Don't buffer in the record writer at all - we immediately process and

send out inputs as they are available. Thus, flushing is never
required, and we avoid some unnecessary copying.

If we are using a CBC mode cipher in SSLv3/TLSv1.0, send a 1-byte
fragment to start to prevent the adaptive plaintext attack.

1 files changed, 4 insertions, 8 deletions

diff --git a/src/tls/tls_record.h b/src/tls/tls_record.h
index d2dbdf596..51a7cd310 100644
--- a/src/tls/tls_record.h
+++ b/src/tls/tls_record.h
@@ -43,8 +43,6 @@ class BOTAN_DLL Record_Writer
       void send(byte type, const byte input[], size_t length);
       void send(byte type, byte val) { send(type, &val, 1); }
 
-      void flush();
-
       void alert(Alert_Level level, Alert_Type type);
 
       void set_keys(const CipherSuite& suite,
@@ -56,23 +54,21 @@ class BOTAN_DLL Record_Writer
       void reset();
 
       Record_Writer(std::tr1::function<void (const byte[], size_t)> output_fn,
-                    size_t max_fragment = 0);
+                    size_t max_fragment = MAX_PLAINTEXT_SIZE);
 
       ~Record_Writer() { delete mac; }
    private:
       void send_record(byte type, const byte input[], size_t length);
 
       std::tr1::function<void (const byte[], size_t)> output_fn;
+
       Pipe cipher;
       MessageAuthenticationCode* mac;
 
-      SecureVector<byte> buffer;
-      size_t buf_pos;
-
-      size_t block_size, mac_size, iv_size;
+      size_t block_size, mac_size, iv_size, max_fragment;
 
       u64bit seq_no;
-      byte major, minor, buf_type;
+      byte major, minor;
    };
 
 /**