diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-06-14 11:11:34 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-06-14 16:07:49 +0200 |
commit | bbc072517d650d384299668b4d0120c2b4c0ab44 (patch) | |
tree | cb203373bfc7c2f578c2f3a816dad996f0c40e19 | |
parent | cbf1e008a2e82bc05bd09bf02115d73f2984906d (diff) | |
download | gnutls-bbc072517d650d384299668b4d0120c2b4c0ab44.tar.gz |
TLS extensions: mark each extension which cannot be overriden
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/ext/alpn.c | 1 | ||||
-rw-r--r-- | lib/ext/cert_type.c | 3 | ||||
-rw-r--r-- | lib/ext/dumbfw.c | 1 | ||||
-rw-r--r-- | lib/ext/ecc.c | 3 | ||||
-rw-r--r-- | lib/ext/etm.c | 3 | ||||
-rw-r--r-- | lib/ext/ext_master_secret.c | 3 | ||||
-rw-r--r-- | lib/ext/heartbeat.c | 3 | ||||
-rw-r--r-- | lib/ext/max_record.c | 3 | ||||
-rw-r--r-- | lib/ext/safe_renegotiation.c | 1 | ||||
-rw-r--r-- | lib/ext/server_name.c | 1 | ||||
-rw-r--r-- | lib/ext/session_ticket.c | 1 | ||||
-rw-r--r-- | lib/ext/signature.c | 1 | ||||
-rw-r--r-- | lib/ext/srp.c | 3 | ||||
-rw-r--r-- | lib/ext/srtp.c | 1 | ||||
-rw-r--r-- | lib/ext/status_request.c | 3 | ||||
-rw-r--r-- | lib/extensions.c | 29 | ||||
-rw-r--r-- | lib/extensions.h | 6 |
17 files changed, 37 insertions, 29 deletions
diff --git a/lib/ext/alpn.c b/lib/ext/alpn.c index b3fa3a3268..b2a697a69f 100644 --- a/lib/ext/alpn.c +++ b/lib/ext/alpn.c @@ -42,6 +42,7 @@ const extension_entry_st ext_mod_alpn = { .recv_func = _gnutls_alpn_recv_params, .send_func = _gnutls_alpn_send_params, .deinit_func = _gnutls_alpn_deinit_data, + .cannot_be_overriden = 1 }; static int diff --git a/lib/ext/cert_type.c b/lib/ext/cert_type.c index 59b2ea1561..ffaa0e0155 100644 --- a/lib/ext/cert_type.c +++ b/lib/ext/cert_type.c @@ -53,7 +53,8 @@ const extension_entry_st ext_mod_cert_type = { .send_func = _gnutls_cert_type_send_params, .pack_func = NULL, .unpack_func = NULL, - .deinit_func = NULL + .deinit_func = NULL, + .cannot_be_overriden = 1 }; /* diff --git a/lib/ext/dumbfw.c b/lib/ext/dumbfw.c index b623f2a396..5ccc180faa 100644 --- a/lib/ext/dumbfw.c +++ b/lib/ext/dumbfw.c @@ -45,6 +45,7 @@ const extension_entry_st ext_mod_dumbfw = { .pack_func = NULL, .unpack_func = NULL, .deinit_func = NULL, + .cannot_be_overriden = 0 }; static int diff --git a/lib/ext/ecc.c b/lib/ext/ecc.c index e1393419b9..e827f4e7c1 100644 --- a/lib/ext/ecc.c +++ b/lib/ext/ecc.c @@ -54,7 +54,8 @@ const extension_entry_st ext_mod_supported_ecc = { .send_func = _gnutls_supported_ecc_send_params, .pack_func = NULL, .unpack_func = NULL, - .deinit_func = NULL + .deinit_func = NULL, + .cannot_be_overriden = 1 }; const extension_entry_st ext_mod_supported_ecc_pf = { diff --git a/lib/ext/etm.c b/lib/ext/etm.c index 5219a47222..37297731bf 100644 --- a/lib/ext/etm.c +++ b/lib/ext/etm.c @@ -44,7 +44,8 @@ const extension_entry_st ext_mod_etm = { .send_func = _gnutls_ext_etm_send_params, .pack_func = NULL, .unpack_func = NULL, - .deinit_func = NULL + .deinit_func = NULL, + .cannot_be_overriden = 1 }; /* diff --git a/lib/ext/ext_master_secret.c b/lib/ext/ext_master_secret.c index 