OLD | NEW |
---|---|
1 /* ssl/t1_lib.c */ | 1 /* ssl/t1_lib.c */ |
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 * All rights reserved. | 3 * All rights reserved. |
4 * | 4 * |
5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
8 * | 8 * |
9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
(...skipping 643 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
654 | 654 |
655 if(ssl_add_clienthello_use_srtp_ext(s, ret, &el, el)) | 655 if(ssl_add_clienthello_use_srtp_ext(s, ret, &el, el)) |
656 { | 656 { |
657 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ ERROR); | 657 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ ERROR); |
658 return NULL; | 658 return NULL; |
659 } | 659 } |
660 ret += el; | 660 ret += el; |
661 } | 661 } |
662 #endif | 662 #endif |
663 | 663 |
664 /* Add padding to workaround bugs in F5 terminators. | |
665 * See https://tools.ietf.org/html/draft-agl-tls-padding-02 */ | |
666 { | |
667 int hlen = ret - (unsigned char *)s->init_buf->data; | |
668 /* The code in s23_clnt.c to build ClientHello messages includes the | |
669 * 5-byte record header in the buffer, while the code in s3_clnt.c does | |
670 * not. */ | |
digit1
2013/12/12 17:02:28
That's really subtle. Is this per-spec/per-protoco
agl
2013/12/16 19:44:19
This is sadly an implementation niggle. I've added
| |
671 if (s->state == SSL23_ST_CW_CLNT_HELLO_A) | |
672 hlen -= 5; | |
673 if (hlen > 0xff && hlen < 0x200) | |
674 { | |
675 hlen = 0x200 - hlen; | |
676 if (hlen >= 4) | |
677 hlen -= 4; | |
678 else | |
679 hlen = 0; | |
680 | |
681 s2n(TLSEXT_TYPE_padding, ret); | |
682 s2n(hlen, ret); | |
683 memset(ret, 0, hlen); | |
684 ret += hlen; | |
685 } | |
686 } | |
687 | |
688 | |
664 if ((extdatalen = ret-p-2)== 0) | 689 if ((extdatalen = ret-p-2)== 0) |
665 return p; | 690 return p; |
666 | 691 |
667 s2n(extdatalen,p); | 692 s2n(extdatalen,p); |
668 return ret; | 693 return ret; |
669 } | 694 } |
670 | 695 |
671 unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha r *limit) | 696 unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha r *limit) |
672 { | 697 { |
673 int extdatalen=0; | 698 int extdatalen=0; |
(...skipping 1982 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2656 continue; | 2681 continue; |
2657 EVP_MD_CTX_copy_ex(&ctx, s->s3->handshake_dgst[i]); | 2682 EVP_MD_CTX_copy_ex(&ctx, s->s3->handshake_dgst[i]); |
2658 EVP_DigestFinal_ex(&ctx, temp_digest, &temp_digest_len); | 2683 EVP_DigestFinal_ex(&ctx, temp_digest, &temp_digest_len); |
2659 EVP_DigestUpdate(md, temp_digest, temp_digest_len); | 2684 EVP_DigestUpdate(md, temp_digest, temp_digest_len); |
2660 } | 2685 } |
2661 EVP_MD_CTX_cleanup(&ctx); | 2686 EVP_MD_CTX_cleanup(&ctx); |
2662 | 2687 |
2663 return 1; | 2688 return 1; |
2664 } | 2689 } |
2665 #endif | 2690 #endif |
OLD | NEW |