25139258422

Committed 29 Apr 2026 08:02PM UTC coverage: 89.37% (-0.02%) from 89.385%

Build # 25139258422

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #5550 from randombit/jack/tls-misc

TLS conformance, hardening, and performance fixes

Coverage Stats

107055 of 119789 relevant lines covered (89.37%)

11415549.66 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

86.67

/src/lib/tls/tls_extensions_cert_status_req.cpp

/*
* TLS Extension Certificate_Status_Request
* (C) 2011,2012,2015,2016,2022 Jack Lloyd
*     2016 Juraj Somorovsky
*     2021 Elektrobit Automotive GmbH
*     2022 Hannes Rantzsch, René Meusel, neXenio GmbH
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/tls_extensions.h>

#include <botan/tls_exceptn.h>
#include <botan/tls_messages.h>
#include <botan/internal/tls_reader.h>

namespace Botan::TLS {

namespace {
class RFC6066_Empty_Certificate_Status_Request {
   public:
      RFC6066_Empty_Certificate_Status_Request() = default;

      explicit RFC6066_Empty_Certificate_Status_Request(uint16_t extension_size) {
         if(extension_size != 0) {
            throw Decoding_Error("Received an unexpectedly non-empty Certificate_Status_Request");
         }
      }

      std::vector<uint8_t> serialize() const { return {}; }
};

class RFC6066_Certificate_Status_Request {
   public:
      RFC6066_Certificate_Status_Request(std::vector<uint8_t> names, std::vector<std::vector<uint8_t>> keys) :
            ocsp_names(std::move(names)), ocsp_keys(std::move(keys)) {}

      RFC6066_Certificate_Status_Request(TLS_Data_Reader& reader, uint16_t extension_size) {
         if(extension_size == 0) {
            throw Decoding_Error("Received an unexpectedly empty Certificate_Status_Request");
         }

         const uint8_t type = reader.get_byte();
         if(type == 1 /* ocsp */) {
            // RFC 6066 Section 8: OCSP CertificateStatusRequest is
            //    ResponderID responder_id_list<0..2^16-1>;
            //    Extensions  request_extensions;
            //
            // for a total wire size of 1 (status_type) + 2 (resp_id_list len)
            //   + len_resp_id_list + 2 (request_ext len) + len_requ_ext.
            if(extension_size < 5) {
               throw Decoding_Error("Truncated OCSP CertificateStatusRequest");
            }
            const size_t len_resp_id_list = reader.get_uint16_t();
            if(len_resp_id_list > static_cast<size_t>(extension_size) - 5) {
               throw Decoding_Error("Inconsistent length in OCSP CertificateStatusRequest");
            }
            ocsp_names = reader.get_fixed<uint8_t>(len_resp_id_list);
            const size_t len_requ_ext = reader.get_uint16_t();
            if(len_resp_id_list + len_requ_ext + 5 != extension_size) {
               throw Decoding_Error("Inconsistent length in OCSP CertificateStatusRequest");
            }
            extension_bytes = reader.get_fixed<uint8_t>(len_requ_ext);
         } else {
            // RFC 6066 does not specify anything but 'ocsp' and we
            // don't support anything else either.
            reader.discard_next(extension_size - 1);
         }
      }

      std::vector<uint8_t> serialize() const {
         // Serialization is hard-coded as we don't support advanced features
         // of this extension anyway.
         return {
            1,  // status_type = ocsp
            0,
            0,  // empty responder_id_list
            0,
            0,  // no extensions
         };
      }

      std::vector<uint8_t> ocsp_names;              // NOLINT(*-non-private-member-variable*)
      std::vector<std::vector<uint8_t>> ocsp_keys;  // NOLINT(*-non-private-member-variable*)
      std::vector<uint8_t> extension_bytes;         // NOLINT(*-non-private-member-variable*)
};

}  // namespace

class Certificate_Status_Request_Internal {
   private:
      using Contents =
         std::variant<RFC6066_Empty_Certificate_Status_Request, RFC6066_Certificate_Status_Request, Certificate_Status>;

   public:
      explicit Certificate_Status_Request_Internal(Contents c) : content(std::move(c)) {}

      Contents content;  // NOLINT(*-non-private-member-variable*)
};

