |
637 | 0 | return gnutls_assert_val(ret); |
638 | 0 | if ((ret = _gnutls_buffer_append_prefix(buf, 24, |
639 | 0 | recv_buf->data.length)) < 0) |
640 | 0 | return gnutls_assert_val(ret); |
641 | 0 | if ((ret = _gnutls_buffer_append_data(buf, recv_buf->data.data, |
642 | 0 | recv_buf->data.length)) < 0) |
643 | 0 | return gnutls_assert_val(ret); |
644 | | |
645 | 0 | return 0; |
646 | 0 | } |
647 | | |
648 | | unsigned _gnutls_ext_get_full_client_hello(gnutls_session_t session, |
649 | | gnutls_datum_t *d) |
650 | 0 | { |
651 | 0 | gnutls_buffer_st *buf = &session->internals.full_client_hello; |
652 | |
|
653 | 0 | if (!buf->length) |
654 | 0 | return 0; |
655 | | |
656 | 0 | d->data = buf->data; |
657 | 0 | d->size = buf->length; |
658 | |
|
659 | 0 | return 1; |
660 | 0 | } |
661 | | |
662 | | static void _gnutls_ext_set_resumed_session_data(gnutls_session_t session, |
663 | | extensions_t id, |
664 | | gnutls_ext_priv_data_t data) |
665 | 0 | { |
666 | 0 | const struct hello_ext_entry_st *ext; |
667 | | |
668 | | /* If this happens we need to increase the max */ |
669 | 0 | assert(id < MAX_EXT_TYPES); |
670 | |
|
671 | 0 | ext = gid_to_ext_entry(session, id); |
672 | 0 | assert(ext != NULL); |
673 | |
|
674 | 0 | if (session->internals.ext_data[id].resumed_set != 0) |
675 | 0 | unset_resumed_ext_data(session, ext, id); |
676 | |
|
677 | 0 | session->internals.ext_data[id].resumed_priv = data; |
678 | 0 | session->internals.ext_data[id].resumed_set = 1; |
679 | 0 | return; |
680 | 0 | } |
681 | | |
682 | | int _gnutls_hello_ext_unpack(gnutls_session_t session, gnutls_buffer_st *packed) |
683 | 0 | { |
684 | 0 | int i, ret; |
685 | 0 | gnutls_ext_priv_data_t data; |
686 | 0 | int max_exts = 0; |
687 | 0 | extensions_t id; |
688 | 0 | int size_for_id, cur_pos; |
689 | 0 | const struct hello_ext_entry_st *ext; |
690 | |
|
691 | 0 | BUFFER_POP_NUM(packed, max_exts); |
692 | 0 | for (i = 0; i < max_exts; i++) { |
693 | 0 | BUFFER_POP_NUM(packed, id); |
694 | 0 | BUFFER_POP_NUM(packed, size_for_id); |
695 | |
|
696 | 0 | cur_pos = packed->length; |
697 | |
|
698 | 0 | ext = gid_to_ext_entry(session, id); |
699 | 0 | if (ext == NULL || ext->unpack_func == NULL) { |
700 | 0 | gnutls_assert(); |
701 | 0 | return GNUTLS_E_PARSING_ERROR; |
702 | 0 | } |
703 | | |
704 | 0 | ret = ext->unpack_func(packed, &data); |
705 | 0 | if (ret < 0) { |
706 | 0 | gnutls_assert(); |
707 | 0 | return ret; |
708 | 0 | } |
709 | | |
710 | | /* verify that unpack read the correct bytes */ |
711 | 0 | cur_pos = cur_pos - packed->length; |
712 | 0 | if (cur_pos /* read length */ != size_for_id) { |
713 | 0 | gnutls_assert(); |
714 | 0 | return GNUTLS_E_PARSING_ERROR; |
715 | 0 | } |
716 | | |
717 | 0 | _gnutls_ext_set_resumed_session_data(session, id, data); |
718 | 0 | } |
719 | | |
720 | 0 | return 0; |
721 | | |
722 | 0 | error: |
723 | 0 | return ret; |
724 | 0 | } |
725 | | |
726 | | static void unset_ext_data(gnutls_session_t session, |
727 | | const struct hello_ext_entry_st *ext, unsigned idx) |
728 | 0 | { |
729 | 0 | if (session->internals.ext_data[idx].set == 0) |
730 | 0 | return; |
731 | | |
732 | 0 | if (ext && ext->deinit_func && |
733 | 0 | session->internals.ext_data[idx].priv != NULL) |
734 | 0 | ext->deinit_func(session->internals.ext_data[idx].priv); |
