diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2013-12-13 14:41:32 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2014-02-05 15:42:04 +0000 |
| commit | 4a55631e4dc76fb8d668218bf461c45a9abc5b94 (patch) | |
| tree | 156d2afe798d188d046b120ea58689448d4c0a7e | |
| parent | 19a68574a9d1f59c355385a1b64cbd443bf49e00 (diff) | |
| download | openssl-new-4a55631e4dc76fb8d668218bf461c45a9abc5b94.tar.gz | |
Backport TLS padding extension from master.
(cherry picked from commit 8c6d8c2a498146992123ef5407d7ba01a1e7224d)
Conflicts:
CHANGES
ssl/t1_lib.c
| -rw-r--r-- | CHANGES | 19 | ||||
| -rw-r--r-- | ssl/t1_lib.c | 30 |
2 files changed, 48 insertions, 1 deletions
@@ -4,7 +4,24 @@ Changes between 1.0.1f and 1.0.1g [xx XXX xxxx] - *) + *) TLS pad extension: draft-agl-tls-padding-02 + + Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the + TLS client Hello record length value would otherwise be > 255 and + less that 512 pad with a dummy extension containing zeroes so it + is at least 512 bytes long. + + To enable it use an unused extension number (for example chrome uses + 35655) using: + + e.g. -DTLSEXT_TYPE_padding=35655 + + Since the extension is ignored the actual number doesn't matter as long + as it doesn't clash with any existing extension. + + This will be updated when the extension gets an official number. + + [Adam Langley, Steve Henson] Changes between 1.0.1e and 1.0.1f [6 Jan 2014] diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index e22ebbff85..29ccd833ec 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -662,6 +662,36 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha } #endif +#ifdef TLSEXT_TYPE_padding + /* Add padding to workaround bugs in F5 terminators. + * See https://tools.ietf.org/html/draft-agl-tls-padding-02 + * + * NB: because this code works out the length of all existing + * extensions it MUST always appear last. + */ + { + int hlen = ret - (unsigned char *)s->init_buf->data; + /* The code in s23_clnt.c to build ClientHello messages includes the + * 5-byte record header in the buffer, while the code in s3_clnt.c does + * not. */ + if (s->state == SSL23_ST_CW_CLNT_HELLO_A) + hlen -= 5; + if (hlen > 0xff && hlen < 0x200) + { + hlen = 0x200 - hlen; + if (hlen >= 4) + hlen -= 4; + else + hlen = 0; + + s2n(TLSEXT_TYPE_padding, ret); + s2n(hlen, ret); + memset(ret, 0, hlen); + ret += hlen; + } + } +#endif + if ((extdatalen = ret-p-2)== 0) return p; |