Certificate_Status_Request::Certificate_Status_Request(TLS_Data_Reader& reader,
                                                       uint16_t extension_size,
                                                       Handshake_Type message_type,
                                                       Connection_Side from) {
   // This parser needs to take TLS 1.2 and TLS 1.3 into account. The
   // extension's content and structure is dependent on the context it
   // was sent in (i.e. the enclosing handshake message). Below is a list
   // of handshake messages this can appear in.
   //
   // TLS 1.2
   //  * Client Hello
   //  * Server Hello
   //
   // TLS 1.3
   //  * Client Hello
   //  * Certificate Request
   //  * Certificate (Entry)

   // RFC 6066 8.
   //    In order to indicate their desire to receive certificate status
   //    information, clients MAY include an extension of type "status_request"
   //    in the (extended) client hello.
   if(message_type == Handshake_Type::ClientHello) {
      m_impl = std::make_unique<Certificate_Status_Request_Internal>(
         RFC6066_Certificate_Status_Request(reader, extension_size));
   }

   // RFC 6066 8.
   //    If a server returns a "CertificateStatus" message, then the server MUST
   //    have included an extension of type "status_request" with empty
   //    "extension_data" in the extended server hello.
   //
   // RFC 8446 4.4.2.1
   //    A server MAY request that a client present an OCSP response with its
   //    certificate by sending an empty "status_request" extension in its
   //    CertificateRequest message.
   else if(message_type == Handshake_Type::ServerHello || message_type == Handshake_Type::CertificateRequest) {
      m_impl = std::make_unique<Certificate_Status_Request_Internal>(
         RFC6066_Empty_Certificate_Status_Request(extension_size));
   }

   // RFC 8446 4.4.2.1
   //    In TLS 1.3, the server's OCSP information is carried in an extension
   //    in the CertificateEntry [in a Certificate handshake message] [...].
   //    Specifically, the body of the "status_request" extension from the
   //    server MUST be a CertificateStatus structure as defined in [RFC6066]
   //    [...].
   //
   // RFC 8446 4.4.2.1
   //    If the client opts to send an OCSP response, the body of its
   //    "status_request" extension MUST be a CertificateStatus structure as
   //    defined in [RFC6066].
   else if(message_type == Handshake_Type::Certificate) {
      m_impl = std::make_unique<Certificate_Status_Request_Internal>(
         Certificate_Status(reader.get_fixed<uint8_t>(extension_size), from));
   }

   // all other contexts are not allowed for this extension
   else {
      throw TLS_Exception(Alert::UnsupportedExtension,
                          "Server sent a Certificate_Status_Request extension in an unsupported context");
   }
}

Certificate_Status_Request::Certificate_Status_Request() :
      m_impl(std::make_unique<Certificate_Status_Request_Internal>(RFC6066_Empty_Certificate_Status_Request())) {}

Certificate_Status_Request::Certificate_Status_Request(std::vector<uint8_t> ocsp_responder_ids,
                                                       std::vector<std::vector<uint8_t>> ocsp_key_ids) :
      m_impl(std::make_unique<Certificate_Status_Request_Internal>(
         RFC6066_Certificate_Status_Request(std::move(ocsp_responder_ids), std::move(ocsp_key_ids)))) {}

Certificate_Status_Request::Certificate_Status_Request(std::vector<uint8_t> response) :
      m_impl(std::make_unique<Certificate_Status_Request_Internal>(Certificate_Status(std::move(response)))) {}

Certificate_Status_Request::~Certificate_Status_Request() = default;

const std::vector<uint8_t>& Certificate_Status_Request::get_ocsp_response() const {
   BOTAN_ASSERT_NONNULL(m_impl);
   BOTAN_STATE_CHECK(std::holds_alternative<Certificate_Status>(m_impl->content));
   return std::get<Certificate_Status>(m_impl->content).response();
}

std::vector<uint8_t> Certificate_Status_Request::serialize(Connection_Side /*side*/) const {
   BOTAN_ASSERT_NONNULL(m_impl);
   return std::visit([](const auto& c) { return c.serialize(); }, m_impl->content);
}

