Remove create_empty_fragment from do_dtls1_write()

do_dtls1_write() was never called with a value for create_empty_fragment that was ever non-zero - so this is dead code and can be removed. The equivalent code in the TLS processing is used for TLS1.0/SSLv3 to protect against known IV weaknesses because those protocol versions do not have an explicit IV. However DTLS1.0 is based on TLSv1.1 and *does* have an explicit IV - so this is not useful there. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19424)
2024-12-03 23:14:37 +08:00 · 2022-10-06 13:18:43 +01:00 · 2022-10-06 13:18:43 +01:00 · 22d6e8547f
commit 22d6e8547f
parent 706fc5f6eb
3 changed files with 5 additions and 14 deletions
--- a/ssl/d1_msg.c
+++ b/ssl/d1_msg.c
@ -54,7 +54,7 @@ int dtls1_dispatch_alert(SSL *ssl)
    *ptr++ = s->s3.send_alert[0];
    *ptr++ = s->s3.send_alert[1];

-    i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0, &written);
+    i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), &written);
    if (i <= 0) {
        s->s3.alert_dispatch = 1;
        /* fprintf(stderr, "not done with alert\n"); */
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@ -629,7 +629,7 @@ int dtls1_write_bytes(SSL_CONNECTION *s, int type, const void *buf,
        return -1;
    }
    s->rwstate = SSL_NOTHING;
-    i = do_dtls1_write(s, type, buf, len, 0, written);
+    i = do_dtls1_write(s, type, buf, len, written);
    return i;
 }

@ -714,7 +714,7 @@ static int ssl3_write_pending(SSL_CONNECTION *s, int type,
 }

 int do_dtls1_write(SSL_CONNECTION *sc, int type, const unsigned char *buf,
-                   size_t len, int create_empty_fragment, size_t *written)
+                   size_t len, size_t *written)
 {
    unsigned char *p, *pseq;
    int i, mac_size, clear = 0;
@ -744,7 +744,7 @@ int do_dtls1_write(SSL_CONNECTION *sc, int type, const unsigned char *buf,
        /* if it went, fall through and send more stuff */
    }

-    if (len == 0 && !create_empty_fragment)
+    if (len == 0)
        return 0;

    if (len > ssl_get_max_send_fragment(sc)) {
@ -899,15 +899,6 @@ int do_dtls1_write(SSL_CONNECTION *sc, int type, const unsigned char *buf,

    ssl3_record_sequence_update(&(sc->rlayer.write_sequence[0]));

-    if (create_empty_fragment) {
-        /*
-         * we are in a recursive call; just return the length, don't write
-         * out anything here
-         */
-        *written = wr.length;
-        return 1;
-    }
-
    /* now let's set up wb */
    SSL3_BUFFER_set_left(wb, prefix_len + SSL3_RECORD_get_length(&wr));
    SSL3_BUFFER_set_offset(wb, 0);
--- a/ssl/record/record.h
+++ b/ssl/record/record.h
@ -244,7 +244,7 @@ __owur int dtls1_read_bytes(SSL *s, int type, int *recvd_type,
 __owur int dtls1_write_bytes(SSL_CONNECTION *s, int type, const void *buf,
                             size_t len, size_t *written);
 int do_dtls1_write(SSL_CONNECTION *s, int type, const unsigned char *buf,
-                   size_t len, int create_empty_fragment, size_t *written);
+                   size_t len, size_t *written);
 void dtls1_reset_seq_numbers(SSL_CONNECTION *s, int rw);
 void ssl_release_record(SSL_CONNECTION *s, TLS_RECORD *rr);