net: Precede each CBC encrypted application data record with an empty one.

net/third_party/nss/patches/cbcrandomiv.patch

Index: net/third_party/nss/patches/cbcrandomiv.patch
diff --git a/net/third_party/nss/patches/cbcrandomiv.patch b/net/third_party/nss/patches/cbcrandomiv.patch
new file mode 100644
index 0000000000000000000000000000000000000000..e6d42e0a9c9addfd37a10b311d358efd1e06606d
--- /dev/null
+++ b/net/third_party/nss/patches/cbcrandomiv.patch
@@ -0,0 +1,70 @@
+commit 4fac6faf6aec9b6d836ff86e859ee90a57932ddc
+Author: Adam Langley <agl@chromium.org>
+Date:   Wed Jun 22 13:36:50 2011 -0400
+
+    cbcrandomiv.patch
+
+diff --git a/mozilla/security/nss/lib/ssl/ssl3con.c b/mozilla/security/nss/lib/ssl/ssl3con.c
+index 0997e18..8086c5a 100644
+--- a/mozilla/security/nss/lib/ssl/ssl3con.c
++++ b/mozilla/security/nss/lib/ssl/ssl3con.c
+@@ -1914,7 +1914,9 @@ ssl3_ComputeRecordMAC(
+ 	                     : spec->client.write_mac_context);
+ 	rv  = PK11_DigestBegin(mac_context);
+ 	rv |= PK11_DigestOp(mac_context, temp, tempLen);
+-	rv |= PK11_DigestOp(mac_context, input, inputLength);
++	if (inputLength > 0) {
++	    rv |= PK11_DigestOp(mac_context, input, inputLength);
++	}
+ 	rv |= PK11_DigestFinal(mac_context, outbuf, outLength, spec->mac_size);
+     } else {
+ 	/* bypass version */
+@@ -2229,7 +2231,7 @@ ssl3_SendRecord(   sslSocket *        ss,
+ 	return SECFailure;
+     }
+ 
+-    while (nIn > 0) {
++    do {
+ 	PRUint32  contentLen = PR_MIN(nIn, MAX_FRAGMENT_LENGTH);
+ 
+ 	if (wrBuf->space < contentLen + SSL3_BUFFER_FUDGE) {
+@@ -2306,7 +2308,7 @@ ssl3_SendRecord(   sslSocket *        ss,
+ 	    }
+ 	}
+ 	totalSent += contentLen;
+-    }
++    } while (nIn > 0);
+     return totalSent;
+ }
+ 
+@@ -2321,6 +2323,7 @@ ssl3_SendApplicationData(sslSocket *ss, const unsigned char *in,
+ {
+     PRInt32   totalSent	= 0;
+     PRInt32   discarded = 0;
++    PRBool    is_block_cipher;
+ 
+     PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) );
+     if (len < 0 || !in) {
+@@ -2345,6 +2348,22 @@ ssl3_SendApplicationData(sslSocket *ss, const unsigned char *in,
+ 	len--;
+ 	discarded = 1;
+     }
++
++    ssl_GetSpecReadLock(ss);
++    is_block_cipher = ss->ssl3.cwSpec->cipher_def->type == type_block;
++    ssl_ReleaseSpecReadLock(ss);
++
++    if (is_block_cipher) {
++	// We assume that block ciphers are used in CBC mode and prepend an
++	// empty record. This effectively randomizes the IV in a backwards
++	// compatible way.
++	PRInt32 sent = ssl3_SendRecord(ss, content_application_data,
++				       NULL, 0 /* no payload */, flags);
++	if (sent < 0) {
++	    return SECFailure; /* error code set by ssl3_SendRecord */
++	}
++    }
++
+     while (len > totalSent) {
+ 	PRInt32   sent, toSend;
+