Hi all,
the TLS spec allows for padding TLS record messages with random length
(up to 256 bytes) which helps to disguise the actual length of messages.
I wondered if this has been implemented in openssl yet, but apparently
not yet. I believe I have found the relevant lines of code:
Lines 567-587 in t1_enc.c (from openssl-0.9.8g.tar.gz):
excerpt of function int tls1_enc(SSL *s, int send)
===============================================================
l=rec->length;
bs=EVP_CIPHER_block_size(ds->cipher);
if ((bs != 1) && send)
{
i=bs-((int)l%bs);
/* Add weird padding of upto 256 bytes */
/* we need to add 'i' padding bytes of value j*/
j=i-1;
if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)
{
if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
j++;
}
for (k=(int)l; k<(int)(l+i); k++)
rec->input[k]=j;
l+=i;
rec->length+=i;
}
===============================================================
Apparently, this code only appends as many padding bytes as are needed
to meet the block size requirements.
The line /* Add weird padding of upto 256 bytes */ suggests that there
are plans to implement the random length padding. The line has been in
the code since a while, though...
Are there any technical reasons why you haven't implemented it so far?
Regards,
Dominik
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
