Move signature_algorithm extension to the end in NSS.

WebSphere Application Server 7.0 appears to be intolerant of an
empty extension at the end. To that end, also ensure we never
send an empty padding extension.

BUG=363583

Review URL: https://codereview.chromium.org/240633006

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@267396 0039d316-1c4b-4281-b951-d872f2087c98

4 files changed, 51 insertions, 5 deletions

diff --git a/net/third_party/nss/README.chromium b/net/third_party/nss/README.chromium
index a43f818..e9b7ee8 100644
--- a/net/third_party/nss/README.chromium
+++ b/net/third_party/nss/README.chromium
@@ -100,6 +100,11 @@ Patches:
     patches/paddingextvalue.patch
     https://bugzilla.mozilla.org/show_bug.cgi?id=994883
 
+  * Move the signature_algorithms extension to the end of the extension list.
+    This works around a bug in WebSphere Application Server 7.0 which is
+    intolerant to the final extension having zero length.
+    patches/reorderextensions.patch
+
 Apply the patches to NSS by running the patches/applypatches.sh script.  Read
 the comments at the top of patches/applypatches.sh for instructions.
 
diff --git a/net/third_party/nss/patches/applypatches.sh b/net/third_party/nss/patches/applypatches.sh
index c3daef0..b5f9d30 100755
--- a/net/third_party/nss/patches/applypatches.sh
+++ b/net/third_party/nss/patches/applypatches.sh
@@ -48,3 +48,5 @@ patch -p4 < $patches_dir/sessioncache.patch
 patch -p4 < $patches_dir/nssrwlock.patch
 
 patch -p4 < $patches_dir/paddingextvalue.patch
+
+patch -p4 < $patches_dir/reorderextensions.patch
diff --git a/net/third_party/nss/patches/reorderextensions.patch b/net/third_party/nss/patches/reorderextensions.patch
new file mode 100644
index 0000000..3572fb1
--- /dev/null
+++ b/net/third_party/nss/patches/reorderextensions.patch
@@ -0,0 +1,34 @@
+diff --git a/nss/lib/ssl/ssl3ext.c b/nss/lib/ssl/ssl3ext.c
+index 6f3fe2f..523e49a 100644
+--- a/nss/lib/ssl/ssl3ext.c
++++ b/nss/lib/ssl/ssl3ext.c
+@@ -295,9 +295,12 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
+     { ssl_use_srtp_xtn,           &ssl3_SendUseSRTPXtn },
+     { ssl_channel_id_xtn,         &ssl3_ClientSendChannelIDXtn },
+     { ssl_cert_status_xtn,        &ssl3_ClientSendStatusRequestXtn },
+-    { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
+     { ssl_signed_certificate_timestamp_xtn,
+-      &ssl3_ClientSendSignedCertTimestampXtn }
++      &ssl3_ClientSendSignedCertTimestampXtn },
++    /* WebSphere Application Server 7.0 is intolerant to the last extension
++     * being zero-length. It is not intolerant of TLS 1.2, so move
++     * signature_algorithms to the end. */
++    { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }
+     /* any extra entries will appear as { 0, NULL }    */
+ };
+ 
+@@ -2347,9 +2350,11 @@ ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength)
+     }
+ 
+     extensionLength = 512 - recordLength;
+-    /* Extensions take at least four bytes to encode. */
+-    if (extensionLength < 4) {
+-	extensionLength = 4;
++    /* Extensions take at least four bytes to encode. Always include at least
++     * one byte of data if including the extension. WebSphere Application Server
++     * 7.0 is intolerant to the last extension being zero-length. */
++    if (extensionLength < 4 + 1) {
++	extensionLength = 4 + 1;
+     }
+ 
+     return extensionLength;
diff --git a/net/third_party/nss/ssl/ssl3ext.c b/net/third_party/nss/ssl/ssl3ext.c
index 6f3fe2f..523e49a 100644
--- a/net/third_party/nss/ssl/ssl3ext.c
+++ b/net/third_party/nss/ssl/ssl3ext.c
@@ -295,9 +295,12 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
     { ssl_use_srtp_xtn,           &ssl3_SendUseSRTPXtn },
     { ssl_channel_id_xtn,         &ssl3_ClientSendChannelIDXtn },
     { ssl_cert_status_xtn,        &ssl3_ClientSendStatusRequestXtn },
-    { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
     { ssl_signed_certificate_timestamp_xtn,
-      &ssl3_ClientSendSignedCertTimestampXtn }
+      &ssl3_ClientSendSignedCertTimestampXtn },
+    /* WebSphere Application Server 7.0 is intolerant to the last extension
+     * being zero-length. It is not intolerant of TLS 1.2, so move
+     * signature_algorithms to the end. */
+    { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }
     /* any extra entries will appear as { 0, NULL }    */
 };
 
@@ -2347,9 +2350,11 @@ ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength)
     }
 
     extensionLength = 512 - recordLength;
-    /* Extensions take at least four bytes to encode. */
-    if (extensionLength < 4) {
-	extensionLength = 4;
+    /* Extensions take at least four bytes to encode. Always include at least
+     * one byte of data if including the extension. WebSphere Application Server
+     * 7.0 is intolerant to the last extension being zero-length. */
+    if (extensionLength < 4 + 1) {
+	extensionLength = 4 + 1;
     }
 
     return extensionLength;