1 files changed, 137 insertions, 0 deletions

diff --git a/chromium/third_party/openssl/patches.chromium/0012-paddingext2.patch b/chromium/third_party/openssl/patches.chromium/0012-paddingext2.patch
new file mode 100644
index 00000000000..cb7652abc20
--- /dev/null
+++ b/chromium/third_party/openssl/patches.chromium/0012-paddingext2.patch
@@ -0,0 +1,137 @@
+diff --git android-openssl.orig/ssl/d1_clnt.c android-openssl/ssl/d1_clnt.c
+index 7e8077e..735e544 100644
+--- android-openssl.orig/ssl/d1_clnt.c
++++ android-openssl/ssl/d1_clnt.c
+@@ -874,7 +874,7 @@ int dtls1_client_hello(SSL *s)
+ 		*(p++)=0; /* Add the NULL method */
+ 
+ #ifndef OPENSSL_NO_TLSEXT
+-		if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
++		if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, 0)) == NULL)
+ 			{
+ 			SSLerr(SSL_F_DTLS1_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
+ 			goto err;
+diff --git android-openssl.orig/ssl/s23_clnt.c android-openssl/ssl/s23_clnt.c
+index 08ee86d..750d208 100644
+--- android-openssl.orig/ssl/s23_clnt.c
++++ android-openssl/ssl/s23_clnt.c
+@@ -467,9 +467,9 @@ static int ssl23_client_hello(SSL *s)
+ 			/* create Client Hello in SSL 3.0/TLS 1.0 format */
+ 
+ 			/* do the record header (5 bytes) and handshake message
+-			 * header (4 bytes) last. Note: the code to add the
+-			 * padding extension in t1_lib.c depends on the size of
+-			 * this prefix. */
++			 * header (4 bytes) last. Note: the final argument to
++			 * ssl_add_clienthello_tlsext below depends on the size
++			 * of this prefix. */
+ 			d = p = &(buf[9]);
+ 			
+ 			*(p++) = version_major;
+@@ -526,7 +526,10 @@ static int ssl23_client_hello(SSL *s)
+ 				SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
+ 				return -1;
+ 				}
+-			if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
++			/* The buffer includes the 5 byte record header, so
++			 * subtract it to compute hlen for
++			 * ssl_add_clienthello_tlsext. */
++			if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, p-buf-5)) == NULL)
+ 				{
+ 				SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
+ 				return -1;
+diff --git android-openssl.orig/ssl/s3_clnt.c android-openssl/ssl/s3_clnt.c
+index d1b3224..640df80 100644
+--- android-openssl.orig/ssl/s3_clnt.c
++++ android-openssl/ssl/s3_clnt.c
+@@ -759,7 +759,7 @@ int ssl3_client_hello(SSL *s)
+ 			goto err;
+ 
+ 		/* Do the message type and length last.
+-		 * Note: the code to add the padding extension in t1_lib.c
++		 * Note: the final argument to ssl_add_clienthello_tlsext below
+ 		 * depends on the size of this prefix. */
+ 		d=p= &(buf[4]);
+ 
+@@ -867,7 +867,7 @@ int ssl3_client_hello(SSL *s)
+ 			SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
+ 			goto err;
+ 			}
+-		if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
++		if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, p-buf)) == NULL)
+ 			{
+ 			SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
+ 			goto err;
+diff --git android-openssl.orig/ssl/ssl_locl.h android-openssl/ssl/ssl_locl.h
+index 4e27d9e..531a291 100644
+--- android-openssl.orig/ssl/ssl_locl.h
++++ android-openssl/ssl/ssl_locl.h
+@@ -1127,7 +1127,7 @@ int tls1_ec_nid2curve_id(int nid);
+ #endif /* OPENSSL_NO_EC */
+ 
+ #ifndef OPENSSL_NO_TLSEXT
+-unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit); 
++unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit, size_t header_len);
+ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit); 
+ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
+ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
+diff --git android-openssl.orig/ssl/t1_lib.c android-openssl/ssl/t1_lib.c
+index a53d56b..3fe6612 100644
+--- android-openssl.orig/ssl/t1_lib.c
++++ android-openssl/ssl/t1_lib.c
+@@ -341,7 +341,10 @@ int tls12_get_req_sig_algs(SSL *s, unsigned char *p)
+ 	return (int)slen;
+ 	}
+ 
+-unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit)
++/* header_len is the length of the ClientHello header written so far, used to
++ * compute padding. It does not include the record header. Pass 0 if no padding
++ * is to be done. */
++unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit, size_t header_len)
+ 	{
+ 	int extdatalen=0;
+ 	unsigned char *orig = buf;
+@@ -664,27 +667,25 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
+ 
+ 	/* Add padding to workaround bugs in F5 terminators.
+ 	 * See https://tools.ietf.org/html/draft-agl-tls-padding-02 */
+-	{
+-	int hlen = ret - (unsigned char *)s->init_buf->data;
+-	/* The code in s23_clnt.c to build ClientHello messages includes the
+-	 * 5-byte record header in the buffer, while the code in s3_clnt.c does
+-	 * not. */
+-	if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
+-		hlen -= 5;
+-	if (hlen > 0xff && hlen < 0x200)
++	if (header_len > 0)
+ 		{
+-		hlen = 0x200 - hlen;
+-		if (hlen >= 4)
+-			hlen -= 4;
+-		else
+-			hlen = 0;
++		header_len += ret - orig;
++		if (header_len > 0xff && header_len < 0x200)
++			{
++			size_t padding_len = 0x200 - header_len;
++			if (padding_len >= 4)
++				padding_len -= 4;
++			else
++				padding_len = 0;
++			if (limit - ret - 4 - (long)padding_len < 0)
++				return NULL;
+ 
+-		s2n(TLSEXT_TYPE_padding, ret);
+-		s2n(hlen, ret);
+-		memset(ret, 0, hlen);
+-		ret += hlen;
++			s2n(TLSEXT_TYPE_padding, ret);
++			s2n(padding_len, ret);
++			memset(ret, 0, padding_len);
++			ret += padding_len;
++			}
+ 		}
+-	}
+ 
+ 
+ 	if ((extdatalen = ret-orig-2)== 0)