Add 1/n-1 record splitting
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 5f080de..00e99f7 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3482,6 +3482,9 @@
ssl->out_msgtype = 0;
ssl->out_msglen = 0;
ssl->out_left = 0;
+#if defined(POLARSSL_SSL_CBC_RECORD_SPLITTING)
+ ssl->split_done = 0;
+#endif
ssl->transform_in = NULL;
ssl->transform_out = NULL;
@@ -4431,7 +4434,11 @@
/*
* Send application data to be encrypted by the SSL layer
*/
+#if defined(POLARSSL_SSL_CBC_RECORD_SPLITTING)
+static int ssl_write_real( ssl_context *ssl, const unsigned char *buf, size_t len )
+#else
int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len )
+#endif
{
int ret;
size_t n;
@@ -4493,6 +4500,43 @@
}
/*
+ * Write application data, doing 1/n-1 splitting if necessary.
+ *
+ * With non-blocking I/O, ssl_write_real() may return WANT_WRITE,
+ * then the caller wil call us again with the same arguments.
+ */
+#if defined(POLARSSL_SSL_CBC_RECORD_SPLITTING)
+int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len )
+{
+ int ret;
+
+ if( ssl->minor_ver > SSL_MINOR_VERSION_1 ||
+ len == 0 ||
+ cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc )
+ != POLARSSL_MODE_CBC )
+ {
+ return( ssl_write_real( ssl, buf, len ) );
+ }
+
+ if( ssl->split_done == 0 )
+ {
+ ssl->split_done = 1;
+ if( ( ret = ssl_write_real( ssl, buf, 1 ) ) < 0 )
+ return( ret );
+ }
+
+ if( ssl->split_done == 1 && len > 1 )
+ {
+ ssl->split_done = 0;
+ if( ( ret = ssl_write_real( ssl, buf + 1, len - 1 ) ) < 0 )
+ return( ret );
+ }
+
+ return( ret + 1 );
+}
+#endif /* POLARSSL_SSL_CBC_RECORD_SPLITTING */
+
+/*
* Notify the peer that the connection is being closed
*/
int ssl_close_notify( ssl_context *ssl )