net/third_party/nss/patches/balloonextension.patch - Issue 62103003: NSS: add `balloon' extension to when we might hit the F5 bug.

Side by Side Diff: net/third_party/nss/patches/balloonextension.patch

Issue 62103003: NSS: add `balloon' extension to when we might hit the F5 bug. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 7 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
(Empty)
	1 diff --git a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c

	2 index 8b8b758..f5b973b 100644

	3 --- a/nss/lib/ssl/ssl3con.c

	4 +++ b/nss/lib/ssl/ssl3con.c

	5 @@ -4974,7 +4974,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)

	6 int actual_count = 0;

	7 PRBool isTLS = PR_FALSE;

	8 PRBool requestingResume = PR_FALSE;

	9 - PRInt32 total_exten_len = 0;

	10 + PRInt32 total_exten_len = 0, balloonExtensionLen;

	11 unsigned numCompressionMethods;

	12 PRInt32 flags;

	13

	14 @@ -5241,6 +5241,10 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)

	15 length += 1 + ss->ssl3.hs.cookieLen;

	16 }

	17

	18 + balloonExtensionLen = ssl3_CalculateBalloonExtensionLength(length);

	19 + total_exten_len += balloonExtensionLen;

	20 + length += balloonExtensionLen;

	21 +

	22 rv = ssl3_AppendHandshakeHeader(ss, client_hello, length);

	23 if (rv != SECSuccess) {

	24 return rv; /* err set by ssl3_AppendHandshake* */

	25 @@ -5360,6 +5364,13 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)

	26 return SECFailure;

	27 }

	28 maxBytes -= extLen;

	29 +

	30 + extLen = ssl3_AppendBalloonExtension(ss, balloonExtensionLen, maxBytes);

	31 + if (extLen < 0) {

	32 + return SECFailure;

	33 + }

	34 + maxBytes -= extLen;

	35 +

	36 PORT_Assert(!maxBytes);

	37 }

	38 if (ss->ssl3.hs.sendingSCSV) {

	39 diff --git a/nss/lib/ssl/ssl3ext.c b/nss/lib/ssl/ssl3ext.c

	40 index 0415770..a596c37 100644

	41 --- a/nss/lib/ssl/ssl3ext.c

	42 +++ b/nss/lib/ssl/ssl3ext.c

	43 @@ -2297,3 +2297,54 @@ ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)

	44 loser:

	45 return -1;

	46 }

	47 +

	48 +PRInt32

	49 +ssl3_CalculateBalloonExtensionLength(int clientHelloLength)

	50 +{

	51 + int recordLength = clientHelloLength +

	52 + 1 /* handshake message type */ +

	53 + 3 /* handshake message length */;

	54 +

	55 + if (recordLength < 256 \|\| recordLength >= 512) {

	56 + return 0;

	57 + }

	58 +

	59 + return 512 - recordLength;

	60 +}

	61 +

	62 +/* ssl3_AppendBalloonExtension possibly adds an extension which ensures that a

	63 + * ClientHello record is either < 256 bytes or is >= 512 bytes. This ensures

	64 + * that we don't trigger bugs in F5 products. */

	65 +PRInt32

	66 +ssl3_AppendBalloonExtension(sslSocket *ss, int extensionLen, PRUint32 maxBytes)

	67 +{

	68 + SECStatus rv;

	69 + PRInt32 paddingLen = extensionLen - 4;

	70 + unsigned char *padding;

	71 +

	72 + if (extensionLen == 0) {

	73 + return 0;

	74 + }

	75 +

	76 + if (extensionLen > maxBytes) {

	77 + PORT_Assert(0);

	78 + return 0;

	79 + }

	80 +

	81 + rv = ssl3_AppendHandshakeNumber(ss, ssl_balloon_xtn, 2);

	82 + if (rv != SECSuccess)

	83 + return -1;

	84 + rv = ssl3_AppendHandshakeNumber(ss, paddingLen, 2);

	85 + if (rv != SECSuccess)

	86 + return -1;

	87 + padding = PORT_Alloc(paddingLen);

	88 + if (!padding)

	89 + return -1;

	90 + memset(padding, ' ', paddingLen);

	91 + rv = ssl3_AppendHandshake(ss, padding, paddingLen);

	92 + PORT_Free(padding);

	93 + if (rv != SECSuccess)

	94 + return -1;

	95 +

	96 + return extensionLen;

	97 +}

	98 diff --git a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h

	99 index 614eed1..0fa5087 100644

	100 --- a/nss/lib/ssl/sslimpl.h

	101 +++ b/nss/lib/ssl/sslimpl.h

	102 @@ -237,6 +237,12 @@ extern PRInt32

	103 ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes,

	104 const ssl3HelloExtensionSender *sender);

	105

	106 +extern PRInt32

	107 +ssl3_CalculateBalloonExtensionLength(int clientHelloLength);

	108 +

	109 +extern PRInt32

	110 +ssl3_AppendBalloonExtension(sslSocket *ss, int extensionLen, PRUint32 maxBytes) ;

	111 +

	112 /* Socket ops */

	113 struct sslSocketOpsStr {

	114 int (connect) (sslSocket , const PRNetAddr *);

	115 diff --git a/nss/lib/ssl/sslt.h b/nss/lib/ssl/sslt.h

	116 index a8007d8..542afd7 100644

	117 --- a/nss/lib/ssl/sslt.h

	118 +++ b/nss/lib/ssl/sslt.h

	119 @@ -205,9 +205,10 @@ typedef enum {

	120 ssl_session_ticket_xtn = 35,

	121 ssl_next_proto_nego_xtn = 13172,

	122 ssl_channel_id_xtn = 30031,

	123 + ssl_balloon_xtn = 35655,

	124 ssl_renegotiation_info_xtn = 0xff01 /* experimental number */

	125 } SSLExtensionType;

	126

	127 -#define SSL_MAX_EXTENSIONS 11

	128 +#define SSL_MAX_EXTENSIONS 11 /* doesn't include ssl_balloon_xtn. * /

	129

	130 #endif /* __sslt_h_ */

OLD	NEW

« net/third_party/nss/README.chromium ('K') | « net/third_party/nss/patches/applypatches.sh ('k') | net/third_party/nss/ssl/ssl3con.c » ('j') | net/third_party/nss/ssl/ssl3con.c » ('J')