Patch Go libs for poodle-tls scan - Modified from https://gist.github.com/singe/f433c54f134a9390214e to work with Go 1.3.3 for Linux. -- These are mods to Adam Langley's (@agl__) work.

poodle-tls-go.patch

diff -u -r b/src/pkg/crypto/tls/common.go a/src/pkg/crypto/tls/common.go
--- b/src/pkg/crypto/tls/common.go	2014-10-01 02:51:45.000000000 +0100
+++ a/src/pkg/crypto/tls/common.go	2014-12-09 13:55:55.167748499 +0000
@@ -301,6 +301,8 @@
 	// be used.
 	CurvePreferences []CurveID
 
+	BreakCBCPadding bool
+
 	serverInitOnce sync.Once // guards calling (*Config).serverInit
 }
 
diff -u -r b/src/pkg/crypto/tls/conn.go a/src/pkg/crypto/tls/conn.go
--- b/src/pkg/crypto/tls/conn.go	2014-10-01 02:51:45.000000000 +0100
+++ a/src/pkg/crypto/tls/conn.go	2014-12-09 13:55:55.167748499 +0000
@@ -106,6 +106,8 @@
 
 	// used to save allocating a new buffer for each MAC.
 	inDigestBuf, outDigestBuf []byte
+
+	brokenCBC bool
 }
 
 func (hc *halfConn) setErrorLocked(err error) error {
@@ -122,10 +124,11 @@
 
 // prepareCipherSpec sets the encryption and MAC states
 // that a subsequent changeCipherSpec will use.
-func (hc *halfConn) prepareCipherSpec(version uint16, cipher interface{}, mac macFunction) {
+func (hc *halfConn) prepareCipherSpec(version uint16, cipher interface{}, mac macFunction, brokenCBC bool) {
 	hc.version = version
 	hc.nextCipher = cipher
 	hc.nextMac = mac
+	hc.brokenCBC = brokenCBC
 }
 
 // changeCipherSpec changes the encryption and MAC states
@@ -336,14 +339,21 @@
 // block of payload. finalBlock is a fresh slice which contains the contents of
 // any suffix of payload as well as the needed padding to make finalBlock a
 // full block.
-func padToBlockSize(payload []byte, blockSize int) (prefix, finalBlock []byte) {
+func padToBlockSize(payload []byte, blockSize int, broken bool) (prefix, finalBlock []byte) {
 	overrun := len(payload) % blockSize
 	paddingLen := blockSize - overrun
 	prefix = payload[:len(payload)-overrun]
 	finalBlock = make([]byte, blockSize)
 	copy(finalBlock, payload[len(payload)-overrun:])
-	for i := overrun; i < blockSize; i++ {
-		finalBlock[i] = byte(paddingLen - 1)
+	if !broken {
+		for i := overrun; i < blockSize; i++ {
+			finalBlock[i] = byte(paddingLen - 1)
+		}
+	} else {
+		for i := overrun; i < blockSize; i++ {
+			finalBlock[i] = byte(66-i)
+		}
+		finalBlock[blockSize-1] = byte(paddingLen-1)
 	}
 	return
 }
@@ -387,7 +397,7 @@
 				c.SetIV(payload[:explicitIVLen])
 				payload = payload[explicitIVLen:]
 			}
-			prefix, finalBlock := padToBlockSize(payload, blockSize)
+			prefix, finalBlock := padToBlockSize(payload, blockSize, hc.brokenCBC)
 			b.resize(recordHeaderLen + explicitIVLen + len(prefix) + len(finalBlock))
 			c.CryptBlocks(b.data[recordHeaderLen+explicitIVLen:], prefix)
 			c.CryptBlocks(b.data[recordHeaderLen+explicitIVLen+len(prefix):], finalBlock)
diff -u -r b/src/pkg/crypto/tls/handshake_client.go a/src/pkg/crypto/tls/handshake_client.go
--- b/src/pkg/crypto/tls/handshake_client.go	2014-10-01 02:51:45.000000000 +0100
+++ a/src/pkg/crypto/tls/handshake_client.go	2014-12-09 13:55:55.167748499 +0000
@@ -463,8 +463,8 @@
 		serverCipher = hs.suite.aead(serverKey, serverIV)
 	}
 
-	c.in.prepareCipherSpec(c.vers, serverCipher, serverHash)
-	c.out.prepareCipherSpec(c.vers, clientCipher, clientHash)
+	c.in.prepareCipherSpec(c.vers, serverCipher, serverHash, c.config.BreakCBCPadding)
+	c.out.prepareCipherSpec(c.vers, clientCipher, clientHash, c.config.BreakCBCPadding)
 	return nil
 }
 
diff -u -r b/src/pkg/crypto/tls/handshake_server.go a/src/pkg/crypto/tls/handshake_server.go
--- b/src/pkg/crypto/tls/handshake_server.go	2014-10-01 02:51:45.000000000 +0100
+++ a/src/pkg/crypto/tls/handshake_server.go	2014-12-09 13:55:55.168748494 +0000
@@ -464,8 +464,8 @@
 		serverCipher = hs.suite.aead(serverKey, serverIV)
 	}
 
-	c.in.prepareCipherSpec(c.vers, clientCipher, clientHash)
-	c.out.prepareCipherSpec(c.vers, serverCipher, serverHash)
+	c.in.prepareCipherSpec(c.vers, clientCipher, clientHash, false)
+	c.out.prepareCipherSpec(c.vers, serverCipher, serverHash, false)
 
 	return nil
 }