735 | 0 | session->internals.ext_data[idx].set = 0; |
736 | 0 | } |
737 | | |
738 | | void _gnutls_hello_ext_unset_priv(gnutls_session_t session, extensions_t id) |
739 | 0 | { |
740 | 0 | const struct hello_ext_entry_st *ext; |
741 | |
|
742 | 0 | ext = gid_to_ext_entry(session, id); |
743 | 0 | if (ext) |
744 | 0 | unset_ext_data(session, ext, id); |
745 | 0 | } |
746 | | |
747 | | static void unset_resumed_ext_data(gnutls_session_t session, |
748 | | const struct hello_ext_entry_st *ext, |
749 | | unsigned idx) |
750 | 0 | { |
751 | 0 | if (session->internals.ext_data[idx].resumed_set == 0) |
752 | 0 | return; |
753 | | |
754 | 0 | if (ext && ext->deinit_func && |
755 | 0 | session->internals.ext_data[idx].resumed_priv) { |
756 | 0 | ext->deinit_func(session->internals.ext_data[idx].resumed_priv); |
757 | 0 | } |
758 | 0 | session->internals.ext_data[idx].resumed_set = 0; |
759 | 0 | } |
760 | | |
761 | | /* Deinitializes all data that are associated with TLS extensions. |
762 | | */ |
763 | | void _gnutls_hello_ext_priv_deinit(gnutls_session_t session) |
764 | 0 | { |
765 | 0 | unsigned int i; |
766 | 0 | const struct hello_ext_entry_st *ext; |
767 | |
|
768 | 0 | for (i = 0; i < MAX_EXT_TYPES; i++) { |
769 | 0 | if (!session->internals.ext_data[i].set && |
770 | 0 | !session->internals.ext_data[i].resumed_set) |
771 | 0 | continue; |
772 | | |
773 | 0 | ext = gid_to_ext_entry(session, i); |
774 | 0 | if (ext) { |
775 | 0 | unset_ext_data(session, ext, i); |
776 | 0 | unset_resumed_ext_data(session, ext, i); |
777 | 0 | } |
778 | 0 | } |
779 | 0 | } |
780 | | |
781 | | /* This function allows an extension to store data in the current session |
782 | | * and retrieve them later on. We use functions instead of a pointer to a |
783 | | * private pointer, to allow API additions by individual extensions. |
784 | | */ |
785 | | void _gnutls_hello_ext_set_priv(gnutls_session_t session, extensions_t id, |
786 | | gnutls_ext_priv_data_t data) |
787 | 0 | { |
788 | 0 | const struct hello_ext_entry_st *ext; |
789 | |
|
790 | 0 | assert(id < MAX_EXT_TYPES); |
791 | |
|
792 | 0 | ext = gid_to_ext_entry(session, id); |
793 | 0 | assert(ext != NULL); |
794 | |
|
795 | 0 | if (session->internals.ext_data[id].set != 0) { |
796 | 0 | unset_ext_data(session, ext, id); |
797 | 0 | } |
798 | 0 | session->internals.ext_data[id].priv = data; |
799 | 0 | session->internals.ext_data[id].set = 1; |
800 | |
|
801 | 0 | return; |
802 | 0 | } |
803 | | |
804 | | int _gnutls_hello_ext_get_priv(gnutls_session_t session, extensions_t id, |
805 | | gnutls_ext_priv_data_t *data) |
806 | 0 | { |
807 | 0 | if (session->internals.ext_data[id].set != 0) { |
808 | 0 | *data = session->internals.ext_data[id].priv; |
809 | 0 | return 0; |
810 | 0 | } |
811 | | |
812 | 0 | return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; |
813 | 0 | } |
814 | | |
815 | | int _gnutls_hello_ext_get_resumed_priv(gnutls_session_t session, |
816 | | extensions_t id, |
817 | | gnutls_ext_priv_data_t *data) |
818 | 0 | { |
819 | 0 | if (session->internals.ext_data[id].resumed_set != 0) { |
820 | 0 | *data = session->internals.ext_data[id].resumed_priv; |
821 | 0 | return 0; |
822 | 0 | } |
823 | | |
824 | 0 | return GNUTLS_E_INVALID_REQUEST; |
825 | 0 | } |
826 | | |
827 | | /** |
828 | | * gnutls_ext_register: |
