Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2155)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/third_party/nss/ssl/ssl3ext.c

Issue 62103003: NSS: add `balloon' extension to when we might hit the F5 bug. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Addressing wtc's comments. Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/third_party/nss/ssl/ssl3con.c ('K') | « net/third_party/nss/ssl/ssl3con.c ('k') | net/third_party/nss/ssl/sslimpl.h » ('j') | net/third_party/nss/ssl/sslt.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/third_party/nss/ssl/ssl3ext.c
diff --git a/net/third_party/nss/ssl/ssl3ext.c b/net/third_party/nss/ssl/ssl3ext.c
index 04157701e9028e670098fa47469960ffc05513c9..4fe953302771766bdcdd272e2bfb4e29dcaab715 100644
--- a/net/third_party/nss/ssl/ssl3ext.c
+++ b/net/third_party/nss/ssl/ssl3ext.c
@@ -2297,3 +2297,57 @@ ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
loser:
return -1;
}
+
+unsigned int
+ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength)
+{
+ unsigned int recordLength = 1 /* handshake message type */ +
+ 3 /* handshake message length */ +
+ clientHelloLength;
+ unsigned int extensionLength;
+
+ if (recordLength < 256 || recordLength >= 512) {
+ return 0;
+ }
+
+ extensionLength = 512 - recordLength;
+ /* Extensions take at least four bytes to encode. */
+ if (extensionLength < 4) {
+ extensionLength = 4;
+ }
+
+ return extensionLength;
+}
+
+/* ssl3_AppendPaddingExtension possibly adds an extension which ensures that a
+ * ClientHello record is either < 256 bytes or is >= 512 bytes. This ensures
+ * that we don't trigger bugs in F5 products. */
+unsigned int
+ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen,
+ PRUint32 maxBytes)
+{
+ SECStatus rv;
+ unsigned int paddingLen = extensionLen - 4;
+ unsigned char padding[256];
+
+ if (extensionLen == 0) {
+ return 0;
+ }
+
+ if (extensionLen < 4 ||
+ extensionLen > maxBytes ||
+ paddingLen > sizeof(padding)) {
+ PORT_Assert(0);
+ return 0;
+ }
+
+ if (SECSuccess != ssl3_AppendHandshakeNumber(ss, ssl_padding_xtn, 2))
wtc 2013/11/08 20:10:06 Nit: just curious why you use the SECSuccess != Fo
agl 2013/11/08 20:33:23 I've been reviewing code from thaidn this morning
+ return -1;
+ if (SECSuccess != ssl3_AppendHandshakeNumber(ss, paddingLen, 2))
+ return -1;
+ memset(padding, ' ', paddingLen);
+ if (SECSuccess != ssl3_AppendHandshake(ss, padding, paddingLen))
+ return -1;
+
+ return extensionLen;
+}
« net/third_party/nss/ssl/ssl3con.c ('K') | « net/third_party/nss/ssl/ssl3con.c ('k') | net/third_party/nss/ssl/sslimpl.h » ('j') | net/third_party/nss/ssl/sslt.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698