OLD | NEW |
---|---|
1 /* | 1 /* |
2 * SSL3 Protocol | 2 * SSL3 Protocol |
3 * | 3 * |
4 * This Source Code Form is subject to the terms of the Mozilla Public | 4 * This Source Code Form is subject to the terms of the Mozilla Public |
5 * License, v. 2.0. If a copy of the MPL was not distributed with this | 5 * License, v. 2.0. If a copy of the MPL was not distributed with this |
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
7 | 7 |
8 /* TLS extension code moved here from ssl3ecc.c */ | 8 /* TLS extension code moved here from ssl3ecc.c */ |
9 | 9 |
10 #include "nssrenam.h" | 10 #include "nssrenam.h" |
(...skipping 2279 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2290 } else if (maxBytes < extension_length) { | 2290 } else if (maxBytes < extension_length) { |
2291 PORT_Assert(0); | 2291 PORT_Assert(0); |
2292 return 0; | 2292 return 0; |
2293 } | 2293 } |
2294 | 2294 |
2295 return extension_length; | 2295 return extension_length; |
2296 | 2296 |
2297 loser: | 2297 loser: |
2298 return -1; | 2298 return -1; |
2299 } | 2299 } |
2300 | |
2301 PRInt32 | |
2302 ssl3_CalculateBalloonExtensionLength(int clientHelloLength) | |
2303 { | |
2304 int recordLength = clientHelloLength + | |
wtc
2013/11/06 21:51:58
Nit: is this the record length or the handshake me
wtc
2013/11/06 22:17:30
You are right. This is the record length. (The han
| |
2305 1 /* handshake message type */ + | |
2306 3 /* handshake message length */; | |
wtc
2013/11/06 21:51:58
Nit: list them in the order of 1 + 3 + clientHello
agl
2013/11/08 19:39:17
Done.
| |
2307 | |
2308 if (recordLength < 256 || recordLength >= 512) { | |
2309 return 0; | |
2310 } | |
2311 | |
2312 return 512 - recordLength; | |
wtc
2013/11/06 23:33:20
IMPORTANT: we also need to make sure this is at le
agl
2013/11/08 19:39:17
Good catch, thanks!
| |
2313 } | |
2314 | |
2315 /* ssl3_AppendBalloonExtension possibly adds an extension which ensures that a | |
2316 * ClientHello record is either < 256 bytes or is >= 512 bytes. This ensures | |
wtc
2013/11/06 21:51:58
Nit: record or handshake message?
wtc
2013/11/06 22:17:30
Please ignore this comment.
| |
2317 * that we don't trigger bugs in F5 products. */ | |
2318 PRInt32 | |
2319 ssl3_AppendBalloonExtension(sslSocket *ss, int extensionLen, PRUint32 maxBytes) | |
wtc
2013/11/06 23:33:20
Nit: extensionLen probably should be an unsigned i
agl
2013/11/08 19:39:17
Done.
| |
2320 { | |
2321 SECStatus rv; | |
2322 PRInt32 paddingLen = extensionLen - 4; | |
wtc
2013/11/06 23:33:20
Should assert extensionLen == 0 || extensionLen >=
agl
2013/11/08 19:39:17
Done.
| |
2323 unsigned char *padding; | |
2324 | |
2325 if (extensionLen == 0) { | |
2326 return 0; | |
2327 } | |
2328 | |
2329 if (extensionLen > maxBytes) { | |
2330 PORT_Assert(0); | |
2331 return 0; | |
2332 } | |
2333 | |
2334 rv = ssl3_AppendHandshakeNumber(ss, ssl_balloon_xtn, 2); | |
2335 if (rv != SECSuccess) | |
2336 return -1; | |
2337 rv = ssl3_AppendHandshakeNumber(ss, paddingLen, 2); | |
2338 if (rv != SECSuccess) | |
2339 return -1; | |
2340 padding = PORT_Alloc(paddingLen); | |
wtc
2013/11/06 21:51:58
Since paddingLen is at most 256, we can use a stac
agl
2013/11/08 19:39:17
Done.
| |
2341 if (!padding) | |
2342 return -1; | |
2343 memset(padding, ' ', paddingLen); | |
2344 rv = ssl3_AppendHandshake(ss, padding, paddingLen); | |
2345 PORT_Free(padding); | |
2346 if (rv != SECSuccess) | |
2347 return -1; | |
2348 | |
2349 return extensionLen; | |
2350 } | |
OLD | NEW |