62c4cf9f54..a7793f87e6 100644 --- a/lib/ext/ext_master_secret.c +++ b/lib/ext/ext_master_secret.c @@ -44,7 +44,8 @@ const extension_entry_st ext_mod_ext_master_secret = { .send_func = _gnutls_ext_master_secret_send_params, .pack_func = NULL, .unpack_func = NULL, - .deinit_func = NULL + .deinit_func = NULL, + .cannot_be_overriden = 1 }; #ifdef ENABLE_SSL3 diff --git a/lib/ext/heartbeat.c b/lib/ext/heartbeat.c index 996b8ff422..15c7c47f75 100644 --- a/lib/ext/heartbeat.c +++ b/lib/ext/heartbeat.c @@ -531,7 +531,8 @@ const extension_entry_st ext_mod_heartbeat = { .send_func = _gnutls_heartbeat_send_params, .pack_func = _gnutls_heartbeat_pack, .unpack_func = _gnutls_heartbeat_unpack, - .deinit_func = NULL + .deinit_func = NULL, + .cannot_be_overriden = 1 }; #else diff --git a/lib/ext/max_record.c b/lib/ext/max_record.c index a934ff1cfe..79ab598bf1 100644 --- a/lib/ext/max_record.c +++ b/lib/ext/max_record.c @@ -56,7 +56,8 @@ const extension_entry_st ext_mod_max_record_size = { .send_func = _gnutls_max_record_send_params, .pack_func = _gnutls_max_record_pack, .unpack_func = _gnutls_max_record_unpack, - .deinit_func = NULL + .deinit_func = NULL, + .cannot_be_overriden = 0 }; /* diff --git a/lib/ext/safe_renegotiation.c b/lib/ext/safe_renegotiation.c index 6a15825bc4..1e0a3f80e7 100644 --- a/lib/ext/safe_renegotiation.c +++ b/lib/ext/safe_renegotiation.c @@ -41,6 +41,7 @@ const extension_entry_st ext_mod_sr = { .pack_func = NULL, .unpack_func = NULL, .deinit_func = _gnutls_sr_deinit_data, + .cannot_be_overriden = 1 }; int diff --git a/lib/ext/server_name.c b/lib/ext/server_name.c index 78c86e3187..579721b5eb 100644 --- a/lib/ext/server_name.c +++ b/lib/ext/server_name.c @@ -54,6 +54,7 @@ const extension_entry_st ext_mod_server_name = { .pack_func = _gnutls_server_name_pack, .unpack_func = _gnutls_server_name_unpack, .deinit_func = _gnutls_server_name_deinit_data, + .cannot_be_overriden = 1 }; /* diff --git a/lib/ext/session_ticket.c b/lib/ext/session_ticket.c index 97488f84f9..2e6d00bc53 100644 --- a/lib/ext/session_ticket.c +++ b/lib/ext/session_ticket.c @@ -69,6 +69,7 @@ const extension_entry_st ext_mod_session_ticket = { .pack_func = session_ticket_pack, .unpack_func = session_ticket_unpack, .deinit_func = session_ticket_deinit_data, + .cannot_be_overriden = 1 }; #define SESSION_KEY_SIZE (KEY_NAME_SIZE+CIPHER_KEY_SIZE+MAC_SECRET_SIZE) diff --git a/lib/ext/signature.c b/lib/ext/signature.c index 2ffeeb6c75..dd99f2e5fa 100644 --- a/lib/ext/signature.c +++ b/lib/ext/signature.c @@ -59,6 +59,7 @@ const extension_entry_st ext_mod_sig = { .pack_func = signature_algorithms_pack, .unpack_func = signature_algorithms_unpack, .deinit_func = signature_algorithms_deinit_data, + .cannot_be_overriden = 1 }; typedef struct { diff --git a/lib/ext/srp.c b/lib/ext/srp.c index 8bb347ada8..29ba9c96ac 100644 --- a/lib/ext/srp.c +++ b/lib/ext/srp.c @@ -51,7 +51,8 @@ const extension_entry_st ext_mod_srp = { .send_func = _gnutls_srp_send_params, .pack_func = _gnutls_srp_pack, .unpack_func = _gnutls_srp_unpack, - .deinit_func = _gnutls_srp_deinit_data + .deinit_func = _gnutls_srp_deinit_data, + .cannot_be_overriden = 1 }; diff --git a/lib/ext/srtp.c b/lib/ext/srtp.c index d00030878c..d9516bd0f4 100644 --- a/lib/ext/srtp.c +++ b/lib/ext/srtp.c @@ -49,6 +49,7 @@ const extension_entry_st ext_mod_srtp = { .pack_func = _gnutls_srtp_pack, .unpack_func = _gnutls_srtp_unpack, .deinit_func = _gnutls_srtp_deinit_data, + .cannot_be_overriden = 1 }; typedef struct { diff --git a/lib/ext/status_request.c b/lib/ext/status_request.c index 80c634e6b0..960c156aaa 100644 --- a/lib/ext/status_request.c +++ b/lib/ext/status_request.c @@ -529,7 +529,8 @@ const extension_entry_st ext_mod_status_request = { .send_func = _gnutls_status_request_send_params, .pack_func = _gnutls_status_request_pack, .unpack_func = _gnutls_status_request_unpack, - .deinit_func = _gnutls_status_request_deinit_data + .deinit_func = _gnutls_status_request_deinit_data, + .cannot_be_overriden = 1 }; /* Functions to be called from handshake */ diff --git a/lib/extensions.c b/lib/extensions.c index 67a3ea7dd7..2042583737 100644 --- a/lib/extensions.c +++ b/lib/extensions.c @@ -823,31 +823,18 @@ gnutls_session_ext_register(gnutls_session_t session, /* reject handling any extensions which modify the TLS handshake * in any way, or are mapped to an exported API. */ - switch(type) { - case GNUTLS_EXTENSION_SRP: - case GNUTLS_EXTENSION_ALPN: - case GNUTLS_EXTENSION_STATUS_REQUEST: - case GNUTLS_EXTENSION_CERT_TYPE: - case GNUTLS_EXTENSION_SUPPORTED_ECC: - case GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS: - case GNUTLS_EXTENSION_ETM: - case GNUTLS_EXTENSION_EXT_MASTER_SECRET: - case GNUTLS_EXTENSION_SESSION_TICKET: - case GNUTLS_EXTENSION_SAFE_RENEGOTIATION: - case GNUTLS_EXTENSION_HEARTBEAT: - case GNUTLS_EXTENSION_SRTP: - case GNUTLS_EXTENSION_SERVER_NAME: - return gnutls_assert_val(GNUTLS_E_ALREADY_REGISTERED); - } - - if (!flags & GNUTLS_EXT_FLAG_OVERRIDE_INTERNAL) { - for (i = 0; extfunc[i] != NULL; i++) { - if (extfunc[i]->type == type) + for (i = 0; extfunc[i] != NULL; i++) { + if (extfunc[i]->type == type) { + if (!flags & GNUTLS_EXT_FLAG_OVERRIDE_INTERNAL) { + return gnutls_assert_val(GNUTLS_E_ALREADY_REGISTERED); + } else if (extfunc[i]->cannot_be_overriden) { return gnutls_assert_val(GNUTLS_E_ALREADY_REGISTERED); + } + break; } } - tmp_mod.name = NULL; + memset(&tmp_mod, 0, sizeof(extension_entry_st)); tmp_mod.free_struct = 1; tmp_mod.type = type; tmp_mod.parse_type = parse_type; diff --git a/lib/extensions.h b/lib/extensions.h index e91eaebd88..678512fafe 100644 --- a/lib/extensions.h +++ b/lib/extensions.h @@ -83,6 +83,12 @@ typedef struct extension_entry_st { */ gnutls_ext_pack_func pack_func; /* packs internal data to machine independent format */ gnutls_ext_unpack_func unpack_func; /* unpacks internal data */ + + /* non-zero if that extension cannot be overriden by the applications. + * That should be set to extensions which allocate data early, e.g., on + * gnutls_init(), or modify the TLS protocol in a way that the application + * cannot control. */ + unsigned cannot_be_overriden; } extension_entry_st; int _gnutls_ext_register(extension_entry_st *); |