Chromium Code Reviews Chromium Code Reviews
Issue 112933006:
OpenSSL: add support for the TLS padding extension.
Base URL: https://chromium.googlesource.com/chromium/deps/openssl.git@master| OLD | NEW |
|---|---|
| 1 /* ssl/t1_lib.c */ | 1 /* ssl/t1_lib.c */ |
| 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 * All rights reserved. | 3 * All rights reserved. |
| 4 * | 4 * |
| 5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
| 6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
| 7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
| 8 * | 8 * |
| 9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
| 10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
| (...skipping 643 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 654 | 654 |
| 655 if(ssl_add_clienthello_use_srtp_ext(s, ret, &el, el)) | 655 if(ssl_add_clienthello_use_srtp_ext(s, ret, &el, el)) |
| 656 { | 656 { |
| 657 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ ERROR); | 657 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ ERROR); |
| 658 return NULL; | 658 return NULL; |
| 659 } | 659 } |
| 660 ret += el; | 660 ret += el; |
| 661 } | 661 } |
| 662 #endif | 662 #endif |
| 663 | 663 |
| 664 /* Add padding to workaround bugs in F5 terminators. | |
| 665 * See https://tools.ietf.org/html/draft-agl-tls-padding-02 */ | |
| 666 { | |
| 667 int hlen = ret - (unsigned char *)s->init_buf->data; | |
| 668 /* The code in s23_clnt.c to build ClientHello messages includes the | |
| 669 * 5-byte record header in the buffer, while the code in s3_clnt.c does | |
| 670 * not. */ | |
|
digit1
2013/12/12 17:02:28
That's really subtle. Is this per-spec/per-protoco
agl
2013/12/16 19:44:19
This is sadly an implementation niggle. I've added
| |
| 671 if (s->state == SSL23_ST_CW_CLNT_HELLO_A) | |
| 672 hlen -= 5; | |
| 673 if (hlen > 0xff && hlen < 0x200) | |
| 674 { | |
| 675 hlen = 0x200 - hlen; | |
| 676 if (hlen >= 4) | |
| 677 hlen -= 4; | |
| 678 else | |
| 679 hlen = 0; | |
| 680 | |
| 681 s2n(TLSEXT_TYPE_padding, ret); | |
| 682 s2n(hlen, ret); | |
| 683 memset(ret, 0, hlen); | |
| 684 ret += hlen; | |
| 685 } | |
| 686 } | |
| 687 | |
| 688 | |
| 664 if ((extdatalen = ret-p-2)== 0) | 689 if ((extdatalen = ret-p-2)== 0) |
| 665 return p; | 690 return p; |
| 666 | 691 |
| 667 s2n(extdatalen,p); | 692 s2n(extdatalen,p); |
| 668 return ret; | 693 return ret; |
| 669 } | 694 } |
| 670 | 695 |
| 671 unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha r *limit) | 696 unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha r *limit) |
| 672 { | 697 { |
| 673 int extdatalen=0; | 698 int extdatalen=0; |
| (...skipping 1982 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2656 continue; | 2681 continue; |
| 2657 EVP_MD_CTX_copy_ex(&ctx, s->s3->handshake_dgst[i]); | 2682 EVP_MD_CTX_copy_ex(&ctx, s->s3->handshake_dgst[i]); |
| 2658 EVP_DigestFinal_ex(&ctx, temp_digest, &temp_digest_len); | 2683 EVP_DigestFinal_ex(&ctx, temp_digest, &temp_digest_len); |
| 2659 EVP_DigestUpdate(md, temp_digest, temp_digest_len); | 2684 EVP_DigestUpdate(md, temp_digest, temp_digest_len); |
| 2660 } | 2685 } |
| 2661 EVP_MD_CTX_cleanup(&ctx); | 2686 EVP_MD_CTX_cleanup(&ctx); |
| 2662 | 2687 |
| 2663 return 1; | 2688 return 1; |
| 2664 } | 2689 } |
| 2665 #endif | 2690 #endif |
| OLD | NEW |
