| OLD | NEW |
|---|
| (Empty) |
| 1 diff --git android-openssl.orig/ssl/d1_clnt.c android-openssl/ssl/d1_clnt.c | |
| 2 index 7e8077e..735e544 100644 | |
| 3 --- android-openssl.orig/ssl/d1_clnt.c | |
| 4 +++ android-openssl/ssl/d1_clnt.c | |
| 5 @@ -874,7 +874,7 @@ int dtls1_client_hello(SSL *s) | |
| 6 *(p++)=0; /* Add the NULL method */ | |
| 7 | |
| 8 #ifndef OPENSSL_NO_TLSEXT | |
| 9 - if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_
LENGTH)) == NULL) | |
| 10 + if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_
LENGTH, 0)) == NULL) | |
| 11 { | |
| 12 SSLerr(SSL_F_DTLS1_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); | |
| 13 goto err; | |
| 14 diff --git android-openssl.orig/ssl/s23_clnt.c android-openssl/ssl/s23_clnt.c | |
| 15 index 08ee86d..750d208 100644 | |
| 16 --- android-openssl.orig/ssl/s23_clnt.c | |
| 17 +++ android-openssl/ssl/s23_clnt.c | |
| 18 @@ -467,9 +467,9 @@ static int ssl23_client_hello(SSL *s) | |
| 19 /* create Client Hello in SSL 3.0/TLS 1.0 format */ | |
| 20 | |
| 21 /* do the record header (5 bytes) and handshake message | |
| 22 - * header (4 bytes) last. Note: the code to add the | |
| 23 - * padding extension in t1_lib.c depends on the size of | |
| 24 - * this prefix. */ | |
| 25 + * header (4 bytes) last. Note: the final argument to | |
| 26 + * ssl_add_clienthello_tlsext below depends on the size | |
| 27 + * of this prefix. */ | |
| 28 d = p = &(buf[9]); | |
| 29 | |
| 30 *(p++) = version_major; | |
| 31 @@ -526,7 +526,10 @@ static int ssl23_client_hello(SSL *s) | |
| 32 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_CLIENTHELL
O_TLSEXT); | |
| 33 return -1; | |
| 34 } | |
| 35 - if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MA
X_PLAIN_LENGTH)) == NULL) | |
| 36 + /* The buffer includes the 5 byte record header, so | |
| 37 + * subtract it to compute hlen for | |
| 38 + * ssl_add_clienthello_tlsext. */ | |
| 39 + if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MA
X_PLAIN_LENGTH, p-buf-5)) == NULL) | |
| 40 { | |
| 41 SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_E
RROR); | |
| 42 return -1; | |
| 43 diff --git android-openssl.orig/ssl/s3_clnt.c android-openssl/ssl/s3_clnt.c | |
| 44 index d1b3224..640df80 100644 | |
| 45 --- android-openssl.orig/ssl/s3_clnt.c | |
| 46 +++ android-openssl/ssl/s3_clnt.c | |
| 47 @@ -759,7 +759,7 @@ int ssl3_client_hello(SSL *s) | |
| 48 goto err; | |
| 49 | |
| 50 /* Do the message type and length last. | |
| 51 - * Note: the code to add the padding extension in t1_lib.c | |
| 52 + * Note: the final argument to ssl_add_clienthello_tlsext below | |
| 53 * depends on the size of this prefix. */ | |
| 54 d=p= &(buf[4]); | |
| 55 | |
| 56 @@ -867,7 +867,7 @@ int ssl3_client_hello(SSL *s) | |
| 57 SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT)
; | |
| 58 goto err; | |
| 59 } | |
| 60 - if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_
LENGTH)) == NULL) | |
| 61 + if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_
LENGTH, p-buf)) == NULL) | |
| 62 { | |
| 63 SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); | |
| 64 goto err; | |
| 65 diff --git android-openssl.orig/ssl/ssl_locl.h android-openssl/ssl/ssl_locl.h | |
| 66 index 4e27d9e..531a291 100644 | |
