net/third_party/nss/patches/cbcrandomiv.patch - Issue 7621002: Send only one byte of data in the first CBC encrypted aplication data

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: net/third_party/nss/patches/cbcrandomiv.patch

Issue 7621002: Send only one byte of data in the first CBC encrypted aplication data (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: Remove space at the end of a line. Created 9 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
(Empty)
	1 Index: mozilla/security/nss/lib/ssl/ssl3con.c

	2 ===================================================================

	3 RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v

	4 retrieving revision 1.142.2.5

	5 diff -u -p -u -r1.142.2.5 ssl3con.c

	6 --- mozilla/security/nss/lib/ssl/ssl3con.c 25 Jan 2011 01:49:22 -0000 1.142.2.5

	7 +++ mozilla/security/nss/lib/ssl/ssl3con.c 11 Aug 2011 02:15:58 -0000

	8 @@ -2315,6 +2315,8 @@ ssl3_SendApplicationData(sslSocket *ss,

	9 {

	10 PRInt32 totalSent = 0;

	11 PRInt32 discarded = 0;

	12 + PRBool isBlockCipher;

	13 + int recordIndex;

	14

	15 PORT_Assert( ss->opt.noLocks \|\| ssl_HaveXmitBufLock(ss) );

	16 if (len < 0 \|\| !in) {

	17 @@ -2339,7 +2341,12 @@ ssl3_SendApplicationData(sslSocket *ss,

	18 len--;

	19 discarded = 1;

	20 }

	21 - while (len > totalSent) {

	22 +

	23 + ssl_GetSpecReadLock(ss);

	24 + isBlockCipher = ss->ssl3.cwSpec->cipher_def->type == type_block;

	25 + ssl_ReleaseSpecReadLock(ss);

	26 +

	27 + for (recordIndex = 0; len > totalSent; recordIndex++) {

	28 PRInt32 sent, toSend;

	29

	30 if (totalSent > 0) {

	31 @@ -2354,6 +2361,28 @@ ssl3_SendApplicationData(sslSocket *ss,

	32 ssl_GetXmitBufLock(ss);

	33 }

	34 toSend = PR_MIN(len - totalSent, MAX_FRAGMENT_LENGTH);

	35 + if (isBlockCipher &&

	36 + ss->ssl3.cwSpec->version <= SSL_LIBRARY_VERSION_3_1_TLS) {

	37 + /*

	38 + * We assume that block ciphers are used in CBC mode and send

	39 + * only one byte in the first record. This effectively

	40 + * randomizes the IV in a backward compatible way.

	41 + *

	42 + * We get back to the MAX_FRAGMENT_LENGTH record boundary in

	43 + * the second record. So for a large amount of data, we send

	44 + * 1

	45 + * MAX_FRAGMENT_LENGTH - 1

	46 + * MAX_FRAGMENT_LENGTH

	47 + * MAX_FRAGMENT_LENGTH

	48 + * ...

	49 + */

	50 + if (recordIndex == 0) {

	51 + toSend = 1;

	52 + } else if (recordIndex == 1 &&

	53 + len - totalSent > MAX_FRAGMENT_LENGTH) {

	54 + toSend--;

	55 + }

	56 + }

	57 sent = ssl3_SendRecord(ss, content_application_data,

	58 in + totalSent, toSend, flags);

	59 if (sent < 0) {

OLD	NEW

« no previous file with comments | « net/third_party/nss/patches/applypatches.sh ('k') | net/third_party/nss/ssl/ssl3con.c » ('j') | no next file with comments »