From d810e4f80bf271dfe600e5f2e7298dbc9ffe12b7 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Wed, 22 May 2019 11:16:03 +0200
Subject: priority: add new option to allow small records (>= 64)

There is a mismatch in the lower limit of record sizes in RFC
8449 (64) and our default (512).  If the server advertises a smaller
limit than our default, the client has no way to keep communicating
with the server.

This patch adds a new priority string option %ALLOW_SMALL_RECORDS to
set the limit to 64.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
---
 NEWS                        | 3 +++
 lib/ext/max_record.c        | 5 ++++-
 lib/ext/record_size_limit.c | 4 +++-
 lib/gnutls_int.h            | 5 +++++
 lib/priority.c              | 5 +++++
 lib/priority_options.gperf  | 1 +
 6 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index 038cdc9167..36369bb0ae 100644
--- a/NEWS
+++ b/NEWS
@@ -20,6 +20,9 @@ See the end for copying conditions.
 ** libgnutls: Apply STD3 ASCII rules in gnutls_idna_map() to prevent
    hostname/domain crafting via IDNA conversion
 
+** libgnutls: The priority string option %ALLOW_SMALL_RECORDS was added to allow
+   clients to communicate with the server advertising smaller limits than 512
+
 ** API and ABI modifications:
 gnutls_prf_early: Added
 gnutls_record_set_max_recv_size: Added
diff --git a/lib/ext/max_record.c b/lib/ext/max_record.c
index 0fb97b9789..dbb98cf620 100644
--- a/lib/ext/max_record.c
+++ b/lib/ext/max_record.c
@@ -302,7 +302,10 @@ ssize_t gnutls_record_set_max_size(gnutls_session_t session, size_t size)
  **/
 ssize_t gnutls_record_set_max_recv_size(gnutls_session_t session, size_t size)
 {
-	if (size < MIN_RECORD_SIZE || size > DEFAULT_MAX_RECORD_SIZE)
+	if (size <
+	    (session->internals.allow_small_records ?
+	     MIN_RECORD_SIZE_SMALL : MIN_RECORD_SIZE) ||
+	    size > DEFAULT_MAX_RECORD_SIZE)
 		return GNUTLS_E_INVALID_REQUEST;
 
 	if (session->internals.handshake_in_progress)
diff --git a/lib/ext/record_size_limit.c b/lib/ext/record_size_limit.c
index 8b491da72c..e9fe6a1d8d 100644
--- a/lib/ext/record_size_limit.c
+++ b/lib/ext/record_size_limit.c
@@ -66,7 +66,9 @@ _gnutls_record_size_limit_recv_params(gnutls_session_t session,
 	session->internals.hsk_flags |= HSK_RECORD_SIZE_LIMIT_RECEIVED;
 
 	/* we do not want to accept sizes outside of our supported range */
-	if (new_size < MIN_RECORD_SIZE) {
+	if (new_size <
+	    (session->internals.allow_small_records ?
+	     MIN_RECORD_SIZE_SMALL : MIN_RECORD_SIZE)) {
 		/* for server, reject it by omitting the extension in the reply */
 		if (session->security_parameters.entity == GNUTLS_SERVER) {
 			_gnutls_handshake_log("EXT[%p]: client requested too small record_size_limit %u; ignoring\n",
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 50251a356a..ad290b0be3 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -194,6 +194,7 @@ typedef enum record_send_state_t {
 #define MAX_RECORD_HEADER_SIZE DTLS_RECORD_HEADER_SIZE
 
 #define MIN_RECORD_SIZE 512
+#define MIN_RECORD_SIZE_SMALL 64
 
 /* The following macro is used to calculate the overhead when sending.
  * when receiving we use a different way as there are implementations that
@@ -969,6 +970,7 @@ struct gnutls_priority_st {
 	/* these should be accessed from
 	 * session->internals.VAR names */
 	bool _allow_large_records;
+	bool _allow_small_records;
 	bool _no_etm;
 	bool _no_ext_master_secret;
 	bool _allow_key_usage_violation;
@@ -986,6 +988,7 @@ struct gnutls_priority_st {
 
 #define ENABLE_COMPAT(x) \
 	      (x)->allow_large_records = 1; \
+	      (x)->allow_small_records = 1; \
 	      (x)->no_etm = 1; \
 	      (x)->no_ext_master_secret = 1; \
 	      (x)->allow_key_usage_violation = 1; \
@@ -994,6 +997,7 @@ struct gnutls_priority_st {
 