}  // namespace Botan::TLS

1	/*
2	* TLS Extension Certificate_Status_Request
3	* (C) 2011,2012,2015,2016,2022 Jack Lloyd
4	* 2016 Juraj Somorovsky
5	* 2021 Elektrobit Automotive GmbH
6	* 2022 Hannes Rantzsch, René Meusel, neXenio GmbH
7	*
8	* Botan is released under the Simplified BSD License (see license.txt)
9	*/
10
11	#include <botan/tls_extensions.h>
12
13	#include <botan/tls_exceptn.h>
14	#include <botan/tls_messages.h>
15	#include <botan/internal/tls_reader.h>
16
17	namespace Botan::TLS {
18
19	namespace {
20	class RFC6066_Empty_Certificate_Status_Request {
21	public:
22	RFC6066_Empty_Certificate_Status_Request() = default;
23
24	explicit RFC6066_Empty_Certificate_Status_Request(uint16_t extension_size) {	279✔
25	if(extension_size != 0) {	279✔
26	throw Decoding_Error("Received an unexpectedly non-empty Certificate_Status_Request");	×
27	}
28	}	279✔
29
30	std::vector<uint8_t> serialize() const { return {}; }	223✔
31	};
32
33	class RFC6066_Certificate_Status_Request {	4,895✔
34	public:
35	RFC6066_Certificate_Status_Request(std::vector<uint8_t> names, std::vector<std::vector<uint8_t>> keys) :	2,319✔
36	ocsp_names(std::move(names)), ocsp_keys(std::move(keys)) {}	2,319✔
37
38	RFC6066_Certificate_Status_Request(TLS_Data_Reader& reader, uint16_t extension_size) {	2,576✔
39	if(extension_size == 0) {	2,576✔
40	throw Decoding_Error("Received an unexpectedly empty Certificate_Status_Request");	×
41	}
42
43	const uint8_t type = reader.get_byte();	2,576✔
44	if(type == 1 /* ocsp */) {	2,576✔
45	// RFC 6066 Section 8: OCSP CertificateStatusRequest is
46	// ResponderID responder_id_list<0..2^16-1>;
47	// Extensions request_extensions;
48	//
49	// for a total wire size of 1 (status_type) + 2 (resp_id_list len)
50	// + len_resp_id_list + 2 (request_ext len) + len_requ_ext.
51	if(extension_size < 5) {	2,576✔
52	throw Decoding_Error("Truncated OCSP CertificateStatusRequest");	×
53	}
54	const size_t len_resp_id_list = reader.get_uint16_t();	2,576✔
55	if(len_resp_id_list > static_cast<size_t>(extension_size) - 5) {	2,576✔
56	throw Decoding_Error("Inconsistent length in OCSP CertificateStatusRequest");	×
57	}
58	ocsp_names = reader.get_fixed<uint8_t>(len_resp_id_list);	2,576✔
59	const size_t len_requ_ext = reader.get_uint16_t();	2,576✔
60	if(len_resp_id_list + len_requ_ext + 5 != extension_size) {	2,576✔
61	throw Decoding_Error("Inconsistent length in OCSP CertificateStatusRequest");	×
62	}
63	extension_bytes = reader.get_fixed<uint8_t>(len_requ_ext);	2,576✔
64	} else {
65	// RFC 6066 does not specify anything but 'ocsp' and we
66	// don't support anything else either.
67	reader.discard_next(extension_size - 1);	×
68	}
69	}	2,576✔
70
71	std::vector<uint8_t> serialize() const {	2,488✔
72	// Serialization is hard-coded as we don't support advanced features
73	// of this extension anyway.
74	return {	2,488✔
75	1, // status_type = ocsp
76	0,
77	0, // empty responder_id_list
78	0,
79	0, // no extensions
80	};	4,976✔
81	}
82
83	std::vector<uint8_t> ocsp_names; // NOLINT(-non-private-member-variable)
84	std::vector<std::vector<uint8_t>> ocsp_keys; // NOLINT(-non-private-member-variable)
85	std::vector<uint8_t> extension_bytes; // NOLINT(-non-private-member-variable)
86	};
87
88	} // namespace
89
90	class Certificate_Status_Request_Internal {	10,876✔
91	private:
92	using Contents =
93	std::variant<RFC6066_Empty_Certificate_Status_Request, RFC6066_Certificate_Status_Request, Certificate_Status>;
94
95	public:
96	explicit Certificate_Status_Request_Internal(Contents c) : content(std::move(c)) {}	5,440✔
97
98	Contents content; // NOLINT(-non-private-member-variable)
99	};
100
101	Certificate_Status_Request::Certificate_Status_Request(TLS_Data_Reader& reader,	2,883✔
102	uint16_t extension_size,
103	Handshake_Type message_type,
104	Connection_Side from) {	2,883✔
105	// This parser needs to take TLS 1.2 and TLS 1.3 into account. The
106	// extension's content and structure is dependent on the context it
