Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(876)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: patches.chromium/z_reduce_client_hello-size.patch

Issue 17425002: Under some circumstances, certain TLS connections are dropped by certain (Closed) Base URL: https://src.chromium.org/chrome/trunk/deps/third_party/openssl/
Patch Set: Created 7 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: patches.chromium/z_reduce_client_hello-size.patch
===================================================================
--- patches.chromium/z_reduce_client_hello-size.patch (revision 0)
+++ patches.chromium/z_reduce_client_hello-size.patch (revision 0)
@@ -0,0 +1,79 @@
+diff -burN android-openssl.orig/openssl.config android-openssl/openssl.config
+--- android-openssl.orig/openssl.config 2013-06-17 14:49:24.055615731 -0700
++++ android-openssl/openssl.config 2013-06-17 17:01:55.691768262 -0700
+@@ -995,6 +995,7 @@
+ eng_dyn_dirs.patch \
+ fix_clang_build.patch \
+ x509_hash_name_algorithm_change.patch \
++reduce_client_hello_size.patch \
+ "
+
+ OPENSSL_PATCHES_progs_SOURCES="\
+diff -burN android-openssl.orig/patches/reduce_client_hello_size.patch android-openssl/patches/reduce_client_hello_size.patch
+--- android-openssl.orig/patches/reduce_client_hello_size.patch 1969-12-31 16:00:00.000000000 -0800
++++ android-openssl/patches/reduce_client_hello_size.patch 2013-06-17 15:34:21.000000000 -0700
+@@ -0,0 +1,64 @@
++diff -burN android-openssl.orig/ssl/t1_lib.c android-openssl/ssl/t1_lib.c
++--- android-openssl.orig/ssl/t1_lib.c 2013-06-17 15:31:59.055664742 -0700
+++++ android-openssl/ssl/t1_lib.c 2013-06-17 15:33:33.015666544 -0700
++@@ -202,33 +202,14 @@
++ NID_secp521r1 /* secp521r1 (25) */
++ };
++
+++/* We support only the elliptic curves that are also supported by NSS
+++ * to improve compatibility with sites that don't accept large ClientHellos.
+++ */
++ static int pref_list[] =
++ {
++- NID_sect571r1, /* sect571r1 (14) */
++- NID_sect571k1, /* sect571k1 (13) */
++ NID_secp521r1, /* secp521r1 (25) */
++- NID_sect409k1, /* sect409k1 (11) */
++- NID_sect409r1, /* sect409r1 (12) */
++ NID_secp384r1, /* secp384r1 (24) */
++- NID_sect283k1, /* sect283k1 (9) */
++- NID_sect283r1, /* sect283r1 (10) */
++- NID_secp256k1, /* secp256k1 (22) */
++ NID_X9_62_prime256v1, /* secp256r1 (23) */
++- NID_sect239k1, /* sect239k1 (8) */
++- NID_sect233k1, /* sect233k1 (6) */
++- NID_sect233r1, /* sect233r1 (7) */
++- NID_secp224k1, /* secp224k1 (20) */
++- NID_secp224r1, /* secp224r1 (21) */
++- NID_sect193r1, /* sect193r1 (4) */
++- NID_sect193r2, /* sect193r2 (5) */
++- NID_secp192k1, /* secp192k1 (18) */
++- NID_X9_62_prime192v1, /* secp192r1 (19) */
++- NID_sect163k1, /* sect163k1 (1) */
++- NID_sect163r1, /* sect163r1 (2) */
++- NID_sect163r2, /* sect163r2 (3) */
++- NID_secp160k1, /* secp160k1 (15) */
++- NID_secp160r1, /* secp160r1 (16) */
++- NID_secp160r2, /* secp160r2 (17) */
++ };
++
++ int tls1_ec_curve_id2nid(int curve_id)
++@@ -1703,17 +1684,18 @@
++ if (using_ecc)
++ {
++ if (s->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->tlsext_ecpointformatlist);
++- if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL)
+++ /* To save an additional 2 bytes in the ClientHello, we only advertise support
+++ * for the only EC Point Format that NSS supports (instead of all 3).
+++ */
+++ if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(1)) == NULL)
wtc 2013/06/21 17:57:53 Good. I missed the size argument passed to this OP
++ {
++ SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
++ return -1;
++ }
++- s->tlsext_ecpointformatlist_length = 3;
+++ s->tlsext_ecpointformatlist_length = 1;
++ s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed;
++- s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
++- s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
++
++- /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */
+++ /* we only support elliptic curves in NSA Suite B */
wtc 2013/06/21 17:57:53 support => advertise support for Nit: strictly sp
++ if (s->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->tlsext_ellipticcurvelist);
++ s->tlsext_ellipticcurvelist_length = sizeof(pref_list)/sizeof(pref_list[0]) * 2;
++ if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL)
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698