Update to pad extension.

Fix padding calculation for different SSL_METHOD types. Use the standard name as used in draft-agl-tls-padding-02
2013-12-12 03:21:06 +00:00
parent 102302b05b
commit 4fcdd66fff
2 changed files with 39 additions and 20 deletions
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1472,17 +1472,30 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
 	s2n(TLSEXT_TYPE_encrypt_then_mac,ret);
 	s2n(0,ret);
 #endif
-#ifdef TLSEXT_TYPE_wtf
-	{
-	/* Work out length which would be used in the TLS record:
-	 * NB this should ALWAYS appear after all other extensions.
+#ifdef TLSEXT_TYPE_padding
+	/* Add padding to workaround bugs in F5 terminators.
+	 * See https://tools.ietf.org/html/draft-agl-tls-padding-02
+	 *
+	 * NB: because this code works out the length of all existing
+	 * extensions it MUST always appear last.
 	 */
-	int hlen = ret - (unsigned char *)s->init_buf->data - 3;
+	{
+	int hlen = ret - (unsigned char *)s->init_buf->data;
+	/* The code in s23_clnt.c to build ClientHello messages includes the
+	 * 5-byte record header in the buffer, while the code in s3_clnt.c does
+	 * not. */
+	if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
+		hlen -= 5;
 	if (hlen > 0xff && hlen < 0x200)
 		{
 		hlen = 0x200 - hlen;
-		s2n(TLSEXT_TYPE_wtf,ret);
-		s2n(hlen,ret);
+		if (hlen >= 4)
+			hlen -= 4;
+		else
+			hlen = 0;
+
+		s2n(TLSEXT_TYPE_padding, ret);
+		s2n(hlen, ret);
 		memset(ret, 0, hlen);
 		ret += hlen;
 		}