829 | | * @name: the name of the extension to register |
830 | | * @id: the numeric TLS id of the extension |
831 | | * @parse_point: the parse type of the extension (see gnutls_ext_parse_type_t) |
832 | | * @recv_func: a function to receive the data |
833 | | * @send_func: a function to send the data |
834 | | * @deinit_func: a function deinitialize any private data |
835 | | * @pack_func: a function which serializes the extension's private data (used on session packing for resumption) |
836 | | * @unpack_func: a function which will deserialize the extension's private data |
837 | | * |
838 | | * This function will register a new extension type. The extension will remain |
839 | | * registered until gnutls_global_deinit() is called. If the extension type |
840 | | * is already registered then %GNUTLS_E_ALREADY_REGISTERED will be returned. |
841 | | * |
842 | | * Each registered extension can store temporary data into the gnutls_session_t |
843 | | * structure using gnutls_ext_set_data(), and they can be retrieved using |
844 | | * gnutls_ext_get_data(). |
845 | | * |
846 | | * Any extensions registered with this function are valid for the client |
847 | | * and TLS1.2 server hello (or encrypted extensions for TLS1.3). |
848 | | * |
849 | | * This function is not thread safe. |
850 | | * |
851 | | * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code. |
852 | | * |
853 | | * Since: 3.4.0 |
854 | | **/ |
855 | | int gnutls_ext_register(const char *name, int id, |
856 | | gnutls_ext_parse_type_t parse_point, |
857 | | gnutls_ext_recv_func recv_func, |
858 | | gnutls_ext_send_func send_func, |
859 | | gnutls_ext_deinit_data_func deinit_func, |
860 | | gnutls_ext_pack_func pack_func, |
861 | | gnutls_ext_unpack_func unpack_func) |
862 | 0 | { |
863 | 0 | hello_ext_entry_st *tmp_mod; |
864 | 0 | unsigned i; |
865 | 0 | unsigned gid = GNUTLS_EXTENSION_MAX + 1; |
866 | |
|
867 | 0 | for (i = 0; i < MAX_EXT_TYPES; i++) { |
868 | 0 | if (!extfunc[i]) |
869 | 0 | continue; |
870 | | |
871 | 0 | if (extfunc[i]->tls_id == id) |
872 | 0 | return gnutls_assert_val(GNUTLS_E_ALREADY_REGISTERED); |
873 | | |
874 | 0 | if (extfunc[i]->gid >= gid) |
875 | 0 | gid = extfunc[i]->gid + 1; |
876 | 0 | } |
877 | | |
878 | 0 | assert(gid < sizeof(extfunc) / sizeof(extfunc[0])); |
879 | 0 | if (gid > GNUTLS_EXTENSION_MAX_VALUE) |
880 | 0 | return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); |
881 | | |
882 | 0 | tmp_mod = gnutls_calloc(1, sizeof(*tmp_mod)); |
883 | 0 | if (tmp_mod == NULL) |
884 | 0 | return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); |
885 | | |
886 | 0 | tmp_mod->name = gnutls_strdup(name); |
887 | 0 | if (tmp_mod->name == NULL) { |
888 | 0 | gnutls_free(tmp_mod); |
889 | 0 | return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); |
890 | 0 | } |
891 | | |
892 | 0 | tmp_mod->free_struct = 1; |
893 | 0 | tmp_mod->tls_id = id; |
894 | 0 | tmp_mod->gid = gid; |
895 | 0 | tmp_mod->client_parse_point = parse_point; |
896 | 0 | tmp_mod->server_parse_point = parse_point; |
897 | 0 | tmp_mod->recv_func = recv_func; |
898 | 0 | tmp_mod->send_func = send_func; |
899 | 0 | tmp_mod->deinit_func = deinit_func; |
900 | 0 | tmp_mod->pack_func = pack_func; |
901 | 0 | tmp_mod->unpack_func = unpack_func; |
902 | 0 | tmp_mod->validity = GNUTLS_EXT_FLAG_CLIENT_HELLO | |
