diff options
author | Emilia Kasper <emilia@openssl.org> | 2015-10-06 17:20:32 +0200 |
---|---|---|
committer | Emilia Kasper <emilia@openssl.org> | 2015-10-09 15:32:35 +0200 |
commit | 310115448188415e270bb0bef958c7c130939838 (patch) | |
tree | 4acce2a2cb0626327668858b21dc9f7811e803c5 /ssl/s3_srvr.c | |
parent | 0f0cfbe24c07376a67b12048686baa318db2cd95 (diff) |
DTLS: remove unused cookie field
Note that this commit constifies a user callback parameter and therefore
will break compilation for applications using this callback. But unless
they are abusing write access to the buffer, the fix is trivial.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Diffstat (limited to 'ssl/s3_srvr.c')
-rw-r--r-- | ssl/s3_srvr.c | 39 |
1 files changed, 7 insertions, 32 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 5f05b9f21f..ca11c6e8b3 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1137,45 +1137,20 @@ int ssl3_get_client_hello(SSL *s) } if (SSL_IS_DTLS(s)) { - size_t cookie_len = PACKET_remaining(&cookie); - /* - * The ClientHello may contain a cookie even if the - * HelloVerify message has not been sent--make sure that it - * does not cause an overflow. - */ - if (cookie_len > sizeof(s->d1->rcvd_cookie)) { - /* too much data */ - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH); - goto f_err; - } - - /* verify the cookie if appropriate option is set. */ - if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) && cookie_len > 0) { - /* Get cookie */ - /* - * TODO(openssl-team): rcvd_cookie appears unused outside this - * function. Remove the field? - */ - if (!PACKET_copy_bytes(&cookie, s->d1->rcvd_cookie, cookie_len)) { - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); - goto f_err; - } - + /* Empty cookie was already handled above by returning early. */ + if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) { if (s->ctx->app_verify_cookie_cb != NULL) { - if (s->ctx->app_verify_cookie_cb(s, s->d1->rcvd_cookie, - cookie_len) == 0) { + if (s->ctx->app_verify_cookie_cb(s, PACKET_data(&cookie), + PACKET_remaining(&cookie)) == 0) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH); goto f_err; + /* else cookie verification succeeded */ } - /* else cookie verification succeeded */ - } /* default verification */ - else if (memcmp(s->d1->rcvd_cookie, s->d1->cookie, - s->d1->cookie_len) != 0) { + } else if (!PACKET_equal(&cookie, s->d1->cookie, + s->d1->cookie_len)) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH); goto f_err; |