diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-06-01 16:08:18 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-06-01 16:50:25 +0100 |
commit | 623a01df491d79554136a9f09997bc72758071ea (patch) | |
tree | 714543ad0d6839bba74429b31e0b3f3a7038a2c6 /ssl/t1_lib.c | |
parent | 08b172b975bcd5854f9201b9f89d05dc330adb79 (diff) |
Option to disable padding extension.
Add TLS padding extension to SSL_OP_ALL so it is used with other
"bugs" options and can be turned off.
This replaces SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG which is an ancient
option referring to SSLv2 and SSLREF.
PR#3336
(cherry picked from commit 758415b2259fa45d3fe17d8e53ae1341b7b6e482)
Conflicts:
ssl/t1_lib.c
Diffstat (limited to 'ssl/t1_lib.c')
-rw-r--r-- | ssl/t1_lib.c | 41 |
1 files changed, 20 insertions, 21 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 80397b9c07..07674405d8 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1468,36 +1468,35 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha ret += outlen; } } - -#ifdef TLSEXT_TYPE_padding /* Add padding to workaround bugs in F5 terminators. * See https://tools.ietf.org/html/draft-agl-tls-padding-03 * * NB: because this code works out the length of all existing * extensions it MUST always appear last. */ - { - int hlen = ret - (unsigned char *)s->init_buf->data; - /* The code in s23_clnt.c to build ClientHello messages includes the - * 5-byte record header in the buffer, while the code in s3_clnt.c does - * not. */ - if (s->state == SSL23_ST_CW_CLNT_HELLO_A) - hlen -= 5; - if (hlen > 0xff && hlen < 0x200) + if (s->options & SSL_OP_TLSEXT_PADDING) { - hlen = 0x200 - hlen; - if (hlen >= 4) - hlen -= 4; - else - hlen = 0; + int hlen = ret - (unsigned char *)s->init_buf->data; + /* The code in s23_clnt.c to build ClientHello messages + * includes the 5-byte record header in the buffer, while + * the code in s3_clnt.c does not. + */ + if (s->state == SSL23_ST_CW_CLNT_HELLO_A) + hlen -= 5; + if (hlen > 0xff && hlen < 0x200) + { + hlen = 0x200 - hlen; + if (hlen >= 4) + hlen -= 4; + else + hlen = 0; - s2n(TLSEXT_TYPE_padding, ret); - s2n(hlen, ret); - memset(ret, 0, hlen); - ret += hlen; + s2n(TLSEXT_TYPE_padding, ret); + s2n(hlen, ret); + memset(ret, 0, hlen); + ret += hlen; + } } - } -#endif if ((extdatalen = ret-p-2) == 0) return p; |