 #define ENABLE_PRIO_COMPAT(x) \
 	      (x)->_allow_large_records = 1; \
+	      (x)->_allow_small_records = 1; \
 	      (x)->_no_etm = 1; \
 	      (x)->_no_ext_master_secret = 1; \
 	      (x)->_allow_key_usage_violation = 1; \
@@ -1118,6 +1122,7 @@ typedef struct {
 	/* variables directly set when setting the priorities above, or
 	 * when overriding them */
 	bool allow_large_records;
+	bool allow_small_records;
 	bool no_etm;
 	bool no_ext_master_secret;
 	bool allow_key_usage_violation;
diff --git a/lib/priority.c b/lib/priority.c
index 1ed5d84927..746eae05a4 100644
--- a/lib/priority.c
+++ b/lib/priority.c
@@ -627,6 +627,7 @@ gnutls_priority_set(gnutls_session_t session, gnutls_priority_t priority)
 #undef COPY_TO_INTERNALS
 #define COPY_TO_INTERNALS(xx) session->internals.xx = priority->_##xx
 	COPY_TO_INTERNALS(allow_large_records);
+	COPY_TO_INTERNALS(allow_small_records);
 	COPY_TO_INTERNALS(no_etm);
 	COPY_TO_INTERNALS(no_ext_master_secret);
 	COPY_TO_INTERNALS(allow_key_usage_violation);
@@ -816,6 +817,10 @@ static void enable_server_key_usage_violations(gnutls_priority_t c)
 {
 	c->allow_server_key_usage_violation = 1;
 }
+static void enable_allow_small_records(gnutls_priority_t c)
+{
+	c->_allow_small_records = 1;
+}
 static void enable_dumbfw(gnutls_priority_t c)
 {
 	c->_dumbfw = 1;
diff --git a/lib/priority_options.gperf b/lib/priority_options.gperf
index c0524e5a09..a81001dda1 100644
--- a/lib/priority_options.gperf
+++ b/lib/priority_options.gperf
@@ -38,3 +38,4 @@ PROFILE_SUITEB128, enable_profile_suiteb128
 PROFILE_SUITEB192, enable_profile_suiteb192
 NEW_PADDING, dummy_func
 DEBUG_ALLOW_KEY_USAGE_VIOLATIONS, enable_server_key_usage_violations
+ALLOW_SMALL_RECORDS, enable_allow_small_records
-- 
cgit v1.2.1


From 990fd2f30afa6fcfa66ef1f73cecc2da9910836c Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Wed, 22 May 2019 11:51:57 +0200
Subject: tlsfuzzer: use %ALLOW_SMALL_RECORDS for testing

Signed-off-by: Daiki Ueno <dueno@redhat.com>
---
 tests/suite/tls-fuzzer/gnutls-nocert-tls13.json   | 2 --
 tests/suite/tls-fuzzer/gnutls-nocert.json         | 1 -
 tests/suite/tls-fuzzer/tls-fuzzer-nocert-tls13.sh | 2 +-
 tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh       | 4 ++--
 4 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json b/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json
index 5a10d615ec..806cc17b16 100644
--- a/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json
+++ b/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json
@@ -15,7 +15,6 @@
          {"name" : "test-record-size-limit.py",
           "comment" : "changed extension after HRR is not supported #617",
           "arguments" : ["-p", "@PORT@", "--reply-AD-size", "685",
-                         "--minimal-size", "512",
                          "-e", "change size in TLS 1.2 resumption",
                          "-e", "change size in TLS 1.3 session resumption",
                          "-e", "check if server accepts maximum size in TLS 1.0",
@@ -41,7 +40,6 @@
                          "-e", "removed extension in 2nd CH in HRR handshake"] },
          {"name" : "test-record-size-limit.py",
           "arguments" : ["-p", "@PORT@", "--reply-AD-size", "672",
-                         "--minimal-size", "512",
                          "change size in TLS 1.3 session resumption",
                          "drop extension in TLS 1.3 session resumption"] },
 	 {"name" : "test-tls13-0rtt-garbage.py",
diff --git a/tests/suite/tls-fuzzer/gnutls-nocert.json b/tests/suite/tls-fuzzer/gnutls-nocert.json
index e25b6b3613..416eae6ba7 100644
--- a/tests/suite/tls-fuzzer/gnutls-nocert.json
+++ b/tests/suite/tls-fuzzer/gnutls-nocert.json
@@ -233,7 +233,6 @@
          {"name" : "test-record-size-limit.py",
 	  "comment" : "TLS 1.3 tests are done separately; 1/n-1 splitting is not supported in TLS 1.0",
           "arguments" : ["-p", "@PORT@", "--reply-AD-size", "821",
-                         "--minimal-size", "512",
                          "-e", "check if server accepts maximum size in TLS 1.0",
                          "-e", "check if server accepts maximum size in TLS 1.3",
                          "-e", "check if server accepts minimal size in TLS 1.0",
diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-nocert-tls13.sh b/tests/suite/tls-fuzzer/tls-fuzzer-nocert-tls13.sh
index 1b9b0f1765..d1fe2ed100 100755
--- a/tests/suite/tls-fuzzer/tls-fuzzer-nocert-tls13.sh
+++ b/tests/suite/tls-fuzzer/tls-fuzzer-nocert-tls13.sh
@@ -21,7 +21,7 @@
 srcdir="${srcdir:-.}"
 
 tls_fuzzer_prepare() {
-PRIORITY="NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1"
+PRIORITY="NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1:%ALLOW_SMALL_RECORDS"
 
 sed -e "s|@SERVER@|$SERV|g" -e "s/@PORT@/$PORT/g" -e "s/@PRIORITY@/$PRIORITY/g" ../gnutls-nocert-tls13.json >${TMPFILE}
 }
diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh b/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh
index 77a1d050cd..1d23e98c61 100755
--- a/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh
+++ b/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh
@@ -22,10 +22,10 @@ srcdir="${srcdir:-.}"
 
 tls_fuzzer_prepare() {
 VERSIONS="-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0"
-PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:-CURVE-SECP192R1:${VERSIONS}:+SHA256"
+PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:-CURVE-SECP192R1:${VERSIONS}:+SHA256:%ALLOW_SMALL_RECORDS"
 ${CLI} --list --priority "${PRIORITY}" >/dev/null 2>&1
 if test $? != 0;then
-	PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:${VERSIONS}:+SHA256"
+	PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:${VERSIONS}:+SHA256:%ALLOW_SMALL_RECORDS"
 fi
 
 sed -e "s|@SERVER@|$SERV|g" -e "s/@PORT@/$PORT/g" -e "s/@PRIORITY@/$PRIORITY/g" ../gnutls-nocert.json >${TMPFILE}
-- 
cgit v1.2.1