107	// was sent in (i.e. the enclosing handshake message). Below is a list
108	// of handshake messages this can appear in.
109	//
110	// TLS 1.2
111	// * Client Hello
112	// * Server Hello
113	//
114	// TLS 1.3
115	// * Client Hello
116	// * Certificate Request
117	// * Certificate (Entry)
118
119	// RFC 6066 8.
120	// In order to indicate their desire to receive certificate status
121	// information, clients MAY include an extension of type "status_request"
122	// in the (extended) client hello.
123	if(message_type == Handshake_Type::ClientHello) {	2,883✔
124	m_impl = std::make_unique<Certificate_Status_Request_Internal>(	5,152✔
125	RFC6066_Certificate_Status_Request(reader, extension_size));	5,152✔
126	}
127
128	// RFC 6066 8.
129	// If a server returns a "CertificateStatus" message, then the server MUST
130	// have included an extension of type "status_request" with empty
131	// "extension_data" in the extended server hello.
132	//
133	// RFC 8446 4.4.2.1
134	// A server MAY request that a client present an OCSP response with its
135	// certificate by sending an empty "status_request" extension in its
136	// CertificateRequest message.
137	else if(message_type == Handshake_Type::ServerHello \|\| message_type == Handshake_Type::CertificateRequest) {	307✔
138	m_impl = std::make_unique<Certificate_Status_Request_Internal>(	558✔
139	RFC6066_Empty_Certificate_Status_Request(extension_size));	558✔
140	}
141
142	// RFC 8446 4.4.2.1
143	// In TLS 1.3, the server's OCSP information is carried in an extension
144	// in the CertificateEntry [in a Certificate handshake message] [...].
145	// Specifically, the body of the "status_request" extension from the
146	// server MUST be a CertificateStatus structure as defined in [RFC6066]
147	// [...].
148	//
149	// RFC 8446 4.4.2.1
150	// If the client opts to send an OCSP response, the body of its
151	// "status_request" extension MUST be a CertificateStatus structure as
152	// defined in [RFC6066].
153	else if(message_type == Handshake_Type::Certificate) {	28✔
154	m_impl = std::make_unique<Certificate_Status_Request_Internal>(	54✔
155	Certificate_Status(reader.get_fixed<uint8_t>(extension_size), from));	83✔
156	}
157
158	// all other contexts are not allowed for this extension
159	else {
160	throw TLS_Exception(Alert::UnsupportedExtension,	×
161	"Server sent a Certificate_Status_Request extension in an unsupported context");	×
162	}
163	}	2,883✔
164
165	Certificate_Status_Request::Certificate_Status_Request() :	223✔
166	m_impl(std::make_unique<Certificate_Status_Request_Internal>(RFC6066_Empty_Certificate_Status_Request())) {}	223✔
167
168	Certificate_Status_Request::Certificate_Status_Request(std::vector<uint8_t> ocsp_responder_ids,	2,319✔
169	std::vector<std::vector<uint8_t>> ocsp_key_ids) :	2,319✔
170	m_impl(std::make_unique<Certificate_Status_Request_Internal>(	2,319✔
171	RFC6066_Certificate_Status_Request(std::move(ocsp_responder_ids), std::move(ocsp_key_ids)))) {}	2,319✔
172
173	Certificate_Status_Request::Certificate_Status_Request(std::vector<uint8_t> response) :	16✔
174	m_impl(std::make_unique<Certificate_Status_Request_Internal>(Certificate_Status(std::move(response)))) {}	32✔
175
176	Certificate_Status_Request::~Certificate_Status_Request() = default;	10,876✔
177
178	const std::vector<uint8_t>& Certificate_Status_Request::get_ocsp_response() const {	24✔
179	BOTAN_ASSERT_NONNULL(m_impl);	24✔
180	BOTAN_STATE_CHECK(std::holds_alternative<Certificate_Status>(m_impl->content));	24✔
181	return std::get<Certificate_Status>(m_impl->content).response();	24✔
182	}
183
184	std::vector<uint8_t> Certificate_Status_Request::serialize(Connection_Side /side/) const {	2,727✔
185	BOTAN_ASSERT_NONNULL(m_impl);	2,727✔
186	return std::visit([](const auto& c) { return c.serialize(); }, m_impl->content);	5,454✔
187	}
188
189	} // namespace Botan::TLS

randombit / botan / 25139258422

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous