Under some circumstances, certain TLS connections are dropped by certain

patches.chromium/z_reduce_client_hello-size.patch

+diff -burN android-openssl.orig/openssl.config android-openssl/openssl.config
+--- android-openssl.orig/openssl.config 2013-06-17 14:49:24.055615731 -0700
++++ android-openssl/openssl.config      2013-06-17 17:01:55.691768262 -0700
+@@ -995,6 +995,7 @@
+ eng_dyn_dirs.patch \
+ fix_clang_build.patch \
+ x509_hash_name_algorithm_change.patch \
++reduce_client_hello_size.patch \
+ "
+ 
+ OPENSSL_PATCHES_progs_SOURCES="\
+diff -burN android-openssl.orig/patches/reduce_client_hello_size.patch android-openssl/patches/reduce_client_hello_size.patch
+--- android-openssl.orig/patches/reduce_client_hello_size.patch 1969-12-31 16:00:00.000000000 -0800
++++ android-openssl/patches/reduce_client_hello_size.patch      2013-06-17 15:34:21.000000000 -0700
+@@ -0,0 +1,64 @@
++diff -burN android-openssl.orig/ssl/t1_lib.c android-openssl/ssl/t1_lib.c
++--- android-openssl.orig/ssl/t1_lib.c  2013-06-17 15:31:59.055664742 -0700
+++++ android-openssl/ssl/t1_lib.c       2013-06-17 15:33:33.015666544 -0700
++@@ -202,33 +202,14 @@
++               NID_secp521r1  /* secp521r1 (25) */     
++       };
++ 
+++/* We support only the elliptic curves that are also supported by NSS
+++ * to improve compatibility with sites that don't accept large ClientHellos.
+++ */
++ static int pref_list[] =
++       {
++-              NID_sect571r1, /* sect571r1 (14) */ 
++-              NID_sect571k1, /* sect571k1 (13) */ 
++               NID_secp521r1, /* secp521r1 (25) */     
++-              NID_sect409k1, /* sect409k1 (11) */ 
++-              NID_sect409r1, /* sect409r1 (12) */
++               NID_secp384r1, /* secp384r1 (24) */
++-              NID_sect283k1, /* sect283k1 (9) */
++-              NID_sect283r1, /* sect283r1 (10) */ 
++-              NID_secp256k1, /* secp256k1 (22) */ 
++               NID_X9_62_prime256v1, /* secp256r1 (23) */ 
++-              NID_sect239k1, /* sect239k1 (8) */ 
++-              NID_sect233k1, /* sect233k1 (6) */
++-              NID_sect233r1, /* sect233r1 (7) */ 
++-              NID_secp224k1, /* secp224k1 (20) */ 
++-              NID_secp224r1, /* secp224r1 (21) */
++-              NID_sect193r1, /* sect193r1 (4) */ 
++-              NID_sect193r2, /* sect193r2 (5) */ 
++-              NID_secp192k1, /* secp192k1 (18) */
++-              NID_X9_62_prime192v1, /* secp192r1 (19) */ 
++-              NID_sect163k1, /* sect163k1 (1) */
++-              NID_sect163r1, /* sect163r1 (2) */
++-              NID_sect163r2, /* sect163r2 (3) */
++-              NID_secp160k1, /* secp160k1 (15) */
++-              NID_secp160r1, /* secp160r1 (16) */ 
++-              NID_secp160r2, /* secp160r2 (17) */ 
++       };
++ 
++ int tls1_ec_curve_id2nid(int curve_id)
++@@ -1703,17 +1684,18 @@
++       if (using_ecc)
++               {
++               if (s->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->tlsext_ecpointformatlist);
++-              if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL)
+++              /* To save an additional 2 bytes in the ClientHello, we only advertise support
+++               * for the only EC Point Format that NSS supports (instead of all 3).
+++               */
+++              if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(1)) == NULL)

[wtc, 2013/06/21 17:57:53]

Good. I missed the size argument passed to this OPENSSL_malloc() call
in my CL. It should match the value assigned to
s->tlsext_ecpointformatlist_length
below.

++                       {
++                       SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
++                       return -1;
++                       }
++-              s->tlsext_ecpointformatlist_length = 3;
+++              s->tlsext_ecpointformatlist_length = 1;
++               s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed;
++-              s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
++-              s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
++ 
++-              /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */
+++              /* we only support elliptic curves in NSA Suite B */

[wtc, 2013/06/21 17:57:53]

support => advertise support for

Nit: strictly speaking, only P-256 and P-384 are in the NSA Suite B.
But in this NSS source code "Suite B" is often loosely used to also
include P-521.

++               if (s->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->tlsext_ellipticcurvelist);
++               s->tlsext_ellipticcurvelist_length = sizeof(pref_list)/sizeof(pref_list[0]) * 2;
++               if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL)