Commit 94f98a90 authored by Matt Caswell's avatar Matt Caswell
Browse files

Remove cookie validation return value trick 



In the DTLS ClientHello processing the return value is stored in |ret| which
by default is -1. |ret| is only updated to a positive value once we are past
all points where we could hit an error. We wish to return 1 on success or 2
on success *and* we have validated the DTLS cookie. Previously on successful
validation of the cookie we were setting |ret| to -2, and then once we were
past all error points we set |ret = -ret|. This is non-obvious behaviour and
could be error prone. This commit tries to make this a bit more intuitive.

Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
parent 301a6dcd

ssl/s3_srvr.c

+4 −6
Original line number Diff line number Diff line
@@ -901,7 +901,7 @@ int ssl3_send_hello_request(SSL *s) 


int ssl3_get_client_hello(SSL *s)

{

    int i, j, ok, al = SSL_AD_INTERNAL_ERROR, ret = -1;

    int i, j, ok, al = SSL_AD_INTERNAL_ERROR, ret = -1, cookie_valid = 0;

    unsigned int cookie_len;

    long n;

    unsigned long id;
@@ -1094,8 +1094,7 @@ int ssl3_get_client_hello(SSL *s) 
                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);

                goto f_err;

            }

            /* Set to -2 so if successful we return 2 */

            ret = -2;

            cookie_valid = 1;

        }



        p += cookie_len;
@@ -1465,8 +1464,7 @@ int ssl3_get_client_hello(SSL *s) 
        }

    }



    if (ret < 0)

        ret = -ret;

    ret = cookie_valid ? 2 : 1;

    if (0) {

 f_err:

        ssl3_send_alert(s, SSL3_AL_FATAL, al);
@@ -1476,7 +1474,7 @@ int ssl3_get_client_hello(SSL *s) 


    if (ciphers != NULL)

        sk_SSL_CIPHER_free(ciphers);

    return ret < 0 ? -1 : ret;

    return ret;

}



int ssl3_send_server_hello(SSL *s)