diff options
Diffstat (limited to 'chromium/third_party/openssl/patches.chromium/0012-paddingext2.patch')
-rw-r--r-- | chromium/third_party/openssl/patches.chromium/0012-paddingext2.patch | 137 |
1 files changed, 137 insertions, 0 deletions
diff --git a/chromium/third_party/openssl/patches.chromium/0012-paddingext2.patch b/chromium/third_party/openssl/patches.chromium/0012-paddingext2.patch new file mode 100644 index 00000000000..cb7652abc20 --- /dev/null +++ b/chromium/third_party/openssl/patches.chromium/0012-paddingext2.patch @@ -0,0 +1,137 @@ +diff --git android-openssl.orig/ssl/d1_clnt.c android-openssl/ssl/d1_clnt.c +index 7e8077e..735e544 100644 +--- android-openssl.orig/ssl/d1_clnt.c ++++ android-openssl/ssl/d1_clnt.c +@@ -874,7 +874,7 @@ int dtls1_client_hello(SSL *s) + *(p++)=0; /* Add the NULL method */ + + #ifndef OPENSSL_NO_TLSEXT +- if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) ++ if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, 0)) == NULL) + { + SSLerr(SSL_F_DTLS1_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); + goto err; +diff --git android-openssl.orig/ssl/s23_clnt.c android-openssl/ssl/s23_clnt.c +index 08ee86d..750d208 100644 +--- android-openssl.orig/ssl/s23_clnt.c ++++ android-openssl/ssl/s23_clnt.c +@@ -467,9 +467,9 @@ static int ssl23_client_hello(SSL *s) + /* create Client Hello in SSL 3.0/TLS 1.0 format */ + + /* do the record header (5 bytes) and handshake message +- * header (4 bytes) last. Note: the code to add the +- * padding extension in t1_lib.c depends on the size of +- * this prefix. */ ++ * header (4 bytes) last. Note: the final argument to ++ * ssl_add_clienthello_tlsext below depends on the size ++ * of this prefix. */ + d = p = &(buf[9]); + + *(p++) = version_major; +@@ -526,7 +526,10 @@ static int ssl23_client_hello(SSL *s) + SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); + return -1; + } +- if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) ++ /* The buffer includes the 5 byte record header, so ++ * subtract it to compute hlen for ++ * ssl_add_clienthello_tlsext. */ ++ if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, p-buf-5)) == NULL) + { + SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); + return -1; +diff --git android-openssl.orig/ssl/s3_clnt.c android-openssl/ssl/s3_clnt.c +index d1b3224..640df80 100644 +--- android-openssl.orig/ssl/s3_clnt.c ++++ android-openssl/ssl/s3_clnt.c +@@ -759,7 +759,7 @@ int ssl3_client_hello(SSL *s) + goto err; + + /* Do the message type and length last. +- * Note: the code to add the padding extension in t1_lib.c ++ * Note: the final argument to ssl_add_clienthello_tlsext below + * depends on the size of this prefix. */ + d=p= &(buf[4]); + +@@ -867,7 +867,7 @@ int ssl3_client_hello(SSL *s) + SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); + goto err; + } +- if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) ++ if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, p-buf)) == NULL) + { + SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); + goto err; +diff --git android-openssl.orig/ssl/ssl_locl.h android-openssl/ssl/ssl_locl.h +index 4e27d9e..531a291 100644 +--- android-openssl.orig/ssl/ssl_locl.h ++++ android-openssl/ssl/ssl_locl.h +@@ -1127,7 +1127,7 @@ int tls1_ec_nid2curve_id(int nid); + #endif /* OPENSSL_NO_EC */ + + #ifndef OPENSSL_NO_TLSEXT +-unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit); ++unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit, size_t header_len); + unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit); + int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al); + int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al); +diff --git android-openssl.orig/ssl/t1_lib.c android-openssl/ssl/t1_lib.c +index a53d56b..3fe6612 100644 +--- android-openssl.orig/ssl/t1_lib.c ++++ android-openssl/ssl/t1_lib.c +@@ -341,7 +341,10 @@ int tls12_get_req_sig_algs(SSL *s, unsigned char *p) + return (int)slen; + } + +-unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit) ++/* header_len is the length of the ClientHello header written so far, used to ++ * compute padding. It does not include the record header. Pass 0 if no padding ++ * is to be done. */ ++unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit, size_t header_len) + { + int extdatalen=0; + unsigned char *orig = buf; +@@ -664,27 +667,25 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c + + /* Add padding to workaround bugs in F5 terminators. + * See https://tools.ietf.org/html/draft-agl-tls-padding-02 */ +- { +- int hlen = ret - (unsigned char *)s->init_buf->data; +- /* The code in s23_clnt.c to build ClientHello messages includes the +- * 5-byte record header in the buffer, while the code in s3_clnt.c does +- * not. */ +- if (s->state == SSL23_ST_CW_CLNT_HELLO_A) +- hlen -= 5; +- if (hlen > 0xff && hlen < 0x200) ++ if (header_len > 0) + { +- hlen = 0x200 - hlen; +- if (hlen >= 4) +- hlen -= 4; +- else +- hlen = 0; ++ header_len += ret - orig; ++ if (header_len > 0xff && header_len < 0x200) ++ { ++ size_t padding_len = 0x200 - header_len; ++ if (padding_len >= 4) ++ padding_len -= 4; ++ else ++ padding_len = 0; ++ if (limit - ret - 4 - (long)padding_len < 0) ++ return NULL; + +- s2n(TLSEXT_TYPE_padding, ret); +- s2n(hlen, ret); +- memset(ret, 0, hlen); +- ret += hlen; ++ s2n(TLSEXT_TYPE_padding, ret); ++ s2n(padding_len, ret); ++ memset(ret, 0, padding_len); ++ ret += padding_len; ++ } + } +- } + + + if ((extdatalen = ret-orig-2)== 0) |