extensions: use an internal extension ID independent of the TLS id

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

diff --git a/lib/ext/alpn.c b/lib/ext/alpn.c
index 7497436bede28f8a7a2fd18796aae8baed00f1fe..8c554da51cc39e28bd4b727a7b23ac91f6cb6c4f 100644 (file)
--- a/lib/ext/alpn.c
+++ b/lib/ext/alpn.c
@@ -36,7 +36,8 @@ static void _gnutls_alpn_deinit_data(gnutls_ext_priv_data_t priv);
 
 const extension_entry_st ext_mod_alpn = {
        .name = "ALPN",
-       .id = GNUTLS_EXTENSION_ALPN,
+       .tls_id = 16,
+       .gid = GNUTLS_EXTENSION_ALPN,
        /* this extension must be parsed even on resumption */
        .parse_type = GNUTLS_EXT_MANDATORY,
        .validity = GNUTLS_EXT_FLAG_CLIENT_HELLO|GNUTLS_EXT_FLAG_EE|GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,

diff --git a/lib/ext/dumbfw.c b/lib/ext/dumbfw.c
index 517f5e74f14471e9ee26fe83f801bd1841b0b304..2c25ea5522e43d6d041f59c471f4265eb2cf9555 100644 (file)
--- a/lib/ext/dumbfw.c
+++ b/lib/ext/dumbfw.c
@@ -37,7 +37,8 @@ static int _gnutls_dumbfw_send_params(gnutls_session_t session,
 
 const extension_entry_st ext_mod_dumbfw = {
        .name = "ClientHello Padding",
-       .id = GNUTLS_EXTENSION_DUMBFW,
+       .tls_id = 21,
+       .gid = GNUTLS_EXTENSION_DUMBFW,
        .parse_type = GNUTLS_EXT_APPLICATION,
        .validity = GNUTLS_EXT_FLAG_CLIENT_HELLO|GNUTLS_EXT_FLAG_HRR,
 

diff --git a/lib/ext/ecc.c b/lib/ext/ecc.c
index 96a73f1bf18fe81b29887e62c2db757beeb774b2..1679eda59f6f8f16df1a0eda1f0c41c2383218e0 100644 (file)
--- a/lib/ext/ecc.c
+++ b/lib/ext/ecc.c
@@ -51,7 +51,8 @@ static int _gnutls_supported_ecc_pf_send_params(gnutls_session_t session,
 
 const extension_entry_st ext_mod_supported_ecc = {
        .name = "Negotiated Groups",
-       .id = GNUTLS_EXTENSION_SUPPORTED_ECC,
+       .tls_id = 10,
+       .gid = GNUTLS_EXTENSION_SUPPORTED_ECC,
        .parse_type = GNUTLS_EXT_TLS,
        .validity = GNUTLS_EXT_FLAG_CLIENT_HELLO|GNUTLS_EXT_FLAG_EE|GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
 
@@ -65,7 +66,8 @@ const extension_entry_st ext_mod_supported_ecc = {
 
 const extension_entry_st ext_mod_supported_ecc_pf = {
        .name = "Supported ECC Point Formats",
-       .id = GNUTLS_EXTENSION_SUPPORTED_ECC_PF,
+       .tls_id = 11,
+       .gid = GNUTLS_EXTENSION_SUPPORTED_ECC_PF,
        .parse_type = GNUTLS_EXT_TLS,
        .validity = GNUTLS_EXT_FLAG_CLIENT_HELLO|GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
 

diff --git a/lib/ext/etm.c b/lib/ext/etm.c
index 083a8595d55e07d63aaa8afc3092ca9e7d4cb0ef..0fa9805ea4a3dad5f6506d16c7831f81007bb45d 100644 (file)
--- a/lib/ext/etm.c
+++ b/lib/ext/etm.c
@@ -37,7 +37,8 @@ static int _gnutls_ext_etm_send_params(gnutls_session_t session,
 
 const extension_entry_st ext_mod_etm = {
        .name = "Encrypt-then-MAC",
-       .id = GNUTLS_EXTENSION_ETM,
+       .tls_id = 22,
+       .gid = GNUTLS_EXTENSION_ETM,
        .parse_type = GNUTLS_EXT_MANDATORY,
        .validity = GNUTLS_EXT_FLAG_CLIENT_HELLO|GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
 

diff --git a/lib/ext/ext_master_secret.c b/lib/ext/ext_master_secret.c
index 8d832a182b969d045a3786d09292b332b18a9e1e..edbc7f6cd68f51fb200954013adb127c9559eb27 100644 (file)
--- a/lib/ext/ext_master_secret.c
+++ b/lib/ext/ext_master_secret.c
@@ -37,7 +37,8 @@ static int _gnutls_ext_master_secret_send_params(gnutls_session_t session,
 
