source-git / gnutls

Clone
Source Code
GIT

Blame lib/ext/max_record.c

c8 c8s master
  1.   5407aae2555bc159515c32afb1b2910f186b0a21
  2.   lib
  3.   ext
  4.   max_record.c
Blob History Raw
Packit aea12f 
/*
Packit aea12f 
 * Copyright (C) 2001-2012 Free Software Foundation, Inc.
Packit aea12f 
 *
Packit aea12f 
 * Author: Nikos Mavrogiannopoulos
Packit aea12f 
 *
Packit aea12f 
 * This file is part of GnuTLS.
Packit aea12f 
 *
Packit aea12f 
 * The GnuTLS is free software; you can redistribute it and/or
Packit aea12f 
 * modify it under the terms of the GNU Lesser General Public License
Packit aea12f 
 * as published by the Free Software Foundation; either version 2.1 of
Packit aea12f 
 * the License, or (at your option) any later version.
Packit aea12f 
 *
Packit aea12f 
 * This library is distributed in the hope that it will be useful, but
Packit aea12f 
 * WITHOUT ANY WARRANTY; without even the implied warranty of
Packit aea12f 
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
Packit aea12f 
 * Lesser General Public License for more details.
Packit aea12f 
 *
Packit aea12f 
 * You should have received a copy of the GNU Lesser General Public License
Packit aea12f 
 * along with this program.  If not, see <https://www.gnu.org/licenses/>
Packit aea12f 
 *
Packit aea12f 
 */
Packit aea12f
Packit aea12f 
/* This file contains the code for the Max Record Size TLS extension.
Packit aea12f 
 */
Packit aea12f
Packit aea12f 
#include "gnutls_int.h"
Packit aea12f 
#include "errors.h"
Packit aea12f 
#include "num.h"
Packit aea12f 
#include <hello_ext.h>
Packit aea12f 
#include <ext/max_record.h>
Packit aea12f
Packit aea12f 
static int _gnutls_max_record_recv_params(gnutls_session_t session,
Packit aea12f 
					  const uint8_t * data,
Packit aea12f 
					  size_t data_size);
Packit aea12f 
static int _gnutls_max_record_send_params(gnutls_session_t session,
Packit aea12f 
					  gnutls_buffer_st * extdata);
Packit aea12f
Packit aea12f 
/* Maps record size to numbers according to the
Packit aea12f 
 * extensions draft.
Packit aea12f 
 */
Packit aea12f 
static int _gnutls_mre_num2record(int num);
Packit aea12f 
static int _gnutls_mre_record2num(uint16_t record_size);
Packit aea12f
Packit aea12f
Packit aea12f 
const hello_ext_entry_st ext_mod_max_record_size = {
Packit aea12f 
	.name = "Maximum Record Size",
Packit aea12f 
	.tls_id = 1,
Packit aea12f 
	.gid = GNUTLS_EXTENSION_MAX_RECORD_SIZE,
Packit aea12f 
	.parse_type = GNUTLS_EXT_TLS,
Packit aea12f 
	.validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_DTLS | GNUTLS_EXT_FLAG_CLIENT_HELLO |
Packit aea12f 
		    GNUTLS_EXT_FLAG_EE | GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
Packit aea12f 
	.recv_func = _gnutls_max_record_recv_params,
Packit aea12f 
	.send_func = _gnutls_max_record_send_params
Packit aea12f 
};
Packit aea12f
Packit aea12f 
/*
Packit aea12f 
 * In case of a server: if a MAX_RECORD_SIZE extension type is received then it stores
Packit aea12f 
 * into the session the new value. The server may use gnutls_get_max_record_size(),
Packit aea12f 
 * in order to access it.
Packit aea12f 
 *
Packit aea12f 
 * In case of a client: If a different max record size (than the default) has
Packit aea12f 
 * been specified then it sends the extension.
