Index: patches.chromium/0013-reorder_extensions.patch |
diff --git a/patches.chromium/0013-reorder_extensions.patch b/patches.chromium/0013-reorder_extensions.patch |
deleted file mode 100644 |
index 11bb6a01c5a341eb70b8b0ffbcb8ad829ed7f4f3..0000000000000000000000000000000000000000 |
--- a/patches.chromium/0013-reorder_extensions.patch |
+++ /dev/null |
@@ -1,136 +0,0 @@ |
-diff --git android-openssl.orig/ssl/t1_lib.c android-openssl/ssl/t1_lib.c |
-index 3fe6612..ea7fefa 100644 |
---- android-openssl.orig/ssl/t1_lib.c |
-+++ android-openssl/ssl/t1_lib.c |
-@@ -444,55 +444,6 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c |
- } |
- #endif |
- |
--#ifndef OPENSSL_NO_EC |
-- if (s->tlsext_ecpointformatlist != NULL && |
-- s->version != DTLS1_VERSION) |
-- { |
-- /* Add TLS extension ECPointFormats to the ClientHello message */ |
-- long lenmax; |
-- |
-- if ((lenmax = limit - ret - 5) < 0) return NULL; |
-- if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) return NULL; |
-- if (s->tlsext_ecpointformatlist_length > 255) |
-- { |
-- SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); |
-- return NULL; |
-- } |
-- |
-- s2n(TLSEXT_TYPE_ec_point_formats,ret); |
-- s2n(s->tlsext_ecpointformatlist_length + 1,ret); |
-- *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length; |
-- memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); |
-- ret+=s->tlsext_ecpointformatlist_length; |
-- } |
-- if (s->tlsext_ellipticcurvelist != NULL && |
-- s->version != DTLS1_VERSION) |
-- { |
-- /* Add TLS extension EllipticCurves to the ClientHello message */ |
-- long lenmax; |
-- |
-- if ((lenmax = limit - ret - 6) < 0) return NULL; |
-- if (s->tlsext_ellipticcurvelist_length > (unsigned long)lenmax) return NULL; |
-- if (s->tlsext_ellipticcurvelist_length > 65532) |
-- { |
-- SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); |
-- return NULL; |
-- } |
-- |
-- s2n(TLSEXT_TYPE_elliptic_curves,ret); |
-- s2n(s->tlsext_ellipticcurvelist_length + 2, ret); |
-- |
-- /* NB: draft-ietf-tls-ecc-12.txt uses a one-byte prefix for |
-- * elliptic_curve_list, but the examples use two bytes. |
-- * http://www1.ietf.org/mail-archive/web/tls/current/msg00538.html |
-- * resolves this to two bytes. |
-- */ |
-- s2n(s->tlsext_ellipticcurvelist_length, ret); |
-- memcpy(ret, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); |
-- ret+=s->tlsext_ellipticcurvelist_length; |
-- } |
--#endif /* OPENSSL_NO_EC */ |
-- |
- if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) |
- { |
- int ticklen; |
-@@ -665,6 +616,58 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c |
- } |
- #endif |
- |
-+#ifndef OPENSSL_NO_EC |
-+ /* WebSphere Application Server 7.0 is intolerant to the last extension |
-+ * being zero-length. ECC extensions are non-empty and not dropped until |
-+ * fallback to SSL3, at which point all extensions are gone. */ |
-+ if (s->tlsext_ecpointformatlist != NULL && |
-+ s->version != DTLS1_VERSION) |
-+ { |
-+ /* Add TLS extension ECPointFormats to the ClientHello message */ |
-+ long lenmax; |
-+ |
-+ if ((lenmax = limit - ret - 5) < 0) return NULL; |
-+ if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) return NULL; |
-+ if (s->tlsext_ecpointformatlist_length > 255) |
-+ { |
-+ SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); |
-+ return NULL; |
-+ } |
-+ |
-+ s2n(TLSEXT_TYPE_ec_point_formats,ret); |
-+ s2n(s->tlsext_ecpointformatlist_length + 1,ret); |
-+ *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length; |
-+ memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); |
-+ ret+=s->tlsext_ecpointformatlist_length; |
-+ } |
-+ if (s->tlsext_ellipticcurvelist != NULL && |
-+ s->version != DTLS1_VERSION) |
-+ { |
-+ /* Add TLS extension EllipticCurves to the ClientHello message */ |
-+ long lenmax; |
-+ |
-+ if ((lenmax = limit - ret - 6) < 0) return NULL; |
-+ if (s->tlsext_ellipticcurvelist_length > (unsigned long)lenmax) return NULL; |
-+ if (s->tlsext_ellipticcurvelist_length > 65532) |
-+ { |
-+ SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); |
-+ return NULL; |
-+ } |
-+ |
-+ s2n(TLSEXT_TYPE_elliptic_curves,ret); |
-+ s2n(s->tlsext_ellipticcurvelist_length + 2, ret); |
-+ |
-+ /* NB: draft-ietf-tls-ecc-12.txt uses a one-byte prefix for |
-+ * elliptic_curve_list, but the examples use two bytes. |
-+ * http://www1.ietf.org/mail-archive/web/tls/current/msg00538.html |
-+ * resolves this to two bytes. |
-+ */ |
-+ s2n(s->tlsext_ellipticcurvelist_length, ret); |
-+ memcpy(ret, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); |
-+ ret+=s->tlsext_ellipticcurvelist_length; |
-+ } |
-+#endif /* OPENSSL_NO_EC */ |
-+ |
- /* Add padding to workaround bugs in F5 terminators. |
- * See https://tools.ietf.org/html/draft-agl-tls-padding-02 */ |
- if (header_len > 0) |
-@@ -673,10 +676,14 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c |
- if (header_len > 0xff && header_len < 0x200) |
- { |
- size_t padding_len = 0x200 - header_len; |
-- if (padding_len >= 4) |
-+ /* Extensions take at least four bytes to encode. Always |
-+ * include least one byte of data if including the |
-+ * extension. WebSphere Application Server 7.0 is |
-+ * intolerant to the last extension being zero-length. */ |
-+ if (padding_len >= 4 + 1) |
- padding_len -= 4; |
- else |
-- padding_len = 0; |
-+ padding_len = 1; |
- if (limit - ret - 4 - (long)padding_len < 0) |
- return NULL; |
- |