 const extension_entry_st ext_mod_ext_master_secret = {
        .name = "Extended Master Secret",
-       .id = GNUTLS_EXTENSION_EXT_MASTER_SECRET,
+       .tls_id = 23,
+       .gid = GNUTLS_EXTENSION_EXT_MASTER_SECRET,
        .parse_type = GNUTLS_EXT_MANDATORY,
        .validity = GNUTLS_EXT_FLAG_CLIENT_HELLO|GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
 

diff --git a/lib/ext/heartbeat.c b/lib/ext/heartbeat.c
index 344757d2301170d7f5c44a7efa26364bc0e93ebd..1df9fedd0853104506215c39c2c123d36a6700de 100644 (file)
--- a/lib/ext/heartbeat.c
+++ b/lib/ext/heartbeat.c
@@ -524,7 +524,8 @@ _gnutls_heartbeat_unpack(gnutls_buffer_st * ps,
 
 const extension_entry_st ext_mod_heartbeat = {
        .name = "Heartbeat",
-       .id = GNUTLS_EXTENSION_HEARTBEAT,
+       .tls_id = 15,
+       .gid = GNUTLS_EXTENSION_HEARTBEAT,
        .parse_type = GNUTLS_EXT_TLS,
        .validity = GNUTLS_EXT_FLAG_CLIENT_HELLO|GNUTLS_EXT_FLAG_EE|GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
 

diff --git a/lib/ext/key_share.c b/lib/ext/key_share.c
index 1a6a2658d90fa3be4367a91da47edc8411085748..5354cdec5527bb8fec164a5f4e2bd1f710a5fdf6 100644 (file)
--- a/lib/ext/key_share.c
+++ b/lib/ext/key_share.c
@@ -45,7 +45,8 @@ static int key_share_send_params(gnutls_session_t session,
 
 const extension_entry_st ext_mod_key_share = {
        .name = "Key Share",
-       .id = GNUTLS_EXTENSION_KEY_SHARE,
+       .tls_id = 40,
+       .gid = GNUTLS_EXTENSION_KEY_SHARE,
        .parse_type = _GNUTLS_EXT_TLS_POST_CS,
        .validity = GNUTLS_EXT_FLAG_CLIENT_HELLO|GNUTLS_EXT_FLAG_TLS13_SERVER_HELLO|GNUTLS_EXT_FLAG_HRR,
 

diff --git a/lib/ext/max_record.c b/lib/ext/max_record.c
index 33ca05874bbfa455916bcfa5b888b2008e84d498..4f346514760322e4faa15c5a04810912322a5e2b 100644 (file)
--- a/lib/ext/max_record.c
+++ b/lib/ext/max_record.c
@@ -49,7 +49,8 @@ static int _gnutls_mre_record2num(uint16_t record_size);
 
 const extension_entry_st ext_mod_max_record_size = {
        .name = "Maximum Record Size",
-       .id = GNUTLS_EXTENSION_MAX_RECORD_SIZE,
+       .tls_id = 1,
+       .gid = GNUTLS_EXTENSION_MAX_RECORD_SIZE,
        .parse_type = GNUTLS_EXT_TLS,
        .validity = GNUTLS_EXT_FLAG_CLIENT_HELLO|GNUTLS_EXT_FLAG_EE|GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
 

diff --git a/lib/ext/post_handshake.c b/lib/ext/post_handshake.c
index 116a41b0567929b28799354aa79d027391c708c3..bb6cc31c094da3e9d19ceeec6a03ac87c8b54d3b 100644 (file)
--- a/lib/ext/post_handshake.c
+++ b/lib/ext/post_handshake.c
@@ -38,7 +38,8 @@ static int _gnutls_post_handshake_send_params(gnutls_session_t session,
 
 const extension_entry_st ext_mod_post_handshake = {
        .name = "Post Handshake Auth",
-       .id = GNUTLS_EXTENSION_POST_HANDSHAKE,
+       .tls_id = 49,
+       .gid = GNUTLS_EXTENSION_POST_HANDSHAKE,
        .parse_type = GNUTLS_EXT_TLS,
        .validity = GNUTLS_EXT_FLAG_CLIENT_HELLO,
 

diff --git a/lib/ext/safe_renegotiation.c b/lib/ext/safe_renegotiation.c
index d8720ac2d5a6cb7a8df87737bb5e8ab65d5515fe..ec2791588f9d7706bc4a0cc8242d9665301ce4eb 100644 (file)
--- a/lib/ext/safe_renegotiation.c
+++ b/lib/ext/safe_renegotiation.c
@@ -33,7 +33,8 @@ static void _gnutls_sr_deinit_data(gnutls_ext_priv_data_t priv);
 
