Google Git
Sign in
boringssl / boringssl / 0eb17906ab03bd3f8d2e83bc08abf94caf0ff489^! / .
commit0eb17906ab03bd3f8d2e83bc08abf94caf0ff489[log] [tgz]
authorDavid Benjamin <davidben@chromium.org>Sun Jul 20 12:01:32 2014 -0400
committerAdam Langley <agl@google.com>Thu Jul 24 21:10:18 2014 +0000
tree6ac0b2b4b120b1ff12021b0d066f9b95d641267e
parentd23f412a8afd20e1d5e3459d775d4eab0e3158c8 [diff]
Remove support for sending V2ClientHello.

Accepting them as a server is still necessary, but this code is unreachable.
Without SSLv2 support, none of the cipher suites are SSLv2, so
ssl23_no_ssl2_ciphers always returns true and we send a V3ClientHello.

Change-Id: I09030f2c6e375660453c74e4f094d95e9908c3e1
Reviewed-on: https://boringssl-review.googlesource.com/1258
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index 2047a21..c95ea47 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c

@@ -248,21 +248,6 @@
 	return(ret);
 	}
 
-static int ssl23_no_ssl2_ciphers(SSL *s)
-	{
-	SSL_CIPHER *cipher;
-	STACK_OF(SSL_CIPHER) *ciphers;
-	int i;
-	ciphers = SSL_get_ciphers(s);
-	for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++)
-		{
-		cipher = sk_SSL_CIPHER_value(ciphers, i);
-		if (cipher->algorithm_ssl == SSL_SSLV2)
-			return 0;
-		}
-	return 1;
-	}
-
 /* Fill a ClientRandom or ServerRandom field of length len. Returns <= 0
  * on failure, 1 on success. */
 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
@@ -289,18 +274,12 @@
 	{
 	unsigned char *buf;
 	unsigned char *p,*d;
-	int i,ch_len;
+	int i;
 	unsigned long l;
-	int ssl2_compat;
 	int version = 0, version_major, version_minor;
 	int ret;
 	unsigned long mask, options = s->options;
 
-	ssl2_compat = (options & SSL_OP_NO_SSLv2) ? 0 : 1;
-
-	if (ssl2_compat && ssl23_no_ssl2_ciphers(s))
-		ssl2_compat = 0;
-
 	/*
 	 * SSL_OP_NO_X disables all protocols above X *if* there are
 	 * some protocols below X enabled. This is required in order
@@ -332,16 +311,6 @@
 	mask &= ~SSL_OP_NO_SSLv3;
 #endif
 
-	if (version != SSL2_VERSION)
-		{
-		/* have to disable SSL 2.0 compatibility if we need TLS extensions */
-
-		if (s->tlsext_hostname != NULL)
-			ssl2_compat = 0;
-		if (s->tlsext_status_type != -1)
-			ssl2_compat = 0;
-		}
-
 	buf=(unsigned char *)s->init_buf->data;
 	if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
 		{
@@ -395,161 +364,97 @@
 
 		s->client_version = version;
 
