29
29
#include "gnutls_num.h"
30
30
#include <ext_server_name.h>
32
static int _gnutls_server_name_recv_params (gnutls_session_t session,
35
static int _gnutls_server_name_send_params (gnutls_session_t session,
36
opaque * data, size_t);
38
static int _gnutls_server_name_unpack (gnutls_buffer_st * ps,
39
extension_priv_data_t * _priv);
40
static int _gnutls_server_name_pack (extension_priv_data_t _priv,
41
gnutls_buffer_st * ps);
42
static void _gnutls_server_name_deinit_data (extension_priv_data_t priv);
45
extension_entry_st ext_mod_server_name = {
46
.name = "SERVER NAME",
47
.type = GNUTLS_EXTENSION_SERVER_NAME,
48
.parse_type = GNUTLS_EXT_APPLICATION,
50
.recv_func = _gnutls_server_name_recv_params,
51
.send_func = _gnutls_server_name_send_params,
52
.pack_func = _gnutls_server_name_pack,
53
.unpack_func = _gnutls_server_name_unpack,
54
.deinit_func = _gnutls_server_name_deinit_data,
33
58
* In case of a server: if a NAME_DNS extension type is received then
34
59
* it stores into the session the value of NAME_DNS. The server may
55
81
len = _gnutls_read_uint16 (data);
57
83
if (len != data_size)
59
/* This is unexpected packet length, but
60
* just ignore it, for now.
85
/* This is unexpected packet length, but
86
* just ignore it, for now.
68
94
/* Count all server_names in the packet. */
69
95
while (data_size > 0)
71
DECR_LENGTH_RET (data_size, 1, 0);
74
DECR_LEN (data_size, 2);
75
len = _gnutls_read_uint16 (p);
80
DECR_LENGTH_RET (data_size, len, 0);
86
("HSK[%p]: Received zero size server name (under attack?)\n",
97
DECR_LENGTH_RET (data_size, 1, 0);
100
DECR_LEN (data_size, 2);
101
len = _gnutls_read_uint16 (p);
106
DECR_LENGTH_RET (data_size, len, 0);
111
_gnutls_handshake_log
112
("HSK[%p]: Received zero size server name (under attack?)\n",
91
117
/* we cannot accept more server names.
93
119
if (server_names > MAX_SERVER_NAME_EXTENSIONS)
96
("HSK[%p]: Too many server names received (under attack?)\n",
98
server_names = MAX_SERVER_NAME_EXTENSIONS;
121
_gnutls_handshake_log
122
("HSK[%p]: Too many server names received (under attack?)\n",
124
server_names = MAX_SERVER_NAME_EXTENSIONS;
101
session->security_parameters.extensions.server_names_size =
103
127
if (server_names == 0)
104
return 0; /* no names found */
128
return 0; /* no names found */
130
priv = gnutls_calloc (1, sizeof (*priv));
134
return GNUTLS_E_MEMORY_ERROR;
137
priv->server_names_size = server_names;
108
140
for (i = 0; i < server_names; i++)
113
len = _gnutls_read_uint16 (p);
118
case 0: /* NAME_DNS */
119
if (len <= MAX_SERVER_NAME_SIZE)
121
memcpy (session->security_parameters.
122
extensions.server_names[i].name, p, len);
123
session->security_parameters.extensions.server_names[i].
125
session->security_parameters.extensions.server_names[i].
126
type = GNUTLS_NAME_DNS;
131
/* move to next record */
145
len = _gnutls_read_uint16 (p);
150
case 0: /* NAME_DNS */
151
if (len <= MAX_SERVER_NAME_SIZE)
153
memcpy (priv->server_names[i].name, p, len);
154
priv->server_names[i].name_length = len;
155
priv->server_names[i].type = GNUTLS_NAME_DNS;
160
/* move to next record */
165
_gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SERVER_NAME,
138
173
/* returns data_size or a negative number on failure
141
176
_gnutls_server_name_send_params (gnutls_session_t session,
142
opaque * data, size_t _data_size)
177
opaque * data, size_t _data_size)
147
182
ssize_t data_size = _data_size;
183
int total_size = 0, ret;
184
server_name_ext_st *priv;
185
extension_priv_data_t epriv;
188
_gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SERVER_NAME,
150
194
/* this function sends the client extension data (dnsname)
152
196
if (session->security_parameters.entity == GNUTLS_CLIENT)
155
if (session->security_parameters.extensions.server_names_size == 0)
200
if (priv->server_names_size == 0)
162
i < session->security_parameters.extensions.server_names_size; i++)
164
/* count the total size
167
session->security_parameters.extensions.
168
server_names[i].name_length;
206
for (i = 0; i < priv->server_names_size; i++)
208
/* count the total size
210
len = priv->server_names[i].name_length;
170
/* uint8_t + uint16_t + size
172
total_size += 1 + 2 + len;
212
/* uint8_t + uint16_t + size
214
total_size += 1 + 2 + len;
179
221
DECR_LENGTH_RET (data_size, 2, GNUTLS_E_SHORT_MEMORY_BUFFER);
180
222
_gnutls_write_uint16 (total_size - 2, p);
184
i < session->security_parameters.extensions.server_names_size; i++)
187
switch (session->security_parameters.extensions.server_names[i].
