OLD | NEW |
| (Empty) |
1 diff -burN android-openssl.orig/openssl.config android-openssl/openssl.config | |
2 --- android-openssl.orig/openssl.config 2014-04-07 17:25:12.555281256 -0700 | |
3 +++ android-openssl/openssl.config 2014-04-07 17:20:18.040941329 -0700 | |
4 @@ -1015,6 +1015,7 @@ | |
5 use_aead_for_aes_gcm.patch \ | |
6 chacha20poly1305.patch \ | |
7 neon_runtime.patch \ | |
8 +paddingext.patch \ | |
9 " | |
10 | |
11 OPENSSL_PATCHES_progs_SOURCES="\ | |
12 diff -burN android-openssl.orig/patches/paddingext.patch android-openssl/patches
/paddingext.patch | |
13 --- android-openssl.orig/patches/paddingext.patch 1969-12-31 16:00:00.0000
00000 -0800 | |
14 +++ android-openssl/patches/paddingext.patch 2014-04-07 17:20:18.040941329 -0
700 | |
15 @@ -0,0 +1,80 @@ | |
16 +diff -burN android-openssl.orig/ssl/s23_clnt.c android-openssl/ssl/s23_clnt.c | |
17 +--- android-openssl.orig/ssl/s23_clnt.c 2014-04-07 16:18:43.296502203 -0
700 | |
18 ++++ android-openssl/ssl/s23_clnt.c 2014-04-07 16:20:18.887922518 -0700 | |
19 +@@ -466,7 +466,10 @@ | |
20 + { | |
21 + /* create Client Hello in SSL 3.0/TLS 1.0 format */ | |
22 + | |
23 +- /* do the record header (5 bytes) and handshake message
header (4 bytes) last */ | |
24 ++ /* do the record header (5 bytes) and handshake message | |
25 ++ * header (4 bytes) last. Note: the code to add the | |
26 ++ * padding extension in t1_lib.c depends on the size of | |
27 ++ * this prefix. */ | |
28 + d = p = &(buf[9]); | |
29 + | |
30 + *(p++) = version_major; | |
31 +diff -burN android-openssl.orig/ssl/s3_clnt.c android-openssl/ssl/s3_clnt.c | |
32 +--- android-openssl.orig/ssl/s3_clnt.c 2014-04-07 16:18:43.346502948 -0700 | |
33 ++++ android-openssl/ssl/s3_clnt.c 2014-04-07 16:20:18.897922665 -0700 | |
34 +@@ -758,7 +758,9 @@ | |
35 + if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) | |
36 + goto err; | |
37 + | |
38 +- /* Do the message type and length last */ | |
39 ++ /* Do the message type and length last. | |
40 ++ * Note: the code to add the padding extension in t1_lib.c | |
41 ++ * depends on the size of this prefix. */ | |
42 + d=p= &(buf[4]); | |
43 + | |
44 + /* version indicates the negotiated version: for example from | |
45 +diff -burN android-openssl.orig/ssl/t1_lib.c android-openssl/ssl/t1_lib.c | |
46 +--- android-openssl.orig/ssl/t1_lib.c 2014-04-07 16:18:43.306502352 -0700 | |
47 ++++ android-openssl/ssl/t1_lib.c 2014-04-07 16:20:18.897922665 -0700 | |
48 +@@ -680,6 +680,31 @@ | |
49 + } | |
50 + #endif | |
51 + | |
52 ++ /* Add padding to workaround bugs in F5 terminators. | |
53 ++ * See https://tools.ietf.org/html/draft-agl-tls-padding-02 */ | |
54 ++ { | |
55 ++ int hlen = ret - (unsigned char *)s->init_buf->data; | |
56 ++ /* The code in s23_clnt.c to build ClientHello messages includes the | |
57 ++ * 5-byte record header in the buffer, while the code in s3_clnt.c does | |
58 ++ * not. */ | |
59 ++ if (s->state == SSL23_ST_CW_CLNT_HELLO_A) | |
60 ++ hlen -= 5; | |
61 ++ if (hlen > 0xff && hlen < 0x200) | |
62 ++ { | |
63 ++ hlen = 0x200 - hlen; | |
64 ++ if (hlen >= 4) | |
65 ++ hlen -= 4; | |
66 ++ else | |
67 ++ hlen = 0; | |
68 ++ | |
69 ++ s2n(TLSEXT_TYPE_padding, ret); | |
70 ++ s2n(hlen, ret); | |
71 ++ memset(ret, 0, hlen); | |
72 ++ ret += hlen; | |
73 ++ } | |
74 ++ } | |
75 ++ | |
76 ++ | |
77 + if ((extdatalen = ret-p-2)== 0) | |
78 + return p; | |
79 + | |
80 +diff -burN android-openssl.orig/ssl/tls1.h android-openssl/ssl/tls1.h | |
81 +--- android-openssl.orig/ssl/tls1.h 2014-04-07 16:18:43.306502352 -0700 | |
82 ++++ android-openssl/ssl/tls1.h 2014-04-07 16:28:54.045542987 -0700 | |
83 +@@ -230,6 +230,12 @@ | |
84 + /* ExtensionType value from RFC5620 */ | |
85 + #define TLSEXT_TYPE_heartbeat 15 | |
86 + | |
87 ++/* ExtensionType value for TLS padding extension. | |
88 ++ * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-
values.xhtml | |
89 ++ * http://tools.ietf.org/html/draft-agl-tls-padding-03 | |
90 ++ */ | |
91 ++#define TLSEXT_TYPE_padding 21 | |
92 ++ | |
93 + /* ExtensionType value from RFC4507 */ | |
94 + #define TLSEXT_TYPE_session_ticket 35 | |
95 + | |
OLD | NEW |