Branch data Line data Source code
1 : : /* 2 : : * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 : : * 4 : : * Licensed under the Apache License, Version 2.0 (the "License"). 5 : : * You may not use this file except in compliance with the License. 6 : : * A copy of the License is located at 7 : : * 8 : : * http://aws.amazon.com/apache2.0 9 : : * 10 : : * or in the "license" file accompanying this file. This file is distributed 11 : : * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 12 : : * express or implied. See the License for the specific language governing 13 : : * permissions and limitations under the License. 14 : : */ 15 : : 16 : : #include "tls/extensions/s2n_client_max_frag_len.h" 17 : : 18 : : #include <stdint.h> 19 : : 20 : : #include "tls/s2n_tls.h" 21 : : #include "tls/s2n_tls_parameters.h" 22 : : #include "utils/s2n_safety.h" 23 : : 24 : : static bool s2n_client_max_frag_len_should_send(struct s2n_connection *conn); 25 : : static int s2n_client_max_frag_len_send(struct s2n_connection *conn, struct s2n_stuffer *out); 26 : : static int s2n_client_max_frag_len_recv(struct s2n_connection *conn, struct s2n_stuffer *extension); 27 : : 28 : : const s2n_extension_type s2n_client_max_frag_len_extension = { 29 : : .iana_value = TLS_EXTENSION_MAX_FRAG_LEN, 30 : : .is_response = false, 31 : : .send = s2n_client_max_frag_len_send, 32 : : .recv = s2n_client_max_frag_len_recv, 33 : : .should_send = s2n_client_max_frag_len_should_send, 34 : : .if_missing = s2n_extension_noop_if_missing, 35 : : }; 36 : : 37 : : static bool s2n_client_max_frag_len_should_send(struct s2n_connection *conn) 38 : 7723 : { 39 : 7723 : return conn->config->mfl_code != S2N_TLS_MAX_FRAG_LEN_EXT_NONE; 40 : 7723 : } 41 : : 42 : : static int s2n_client_max_frag_len_send(struct s2n_connection *conn, struct s2n_stuffer *out) 43 : 393 : { 44 : 393 : return s2n_stuffer_write_uint8(out, conn->config->mfl_code); 45 : 393 : } 46 : : 47 : : static int s2n_client_max_frag_len_recv(struct s2n_connection *conn, struct s2n_stuffer *extension) 48 : 392 : { 49 [ + + ]: 392 : if (!conn->config->accept_mfl) { 50 : 6 : return S2N_SUCCESS; 51 : 6 : } 52 : : 53 : 386 : uint8_t mfl_code = 0; 54 [ - + ]: 386 : POSIX_GUARD(s2n_stuffer_read_uint8(extension, &mfl_code)); 55 : : 56 : : /* 57 : : *= https://www.rfc-editor.org/rfc/rfc6066#section-4 58 : : *= type=exception 59 : : *= reason=For compatibility, we choose to ignore malformed extensions if they are optional 60 : : *# If a server receives a maximum fragment length negotiation request 61 : : *# for a value other than the allowed values, it MUST abort the 62 : : *# handshake with an "illegal_parameter" alert. 63 : : */ 64 [ + + ][ - + ]: 386 : if (mfl_code >= s2n_array_len(mfl_code_to_length) || mfl_code_to_length[mfl_code] > S2N_TLS_MAXIMUM_FRAGMENT_LENGTH) { 65 : 1 : return S2N_SUCCESS; 66 : 1 : } 67 : : 68 : : /* 69 : : *= https://www.rfc-editor.org/rfc/rfc6066#section-4 70 : : *# Once a maximum fragment length other than 2^14 has been successfully 71 : : *# negotiated, the client and server MUST immediately begin fragmenting 72 : : *# messages (including handshake messages) to ensure that no fragment 73 : : *# larger than the negotiated length is sent. 74 : : */ 75 : 385 : conn->negotiated_mfl_code = mfl_code; 76 [ - + ]: 385 : POSIX_GUARD_RESULT(s2n_connection_set_max_fragment_length(conn, mfl_code_to_length[mfl_code])); 77 : 385 : return S2N_SUCCESS; 78 : 385 : }