OLD | NEW |
(Empty) | |
| 1 Index: mozilla/security/nss/lib/ssl/ssl3con.c |
| 2 =================================================================== |
| 3 RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v |
| 4 retrieving revision 1.142.2.5 |
| 5 diff -u -p -u -r1.142.2.5 ssl3con.c |
| 6 --- mozilla/security/nss/lib/ssl/ssl3con.c 25 Jan 2011 01:49:22 -0000
1.142.2.5 |
| 7 +++ mozilla/security/nss/lib/ssl/ssl3con.c 11 Aug 2011 02:15:58 -0000 |
| 8 @@ -2315,6 +2315,8 @@ ssl3_SendApplicationData(sslSocket *ss, |
| 9 { |
| 10 PRInt32 totalSent = 0; |
| 11 PRInt32 discarded = 0; |
| 12 + PRBool isBlockCipher; |
| 13 + int recordIndex; |
| 14 |
| 15 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); |
| 16 if (len < 0 || !in) { |
| 17 @@ -2339,7 +2341,12 @@ ssl3_SendApplicationData(sslSocket *ss, |
| 18 len--; |
| 19 discarded = 1; |
| 20 } |
| 21 - while (len > totalSent) { |
| 22 + |
| 23 + ssl_GetSpecReadLock(ss); |
| 24 + isBlockCipher = ss->ssl3.cwSpec->cipher_def->type == type_block; |
| 25 + ssl_ReleaseSpecReadLock(ss); |
| 26 + |
| 27 + for (recordIndex = 0; len > totalSent; recordIndex++) { |
| 28 PRInt32 sent, toSend; |
| 29 |
| 30 if (totalSent > 0) { |
| 31 @@ -2354,6 +2361,28 @@ ssl3_SendApplicationData(sslSocket *ss, |
| 32 ssl_GetXmitBufLock(ss); |
| 33 } |
| 34 toSend = PR_MIN(len - totalSent, MAX_FRAGMENT_LENGTH); |
| 35 + if (isBlockCipher && |
| 36 + ss->ssl3.cwSpec->version <= SSL_LIBRARY_VERSION_3_1_TLS) { |
| 37 + /* |
| 38 + * We assume that block ciphers are used in CBC mode and send |
| 39 + * only one byte in the first record. This effectively |
| 40 + * randomizes the IV in a backward compatible way. |
| 41 + * |
| 42 + * We get back to the MAX_FRAGMENT_LENGTH record boundary in |
| 43 + * the second record. So for a large amount of data, we send |
| 44 + * 1 |
| 45 + * MAX_FRAGMENT_LENGTH - 1 |
| 46 + * MAX_FRAGMENT_LENGTH |
| 47 + * MAX_FRAGMENT_LENGTH |
| 48 + * ... |
| 49 + */ |
| 50 + if (recordIndex == 0) { |
| 51 + toSend = 1; |
| 52 + } else if (recordIndex == 1 && |
| 53 + len - totalSent > MAX_FRAGMENT_LENGTH) { |
| 54 + toSend--; |
| 55 + } |
| 56 + } |
| 57 sent = ssl3_SendRecord(ss, content_application_data, |
| 58 in + totalSent, toSend, flags); |
| 59 if (sent < 0) { |
OLD | NEW |