190
case GNUTLS_NAME_DNS:
193
session->security_parameters.extensions.server_names[i].
198
/* UINT8: type of this extension
199
* UINT16: size of the first name
200
* LEN: the actual server name.
202
DECR_LENGTH_RET (data_size, len + 3,
203
GNUTLS_E_SHORT_MEMORY_BUFFER);
205
*p = 0; /* NAME_DNS type */
208
_gnutls_write_uint16 (len, p);
212
session->security_parameters.extensions.server_names[i].
218
return GNUTLS_E_INTERNAL_ERROR;
224
for (i = 0; i < priv->server_names_size; i++)
227
switch (priv->server_names[i].type)
229
case GNUTLS_NAME_DNS:
230
len = priv->server_names[i].name_length;
234
/* UINT8: type of this extension
235
* UINT16: size of the first name
236
* LEN: the actual server name.
238
DECR_LENGTH_RET (data_size, len + 3,
239
GNUTLS_E_SHORT_MEMORY_BUFFER);
241
*p = 0; /* NAME_DNS type */
244
_gnutls_write_uint16 (len, p);
247
memcpy (p, priv->server_names[i].name, len);
252
return GNUTLS_E_INTERNAL_ERROR;
223
257
return total_size;
264
301
return GNUTLS_E_INVALID_REQUEST;
267
if (indx + 1 > session->security_parameters.extensions.server_names_size)
269
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
272
*type = session->security_parameters.extensions.server_names[indx].type;
274
if (*data_length > /* greater since we need one extra byte for the null */
275
session->security_parameters.extensions.server_names[indx].name_length)
278
session->security_parameters.extensions.
279
server_names[indx].name_length;
281
session->security_parameters.extensions.server_names[indx].name,
284
if (*type == GNUTLS_NAME_DNS) /* null terminate */
285
_data[(*data_length)] = 0;
305
_gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SERVER_NAME,
310
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
315
if (indx + 1 > priv->server_names_size)
317
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
320
*type = priv->server_names[indx].type;
322
if (*data_length > /* greater since we need one extra byte for the null */
323
priv->server_names[indx].name_length)
325
*data_length = priv->server_names[indx].name_length;
326
memcpy (data, priv->server_names[indx].name, *data_length);
328
if (*type == GNUTLS_NAME_DNS) /* null terminate */
329
_data[(*data_length)] = 0;
291
session->security_parameters.extensions.
292
server_names[indx].name_length;
334
*data_length = priv->server_names[indx].name_length;
293
335
return GNUTLS_E_SHORT_MEMORY_BUFFER;
332
377
if (name_length > MAX_SERVER_NAME_SIZE)
333
378
return GNUTLS_E_SHORT_MEMORY_BUFFER;
336
session->security_parameters.extensions.server_names_size + 1;
381
_gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SERVER_NAME,
390
priv = gnutls_calloc (1, sizeof (*priv));
394
return GNUTLS_E_MEMORY_ERROR;
401
server_names = priv->server_names_size + 1;
338
403
if (server_names > MAX_SERVER_NAME_EXTENSIONS)
339
404
server_names = MAX_SERVER_NAME_EXTENSIONS;
341
session->security_parameters.extensions.server_names
342
[server_names - 1].type = type;
343
memcpy (session->security_parameters.
344
extensions.server_names[server_names - 1].name, name, name_length);
345
session->security_parameters.extensions.server_names[server_names -
349
session->security_parameters.extensions.server_names_size++;
406
priv->server_names[server_names - 1].type = type;
407
memcpy (priv->server_names[server_names - 1].name, name, name_length);
408
priv->server_names[server_names - 1].name_length = name_length;
410
priv->server_names_size++;
413
_gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SERVER_NAME,
420
_gnutls_server_name_deinit_data (extension_priv_data_t priv)
422
gnutls_free (priv.ptr);
426
_gnutls_server_name_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps)
428
server_name_ext_st *priv = epriv.ptr;
431
BUFFER_APPEND_NUM (ps, priv->server_names_size);
432
for (i = 0; i < priv->server_names_size; i++)
434
BUFFER_APPEND_NUM (ps, priv->server_names[i].type);
435
BUFFER_APPEND_PFX (ps, priv->server_names[i].name,
436
priv->server_names[i].name_length);
442
_gnutls_server_name_unpack (gnutls_buffer_st * ps,
443
extension_priv_data_t * _priv)
445
server_name_ext_st *priv;
447
extension_priv_data_t epriv;
449
priv = gnutls_calloc (1, sizeof (*priv));
453
return GNUTLS_E_MEMORY_ERROR;
456
BUFFER_POP_NUM (ps, priv->server_names_size);
457
for (i = 0; i < priv->server_names_size; i++)
459
BUFFER_POP_NUM (ps, priv->server_names[i].type);
460
BUFFER_POP_NUM (ps, priv->server_names[i].name_length);
461
if (priv->server_names[i].name_length >
462
sizeof (priv->server_names[i].name))
465
return GNUTLS_E_PARSING_ERROR;
467
BUFFER_POP (ps, priv->server_names[i].name,
468
priv->server_names[i].name_length);