Remove some remnants of SSLv2.

Change-Id: Id294821162c4c9ea6f2fce2a0be65bafcb616068 Reviewed-on: https://boringssl-review.googlesource.com/2311 Reviewed-by: Adam Langley <agl@google.com>
2014-11-17 03:23:24 -05:00 · 2014-11-17 03:23:24 -05:00 · 5e4f6e9247
commit 5e4f6e9247
parent 3087f6e594
5 changed files with 15 additions and 78 deletions
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@ -1185,9 +1185,7 @@ OPENSSL_EXPORT int ssl_get_new_session(SSL *s, int session);

 struct ssl_st
 	{
-	/* protocol version
-	 * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
-	 */
+	/* version is the protocol version. */
 	int version;
 	int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */

--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@ -330,11 +330,6 @@ static int ssl23_client_hello(SSL *s)
 			version_major = SSL3_VERSION_MAJOR;
 			version_minor = SSL3_VERSION_MINOR;
 			}
-		else if (version == SSL2_VERSION)
-			{
-			version_major = SSL2_VERSION_MAJOR;
-			version_minor = SSL2_VERSION_MINOR;
-			}
 		else
 			{
 			OPENSSL_PUT_ERROR(SSL, ssl23_client_hello, SSL_R_NO_PROTOCOLS_AVAILABLE);
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@ -259,9 +259,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx,const SSL_METHOD *meth)

 	sk=ssl_create_cipher_list(
 		ctx->method, &ctx->cipher_list, &ctx->cipher_list_by_id,
-		meth->version == SSL2_VERSION ?
-			"SSLv2" :
-			SSL_DEFAULT_CIPHER_LIST,
+		SSL_DEFAULT_CIPHER_LIST,
 		ctx->cert);

 	if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
@ -481,17 +479,6 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
 	r.ssl_version = ssl->version;
 	r.session_id_length = id_len;
 	memcpy(r.session_id, id, id_len);
-	/* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a
-	 * callback is calling us to check the uniqueness of a shorter ID, it
-	 * must be compared as a padded-out ID because that is what it will be
-	 * converted to when the callback has finished choosing it. */
-	if((r.ssl_version == SSL2_VERSION) &&
-			(id_len < SSL2_SSL_SESSION_ID_LENGTH))
-		{
-		memset(r.session_id + id_len, 0,
-			SSL2_SSL_SESSION_ID_LENGTH - id_len);
-		r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
-		}

 	CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
 	p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
@ -1952,7 +1939,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)

 	ssl_create_cipher_list(ret->method,
 		&ret->cipher_list,&ret->cipher_list_by_id,
-		meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST, ret->cert);
+		SSL_DEFAULT_CIPHER_LIST, ret->cert);
 	if (ret->cipher_list == NULL
 	    || sk_SSL_CIPHER_num(ret->cipher_list->ciphers) <= 0)
 		{
@ -2432,17 +2419,9 @@ int SSL_get_error(const SSL *s,int i)

 	if (i == 0)
 		{
-		if (s->version == SSL2_VERSION)
-			{
-			/* assume it is the socket being closed */
+		if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
+			(s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
 			return(SSL_ERROR_ZERO_RETURN);
-			}
-		else
-			{
-			if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
-				(s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
-				return(SSL_ERROR_ZERO_RETURN);
-			}
 		}
 	return(SSL_ERROR_SYSCALL);
 	}
@ -2526,8 +2505,6 @@ static const char *ssl_get_version(int version)
 		return("TLSv1");
 	else if (version == SSL3_VERSION)
 		return("SSLv3");
-	else if (version == SSL2_VERSION)
-		return("SSLv2");
 	else
 		return("unknown");
 	}
@ -3176,8 +3153,6 @@ int ssl_get_max_version(const SSL *s)
 		return TLS1_VERSION;
 	if (!(s->options & SSL_OP_NO_SSLv3))
 		return SSL3_VERSION;
-	if (!(s->options & SSL_OP_NO_SSLv2))
-		return SSL2_VERSION;
 	return 0;
 	}

--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@ -283,40 +283,15 @@ int ssl_get_new_session(SSL *s, int session)

 	if (session)
 		{
-		if (s->version == SSL2_VERSION)
+		if (s->version == SSL3_VERSION ||
+			s->version == TLS1_VERSION ||
+			s->version == TLS1_1_VERSION ||
+			s->version == TLS1_2_VERSION ||
+			s->version == DTLS1_VERSION ||
+			s->version == DTLS1_2_VERSION)
 			{
-			ss->ssl_version=SSL2_VERSION;
-			ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
-			}
-		else if (s->version == SSL3_VERSION)
-			{
-			ss->ssl_version=SSL3_VERSION;
-			ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
-			}
-		else if (s->version == TLS1_VERSION)
-			{
-			ss->ssl_version=TLS1_VERSION;
-			ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
-			}
-		else if (s->version == TLS1_1_VERSION)
-			{
-			ss->ssl_version=TLS1_1_VERSION;
-			ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
-			}
-		else if (s->version == TLS1_2_VERSION)
-			{
-			ss->ssl_version=TLS1_2_VERSION;
-			ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
-			}
-		else if (s->version == DTLS1_VERSION)
-			{
-			ss->ssl_version=DTLS1_VERSION;
-			ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
-			}
-		else if (s->version == DTLS1_2_VERSION)
-			{
-			ss->ssl_version=DTLS1_2_VERSION;
-			ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
+			ss->ssl_version = s->version;
+			ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
 			}
 		else
 			{
@ -355,11 +330,7 @@ int ssl_get_new_session(SSL *s, int session)
 			SSL_SESSION_free(ss);
 			return(0);
 			}
-		/* If the session length was shrunk and we're SSLv2, pad it */
-		if((tmp < ss->session_id_length) && (s->version == SSL2_VERSION))
-			memset(ss->session_id + tmp, 0, ss->session_id_length - tmp);
-		else
-			ss->session_id_length = tmp;
+		ss->session_id_length = tmp;
 		/* Finally, check for a conflict */
 		if(SSL_has_matching_session_id(s, ss->session_id,
 						ss->session_id_length))
--- a/ssl/ssl_txt.c
+++ b/ssl/ssl_txt.c
@ -112,9 +112,7 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)

 	if (x == NULL) goto err;
 	if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err;
-	if (x->ssl_version == SSL2_VERSION)
-		s="SSLv2";
-	else if (x->ssl_version == SSL3_VERSION)
+	if (x->ssl_version == SSL3_VERSION)
 		s="SSLv3";
 	else if (x->ssl_version == TLS1_2_VERSION)
 		s="TLSv1.2";