 const extension_entry_st ext_mod_sr = {
        .name = "Safe Renegotiation",
-       .id = GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+       .tls_id = 65281,
+       .gid = GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
        .validity = GNUTLS_EXT_FLAG_CLIENT_HELLO|GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
        .parse_type = GNUTLS_EXT_MANDATORY,
 

diff --git a/lib/ext/server_name.c b/lib/ext/server_name.c
index c2948ba711a7316859463d3dbd251f904ae70ee0..ffec574e04b00c8f2e7569606610efa4b070b582 100644 (file)
--- a/lib/ext/server_name.c
+++ b/lib/ext/server_name.c
@@ -47,8 +47,8 @@ _gnutls_server_name_set_raw(gnutls_session_t session,
 
 const extension_entry_st ext_mod_server_name = {
        .name = "Server Name Indication",
-       .id = GNUTLS_EXTENSION_SERVER_NAME,
-
+       .tls_id = 0,
+       .gid = GNUTLS_EXTENSION_SERVER_NAME,
        .validity = GNUTLS_EXT_FLAG_CLIENT_HELLO|GNUTLS_EXT_FLAG_EE|GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
        .parse_type = GNUTLS_EXT_MANDATORY,
 

diff --git a/lib/ext/session_ticket.c b/lib/ext/session_ticket.c
index 71df2eeafcff2b76bf6d7c0840302fe87a1b45d7..3564db1445ab44fb78b60e55e2dcd78e1ed4556c 100644 (file)
--- a/lib/ext/session_ticket.c
+++ b/lib/ext/session_ticket.c
@@ -61,7 +61,8 @@ static void session_ticket_deinit_data(gnutls_ext_priv_data_t priv);
 
 const extension_entry_st ext_mod_session_ticket = {
        .name = "Session Ticket",
-       .id = GNUTLS_EXTENSION_SESSION_TICKET,
+       .tls_id = 35,
+       .gid = GNUTLS_EXTENSION_SESSION_TICKET,
        .validity = GNUTLS_EXT_FLAG_CLIENT_HELLO|GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
        .parse_type = GNUTLS_EXT_TLS,
 

diff --git a/lib/ext/signature.c b/lib/ext/signature.c
index e504be1c6b7d1b36351be256c09eec612f78313e..f41c91e46bc495fe1aea5f796f94c96f87925295 100644 (file)
--- a/lib/ext/signature.c
+++ b/lib/ext/signature.c
@@ -51,7 +51,8 @@ static int signature_algorithms_unpack(gnutls_buffer_st * ps,
 
 const extension_entry_st ext_mod_sig = {
        .name = "Signature Algorithms",
-       .id = GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
+       .tls_id = 13,
+       .gid = GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
        .validity = GNUTLS_EXT_FLAG_CLIENT_HELLO|GNUTLS_EXT_FLAG_CR,
        .parse_type = GNUTLS_EXT_TLS,
 

diff --git a/lib/ext/srp.c b/lib/ext/srp.c
index a765250eb3f42f3a4bfd5678e922d18774d338ee..1980e169da319417a3a4c5b4cffb095de6ce57b7 100644 (file)
--- a/lib/ext/srp.c
+++ b/lib/ext/srp.c
@@ -44,7 +44,8 @@ static int _gnutls_srp_send_params(gnutls_session_t state,
 
 const extension_entry_st ext_mod_srp = {
        .name = "SRP",
-       .id = GNUTLS_EXTENSION_SRP,
+       .tls_id = 12,
+       .gid = GNUTLS_EXTENSION_SRP,
        .parse_type = GNUTLS_EXT_TLS,
        .validity = GNUTLS_EXT_FLAG_CLIENT_HELLO,
 

diff --git a/lib/ext/srtp.c b/lib/ext/srtp.c
index e8a3f679e772e2fce324aded6221999af7d71103..a513feabd6ce334ed5d85246e34b6ed10a64c371 100644 (file)
--- a/lib/ext/srtp.c
+++ b/lib/ext/srtp.c
@@ -41,7 +41,8 @@ static void _gnutls_srtp_deinit_data(gnutls_ext_priv_data_t priv);
 
 const extension_entry_st ext_mod_srtp = {
        .name = "SRTP",
-       .id = GNUTLS_EXTENSION_SRTP,
+       .tls_id = 14,
+       .gid = GNUTLS_EXTENSION_SRTP,
        .validity = GNUTLS_EXT_FLAG_CLIENT_HELLO|GNUTLS_EXT_FLAG_EE|GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
        .parse_type = GNUTLS_EXT_APPLICATION,
 

diff --git a/lib/ext/status_request.c b/lib/ext/status_request.c
index a68f1024b02afc516273270d41d19b0cf34c664f..ae5b6b7298c9b46822aa63996f69a9fa56b9f60f 100644 (file)
--- a/lib/ext/status_request.c
+++ b/lib/ext/status_request.c
@@ -531,7 +531,8 @@ _gnutls_status_request_unpack(gnutls_buffer_st * ps,
 
