diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-02-23 09:55:50 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-02-26 08:45:08 +0100 |
commit | 8c0e18585f96d4cfd046598a9d40c94eabff0b33 (patch) | |
tree | 9875594d70f09e63f881a82fa71487c4fe1c3208 /lib | |
parent | 3684ce08e4dd419a3d42c66b4042d8d3fd767c35 (diff) | |
download | gnutls-8c0e18585f96d4cfd046598a9d40c94eabff0b33.tar.gz |
gnutls_ext_raw_parse: introduced function
That function can be combined with callbacks like
gnutls_handshake_set_hook_function() for applications to
be able to process messages when necessary.
Resolves #382
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/extv.c | 75 | ||||
-rw-r--r-- | lib/extv.h | 2 | ||||
-rw-r--r-- | lib/hello_ext.c | 2 | ||||
-rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 4 | ||||
-rw-r--r-- | lib/libgnutls.map | 1 | ||||
-rw-r--r-- | lib/tls13/certificate.c | 4 | ||||
-rw-r--r-- | lib/tls13/certificate_request.c | 13 | ||||
-rw-r--r-- | lib/tls13/session_ticket.c | 4 |
8 files changed, 91 insertions, 14 deletions
diff --git a/lib/extv.c b/lib/extv.c index 32dbc942fe..0abfd370fb 100644 --- a/lib/extv.c +++ b/lib/extv.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2017 Red Hat, Inc. + * Copyright (C) 2017-2018 Red Hat, Inc. * * Author: Nikos Mavrogiannopoulos * @@ -28,7 +28,7 @@ /* Iterates through all extensions found, and calls the cb() * function with their data */ int _gnutls_extv_parse(void *ctx, - int (*cb)(void *ctx, uint16_t tls_id, const uint8_t *data, int data_size), + gnutls_ext_raw_process_func cb, const uint8_t * data, int data_size) { int next, ret; @@ -75,7 +75,78 @@ int _gnutls_extv_parse(void *ctx, return gnutls_assert_val(GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH); return 0; +} + +#define HANDSHAKE_SESSION_ID_POS (34) +/** + * gnutls_ext_raw_parse: + * @ctx: a pointer to pass to callback function + * @cb: callback function to process each extension found + * @data: TLS extension data + * @flags: should be zero or %GNUTLS_EXT_RAW_FLAG_CLIENT_HELLO + * + * This function iterates through the TLS extensions as passed in + * @data, passing the individual extension data to callback. The + * @data must conform to Extension extensions<0..2^16-1> format. + * + * If flags is %GNUTLS_EXT_RAW_FLAG_CLIENT_HELLO then this function + * will parse the extension data from the position, as if the packet in + * @data is a client hello (without record or handshake headers) - + * as provided by gnutls_handshake_set_hook_function(). + * + * The return value of the callback will be propagated. + * + * Returns: %GNUTLS_E_SUCCESS on success, or an error code. On unknown + * flags it returns %GNUTLS_E_INVALID_REQUEST. + * + * Since: 3.6.3 + **/ +int gnutls_ext_raw_parse(void *ctx, gnutls_ext_raw_process_func cb, + const gnutls_datum_t *data, unsigned int flags) +{ + if (flags & GNUTLS_EXT_RAW_FLAG_CLIENT_HELLO) { + ssize_t size = data->size; + size_t len; + uint8_t *p = data->data; + + DECR_LEN(size, HANDSHAKE_SESSION_ID_POS); + + if (p[0] != 0x03) + return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET); + + p += HANDSHAKE_SESSION_ID_POS; + + /* skip session id */ + DECR_LEN(size, 1); + len = p[0]; + p++; + DECR_LEN(size, len); + p += len; + + /* CipherSuites */ + DECR_LEN(size, 2); + len = _gnutls_read_uint16(p); + p += 2; + DECR_LEN(size, len); + p += len; + + /* legacy_compression_methods */ + DECR_LEN(size, 1); + len = p[0]; + p++; + DECR_LEN(size, len); + p += len; + + if (size <= 0) + return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + + return _gnutls_extv_parse(ctx, cb, p, size); + } + + if (flags != 0) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + return _gnutls_extv_parse(ctx, cb, data->data, data->size); } /* Returns: diff --git a/lib/extv.h b/lib/extv.h index b5089efed5..9f13f7a2ce 100644 --- a/lib/extv.h +++ b/lib/extv.h @@ -30,7 +30,7 @@ * calls the callback function for each of them. The ctx, flags * and parse_type are passed verbatim to callback. */ int _gnutls_extv_parse(void *ctx, - int (*cb)(void *ctx, uint16_t tls_id, const uint8_t *data, int data_size), + gnutls_ext_raw_process_func cb, const uint8_t * data, int data_size); inline static diff --git a/lib/hello_ext.c b/lib/hello_ext.c index 4a4b2cc675..844b570061 100644 --- a/lib/hello_ext.c +++ b/lib/hello_ext.c @@ -195,7 +195,7 @@ typedef struct hello_ext_ctx_st { } hello_ext_ctx_st; static -int