From 81807241c317b342d439fcc99d79d934f9c6834a Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Wed, 20 Nov 2013 11:46:59 +0700 Subject: Use 1/n-1 record splitting instead of 0/n --- crypto/src/crypto/tls/TlsProtocolHandler.cs | 37 +++++++++++++++++++---------- 1 file changed, 24 insertions(+), 13 deletions(-) diff --git a/crypto/src/crypto/tls/TlsProtocolHandler.cs b/crypto/src/crypto/tls/TlsProtocolHandler.cs index 0a970d251..1960d3ccd 100644 --- a/crypto/src/crypto/tls/TlsProtocolHandler.cs +++ b/crypto/src/crypto/tls/TlsProtocolHandler.cs @@ -1064,22 +1064,33 @@ namespace Org.BouncyCastle.Crypto.Tls while (len > 0) { /* - * Protect against known IV attack! - * - * DO NOT REMOVE THIS LINE, EXCEPT YOU KNOW EXACTLY WHAT - * YOU ARE DOING HERE. + * RFC 5246 6.2.1. Zero-length fragments of Application data MAY be sent as they are + * potentially useful as a traffic analysis countermeasure. + * + * NOTE: Actually, implementations appear to have settled on 1/n-1 record splitting. */ - SafeWriteMessage(ContentType.application_data, emptybuf, 0, 0); - /* - * We are only allowed to write fragments up to 2^14 bytes. - */ - int toWrite = System.Math.Min(len, 1 << 14); - - SafeWriteMessage(ContentType.application_data, buf, offset, toWrite); + //if (this.splitApplicationDataRecords) + { + /* + * Protect against known IV attack! + * + * DO NOT REMOVE THIS CODE, EXCEPT YOU KNOW EXACTLY WHAT YOU ARE DOING HERE. + */ + SafeWriteMessage(ContentType.application_data, buf, offset, 1); + ++offset; + --len; + } - offset += toWrite; - len -= toWrite; + if (len > 0) + { + // Fragment data according to the current fragment limit. + //int toWrite = System.Math.Min(len, recordStream.GetPlaintextLimit()); + int toWrite = System.Math.Min(len, 1 << 14); + SafeWriteMessage(ContentType.application_data, buf, offset, toWrite); + offset += toWrite; + len -= toWrite; + } } } -- cgit 1.4.1