1diff --git android-openssl.orig/ssl/t1_lib.c android-openssl/ssl/t1_lib.c 2index 3fe6612..ea7fefa 100644 3--- android-openssl.orig/ssl/t1_lib.c 4+++ android-openssl/ssl/t1_lib.c 5@@ -444,55 +444,6 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c 6 } 7 #endif 8 9-#ifndef OPENSSL_NO_EC 10- if (s->tlsext_ecpointformatlist != NULL && 11- s->version != DTLS1_VERSION) 12- { 13- /* Add TLS extension ECPointFormats to the ClientHello message */ 14- long lenmax; 15- 16- if ((lenmax = limit - ret - 5) < 0) return NULL; 17- if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) return NULL; 18- if (s->tlsext_ecpointformatlist_length > 255) 19- { 20- SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); 21- return NULL; 22- } 23- 24- s2n(TLSEXT_TYPE_ec_point_formats,ret); 25- s2n(s->tlsext_ecpointformatlist_length + 1,ret); 26- *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length; 27- memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); 28- ret+=s->tlsext_ecpointformatlist_length; 29- } 30- if (s->tlsext_ellipticcurvelist != NULL && 31- s->version != DTLS1_VERSION) 32- { 33- /* Add TLS extension EllipticCurves to the ClientHello message */ 34- long lenmax; 35- 36- if ((lenmax = limit - ret - 6) < 0) return NULL; 37- if (s->tlsext_ellipticcurvelist_length > (unsigned long)lenmax) return NULL; 38- if (s->tlsext_ellipticcurvelist_length > 65532) 39- { 40- SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); 41- return NULL; 42- } 43- 44- s2n(TLSEXT_TYPE_elliptic_curves,ret); 45- s2n(s->tlsext_ellipticcurvelist_length + 2, ret); 46- 47- /* NB: draft-ietf-tls-ecc-12.txt uses a one-byte prefix for 48- * elliptic_curve_list, but the examples use two bytes. 49- * http://www1.ietf.org/mail-archive/web/tls/current/msg00538.html 50- * resolves this to two bytes. 51- */ 52- s2n(s->tlsext_ellipticcurvelist_length, ret); 53- memcpy(ret, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); 54- ret+=s->tlsext_ellipticcurvelist_length; 55- } 56-#endif /* OPENSSL_NO_EC */ 57- 58 if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) 59 { 60 int ticklen; 61@@ -665,6 +616,58 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c 62 } 63 #endif 64 65+#ifndef OPENSSL_NO_EC 66+ /* WebSphere Application Server 7.0 is intolerant to the last extension 67+ * being zero-length. ECC extensions are non-empty and not dropped until 68+ * fallback to SSL3, at which point all extensions are gone. */ 69+ if (s->tlsext_ecpointformatlist != NULL && 70+ s->version != DTLS1_VERSION) 71+ { 72+ /* Add TLS extension ECPointFormats to the ClientHello message */ 73+ long lenmax; 74+ 75+ if ((lenmax = limit - ret - 5) < 0) return NULL; 76+ if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) return NULL; 77+ if (s->tlsext_ecpointformatlist_length > 255) 78+ { 79+ SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); 80+ return NULL; 81+ } 82+ 83+ s2n(TLSEXT_TYPE_ec_point_formats,ret); 84+ s2n(s->tlsext_ecpointformatlist_length + 1,ret); 85+ *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length; 86+ memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); 87+ ret+=s->tlsext_ecpointformatlist_length; 88+ } 89+ if (s->tlsext_ellipticcurvelist != NULL && 90+ s->version != DTLS1_VERSION) 91+ { 92+ /* Add TLS extension EllipticCurves to the ClientHello message */ 93+ long lenmax; 94+ 95+ if ((lenmax = limit - ret - 6) < 0) return NULL; 96+ if (s->tlsext_ellipticcurvelist_length > (unsigned long)lenmax) return NULL; 97+ if (s->tlsext_ellipticcurvelist_length > 65532) 98+ { 99+ SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); 100+ return NULL; 101+ } 102+ 103+ s2n(TLSEXT_TYPE_elliptic_curves,ret); 104+ s2n(s->tlsext_ellipticcurvelist_length + 2, ret); 105+ 106+ /* NB: draft-ietf-tls-ecc-12.txt uses a one-byte prefix for 107+ * elliptic_curve_list, but the examples use two bytes. 108+ * http://www1.ietf.org/mail-archive/web/tls/current/msg00538.html 109+ * resolves this to two bytes. 110+ */ 111+ s2n(s->tlsext_ellipticcurvelist_length, ret); 112+ memcpy(ret, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); 113+ ret+=s->tlsext_ellipticcurvelist_length; 114+ } 115+#endif /* OPENSSL_NO_EC */ 116+ 117 /* Add padding to workaround bugs in F5 terminators. 118 * See https://tools.ietf.org/html/draft-agl-tls-padding-02 */ 119 if (header_len > 0) 120@@ -673,10 +676,14 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c 121 if (header_len > 0xff && header_len < 0x200) 122 { 123 size_t padding_len = 0x200 - header_len; 124- if (padding_len >= 4) 125+ /* Extensions take at least four bytes to encode. Always 126+ * include least one byte of data if including the 127+ * extension. WebSphere Application Server 7.0 is 128+ * intolerant to the last extension being zero-length. */ 129+ if (padding_len >= 4 + 1) 130 padding_len -= 4; 131 else 132- padding_len = 0; 133+ padding_len = 1; 134 if (limit - ret - 4 - (long)padding_len < 0) 135 return NULL; 136 137