net: add padding extension to all handshakes.

This, temporary, change adds the padding extension to all handshakes to check
whether we encounter any servers with problems.

BUG=315828

Review URL: https://codereview.chromium.org/62443004

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@234850 0039d316-1c4b-4281-b951-d872f2087c98

4 files changed, 35 insertions, 2 deletions

diff --git a/net/third_party/nss/README.chromium b/net/third_party/nss/README.chromium
index 98f209f..ab2d0b03 100644
--- a/net/third_party/nss/README.chromium
+++ b/net/third_party/nss/README.chromium
@@ -143,6 +143,7 @@ Patches:
     add an extension to make it 512 bytes. This works around a bug in F5
     terminators.
     patches/paddingextension.patch
+    patches/paddingextensionall.patch
 
 Apply the patches to NSS by running the patches/applypatches.sh script.  Read
 the comments at the top of patches/applypatches.sh for instructions.
diff --git a/net/third_party/nss/patches/applypatches.sh b/net/third_party/nss/patches/applypatches.sh
index f19776e..5bdc670 100755
--- a/net/third_party/nss/patches/applypatches.sh
+++ b/net/third_party/nss/patches/applypatches.sh
@@ -67,3 +67,5 @@ patch -p4 < $patches_dir/canfalsestart.patch
 patch -p4 < $patches_dir/nullcipher_934016.patch
 
 patch -p4 < $patches_dir/paddingextension.patch
+
+patch -p4 < $patches_dir/paddingextensionall.patch
diff --git a/net/third_party/nss/patches/paddingextensionall.patch b/net/third_party/nss/patches/paddingextensionall.patch
new file mode 100644
index 0000000..f226aac
--- /dev/null
+++ b/net/third_party/nss/patches/paddingextensionall.patch
@@ -0,0 +1,26 @@
+diff --git a/nss/lib/ssl/ssl3ext.c b/nss/lib/ssl/ssl3ext.c
+index cdebcc9..03cf05c 100644
+--- a/nss/lib/ssl/ssl3ext.c
++++ b/nss/lib/ssl/ssl3ext.c
+@@ -2306,7 +2306,11 @@ ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength)
+ 				clientHelloLength;
+     unsigned int extensionLength;
+ 
+-    if (recordLength < 256 || recordLength >= 512) {
++    /* This condition should be:
++     *   if (recordLength < 256 || recordLength >= 512) {
++     * It has been changed, temporarily, to test whether 512 byte ClientHellos
++     * are a compatibility problem. */
++    if (recordLength >= 512) {
+ 	return 0;
+     }
+ 
+@@ -2327,7 +2331,7 @@ ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen,
+ 			    PRUint32 maxBytes)
+ {
+     unsigned int paddingLen = extensionLen - 4;
+-    unsigned char padding[256];
++    unsigned char padding[512];
+ 
+     if (extensionLen == 0) {
+ 	return 0;
diff --git a/net/third_party/nss/ssl/ssl3ext.c b/net/third_party/nss/ssl/ssl3ext.c
index cdebcc9..03cf05c 100644
--- a/net/third_party/nss/ssl/ssl3ext.c
+++ b/net/third_party/nss/ssl/ssl3ext.c
@@ -2306,7 +2306,11 @@ ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength)
 				clientHelloLength;
     unsigned int extensionLength;
 
-    if (recordLength < 256 || recordLength >= 512) {
+    /* This condition should be:
+     *   if (recordLength < 256 || recordLength >= 512) {
+     * It has been changed, temporarily, to test whether 512 byte ClientHellos
+     * are a compatibility problem. */
+    if (recordLength >= 512) {
 	return 0;
     }
 
@@ -2327,7 +2331,7 @@ ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen,
 			    PRUint32 maxBytes)
 {
     unsigned int paddingLen = extensionLen - 4;
-    unsigned char padding[256];
+    unsigned char padding[512];
 
     if (extensionLen == 0) {
 	return 0;