Packit aea12f 
 *
Packit aea12f 
 */
Packit aea12f
Packit aea12f 
static int
Packit aea12f 
_gnutls_max_record_recv_params(gnutls_session_t session,
Packit 5407aa 
			       const uint8_t * data, size_t data_size)
Packit aea12f 
{
Packit aea12f 
	ssize_t new_size;
Packit aea12f
Packit aea12f 
	if (session->internals.hsk_flags & HSK_RECORD_SIZE_LIMIT_NEGOTIATED)
Packit aea12f 
		return 0;
Packit aea12f
Packit aea12f 
	if (session->security_parameters.entity == GNUTLS_SERVER) {
Packit aea12f 
		if (data_size > 0) {
Packit aea12f 
			DECR_LEN(data_size, 1);
Packit aea12f
Packit aea12f 
			new_size = _gnutls_mre_num2record(data[0]);
Packit aea12f
Packit aea12f 
			if (new_size < 0) {
Packit aea12f 
				gnutls_assert();
Packit aea12f 
				return new_size;
Packit aea12f 
			}
Packit aea12f
Packit aea12f 
			session->security_parameters.max_record_send_size =
Packit aea12f 
			    new_size;
Packit aea12f 
			session->security_parameters.max_record_recv_size =
Packit aea12f 
			    new_size;
Packit aea12f 
		}
Packit aea12f 
	} else {		/* CLIENT SIDE - we must check if the sent record size is the right one
Packit aea12f 
				 */
Packit aea12f 
		if (data_size > 0) {
Packit aea12f 
			if (data_size != 1) {
Packit aea12f 
				gnutls_assert();
Packit aea12f 
				return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
Packit aea12f 
			}
Packit aea12f
Packit aea12f 
			new_size = _gnutls_mre_num2record(data[0]);
Packit aea12f
Packit aea12f 
			if (new_size < 0) {
Packit aea12f 
				gnutls_assert();
Packit aea12f 
				return new_size;
Packit aea12f 
			}
Packit aea12f
Packit aea12f 
			if (new_size != session->security_parameters.
Packit aea12f 
			    max_user_record_send_size) {
Packit aea12f 
				gnutls_assert();
Packit aea12f 
				return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
Packit aea12f 
			} else {
Packit aea12f 
				session->security_parameters.
Packit aea12f 
				    max_record_send_size = new_size;
Packit aea12f 
				session->security_parameters.
Packit aea12f 
				    max_record_recv_size = new_size;
Packit aea12f 
			}
Packit aea12f
Packit aea12f 
		}
Packit aea12f
Packit aea12f
Packit aea12f 
	}
Packit aea12f
Packit aea12f 
	return 0;
Packit aea12f 
}
Packit aea12f
Packit aea12f 
/* returns data_size or a negative number on failure
Packit aea12f 
 */
Packit aea12f 
static int
Packit aea12f 
_gnutls_max_record_send_params(gnutls_session_t session,
Packit aea12f 
			       gnutls_buffer_st * extdata)
Packit aea12f 
{
Packit aea12f 
	uint8_t p;
Packit aea12f 
	int ret;
Packit aea12f
Packit aea12f 
	/* this function sends the client extension data (dnsname) */
Packit aea12f 
	if (session->security_parameters.entity == GNUTLS_CLIENT) {
Packit aea12f 
		/* if the user limits for sending and receiving are
Packit aea12f 
		 * different, that means the programmer had chosen to
Packit aea12f 
		 * use record_size_limit instead */
Packit aea12f 
		if (session->security_parameters.max_user_record_send_size !=
Packit aea12f 
		    session->security_parameters.max_user_record_recv_size)
Packit aea12f 
			return 0;
Packit aea12f
Packit aea12f 
		if (session->security_parameters.max_user_record_send_size !=
Packit aea12f 
		    DEFAULT_MAX_RECORD_SIZE) {
Packit aea12f 
			ret = _gnutls_mre_record2num
Packit aea12f 
			      (session->security_parameters.
