net/third_party/nss/ssl/ssl3ext.c - Issue 62103003: NSS: add `balloon' extension to when we might hit the F5 bug.

Side by Side Diff: net/third_party/nss/ssl/ssl3ext.c

Issue 62103003: NSS: add `balloon' extension to when we might hit the F5 bug. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Addressing wtc's comments. Created 7 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 /*	1 /*

2 * SSL3 Protocol	2 * SSL3 Protocol

3 *	3 *

4 * This Source Code Form is subject to the terms of the Mozilla Public	4 * This Source Code Form is subject to the terms of the Mozilla Public

5 * License, v. 2.0. If a copy of the MPL was not distributed with this	5 * License, v. 2.0. If a copy of the MPL was not distributed with this

6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */	6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

7	7

8 /* TLS extension code moved here from ssl3ecc.c */	8 /* TLS extension code moved here from ssl3ecc.c */

9	9

10 #include "nssrenam.h"	10 #include "nssrenam.h"

(...skipping 2279 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
2290 } else if (maxBytes < extension_length) {	2290 } else if (maxBytes < extension_length) {

2291 PORT_Assert(0);	2291 PORT_Assert(0);

2292 return 0;	2292 return 0;

2293 }	2293 }

2294	2294

2295 return extension_length;	2295 return extension_length;

2296	2296

2297 loser:	2297 loser:

2298 return -1;	2298 return -1;

2299 }	2299 }

	2300

	2301 unsigned int

	2302 ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength)

	2303 {

	2304 unsigned int recordLength = 1 /* handshake message type */ +

	2305 3 /* handshake message length */ +

	2306 clientHelloLength;

	2307 unsigned int extensionLength;

	2308

	2309 if (recordLength < 256 \|\| recordLength >= 512) {

	2310 return 0;

	2311 }

	2312

	2313 extensionLength = 512 - recordLength;

	2314 /* Extensions take at least four bytes to encode. */

	2315 if (extensionLength < 4) {

	2316 extensionLength = 4;

	2317 }

	2318

	2319 return extensionLength;

	2320 }

	2321

	2322 /* ssl3_AppendPaddingExtension possibly adds an extension which ensures that a

	2323 * ClientHello record is either < 256 bytes or is >= 512 bytes. This ensures

	2324 * that we don't trigger bugs in F5 products. */

	2325 unsigned int

	2326 ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen,

	2327 PRUint32 maxBytes)

	2328 {

	2329 SECStatus rv;

	2330 unsigned int paddingLen = extensionLen - 4;

	2331 unsigned char padding[256];

	2332

	2333 if (extensionLen == 0) {

	2334 return 0;

	2335 }

	2336

	2337 if (extensionLen < 4 \|\|

	2338 extensionLen > maxBytes \|\|

	2339 paddingLen > sizeof(padding)) {

	2340 PORT_Assert(0);

	2341 return 0;

	2342 }

	2343

	2344 if (SECSuccess != ssl3_AppendHandshakeNumber(ss, ssl_padding_xtn, 2))
	wtc 2013/11/08 20:10:06 Nit: just curious why you use the SECSuccess != Fo Nit: just curious why you use the SECSuccess != Foo() form. This style isn't required in NSS. agl 2013/11/08 20:33:23 I've been reviewing code from thaidn this morning Show quoted text On 2013/11/08 20:10:06, wtc wrote: > > Nit: just curious why you use the SECSuccess != Foo() form. This style isn't > required in NSS. I've been reviewing code from thaidn this morning and he uses it a lot :)
	2345 return -1;

	2346 if (SECSuccess != ssl3_AppendHandshakeNumber(ss, paddingLen, 2))

	2347 return -1;

	2348 memset(padding, ' ', paddingLen);

	2349 if (SECSuccess != ssl3_AppendHandshake(ss, padding, paddingLen))

	2350 return -1;

	2351

	2352 return extensionLen;

	2353 }

OLD	NEW

« net/third_party/nss/ssl/ssl3con.c ('K') | « net/third_party/nss/ssl/ssl3con.c ('k') | net/third_party/nss/ssl/sslimpl.h » ('j') | net/third_party/nss/ssl/sslt.h » ('J')