-		if (ssl2_compat)
+		/* create Client Hello in SSL 3.0/TLS 1.0 format */
+
+		/* do the record header (5 bytes) and handshake message
+		 * header (4 bytes) last. Note: the final argument to
+		 * ssl_add_clienthello_tlsext below depends on the size
+		 * of this prefix. */
+		d = p = &(buf[9]);
+			
+		*(p++) = version_major;
+		*(p++) = version_minor;
+
+		/* Random stuff */
+		memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
+		p += SSL3_RANDOM_SIZE;
+
+		/* Session ID (zero since there is no reuse) */
+		*(p++) = 0;
+
+		/* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
+		i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),ssl3_put_cipher_by_char);
+		if (i == 0)
 			{
-			/* create SSL 2.0 compatible Client Hello */
-
-			/* two byte record header will be written last */
-			d = &(buf[2]);
-			p = d + 9; /* leave space for message type, version, individual length fields */
-
-			*(d++) = SSL2_MT_CLIENT_HELLO;
-			*(d++) = version_major;
-			*(d++) = version_minor;
-			
-			/* Ciphers supported */
-			i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p,0);
-			if (i == 0)
-				{
-				/* no ciphers */
-				OPENSSL_PUT_ERROR(SSL, ssl23_client_hello, SSL_R_NO_CIPHERS_AVAILABLE);
-				return -1;
-				}
-			s2n(i,d);
-			p+=i;
-			
-			/* put in the session-id length (zero since there is no reuse) */
-#if 0
-			s->session->session_id_length=0;
-#endif
-			s2n(0,d);
-
-			if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
-				ch_len=SSL2_CHALLENGE_LENGTH;
-			else
-				ch_len=SSL2_MAX_CHALLENGE_LENGTH;
-
-			/* write out sslv2 challenge */
-			/* Note that ch_len must be <= SSL3_RANDOM_SIZE (32),
-			   because it is one of SSL2_MAX_CHALLENGE_LENGTH (32)
-			   or SSL2_MAX_CHALLENGE_LENGTH (16), but leave the
-			   check in for futurproofing */
-			if (SSL3_RANDOM_SIZE < ch_len)
-				i=SSL3_RANDOM_SIZE;
-			else
-				i=ch_len;
-			s2n(i,d);
-			memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
-			if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0)
-				return -1;
-
-			memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
-			p+=i;
-
-			i= p- &(buf[2]);
-			buf[0]=((i>>8)&0xff)|0x80;
-			buf[1]=(i&0xff);
-
-			/* number of bytes to write */
-			s->init_num=i+2;
-			s->init_off=0;
-
-			ssl3_finish_mac(s,&(buf[2]),i);
+			OPENSSL_PUT_ERROR(SSL, ssl23_client_hello, SSL_R_NO_CIPHERS_AVAILABLE);
+			return -1;
 			}
-		else
-			{
-			/* create Client Hello in SSL 3.0/TLS 1.0 format */
-
-			/* do the record header (5 bytes) and handshake message
-			 * header (4 bytes) last. Note: the final argument to
-			 * ssl_add_clienthello_tlsext below depends on the size
-			 * of this prefix. */
-			d = p = &(buf[9]);
-			
-			*(p++) = version_major;
-			*(p++) = version_minor;
-
-			/* Random stuff */
-			memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
-			p += SSL3_RANDOM_SIZE;
-
-			/* Session ID (zero since there is no reuse) */
-			*(p++) = 0;
-
-			/* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
-			i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),ssl3_put_cipher_by_char);
-			if (i == 0)
-				{
-				OPENSSL_PUT_ERROR(SSL, ssl23_client_hello, SSL_R_NO_CIPHERS_AVAILABLE);
-				return -1;
-				}
 #ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH
-			/* Some servers hang if client hello > 256 bytes
-			 * as hack workaround chop number of supported ciphers
-			 * to keep it well below this if we use TLS v1.2
-			 */
-			if (TLS1_get_version(s) >= TLS1_2_VERSION
-				&& i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
-				i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
+		/* Some servers hang if client hello > 256 bytes
+		 * as hack workaround chop number of supported ciphers
+		 * to keep it well below this if we use TLS v1.2
+		 */
+		if (TLS1_get_version(s) >= TLS1_2_VERSION
+			&& i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
+			i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
 #endif
-			s2n(i,p);
-			p+=i;
+		s2n(i,p);
+		p+=i;
 
-			/* COMPRESSION */
-			*(p++)=1;
-			*(p++)=0; /* Add the NULL method */
+		/* COMPRESSION */
+		*(p++)=1;
+		*(p++)=0; /* Add the NULL method */
 