hello_ext_parse(void *_ctx, uint16_t tls_id, const uint8_t *data, int data_size) +int hello_ext_parse(void *_ctx, unsigned tls_id, const uint8_t *data, unsigned data_size) { hello_ext_ctx_st *ctx = _ctx; gnutls_session_t session = ctx->session; diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index dd123aaf4e..b9142519aa 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -2708,6 +2708,10 @@ typedef int (*gnutls_ext_pack_func) (gnutls_ext_priv_data_t data, typedef int (*gnutls_ext_unpack_func) (gnutls_buffer_t packed_data, gnutls_ext_priv_data_t *data); +#define GNUTLS_EXT_RAW_FLAG_CLIENT_HELLO 1 +typedef int (*gnutls_ext_raw_process_func)(void *ctx, unsigned tls_id, const unsigned char *data, unsigned data_size); +int gnutls_ext_raw_parse(void *ctx, gnutls_ext_raw_process_func cb, + const gnutls_datum_t *data, unsigned int flags); /** * gnutls_ext_parse_type_t: diff --git a/lib/libgnutls.map b/lib/libgnutls.map index 5d7d7a5ace..07aaf714cc 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -1214,6 +1214,7 @@ GNUTLS_3_6_3 gnutls_certificate_set_ocsp_status_request_mem; gnutls_certificate_get_ocsp_expiration; gnutls_record_send2; + gnutls_ext_raw_parse; } GNUTLS_3_6_2; GNUTLS_FIPS140_3_4 { diff --git a/lib/tls13/certificate.c b/lib/tls13/certificate.c index 1d688de0b2..ad05f372c5 100644 --- a/lib/tls13/certificate.c +++ b/lib/tls13/certificate.c @@ -29,7 +29,7 @@ #include "mbuffers.h" #include "ext/status_request.h" -static int parse_cert_extension(void *ctx, uint16_t tls_id, const uint8_t *data, int data_size); +static int parse_cert_extension(void *ctx, unsigned tls_id, const uint8_t *data, unsigned data_size); static int parse_cert_list(gnutls_session_t session, uint8_t * data, size_t data_size); int _gnutls13_recv_certificate(gnutls_session_t session) @@ -309,7 +309,7 @@ typedef struct crt_cert_ctx_st { unsigned idx; } crt_cert_ctx_st; -static int parse_cert_extension(void *_ctx, uint16_t tls_id, const uint8_t *data, int data_size) +static int parse_cert_extension(void *_ctx, unsigned tls_id, const uint8_t *data, unsigned data_size) { crt_cert_ctx_st *ctx = _ctx; gnutls_session_t session = ctx->session; diff --git a/lib/tls13/certificate_request.c b/lib/tls13/certificate_request.c index 959603f477..4e7c104afb 100644 --- a/lib/tls13/certificate_request.c +++ b/lib/tls13/certificate_request.c @@ -55,10 +55,11 @@ static unsigned is_algo_in_list(gnutls_pk_algorithm_t algo, gnutls_pk_algorithm_ } static -int parse_cert_extension(void *_ctx, uint16_t tls_id, const uint8_t *data, int data_size) +int parse_cert_extension(void *_ctx, unsigned tls_id, const uint8_t *data, unsigned data_size) { crt_req_ctx_st *ctx = _ctx; gnutls_session_t session = ctx->session; + unsigned v; int ret; /* Decide which certificate to use if the signature algorithms extension @@ -78,8 +79,8 @@ int parse_cert_extension(void *_ctx, uint16_t tls_id, const uint8_t *data, int d if (data_size < 2) return gnutls_assert_val(GNUTLS_E_TLS_PACKET_DECODING_ERROR); - ret = _gnutls_read_uint16(data); - if (ret != data_size-2) + v = _gnutls_read_uint16(data); + if (v != data_size-2) return gnutls_assert_val(GNUTLS_E_TLS_PACKET_DECODING_ERROR); data += 2; @@ -111,12 +112,12 @@ int parse_cert_extension(void *_ctx, uint16_t tls_id, const uint8_t *data, int d return gnutls_assert_val(GNUTLS_E_TLS_PACKET_DECODING_ERROR); } - ret = _gnutls_read_uint16(data); - if (ret != data_size-2) + v = _gnutls_read_uint16(data); + if (v != data_size-2) return gnutls_assert_val(GNUTLS_E_TLS_PACKET_DECODING_ERROR); ctx->rdn = data+2; - ctx->rdn_size = ret; + ctx->rdn_size = v; } return 0; diff --git a/lib/tls13/session_ticket.c b/lib/tls13/session_ticket.c index 3dbec9260f..d5d62f433f 100644 --- a/lib/tls13/session_ticket.c +++ b/lib/tls13/session_ticket.c @@ -27,7 +27,7 @@ #include "tls13/session_ticket.h" #include "auth/cert.h" -static int parse_nst_extension(void *ctx, uint16_t tls_id, const uint8_t *data, int data_size); +static int parse_nst_extension(void *ctx, unsigned tls_id, const uint8_t *data, unsigned data_size); int _gnutls13_recv_session_ticket(gnutls_session_t session, gnutls_buffer_st *buf) { @@ -76,7 +76,7 @@ cleanup: return ret; } -static int parse_nst_extension(void *ctx, uint16_t tls_id, const uint8_t *data, int data_size) +static int parse_nst_extension(void *ctx, unsigned tls_id, const uint8_t *data, unsigned data_size) { /* ignore all extensions */ return 0; |