OLD | NEW |
(Empty) | |
| 1 diff --git a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c |
| 2 index 8b8b758..f5b973b 100644 |
| 3 --- a/nss/lib/ssl/ssl3con.c |
| 4 +++ b/nss/lib/ssl/ssl3con.c |
| 5 @@ -4974,7 +4974,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) |
| 6 int actual_count = 0; |
| 7 PRBool isTLS = PR_FALSE; |
| 8 PRBool requestingResume = PR_FALSE; |
| 9 - PRInt32 total_exten_len = 0; |
| 10 + PRInt32 total_exten_len = 0, balloonExtensionLen; |
| 11 unsigned numCompressionMethods; |
| 12 PRInt32 flags; |
| 13 |
| 14 @@ -5241,6 +5241,10 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) |
| 15 length += 1 + ss->ssl3.hs.cookieLen; |
| 16 } |
| 17 |
| 18 + balloonExtensionLen = ssl3_CalculateBalloonExtensionLength(length); |
| 19 + total_exten_len += balloonExtensionLen; |
| 20 + length += balloonExtensionLen; |
| 21 + |
| 22 rv = ssl3_AppendHandshakeHeader(ss, client_hello, length); |
| 23 if (rv != SECSuccess) { |
| 24 return rv; /* err set by ssl3_AppendHandshake* */ |
| 25 @@ -5360,6 +5364,13 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) |
| 26 return SECFailure; |
| 27 } |
| 28 maxBytes -= extLen; |
| 29 + |
| 30 + extLen = ssl3_AppendBalloonExtension(ss, balloonExtensionLen, maxBytes); |
| 31 + if (extLen < 0) { |
| 32 + return SECFailure; |
| 33 + } |
| 34 + maxBytes -= extLen; |
| 35 + |
| 36 PORT_Assert(!maxBytes); |
| 37 } |
| 38 if (ss->ssl3.hs.sendingSCSV) { |
| 39 diff --git a/nss/lib/ssl/ssl3ext.c b/nss/lib/ssl/ssl3ext.c |
| 40 index 0415770..a596c37 100644 |
| 41 --- a/nss/lib/ssl/ssl3ext.c |
| 42 +++ b/nss/lib/ssl/ssl3ext.c |
| 43 @@ -2297,3 +2297,54 @@ ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append,
PRUint32 maxBytes) |
| 44 loser: |
| 45 return -1; |
| 46 } |
| 47 + |
| 48 +PRInt32 |
| 49 +ssl3_CalculateBalloonExtensionLength(int clientHelloLength) |
| 50 +{ |
| 51 + int recordLength = clientHelloLength + |
| 52 + 1 /* handshake message type */ + |
| 53 + 3 /* handshake message length */; |
| 54 + |
| 55 + if (recordLength < 256 || recordLength >= 512) { |
| 56 + return 0; |
| 57 + } |
| 58 + |
| 59 + return 512 - recordLength; |
| 60 +} |
| 61 + |
| 62 +/* ssl3_AppendBalloonExtension possibly adds an extension which ensures that a |
| 63 + * ClientHello record is either < 256 bytes or is >= 512 bytes. This ensures |
| 64 + * that we don't trigger bugs in F5 products. */ |
| 65 +PRInt32 |
| 66 +ssl3_AppendBalloonExtension(sslSocket *ss, int extensionLen, PRUint32 maxBytes) |
| 67 +{ |
| 68 + SECStatus rv; |
| 69 + PRInt32 paddingLen = extensionLen - 4; |
| 70 + unsigned char *padding; |
| 71 + |
| 72 + if (extensionLen == 0) { |
| 73 + return 0; |
| 74 + } |
| 75 + |
| 76 + if (extensionLen > maxBytes) { |
| 77 + PORT_Assert(0); |
| 78 + return 0; |
| 79 + } |
| 80 + |
| 81 + rv = ssl3_AppendHandshakeNumber(ss, ssl_balloon_xtn, 2); |
| 82 + if (rv != SECSuccess) |
| 83 + return -1; |
| 84 + rv = ssl3_AppendHandshakeNumber(ss, paddingLen, 2); |
| 85 + if (rv != SECSuccess) |
| 86 + return -1; |
| 87 + padding = PORT_Alloc(paddingLen); |
| 88 + if (!padding) |
| 89 + return -1; |
| 90 + memset(padding, ' ', paddingLen); |
| 91 + rv = ssl3_AppendHandshake(ss, padding, paddingLen); |
| 92 + PORT_Free(padding); |
| 93 + if (rv != SECSuccess) |
| 94 + return -1; |
| 95 + |
| 96 + return extensionLen; |
| 97 +} |
| 98 diff --git a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h |
| 99 index 614eed1..0fa5087 100644 |
| 100 --- a/nss/lib/ssl/sslimpl.h |
| 101 +++ b/nss/lib/ssl/sslimpl.h |
| 102 @@ -237,6 +237,12 @@ extern PRInt32 |
| 103 ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes, |
| 104 const ssl3HelloExtensionSender *sender); |
| 105 |
| 106 +extern PRInt32 |
| 107 +ssl3_CalculateBalloonExtensionLength(int clientHelloLength); |
| 108 + |
| 109 +extern PRInt32 |
| 110 +ssl3_AppendBalloonExtension(sslSocket *ss, int extensionLen, PRUint32 maxBytes)
; |
| 111 + |
| 112 /* Socket ops */ |
| 113 struct sslSocketOpsStr { |
| 114 int (*connect) (sslSocket *, const PRNetAddr *); |
| 115 diff --git a/nss/lib/ssl/sslt.h b/nss/lib/ssl/sslt.h |
| 116 index a8007d8..542afd7 100644 |
| 117 --- a/nss/lib/ssl/sslt.h |
| 118 +++ b/nss/lib/ssl/sslt.h |
| 119 @@ -205,9 +205,10 @@ typedef enum { |
| 120 ssl_session_ticket_xtn = 35, |
| 121 ssl_next_proto_nego_xtn = 13172, |
| 122 ssl_channel_id_xtn = 30031, |
| 123 + ssl_balloon_xtn = 35655, |
| 124 ssl_renegotiation_info_xtn = 0xff01 /* experimental number */ |
| 125 } SSLExtensionType; |
| 126 |
| 127 -#define SSL_MAX_EXTENSIONS 11 |
| 128 +#define SSL_MAX_EXTENSIONS 11 /* doesn't include ssl_balloon_xtn. *
/ |
| 129 |
| 130 #endif /* __sslt_h_ */ |
OLD | NEW |