Remove SSL_OP_CISCO_ANYCONNECT. I see no internal users and the existence of a THIRD version encoding complicates all version-checking logic. Also convert another version check to SSL_IS_DTLS that was missed earlier. Change-Id: I60d215f57d44880f6e6877889307dc39dbf838f7 Reviewed-on: https://boringssl-review.googlesource.com/1550 Reviewed-by: Adam Langley <agl@google.com>
diff --git a/include/openssl/dtls1.h b/include/openssl/dtls1.h index cc91349..18fd136 100644 --- a/include/openssl/dtls1.h +++ b/include/openssl/dtls1.h
@@ -68,7 +68,6 @@ #define DTLS1_VERSION 0xFEFF -#define DTLS1_BAD_VER 0x0100 #define DTLS1_2_VERSION 0xFEFD /* Special value for method supporting multiple versions */ #define DTLS_ANY_VERSION 0x1FFFF
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index c48be73..e20a9fa 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h
@@ -530,8 +530,6 @@ #define SSL_OP_COOKIE_EXCHANGE 0x00002000L /* Don't use RFC4507 ticket extension */ #define SSL_OP_NO_TICKET 0x00004000L -/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */ -#define SSL_OP_CISCO_ANYCONNECT 0x00008000L /* As server, disallow session resumption on renegotiation */ #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
diff --git a/ssl/d1_both.c b/ssl/d1_both.c index aa7fe1f..3478e2e 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c
@@ -373,7 +373,7 @@ const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; int xlen; - if (frag_off == 0 && s->version != DTLS1_BAD_VER) + if (frag_off == 0) { /* reconstruct message header is if it * is being sent in single fragment */ @@ -464,10 +464,8 @@ s2n (msg_hdr->seq,p); l2n3(0,p); l2n3(msg_len,p); - if (s->version != DTLS1_BAD_VER) { - p -= DTLS1_HM_HEADER_LENGTH; - msg_len += DTLS1_HM_HEADER_LENGTH; - } + p -= DTLS1_HM_HEADER_LENGTH; + msg_len += DTLS1_HM_HEADER_LENGTH; ssl3_finish_mac(s, p, msg_len); if (s->msg_callback) @@ -951,12 +949,6 @@ s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; s->init_num=DTLS1_CCS_HEADER_LENGTH; - if (s->version == DTLS1_BAD_VER) { - s->d1->next_handshake_write_seq++; - s2n(s->d1->handshake_write_seq,p); - s->init_num+=2; - } - s->init_off=0; dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index e4f458e..b34ed42 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c
@@ -130,7 +130,7 @@ static const SSL_METHOD *dtls1_get_client_method(int ver) { - if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER) + if (ver == DTLS1_VERSION) return(DTLSv1_client_method()); else if (ver == DTLS1_2_VERSION) return(DTLSv1_2_client_method()); @@ -196,8 +196,7 @@ s->server=0; if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); - if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) && - (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00)) + if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00)) { OPENSSL_PUT_ERROR(SSL, dtls1_connect, ERR_R_INTERNAL_ERROR); ret = -1;
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index d4c3233..96ce496 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c
@@ -271,9 +271,7 @@ } ssl3_clear(s); - if (s->options & SSL_OP_CISCO_ANYCONNECT) - s->version=DTLS1_BAD_VER; - else if (s->method->version == DTLS_ANY_VERSION) + if (s->method->version == DTLS_ANY_VERSION) s->version=DTLS1_2_VERSION; else s->version=s->method->version;
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 161f939..e2855b8 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c
@@ -1101,9 +1101,6 @@ dtls1_get_ccs_header(rr->data, &ccs_hdr); - if (s->version == DTLS1_BAD_VER) - ccs_hdr_len = 3; - /* 'Change Cipher Spec' is just a single byte, so we know * exactly what the record payload has to look like */ /* XDTLS: check that epoch is consistent */ @@ -1138,9 +1135,6 @@ /* do this whenever CCS is processed */ dtls1_reset_seq_numbers(s, SSL3_CC_READ); - if (s->version == DTLS1_BAD_VER) - s->d1->handshake_read_seq++; - goto start; }
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 18d2470..33cd349 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c
@@ -327,8 +327,7 @@ s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A; /* HelloVerifyRequest resets Finished MAC */ - if (s->version != DTLS1_BAD_VER) - ssl3_init_finished_mac(s); + ssl3_init_finished_mac(s); break;
diff --git a/ssl/s3_both.c b/ssl/s3_both.c index f45ca62..d053354 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c
@@ -628,7 +628,7 @@ unsigned char *p; size_t len,align=0,headerlen; - if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) + if (SSL_IS_DTLS(s)) headerlen = DTLS1_RT_HEADER_LENGTH + 1; else headerlen = SSL3_RT_HEADER_LENGTH;
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 19a121d..f84d8d4 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c
@@ -1993,12 +1993,7 @@ } rsa=pkey->pkey.rsa; - /* TLS and [incidentally] DTLS{0xFEFF} - * - * TODO(davidben): Should this (and - * ssl3_send_client_key_exchange) include DTLS1_BAD_VER? - * Alternatively, get rid of DTLS1_BAD_VER? - */ + /* TLS and [incidentally] DTLS{0xFEFF} */ if (s->version > SSL3_VERSION) { CBS copy = client_key_exchange;
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 50d9190..a9f7f9e 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c
@@ -319,11 +319,6 @@ ss->ssl_version=TLS1_2_VERSION; ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; } - else if (s->version == DTLS1_BAD_VER) - { - ss->ssl_version=DTLS1_BAD_VER; - ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; - } else if (s->version == DTLS1_VERSION) { ss->ssl_version=DTLS1_VERSION;
diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c index 1b78c4b..bf33ce4 100644 --- a/ssl/ssl_txt.c +++ b/ssl/ssl_txt.c
@@ -126,8 +126,6 @@ s="DTLSv1"; else if (x->ssl_version == DTLS1_2_VERSION) s="DTLSv1.2"; - else if (x->ssl_version == DTLS1_BAD_VER) - s="DTLSv1-bad"; else s="unknown"; if (BIO_printf(bp," Protocol : %s\n",s) <= 0) goto err;