Index: net/third_party/nss/ssl/ssl3ext.c |
diff --git a/net/third_party/nss/ssl/ssl3ext.c b/net/third_party/nss/ssl/ssl3ext.c |
index 04157701e9028e670098fa47469960ffc05513c9..a596c37c8935bcfe3ec82bb86a93a6b76455cf86 100644 |
--- a/net/third_party/nss/ssl/ssl3ext.c |
+++ b/net/third_party/nss/ssl/ssl3ext.c |
@@ -2297,3 +2297,54 @@ ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) |
loser: |
return -1; |
} |
+ |
+PRInt32 |
+ssl3_CalculateBalloonExtensionLength(int clientHelloLength) |
+{ |
+ int recordLength = clientHelloLength + |
wtc
2013/11/06 21:51:58
Nit: is this the record length or the handshake me
wtc
2013/11/06 22:17:30
You are right. This is the record length. (The han
|
+ 1 /* handshake message type */ + |
+ 3 /* handshake message length */; |
wtc
2013/11/06 21:51:58
Nit: list them in the order of 1 + 3 + clientHello
agl
2013/11/08 19:39:17
Done.
|
+ |
+ if (recordLength < 256 || recordLength >= 512) { |
+ return 0; |
+ } |
+ |
+ return 512 - recordLength; |
wtc
2013/11/06 23:33:20
IMPORTANT: we also need to make sure this is at le
agl
2013/11/08 19:39:17
Good catch, thanks!
|
+} |
+ |
+/* ssl3_AppendBalloonExtension possibly adds an extension which ensures that a |
+ * ClientHello record is either < 256 bytes or is >= 512 bytes. This ensures |
wtc
2013/11/06 21:51:58
Nit: record or handshake message?
wtc
2013/11/06 22:17:30
Please ignore this comment.
|
+ * that we don't trigger bugs in F5 products. */ |
+PRInt32 |
+ssl3_AppendBalloonExtension(sslSocket *ss, int extensionLen, PRUint32 maxBytes) |
wtc
2013/11/06 23:33:20
Nit: extensionLen probably should be an unsigned i
agl
2013/11/08 19:39:17
Done.
|
+{ |
+ SECStatus rv; |
+ PRInt32 paddingLen = extensionLen - 4; |
wtc
2013/11/06 23:33:20
Should assert extensionLen == 0 || extensionLen >=
agl
2013/11/08 19:39:17
Done.
|
+ unsigned char *padding; |
+ |
+ if (extensionLen == 0) { |
+ return 0; |
+ } |
+ |
+ if (extensionLen > maxBytes) { |
+ PORT_Assert(0); |
+ return 0; |
+ } |
+ |
+ rv = ssl3_AppendHandshakeNumber(ss, ssl_balloon_xtn, 2); |
+ if (rv != SECSuccess) |
+ return -1; |
+ rv = ssl3_AppendHandshakeNumber(ss, paddingLen, 2); |
+ if (rv != SECSuccess) |
+ return -1; |
+ padding = PORT_Alloc(paddingLen); |
wtc
2013/11/06 21:51:58
Since paddingLen is at most 256, we can use a stac
agl
2013/11/08 19:39:17
Done.
|
+ if (!padding) |
+ return -1; |
+ memset(padding, ' ', paddingLen); |
+ rv = ssl3_AppendHandshake(ss, padding, paddingLen); |
+ PORT_Free(padding); |
+ if (rv != SECSuccess) |
+ return -1; |
+ |
+ return extensionLen; |
+} |