903 | 0 | GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO | |
904 | 0 | GNUTLS_EXT_FLAG_EE | GNUTLS_EXT_FLAG_DTLS | |
905 | 0 | GNUTLS_EXT_FLAG_TLS; |
906 | |
|
907 | 0 | assert(extfunc[gid] == NULL); |
908 | 0 | extfunc[gid] = tmp_mod; |
909 | |
|
910 | 0 | return 0; |
911 | 0 | } |
912 | | |
913 | | #define VALIDITY_MASK \ |
914 | 0 | (GNUTLS_EXT_FLAG_CLIENT_HELLO | GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO | \ |
915 | 0 | GNUTLS_EXT_FLAG_TLS13_SERVER_HELLO | GNUTLS_EXT_FLAG_EE | \ |
916 | 0 | GNUTLS_EXT_FLAG_HRR) |
917 | | |
918 | | /** |
919 | | * gnutls_session_ext_register: |
920 | | * @session: the session for which this extension will be set |
921 | | * @name: the name of the extension to register |
922 | | * @id: the numeric id of the extension |
923 | | * @parse_point: the parse type of the extension (see gnutls_ext_parse_type_t) |
924 | | * @recv_func: a function to receive the data |
925 | | * @send_func: a function to send the data |
926 | | * @deinit_func: a function deinitialize any private data |
927 | | * @pack_func: a function which serializes the extension's private data (used on session packing for resumption) |
928 | | * @unpack_func: a function which will deserialize the extension's private data |
929 | | * @flags: must be zero or flags from %gnutls_ext_flags_t |
930 | | * |
931 | | * This function will register a new extension type. The extension will be |
932 | | * only usable within the registered session. If the extension type |
933 | | * is already registered then %GNUTLS_E_ALREADY_REGISTERED will be returned, |
934 | | * unless the flag %GNUTLS_EXT_FLAG_OVERRIDE_INTERNAL is specified. The latter |
935 | | * flag when specified can be used to override certain extensions introduced |
936 | | * after 3.6.0. It is expected to be used by applications which handle |
937 | | * custom extensions that are not currently supported in GnuTLS, but direct |
938 | | * support for them may be added in the future. |
939 | | * |
940 | | * Each registered extension can store temporary data into the gnutls_session_t |
941 | | * structure using gnutls_ext_set_data(), and they can be retrieved using |
942 | | * gnutls_ext_get_data(). |
943 | | * |
944 | | * The validity of the extension registered can be given by the appropriate flags |
945 | | * of %gnutls_ext_flags_t. If no validity is given, then the registered extension |
946 | | * will be valid for client and TLS1.2 server hello (or encrypted extensions for TLS1.3). |
947 | | * |
948 | | * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code. |
949 | | * |
950 | | * Since: 3.5.5 |
951 | | **/ |
952 | | int gnutls_session_ext_register(gnutls_session_t session, const char *name, |
953 | | int id, gnutls_ext_parse_type_t parse_point, |
954 | | gnutls_ext_recv_func recv_func, |
955 | | gnutls_ext_send_func send_func, |
956 | | gnutls_ext_deinit_data_func deinit_func, |
957 | | gnutls_ext_pack_func pack_func, |
958 | | gnutls_ext_unpack_func unpack_func, |
959 | | unsigned flags) |
960 | 0 | { |
961 | 0 | hello_ext_entry_st tmp_mod; |
962 | 0 | hello_ext_entry_st *exts; |
963 | 0 | unsigned i; |
964 | 0 | unsigned gid = GNUTLS_EXTENSION_MAX + 1; |
965 | | |
966 | | /* reject handling any extensions which modify the TLS handshake |
967 | | * in any way, or are mapped to an exported API. */ |
