Set TLS padding extension value. (51624dbd) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+1 −11

Original line number	Diff line number	Diff line
		@@ -13,23 +13,13 @@
		flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
		[Yuval Yarom and Naomi Benger]

		*) TLS pad extension: draft-agl-tls-padding-02
		*) TLS pad extension: draft-agl-tls-padding-03

		Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the
		TLS client Hello record length value would otherwise be > 255 and
		less that 512 pad with a dummy extension containing zeroes so it
		is at least 512 bytes long.

		To enable it use an unused extension number (for example chrome uses
		35655) using:

		e.g. -DTLSEXT_TYPE_padding=35655

		Since the extension is ignored the actual number doesn't matter as long
		as it doesn't clash with any existing extension.

		This will be updated when the extension gets an official number.

		[Adam Langley, Steve Henson]

		Changes between 1.0.1e and 1.0.1f [6 Jan 2014]

+1 −1

Original line number	Diff line number	Diff line
		@@ -664,7 +664,7 @@ unsigned char ssl_add_clienthello_tlsext(SSL s, unsigned char *p, unsigned cha

		#ifdef TLSEXT_TYPE_padding
		/* Add padding to workaround bugs in F5 terminators.
		* See https://tools.ietf.org/html/draft-agl-tls-padding-02
		* See https://tools.ietf.org/html/draft-agl-tls-padding-03
		*
		* NB: because this code works out the length of all existing
		* extensions it MUST always appear last.

+6 −0

Original line number	Diff line number	Diff line
		@@ -230,6 +230,12 @@ extern "C" {
		/* ExtensionType value from RFC5620 */
		#define TLSEXT_TYPE_heartbeat 15

		/* ExtensionType value for TLS padding extension.
		* http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
		* http://tools.ietf.org/html/draft-agl-tls-padding-03
		*/
		#define TLSEXT_TYPE_padding 21

		/* ExtensionType value from RFC4507 */
		#define TLSEXT_TYPE_session_ticket 35