 const extension_entry_st ext_mod_status_request = {
        .name = "OCSP Status Request",
-       .id = GNUTLS_EXTENSION_STATUS_REQUEST,
+       .tls_id = 5,
+       .gid = GNUTLS_EXTENSION_STATUS_REQUEST,
        .validity = GNUTLS_EXT_FLAG_CLIENT_HELLO|GNUTLS_EXT_FLAG_CT|GNUTLS_EXT_FLAG_CR|GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
        .parse_type = _GNUTLS_EXT_TLS_POST_CS,
        .recv_func = _gnutls_status_request_recv_params,

diff --git a/lib/ext/supported_versions.c b/lib/ext/supported_versions.c
index bafa4ee51b26b8124597218403176c32deb38ef3..26d652b037b4cf9d279b84fdec8ff8db5c63377d 100644 (file)
--- a/lib/ext/supported_versions.c
+++ b/lib/ext/supported_versions.c
@@ -38,7 +38,8 @@ static int supported_versions_send_params(gnutls_session_t session,
 
 const extension_entry_st ext_mod_supported_versions = {
        .name = "Supported Versions",
-       .id = GNUTLS_EXTENSION_SUPPORTED_VERSIONS,
+       .tls_id = 43,
+       .gid = GNUTLS_EXTENSION_SUPPORTED_VERSIONS,
        .validity = GNUTLS_EXT_FLAG_CLIENT_HELLO,
        .parse_type = GNUTLS_EXT_MANDATORY, /* force parsing prior to EXT_TLS extensions */
 

diff --git a/lib/extensions.c b/lib/extensions.c
index c3ff1f5bde8626cd5e4b8c3c9533ed66ac6cdb41..71e34637997aab2c3103213ea80bd065742c76f2 100644 (file)
--- a/lib/extensions.c
+++ b/lib/extensions.c
@@ -92,20 +92,20 @@ static extension_entry_st const *extfunc[MAX_EXT_TYPES+1] = {
 };
 
 static const extension_entry_st *
-_gnutls_ext_ptr(gnutls_session_t session, uint16_t id, gnutls_ext_parse_type_t parse_type)
+_gnutls_ext_ptr(gnutls_session_t session, extensions_t id, gnutls_ext_parse_type_t parse_type)
 {
        unsigned i;
        const extension_entry_st *e;
 
        for (i=0;i<session->internals.rexts_size;i++) {
-               if (session->internals.rexts[i].id == id) {
+               if (session->internals.rexts[i].gid == id) {
                        e = &session->internals.rexts[i];
                        goto done;
                }
        }
 
        for (i = 0; extfunc[i] != NULL; i++) {
-               if (extfunc[i]->id == id) {
+               if (extfunc[i]->gid == id) {
                        e = extfunc[i];
                        goto done;
                }
@@ -135,7 +135,7 @@ const char *gnutls_ext_get_name(unsigned int ext)
        size_t i;
 
        for (i = 0; extfunc[i] != NULL; i++)
-               if (extfunc[i]->id == ext)
+               if (extfunc[i]->tls_id == ext)
                        return extfunc[i]->name;
 
        return NULL;
@@ -146,12 +146,12 @@ const char *gnutls_ext_get_name(unsigned int ext)
  * otherwise a negative error value.
  */
 int
-_gnutls_extension_list_check(gnutls_session_t session, uint16_t id)
+_gnutls_extension_list_check(gnutls_session_t session, extensions_t id)
 {
        unsigned i;
 
        for (i = 0; i < session->internals.used_exts_size; i++) {
-               if (id == session->internals.used_exts[i]->id)
+               if (id == session->internals.used_exts[i]->gid)
                        return 0;
        }
 
@@ -173,7 +173,7 @@ static unsigned _gnutls_extension_list_add(gnutls_session_t session, const struc
 
        if (check_dup) {
                for (i=0;i<session->internals.used_exts_size;i++) {
-                       if (session->internals.used_exts[i]->id == e->id)
+                       if (session->internals.used_exts[i]->gid == e->gid)
                                return 0;
                }
        }
@@ -191,6 +191,24 @@ static unsigned _gnutls_extension_list_add(gnutls_session_t session, const struc
        }
 }
 
