commit c59b9aace6612716764d4f2264cde0e5aae17eee
author David Benjamin <davidben@google.com> Mon Jul 16 21:34:03 2018 -0400
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Tue Jul 17 20:02:35 2018 +0000
tree f5a102dd254a16f0c2b87eb3c375c1f9bc86fed0
parent 8d1203d6c57e5d7edf39874233aee92870b8c3bd

Remove more remnants of SSLv3.

Mostly in comments, but there is one special-case around renegotiation_info
that can now be removed.

Change-Id: I2a9114cbff05e0cfff95fe93270fe42379728012
Reviewed-on: https://boringssl-review.googlesource.com/29824
Reviewed-by: Steven Valdez <svaldez@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/internal.h

diff --git a/ssl/internal.h b/ssl/internal.h
index 7f7ba2b..970a86a 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -3083,8 +3083,8 @@
   // progress.
   bssl::ssl_hs_wait_t (*do_handshake)(bssl::SSL_HANDSHAKE *hs) = nullptr;
 
-  bssl::SSL3_STATE *s3 = nullptr;   // SSLv3 variables
-  bssl::DTLS1_STATE *d1 = nullptr;  // DTLSv1 variables
+  bssl::SSL3_STATE *s3 = nullptr;   // TLS variables
+  bssl::DTLS1_STATE *d1 = nullptr;  // DTLS variables
 
   // callback that allows applications to peek at protocol messages
   void (*msg_callback)(int write_p, int version, int content_type,

ssl/ssl_cipher.cc

diff --git a/ssl/ssl_cipher.cc b/ssl/ssl_cipher.cc
index 02380c1..54459a1 100644
--- a/ssl/ssl_cipher.cc
+++ b/ssl/ssl_cipher.cc
@@ -1269,7 +1269,8 @@
 
 uint16_t ssl_cipher_get_value(const SSL_CIPHER *cipher) {
   uint32_t id = cipher->id;
-  // All ciphers are SSLv3.
+  // All OpenSSL cipher IDs are prefaced with 0x03. Historically this referred
+  // to SSLv2 vs SSLv3.
   assert((id & 0xff000000) == 0x03000000);
   return id & 0xffff;
 }

ssl/ssl_versions.cc

diff --git a/ssl/ssl_versions.cc b/ssl/ssl_versions.cc
index a5a7cd9..6a8143d 100644
--- a/ssl/ssl_versions.cc
+++ b/ssl/ssl_versions.cc
@@ -172,7 +172,7 @@
                             uint16_t version) {
   // Zero is interpreted as the default minimum version.
   if (version == 0) {
-    // SSL 3.0 is disabled by default and TLS 1.0 does not exist in DTLS.
+    // TLS 1.0 does not exist in DTLS.
     *out = method->is_dtls ? TLS1_1_VERSION : TLS1_VERSION;
     return true;
   }

ssl/t1_lib.cc

diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc
index 976cbb6..430b13d 100644
--- a/ssl/t1_lib.cc
+++ b/ssl/t1_lib.cc
@@ -3329,10 +3329,8 @@
     static_assert(kNumExtensions <= sizeof(hs->extensions.sent) * 8,
                   "too many bits");
 
-    if (!(hs->extensions.sent & (1u << ext_index)) &&
-        type != TLSEXT_TYPE_renegotiate) {
-      // If the extension was never sent then it is illegal, except for the
-      // renegotiation extension which, in SSL 3.0, is signaled via SCSV.
+    if (!(hs->extensions.sent & (1u << ext_index))) {
+      // If the extension was never sent then it is illegal.
       OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
       ERR_add_error_dataf("extension :%u", (unsigned)type);
       *out_alert = SSL_AD_UNSUPPORTED_EXTENSION;