OLD | NEW |
---|---|
1 /* | 1 /* |
2 * SSL3 Protocol | 2 * SSL3 Protocol |
3 * | 3 * |
4 * This Source Code Form is subject to the terms of the Mozilla Public | 4 * This Source Code Form is subject to the terms of the Mozilla Public |
5 * License, v. 2.0. If a copy of the MPL was not distributed with this | 5 * License, v. 2.0. If a copy of the MPL was not distributed with this |
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
7 | 7 |
8 /* TLS extension code moved here from ssl3ecc.c */ | 8 /* TLS extension code moved here from ssl3ecc.c */ |
9 | 9 |
10 #include "nssrenam.h" | 10 #include "nssrenam.h" |
(...skipping 2279 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2290 } else if (maxBytes < extension_length) { | 2290 } else if (maxBytes < extension_length) { |
2291 PORT_Assert(0); | 2291 PORT_Assert(0); |
2292 return 0; | 2292 return 0; |
2293 } | 2293 } |
2294 | 2294 |
2295 return extension_length; | 2295 return extension_length; |
2296 | 2296 |
2297 loser: | 2297 loser: |
2298 return -1; | 2298 return -1; |
2299 } | 2299 } |
2300 | |
2301 unsigned int | |
2302 ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength) | |
2303 { | |
2304 unsigned int recordLength = 1 /* handshake message type */ + | |
2305 3 /* handshake message length */ + | |
2306 clientHelloLength; | |
2307 unsigned int extensionLength; | |
2308 | |
2309 if (recordLength < 256 || recordLength >= 512) { | |
2310 return 0; | |
2311 } | |
2312 | |
2313 extensionLength = 512 - recordLength; | |
2314 /* Extensions take at least four bytes to encode. */ | |
2315 if (extensionLength < 4) { | |
2316 extensionLength = 4; | |
2317 } | |
2318 | |
2319 return extensionLength; | |
2320 } | |
2321 | |
2322 /* ssl3_AppendPaddingExtension possibly adds an extension which ensures that a | |
2323 * ClientHello record is either < 256 bytes or is >= 512 bytes. This ensures | |
2324 * that we don't trigger bugs in F5 products. */ | |
2325 unsigned int | |
2326 ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen, | |
2327 PRUint32 maxBytes) | |
2328 { | |
2329 SECStatus rv; | |
2330 unsigned int paddingLen = extensionLen - 4; | |
2331 unsigned char padding[256]; | |
2332 | |
2333 if (extensionLen == 0) { | |
2334 return 0; | |
2335 } | |
2336 | |
2337 if (extensionLen < 4 || | |
2338 extensionLen > maxBytes || | |
2339 paddingLen > sizeof(padding)) { | |
2340 PORT_Assert(0); | |
2341 return 0; | |
2342 } | |
2343 | |
2344 if (SECSuccess != ssl3_AppendHandshakeNumber(ss, ssl_padding_xtn, 2)) | |
wtc
2013/11/08 20:10:06
Nit: just curious why you use the SECSuccess != Fo
agl
2013/11/08 20:33:23
I've been reviewing code from thaidn this morning
| |
2345 return -1; | |
2346 if (SECSuccess != ssl3_AppendHandshakeNumber(ss, paddingLen, 2)) | |
2347 return -1; | |
2348 memset(padding, ' ', paddingLen); | |
2349 if (SECSuccess != ssl3_AppendHandshake(ss, padding, paddingLen)) | |
2350 return -1; | |
2351 | |
2352 return extensionLen; | |
2353 } | |
OLD | NEW |