OLD | NEW |
1 /* | 1 /* |
2 * SSL3 Protocol | 2 * SSL3 Protocol |
3 * | 3 * |
4 * This Source Code Form is subject to the terms of the Mozilla Public | 4 * This Source Code Form is subject to the terms of the Mozilla Public |
5 * License, v. 2.0. If a copy of the MPL was not distributed with this | 5 * License, v. 2.0. If a copy of the MPL was not distributed with this |
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
7 | 7 |
8 /* TLS extension code moved here from ssl3ecc.c */ | 8 /* TLS extension code moved here from ssl3ecc.c */ |
9 | 9 |
10 #include "nssrenam.h" | 10 #include "nssrenam.h" |
(...skipping 2324 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2335 } | 2335 } |
2336 | 2336 |
2337 unsigned int | 2337 unsigned int |
2338 ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength) | 2338 ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength) |
2339 { | 2339 { |
2340 unsigned int recordLength = 1 /* handshake message type */ + | 2340 unsigned int recordLength = 1 /* handshake message type */ + |
2341 3 /* handshake message length */ + | 2341 3 /* handshake message length */ + |
2342 clientHelloLength; | 2342 clientHelloLength; |
2343 unsigned int extensionLength; | 2343 unsigned int extensionLength; |
2344 | 2344 |
2345 /* This condition should be: | 2345 if (recordLength < 256 || recordLength >= 512) { |
2346 * if (recordLength < 256 || recordLength >= 512) { | |
2347 * It has been changed, temporarily, to test whether 512 byte ClientHellos | |
2348 * are a compatibility problem. */ | |
2349 if (recordLength >= 512) { | |
2350 return 0; | 2346 return 0; |
2351 } | 2347 } |
2352 | 2348 |
2353 extensionLength = 512 - recordLength; | 2349 extensionLength = 512 - recordLength; |
2354 /* Extensions take at least four bytes to encode. */ | 2350 /* Extensions take at least four bytes to encode. */ |
2355 if (extensionLength < 4) { | 2351 if (extensionLength < 4) { |
2356 extensionLength = 4; | 2352 extensionLength = 4; |
2357 } | 2353 } |
2358 | 2354 |
2359 return extensionLength; | 2355 return extensionLength; |
2360 } | 2356 } |
2361 | 2357 |
2362 /* ssl3_AppendPaddingExtension possibly adds an extension which ensures that a | 2358 /* ssl3_AppendPaddingExtension possibly adds an extension which ensures that a |
2363 * ClientHello record is either < 256 bytes or is >= 512 bytes. This ensures | 2359 * ClientHello record is either < 256 bytes or is >= 512 bytes. This ensures |
2364 * that we don't trigger bugs in F5 products. */ | 2360 * that we don't trigger bugs in F5 products. */ |
2365 PRInt32 | 2361 PRInt32 |
2366 ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen, | 2362 ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen, |
2367 PRUint32 maxBytes) | 2363 PRUint32 maxBytes) |
2368 { | 2364 { |
2369 unsigned int paddingLen = extensionLen - 4; | 2365 unsigned int paddingLen = extensionLen - 4; |
2370 static unsigned char padding[512]; | 2366 static unsigned char padding[256]; |
2371 | 2367 |
2372 if (extensionLen == 0) { | 2368 if (extensionLen == 0) { |
2373 return 0; | 2369 return 0; |
2374 } | 2370 } |
2375 | 2371 |
2376 if (extensionLen < 4 || | 2372 if (extensionLen < 4 || |
2377 extensionLen > maxBytes || | 2373 extensionLen > maxBytes || |
2378 paddingLen > sizeof(padding)) { | 2374 paddingLen > sizeof(padding)) { |
2379 PORT_Assert(0); | 2375 PORT_Assert(0); |
2380 return -1; | 2376 return -1; |
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2444 | 2440 |
2445 if (!data->len) { | 2441 if (!data->len) { |
2446 /* Empty extension data: RFC 6962 mandates non-empty contents. */ | 2442 /* Empty extension data: RFC 6962 mandates non-empty contents. */ |
2447 return SECFailure; | 2443 return SECFailure; |
2448 } | 2444 } |
2449 *scts = *data; | 2445 *scts = *data; |
2450 /* Keep track of negotiated extensions. */ | 2446 /* Keep track of negotiated extensions. */ |
2451 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; | 2447 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; |
2452 return SECSuccess; | 2448 return SECSuccess; |
2453 } | 2449 } |
OLD | NEW |