968 | 0 | for (i = 0; i < GNUTLS_EXTENSION_MAX; i++) { |
969 | 0 | if (!extfunc[i]) |
970 | 0 | continue; |
971 | | |
972 | 0 | if (extfunc[i]->tls_id == id) { |
973 | 0 | if (!(flags & GNUTLS_EXT_FLAG_OVERRIDE_INTERNAL)) { |
974 | 0 | return gnutls_assert_val( |
975 | 0 | GNUTLS_E_ALREADY_REGISTERED); |
976 | 0 | } else if (extfunc[i]->cannot_be_overriden) { |
977 | 0 | return gnutls_assert_val( |
978 | 0 | GNUTLS_E_ALREADY_REGISTERED); |
979 | 0 | } |
980 | 0 | break; |
981 | 0 | } |
982 | | |
983 | 0 | if (extfunc[i]->gid >= gid) |
984 | 0 | gid = extfunc[i]->gid + 1; |
985 | 0 | } |
986 | | |
987 | 0 | for (i = 0; i < session->internals.rexts_size; i++) { |
988 | 0 | if (session->internals.rexts[i].tls_id == id) { |
989 | 0 | return gnutls_assert_val(GNUTLS_E_ALREADY_REGISTERED); |
990 | 0 | } |
991 | | |
992 | 0 | if (session->internals.rexts[i].gid >= gid) |
993 | 0 | gid = session->internals.rexts[i].gid + 1; |
994 | 0 | } |
995 | | |
996 | 0 | if (gid > GNUTLS_EXTENSION_MAX_VALUE) |
997 | 0 | return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); |
998 | | |
999 | 0 | memset(&tmp_mod, 0, sizeof(hello_ext_entry_st)); |
1000 | 0 | tmp_mod.name = gnutls_strdup(name); |
1001 | 0 | if (tmp_mod.name == NULL) |
1002 | 0 | return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); |
1003 | | |
1004 | 0 | tmp_mod.free_struct = 1; |
1005 | 0 | tmp_mod.tls_id = id; |
1006 | 0 | tmp_mod.gid = gid; |
1007 | 0 | tmp_mod.client_parse_point = parse_point; |
1008 | 0 | tmp_mod.server_parse_point = parse_point; |
1009 | 0 | tmp_mod.recv_func = recv_func; |
1010 | 0 | tmp_mod.send_func = send_func; |
1011 | 0 | tmp_mod.deinit_func = deinit_func; |
1012 | 0 | tmp_mod.pack_func = pack_func; |
1013 | 0 | tmp_mod.unpack_func = unpack_func; |
1014 | 0 | tmp_mod.validity = flags; |
1015 | |
|
1016 | 0 | if ((tmp_mod.validity & VALIDITY_MASK) == 0) { |
1017 | 0 | tmp_mod.validity = GNUTLS_EXT_FLAG_CLIENT_HELLO | |
1018 | 0 | GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO | |
1019 | 0 | GNUTLS_EXT_FLAG_EE; |
1020 | 0 | } |
1021 | |
|
1022 | 0 | if ((tmp_mod.validity & (GNUTLS_EXT_FLAG_DTLS | GNUTLS_EXT_FLAG_TLS)) == |
1023 | 0 | 0) { |
1024 | 0 | if (IS_DTLS(session)) |
1025 | 0 | tmp_mod.validity |= GNUTLS_EXT_FLAG_DTLS; |
1026 | 0 | else |
1027 | 0 | tmp_mod.validity |= GNUTLS_EXT_FLAG_TLS; |
1028 | 0 | } |
1029 | |
|
1030 | 0 | if (unlikely(INT_ADD_OVERFLOW(session->internals.rexts_size, 1))) { |
1031 | 0 | gnutls_free(tmp_mod.name); |
1032 | 0 | return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); |
1033 | 0 | } |
1034 | | |
1035 | 0 | exts = _gnutls_reallocarray(session->internals.rexts, |
1036 | 0 | session->internals.rexts_size + 1, |
1037 | 0 | sizeof(*exts)); |
1038 | 0 | if (exts == NULL) { |
1039 | 0 | gnutls_free(tmp_mod.name); |
1040 | 0 | return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); |
1041 | 0 | } |
1042 | | |
1043 | 0 | session->internals.rexts = exts; |
1044 | |
|
1045 | 0 | memcpy(&session->internals.rexts[session->internals.rexts_size], |
1046 | 0 | &tmp_mod, sizeof(hello_ext_entry_st)); |
1047 | 0 | session->internals.rexts_size++; |
1048 | |
|
1049 | 0 | return 0; |
1050 | 0 | } |
1051 | | |
1052 | | /** |
1053 | | * gnutls_ext_set_data: |
1054 | | * @session: a #gnutls_session_t opaque pointer |
1055 | | * @tls_id: the numeric id of the extension |
