OpenSSL: add support for the TLS padding extension.
This works around a bug in some versions of F5 devices that causes the
connection to hang when the ClientHello record is between 256 and 511 bytes
long.
https://tools.ietf.org/html/draft-agl-tls-padding-02
Based on the upstream patch to do the same thing:
0467ea68624450ecece4cde0d5803499aaff19c2
BUG=none
https://codereview.chromium.org/112933006
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@243334 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
diff --git a/openssl/include/openssl/tls1.h b/openssl/include/openssl/tls1.h
index 0ce0193..6070e13 100644
--- a/openssl/include/openssl/tls1.h
+++ b/openssl/include/openssl/tls1.h
@@ -251,6 +251,10 @@
/* This is not an IANA defined extension number */
#define TLSEXT_TYPE_channel_id 30031
+/* See https://tools.ietf.org/html/draft-agl-tls-padding-02
+ * Number not yet IANA assigned. */
+#define TLSEXT_TYPE_padding 35655
+
/* NameType value from RFC 3546 */
#define TLSEXT_NAMETYPE_host_name 0
/* status request value from RFC 3546 */
diff --git a/openssl/openssl.config b/openssl/openssl.config
index 3a980f4..c8f8e98 100644
--- a/openssl/openssl.config
+++ b/openssl/openssl.config
@@ -1015,6 +1015,7 @@
use_aead_for_aes_gcm.patch \
chacha20poly1305.patch \
neon_runtime.patch \
+paddingext.patch \
"
OPENSSL_PATCHES_progs_SOURCES="\
diff --git a/openssl/patches/paddingext.patch b/openssl/patches/paddingext.patch
new file mode 100644
index 0000000..fbc3d06
--- /dev/null
+++ b/openssl/patches/paddingext.patch
@@ -0,0 +1,96 @@
+From 61a9671951205d66382556b2502993ffc9201f59 Mon Sep 17 00:00:00 2001
+From: Adam Langley <agl@chromium.org>
+Date: Wed, 11 Dec 2013 16:25:17 -0500
+Subject: [PATCH 57/57] Add padding extension.
+
+This change adds a padding extension, when needed, in order to work
+around bugs in F5 terminators.
+---
+ ssl/t1_lib.c | 20 ++++++++++++++++++++
+ ssl/tls1.h | 4 ++++
+ 2 files changed, 24 insertions(+)
+
+diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
+index 47673e7..94e9692 100644
+--- a/ssl/s23_clnt.c
++++ b/ssl/s23_clnt.c
+@@ -466,7 +466,10 @@ static int ssl23_client_hello(SSL *s)
+ {
+ /* create Client Hello in SSL 3.0/TLS 1.0 format */
+
+- /* do the record header (5 bytes) and handshake message header (4 bytes) last */
++ /* do the record header (5 bytes) and handshake message
++ * header (4 bytes) last. Note: the code to add the
++ * padding extension in t1_lib.c depends on the size of
++ * this prefix. */
+ d = p = &(buf[9]);
+
+ *(p++) = version_major;
+diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
+index a657360..faa8d36 100644
+--- a/ssl/s3_clnt.c
++++ b/ssl/s3_clnt.c
+@@ -752,7 +752,9 @@ int ssl3_client_hello(SSL *s)
+ if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
+ goto err;
+
+- /* Do the message type and length last */
++ /* Do the message type and length last.
++ * Note: the code to add the padding extension in t1_lib.c
++ * depends on the size of this prefix. */
+ d=p= &(buf[4]);
+
+ /* version indicates the negotiated version: for example from
+diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
+index 5578056..f9ad9d9 100644
+--- a/ssl/t1_lib.c
++++ b/ssl/t1_lib.c
+@@ -695,6 +695,31 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
+ }
+ #endif
+
++ /* Add padding to workaround bugs in F5 terminators.
