| Index: patches.chromium/0013-reorder_extensions.patch
|
| diff --git a/patches.chromium/0013-reorder_extensions.patch b/patches.chromium/0013-reorder_extensions.patch
|
| deleted file mode 100644
|
| index 11bb6a01c5a341eb70b8b0ffbcb8ad829ed7f4f3..0000000000000000000000000000000000000000
|
| --- a/patches.chromium/0013-reorder_extensions.patch
|
| +++ /dev/null
|
| @@ -1,136 +0,0 @@
|
| -diff --git android-openssl.orig/ssl/t1_lib.c android-openssl/ssl/t1_lib.c
|
| -index 3fe6612..ea7fefa 100644
|
| ---- android-openssl.orig/ssl/t1_lib.c
|
| -+++ android-openssl/ssl/t1_lib.c
|
| -@@ -444,55 +444,6 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
|
| - }
|
| - #endif
|
| -
|
| --#ifndef OPENSSL_NO_EC
|
| -- if (s->tlsext_ecpointformatlist != NULL &&
|
| -- s->version != DTLS1_VERSION)
|
| -- {
|
| -- /* Add TLS extension ECPointFormats to the ClientHello message */
|
| -- long lenmax;
|
| --
|
| -- if ((lenmax = limit - ret - 5) < 0) return NULL;
|
| -- if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) return NULL;
|
| -- if (s->tlsext_ecpointformatlist_length > 255)
|
| -- {
|
| -- SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
|
| -- return NULL;
|
| -- }
|
| --
|
| -- s2n(TLSEXT_TYPE_ec_point_formats,ret);
|
| -- s2n(s->tlsext_ecpointformatlist_length + 1,ret);
|
| -- *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length;
|
| -- memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length);
|
| -- ret+=s->tlsext_ecpointformatlist_length;
|
| -- }
|
| -- if (s->tlsext_ellipticcurvelist != NULL &&
|
| -- s->version != DTLS1_VERSION)
|
| -- {
|
| -- /* Add TLS extension EllipticCurves to the ClientHello message */
|
| -- long lenmax;
|
| --
|
| -- if ((lenmax = limit - ret - 6) < 0) return NULL;
|
| -- if (s->tlsext_ellipticcurvelist_length > (unsigned long)lenmax) return NULL;
|
| -- if (s->tlsext_ellipticcurvelist_length > 65532)
|
| -- {
|
| -- SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
|
| -- return NULL;
|
| -- }
|
| --
|
| -- s2n(TLSEXT_TYPE_elliptic_curves,ret);
|
| -- s2n(s->tlsext_ellipticcurvelist_length + 2, ret);
|
| --
|
| -- /* NB: draft-ietf-tls-ecc-12.txt uses a one-byte prefix for
|
| -- * elliptic_curve_list, but the examples use two bytes.
|
| -- * http://www1.ietf.org/mail-archive/web/tls/current/msg00538.html
|
| -- * resolves this to two bytes.
|
| -- */
|
| -- s2n(s->tlsext_ellipticcurvelist_length, ret);
|
| -- memcpy(ret, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length);
|
| -- ret+=s->tlsext_ellipticcurvelist_length;
|
| -- }
|
| --#endif /* OPENSSL_NO_EC */
|
| --
|
| - if (!(SSL_get_options(s) & SSL_OP_NO_TICKET))
|
| - {
|
| - int ticklen;
|
| -@@ -665,6 +616,58 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
|
| - }
|
| - #endif
|
| -
|
| -+#ifndef OPENSSL_NO_EC
|
| -+ /* WebSphere Application Server 7.0 is intolerant to the last extension
|
| -+ * being zero-length. ECC extensions are non-empty and not dropped until
|
| -+ * fallback to SSL3, at which point all extensions are gone. */
|
| -+ if (s->tlsext_ecpointformatlist != NULL &&
|
| -+ s->version != DTLS1_VERSION)
|
| -+ {
|
| -+ /* Add TLS extension ECPointFormats to the ClientHello message */
|
| -+ long lenmax;
|
| -+
|
| -+ if ((lenmax = limit - ret - 5) < 0) return NULL;
|
| -+ if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) return NULL;
|
| -+ if (s->tlsext_ecpointformatlist_length > 255)
|
| -+ {
|
| -+ SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
|
| -+ return NULL;
|
| -+ }
|
| -+
|
| -+ s2n(TLSEXT_TYPE_ec_point_formats,ret);
|
| -+ s2n(s->tlsext_ecpointformatlist_length + 1,ret);
|
| -+ *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length;
|
| -+ memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length);
|
| -+ ret+=s->tlsext_ecpointformatlist_length;
|
| -+ }
|
| -+ if (s->tlsext_ellipticcurvelist != NULL &&
|
| -+ s->version != DTLS1_VERSION)
|
| -+ {
|
| -+ /* Add TLS extension EllipticCurves to the ClientHello message */
|
| -+ long lenmax;
|
| -+
|
| -+ if ((lenmax = limit - ret - 6) < 0) return NULL;
|
| -+ if (s->tlsext_ellipticcurvelist_length > (unsigned long)lenmax) return NULL;
|
| -+ if (s->tlsext_ellipticcurvelist_length > 65532)
|
| -+ {
|
| -+ SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
|
| -+ return NULL;
|
| -+ }
|
| -+
|
| -+ s2n(TLSEXT_TYPE_elliptic_curves,ret);
|
| -+ s2n(s->tlsext_ellipticcurvelist_length + 2, ret);
|
| -+
|
| -+ /* NB: draft-ietf-tls-ecc-12.txt uses a one-byte prefix for
|
| -+ * elliptic_curve_list, but the examples use two bytes.
|
| -+ * http://www1.ietf.org/mail-archive/web/tls/current/msg00538.html
|
| -+ * resolves this to two bytes.
|
| -+ */
|
| -+ s2n(s->tlsext_ellipticcurvelist_length, ret);
|
| -+ memcpy(ret, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length);
|
| -+ ret+=s->tlsext_ellipticcurvelist_length;
|
| -+ }
|
| -+#endif /* OPENSSL_NO_EC */
|
| -+
|
| - /* Add padding to workaround bugs in F5 terminators.
|
| - * See https://tools.ietf.org/html/draft-agl-tls-padding-02 */
|
| - if (header_len > 0)
|
| -@@ -673,10 +676,14 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
|
| - if (header_len > 0xff && header_len < 0x200)
|
| - {
|
| - size_t padding_len = 0x200 - header_len;
|
| -- if (padding_len >= 4)
|
| -+ /* Extensions take at least four bytes to encode. Always
|
| -+ * include least one byte of data if including the
|
| -+ * extension. WebSphere Application Server 7.0 is
|
| -+ * intolerant to the last extension being zero-length. */
|
| -+ if (padding_len >= 4 + 1)
|
| - padding_len -= 4;
|
| - else
|
| -- padding_len = 0;
|
| -+ padding_len = 1;
|
| - if (limit - ret - 4 - (long)padding_len < 0)
|
| - return NULL;
|
| -
|
|
|
Chromium Code Reviews
Issue 2072073002:
Delete bundled copy of OpenSSL and replace with README. (Closed)
Base URL: https://chromium.googlesource.com/chromium/deps/openssl@master