net: don't always add TLS padding.

In order to flush out any problems with padding, Chrome has always been
adding it, even when the ClientHello was small enough not to need it.

Since that change is in Chrome 33 (and the Chrome 34 branch), it's time
to remove it.

BUG=315828

Review URL: https://codereview.chromium.org/171713011

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@252421 0039d316-1c4b-4281-b951-d872f2087c98

4 files changed, 2 insertions, 36 deletions

diff --git a/net/third_party/nss/README.chromium b/net/third_party/nss/README.chromium
index 366da1b..3d06388 100644
--- a/net/third_party/nss/README.chromium
+++ b/net/third_party/nss/README.chromium
@@ -75,9 +75,6 @@ Patches:
     patches/cachelocks.patch
     https://bugzilla.mozilla.org/show_bug.cgi?id=764646
 
-  * Always add an extension to a ClientHello to make it 512 bytes.
-    patches/paddingextensionall.patch
-
   * Support the Certificate Transparency (RFC 6962) TLS extension
     signed_certificate_timestamp (client only).
     patches/signedcertificatetimestamps.patch
diff --git a/net/third_party/nss/patches/applypatches.sh b/net/third_party/nss/patches/applypatches.sh
index 448eaac..abc3c57 100755
--- a/net/third_party/nss/patches/applypatches.sh
+++ b/net/third_party/nss/patches/applypatches.sh
@@ -37,8 +37,6 @@ patch -p4 < $patches_dir/chacha20poly1305.patch
 
 patch -p4 < $patches_dir/cachelocks.patch
 
-patch -p4 < $patches_dir/paddingextensionall.patch
-
 patch -p4 < $patches_dir/signedcertificatetimestamps.patch
 
 patch -p4 < $patches_dir/cipherorder.patch
diff --git a/net/third_party/nss/patches/paddingextensionall.patch b/net/third_party/nss/patches/paddingextensionall.patch
deleted file mode 100644
index c292664..0000000
--- a/net/third_party/nss/patches/paddingextensionall.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-diff -pu a/nss/lib/ssl/ssl3ext.c b/nss/lib/ssl/ssl3ext.c
---- a/nss/lib/ssl/ssl3ext.c	2014-01-17 17:59:03.242109996 -0800
-+++ b/nss/lib/ssl/ssl3ext.c	2014-01-17 18:17:39.630620563 -0800
-@@ -2332,7 +2332,11 @@ ssl3_CalculatePaddingExtensionLength(uns
- 				clientHelloLength;
-     unsigned int extensionLength;
- 
--    if (recordLength < 256 || recordLength >= 512) {
-+    /* This condition should be:
-+     *   if (recordLength < 256 || recordLength >= 512) {
-+     * It has been changed, temporarily, to test whether 512 byte ClientHellos
-+     * are a compatibility problem. */
-+    if (recordLength >= 512) {
- 	return 0;
-     }
- 
-@@ -2353,7 +2357,7 @@ ssl3_AppendPaddingExtension(sslSocket *s
- 			    PRUint32 maxBytes)
- {
-     unsigned int paddingLen = extensionLen - 4;
--    static unsigned char padding[256];
-+    static unsigned char padding[512];
- 
-     if (extensionLen == 0) {
- 	return 0;
diff --git a/net/third_party/nss/ssl/ssl3ext.c b/net/third_party/nss/ssl/ssl3ext.c
index 6827ee7..6f3fe2f 100644
--- a/net/third_party/nss/ssl/ssl3ext.c
+++ b/net/third_party/nss/ssl/ssl3ext.c
@@ -2342,11 +2342,7 @@ ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength)
 				clientHelloLength;
     unsigned int extensionLength;
 
-    /* This condition should be:
-     *   if (recordLength < 256 || recordLength >= 512) {
-     * It has been changed, temporarily, to test whether 512 byte ClientHellos
-     * are a compatibility problem. */
-    if (recordLength >= 512) {
+    if (recordLength < 256 || recordLength >= 512) {
 	return 0;
     }
 
@@ -2367,7 +2363,7 @@ ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen,
 			    PRUint32 maxBytes)
 {
     unsigned int paddingLen = extensionLen - 4;
-    static unsigned char padding[512];
+    static unsigned char padding[256];
 
     if (extensionLen == 0) {
 	return 0;