diff options
author | David Benjamin <davidben@chromium.org> | 2015-10-17 05:45:17 +0300 |
---|---|---|
committer | Adam Langley <alangley@gmail.com> | 2015-10-20 21:22:47 +0300 |
commit | cfdee213f880d56d4c53b2d5f6602357201a3cea (patch) | |
tree | c796a378a6d524435820a7ed2579b14d05e95b8f /ssl/tls_record.c | |
parent | 96e97b1bf1361d809599102000f4e4ab980420f3 (diff) |
Add use counters for SSL_OP_TLS_D5_BUG and SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER.
These are theh two remaining quirks (SSL_OP_LEGACY_SERVER_CONNECT
aside). Add counters so we can determine whether there are still clients
that trip up these cases.
Change-Id: I7e92f42f3830c1df675445ec15a852e5659eb499
Reviewed-on: https://boringssl-review.googlesource.com/6290
Reviewed-by: Adam Langley <alangley@gmail.com>
Diffstat (limited to 'ssl/tls_record.c')
-rw-r--r-- | ssl/tls_record.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/ssl/tls_record.c b/ssl/tls_record.c index 36e31b4e..bdc5c014 100644 --- a/ssl/tls_record.c +++ b/ssl/tls_record.c @@ -114,6 +114,7 @@ #include <openssl/err.h> #include "internal.h" +#include "../crypto/internal.h" /* kMaxEmptyRecords is the number of consecutive, empty records that will be @@ -122,6 +123,16 @@ * forever. */ static const uint8_t kMaxEmptyRecords = 32; +static struct CRYPTO_STATIC_MUTEX g_big_buffer_lock = CRYPTO_STATIC_MUTEX_INIT; +static uint64_t g_big_buffer_use_count = 0; + +uint64_t OPENSSL_get_big_buffer_use_count(void) { + CRYPTO_STATIC_MUTEX_lock_read(&g_big_buffer_lock); + uint64_t ret = g_big_buffer_use_count; + CRYPTO_STATIC_MUTEX_unlock(&g_big_buffer_lock); + return ret; +} + size_t ssl_record_prefix_len(const SSL *ssl) { if (SSL_IS_DTLS(ssl)) { return DTLS1_RT_HEADER_LENGTH + @@ -230,6 +241,14 @@ enum ssl_open_record_t tls_open_record( return ssl_open_record_error; } + if (extra > 0 && + (ciphertext_len > SSL3_RT_MAX_ENCRYPTED_LENGTH || + plaintext_len > SSL3_RT_MAX_PLAIN_LENGTH)) { + CRYPTO_STATIC_MUTEX_lock_write(&g_big_buffer_lock); + g_big_buffer_use_count++; + CRYPTO_STATIC_MUTEX_unlock(&g_big_buffer_lock); + } + /* Limit the number of consecutive empty records. */ if (plaintext_len == 0) { ssl->s3->empty_record_count++; |