Commit 31011544 authored by Emilia Kasper's avatar Emilia Kasper
Browse files

DTLS: remove unused cookie field 



Note that this commit constifies a user callback parameter and therefore
will break compilation for applications using this callback. But unless
they are abusing write access to the buffer, the fix is trivial.

Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
parent 0f0cfbe2

apps/s_apps.h

+1 −1
Original line number Diff line number Diff line
@@ -195,7 +195,7 @@ void tlsext_cb(SSL *s, int client_server, int type, unsigned char *data, 


int generate_cookie_callback(SSL *ssl, unsigned char *cookie,

                             unsigned int *cookie_len);

int verify_cookie_callback(SSL *ssl, unsigned char *cookie,

int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,

                           unsigned int cookie_len);



typedef struct ssl_excert_st SSL_EXCERT;

apps/s_cb.c

+1 −1
Original line number Diff line number Diff line
@@ -806,7 +806,7 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie, 
    return 1;

}



int verify_cookie_callback(SSL *ssl, unsigned char *cookie,

int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,

                           unsigned int cookie_len)

{

    unsigned char *buffer, result[EVP_MAX_MD_SIZE];

include/openssl/ssl.h

+1 −1
Original line number Diff line number Diff line
@@ -750,7 +750,7 @@ void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, 
                                                              *cookie_len));

void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,

                                  int (*app_verify_cookie_cb) (SSL *ssl,

                                                               unsigned char

                                                               const unsigned char

                                                               *cookie,

                                                               unsigned int

                                                               cookie_len));

ssl/d1_lib.c

+3 −3
Original line number Diff line number Diff line
@@ -723,9 +723,9 @@ int dtls1_listen(SSL *s, struct sockaddr *client) 
                /* This is fatal */

                return -1;

            }

            if (PACKET_remaining(&cookiepkt) > sizeof(s->d1->rcvd_cookie)

                || s->ctx->app_verify_cookie_cb(s, PACKET_data(&cookiepkt),

                    PACKET_remaining(&cookiepkt)) == 0) {

            if (s->ctx->app_verify_cookie_cb(s, PACKET_data(&cookiepkt),

                                             PACKET_remaining(&cookiepkt)) ==

                0) {

                /*

                 * We treat invalid cookies in the same was as no cookie as

                 * per RFC6347

ssl/packet_locl.h

+13 −0
Original line number Diff line number Diff line
@@ -62,6 +62,7 @@ 
# include <string.h>

# include <openssl/bn.h>

# include <openssl/buffer.h>

# include <openssl/crypto.h>

# include "e_os.h"



# ifdef __cplusplus
@@ -124,6 +125,18 @@ static inline void PACKET_null_init(PACKET *pkt) 
    pkt->remaining = 0;

}



/*

 * Returns 1 if the packet has length |num| and its contents equal the |num|

 * bytes read from |ptr|. Returns 0 otherwise (lengths or contents not equal).

 * If lengths are equal, performs the comparison in constant time.

 */

__owur static inline int PACKET_equal(const PACKET *pkt, const void *ptr,

                                      size_t num) {

    if (PACKET_remaining(pkt) != num)

        return 0;

    return CRYPTO_memcmp(pkt->curr, ptr, num) == 0;

}



/*

 * Peek ahead and initialize |subpkt| with the next |len| bytes read from |pkt|.

 * Data is not copied: the |subpkt| packet will share its underlying buffer with