| 67 --- android-openssl.orig/ssl/ssl_locl.h | |
| 68 +++ android-openssl/ssl/ssl_locl.h | |
| 69 @@ -1127,7 +1127,7 @@ int tls1_ec_nid2curve_id(int nid); | |
| 70 #endif /* OPENSSL_NO_EC */ | |
| 71 | |
| 72 #ifndef OPENSSL_NO_TLSEXT | |
| 73 -unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned
char *limit); | |
| 74 +unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned
char *limit, size_t header_len); | |
| 75 unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned
char *limit); | |
| 76 int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d
, int n, int *al); | |
| 77 int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d
, int n, int *al); | |
| 78 diff --git android-openssl.orig/ssl/t1_lib.c android-openssl/ssl/t1_lib.c | |
| 79 index a53d56b..3fe6612 100644 | |
| 80 --- android-openssl.orig/ssl/t1_lib.c | |
| 81 +++ android-openssl/ssl/t1_lib.c | |
| 82 @@ -341,7 +341,10 @@ int tls12_get_req_sig_algs(SSL *s, unsigned char *p) | |
| 83 return (int)slen; | |
| 84 } | |
| 85 | |
| 86 -unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned
char *limit) | |
| 87 +/* header_len is the length of the ClientHello header written so far, used to | |
| 88 + * compute padding. It does not include the record header. Pass 0 if no padding | |
| 89 + * is to be done. */ | |
| 90 +unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned
char *limit, size_t header_len) | |
| 91 { | |
| 92 int extdatalen=0; | |
| 93 unsigned char *orig = buf; | |
| 94 @@ -664,27 +667,25 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned
char *buf, unsigned c | |
| 95 | |
| 96 /* Add padding to workaround bugs in F5 terminators. | |
| 97 * See https://tools.ietf.org/html/draft-agl-tls-padding-02 */ | |
| 98 - { | |
| 99 - int hlen = ret - (unsigned char *)s->init_buf->data; | |
| 100 - /* The code in s23_clnt.c to build ClientHello messages includes the | |
| 101 - * 5-byte record header in the buffer, while the code in s3_clnt.c does | |
| 102 - * not. */ | |
| 103 - if (s->state == SSL23_ST_CW_CLNT_HELLO_A) | |
| 104 - hlen -= 5; | |
| 105 - if (hlen > 0xff && hlen < 0x200) | |
| 106 + if (header_len > 0) | |
| 107 { | |
| 108 - hlen = 0x200 - hlen; | |
| 109 - if (hlen >= 4) | |
| 110 - hlen -= 4; | |
| 111 - else | |
| 112 - hlen = 0; | |
| 113 + header_len += ret - orig; | |
| 114 + if (header_len > 0xff && header_len < 0x200) | |
| 115 + { | |
| 116 + size_t padding_len = 0x200 - header_len; | |
| 117 + if (padding_len >= 4) | |
| 118 + padding_len -= 4; | |
| 119 + else | |
| 120 + padding_len = 0; | |
| 121 + if (limit - ret - 4 - (long)padding_len < 0) | |
| 122 + return NULL; | |
| 123 | |
| 124 - s2n(TLSEXT_TYPE_padding, ret); | |
| 125 - s2n(hlen, ret); | |
| 126 - memset(ret, 0, hlen); | |
| 127 - ret += hlen; | |
| 128 + s2n(TLSEXT_TYPE_padding, ret); | |
| 129 + s2n(padding_len, ret); | |
| 130 + memset(ret, 0, padding_len); | |
| 131 + ret += padding_len; | |
| 132 + } | |
| 133 } | |
| 134 - } | |
| 135 | |
| 136 | |
| 137 if ((extdatalen = ret-orig-2)== 0) | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2072073002:
Delete bundled copy of OpenSSL and replace with README. (Closed)
Base URL: https://chromium.googlesource.com/chromium/deps/openssl@master