Send only one byte of data in the first CBC encrypted aplication data

net/third_party/nss/ssl/ssl3con.c

 /*
  * SSL3 Protocol
  *
  * ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  *
  * The contents of this file are subject to the Mozilla Public License Version
  * 1.1 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * http://www.mozilla.org/MPL/
@@ skipping 2303 matching lines @@
 
 /* Attempt to send the content of "in" in an SSL application_data record.
  * Returns "len" or SECFailure,   never SECWouldBlock, nor SECSuccess.
  */
 int
 ssl3_SendApplicationData(sslSocket *ss, const unsigned char *in,
                          PRInt32 len, PRInt32 flags)
 {
     PRInt32   totalSent = 0;
     PRInt32   discarded = 0;
+    PRBool    isBlockCipher;
+    int       recordIndex;
 
     PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) );
     if (len < 0 || !in) {
         PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
         return SECFailure;
     }
 
     if (ss->pendingBuf.len > SSL3_PENDING_HIGH_WATER &&
         !ssl_SocketIsBlocking(ss)) {
         PORT_Assert(!ssl_SocketIsBlocking(ss));
         PORT_SetError(PR_WOULD_BLOCK_ERROR);
         return SECFailure;
     }
 
     if (ss->appDataBuffered && len) {
         PORT_Assert (in[0] == (unsigned char)(ss->appDataBuffered));
         if (in[0] != (unsigned char)(ss->appDataBuffered)) {
             PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
             return SECFailure;
         }
         in++;
         len--;
         discarded = 1;
     }
-    while (len > totalSent) {
+
+    ssl_GetSpecReadLock(ss);
+    isBlockCipher = ss->ssl3.cwSpec->cipher_def->type == type_block;
+    ssl_ReleaseSpecReadLock(ss);
+
+    for (recordIndex = 0; len > totalSent; recordIndex++) {
         PRInt32   sent, toSend;
 
         if (totalSent > 0) {
             /*
              * The thread yield is intended to give the reader thread a
              * chance to get some cycles while the writer thread is in
              * the middle of a large application data write.  (See
              * Bugzilla bug 127740, comment #1.)
              */
             ssl_ReleaseXmitBufLock(ss);
             PR_Sleep(PR_INTERVAL_NO_WAIT);      /* PR_Yield(); */
             ssl_GetXmitBufLock(ss);
         }
         toSend = PR_MIN(len - totalSent, MAX_FRAGMENT_LENGTH);
+        if (isBlockCipher &&
+            ss->ssl3.cwSpec->version <= SSL_LIBRARY_VERSION_3_1_TLS) {
+            /*
+             * We assume that block ciphers are used in CBC mode and send
+             * only one byte in the first record.  This effectively
+             * randomizes the IV in a backward compatible way.
+             *
+             * We get back to the MAX_FRAGMENT_LENGTH record boundary in
+             * the second record.  So for a large amount of data, we send
+             *     1
+             *     MAX_FRAGMENT_LENGTH - 1
+             *     MAX_FRAGMENT_LENGTH
+             *     MAX_FRAGMENT_LENGTH
+             *     ...
+             */
+            if (recordIndex == 0) {
+                toSend = 1;
+            } else if (recordIndex == 1 &&
+                       len - totalSent > MAX_FRAGMENT_LENGTH) {
+                toSend--;
+            }
+        }
         sent = ssl3_SendRecord(ss, content_application_data, 
                                in + totalSent, toSend, flags);
         if (sent < 0) {
             if (totalSent > 0 && PR_GetError() == PR_WOULD_BLOCK_ERROR) {
                 PORT_Assert(ss->lastWriteBlocked);
                 break;
             }
             return SECFailure; /* error code set by ssl3_SendRecord */
         }
         totalSent += sent;
@@ skipping 7555 matching lines @@
 
     ss->ssl3.initialized = PR_FALSE;
 
     if (ss->ssl3.nextProto.data) {
         PORT_Free(ss->ssl3.nextProto.data);
         ss->ssl3.nextProto.data = NULL;
     }
 }
 
 /* End of ssl3con.c */