diff options
author | Daiki Ueno <dueno@redhat.com> | 2018-11-01 13:43:17 +0100 |
---|---|---|
committer | Daiki Ueno <dueno@redhat.com> | 2018-11-01 13:43:17 +0100 |
commit | ba4c0ced0159c1fc871c5c61a24b7e6927bbe9b1 (patch) | |
tree | 1cb11941ae2e54595301454a625c6d4491da3afd | |
parent | c7cabc18e193d556583d4adb1905d79602d0f8b0 (diff) | |
download | gnutls-tmp-fix-record-size-limit-tls12.tar.gz |
ext/record_size_limit: handle the extension in TLS 1.2 ServerHellotmp-fix-record-size-limit-tls12
Previously it had assumed that TLS 1.2 servers don't send the
extension, while actually it can be present in ServerHello.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
-rw-r--r-- | lib/ext/record_size_limit.c | 2 | ||||
-rw-r--r-- | tests/tls-record-size-limit.c | 26 |
2 files changed, 19 insertions, 9 deletions
diff --git a/lib/ext/record_size_limit.c b/lib/ext/record_size_limit.c index bb8d0c4d97..811e2ea93f 100644 --- a/lib/ext/record_size_limit.c +++ b/lib/ext/record_size_limit.c @@ -41,7 +41,7 @@ const hello_ext_entry_st ext_mod_record_size_limit = { .gid = GNUTLS_EXTENSION_RECORD_SIZE_LIMIT, .parse_type = GNUTLS_EXT_TLS, .validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_DTLS | GNUTLS_EXT_FLAG_CLIENT_HELLO | - GNUTLS_EXT_FLAG_EE, + GNUTLS_EXT_FLAG_EE | GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO, .recv_func = _gnutls_record_size_limit_recv_params, .send_func = _gnutls_record_size_limit_send_params }; diff --git a/tests/tls-record-size-limit.c b/tests/tls-record-size-limit.c index 7a56c0ec64..8c9729719f 100644 --- a/tests/tls-record-size-limit.c +++ b/tests/tls-record-size-limit.c @@ -116,8 +116,19 @@ static int handshake_callback(gnutls_session_t session, unsigned int htype, ret = gnutls_ext_raw_parse(&client_handshake_cb_data, ext_callback, msg, 0); assert(ret >= 0); break; + case GNUTLS_HANDSHAKE_SERVER_HELLO: + assert(msg->size >= HANDSHAKE_SESSION_ID_POS); + pos = HANDSHAKE_SESSION_ID_POS; + SKIP8(pos, msg->size); + pos += 3; + + mmsg.data = &msg->data[pos]; + mmsg.size = msg->size - pos; + ret = gnutls_ext_raw_parse(&client_handshake_cb_data, ext_callback, &mmsg, 0); + assert(ret >= 0); + break; default: - abort(); + break; } return 0; } @@ -201,7 +212,6 @@ static void start(const struct test_st *test) /* Init client */ - ret = gnutls_certificate_allocate_credentials(&clientx509cred); if (ret < 0) exit(1); @@ -239,7 +249,7 @@ static void start(const struct test_st *test) client_handshake_cb_data.session = client; gnutls_handshake_set_hook_function(client, - GNUTLS_HANDSHAKE_ENCRYPTED_EXTENSIONS, + GNUTLS_HANDSHAKE_ANY, GNUTLS_HOOK_POST, handshake_callback); @@ -294,7 +304,7 @@ static const struct test_st tests[] = { }, .expect_client_ext = { .max_record_size = 0, - .record_size_limit = 0 + .record_size_limit = 1 } }, { @@ -308,7 +318,7 @@ static const struct test_st tests[] = { }, .expect_client_ext = { .max_record_size = 0, - .record_size_limit = 0 + .record_size_limit = 1 } }, { @@ -322,7 +332,7 @@ static const struct test_st tests[] = { }, .expect_client_ext = { .max_record_size = 0, - .record_size_limit = 0 + .record_size_limit = 1 } }, { @@ -336,7 +346,7 @@ static const struct test_st tests[] = { }, .expect_client_ext = { .max_record_size = 0, - .record_size_limit = 0 + .record_size_limit = 1 } }, { @@ -350,7 +360,7 @@ static const struct test_st tests[] = { }, .expect_client_ext = { .max_record_size = 0, - .record_size_limit = 0 + .record_size_limit = 1 } }, |