++ * See https://tools.ietf.org/html/draft-agl-tls-padding-02 */
++ {
++ int hlen = ret - (unsigned char *)s->init_buf->data;
++ /* The code in s23_clnt.c to build ClientHello messages includes the
++ * 5-byte record header in the buffer, while the code in s3_clnt.c does
++ * not. */
++ if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
++ hlen -= 5;
++ if (hlen > 0xff && hlen < 0x200)
++ {
++ hlen = 0x200 - hlen;
++ if (hlen >= 4)
++ hlen -= 4;
++ else
++ hlen = 0;
++
++ s2n(TLSEXT_TYPE_padding, ret);
++ s2n(hlen, ret);
++ memset(ret, 0, hlen);
++ ret += hlen;
++ }
++ }
++
++
+ if ((extdatalen = ret-p-2)== 0)
+ return p;
+
+diff --git a/ssl/tls1.h b/ssl/tls1.h
+index ecf5da7..df8f482 100644
+--- a/ssl/tls1.h
++++ b/ssl/tls1.h
+@@ -255,6 +255,10 @@ extern "C" {
+ #define TLSEXT_TYPE_channel_id 30031
+ #define TLSEXT_TYPE_channel_id_new 30032
+
++/* See https://tools.ietf.org/html/draft-agl-tls-padding-02
++ * Number not yet IANA assigned. */
++#define TLSEXT_TYPE_padding 35655
++
+ /* NameType value from RFC 3546 */
+ #define TLSEXT_NAMETYPE_host_name 0
+ /* status request value from RFC 3546 */
+--
+1.8.5.1
diff --git a/openssl/ssl/s23_clnt.c b/openssl/ssl/s23_clnt.c
index 2d0f51d..08ee86d 100644
--- a/openssl/ssl/s23_clnt.c
+++ b/openssl/ssl/s23_clnt.c
@@ -466,7 +466,10 @@
{
/* create Client Hello in SSL 3.0/TLS 1.0 format */
- /* do the record header (5 bytes) and handshake message header (4 bytes) last */
+ /* do the record header (5 bytes) and handshake message
+ * header (4 bytes) last. Note: the code to add the
+ * padding extension in t1_lib.c depends on the size of
+ * this prefix. */
d = p = &(buf[9]);
*(p++) = version_major;
diff --git a/openssl/ssl/s3_clnt.c b/openssl/ssl/s3_clnt.c
index 85ffd67..e47eef1 100644
--- a/openssl/ssl/s3_clnt.c
+++ b/openssl/ssl/s3_clnt.c
@@ -757,7 +757,9 @@
if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
goto err;
- /* Do the message type and length last */
+ /* Do the message type and length last.
+ * Note: the code to add the padding extension in t1_lib.c
+ * depends on the size of this prefix. */
d=p= &(buf[4]);
/* version indicates the negotiated version: for example from
diff --git a/openssl/ssl/t1_lib.c b/openssl/ssl/t1_lib.c
index f447f22..7a507f9 100644
--- a/openssl/ssl/t1_lib.c
+++ b/openssl/ssl/t1_lib.c
@@ -661,6 +661,31 @@
}
#endif
+ /* Add padding to workaround bugs in F5 terminators.
+ * See https://tools.ietf.org/html/draft-agl-tls-padding-02 */
+ {
+ int hlen = ret - (unsigned char *)s->init_buf->data;
+ /* The code in s23_clnt.c to build ClientHello messages includes the
+ * 5-byte record header in the buffer, while the code in s3_clnt.c does
+ * not. */
+ if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
+ hlen -= 5;
+ if (hlen > 0xff && hlen < 0x200)
+ {
+ hlen = 0x200 - hlen;
+ if (hlen >= 4)
+ hlen -= 4;
+ else
+ hlen = 0;
+
+ s2n(TLSEXT_TYPE_padding, ret);
+ s2n(hlen, ret);
+ memset(ret, 0, hlen);
+ ret += hlen;
+ }
+ }
+
+
if ((extdatalen = ret-p-2)== 0)
return p;
diff --git a/openssl/ssl/tls1.h b/openssl/ssl/tls1.h
index 0ce0193..6070e13 100644
--- a/openssl/ssl/tls1.h
+++ b/openssl/ssl/tls1.h
@@ -251,6 +251,10 @@
/* This is not an IANA defined extension number */
#define TLSEXT_TYPE_channel_id 30031
+/* See https://tools.ietf.org/html/draft-agl-tls-padding-02
+ * Number not yet IANA assigned. */
+#define TLSEXT_TYPE_padding 35655
+
/* NameType value from RFC 3546 */
#define TLSEXT_NAMETYPE_host_name 0
/* status request value from RFC 3546 */
diff --git a/patches.chromium/0008-paddingext.patch b/patches.chromium/0008-paddingext.patch
new file mode 100644
index 0000000..b8b50d4
--- /dev/null
+++ b/patches.chromium/0008-paddingext.patch
@@ -0,0 +1,111 @@
+diff -burN android-openssl.orig/openssl.config android-openssl-lhash2/openssl.config
+--- android-openssl.orig/openssl.config 2013-11-05 14:11:10.833326408 -0500
++++ android-openssl-lhash2/openssl.config 2013-11-05 14:38:31.187575574 -0500
+@@ -1015,6 +1015,7 @@
+ use_aead_for_aes_gcm.patch \
+ chacha20poly1305.patch \
+ neon_runtime.patch \
++paddingext.patch \
+ "
+
+ OPENSSL_PATCHES_progs_SOURCES="\
+diff -burN android-openssl-foo/patches/paddingext.patch android-openssl/patches/paddingext.patch
+--- android-openssl-foo/patches/paddingext.patch 1969-12-31 19:00:00.000000000 -0500
++++ android-openssl/patches/paddingext.patch 2013-11-05 14:14:34.631283497 -0500
+@@ -0,0 +1,96 @@
++From 61a9671951205d66382556b2502993ffc9201f59 Mon Sep 17 00:00:00 2001
++From: Adam Langley <agl@chromium.org>
++Date: Wed, 11 Dec 2013 16:25:17 -0500
++Subject: [PATCH 57/57] Add padding extension.
