Remove some remnants of SSLv2.

Change-Id: Id294821162c4c9ea6f2fce2a0be65bafcb616068 Reviewed-on: https://boringssl-review.googlesource.com/2311 Reviewed-by: Adam Langley <agl@google.com>
2014-11-17 03:23:24 -05:00 · 2014-11-17 03:23:24 -05:00 · 5e4f6e9247
commit 5e4f6e9247
parent 3087f6e594
5 changed files with 15 additions and 78 deletions
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@ -1185,9 +1185,7 @@ OPENSSL_EXPORT int ssl_get_new_session(SSL *s, int session);
 struct ssl_st
 	{
-	/* protocol version
+	/* version is the protocol version. */
 	 * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
 	 */
 	int version;
 	int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@ -330,11 +330,6 @@ static int ssl23_client_hello(SSL *s)
 			version_major = SSL3_VERSION_MAJOR;
 			version_minor = SSL3_VERSION_MINOR;
 			}
 		else if (version == SSL2_VERSION)
 			{
 			version_major = SSL2_VERSION_MAJOR;
 			version_minor = SSL2_VERSION_MINOR;
 			}
 		else
 			{
 			OPENSSL_PUT_ERROR(SSL, ssl23_client_hello, SSL_R_NO_PROTOCOLS_AVAILABLE);
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@ -259,9 +259,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx,const SSL_METHOD *meth)
 	sk=ssl_create_cipher_list(
 		ctx->method, &ctx->cipher_list, &ctx->cipher_list_by_id,
-		meth->version == SSL2_VERSION ?
+		SSL_DEFAULT_CIPHER_LIST,
 			"SSLv2" :
 			SSL_DEFAULT_CIPHER_LIST,
 		ctx->cert);
 	if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
@ -481,17 +479,6 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
 	r.ssl_version = ssl->version;
 	r.session_id_length = id_len;
 	memcpy(r.session_id, id, id_len);
 	/* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a
 	 * callback is calling us to check the uniqueness of a shorter ID, it
 	 * must be compared as a padded-out ID because that is what it will be
 	 * converted to when the callback has finished choosing it. */
 	if((r.ssl_version == SSL2_VERSION) &&
 			(id_len < SSL2_SSL_SESSION_ID_LENGTH))
 		{
 		memset(r.session_id + id_len, 0,
 			SSL2_SSL_SESSION_ID_LENGTH - id_len);
 		r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
 		}
 	CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
 	p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
@ -1952,7 +1939,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
 	ssl_create_cipher_list(ret->method,
 		&ret->cipher_list,&ret->cipher_list_by_id,
-		meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST, ret->cert);
+		SSL_DEFAULT_CIPHER_LIST, ret->cert);
 	if (ret->cipher_list == NULL
 	    || sk_SSL_CIPHER_num(ret->cipher_list->ciphers) <= 0)
 		{
@ -2432,17 +2419,9 @@ int SSL_get_error(const SSL *s,int i)
 	if (i == 0)
 		{
-		if (s->version == SSL2_VERSION)
+		if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
-			{
+			(s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
 			/* assume it is the socket being closed */
 			return(SSL_ERROR_ZERO_RETURN);
 			}
 		else
 			{
 			if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
 				(s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
 				return(SSL_ERROR_ZERO_RETURN);
 			}
 		}
 	return(SSL_ERROR_SYSCALL);
 	}
@ -2526,8 +2505,6 @@ static const char *ssl_get_version(int version)
 		return("TLSv1");
 	else if (version == SSL3_VERSION)
 		return("SSLv3");
 	else if (version == SSL2_VERSION)
 		return("SSLv2");
 	else
 		return("unknown");
 	}
@ -3176,8 +3153,6 @@ int ssl_get_max_version(const SSL *s)
 		return TLS1_VERSION;
 	if (!(s->options & SSL_OP_NO_SSLv3))
 		return SSL3_VERSION;
 	if (!(s->options & SSL_OP_NO_SSLv2))
 		return SSL2_VERSION;
 	return 0;
 	}
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@ -283,40 +283,15 @@ int ssl_get_new_session(SSL *s, int session)
 	if (session)
 		{
-		if (s->version == SSL2_VERSION)
+		if (s->version == SSL3_VERSION ||
 			s->version == TLS1_VERSION ||
 			s->version == TLS1_1_VERSION ||
 			s->version == TLS1_2_VERSION ||
 			s->version == DTLS1_VERSION ||
 			s->version == DTLS1_2_VERSION)
 			{
-			ss->ssl_version=SSL2_VERSION;
+			ss->ssl_version = s->version;
-			ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
+			ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
 			}
 		else if (s->version == SSL3_VERSION)
 			{
 			ss->ssl_version=SSL3_VERSION;
 			ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
 			}
 		else if (s->version == TLS1_VERSION)
 			{
 			ss->ssl_version=TLS1_VERSION;
 			ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
 			}
 		else if (s->version == TLS1_1_VERSION)
 			{
 			ss->ssl_version=TLS1_1_VERSION;
 			ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
 			}
 		else if (s->version == TLS1_2_VERSION)
 			{
 			ss->ssl_version=TLS1_2_VERSION;
 			ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
 			}
 		else if (s->version == DTLS1_VERSION)
 			{
 			ss->ssl_version=DTLS1_VERSION;
 			ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
 			}
 		else if (s->version == DTLS1_2_VERSION)
 			{
 			ss->ssl_version=DTLS1_2_VERSION;
 			ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
 			}
 		else
 			{
@ -355,11 +330,7 @@ int ssl_get_new_session(SSL *s, int session)
 			SSL_SESSION_free(ss);
 			return(0);
 			}
-		/* If the session length was shrunk and we're SSLv2, pad it */
+		ss->session_id_length = tmp;
 		if((tmp < ss->session_id_length) && (s->version == SSL2_VERSION))
 			memset(ss->session_id + tmp, 0, ss->session_id_length - tmp);
 		else
 			ss->session_id_length = tmp;
 		/* Finally, check for a conflict */
 		if(SSL_has_matching_session_id(s, ss->session_id,
 						ss->session_id_length))
--- a/ssl/ssl_txt.c
+++ b/ssl/ssl_txt.c
@ -112,9 +112,7 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
 	if (x == NULL) goto err;
 	if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err;
-	if (x->ssl_version == SSL2_VERSION)
+	if (x->ssl_version == SSL3_VERSION)
 		s="SSLv2";
 	else if (x->ssl_version == SSL3_VERSION)
 		s="SSLv3";
 	else if (x->ssl_version == TLS1_2_VERSION)
 		s="TLSv1.2";