propagate from branch 'net.randombit.botan' (head 75d272c759511a9a99a371ddc74bd17b2c1453b6)

            to branch 'net.randombit.botan.c++0x' (head 2ce9ba37cb9287a3d875921240d6682100625b9f)

1 files changed, 36 insertions, 20 deletions

diff --git a/src/ssl/rec_wri.cpp b/src/ssl/rec_wri.cpp
index 842b2698c..f8079c235 100644
--- a/src/ssl/rec_wri.cpp
+++ b/src/ssl/rec_wri.cpp
@@ -1,6 +1,6 @@
 /**
-* TLS Record Writing 
-* (C) 2004-2006 Jack Lloyd
+* TLS Record Writing
+* (C) 2004-2010 Jack Lloyd
 *
 * Released under the terms of the Botan license
 */
@@ -9,6 +9,7 @@
 #include <botan/handshake_hash.h>
 #include <botan/lookup.h>
 #include <botan/loadstor.h>
+#include <botan/libstate.h>
 
 namespace Botan {
 
@@ -26,13 +27,17 @@ Record_Writer::Record_Writer(Socket& sock) :
 */
 void Record_Writer::reset()
    {
-   compress.reset();
    cipher.reset();
    mac.reset();
+
    buffer.clear();
-   do_compress = false;
+   buf_pos = 0;
+
    major = minor = buf_type = 0;
-   pad_amount = mac_size = buf_pos = 0;
+   block_size = 0;
+   mac_size = 0;
+   iv_size = 0;
+
    seq_no = 0;
    }
 
@@ -41,7 +46,7 @@ void Record_Writer::reset()
 */
 void Record_Writer::set_version(Version_Code version)
    {
-   if(version != SSL_V3 && version != TLS_V10)
+   if(version != SSL_V3 && version != TLS_V10 && version != TLS_V11)
       throw Invalid_Argument("Record_Writer: Invalid protocol version");
 
    major = (version >> 8) & 0xFF;
@@ -49,15 +54,6 @@ void Record_Writer::set_version(Version_Code version)
    }
 
 /**
-* Set the compression algorithm
-*/
-void Record_Writer::set_compressor(Filter* compressor)
-   {
-   throw TLS_Exception(INTERNAL_ERROR, "Compression not implemented (FIXME)");
-   compress.append(compressor);
-   }
-
-/**
 * Set the keys for writing
 */
 void Record_Writer::set_keys(const CipherSuite& suite, const SessionKeys& keys,
@@ -91,12 +87,18 @@ void Record_Writer::set_keys(const CipherSuite& suite, const SessionKeys& keys,
                        cipher_algo + "/CBC/NoPadding",
                        cipher_key, iv, ENCRYPTION)
          );
-      pad_amount = block_size_of(cipher_algo);
+      block_size = block_size_of(cipher_algo);
+
+      if(major == 3 && minor >= 2)
+         iv_size = block_size;
+      else
+         iv_size = 0;
       }
    else if(have_stream_cipher(cipher_algo))
       {
       cipher.append(get_cipher(cipher_algo, cipher_key, ENCRYPTION));
-      pad_amount = 0;
+      block_size = 0;
+      iv_size = 0;
       }
    else
       throw Invalid_Argument("Record_Writer: Unknown cipher " + cipher_algo);
@@ -203,15 +205,30 @@ void Record_Writer::send_record(byte type, const byte buf[], u32bit length)
       mac.write(buf, length);
       mac.end_msg();
 
+      // TODO: This could all use a single buffer
+
       SecureVector<byte> buf_mac = mac.read_all(Pipe::LAST_MESSAGE);
 
       cipher.start_msg();
+
+      if(iv_size)
+         {
+         RandomNumberGenerator& rng = global_state().global_rng();
+
+         SecureVector<byte> random_iv(iv_size);
+
+         rng.randomize(&random_iv[0], random_iv.size());
+
+         cipher.write(random_iv);
+         }
+
       cipher.write(buf, length);
       cipher.write(buf_mac);
-      if(pad_amount)
+
+      if(block_size)
          {
          u32bit pad_val =
-            (pad_amount - (1 + length + buf_mac.size())) % pad_amount;
+            (block_size - (1 + length + buf_mac.size())) % block_size;
 
          for(u32bit j = 0; j != pad_val + 1; j++)
             cipher.write(pad_val);
@@ -240,7 +257,6 @@ void Record_Writer::send_record(byte type, byte major, byte minor,
    for(u32bit j = 0; j != 2; j++)
       header[j+3] = get_byte<u16bit>(j, length);
 
-   // FIXME: tradoff of TCP/syscall overhead vs copy overhead
    socket.write(header, 5);
    socket.write(out, length);
    }