| OLD | NEW |
|---|
| (Empty) |
| 1 diff --git android-openssl.orig/ssl/t1_lib.c android-openssl/ssl/t1_lib.c | |
| 2 index 3fe6612..ea7fefa 100644 | |
| 3 --- android-openssl.orig/ssl/t1_lib.c | |
| 4 +++ android-openssl/ssl/t1_lib.c | |
| 5 @@ -444,55 +444,6 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned
char *buf, unsigned c | |
| 6 } | |
| 7 #endif | |
| 8 | |
| 9 -#ifndef OPENSSL_NO_EC | |
| 10 - if (s->tlsext_ecpointformatlist != NULL && | |
| 11 - s->version != DTLS1_VERSION) | |
| 12 - { | |
| 13 - /* Add TLS extension ECPointFormats to the ClientHello message *
/ | |
| 14 - long lenmax; | |
| 15 - | |
| 16 - if ((lenmax = limit - ret - 5) < 0) return NULL; | |
| 17 - if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax)
return NULL; | |
| 18 - if (s->tlsext_ecpointformatlist_length > 255) | |
| 19 - { | |
| 20 - SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_
ERROR); | |
| 21 - return NULL; | |
| 22 - } | |
| 23 - | |
| 24 - s2n(TLSEXT_TYPE_ec_point_formats,ret); | |
| 25 - s2n(s->tlsext_ecpointformatlist_length + 1,ret); | |
| 26 - *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length; | |
| 27 - memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformat
list_length); | |
| 28 - ret+=s->tlsext_ecpointformatlist_length; | |
| 29 - } | |
| 30 - if (s->tlsext_ellipticcurvelist != NULL && | |
| 31 - s->version != DTLS1_VERSION) | |
| 32 - { | |
| 33 - /* Add TLS extension EllipticCurves to the ClientHello message *
/ | |
| 34 - long lenmax; | |
| 35 - | |
| 36 - if ((lenmax = limit - ret - 6) < 0) return NULL; | |
| 37 - if (s->tlsext_ellipticcurvelist_length > (unsigned long)lenmax)
return NULL; | |
| 38 - if (s->tlsext_ellipticcurvelist_length > 65532) | |
| 39 - { | |
| 40 - SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_
ERROR); | |
| 41 - return NULL; | |
| 42 - } | |
| 43 - | |
| 44 - s2n(TLSEXT_TYPE_elliptic_curves,ret); | |
| 45 - s2n(s->tlsext_ellipticcurvelist_length + 2, ret); | |
| 46 - | |
| 47 - /* NB: draft-ietf-tls-ecc-12.txt uses a one-byte prefix for | |
| 48 - * elliptic_curve_list, but the examples use two bytes. | |
| 49 - * http://www1.ietf.org/mail-archive/web/tls/current/msg00538.ht
ml | |
| 50 - * resolves this to two bytes. | |
| 51 - */ | |
| 52 - s2n(s->tlsext_ellipticcurvelist_length, ret); | |
| 53 - memcpy(ret, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurve
list_length); | |
| 54 - ret+=s->tlsext_ellipticcurvelist_length; | |
| 55 - } | |
| 56 -#endif /* OPENSSL_NO_EC */ | |
| 57 - | |
| 58 if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) | |
| 59 { | |
| 60 int ticklen; | |
| 61 @@ -665,6 +616,58 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned
char *buf, unsigned c | |
| 62 } | |
| 63 #endif | |
| 64 | |
| 65 +#ifndef OPENSSL_NO_EC | |
| 66 + /* WebSphere Application Server 7.0 is intolerant to the last extension | |
| 67 + * being zero-length. ECC extensions are non-empty and not dropped until | |
| 68 + * fallback to SSL3, at which point all extensions are gone. */ | |
| 69 + if (s->tlsext_ecpointformatlist != NULL && | |
| 70 + s->version != DTLS1_VERSION) | |
| 71 + { | |
| 72 + /* Add TLS extension ECPointFormats to the ClientHello message *
/ | |
| 73 + long lenmax; | |
| 74 + | |
| 75 + if ((lenmax = limit - ret - 5) < 0) return NULL; | |
| 76 + if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax)
return NULL; | |
| 77 + if (s->tlsext_ecpointformatlist_length > 255) | |
| 78 + { | |
| 79 + SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_
ERROR); | |
| 80 + return NULL; | |
| 81 + } | |
| 82 + | |
| 83 + s2n(TLSEXT_TYPE_ec_point_formats,ret); | |
| 84 + s2n(s->tlsext_ecpointformatlist_length + 1,ret); | |
| 85 + *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length; | |
| 86 + memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformat
list_length); | |
| 87 + ret+=s->tlsext_ecpointformatlist_length; | |
| 88 + } | |
| 89 + if (s->tlsext_ellipticcurvelist != NULL && | |
| 90 + s->version != DTLS1_VERSION) | |
| 91 + { | |
| 92 + /* Add TLS extension EllipticCurves to the ClientHello message *
/ | |
| 93 + long lenmax; | |
| 94 + | |
| 95 + if ((lenmax = limit - ret - 6) < 0) return NULL; | |
| 96 + if (s->tlsext_ellipticcurvelist_length > (unsigned long)lenmax)
return NULL; | |
| 97 + if (s->tlsext_ellipticcurvelist_length > 65532) | |
| 98 + { | |
| 99 + SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_
ERROR); | |
| 100 + return NULL; | |
| 101 + } | |
| 102 + | |
| 103 + s2n(TLSEXT_TYPE_elliptic_curves,ret); | |
| 104 + s2n(s->tlsext_ellipticcurvelist_length + 2, ret); | |
| 105 + | |
| 106 + /* NB: draft-ietf-tls-ecc-12.txt uses a one-byte prefix for | |
| 107 + * elliptic_curve_list, but the examples use two bytes. | |
| 108 + * http://www1.ietf.org/mail-archive/web/tls/current/msg00538.ht
ml | |
| 109 + * resolves this to two bytes. | |
| 110 + */ | |
| 111 + s2n(s->tlsext_ellipticcurvelist_length, ret); | |
| 112 + memcpy(ret, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurve
list_length); | |
| 113 + ret+=s->tlsext_ellipticcurvelist_length; | |
| 114 + } | |
| 115 +#endif /* OPENSSL_NO_EC */ | |
| 116 + | |
| 117 /* Add padding to workaround bugs in F5 terminators. | |
| 118 * See https://tools.ietf.org/html/draft-agl-tls-padding-02 */ | |
| 119 if (header_len > 0) | |
| 120 @@ -673,10 +676,14 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned
char *buf, unsigned c | |
| 121 if (header_len > 0xff && header_len < 0x200) | |
| 122 { | |
| 123 size_t padding_len = 0x200 - header_len; | |
| 124 - if (padding_len >= 4) | |
| 125 + /* Extensions take at least four bytes to encode. Always | |
| 126 + * include least one byte of data if including the | |
| 127 + * extension. WebSphere Application Server 7.0 is | |
| 128 + * intolerant to the last extension being zero-length. *
/ | |
| 129 + if (padding_len >= 4 + 1) | |
| 130 padding_len -= 4; | |
| 131 else | |
| 132 - padding_len = 0; | |
| 133 + padding_len = 1; | |
| 134 if (limit - ret - 4 - (long)padding_len < 0) | |
| 135 return NULL; | |
| 136 | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2072073002:
Delete bundled copy of OpenSSL and replace with README. (Closed)
Base URL: https://chromium.googlesource.com/chromium/deps/openssl@master