Branch data Line data Source code
1 : : /* 2 : : * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 : : * 4 : : * Licensed under the Apache License, Version 2.0 (the "License"). 5 : : * You may not use this file except in compliance with the License. 6 : : * A copy of the License is located at 7 : : * 8 : : * http://aws.amazon.com/apache2.0 9 : : * 10 : : * or in the "license" file accompanying this file. This file is distributed 11 : : * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 12 : : * express or implied. See the License for the specific language governing 13 : : * permissions and limitations under the License. 14 : : */ 15 : : 16 : : #include "tls/extensions/s2n_client_cert_status_request.h" 17 : : 18 : : #include <stdint.h> 19 : : 20 : : #include "tls/s2n_tls.h" 21 : : #include "tls/s2n_tls_parameters.h" 22 : : #include "utils/s2n_safety.h" 23 : : 24 : : static bool s2n_client_cert_status_request_should_send(struct s2n_connection *conn); 25 : : static int s2n_client_cert_status_request_send(struct s2n_connection *conn, struct s2n_stuffer *out); 26 : : static int s2n_client_cert_status_request_recv(struct s2n_connection *conn, struct s2n_stuffer *extension); 27 : : 28 : : const s2n_extension_type s2n_client_cert_status_request_extension = { 29 : : .iana_value = TLS_EXTENSION_STATUS_REQUEST, 30 : : .is_response = false, 31 : : .send = s2n_client_cert_status_request_send, 32 : : .recv = s2n_client_cert_status_request_recv, 33 : : .should_send = s2n_client_cert_status_request_should_send, 34 : : .if_missing = s2n_extension_noop_if_missing, 35 : : }; 36 : : 37 : : static bool s2n_client_cert_status_request_should_send(struct s2n_connection *conn) 38 : 7723 : { 39 : 7723 : return conn->request_ocsp_status; 40 : 7723 : } 41 : : 42 : : static int s2n_client_cert_status_request_send(struct s2n_connection *conn, struct s2n_stuffer *out) 43 : 391 : { 44 [ - + ]: 391 : POSIX_GUARD(s2n_stuffer_write_uint8(out, (uint8_t) S2N_STATUS_REQUEST_OCSP)); 45 : : 46 : : /* responder_id_list 47 : : * 48 : : * From https://tools.ietf.org/html/rfc6066#section-8: 49 : : * A zero-length "responder_id_list" sequence has the special meaning that the responders are implicitly 50 : : * known to the server, e.g., by prior arrangement */ 51 [ - + ]: 391 : POSIX_GUARD(s2n_stuffer_write_uint16(out, 0)); 52 : : 53 : : /* request_extensions 54 : : * 55 : : * From https://tools.ietf.org/html/rfc6066#section-8: 56 : : * A zero-length "request_extensions" value means that there are no extensions. */ 57 [ - + ]: 391 : POSIX_GUARD(s2n_stuffer_write_uint16(out, 0)); 58 : : 59 : 391 : return S2N_SUCCESS; 60 : 391 : } 61 : : 62 : : static int s2n_client_cert_status_request_recv(struct s2n_connection *conn, struct s2n_stuffer *extension) 63 : 392 : { 64 [ + + ]: 392 : if (s2n_stuffer_data_available(extension) < 5) { 65 : : /* Malformed length, ignore the extension */ 66 : 1 : return S2N_SUCCESS; 67 : 1 : } 68 : : 69 : 391 : uint8_t type = 0; 70 [ - + ]: 391 : POSIX_GUARD(s2n_stuffer_read_uint8(extension, &type)); 71 [ + + ]: 391 : if (type != (uint8_t) S2N_STATUS_REQUEST_OCSP) { 72 : : /* We only support OCSP (type 1), ignore the extension */ 73 : 1 : return S2N_SUCCESS; 74 : 1 : } 75 : : 76 : 390 : conn->status_type = (s2n_status_request_type) type; 77 : 390 : return S2N_SUCCESS; 78 : 391 : }