OLD | NEW |
1 /* | 1 /* |
2 * SSL3 Protocol | 2 * SSL3 Protocol |
3 * | 3 * |
4 * This Source Code Form is subject to the terms of the Mozilla Public | 4 * This Source Code Form is subject to the terms of the Mozilla Public |
5 * License, v. 2.0. If a copy of the MPL was not distributed with this | 5 * License, v. 2.0. If a copy of the MPL was not distributed with this |
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
7 | 7 |
8 /* TLS extension code moved here from ssl3ecc.c */ | 8 /* TLS extension code moved here from ssl3ecc.c */ |
9 | 9 |
10 #include "nssrenam.h" | 10 #include "nssrenam.h" |
(...skipping 2288 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2299 } | 2299 } |
2300 | 2300 |
2301 unsigned int | 2301 unsigned int |
2302 ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength) | 2302 ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength) |
2303 { | 2303 { |
2304 unsigned int recordLength = 1 /* handshake message type */ + | 2304 unsigned int recordLength = 1 /* handshake message type */ + |
2305 3 /* handshake message length */ + | 2305 3 /* handshake message length */ + |
2306 clientHelloLength; | 2306 clientHelloLength; |
2307 unsigned int extensionLength; | 2307 unsigned int extensionLength; |
2308 | 2308 |
2309 if (recordLength < 256 || recordLength >= 512) { | 2309 /* This condition should be: |
| 2310 * if (recordLength < 256 || recordLength >= 512) { |
| 2311 * It has been changed, temporarily, to test whether 512 byte ClientHellos |
| 2312 * are a compatibility problem. */ |
| 2313 if (recordLength >= 512) { |
2310 return 0; | 2314 return 0; |
2311 } | 2315 } |
2312 | 2316 |
2313 extensionLength = 512 - recordLength; | 2317 extensionLength = 512 - recordLength; |
2314 /* Extensions take at least four bytes to encode. */ | 2318 /* Extensions take at least four bytes to encode. */ |
2315 if (extensionLength < 4) { | 2319 if (extensionLength < 4) { |
2316 extensionLength = 4; | 2320 extensionLength = 4; |
2317 } | 2321 } |
2318 | 2322 |
2319 return extensionLength; | 2323 return extensionLength; |
2320 } | 2324 } |
2321 | 2325 |
2322 /* ssl3_AppendPaddingExtension possibly adds an extension which ensures that a | 2326 /* ssl3_AppendPaddingExtension possibly adds an extension which ensures that a |
2323 * ClientHello record is either < 256 bytes or is >= 512 bytes. This ensures | 2327 * ClientHello record is either < 256 bytes or is >= 512 bytes. This ensures |
2324 * that we don't trigger bugs in F5 products. */ | 2328 * that we don't trigger bugs in F5 products. */ |
2325 PRInt32 | 2329 PRInt32 |
2326 ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen, | 2330 ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen, |
2327 PRUint32 maxBytes) | 2331 PRUint32 maxBytes) |
2328 { | 2332 { |
2329 unsigned int paddingLen = extensionLen - 4; | 2333 unsigned int paddingLen = extensionLen - 4; |
2330 unsigned char padding[256]; | 2334 unsigned char padding[512]; |
2331 | 2335 |
2332 if (extensionLen == 0) { | 2336 if (extensionLen == 0) { |
2333 return 0; | 2337 return 0; |
2334 } | 2338 } |
2335 | 2339 |
2336 if (extensionLen < 4 || | 2340 if (extensionLen < 4 || |
2337 extensionLen > maxBytes || | 2341 extensionLen > maxBytes || |
2338 paddingLen > sizeof(padding)) { | 2342 paddingLen > sizeof(padding)) { |
2339 PORT_Assert(0); | 2343 PORT_Assert(0); |
2340 return -1; | 2344 return -1; |
2341 } | 2345 } |
2342 | 2346 |
2343 if (SECSuccess != ssl3_AppendHandshakeNumber(ss, ssl_padding_xtn, 2)) | 2347 if (SECSuccess != ssl3_AppendHandshakeNumber(ss, ssl_padding_xtn, 2)) |
2344 return -1; | 2348 return -1; |
2345 if (SECSuccess != ssl3_AppendHandshakeNumber(ss, paddingLen, 2)) | 2349 if (SECSuccess != ssl3_AppendHandshakeNumber(ss, paddingLen, 2)) |
2346 return -1; | 2350 return -1; |
2347 memset(padding, ' ', paddingLen); | 2351 memset(padding, ' ', paddingLen); |
2348 if (SECSuccess != ssl3_AppendHandshake(ss, padding, paddingLen)) | 2352 if (SECSuccess != ssl3_AppendHandshake(ss, padding, paddingLen)) |
2349 return -1; | 2353 return -1; |
2350 | 2354 |
2351 return extensionLen; | 2355 return extensionLen; |
2352 } | 2356 } |
OLD | NEW |