Packit aea12f 
			       max_user_record_send_size);
Packit aea12f
Packit aea12f 
			/* it's not an error, as long as we send the
Packit aea12f 
			 * record_size_limit extension with that value */
Packit aea12f 
			if (ret < 0)
Packit aea12f 
				return 0;
Packit aea12f
Packit aea12f 
			p = (uint8_t) ret;
Packit aea12f 
			ret = _gnutls_buffer_append_data(extdata, &p, 1);
Packit aea12f 
			if (ret < 0)
Packit aea12f 
				return gnutls_assert_val(ret);
Packit aea12f
Packit aea12f 
			return 1;
Packit aea12f 
		}
Packit aea12f
Packit aea12f 
	} else {		/* server side */
Packit aea12f
Packit aea12f 
		if (session->internals.hsk_flags & HSK_RECORD_SIZE_LIMIT_SENT)
Packit aea12f 
			return 0;
Packit aea12f
Packit aea12f 
		if (session->security_parameters.max_record_recv_size !=
Packit aea12f 
		    DEFAULT_MAX_RECORD_SIZE) {
Packit aea12f 
			ret = _gnutls_mre_record2num
Packit aea12f 
			      (session->security_parameters.
Packit aea12f 
			       max_record_recv_size);
Packit aea12f 
			if (ret < 0)
Packit aea12f 
				return gnutls_assert_val(ret);
Packit aea12f
Packit aea12f 
			p = (uint8_t) ret;
Packit aea12f 
			ret = _gnutls_buffer_append_data(extdata, &p, 1);
Packit aea12f 
			if (ret < 0)
Packit aea12f 
				return gnutls_assert_val(ret);
Packit aea12f
Packit aea12f 
			return 1;
Packit aea12f 
		}
Packit aea12f 
	}
Packit aea12f
Packit aea12f 
	return 0;
Packit aea12f 
}
Packit aea12f
Packit aea12f
Packit aea12f 
/* Maps numbers to record sizes according to the
Packit aea12f 
 * extensions draft.
Packit aea12f 
 */
Packit aea12f 
static int _gnutls_mre_num2record(int num)
Packit aea12f 
{
Packit aea12f 
	switch (num) {
Packit aea12f 
	case 1:
Packit aea12f 
		return 512;
Packit aea12f 
	case 2:
Packit aea12f 
		return 1024;
Packit aea12f 
	case 3:
Packit aea12f 
		return 2048;
Packit aea12f 
	case 4:
Packit aea12f 
		return 4096;
Packit aea12f 
	default:
Packit aea12f 
		return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
Packit aea12f 
	}
Packit aea12f 
}
Packit aea12f
Packit aea12f 
/* Maps record size to numbers according to the
Packit aea12f 
 * extensions draft.
Packit aea12f 
 */
Packit aea12f 
static int _gnutls_mre_record2num(uint16_t record_size)
Packit aea12f 
{
Packit aea12f 
	switch (record_size) {
Packit aea12f 
	case 512:
Packit aea12f 
		return 1;
Packit aea12f 
	case 1024:
Packit aea12f 
		return 2;
Packit aea12f 
	case 2048:
Packit aea12f 
		return 3;
Packit aea12f 
	case 4096:
Packit aea12f 
		return 4;
Packit aea12f 
	default:
Packit aea12f 
		return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
Packit aea12f 
	}
Packit aea12f
Packit aea12f 
}
Packit aea12f
Packit aea12f 
/**
Packit aea12f 
 * gnutls_record_get_max_size:
Packit aea12f 
 * @session: is a #gnutls_session_t type.
Packit aea12f 
 *
Packit aea12f 
 * Get the record size.  The maximum record size is negotiated by the
Packit aea12f 
 * client after the first handshake message.
Packit aea12f 
 *
Packit aea12f 
 * Returns: The maximum record packet size in this connection.
Packit aea12f 
 **/
Packit aea12f 
size_t gnutls_record_get_max_size(gnutls_session_t session)
Packit aea12f 
{
Packit aea12f 
	/* Recv will hold the negotiated max record size
Packit aea12f 
	 * always.
Packit aea12f 
	 */
Packit aea12f 
	return session->security_parameters.max_record_recv_size;
Packit aea12f 
}
Packit aea12f
Packit aea12f
Packit aea12f 
/**
Packit aea12f 
 * gnutls_record_set_max_size:
Packit aea12f 
 * @session: is a #gnutls_session_t type.