1056 | | * @data: the private data to set |
1057 | | * |
1058 | | * This function allows an extension handler to store data in the current session |
1059 | | * and retrieve them later on. The set data will be deallocated using |
1060 | | * the gnutls_ext_deinit_data_func. |
1061 | | * |
1062 | | * Since: 3.4.0 |
1063 | | **/ |
1064 | | void gnutls_ext_set_data(gnutls_session_t session, unsigned tls_id, |
1065 | | gnutls_ext_priv_data_t data) |
1066 | 0 | { |
1067 | 0 | unsigned id = tls_id_to_gid(session, tls_id); |
1068 | 0 | if (id == GNUTLS_EXTENSION_INVALID) |
1069 | 0 | return; |
1070 | | |
1071 | 0 | _gnutls_hello_ext_set_priv(session, id, data); |
1072 | 0 | } |
1073 | | |
1074 | | /** |
1075 | | * gnutls_ext_get_data: |
1076 | | * @session: a #gnutls_session_t opaque pointer |
1077 | | * @tls_id: the numeric id of the extension |
1078 | | * @data: a pointer to the private data to retrieve |
1079 | | * |
1080 | | * This function retrieves any data previously stored with gnutls_ext_set_data(). |
1081 | | * |
1082 | | * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code. |
1083 | | * |
1084 | | * Since: 3.4.0 |
1085 | | **/ |
1086 | | int gnutls_ext_get_data(gnutls_session_t session, unsigned tls_id, |
1087 | | gnutls_ext_priv_data_t *data) |
1088 | 0 | { |
1089 | 0 | unsigned id = tls_id_to_gid(session, tls_id); |
1090 | 0 | if (id == GNUTLS_EXTENSION_INVALID) |
1091 | 0 | return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); |
1092 | | |
1093 | 0 | return _gnutls_hello_ext_get_priv(session, id, data); |
1094 | 0 | } |
1095 | | |
1096 | | /** |
1097 | | * gnutls_ext_get_current_msg: |
1098 | | * @session: a #gnutls_session_t opaque pointer |
1099 | | * |
1100 | | * This function allows an extension handler to obtain the message |
1101 | | * this extension is being called from. The returned value is a single |
1102 | | * entry of the %gnutls_ext_flags_t enumeration. That is, if an |
1103 | | * extension was registered with the %GNUTLS_EXT_FLAG_HRR and |
1104 | | * %GNUTLS_EXT_FLAG_EE flags, the value when called during parsing of the |
1105 | | * encrypted extensions message will be %GNUTLS_EXT_FLAG_EE. |
1106 | | * |
1107 | | * If not called under an extension handler, its value is undefined. |
1108 | | * |
1109 | | * Since: 3.6.3 |
1110 | | **/ |
1111 | | unsigned gnutls_ext_get_current_msg(gnutls_session_t session) |
1112 | 0 | { |
1113 | 0 | return _gnutls_ext_get_msg(session); |
1114 | 0 | } |
1115 | | |
1116 | | /** |
1117 | | * gnutls_ext_get_name2: |
1118 | | * @session: a #gnutls_session_t opaque pointer |
1119 | | * @tls_id: is a TLS extension numeric ID |
1120 | | * @parse_point: the parse type of the extension |
1121 | | * |
1122 | | * Convert a TLS extension numeric ID to a printable string. |
1123 | | * |
1124 | | * Returns: a pointer to a string that contains the name of the |
1125 | | * specified cipher, or %NULL. |
1126 | | **/ |
1127 | | const char *gnutls_ext_get_name2(gnutls_session_t session, unsigned int tls_id, |
1128 | | gnutls_ext_parse_type_t parse_point) |
1129 | 0 | { |
1130 | 0 | const struct hello_ext_entry_st *ext; |
1131 | |
|
1132 | 0 | ext = tls_id_to_ext_entry(session, tls_id, parse_point); |
1133 | 0 | if (ext) |
1134 | 0 | return ext->name; |
1135 | | |
1136 | 0 | return NULL; |
1137 | 0 | } |