+static unsigned tls_id_to_gid(gnutls_session_t session, unsigned tls_id)
+{
+       unsigned i;
+
+       for (i=0; i < session->internals.rexts_size; i++) {
+               if (session->internals.rexts[i].tls_id == tls_id)
+                       return session->internals.rexts[i].gid;
+       }
+
+       for (i = 0; extfunc[i] != NULL; i++) {
+               if (extfunc[i]->tls_id == tls_id)
+                       return extfunc[i]->gid;
+       }
+
+       return 0;
+}
+
+
 void _gnutls_extension_list_add_sr(gnutls_session_t session)
 {
        _gnutls_extension_list_add(session, &ext_mod_sr, 1);
@@ -205,7 +223,8 @@ _gnutls_parse_extensions(gnutls_session_t session,
 {
        int next, ret;
        int pos = 0;
-       uint16_t id;
+       uint16_t tls_id;
+       extensions_t id;
        const uint8_t *sdata;
        const extension_entry_st *ext;
        uint16_t size;
@@ -226,19 +245,25 @@ _gnutls_parse_extensions(gnutls_session_t session,
 
        do {
                DECR_LENGTH_RET(next, 2, GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
-               id = _gnutls_read_uint16(&data[pos]);
+               tls_id = _gnutls_read_uint16(&data[pos]);
                pos += 2;
 
+               id = tls_id_to_gid(session, tls_id);
+               if (id == 0) {
+                       goto skip;
+               }
+
                if (session->security_parameters.entity == GNUTLS_CLIENT) {
                        if ((ret =
                             _gnutls_extension_list_check(session, id)) < 0) {
                                _gnutls_debug_log("EXT[%p]: Received unexpected extension '%s/%d'\n", session,
-                                               gnutls_ext_get_name(id), (int)id);
+                                               gnutls_ext_get_name(tls_id), (int)tls_id);
                                gnutls_assert();
                                return ret;
                        }
                }
 
+ skip:
                DECR_LENGTH_RET(next, 2, GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
                size = _gnutls_read_uint16(&data[pos]);
                pos += 2;
@@ -251,7 +276,7 @@ _gnutls_parse_extensions(gnutls_session_t session,
                if (ext == NULL || ext->recv_func == NULL) {
                        _gnutls_handshake_log
                            ("EXT[%p]: Ignoring extension '%s/%d'\n", session,
-                            gnutls_ext_get_name(id), id);
+                            gnutls_ext_get_name(tls_id), tls_id);
 
                        continue;
                }
@@ -260,7 +285,7 @@ _gnutls_parse_extensions(gnutls_session_t session,
                if ((ext->validity & msg) == 0) {
 
                        _gnutls_debug_log("EXT[%p]: Received unexpected extension (%s/%d) for '%s'\n", session,
-                                         gnutls_ext_get_name(id), (int)id,
+                                         gnutls_ext_get_name(tls_id), (int)tls_id,
                                          ext_msg_validity_to_str(msg));
                        return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
                }
@@ -273,7 +298,7 @@ _gnutls_parse_extensions(gnutls_session_t session,
 
                _gnutls_handshake_log
                    ("EXT[%p]: Parsing extension '%s/%d' (%d bytes)\n",
-                    session, gnutls_ext_get_name(id), id,
+                    session, gnutls_ext_get_name(tls_id), tls_id,
                     size);
 
                if ((ret = ext->recv_func(session, sdata, size)) < 0) {
@@ -309,14 +334,14 @@ int send_extension(gnutls_session_t session, const extension_entry_st *p,
 
        if ((msg & p->validity) == 0) {
                _gnutls_handshake_log("EXT[%p]: Not sending extension (%s/%d) for '%s'\n", session,
-                                 gnutls_ext_get_name(p->id), (int)p->id,
+                                 gnutls_ext_get_name(p->tls_id), (int)p->tls_id,
                                  ext_msg_validity_to_str(msg));
                return 0;
        }
 
        /* ensure we don't send something twice (i.e, overriden extensions in
         * client), and ensure we are sending only what we received in server. */
-       ret = _gnutls_extension_list_check(session, p->id);
+       ret = _gnutls_extension_list_check(session, p->gid);
 
        if (session->security_parameters.entity == GNUTLS_SERVER) {
                if (ret < 0) /* not advertized */
@@ -326,7 +351,7 @@ int send_extension(gnutls_session_t session, const extension_entry_st *p,
                        return 0;
        }
 
-       ret = _gnutls_buffer_append_prefix(extdata, 16, p->id);
+       ret = _gnutls_buffer_append_prefix(extdata, 16, p->tls_id);
        if (ret < 0)
                return gnutls_assert_val(ret);
 
@@ -361,7 +386,7 @@ int send_extension(gnutls_session_t session, const extension_entry_st *p,
 
                _gnutls_handshake_log
                            ("EXT[%p]: Sending extension %s/%d (%d bytes)\n",
-                            session, p->name, p->id, appended);
+                            session, p->name, (int)p->tls_id, appended);
        } else if (appended == 0)
                extdata->length -= 4;   /* reset type and size */
 
