| Index: net/third_party/nss/patches/paddingextension.patch
|
| diff --git a/net/third_party/nss/patches/paddingextension.patch b/net/third_party/nss/patches/paddingextension.patch
|
| index 8ea388cfc5ce365114e1ea3dcf5fe841c085bba3..bbf57d743a4908c1f6cfd01506bd1d287bcb4d60 100644
|
| --- a/net/third_party/nss/patches/paddingextension.patch
|
| +++ b/net/third_party/nss/patches/paddingextension.patch
|
| @@ -1,5 +1,5 @@
|
| diff --git a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
|
| -index 8b8b758..567d481 100644
|
| +index 8b8b758..882e356 100644
|
| --- a/nss/lib/ssl/ssl3con.c
|
| +++ b/nss/lib/ssl/ssl3con.c
|
| @@ -4975,6 +4975,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
|
| @@ -20,7 +20,7 @@ index 8b8b758..567d481 100644
|
| + * in F5 devices.
|
| + *
|
| + * This is not done for DTLS nor for renegotiation. */
|
| -+ if (!IS_DTLS(ss) && !ss->firstHsDone) {
|
| ++ if (!IS_DTLS(ss) && isTLS && !ss->firstHsDone) {
|
| + paddingExtensionLen = ssl3_CalculatePaddingExtensionLength(length);
|
| + total_exten_len += paddingExtensionLen;
|
| + length += paddingExtensionLen;
|
| @@ -46,7 +46,7 @@ index 8b8b758..567d481 100644
|
| }
|
| if (ss->ssl3.hs.sendingSCSV) {
|
| diff --git a/nss/lib/ssl/ssl3ext.c b/nss/lib/ssl/ssl3ext.c
|
| -index 0415770..8be042e 100644
|
| +index 0415770..cdebcc9 100644
|
| --- a/nss/lib/ssl/ssl3ext.c
|
| +++ b/nss/lib/ssl/ssl3ext.c
|
| @@ -2297,3 +2297,56 @@ ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
|
| @@ -78,7 +78,7 @@ index 0415770..8be042e 100644
|
| +/* ssl3_AppendPaddingExtension possibly adds an extension which ensures that a
|
| + * ClientHello record is either < 256 bytes or is >= 512 bytes. This ensures
|
| + * that we don't trigger bugs in F5 products. */
|
| -+unsigned int
|
| ++PRInt32
|
| +ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen,
|
| + PRUint32 maxBytes)
|
| +{
|
| @@ -93,7 +93,7 @@ index 0415770..8be042e 100644
|
| + extensionLen > maxBytes ||
|
| + paddingLen > sizeof(padding)) {
|
| + PORT_Assert(0);
|
| -+ return 0;
|
| ++ return -1;
|
| + }
|
| +
|
| + if (SECSuccess != ssl3_AppendHandshakeNumber(ss, ssl_padding_xtn, 2))
|
| @@ -107,7 +107,7 @@ index 0415770..8be042e 100644
|
| + return extensionLen;
|
| +}
|
| diff --git a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
|
| -index 614eed1..621f25e 100644
|
| +index 614eed1..9c789bf 100644
|
| --- a/nss/lib/ssl/sslimpl.h
|
| +++ b/nss/lib/ssl/sslimpl.h
|
| @@ -237,6 +237,13 @@ extern PRInt32
|
| @@ -117,7 +117,7 @@ index 614eed1..621f25e 100644
|
| +extern unsigned int
|
| +ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength);
|
| +
|
| -+extern unsigned int
|
| ++extern PRInt32
|
| +ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen,
|
| + PRUint32 maxBytes);
|
| +
|
|
|
Chromium Code Reviews
Issue 66553007:
net: don't add padding extension for SSLv3. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src