OLD | NEW |
| (Empty) |
1 Index: mozilla/security/nss/lib/ssl/ssl3con.c | |
2 =================================================================== | |
3 RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v | |
4 retrieving revision 1.142.2.5 | |
5 diff -u -p -u -r1.142.2.5 ssl3con.c | |
6 --- mozilla/security/nss/lib/ssl/ssl3con.c 25 Jan 2011 01:49:22 -0000
1.142.2.5 | |
7 +++ mozilla/security/nss/lib/ssl/ssl3con.c 11 Aug 2011 02:15:58 -0000 | |
8 @@ -2315,6 +2315,8 @@ ssl3_SendApplicationData(sslSocket *ss, | |
9 { | |
10 PRInt32 totalSent = 0; | |
11 PRInt32 discarded = 0; | |
12 + PRBool isBlockCipher; | |
13 + int recordIndex; | |
14 | |
15 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); | |
16 if (len < 0 || !in) { | |
17 @@ -2339,7 +2341,12 @@ ssl3_SendApplicationData(sslSocket *ss, | |
18 len--; | |
19 discarded = 1; | |
20 } | |
21 - while (len > totalSent) { | |
22 + | |
23 + ssl_GetSpecReadLock(ss); | |
24 + isBlockCipher = ss->ssl3.cwSpec->cipher_def->type == type_block; | |
25 + ssl_ReleaseSpecReadLock(ss); | |
26 + | |
27 + for (recordIndex = 0; len > totalSent; recordIndex++) { | |
28 PRInt32 sent, toSend; | |
29 | |
30 if (totalSent > 0) { | |
31 @@ -2354,6 +2361,28 @@ ssl3_SendApplicationData(sslSocket *ss, | |
32 ssl_GetXmitBufLock(ss); | |
33 } | |
34 toSend = PR_MIN(len - totalSent, MAX_FRAGMENT_LENGTH); | |
35 + if (isBlockCipher && | |
36 + ss->ssl3.cwSpec->version <= SSL_LIBRARY_VERSION_3_1_TLS) { | |
37 + /* | |
38 + * We assume that block ciphers are used in CBC mode and send | |
39 + * only one byte in the first record. This effectively | |
40 + * randomizes the IV in a backward compatible way. | |
41 + * | |
42 + * We get back to the MAX_FRAGMENT_LENGTH record boundary in | |
43 + * the second record. So for a large amount of data, we send | |
44 + * 1 | |
45 + * MAX_FRAGMENT_LENGTH - 1 | |
46 + * MAX_FRAGMENT_LENGTH | |
47 + * MAX_FRAGMENT_LENGTH | |
48 + * ... | |
49 + */ | |
50 + if (recordIndex == 0) { | |
51 + toSend = 1; | |
52 + } else if (recordIndex == 1 && | |
53 + len - totalSent > MAX_FRAGMENT_LENGTH) { | |
54 + toSend--; | |
55 + } | |
56 + } | |
57 sent = ssl3_SendRecord(ss, content_application_data, | |
58 in + totalSent, toSend, flags); | |
59 if (sent < 0) { | |
OLD | NEW |