Commit 4fcdd66f authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Update to pad extension. 

Fix padding calculation for different SSL_METHOD types. Use the
standard name as used in draft-agl-tls-padding-02
parent 102302b0

CHANGES

+19 −13
Original line number Diff line number Diff line
@@ -4,19 +4,6 @@ 


 Changes between 1.0.2 and 1.1.0  [xx XXX xxxx]



  *) Experimental workaround TLS filler (WTF) extension. Based on a suggested

     workaround for the "TLS hang bug" (see FAQ and PR#2771): if the TLS client

     Hello record length value would otherwise be > 255 and less that 512

     pad with a dummy extension containing zeroes so it is at least 512 bytes

     long.



     To enable it use an unused extension number (for example 0x4242) using

     e.g. -DTLSEXT_TYPE_wtf=0x4242



     WARNING: EXPERIMENTAL, SUBJECT TO CHANGE.

 

     [Steve Henson]



  *) Experimental encrypt-then-mac support.

    

     Experimental support for encrypt then mac from
@@ -286,6 +273,25 @@ 


 Changes between 1.0.1e and 1.0.2 [xx XXX xxxx]



  *) TLS pad extension: draft-agl-tls-padding-02



     Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the

     TLS client Hello record length value would otherwise be > 255 and

     less that 512 pad with a dummy extension containing zeroes so it

     is at least 512 bytes long.



     To enable it use an unused extension number (for example chrome uses

     35655) using:



     e.g. -DTLSEXT_TYPE_padding=35655



     Since the extension is ignored the actual number doesn't matter as long

     as it doesn't clash with any existing extension.



     This will be updated when the extension gets an official number.



     [Adam Langley, Steve Henson]



  *) Add functions to allocate and set the fields of an ECDSA_METHOD

     structure.

     [Douglas E. Engert, Steve Henson]

ssl/t1_lib.c

+20 −7
Original line number Diff line number Diff line
@@ -1472,16 +1472,29 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha 
	s2n(TLSEXT_TYPE_encrypt_then_mac,ret);

	s2n(0,ret);

#endif

#ifdef TLSEXT_TYPE_wtf

	{

	/* Work out length which would be used in the TLS record:

	 * NB this should ALWAYS appear after all other extensions.

#ifdef TLSEXT_TYPE_padding

	/* Add padding to workaround bugs in F5 terminators.

	 * See https://tools.ietf.org/html/draft-agl-tls-padding-02

	 *

	 * NB: because this code works out the length of all existing

	 * extensions it MUST always appear last.

	 */

	int hlen = ret - (unsigned char *)s->init_buf->data - 3;

	{

	int hlen = ret - (unsigned char *)s->init_buf->data;

	/* The code in s23_clnt.c to build ClientHello messages includes the

	 * 5-byte record header in the buffer, while the code in s3_clnt.c does

	 * not. */

	if (s->state == SSL23_ST_CW_CLNT_HELLO_A)

		hlen -= 5;

	if (hlen > 0xff && hlen < 0x200)

		{

		hlen = 0x200 - hlen;

		s2n(TLSEXT_TYPE_wtf,ret);

		if (hlen >= 4)

			hlen -= 4;

		else

			hlen = 0;



		s2n(TLSEXT_TYPE_padding, ret);

		s2n(hlen, ret);

		memset(ret, 0, hlen);

		ret += hlen;