is_v2_record = RECORD_LAYER_is_sslv2_record(&s->rlayer);
+ PACKET_null_init(&cookie);
/* First lets get s->client_version set correctly */
if (is_v2_record) {
unsigned int version;
PACKET_null_init(&compression);
PACKET_null_init(&extensions);
- /* We're never DTLS here but just play safe and initialize. */
- PACKET_null_init(&cookie);
} else {
/* Regular ClientHello. */
if (!PACKET_copy_bytes(&pkt, s->s3->client_random, SSL3_RANDOM_SIZE)
}
if (SSL_IS_DTLS(s)) {
- size_t cookie_len = PACKET_remaining(&cookie);
- /*
- * The ClientHello may contain a cookie even if the
- * HelloVerify message has not been sent--make sure that it
- * does not cause an overflow.
- */
- if (cookie_len > sizeof(s->d1->rcvd_cookie)) {
- /* too much data */
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
- goto f_err;
- }
-
- /* verify the cookie if appropriate option is set. */
- if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) && cookie_len > 0) {
- /* Get cookie */
- /*
- * TODO(openssl-team): rcvd_cookie appears unused outside this
- * function. Remove the field?
- */
- if (!PACKET_copy_bytes(&cookie, s->d1->rcvd_cookie, cookie_len)) {
- al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
- goto f_err;
- }
-
+ /* Empty cookie was already handled above by returning early. */
+ if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
if (s->ctx->app_verify_cookie_cb != NULL) {
- if (s->ctx->app_verify_cookie_cb(s, s->d1->rcvd_cookie,
- cookie_len) == 0) {
+ if (s->ctx->app_verify_cookie_cb(s, PACKET_data(&cookie),
+ PACKET_remaining(&cookie)) == 0) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
SSL_R_COOKIE_MISMATCH);
goto f_err;
+ /* else cookie verification succeeded */
}
- /* else cookie verification succeeded */
- }
/* default verification */
- else if (memcmp(s->d1->rcvd_cookie, s->d1->cookie,
- s->d1->cookie_len) != 0) {
+ } else if (!PACKET_equal(&cookie, s->d1->cookie,
+ s->d1->cookie_len)) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
goto f_err;
/* 3 = SSLV2_CIPHER_LEN > TLS_CIPHER_LEN = 2. */
unsigned char cipher[SSLV2_CIPHER_LEN];
- /*
- * Can this ever happen?
- * This method used to check for s->s3, but did so inconsistently.
- */
- if (s->s3 == NULL) {
- *al = SSL_AD_INTERNAL_ERROR;
- return NULL;
- }
-
s->s3->send_connection_binding = 0;
n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
while (PACKET_copy_bytes(cipher_suites, cipher, n)) {
/*
- * We only support SSLv2 format ciphers in SSLv3+ using a
- * SSLv2 backward compatible ClientHello. In this case the first
- * byte is always 0 for SSLv3 compatible ciphers. Anything else
- * is an SSLv2 cipher and we ignore it
+ * SSLv3 ciphers wrapped in an SSLv2-compatible ClientHello have the
+ * first byte set to zero, while true SSLv2 ciphers have a non-zero
+ * first byte. We don't support any true SSLv2 ciphers, so skip them.
*/
if (sslv2format && cipher[0] != '\0')
continue;