From cfdee213f880d56d4c53b2d5f6602357201a3cea Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Fri, 16 Oct 2015 22:45:17 -0400 Subject: Add use counters for SSL_OP_TLS_D5_BUG and SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER. These are theh two remaining quirks (SSL_OP_LEGACY_SERVER_CONNECT aside). Add counters so we can determine whether there are still clients that trip up these cases. Change-Id: I7e92f42f3830c1df675445ec15a852e5659eb499 Reviewed-on: https://boringssl-review.googlesource.com/6290 Reviewed-by: Adam Langley --- ssl/tls_record.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'ssl/tls_record.c') diff --git a/ssl/tls_record.c b/ssl/tls_record.c index 36e31b4e..bdc5c014 100644 --- a/ssl/tls_record.c +++ b/ssl/tls_record.c @@ -114,6 +114,7 @@ #include #include "internal.h" +#include "../crypto/internal.h" /* kMaxEmptyRecords is the number of consecutive, empty records that will be @@ -122,6 +123,16 @@ * forever. */ static const uint8_t kMaxEmptyRecords = 32; +static struct CRYPTO_STATIC_MUTEX g_big_buffer_lock = CRYPTO_STATIC_MUTEX_INIT; +static uint64_t g_big_buffer_use_count = 0; + +uint64_t OPENSSL_get_big_buffer_use_count(void) { + CRYPTO_STATIC_MUTEX_lock_read(&g_big_buffer_lock); + uint64_t ret = g_big_buffer_use_count; + CRYPTO_STATIC_MUTEX_unlock(&g_big_buffer_lock); + return ret; +} + size_t ssl_record_prefix_len(const SSL *ssl) { if (SSL_IS_DTLS(ssl)) { return DTLS1_RT_HEADER_LENGTH + @@ -230,6 +241,14 @@ enum ssl_open_record_t tls_open_record( return ssl_open_record_error; } + if (extra > 0 && + (ciphertext_len > SSL3_RT_MAX_ENCRYPTED_LENGTH || + plaintext_len > SSL3_RT_MAX_PLAIN_LENGTH)) { + CRYPTO_STATIC_MUTEX_lock_write(&g_big_buffer_lock); + g_big_buffer_use_count++; + CRYPTO_STATIC_MUTEX_unlock(&g_big_buffer_lock); + } + /* Limit the number of consecutive empty records. */ if (plaintext_len == 0) { ssl->s3->empty_record_count++; -- cgit v1.2.3