Loading CHANGES +19 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,25 @@ Changes between 1.0.1e and 1.0.2 [xx XXX xxxx] *) TLS pad extension: draft-agl-tls-padding-02 Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the TLS client Hello record length value would otherwise be > 255 and less that 512 pad with a dummy extension containing zeroes so it is at least 512 bytes long. To enable it use an unused extension number (for example chrome uses 35655) using: e.g. -DTLSEXT_TYPE_padding=35655 Since the extension is ignored the actual number doesn't matter as long as it doesn't clash with any existing extension. This will be updated when the extension gets an official number. [Adam Langley, Steve Henson] *) Extended RSA OAEP support via EVP_PKEY API. Options to specify digest, MGF1 digest and OAEP label. [Steve Henson] Loading ssl/t1_lib.c +30 −0 Original line number Diff line number Diff line Loading @@ -1502,6 +1502,36 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha } } #ifdef TLSEXT_TYPE_padding /* Add padding to workaround bugs in F5 terminators. * See https://tools.ietf.org/html/draft-agl-tls-padding-02 * * NB: because this code works out the length of all existing * extensions it MUST always appear last. */ { int hlen = ret - (unsigned char *)s->init_buf->data; /* The code in s23_clnt.c to build ClientHello messages includes the * 5-byte record header in the buffer, while the code in s3_clnt.c does * not. */ if (s->state == SSL23_ST_CW_CLNT_HELLO_A) hlen -= 5; if (hlen > 0xff && hlen < 0x200) { hlen = 0x200 - hlen; if (hlen >= 4) hlen -= 4; else hlen = 0; s2n(TLSEXT_TYPE_padding, ret); s2n(hlen, ret); memset(ret, 0, hlen); ret += hlen; } } #endif if ((extdatalen = ret-p-2) == 0) return p; Loading Loading
CHANGES +19 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,25 @@ Changes between 1.0.1e and 1.0.2 [xx XXX xxxx] *) TLS pad extension: draft-agl-tls-padding-02 Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the TLS client Hello record length value would otherwise be > 255 and less that 512 pad with a dummy extension containing zeroes so it is at least 512 bytes long. To enable it use an unused extension number (for example chrome uses 35655) using: e.g. -DTLSEXT_TYPE_padding=35655 Since the extension is ignored the actual number doesn't matter as long as it doesn't clash with any existing extension. This will be updated when the extension gets an official number. [Adam Langley, Steve Henson] *) Extended RSA OAEP support via EVP_PKEY API. Options to specify digest, MGF1 digest and OAEP label. [Steve Henson] Loading
ssl/t1_lib.c +30 −0 Original line number Diff line number Diff line Loading @@ -1502,6 +1502,36 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha } } #ifdef TLSEXT_TYPE_padding /* Add padding to workaround bugs in F5 terminators. * See https://tools.ietf.org/html/draft-agl-tls-padding-02 * * NB: because this code works out the length of all existing * extensions it MUST always appear last. */ { int hlen = ret - (unsigned char *)s->init_buf->data; /* The code in s23_clnt.c to build ClientHello messages includes the * 5-byte record header in the buffer, while the code in s3_clnt.c does * not. */ if (s->state == SSL23_ST_CW_CLNT_HELLO_A) hlen -= 5; if (hlen > 0xff && hlen < 0x200) { hlen = 0x200 - hlen; if (hlen >= 4) hlen -= 4; else hlen = 0; s2n(TLSEXT_TYPE_padding, ret); s2n(hlen, ret); memset(ret, 0, hlen); ret += hlen; } } #endif if ((extdatalen = ret-p-2) == 0) return p; Loading
