Tidy up OpenSSL padding extension code.

Add (redundant because of SSL3_RT_MAX_PLAIN_LENGTH) length check, don't pad DTLS, and move the SSL23 special case closer to the SSL23 code. BUG=none Review URL: https://codereview.chromium.org/242453005 git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@267663 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
author: davidben@chromium.org <davidben@chromium.org@4ff67af0-8c30-449e-8e8b-ad334ec8d88c> 2014-05-01 23:35:34 +0000
committer: davidben@chromium.org <davidben@chromium.org@4ff67af0-8c30-449e-8e8b-ad334ec8d88c> 2014-05-01 23:35:34 +0000
commit: 152164bc423807c6945662c94d724554a027eeca (patch)
tree: 229a1fcedb338566b8baf68a5e5f4cc1e88e7515 /openssl/ssl/t1_lib.c
parent: 176b84dd04aaadd8b6ec29d285ef7234c9fb1e85 (diff)
download: openssl-152164bc423807c6945662c94d724554a027eeca.tar.gz
1 files changed, 20 insertions, 19 deletions
diff --git a/openssl/ssl/t1_lib.c b/openssl/ssl/t1_lib.c
index a53d56b..3fe6612 100644
--- a/openssl/ssl/t1_lib.c
+++ b/openssl/ssl/t1_lib.c
@@ -341,7 +341,10 @@ int tls12_get_req_sig_algs(SSL *s, unsigned char *p)
 	return (int)slen;
 	}
 
-unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit)
+/* header_len is the length of the ClientHello header written so far, used to
+ * compute padding. It does not include the record header. Pass 0 if no padding
+ * is to be done. */
+unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit, size_t header_len)
 	{
 	int extdatalen=0;
 	unsigned char *orig = buf;
@@ -664,27 +667,25 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
 
 	/* Add padding to workaround bugs in F5 terminators.
 	 * See https://tools.ietf.org/html/draft-agl-tls-padding-02 */
-	{
-	int hlen = ret - (unsigned char *)s->init_buf->data;
-	/* The code in s23_clnt.c to build ClientHello messages includes the
-	 * 5-byte record header in the buffer, while the code in s3_clnt.c does
-	 * not. */
-	if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
-		hlen -= 5;
-	if (hlen > 0xff && hlen < 0x200)
+	if (header_len > 0)
 		{
-		hlen = 0x200 - hlen;
-		if (hlen >= 4)
-			hlen -= 4;
-		else
-			hlen = 0;
+		header_len += ret - orig;
+		if (header_len > 0xff && header_len < 0x200)
+			{
+			size_t padding_len = 0x200 - header_len;
+			if (padding_len >= 4)
+				padding_len -= 4;
+			else
+				padding_len = 0;
+			if (limit - ret - 4 - (long)padding_len < 0)
+				return NULL;
 
-		s2n(TLSEXT_TYPE_padding, ret);
-		s2n(hlen, ret);
-		memset(ret, 0, hlen);
-		ret += hlen;
+			s2n(TLSEXT_TYPE_padding, ret);
+			s2n(padding_len, ret);
+			memset(ret, 0, padding_len);
+			ret += padding_len;
+			}
 		}
-	}
 
 
 	if ((extdatalen = ret-orig-2)== 0)
author	davidben@chromium.org <davidben@chromium.org@4ff67af0-8c30-449e-8e8b-ad334ec8d88c>	2014-05-01 23:35:34 +0000
committer	davidben@chromium.org <davidben@chromium.org@4ff67af0-8c30-449e-8e8b-ad334ec8d88c>	2014-05-01 23:35:34 +0000
commit	152164bc423807c6945662c94d724554a027eeca (patch)
tree	229a1fcedb338566b8baf68a5e5f4cc1e88e7515 /openssl/ssl/t1_lib.c
parent	176b84dd04aaadd8b6ec29d285ef7234c9fb1e85 (diff)
download	openssl-152164bc423807c6945662c94d724554a027eeca.tar.gz