Line data Source code
1 : /*
2 : * Copyright (C) 2001-2012 Free Software Foundation, Inc.
3 : * Copyright (C) 2017-2018 Red Hat, Inc.
4 : *
5 : * Author: Nikos Mavrogiannopoulos
6 : *
7 : * This file is part of GnuTLS.
8 : *
9 : * The GnuTLS is free software; you can redistribute it and/or
10 : * modify it under the terms of the GNU Lesser General Public License
11 : * as published by the Free Software Foundation; either version 2.1 of
12 : * the License, or (at your option) any later version.
13 : *
14 : * This library is distributed in the hope that it will be useful, but
15 : * WITHOUT ANY WARRANTY; without even the implied warranty of
16 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 : * Lesser General Public License for more details.
18 : *
19 : * You should have received a copy of the GNU Lesser General Public License
20 : * along with this program. If not, see <https://www.gnu.org/licenses/>
21 : *
22 : */
23 :
24 : /* This file contains the code for the Max Record Size TLS extension.
25 : */
26 :
27 : #include "gnutls_int.h"
28 : #include "errors.h"
29 : #include "num.h"
30 : #include <hello_ext.h>
31 : #include <ext/supported_versions.h>
32 : #include "handshake.h"
33 :
34 : static int supported_versions_recv_params(gnutls_session_t session,
35 : const uint8_t * data,
36 : size_t data_size);
37 : static int supported_versions_send_params(gnutls_session_t session,
38 : gnutls_buffer_st * extdata);
39 :
40 : const hello_ext_entry_st ext_mod_supported_versions = {
41 : .name = "Supported Versions",
42 : .tls_id = 43,
43 : .gid = GNUTLS_EXTENSION_SUPPORTED_VERSIONS,
44 : .validity = GNUTLS_EXT_FLAG_CLIENT_HELLO | GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO |
45 : GNUTLS_EXT_FLAG_TLS13_SERVER_HELLO | GNUTLS_EXT_FLAG_HRR|GNUTLS_EXT_FLAG_TLS,
46 : .client_parse_point = GNUTLS_EXT_VERSION_NEG, /* force parsing prior to EXT_TLS extensions */
47 : .server_parse_point = GNUTLS_EXT_VERSION_NEG,
48 : .recv_func = supported_versions_recv_params,
49 : .send_func = supported_versions_send_params,
50 : .pack_func = NULL,
51 : .unpack_func = NULL,
52 : .deinit_func = NULL,
53 : .cannot_be_overriden = 1
54 : };
55 :
56 : static int
57 7424 : supported_versions_recv_params(gnutls_session_t session,
58 : const uint8_t * data, size_t data_size)
59 : {
60 7424 : const version_entry_st *vers;
61 7424 : uint8_t major, minor;
62 7424 : size_t bytes;
63 7424 : int ret;
64 :
65 7424 : if (session->security_parameters.entity == GNUTLS_SERVER) {
66 6728 : const version_entry_st *old_vers;
67 6728 : const version_entry_st *cli_vers = NULL;
68 :
69 6728 : vers = _gnutls_version_max(session);
70 6728 : old_vers = get_version(session);
71 :
72 : /* do not parse this extension when we haven't TLS1.3
73 : * enabled. That is because we cannot handle earlier protocol
74 : * negotiation (such as SSL3.0) with this */
75 6728 : if (vers && !vers->tls13_sem)
76 : return 0;
77 :
78 6618 : DECR_LEN(data_size, 1);
79 6617 : bytes = data[0];
80 6617 : data++;
81 :
82 6617 : if (bytes % 2 == 1)
83 1 : return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
84 :
85 6616 : DECR_LEN(data_size, bytes);
86 :
87 6615 : if (data_size != 0)
88 1 : return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
89 :
90 19883 : while (bytes > 0) {
91 13269 : major = data[0];
92 13269 : minor = data[1];
93 13269 : data += 2;
94 13269 : bytes -= 2;
95 :
96 13269 : _gnutls_handshake_log("EXT[%p]: Found version: %d.%d\n",
97 : session, (int)major, (int)minor);
98 :
99 13269 : if (!_gnutls_nversion_is_supported(session, major, minor))
100 706 : continue;
101 :
102 : /* Prefer the latest possible version
103 : * regardless of the client's precedence. See
104 : * https://gitlab.com/gnutls/gnutls/issues/837
105 : * for the rationale.
