Index: patches.chromium/0012-paddingext2.patch |
diff --git a/patches.chromium/0012-paddingext2.patch b/patches.chromium/0012-paddingext2.patch |
deleted file mode 100644 |
index cb7652abc20db75f4d6179ff2573b54dba2d3306..0000000000000000000000000000000000000000 |
--- a/patches.chromium/0012-paddingext2.patch |
+++ /dev/null |
@@ -1,137 +0,0 @@ |
-diff --git android-openssl.orig/ssl/d1_clnt.c android-openssl/ssl/d1_clnt.c |
-index 7e8077e..735e544 100644 |
---- android-openssl.orig/ssl/d1_clnt.c |
-+++ android-openssl/ssl/d1_clnt.c |
-@@ -874,7 +874,7 @@ int dtls1_client_hello(SSL *s) |
- *(p++)=0; /* Add the NULL method */ |
- |
- #ifndef OPENSSL_NO_TLSEXT |
-- if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) |
-+ if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, 0)) == NULL) |
- { |
- SSLerr(SSL_F_DTLS1_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); |
- goto err; |
-diff --git android-openssl.orig/ssl/s23_clnt.c android-openssl/ssl/s23_clnt.c |
-index 08ee86d..750d208 100644 |
---- android-openssl.orig/ssl/s23_clnt.c |
-+++ android-openssl/ssl/s23_clnt.c |
-@@ -467,9 +467,9 @@ static int ssl23_client_hello(SSL *s) |
- /* create Client Hello in SSL 3.0/TLS 1.0 format */ |
- |
- /* do the record header (5 bytes) and handshake message |
-- * header (4 bytes) last. Note: the code to add the |
-- * padding extension in t1_lib.c depends on the size of |
-- * this prefix. */ |
-+ * header (4 bytes) last. Note: the final argument to |
-+ * ssl_add_clienthello_tlsext below depends on the size |
-+ * of this prefix. */ |
- d = p = &(buf[9]); |
- |
- *(p++) = version_major; |
-@@ -526,7 +526,10 @@ static int ssl23_client_hello(SSL *s) |
- SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); |
- return -1; |
- } |
-- if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) |
-+ /* The buffer includes the 5 byte record header, so |
-+ * subtract it to compute hlen for |
-+ * ssl_add_clienthello_tlsext. */ |
-+ if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, p-buf-5)) == NULL) |
- { |
- SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); |
- return -1; |
-diff --git android-openssl.orig/ssl/s3_clnt.c android-openssl/ssl/s3_clnt.c |
-index d1b3224..640df80 100644 |
---- android-openssl.orig/ssl/s3_clnt.c |
-+++ android-openssl/ssl/s3_clnt.c |
-@@ -759,7 +759,7 @@ int ssl3_client_hello(SSL *s) |
- goto err; |
- |
- /* Do the message type and length last. |
-- * Note: the code to add the padding extension in t1_lib.c |
-+ * Note: the final argument to ssl_add_clienthello_tlsext below |
- * depends on the size of this prefix. */ |
- d=p= &(buf[4]); |
- |
-@@ -867,7 +867,7 @@ int ssl3_client_hello(SSL *s) |
- SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); |
- goto err; |
- } |
-- if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) |
-+ if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, p-buf)) == NULL) |
- { |
- SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); |
- goto err; |
-diff --git android-openssl.orig/ssl/ssl_locl.h android-openssl/ssl/ssl_locl.h |
-index 4e27d9e..531a291 100644 |
---- android-openssl.orig/ssl/ssl_locl.h |
-+++ android-openssl/ssl/ssl_locl.h |
-@@ -1127,7 +1127,7 @@ int tls1_ec_nid2curve_id(int nid); |
- #endif /* OPENSSL_NO_EC */ |
- |
- #ifndef OPENSSL_NO_TLSEXT |
--unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit); |
-+unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit, size_t header_len); |
- unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit); |
- int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al); |
- int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al); |
-diff --git android-openssl.orig/ssl/t1_lib.c android-openssl/ssl/t1_lib.c |
-index a53d56b..3fe6612 100644 |
---- android-openssl.orig/ssl/t1_lib.c |
-+++ android-openssl/ssl/t1_lib.c |
-@@ -341,7 +341,10 @@ int tls12_get_req_sig_algs(SSL *s, unsigned char *p) |
- return (int)slen; |
- } |
- |
--unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit) |
-+/* header_len is the length of the ClientHello header written so far, used to |
-+ * compute padding. It does not include the record header. Pass 0 if no padding |
-+ * is to be done. */ |
-+unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit, size_t header_len) |
- { |
- int extdatalen=0; |
- unsigned char *orig = buf; |
-@@ -664,27 +667,25 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c |
- |
- /* Add padding to workaround bugs in F5 terminators. |
- * See https://tools.ietf.org/html/draft-agl-tls-padding-02 */ |
-- { |
-- int hlen = ret - (unsigned char *)s->init_buf->data; |
-- /* The code in s23_clnt.c to build ClientHello messages includes the |
-- * 5-byte record header in the buffer, while the code in s3_clnt.c does |
-- * not. */ |
-- if (s->state == SSL23_ST_CW_CLNT_HELLO_A) |
-- hlen -= 5; |
-- if (hlen > 0xff && hlen < 0x200) |
-+ if (header_len > 0) |
- { |
-- hlen = 0x200 - hlen; |
-- if (hlen >= 4) |
-- hlen -= 4; |
-- else |
-- hlen = 0; |
-+ header_len += ret - orig; |
-+ if (header_len > 0xff && header_len < 0x200) |
-+ { |
-+ size_t padding_len = 0x200 - header_len; |
-+ if (padding_len >= 4) |
-+ padding_len -= 4; |
-+ else |
-+ padding_len = 0; |
-+ if (limit - ret - 4 - (long)padding_len < 0) |
-+ return NULL; |
- |
-- s2n(TLSEXT_TYPE_padding, ret); |
-- s2n(hlen, ret); |
-- memset(ret, 0, hlen); |
-- ret += hlen; |
-+ s2n(TLSEXT_TYPE_padding, ret); |
-+ s2n(padding_len, ret); |
-+ memset(ret, 0, padding_len); |
-+ ret += padding_len; |
-+ } |
- } |
-- } |
- |
- |
- if ((extdatalen = ret-orig-2)== 0) |