Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(7)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: patches.chromium/0008-paddingext.patch

Issue 112933006: OpenSSL: add support for the TLS padding extension. Base URL: https://chromium.googlesource.com/chromium/deps/openssl.git@master
Patch Set: Add comments at ClientHello construction sites Created 7 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « openssl/ssl/tls1.h ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: patches.chromium/0008-paddingext.patch
diff --git a/patches.chromium/0008-paddingext.patch b/patches.chromium/0008-paddingext.patch
new file mode 100644
index 0000000000000000000000000000000000000000..b8b50d4a28fcd2ad50e9ed46f023404742fc6d2c
--- /dev/null
+++ b/patches.chromium/0008-paddingext.patch
@@ -0,0 +1,111 @@
+diff -burN android-openssl.orig/openssl.config android-openssl-lhash2/openssl.config
+--- android-openssl.orig/openssl.config 2013-11-05 14:11:10.833326408 -0500
++++ android-openssl-lhash2/openssl.config 2013-11-05 14:38:31.187575574 -0500
+@@ -1015,6 +1015,7 @@
+ use_aead_for_aes_gcm.patch \
+ chacha20poly1305.patch \
+ neon_runtime.patch \
++paddingext.patch \
+ "
+
+ OPENSSL_PATCHES_progs_SOURCES="\
+diff -burN android-openssl-foo/patches/paddingext.patch android-openssl/patches/paddingext.patch
+--- android-openssl-foo/patches/paddingext.patch 1969-12-31 19:00:00.000000000 -0500
++++ android-openssl/patches/paddingext.patch 2013-11-05 14:14:34.631283497 -0500
+@@ -0,0 +1,96 @@
++From 61a9671951205d66382556b2502993ffc9201f59 Mon Sep 17 00:00:00 2001
++From: Adam Langley <agl@chromium.org>
++Date: Wed, 11 Dec 2013 16:25:17 -0500
++Subject: [PATCH 57/57] Add padding extension.
++
++This change adds a padding extension, when needed, in order to work
++around bugs in F5 terminators.
++---
++ ssl/t1_lib.c | 20 ++++++++++++++++++++
++ ssl/tls1.h | 4 ++++
++ 2 files changed, 24 insertions(+)
++
++diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
++index 47673e7..94e9692 100644
++--- a/ssl/s23_clnt.c
+++++ b/ssl/s23_clnt.c
++@@ -466,7 +466,10 @@ static int ssl23_client_hello(SSL *s)
++ {
++ /* create Client Hello in SSL 3.0/TLS 1.0 format */
++
++- /* do the record header (5 bytes) and handshake message header (4 bytes) last */
+++ /* do the record header (5 bytes) and handshake message
+++ * header (4 bytes) last. Note: the code to add the
+++ * padding extension in t1_lib.c depends on the size of
+++ * this prefix. */
++ d = p = &(buf[9]);
++
++ *(p++) = version_major;
++diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
++index a657360..faa8d36 100644
++--- a/ssl/s3_clnt.c
+++++ b/ssl/s3_clnt.c
++@@ -752,7 +752,9 @@ int ssl3_client_hello(SSL *s)
++ if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
++ goto err;
++
++- /* Do the message type and length last */
+++ /* Do the message type and length last.
+++ * Note: the code to add the padding extension in t1_lib.c
+++ * depends on the size of this prefix. */
++ d=p= &(buf[4]);
++
++ /* version indicates the negotiated version: for example from
++diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
++index 5578056..f9ad9d9 100644
++--- a/ssl/t1_lib.c
+++++ b/ssl/t1_lib.c
++@@ -695,6 +695,31 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
++ }
++ #endif
++
+++ /* Add padding to workaround bugs in F5 terminators.
+++ * See https://tools.ietf.org/html/draft-agl-tls-padding-02 */
+++ {
+++ int hlen = ret - (unsigned char *)s->init_buf->data;
+++ /* The code in s23_clnt.c to build ClientHello messages includes the
+++ * 5-byte record header in the buffer, while the code in s3_clnt.c does
+++ * not. */
+++ if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
+++ hlen -= 5;
+++ if (hlen > 0xff && hlen < 0x200)
+++ {
+++ hlen = 0x200 - hlen;
+++ if (hlen >= 4)
+++ hlen -= 4;
+++ else
+++ hlen = 0;
+++
+++ s2n(TLSEXT_TYPE_padding, ret);
+++ s2n(hlen, ret);
+++ memset(ret, 0, hlen);
+++ ret += hlen;
+++ }
+++ }
+++
+++
++ if ((extdatalen = ret-p-2)== 0)
++ return p;
++
++diff --git a/ssl/tls1.h b/ssl/tls1.h
++index ecf5da7..df8f482 100644
++--- a/ssl/tls1.h
+++++ b/ssl/tls1.h
++@@ -255,6 +255,10 @@ extern "C" {
++ #define TLSEXT_TYPE_channel_id 30031
++ #define TLSEXT_TYPE_channel_id_new 30032
++
+++/* See https://tools.ietf.org/html/draft-agl-tls-padding-02
+++ * Number not yet IANA assigned. */
+++#define TLSEXT_TYPE_padding 35655
+++
++ /* NameType value from RFC 3546 */
++ #define TLSEXT_NAMETYPE_host_name 0
++ /* status request value from RFC 3546 */
++--
++1.8.5.1
« no previous file with comments | « openssl/ssl/tls1.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698