DTLS: remove unused cookie field

Note that this commit constifies a user callback parameter and therefore will break compilation for applications using this callback. But unless they are abusing write access to the buffer, the fix is trivial. Reviewed-by: Andy Polyakov <appro@openssl.org>
author: Emilia Kasper <emilia@openssl.org> 2015-10-06 17:20:32 +0200
committer: Emilia Kasper <emilia@openssl.org> 2015-10-09 15:32:35 +0200
commit: 310115448188415e270bb0bef958c7c130939838 (patch)
tree: 4acce2a2cb0626327668858b21dc9f7811e803c5 /ssl/s3_srvr.c
parent: 0f0cfbe24c07376a67b12048686baa318db2cd95 (diff)
1 files changed, 7 insertions, 32 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 5f05b9f21f..ca11c6e8b3 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1137,45 +1137,20 @@ int ssl3_get_client_hello(SSL *s)
     }
 
     if (SSL_IS_DTLS(s)) {
-        size_t cookie_len = PACKET_remaining(&cookie);
-        /*
-         * The ClientHello may contain a cookie even if the
-         * HelloVerify message has not been sent--make sure that it
-         * does not cause an overflow.
-         */
-        if (cookie_len > sizeof(s->d1->rcvd_cookie)) {
-            /* too much data */
-            al = SSL_AD_DECODE_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
-            goto f_err;
-        }
-
-        /* verify the cookie if appropriate option is set. */
-        if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) && cookie_len > 0) {
-            /* Get cookie */
-            /*
-             * TODO(openssl-team): rcvd_cookie appears unused outside this
-             * function. Remove the field?
-             */
-            if (!PACKET_copy_bytes(&cookie, s->d1->rcvd_cookie, cookie_len)) {
-                al = SSL_AD_INTERNAL_ERROR;
-                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
-                goto f_err;
-            }
-
+	/* Empty cookie was already handled above by returning early. */
+        if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
             if (s->ctx->app_verify_cookie_cb != NULL) {
-                if (s->ctx->app_verify_cookie_cb(s, s->d1->rcvd_cookie,
-                                                 cookie_len) == 0) {
+                if (s->ctx->app_verify_cookie_cb(s, PACKET_data(&cookie),
+                                                 PACKET_remaining(&cookie)) == 0) {
                     al = SSL_AD_HANDSHAKE_FAILURE;
                     SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
                            SSL_R_COOKIE_MISMATCH);
                     goto f_err;
+                    /* else cookie verification succeeded */
                 }
-                /* else cookie verification succeeded */
-            }
             /* default verification */
-            else if (memcmp(s->d1->rcvd_cookie, s->d1->cookie,
-                            s->d1->cookie_len) != 0) {
+            } else if (!PACKET_equal(&cookie, s->d1->cookie,
+                                     s->d1->cookie_len)) {
                 al = SSL_AD_HANDSHAKE_FAILURE;
                 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
                 goto f_err;
author	Emilia Kasper <emilia@openssl.org>	2015-10-06 17:20:32 +0200
committer	Emilia Kasper <emilia@openssl.org>	2015-10-09 15:32:35 +0200
commit	310115448188415e270bb0bef958c7c130939838 (patch)
tree	4acce2a2cb0626327668858b21dc9f7811e803c5 /ssl/s3_srvr.c
parent	0f0cfbe24c07376a67b12048686baa318db2cd95 (diff)