@@ -459,10 +484,10 @@ static int pack_extension(gnutls_session_t session, const extension_entry_st *ex
        int rval = 0;
 
        ret =
-           _gnutls_ext_get_session_data(session, extp->id,
+           _gnutls_ext_get_session_data(session, extp->gid,
                                         &data);
        if (ret >= 0 && extp->pack_func != NULL) {
-               BUFFER_APPEND_NUM(packed, extp->id);
+               BUFFER_APPEND_NUM(packed, extp->gid);
 
                size_offset = packed->length;
                BUFFER_APPEND_NUM(packed, 0);
@@ -510,7 +535,7 @@ int _gnutls_ext_pack(gnutls_session_t session, gnutls_buffer_st *packed)
 
 static void
 _gnutls_ext_set_resumed_session_data(gnutls_session_t session,
-                                    uint16_t id,
+                                    extensions_t id,
                                     gnutls_ext_priv_data_t data)
 {
        int i;
@@ -538,7 +563,7 @@ int _gnutls_ext_unpack(gnutls_session_t session, gnutls_buffer_st * packed)
        int i, ret;
        gnutls_ext_priv_data_t data;
        int max_exts = 0;
-       uint16_t id;
+       extensions_t id;
        int size_for_id, cur_pos;
        const struct extension_entry_st *ext;
 
@@ -590,7 +615,7 @@ unset_ext_data(gnutls_session_t session, const struct extension_entry_st *ext, u
 
 void
 _gnutls_ext_unset_session_data(gnutls_session_t session,
-                               uint16_t id)
+                               extensions_t id)
 {
        int i;
        const struct extension_entry_st *ext;
@@ -639,7 +664,7 @@ void _gnutls_ext_free_session_data(gnutls_session_t session)
  * private pointer, to allow API additions by individual extensions.
  */
 void
-_gnutls_ext_set_session_data(gnutls_session_t session, uint16_t id,
+_gnutls_ext_set_session_data(gnutls_session_t session, extensions_t id,
                             gnutls_ext_priv_data_t data)
 {
        unsigned int i;
@@ -664,7 +689,7 @@ _gnutls_ext_set_session_data(gnutls_session_t session, uint16_t id,
 
 int
 _gnutls_ext_get_session_data(gnutls_session_t session,
-                            uint16_t id, gnutls_ext_priv_data_t * data)
+                            extensions_t id, gnutls_ext_priv_data_t * data)
 {
        int i;
 
@@ -682,7 +707,7 @@ _gnutls_ext_get_session_data(gnutls_session_t session,
 
 int
 _gnutls_ext_get_resumed_session_data(gnutls_session_t session,
-                                    uint16_t id,
+                                    extensions_t id,
                                     gnutls_ext_priv_data_t * data)
 {
        int i;
@@ -701,7 +726,7 @@ _gnutls_ext_get_resumed_session_data(gnutls_session_t session,
 /**
  * gnutls_ext_register:
  * @name: the name of the extension to register
- * @id: the numeric id of the extension
+ * @id: the numeric TLS id of the extension
  * @parse_type: the parse type of the extension (see gnutls_ext_parse_type_t)
  * @recv_func: a function to receive the data
  * @send_func: a function to send the data
@@ -735,19 +760,27 @@ gnutls_ext_register(const char *name, int id, gnutls_ext_parse_type_t parse_type
        extension_entry_st *tmp_mod;
        int ret;
        unsigned i;
+       unsigned gid = GNUTLS_EXTENSION_MAX+1;
 
        for (i = 0; extfunc[i] != NULL; i++) {
-               if (extfunc[i]->id == id)
+               if (extfunc[i]->tls_id == id)
                        return gnutls_assert_val(GNUTLS_E_ALREADY_REGISTERED);
+
+               if (extfunc[i]->gid >= gid)
+                       gid = extfunc[i]->gid + 1;
        }
 
+       if (gid > GNUTLS_EXTENSION_MAX_VALUE)
+               return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
        tmp_mod = gnutls_calloc(1, sizeof(*tmp_mod));
        if (tmp_mod == NULL)
                return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
 
        tmp_mod->name = gnutls_strdup(name);
        tmp_mod->free_struct = 1;
-       tmp_mod->id = id;
+       tmp_mod->tls_id = id;
+       tmp_mod->gid = gid;
        tmp_mod->parse_type = parse_type;
        tmp_mod->recv_func = recv_func;
        tmp_mod->send_func = send_func;
@@ -813,11 +846,12 @@ gnutls_session_ext_register(gnutls_session_t session,
        extension_entry_st tmp_mod;
        extension_entry_st *exts;
        unsigned i;
+       unsigned gid = GNUTLS_EXTENSION_MAX+1;
 
