From: Matt Caswell <matt@openssl.org>
Date: Thu, 6 Oct 2022 12:18:43 +0000 (+0100)
Subject: Remove create_empty_fragment from do_dtls1_write()
X-Git-Tag: openssl-3.2.0-alpha1~1889
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=22d6e8547f11dae2e4c026be93331e9acfe9b940;p=thirdparty%2Fopenssl.git

Remove create_empty_fragment from do_dtls1_write()

do_dtls1_write() was never called with a value for create_empty_fragment
that was ever non-zero - so this is dead code and can be removed. The
equivalent code in the TLS processing is used for TLS1.0/SSLv3 to protect
against known IV weaknesses because those protocol versions do not have
an explicit IV. However DTLS1.0 is based on TLSv1.1 and *does* have an
explicit IV - so this is not useful there.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
---

diff --git a/ssl/d1_msg.c b/ssl/d1_msg.c
index 1bb79743116..279435ca03e 100644
--- a/ssl/d1_msg.c
+++ b/ssl/d1_msg.c
@@ -54,7 +54,7 @@ int dtls1_dispatch_alert(SSL *ssl)
     *ptr++ = s->s3.send_alert[0];
     *ptr++ = s->s3.send_alert[1];
 
-    i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0, &written);
+    i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), &written);
     if (i <= 0) {
         s->s3.alert_dispatch = 1;
         /* fprintf(stderr, "not done with alert\n"); */
diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
index ad024522546..1d857bead57 100644
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -629,7 +629,7 @@ int dtls1_write_bytes(SSL_CONNECTION *s, int type, const void *buf,
         return -1;
     }
     s->rwstate = SSL_NOTHING;
-    i = do_dtls1_write(s, type, buf, len, 0, written);
+    i = do_dtls1_write(s, type, buf, len, written);
     return i;
 }
 
@@ -714,7 +714,7 @@ static int ssl3_write_pending(SSL_CONNECTION *s, int type,
 }
 
 int do_dtls1_write(SSL_CONNECTION *sc, int type, const unsigned char *buf,
-                   size_t len, int create_empty_fragment, size_t *written)
+                   size_t len, size_t *written)
 {
     unsigned char *p, *pseq;
     int i, mac_size, clear = 0;
@@ -744,7 +744,7 @@ int do_dtls1_write(SSL_CONNECTION *sc, int type, const unsigned char *buf,
         /* if it went, fall through and send more stuff */
     }
 
-    if (len == 0 && !create_empty_fragment)
+    if (len == 0)
         return 0;
 
     if (len > ssl_get_max_send_fragment(sc)) {
@@ -899,15 +899,6 @@ int do_dtls1_write(SSL_CONNECTION *sc, int type, const unsigned char *buf,
 
     ssl3_record_sequence_update(&(sc->rlayer.write_sequence[0]));
 
-    if (create_empty_fragment) {
-        /*
-         * we are in a recursive call; just return the length, don't write
-         * out anything here
-         */
-        *written = wr.length;
-        return 1;
-    }
-
     /* now let's set up wb */
     SSL3_BUFFER_set_left(wb, prefix_len + SSL3_RECORD_get_length(&wr));
     SSL3_BUFFER_set_offset(wb, 0);
diff --git a/ssl/record/record.h b/ssl/record/record.h
index 18a33d70dc0..501963756bd 100644
--- a/ssl/record/record.h
+++ b/ssl/record/record.h
@@ -244,7 +244,7 @@ __owur int dtls1_read_bytes(SSL *s, int type, int *recvd_type,
 __owur int dtls1_write_bytes(SSL_CONNECTION *s, int type, const void *buf,
                              size_t len, size_t *written);
 int do_dtls1_write(SSL_CONNECTION *s, int type, const unsigned char *buf,
-                   size_t len, int create_empty_fragment, size_t *written);
+                   size_t len, size_t *written);
 void dtls1_reset_seq_numbers(SSL_CONNECTION *s, int rw);
 void ssl_release_record(SSL_CONNECTION *s, TLS_RECORD *rr);