| Index: openssl/ssl/t1_lib.c
|
| diff --git a/openssl/ssl/t1_lib.c b/openssl/ssl/t1_lib.c
|
| index f447f227c295294f94f9b1d8cf3e160f1d89ad7c..7a507f974e9d34b7c70bab8045e00f17dce14971 100644
|
| --- a/openssl/ssl/t1_lib.c
|
| +++ b/openssl/ssl/t1_lib.c
|
| @@ -661,6 +661,31 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
|
| }
|
| #endif
|
|
|
| + /* Add padding to workaround bugs in F5 terminators.
|
| + * See https://tools.ietf.org/html/draft-agl-tls-padding-02 */
|
| + {
|
| + int hlen = ret - (unsigned char *)s->init_buf->data;
|
| + /* The code in s23_clnt.c to build ClientHello messages includes the
|
| + * 5-byte record header in the buffer, while the code in s3_clnt.c does
|
| + * not. */
|
| + if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
|
| + hlen -= 5;
|
| + if (hlen > 0xff && hlen < 0x200)
|
| + {
|
| + hlen = 0x200 - hlen;
|
| + if (hlen >= 4)
|
| + hlen -= 4;
|
| + else
|
| + hlen = 0;
|
| +
|
| + s2n(TLSEXT_TYPE_padding, ret);
|
| + s2n(hlen, ret);
|
| + memset(ret, 0, hlen);
|
| + ret += hlen;
|
| + }
|
| + }
|
| +
|
| +
|
| if ((extdatalen = ret-p-2)== 0)
|
| return p;
|
|
|
|
|
Chromium Code Reviews
Issue 112933006:
OpenSSL: add support for the TLS padding extension.
Base URL: https://chromium.googlesource.com/chromium/deps/openssl.git@master