-			/* TLS extensions*/
-			if (ssl_prepare_clienthello_tlsext(s) <= 0)
-				{
-				OPENSSL_PUT_ERROR(SSL, ssl23_client_hello, SSL_R_CLIENTHELLO_TLSEXT);
-				return -1;
-				}
-
-			/* The buffer includes the 5 byte record header, so
-			 * subtract it to compute hlen for
-			 * ssl_add_clienthello_tlsext. */
-			if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, p-buf-5)) == NULL)
-				{
-				OPENSSL_PUT_ERROR(SSL, ssl23_client_hello, ERR_R_INTERNAL_ERROR);
-				return -1;
-				}
-			
-			l = p-d;
-
-			/* fill in 4-byte handshake header */
-			d=&(buf[5]);
-			*(d++)=SSL3_MT_CLIENT_HELLO;
-			l2n3(l,d);
-
-			l += 4;
-
-			if (l > SSL3_RT_MAX_PLAIN_LENGTH)
-				{
-				OPENSSL_PUT_ERROR(SSL, ssl23_client_hello, ERR_R_INTERNAL_ERROR);
-				return -1;
-				}
-			
-			/* fill in 5-byte record header */
-			d=buf;
-			*(d++) = SSL3_RT_HANDSHAKE;
-			*(d++) = version_major;
-			/* Some servers hang if we use long client hellos
-			 * and a record number > TLS 1.0.
-			 */
-			if (TLS1_get_client_version(s) > TLS1_VERSION)
-				*(d++) = 1;
-			else
-				*(d++) = version_minor;
-			s2n((int)l,d);
-
-			/* number of bytes to write */
-			s->init_num=p-buf;
-			s->init_off=0;
-
-			ssl3_finish_mac(s,&(buf[5]), s->init_num - 5);
+		/* TLS extensions*/
+		if (ssl_prepare_clienthello_tlsext(s) <= 0)
+			{
+			OPENSSL_PUT_ERROR(SSL, ssl23_client_hello, SSL_R_CLIENTHELLO_TLSEXT);
+			return -1;
 			}
 
+		/* The buffer includes the 5 byte record header, so
+		 * subtract it to compute hlen for
+		 * ssl_add_clienthello_tlsext. */
+		if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, p-buf-5)) == NULL)
+			{
+			OPENSSL_PUT_ERROR(SSL, ssl23_client_hello, ERR_R_INTERNAL_ERROR);
+			return -1;
+			}
+			
+		l = p-d;
+
+		/* fill in 4-byte handshake header */
+		d=&(buf[5]);
+		*(d++)=SSL3_MT_CLIENT_HELLO;
+		l2n3(l,d);
+
+		l += 4;
+
+		if (l > SSL3_RT_MAX_PLAIN_LENGTH)
+			{
+			OPENSSL_PUT_ERROR(SSL, ssl23_client_hello, ERR_R_INTERNAL_ERROR);
+			return -1;
+			}
+
+		/* fill in 5-byte record header */
+		d=buf;
+		*(d++) = SSL3_RT_HANDSHAKE;
+		*(d++) = version_major;
+		/* Some servers hang if we use long client hellos
+		 * and a record number > TLS 1.0.
+		 */
+		if (TLS1_get_client_version(s) > TLS1_VERSION)
+			*(d++) = 1;
+		else
+			*(d++) = version_minor;
+		s2n((int)l,d);
+
+		/* number of bytes to write */
+		s->init_num=p-buf;
+		s->init_off=0;
+
+		ssl3_finish_mac(s,&(buf[5]), s->init_num - 5);
+
 		s->state=SSL23_ST_CW_CLNT_HELLO_B;
 		s->init_off=0;
 		}
@@ -561,13 +466,8 @@
 		{
 		/* Client Hello has been sent; tell msg_callback */
 
-		if (ssl2_compat)
-			s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg);
-		else
-			{
-			s->msg_callback(1, version, SSL3_RT_HEADER, s->init_buf->data, 5, s, s->msg_callback_arg);
-			s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data+5, ret-5, s, s->msg_callback_arg);
-			}
+		s->msg_callback(1, version, SSL3_RT_HEADER, s->init_buf->data, 5, s, s->msg_callback_arg);
+		s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data+5, ret-5, s, s->msg_callback_arg);
 		}
 
 	return ret;