Remove some remnants of SSLv2.
Change-Id: Id294821162c4c9ea6f2fce2a0be65bafcb616068
Reviewed-on: https://boringssl-review.googlesource.com/2311
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index af3d55f..d3b8834 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1185,9 +1185,7 @@
struct ssl_st
{
- /* protocol version
- * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
- */
+ /* version is the protocol version. */
int version;
int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index ccb3e2c..efa3cd2 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -330,11 +330,6 @@
version_major = SSL3_VERSION_MAJOR;
version_minor = SSL3_VERSION_MINOR;
}
- else if (version == SSL2_VERSION)
- {
- version_major = SSL2_VERSION_MAJOR;
- version_minor = SSL2_VERSION_MINOR;
- }
else
{
OPENSSL_PUT_ERROR(SSL, ssl23_client_hello, SSL_R_NO_PROTOCOLS_AVAILABLE);
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 550080b..eb55a79 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -259,9 +259,7 @@
sk=ssl_create_cipher_list(
ctx->method, &ctx->cipher_list, &ctx->cipher_list_by_id,
- meth->version == SSL2_VERSION ?
- "SSLv2" :
- SSL_DEFAULT_CIPHER_LIST,
+ SSL_DEFAULT_CIPHER_LIST,
ctx->cert);
if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
@@ -481,17 +479,6 @@
r.ssl_version = ssl->version;
r.session_id_length = id_len;
memcpy(r.session_id, id, id_len);
- /* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a
- * callback is calling us to check the uniqueness of a shorter ID, it
- * must be compared as a padded-out ID because that is what it will be
- * converted to when the callback has finished choosing it. */
- if((r.ssl_version == SSL2_VERSION) &&
- (id_len < SSL2_SSL_SESSION_ID_LENGTH))
- {
- memset(r.session_id + id_len, 0,
- SSL2_SSL_SESSION_ID_LENGTH - id_len);
- r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
- }
CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
@@ -1952,7 +1939,7 @@
ssl_create_cipher_list(ret->method,
&ret->cipher_list,&ret->cipher_list_by_id,
- meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST, ret->cert);
+ SSL_DEFAULT_CIPHER_LIST, ret->cert);
if (ret->cipher_list == NULL
|| sk_SSL_CIPHER_num(ret->cipher_list->ciphers) <= 0)
{
@@ -2432,17 +2419,9 @@
if (i == 0)
{
- if (s->version == SSL2_VERSION)
- {
- /* assume it is the socket being closed */
+ if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
+ (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
return(SSL_ERROR_ZERO_RETURN);
- }
- else
- {
- if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
- (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
- return(SSL_ERROR_ZERO_RETURN);
- }
}
return(SSL_ERROR_SYSCALL);
}
@@ -2526,8 +2505,6 @@
return("TLSv1");
else if (version == SSL3_VERSION)
return("SSLv3");
- else if (version == SSL2_VERSION)
- return("SSLv2");
else
return("unknown");
}
@@ -3176,8 +3153,6 @@
return TLS1_VERSION;
if (!(s->options & SSL_OP_NO_SSLv3))
return SSL3_VERSION;
- if (!(s->options & SSL_OP_NO_SSLv2))
- return SSL2_VERSION;
return 0;
}
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 6b5f8c2..ee3daa9 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -283,40 +283,15 @@
if (session)
{
- if (s->version == SSL2_VERSION)
+ if (s->version == SSL3_VERSION ||
+ s->version == TLS1_VERSION ||
+ s->version == TLS1_1_VERSION ||
+ s->version == TLS1_2_VERSION ||
+ s->version == DTLS1_VERSION ||
+ s->version == DTLS1_2_VERSION)
{
- ss->ssl_version=SSL2_VERSION;
- ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
- }
- else if (s->version == SSL3_VERSION)
- {
- ss->ssl_version=SSL3_VERSION;
- ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
- }
- else if (s->version == TLS1_VERSION)
- {
- ss->ssl_version=TLS1_VERSION;
- ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
- }
- else if (s->version == TLS1_1_VERSION)
- {
- ss->ssl_version=TLS1_1_VERSION;
- ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
- }
- else if (s->version == TLS1_2_VERSION)
- {
- ss->ssl_version=TLS1_2_VERSION;
- ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
- }
- else if (s->version == DTLS1_VERSION)
- {
- ss->ssl_version=DTLS1_VERSION;
- ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
- }
- else if (s->version == DTLS1_2_VERSION)
- {
- ss->ssl_version=DTLS1_2_VERSION;
- ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
+ ss->ssl_version = s->version;
+ ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
}
else
{
@@ -355,11 +330,7 @@
SSL_SESSION_free(ss);
return(0);
}
- /* If the session length was shrunk and we're SSLv2, pad it */
- if((tmp < ss->session_id_length) && (s->version == SSL2_VERSION))
- memset(ss->session_id + tmp, 0, ss->session_id_length - tmp);
- else
- ss->session_id_length = tmp;
+ ss->session_id_length = tmp;
/* Finally, check for a conflict */
if(SSL_has_matching_session_id(s, ss->session_id,
ss->session_id_length))
diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c
index a341901..b91324e 100644
--- a/ssl/ssl_txt.c
+++ b/ssl/ssl_txt.c
@@ -112,9 +112,7 @@
if (x == NULL) goto err;
if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err;
- if (x->ssl_version == SSL2_VERSION)
- s="SSLv2";
- else if (x->ssl_version == SSL3_VERSION)
+ if (x->ssl_version == SSL3_VERSION)
s="SSLv3";
else if (x->ssl_version == TLS1_2_VERSION)
s="TLSv1.2";
