generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update to pad extension.

Browse Source 
Fix padding calculation for different SSL_METHOD types. Use the
standard name as used in draft-agl-tls-padding-02
This commit is contained in:
Dr. Stephen Henson 2013-12-12 03:21:06 +00:00
parent 102302b05b
commit 4fcdd66fff
2 changed files with 39 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
CHANGES
View File

@ -4,19 +4,6 @@
Changes between 1.0.2 and 1.1.0 [xx XXX xxxx] Changes between 1.0.2 and 1.1.0 [xx XXX xxxx]
*) Experimental workaround TLS filler (WTF) extension. Based on a suggested
workaround for the "TLS hang bug" (see FAQ and PR#2771): if the TLS client
Hello record length value would otherwise be > 255 and less that 512
pad with a dummy extension containing zeroes so it is at least 512 bytes
long.
To enable it use an unused extension number (for example 0x4242) using
e.g. -DTLSEXT_TYPE_wtf=0x4242
WARNING: EXPERIMENTAL, SUBJECT TO CHANGE.
[Steve Henson]
*) Experimental encrypt-then-mac support. *) Experimental encrypt-then-mac support.
Experimental support for encrypt then mac from Experimental support for encrypt then mac from
@ -286,6 +273,25 @@
Changes between 1.0.1e and 1.0.2 [xx XXX xxxx] Changes between 1.0.1e and 1.0.2 [xx XXX xxxx]
*) TLS pad extension: draft-agl-tls-padding-02
Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the
TLS client Hello record length value would otherwise be > 255 and
less that 512 pad with a dummy extension containing zeroes so it
is at least 512 bytes long.
To enable it use an unused extension number (for example chrome uses
35655) using:
e.g. -DTLSEXT_TYPE_padding=35655
Since the extension is ignored the actual number doesn't matter as long
as it doesn't clash with any existing extension.
This will be updated when the extension gets an official number.
[Adam Langley, Steve Henson]
*) Add functions to allocate and set the fields of an ECDSA_METHOD *) Add functions to allocate and set the fields of an ECDSA_METHOD
structure. structure.
[Douglas E. Engert, Steve Henson] [Douglas E. Engert, Steve Henson]

27
ssl/t1_lib.c
View File

@ -1472,17 +1472,30 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
s2n(TLSEXT_TYPE_encrypt_then_mac,ret); s2n(TLSEXT_TYPE_encrypt_then_mac,ret);
s2n(0,ret); s2n(0,ret);
#endif #endif
#ifdef TLSEXT_TYPE_wtf #ifdef TLSEXT_TYPE_padding
{ /* Add padding to workaround bugs in F5 terminators.
/* Work out length which would be used in the TLS record: * See https://tools.ietf.org/html/draft-agl-tls-padding-02
* NB this should ALWAYS appear after all other extensions. *
* NB: because this code works out the length of all existing
* extensions it MUST always appear last.
*/ */
int hlen = ret - (unsigned char *)s->init_buf->data - 3; {
int hlen = ret - (unsigned char *)s->init_buf->data;
/* The code in s23_clnt.c to build ClientHello messages includes the
* 5-byte record header in the buffer, while the code in s3_clnt.c does
* not. */
if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
hlen -= 5;
if (hlen > 0xff && hlen < 0x200) if (hlen > 0xff && hlen < 0x200)
{ {
hlen = 0x200 - hlen; hlen = 0x200 - hlen;
s2n(TLSEXT_TYPE_wtf,ret); if (hlen >= 4)
s2n(hlen,ret); hlen -= 4;
else
hlen = 0;
s2n(TLSEXT_TYPE_padding, ret);
s2n(hlen, ret);
memset(ret, 0, hlen); memset(ret, 0, hlen);
ret += hlen; ret += hlen;
} }