OLD | NEW |
| (Empty) |
1 diff -burN android-openssl.orig/include/openssl/tls1.h android-openssl/include/o
penssl/tls1.h | |
2 --- android-openssl.orig/include/openssl/tls1.h 2014-04-07 17:20:17.990940592 -0
700 | |
3 +++ android-openssl/include/openssl/tls1.h 2014-04-07 17:22:32.432921935 -0
700 | |
4 @@ -230,6 +230,12 @@ | |
5 /* ExtensionType value from RFC5620 */ | |
6 #define TLSEXT_TYPE_heartbeat 15 | |
7 | |
8 +/* ExtensionType value for TLS padding extension. | |
9 + * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-v
alues.xhtml | |
10 + * http://tools.ietf.org/html/draft-agl-tls-padding-03 | |
11 + */ | |
12 +#define TLSEXT_TYPE_padding 21 | |
13 + | |
14 /* ExtensionType value from RFC4507 */ | |
15 #define TLSEXT_TYPE_session_ticket 35 | |
16 | |
17 diff -burN android-openssl.orig/ssl/s23_clnt.c android-openssl/ssl/s23_clnt.c | |
18 --- android-openssl.orig/ssl/s23_clnt.c 2014-04-07 17:20:17.990940592 -0700 | |
19 +++ android-openssl/ssl/s23_clnt.c 2014-04-07 17:21:55.042370926 -0700 | |
20 @@ -466,7 +466,10 @@ | |
21 { | |
22 /* create Client Hello in SSL 3.0/TLS 1.0 format */ | |
23 | |
24 - /* do the record header (5 bytes) and handshake message
header (4 bytes) last */ | |
25 + /* do the record header (5 bytes) and handshake message | |
26 + * header (4 bytes) last. Note: the code to add the | |
27 + * padding extension in t1_lib.c depends on the size of | |
28 + * this prefix. */ | |
29 d = p = &(buf[9]); | |
30 | |
31 *(p++) = version_major; | |
32 diff -burN android-openssl.orig/ssl/s3_clnt.c android-openssl/ssl/s3_clnt.c | |
33 --- android-openssl.orig/ssl/s3_clnt.c 2014-04-07 17:20:18.040941329 -0700 | |
34 +++ android-openssl/ssl/s3_clnt.c 2014-04-07 17:21:55.042370926 -0700 | |
35 @@ -758,7 +758,9 @@ | |
36 if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) | |
37 goto err; | |
38 | |
39 - /* Do the message type and length last */ | |
40 + /* Do the message type and length last. | |
41 + * Note: the code to add the padding extension in t1_lib.c | |
42 + * depends on the size of this prefix. */ | |
43 d=p= &(buf[4]); | |
44 | |
45 /* version indicates the negotiated version: for example from | |
46 diff -burN android-openssl.orig/ssl/t1_lib.c android-openssl/ssl/t1_lib.c | |
47 --- android-openssl.orig/ssl/t1_lib.c 2014-04-07 17:20:18.000940737 -0700 | |
48 +++ android-openssl/ssl/t1_lib.c 2014-04-07 17:21:55.042370926 -0700 | |
49 @@ -680,6 +680,31 @@ | |
50 } | |
51 #endif | |
52 | |
53 + /* Add padding to workaround bugs in F5 terminators. | |
54 + * See https://tools.ietf.org/html/draft-agl-tls-padding-02 */ | |
55 + { | |
56 + int hlen = ret - (unsigned char *)s->init_buf->data; | |
57 + /* The code in s23_clnt.c to build ClientHello messages includes the | |
58 + * 5-byte record header in the buffer, while the code in s3_clnt.c does | |
59 + * not. */ | |
60 + if (s->state == SSL23_ST_CW_CLNT_HELLO_A) | |
61 + hlen -= 5; | |
62 + if (hlen > 0xff && hlen < 0x200) | |
63 + { | |
64 + hlen = 0x200 - hlen; | |
65 + if (hlen >= 4) | |
66 + hlen -= 4; | |
67 + else | |
68 + hlen = 0; | |
69 + | |
70 + s2n(TLSEXT_TYPE_padding, ret); | |
71 + s2n(hlen, ret); | |
72 + memset(ret, 0, hlen); | |
73 + ret += hlen; | |
74 + } | |
75 + } | |
76 + | |
77 + | |
78 if ((extdatalen = ret-p-2)== 0) | |
79 return p; | |
80 | |
81 diff -burN android-openssl.orig/ssl/tls1.h android-openssl/ssl/tls1.h | |
82 --- android-openssl.orig/ssl/tls1.h 2014-04-07 17:20:18.000940737 -0700 | |
83 +++ android-openssl/ssl/tls1.h 2014-04-07 17:21:55.042370926 -0700 | |
84 @@ -230,6 +230,12 @@ | |
85 /* ExtensionType value from RFC5620 */ | |
86 #define TLSEXT_TYPE_heartbeat 15 | |
87 | |
88 +/* ExtensionType value for TLS padding extension. | |
89 + * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-v
alues.xhtml | |
90 + * http://tools.ietf.org/html/draft-agl-tls-padding-03 | |
91 + */ | |
92 +#define TLSEXT_TYPE_padding 21 | |
93 + | |
94 /* ExtensionType value from RFC4507 */ | |
95 #define TLSEXT_TYPE_session_ticket 35 | |
96 | |
OLD | NEW |