Index: net/third_party/nss/patches/cbcrandomiv.patch |
=================================================================== |
--- net/third_party/nss/patches/cbcrandomiv.patch (revision 107268) |
+++ net/third_party/nss/patches/cbcrandomiv.patch (working copy) |
@@ -1,59 +0,0 @@ |
-Index: mozilla/security/nss/lib/ssl/ssl3con.c |
-=================================================================== |
-RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v |
-retrieving revision 1.142.2.5 |
-diff -u -p -u -r1.142.2.5 ssl3con.c |
---- mozilla/security/nss/lib/ssl/ssl3con.c 25 Jan 2011 01:49:22 -0000 1.142.2.5 |
-+++ mozilla/security/nss/lib/ssl/ssl3con.c 11 Aug 2011 02:15:58 -0000 |
-@@ -2315,6 +2315,8 @@ ssl3_SendApplicationData(sslSocket *ss, |
- { |
- PRInt32 totalSent = 0; |
- PRInt32 discarded = 0; |
-+ PRBool isBlockCipher; |
-+ int recordIndex; |
- |
- PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); |
- if (len < 0 || !in) { |
-@@ -2339,7 +2341,12 @@ ssl3_SendApplicationData(sslSocket *ss, |
- len--; |
- discarded = 1; |
- } |
-- while (len > totalSent) { |
-+ |
-+ ssl_GetSpecReadLock(ss); |
-+ isBlockCipher = ss->ssl3.cwSpec->cipher_def->type == type_block; |
-+ ssl_ReleaseSpecReadLock(ss); |
-+ |
-+ for (recordIndex = 0; len > totalSent; recordIndex++) { |
- PRInt32 sent, toSend; |
- |
- if (totalSent > 0) { |
-@@ -2354,6 +2361,28 @@ ssl3_SendApplicationData(sslSocket *ss, |
- ssl_GetXmitBufLock(ss); |
- } |
- toSend = PR_MIN(len - totalSent, MAX_FRAGMENT_LENGTH); |
-+ if (isBlockCipher && |
-+ ss->ssl3.cwSpec->version <= SSL_LIBRARY_VERSION_3_1_TLS) { |
-+ /* |
-+ * We assume that block ciphers are used in CBC mode and send |
-+ * only one byte in the first record. This effectively |
-+ * randomizes the IV in a backward compatible way. |
-+ * |
-+ * We get back to the MAX_FRAGMENT_LENGTH record boundary in |
-+ * the second record. So for a large amount of data, we send |
-+ * 1 |
-+ * MAX_FRAGMENT_LENGTH - 1 |
-+ * MAX_FRAGMENT_LENGTH |
-+ * MAX_FRAGMENT_LENGTH |
-+ * ... |
-+ */ |
-+ if (recordIndex == 0) { |
-+ toSend = 1; |
-+ } else if (recordIndex == 1 && |
-+ len - totalSent > MAX_FRAGMENT_LENGTH) { |
-+ toSend--; |
-+ } |
-+ } |
- sent = ssl3_SendRecord(ss, content_application_data, |
- in + totalSent, toSend, flags); |
- if (sent < 0) { |