Chromium Code Reviews
Help | Chromium Project | Gerrit Changes | Sign in
(12)

Issue 112933006: OpenSSL: add support for the TLS padding extension.

Created:
7 years, 1 month ago by agl
Modified:
7 years, 1 month ago
Reviewers:
digit1
CC:
chromium-reviews
Base URL:
https://chromium.googlesource.com/chromium/deps/openssl.git@master
Visibility:
Public.

Description

OpenSSL: add support for the TLS padding extension. This worksaround a bug in some versions of F5 devices that causes the connection to hang when the ClientHello record is between 256 and 511 bytes long. https://tools.ietf.org/html/draft-agl-tls-padding-02 Based on the upstream patch to do the same thing: 0467ea68624450ecece4cde0d5803499aaff19c2 BUG=none

Patch Set 1 #

Patch Set 2 : ... #

Total comments: 2

Patch Set 3 : Add comments at ClientHello construction sites #

Unified diffs Side-by-side diffs Delta from patch set Stats (+248 lines, -2 lines) Patch
M openssl/include/openssl/tls1.h View 1 chunk +4 lines, -0 lines 0 comments Download
M openssl/openssl.config View 1 chunk +1 line, -0 lines 0 comments Download
A openssl/patches/paddingext.patch View 1 2 1 chunk +96 lines, -0 lines 0 comments Download
M openssl/ssl/s23_clnt.c View 1 2 1 chunk +4 lines, -1 line 0 comments Download
M openssl/ssl/s3_clnt.c View 1 2 1 chunk +3 lines, -1 line 0 comments Download
M openssl/ssl/t1_lib.c View 1 1 chunk +25 lines, -0 lines 0 comments Download
M openssl/ssl/tls1.h View 1 chunk +4 lines, -0 lines 0 comments Download
A patches.chromium/0008-paddingext.patch View 1 2 1 chunk +111 lines, -0 lines 0 comments Download

Messages

Total messages: 5 (0 generated)
agl
7 years, 1 month ago (2013-12-11 21:52:03 UTC) #1
agl
Note: have changed the CL to fix a bug. There are two places where OpenSSL ...
7 years, 1 month ago (2013-12-12 16:46:09 UTC) #2
digit1
ltgm
7 years, 1 month ago (2013-12-12 17:02:21 UTC) #3
digit1
https://codereview.chromium.org/112933006/diff/20001/openssl/ssl/t1_lib.c File openssl/ssl/t1_lib.c (right): https://codereview.chromium.org/112933006/diff/20001/openssl/ssl/t1_lib.c#newcode670 openssl/ssl/t1_lib.c:670: * not. */ That's really subtle. Is this per-spec/per-protocol ...
7 years, 1 month ago (2013-12-12 17:02:28 UTC) #4
agl
7 years, 1 month ago (2013-12-16 19:44:19 UTC) #5
https://codereview.chromium.org/112933006/diff/20001/openssl/ssl/t1_lib.c
File openssl/ssl/t1_lib.c (right):

https://codereview.chromium.org/112933006/diff/20001/openssl/ssl/t1_lib.c#new...
openssl/ssl/t1_lib.c:670: * not. */
On 2013/12/12 17:02:28, digit1 wrote:
> That's really subtle. Is this per-spec/per-protocol or an implementation
detail?
> If the latter, how about adding a comment in the appropriate places to avoid
> breaking this if the sources are independently modified in the future?

This is sadly an implementation niggle. I've added comments at the sites where
the buffers are setup about the subtle dependency.

Powered by Google App Engine
This is Rietveld 408576698