        /* reject handling any extensions which modify the TLS handshake
         * in any way, or are mapped to an exported API. */
        for (i = 0; extfunc[i] != NULL; i++) {
-               if (extfunc[i]->id == id) {
+               if (extfunc[i]->tls_id == id) {
                        if (!(flags & GNUTLS_EXT_FLAG_OVERRIDE_INTERNAL)) {
                                return gnutls_assert_val(GNUTLS_E_ALREADY_REGISTERED);
                        } else if (extfunc[i]->cannot_be_overriden) {
@@ -825,11 +859,27 @@ gnutls_session_ext_register(gnutls_session_t session,
                        }
                        break;
                }
+
+               if (extfunc[i]->gid >= gid)
+                       gid = extfunc[i]->gid + 1;
+       }
+
+       for (i=0;i<session->internals.rexts_size;i++) {
+               if (session->internals.rexts[i].tls_id == id) {
+                       return gnutls_assert_val(GNUTLS_E_ALREADY_REGISTERED);
+               }
+
+               if (session->internals.rexts[i].gid >= gid)
+                       gid = session->internals.rexts[i].gid + 1;
        }
 
+       if (gid > GNUTLS_EXTENSION_MAX_VALUE)
+               return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
        memset(&tmp_mod, 0, sizeof(extension_entry_st));
        tmp_mod.free_struct = 1;
-       tmp_mod.id = id;
+       tmp_mod.tls_id = id;
+       tmp_mod.gid = gid;
        tmp_mod.parse_type = parse_type;
        tmp_mod.recv_func = recv_func;
        tmp_mod.send_func = send_func;
@@ -858,7 +908,7 @@ gnutls_session_ext_register(gnutls_session_t session,
 /**
  * gnutls_ext_set_data:
  * @session: a #gnutls_session_t opaque pointer
- * @id: the numeric id of the extension
+ * @tls_id: the numeric id of the extension
  * @data: the private data to set
  *
  * This function allows an extension handler to store data in the current session
@@ -868,16 +918,20 @@ gnutls_session_ext_register(gnutls_session_t session,
  * Since: 3.4.0
  **/
 void
-gnutls_ext_set_data(gnutls_session_t session, unsigned id,
+gnutls_ext_set_data(gnutls_session_t session, unsigned tls_id,
                    gnutls_ext_priv_data_t data)
 {
+       unsigned id = tls_id_to_gid(session, tls_id);
+       if (id == 0)
+               return;
+
        _gnutls_ext_set_session_data(session, id, data);
 }
 
 /**
  * gnutls_ext_get_data:
  * @session: a #gnutls_session_t opaque pointer
- * @id: the numeric id of the extension
+ * @tls_id: the numeric id of the extension
  * @data: a pointer to the private data to retrieve
  *
  * This function retrieves any data previously stored with gnutls_ext_set_data().
@@ -888,7 +942,11 @@ gnutls_ext_set_data(gnutls_session_t session, unsigned id,
  **/
 int
 gnutls_ext_get_data(gnutls_session_t session,
-                   unsigned id, gnutls_ext_priv_data_t *data)
+                   unsigned tls_id, gnutls_ext_priv_data_t *data)
 {
+       unsigned id = tls_id_to_gid(session, tls_id);
+       if (id == 0)
+               return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+
        return _gnutls_ext_get_session_data(session, id, data);
 }

diff --git a/lib/extensions.h b/lib/extensions.h
index 3ef9d445c2a76e1bbe7f9a7e1c5efb305f2eed75..556cdd32d7a43da9155551f2103081f9a1f09ec4 100644 (file)
--- a/lib/extensions.h
+++ b/lib/extensions.h
@@ -37,20 +37,20 @@ int _gnutls_ext_init(void);
 void _gnutls_ext_deinit(void);
 
 void _gnutls_extension_list_add_sr(gnutls_session_t session);
-int _gnutls_extension_list_check(gnutls_session_t session, uint16_t type);
+int _gnutls_extension_list_check(gnutls_session_t session, extensions_t type);
 
 void _gnutls_ext_free_session_data(gnutls_session_t session);
 
 /* functions to be used by extensions internally
  */
 void _gnutls_ext_unset_session_data(gnutls_session_t session,
-                                   uint16_t type);
-void _gnutls_ext_set_session_data(gnutls_session_t session, uint16_t type,
+                                   extensions_t ext);
+void _gnutls_ext_set_session_data(gnutls_session_t session, extensions_t ext,
                                  gnutls_ext_priv_data_t);
-int _gnutls_ext_get_session_data(gnutls_session_t session, uint16_t type,
+int _gnutls_ext_get_session_data(gnutls_session_t session, extensions_t ext,
                                 gnutls_ext_priv_data_t *);
 int _gnutls_ext_get_resumed_session_data(gnutls_session_t session,
-                                        uint16_t type,
+                                        extensions_t ext,
                                         gnutls_ext_priv_data_t * data);
 
 /* for session packing */
@@ -86,7 +86,9 @@ typedef struct extension_entry_st {
        const char *name; /* const overriden when free_struct is set */
        unsigned free_struct;
 
-       uint16_t id;
+       uint16_t tls_id;
+       unsigned gid; /* gnutls internal ID */
+
        gnutls_ext_parse_type_t parse_type;
        unsigned validity; /* multiple items of gnutls_ext_flags_t */
 

diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 980b0ddfe20bbbac2f11fe8fb8ad136a91956ab3..b52e764bda9bbc41e182d4fd1c3b7d237cf91158 100644 (file)
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -267,30 +267,35 @@ typedef enum recv_state_t {
  */
 #define MAX_ALGOS GNUTLS_MAX_ALGORITHM_NUM
 
-/* http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
- */
+/* IDs are non-zero and allocated in a way that all values fit in 64-bit integer as (1<<val) */
 typedef enum extensions_t {
-       GNUTLS_EXTENSION_SERVER_NAME = 0,
        GNUTLS_EXTENSION_MAX_RECORD_SIZE = 1,
-       GNUTLS_EXTENSION_STATUS_REQUEST = 5,
-       GNUTLS_EXTENSION_CERT_TYPE = 9,
-       GNUTLS_EXTENSION_SUPPORTED_ECC = 10,
-       GNUTLS_EXTENSION_SUPPORTED_ECC_PF = 11,
-       GNUTLS_EXTENSION_SRP = 12,
-       GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS = 13,
-       GNUTLS_EXTENSION_SRTP = 14,
-       GNUTLS_EXTENSION_HEARTBEAT = 15,
-       GNUTLS_EXTENSION_ALPN = 16,
-       GNUTLS_EXTENSION_DUMBFW = 21,
-       GNUTLS_EXTENSION_ETM = 22,
-       GNUTLS_EXTENSION_EXT_MASTER_SECRET = 23,
-       GNUTLS_EXTENSION_SESSION_TICKET = 35,
-       GNUTLS_EXTENSION_KEY_SHARE = 40,
-       GNUTLS_EXTENSION_SUPPORTED_VERSIONS = 43,
-       GNUTLS_EXTENSION_POST_HANDSHAKE = 49,
-       GNUTLS_EXTENSION_SAFE_RENEGOTIATION = 65281     /* aka: 0xff01 */
+       GNUTLS_EXTENSION_STATUS_REQUEST,
+       GNUTLS_EXTENSION_CERT_TYPE,
+       GNUTLS_EXTENSION_SUPPORTED_ECC,
+       GNUTLS_EXTENSION_SUPPORTED_ECC_PF,
+       GNUTLS_EXTENSION_SRP,
+       GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
+       GNUTLS_EXTENSION_SRTP,
+       GNUTLS_EXTENSION_HEARTBEAT,
+       GNUTLS_EXTENSION_ALPN,
+       GNUTLS_EXTENSION_DUMBFW,
+       GNUTLS_EXTENSION_ETM,
+       GNUTLS_EXTENSION_EXT_MASTER_SECRET,
+       GNUTLS_EXTENSION_SESSION_TICKET,
+       GNUTLS_EXTENSION_KEY_SHARE,
+       GNUTLS_EXTENSION_SUPPORTED_VERSIONS,
+       GNUTLS_EXTENSION_POST_HANDSHAKE,
+       GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+       GNUTLS_EXTENSION_SERVER_NAME,
+       GNUTLS_EXTENSION_MAX = GNUTLS_EXTENSION_SERVER_NAME
 } extensions_t;
 
+#define GNUTLS_EXTENSION_MAX_VALUE 63
+#if GNUTLS_EXTENSION_MAX >= GNUTLS_EXTENSION_MAX_VALUE
+# error over limit
+#endif
+
 typedef enum { CIPHER_STREAM, CIPHER_BLOCK, CIPHER_AEAD } cipher_type_t;
 
 #define RESUME_TRUE 1
@@ -1125,7 +1130,7 @@ typedef struct {
        unsigned rexts_size;
 
        struct {
-               uint16_t id;
+               extensions_t id;
                gnutls_ext_priv_data_t priv;
                gnutls_ext_priv_data_t resumed_priv;
                uint8_t set;

diff --git a/lib/x509.c b/lib/x509.c
index 29435647b0849b02d632a99a9944ed0fa71e09cc..6ed556e5f94786824a9c6b75f155f973e35ea902 100644 (file)
--- a/lib/x509.c
+++ b/lib/x509.c
@@ -257,7 +257,8 @@ _gnutls_ocsp_verify_mandatory_stapling(gnutls_session_t session,
                                gnutls_assert();
                                goto cleanup;
                        }
-                       if (feature == GNUTLS_EXTENSION_STATUS_REQUEST) {
+
+                       if (feature == 5 /* TLS ID for status request */) {
                                /* We sent a status request, the certificate mandates a reply, but we did not get any. */
                                *ocsp_status |= GNUTLS_CERT_MISSING_OCSP_STATUS;
                                break;