commit 5ffeb7c22f367ba0094c3ef886ff6ec13ed63ded
author David Benjamin <davidben@chromium.org> Tue Jul 15 00:34:01 2014 -0400
committer Adam Langley <agl@google.com> Thu Jul 24 21:12:04 2014 +0000
tree 2ea35036c0d81915ae44c8f3ebee7f58610468e2
parent b9cc33a4d6d935f71c3e70af9718e716b00712e8

Remove two more quirks.

SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG and
SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG. Neither of them have code that's even
enabled.

Change-Id: I866aabe1aa37e8ee145aaeaecaff6704c3ad21bc
Reviewed-on: https://boringssl-review.googlesource.com/1284
Reviewed-by: Adam Langley <agl@google.com>

include/openssl/ssl.h

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 0257760..63307b4 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -501,7 +501,6 @@
 #define SSL_OP_NETSCAPE_CHALLENGE_BUG			0x00000002L
 /* Allow initial connection to servers that don't support RI */
 #define SSL_OP_LEGACY_SERVER_CONNECT			0x00000004L
-#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG		0x00000008L
 #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG		0x00000010L
 #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER		0x00000020L
 #define SSL_OP_SAFARI_ECDHE_ECDSA_BUG			0x00000040L
@@ -574,8 +573,6 @@
 #define SSL_OP_PKCS1_CHECK_1				0x0
 #define SSL_OP_PKCS1_CHECK_2				0x0
 
-#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG		0x40000000L
-
 /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
  * when just a single record has been written): */
 #define SSL_MODE_ENABLE_PARTIAL_WRITE       0x00000001L

ssl/s3_srvr.c

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 94720a8..761e4ce 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -146,8 +146,6 @@
  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
  * OTHERWISE. */
 
-/* Undefined in Google code. We've never enabled this workaround
- * #define REUSE_CIPHER_BUG */
 #define NETSCAPE_HANG_BUG
 
 #include <stdio.h>
@@ -1251,31 +1249,6 @@
 	else
 		{
 		/* Session-id reuse */
-#ifdef REUSE_CIPHER_BUG
-		STACK_OF(SSL_CIPHER) *sk;
-		SSL_CIPHER *nc=NULL;
-		SSL_CIPHER *ec=NULL;
-
-		if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
-			{
-			sk=s->session->ciphers;
-			for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
-				{
-				c=sk_SSL_CIPHER_value(sk,i);
-				if (c->algorithm_enc & SSL_eNULL)
-					nc=c;
-				if (SSL_C_IS_EXPORT(c))
-					ec=c;
-				}
-			if (nc != NULL)
-				s->s3->tmp.new_cipher=nc;
-			else if (ec != NULL)
-				s->s3->tmp.new_cipher=ec;
-			else
-				s->s3->tmp.new_cipher=s->session->cipher;
-			}
-		else
-#endif
 		s->s3->tmp.new_cipher=s->session->cipher;
 		}
 
@@ -1346,10 +1319,7 @@
 			{
 			/* Free s->session->ciphers in order to release memory. This
 			 * breaks SSL_get_shared_ciphers(), but many servers will
-			 * prefer the memory savings.
-			 *
-			 * It also breaks REUSE_CIPHER_BUG, which is disabled
-			 * in our build. */
+			 * prefer the memory savings. */
 			sk_SSL_CIPHER_free(s->session->ciphers);
 			s->session->ciphers = NULL;
 			}