106 : */
107 12563 : if (!cli_vers ||
108 5996 : major > cli_vers->major ||
109 5996 : (major == cli_vers->major &&
110 5996 : minor > cli_vers->minor))
111 6633 : cli_vers = nversion_to_entry(major, minor);
112 : }
113 :
114 6614 : if (!cli_vers)
115 49 : return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET);
116 :
117 6567 : session->security_parameters.pversion = cli_vers;
118 :
119 6567 : _gnutls_handshake_log("EXT[%p]: Negotiated version: %d.%d\n",
120 : session,
121 : (int)cli_vers->major,
122 : (int)cli_vers->minor);
123 :
124 6567 : if (old_vers != cli_vers) {
125 : /* regenerate the random value to set
126 : * downgrade sentinel if necessary
127 : */
128 6252 : ret = _gnutls_gen_server_random(session, cli_vers->id);
129 6252 : if (ret < 0)
130 0 : return gnutls_assert_val(ret);
131 : }
132 :
133 6567 : return 0;
134 : } else { /* client */
135 :
136 696 : if (!have_creds_for_tls13(session)) {
137 : /* if we don't have certificate or PSK (which work under TLS1.3)
138 : * don't try to negotiate version using the extension. We fallback
139 : * instead to the normal TLS negotiation which has a cap on TLS1.2.
140 : */
141 : return 0;
142 : }
143 :
144 696 : DECR_LEN(data_size, 2);
145 :
146 696 : if (data_size != 0)
147 0 : return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
148 :
149 696 : major = data[0];
150 696 : minor = data[1];
151 :
152 696 : vers = nversion_to_entry(major, minor);
153 696 : if (!vers)
154 9 : return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET);
155 :
156 687 : set_adv_version(session, major, minor);
157 :
158 687 : _gnutls_handshake_log("EXT[%p]: Negotiated version: %d.%d\n",
159 : session, (int)major, (int)minor);
160 :
161 687 : if (!vers->tls13_sem)
162 0 : return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
163 :
164 687 : ret = _gnutls_negotiate_version(session, major, minor, 1);
165 687 : if (ret < 0) {
166 0 : gnutls_assert();
167 0 : return ret;
168 : }
169 : }
170 :
171 : return 0;
172 : }
173 :
174 : /* returns data_size or a negative number on failure
175 : */
176 : static int
177 9151 : supported_versions_send_params(gnutls_session_t session,
178 : gnutls_buffer_st * extdata)
179 : {
180 9151 : uint8_t versions[32];
181 9151 : size_t versions_size;
182 9151 : const version_entry_st *vers;
183 9151 : int ret;
184 :
185 : /* this function sends the client extension data (dnsname) */
186 9151 : if (session->security_parameters.entity == GNUTLS_CLIENT) {
187 3467 : vers = _gnutls_version_max(session);
188 :
189 : /* Do not advertise this extension if we are not doing certificate
190 : * or PSK authentication; i.e., do not try to do TLS1.3 if we have
191 : * credentials which do not fit it. */
192 3467 : if (!have_creds_for_tls13(session)) {
193 : /* if we don't have certificate or PSK (which work under TLS1.3)
194 : * don't try to negotiate version using the extension. We fallback
195 : * instead to the normal TLS negotiation which has a cap on TLS1.2.
196 : */
197 : return 0;
198 : }
199 :
200 : /* do not advertise this extension when we haven't TLS1.3
201 : * enabled. */
202 3144 : if (vers && !vers->tls13_sem)
203 : return 0;
204 :
205 1895 : ret = _gnutls_write_supported_versions(session, versions, sizeof(versions));
206 1895 : if (ret <= 0) /* if this function doesn't succeed do not send anything */
207 : return 0;
208 :
209 1895 : versions_size = ret;
210 :
211 1895 : ret = _gnutls_buffer_append_data_prefix(extdata, 8, versions, versions_size);
212 1895 : if (ret < 0)
213 0 : return gnutls_assert_val(ret);
214 :
215 1895 : return versions_size+2;
216 : } else {
217 5684 : vers = get_version(session);
218 5684 : if (unlikely(vers == NULL))
219 0 : return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
220 :
221 : /* don't use this extension to negotiate versions <= 1.2,
222 : * pretend we don't support it, so that we use a single
223 : * code path to negotiate these protocols. */
224 5684 : if (!vers->tls13_sem)
225 : return 0;
226 :
227 5288 : ret = _gnutls_buffer_append_data(extdata, &vers->major, 1);
228 5288 : if (ret < 0)
229 0 : return gnutls_assert_val(ret);
230 :
231 5288 : ret = _gnutls_buffer_append_data(extdata, &vers->minor, 1);
232 5288 : if (ret < 0)
233 0 : return gnutls_assert_val(ret);
234 :
235 : return 2;
236 : }
237 :
238 : return 0;
239 : }
|