++
++This change adds a padding extension, when needed, in order to work
++around bugs in F5 terminators.
++---
++ ssl/t1_lib.c | 20 ++++++++++++++++++++
++ ssl/tls1.h | 4 ++++
++ 2 files changed, 24 insertions(+)
++
++diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
++index 47673e7..94e9692 100644
++--- a/ssl/s23_clnt.c
+++++ b/ssl/s23_clnt.c
++@@ -466,7 +466,10 @@ static int ssl23_client_hello(SSL *s)
++ {
++ /* create Client Hello in SSL 3.0/TLS 1.0 format */
++
++- /* do the record header (5 bytes) and handshake message header (4 bytes) last */
+++ /* do the record header (5 bytes) and handshake message
+++ * header (4 bytes) last. Note: the code to add the
+++ * padding extension in t1_lib.c depends on the size of
+++ * this prefix. */
++ d = p = &(buf[9]);
++
++ *(p++) = version_major;
++diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
++index a657360..faa8d36 100644
++--- a/ssl/s3_clnt.c
+++++ b/ssl/s3_clnt.c
++@@ -752,7 +752,9 @@ int ssl3_client_hello(SSL *s)
++ if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
++ goto err;
++
++- /* Do the message type and length last */
+++ /* Do the message type and length last.
+++ * Note: the code to add the padding extension in t1_lib.c
+++ * depends on the size of this prefix. */
++ d=p= &(buf[4]);
++
++ /* version indicates the negotiated version: for example from
++diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
++index 5578056..f9ad9d9 100644
++--- a/ssl/t1_lib.c
+++++ b/ssl/t1_lib.c
++@@ -695,6 +695,31 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
++ }
++ #endif
++
+++ /* Add padding to workaround bugs in F5 terminators.
+++ * See https://tools.ietf.org/html/draft-agl-tls-padding-02 */
+++ {
+++ int hlen = ret - (unsigned char *)s->init_buf->data;
+++ /* The code in s23_clnt.c to build ClientHello messages includes the
+++ * 5-byte record header in the buffer, while the code in s3_clnt.c does
+++ * not. */
+++ if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
+++ hlen -= 5;
+++ if (hlen > 0xff && hlen < 0x200)
+++ {
+++ hlen = 0x200 - hlen;
+++ if (hlen >= 4)
+++ hlen -= 4;
+++ else
+++ hlen = 0;
+++
+++ s2n(TLSEXT_TYPE_padding, ret);
+++ s2n(hlen, ret);
+++ memset(ret, 0, hlen);
+++ ret += hlen;
+++ }
+++ }
+++
+++
++ if ((extdatalen = ret-p-2)== 0)
++ return p;
++
++diff --git a/ssl/tls1.h b/ssl/tls1.h
++index ecf5da7..df8f482 100644
++--- a/ssl/tls1.h
+++++ b/ssl/tls1.h
++@@ -255,6 +255,10 @@ extern "C" {
++ #define TLSEXT_TYPE_channel_id 30031
++ #define TLSEXT_TYPE_channel_id_new 30032
++
+++/* See https://tools.ietf.org/html/draft-agl-tls-padding-02
+++ * Number not yet IANA assigned. */
+++#define TLSEXT_TYPE_padding 35655
+++
++ /* NameType value from RFC 3546 */
++ #define TLSEXT_NAMETYPE_host_name 0
++ /* status request value from RFC 3546 */
++--
++1.8.5.1