diff options
author | agl@chromium.org <agl@chromium.org@4ff67af0-8c30-449e-8e8b-ad334ec8d88c> | 2014-01-07 18:08:41 +0000 |
---|---|---|
committer | agl@chromium.org <agl@chromium.org@4ff67af0-8c30-449e-8e8b-ad334ec8d88c> | 2014-01-07 18:08:41 +0000 |
commit | 83c0f1514458cf987e7b971f77cc1a0c0971e66e (patch) | |
tree | 38d0e0b27e92f7a40be1be89776facd4772959be /openssl/ssl | |
parent | 371ef2c21ab87acff683350f491a47e79b66a44f (diff) | |
download | openssl-83c0f1514458cf987e7b971f77cc1a0c0971e66e.tar.gz |
OpenSSL: add support for the TLS padding extension.
This works around a bug in some versions of F5 devices that causes the
connection to hang when the ClientHello record is between 256 and 511 bytes
long.
https://tools.ietf.org/html/draft-agl-tls-padding-02
Based on the upstream patch to do the same thing:
0467ea68624450ecece4cde0d5803499aaff19c2
BUG=none
https://codereview.chromium.org/112933006
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@243334 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
Diffstat (limited to 'openssl/ssl')
-rw-r--r-- | openssl/ssl/s23_clnt.c | 5 | ||||
-rw-r--r-- | openssl/ssl/s3_clnt.c | 4 | ||||
-rw-r--r-- | openssl/ssl/t1_lib.c | 25 | ||||
-rw-r--r-- | openssl/ssl/tls1.h | 4 |
4 files changed, 36 insertions, 2 deletions
diff --git a/openssl/ssl/s23_clnt.c b/openssl/ssl/s23_clnt.c index 2d0f51d..08ee86d 100644 --- a/openssl/ssl/s23_clnt.c +++ b/openssl/ssl/s23_clnt.c @@ -466,7 +466,10 @@ static int ssl23_client_hello(SSL *s) { /* create Client Hello in SSL 3.0/TLS 1.0 format */ - /* do the record header (5 bytes) and handshake message header (4 bytes) last */ + /* do the record header (5 bytes) and handshake message + * header (4 bytes) last. Note: the code to add the + * padding extension in t1_lib.c depends on the size of + * this prefix. */ d = p = &(buf[9]); *(p++) = version_major; diff --git a/openssl/ssl/s3_clnt.c b/openssl/ssl/s3_clnt.c index 85ffd67..e47eef1 100644 --- a/openssl/ssl/s3_clnt.c +++ b/openssl/ssl/s3_clnt.c @@ -757,7 +757,9 @@ int ssl3_client_hello(SSL *s) if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) goto err; - /* Do the message type and length last */ + /* Do the message type and length last. + * Note: the code to add the padding extension in t1_lib.c + * depends on the size of this prefix. */ d=p= &(buf[4]); /* version indicates the negotiated version: for example from diff --git a/openssl/ssl/t1_lib.c b/openssl/ssl/t1_lib.c index f447f22..7a507f9 100644 --- a/openssl/ssl/t1_lib.c +++ b/openssl/ssl/t1_lib.c @@ -661,6 +661,31 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha } #endif + /* Add padding to workaround bugs in F5 terminators. + * See https://tools.ietf.org/html/draft-agl-tls-padding-02 */ + { + int hlen = ret - (unsigned char *)s->init_buf->data; + /* The code in s23_clnt.c to build ClientHello messages includes the + * 5-byte record header in the buffer, while the code in s3_clnt.c does + * not. */ + if (s->state == SSL23_ST_CW_CLNT_HELLO_A) + hlen -= 5; + if (hlen > 0xff && hlen < 0x200) + { + hlen = 0x200 - hlen; + if (hlen >= 4) + hlen -= 4; + else + hlen = 0; + + s2n(TLSEXT_TYPE_padding, ret); + s2n(hlen, ret); + memset(ret, 0, hlen); + ret += hlen; + } + } + + if ((extdatalen = ret-p-2)== 0) return p; diff --git a/openssl/ssl/tls1.h b/openssl/ssl/tls1.h index 0ce0193..6070e13 100644 --- a/openssl/ssl/tls1.h +++ b/openssl/ssl/tls1.h @@ -251,6 +251,10 @@ extern "C" { /* This is not an IANA defined extension number */ #define TLSEXT_TYPE_channel_id 30031 +/* See https://tools.ietf.org/html/draft-agl-tls-padding-02 + * Number not yet IANA assigned. */ +#define TLSEXT_TYPE_padding 35655 + /* NameType value from RFC 3546 */ #define TLSEXT_NAMETYPE_host_name 0 /* status request value from RFC 3546 */ |