Packit aea12f 
 * @size: is the new size
Packit aea12f 
 *
Packit aea12f 
 * This function sets the maximum amount of plaintext sent and
Packit aea12f 
 * received in a record in this connection.
Packit aea12f 
 *
Packit aea12f 
 * Prior to 3.6.4, this function was implemented using a TLS extension
Packit aea12f 
 * called 'max fragment length', which limits the acceptable values to
Packit aea12f 
 * 512(=2^9), 1024(=2^10), 2048(=2^11) and 4096(=2^12).
Packit aea12f 
 *
Packit aea12f 
 * Since 3.6.4, the limit is also negotiated through a new TLS
Packit aea12f 
 * extension called 'record size limit', which doesn't have the
Packit aea12f 
 * limitation, as long as the value ranges between 512 and 16384.
Packit aea12f 
 * Note that while the 'record size limit' extension is preferred, not
Packit aea12f 
 * all TLS implementations use or even understand the extension.
Packit aea12f 
 *
Packit aea12f 
 * Deprecated: if the client can assume that the 'record size limit'
Packit aea12f 
 * extension is supported by the server, we recommend using
Packit aea12f 
 * gnutls_record_set_max_recv_size() instead.
Packit aea12f 
 *
Packit aea12f 
 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned,
Packit aea12f 
 *   otherwise a negative error code is returned.
Packit aea12f 
 **/
Packit aea12f 
ssize_t gnutls_record_set_max_size(gnutls_session_t session, size_t size)
Packit aea12f 
{
Packit aea12f 
	if (size < MIN_RECORD_SIZE || size > DEFAULT_MAX_RECORD_SIZE)
Packit aea12f 
		return GNUTLS_E_INVALID_REQUEST;
Packit aea12f
Packit aea12f 
	if (session->internals.handshake_in_progress)
Packit aea12f 
		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
Packit aea12f
Packit aea12f 
	session->security_parameters.max_user_record_send_size = size;
Packit aea12f 
	session->security_parameters.max_user_record_recv_size = size;
Packit aea12f
Packit aea12f 
	return 0;
Packit aea12f 
}
Packit aea12f
Packit aea12f 
/**
Packit aea12f 
 * gnutls_record_set_max_recv_size:
Packit aea12f 
 * @session: is a #gnutls_session_t type.
Packit aea12f 
 * @size: is the new size
Packit aea12f 
 *
Packit aea12f 
 * This function sets the maximum amount of plaintext received in a
Packit aea12f 
 * record in this connection.
Packit aea12f 
 *
Packit aea12f 
 * The limit is also negotiated through a TLS extension called 'record
Packit aea12f 
 * size limit'.  Note that while the 'record size limit' extension is
Packit aea12f 
 * preferred, not all TLS implementations use or even understand the
Packit aea12f 
 * extension.
Packit aea12f 
 *
Packit aea12f 
 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned,
Packit aea12f 
 *   otherwise a negative error code is returned.
Packit aea12f 
 *
Packit aea12f 
 * Since: 3.6.8
Packit aea12f 
 **/
Packit aea12f 
ssize_t gnutls_record_set_max_recv_size(gnutls_session_t session, size_t size)
Packit aea12f 
{
Packit aea12f 
	if (size <
Packit aea12f 
	    (session->internals.allow_small_records ?
Packit aea12f 
	     MIN_RECORD_SIZE_SMALL : MIN_RECORD_SIZE) ||
Packit aea12f 
	    size > DEFAULT_MAX_RECORD_SIZE)
Packit aea12f 
		return GNUTLS_E_INVALID_REQUEST;
Packit aea12f
Packit aea12f 
	if (session->internals.handshake_in_progress)
Packit aea12f 
		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
Packit aea12f
Packit aea12f 
	session->security_parameters.max_user_record_recv_size = size;
Packit aea12f
Packit aea12f 
	return 0;
Packit aea12f 
}

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation