提交 4fcdd66f 编写于 作者: D Dr. Stephen Henson

Update to pad extension.

Fix padding calculation for different SSL_METHOD types. Use the
standard name as used in draft-agl-tls-padding-02
上级 102302b0
...@@ -4,19 +4,6 @@ ...@@ -4,19 +4,6 @@
Changes between 1.0.2 and 1.1.0 [xx XXX xxxx] Changes between 1.0.2 and 1.1.0 [xx XXX xxxx]
*) Experimental workaround TLS filler (WTF) extension. Based on a suggested
workaround for the "TLS hang bug" (see FAQ and PR#2771): if the TLS client
Hello record length value would otherwise be > 255 and less that 512
pad with a dummy extension containing zeroes so it is at least 512 bytes
long.
To enable it use an unused extension number (for example 0x4242) using
e.g. -DTLSEXT_TYPE_wtf=0x4242
WARNING: EXPERIMENTAL, SUBJECT TO CHANGE.
[Steve Henson]
*) Experimental encrypt-then-mac support. *) Experimental encrypt-then-mac support.
Experimental support for encrypt then mac from Experimental support for encrypt then mac from
...@@ -286,6 +273,25 @@ ...@@ -286,6 +273,25 @@
Changes between 1.0.1e and 1.0.2 [xx XXX xxxx] Changes between 1.0.1e and 1.0.2 [xx XXX xxxx]
*) TLS pad extension: draft-agl-tls-padding-02
Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the
TLS client Hello record length value would otherwise be > 255 and
less that 512 pad with a dummy extension containing zeroes so it
is at least 512 bytes long.
To enable it use an unused extension number (for example chrome uses
35655) using:
e.g. -DTLSEXT_TYPE_padding=35655
Since the extension is ignored the actual number doesn't matter as long
as it doesn't clash with any existing extension.
This will be updated when the extension gets an official number.
[Adam Langley, Steve Henson]
*) Add functions to allocate and set the fields of an ECDSA_METHOD *) Add functions to allocate and set the fields of an ECDSA_METHOD
structure. structure.
[Douglas E. Engert, Steve Henson] [Douglas E. Engert, Steve Henson]
......
...@@ -1472,17 +1472,30 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha ...@@ -1472,17 +1472,30 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
s2n(TLSEXT_TYPE_encrypt_then_mac,ret); s2n(TLSEXT_TYPE_encrypt_then_mac,ret);
s2n(0,ret); s2n(0,ret);
#endif #endif
#ifdef TLSEXT_TYPE_wtf #ifdef TLSEXT_TYPE_padding
{ /* Add padding to workaround bugs in F5 terminators.
/* Work out length which would be used in the TLS record: * See https://tools.ietf.org/html/draft-agl-tls-padding-02
* NB this should ALWAYS appear after all other extensions. *
* NB: because this code works out the length of all existing
* extensions it MUST always appear last.
*/ */
int hlen = ret - (unsigned char *)s->init_buf->data - 3; {
int hlen = ret - (unsigned char *)s->init_buf->data;
/* The code in s23_clnt.c to build ClientHello messages includes the
* 5-byte record header in the buffer, while the code in s3_clnt.c does
* not. */
if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
hlen -= 5;
if (hlen > 0xff && hlen < 0x200) if (hlen > 0xff && hlen < 0x200)
{ {
hlen = 0x200 - hlen; hlen = 0x200 - hlen;
s2n(TLSEXT_TYPE_wtf,ret); if (hlen >= 4)
s2n(hlen,ret); hlen -= 4;
else
hlen = 0;
s2n(TLSEXT_TYPE_padding, ret);
s2n(hlen, ret);
memset(ret, 0, hlen); memset(ret, 0, hlen);
ret += hlen; ret += hlen;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册