summary refs log tree commit diff
path: root/crypto
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2013-11-20 11:46:59 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2013-11-20 11:46:59 +0700
commit81807241c317b342d439fcc99d79d934f9c6834a (patch)
tree5c091ef9f9b295b33bfa0de6ab62d152c2f357e8 /crypto
parentAuto-initialize random if necessary (diff)
downloadBouncyCastle.NET-ed25519-81807241c317b342d439fcc99d79d934f9c6834a.tar.xz
Use 1/n-1 record splitting instead of 0/n
Diffstat (limited to 'crypto')
-rw-r--r--crypto/src/crypto/tls/TlsProtocolHandler.cs37


1 files changed, 24 insertions, 13 deletions
diff --git a/crypto/src/crypto/tls/TlsProtocolHandler.cs b/crypto/src/crypto/tls/TlsProtocolHandler.cs
index 0a970d251..1960d3ccd 100644
--- a/crypto/src/crypto/tls/TlsProtocolHandler.cs
+++ b/crypto/src/crypto/tls/TlsProtocolHandler.cs
@@ -1064,22 +1064,33 @@ namespace Org.BouncyCastle.Crypto.Tls
             while (len > 0)
             {
                 /*
-                 * Protect against known IV attack!
-                 *
-                 * DO NOT REMOVE THIS LINE, EXCEPT YOU KNOW EXACTLY WHAT
-                 * YOU ARE DOING HERE.
+                 * RFC 5246 6.2.1. Zero-length fragments of Application data MAY be sent as they are
+                 * potentially useful as a traffic analysis countermeasure.
+                 * 
+                 * NOTE: Actually, implementations appear to have settled on 1/n-1 record splitting.
                  */
-                SafeWriteMessage(ContentType.application_data, emptybuf, 0, 0);
 
-                /*
-                * We are only allowed to write fragments up to 2^14 bytes.
-                */
-                int toWrite = System.Math.Min(len, 1 << 14);
-
-                SafeWriteMessage(ContentType.application_data, buf, offset, toWrite);
+                //if (this.splitApplicationDataRecords)
+                {
+                    /*
+                     * Protect against known IV attack!
+                     * 
+                     * DO NOT REMOVE THIS CODE, EXCEPT YOU KNOW EXACTLY WHAT YOU ARE DOING HERE.
+                     */
+                    SafeWriteMessage(ContentType.application_data, buf, offset, 1);
+                    ++offset;
+                    --len;
+                }
 
-                offset += toWrite;
-                len -= toWrite;
+                if (len > 0)
+                {
+                    // Fragment data according to the current fragment limit.
+                    //int toWrite = System.Math.Min(len, recordStream.GetPlaintextLimit());
+                    int toWrite = System.Math.Min(len, 1 << 14);
+                    SafeWriteMessage(ContentType.application_data, buf, offset, toWrite);
+                    offset += toWrite;
+                    len -= toWrite;
+                }
             }
         }
 

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-20 11:47:22 +0000