Remove SSL_OP_CISCO_ANYCONNECT.
I see no internal users and the existence of a THIRD version encoding
complicates all version-checking logic. Also convert another version check to
SSL_IS_DTLS that was missed earlier.
Change-Id: I60d215f57d44880f6e6877889307dc39dbf838f7
Reviewed-on: https://boringssl-review.googlesource.com/1550
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/include/openssl/dtls1.h b/include/openssl/dtls1.h
index cc91349..18fd136 100644
--- a/include/openssl/dtls1.h
+++ b/include/openssl/dtls1.h
@@ -68,7 +68,6 @@
#define DTLS1_VERSION 0xFEFF
-#define DTLS1_BAD_VER 0x0100
#define DTLS1_2_VERSION 0xFEFD
/* Special value for method supporting multiple versions */
#define DTLS_ANY_VERSION 0x1FFFF
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index c48be73..e20a9fa 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -530,8 +530,6 @@
#define SSL_OP_COOKIE_EXCHANGE 0x00002000L
/* Don't use RFC4507 ticket extension */
#define SSL_OP_NO_TICKET 0x00004000L
-/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */
-#define SSL_OP_CISCO_ANYCONNECT 0x00008000L
/* As server, disallow session resumption on renegotiation */
#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index aa7fe1f..3478e2e 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -373,7 +373,7 @@
const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
int xlen;
- if (frag_off == 0 && s->version != DTLS1_BAD_VER)
+ if (frag_off == 0)
{
/* reconstruct message header is if it
* is being sent in single fragment */
@@ -464,10 +464,8 @@
s2n (msg_hdr->seq,p);
l2n3(0,p);
l2n3(msg_len,p);
- if (s->version != DTLS1_BAD_VER) {
- p -= DTLS1_HM_HEADER_LENGTH;
- msg_len += DTLS1_HM_HEADER_LENGTH;
- }
+ p -= DTLS1_HM_HEADER_LENGTH;
+ msg_len += DTLS1_HM_HEADER_LENGTH;
ssl3_finish_mac(s, p, msg_len);
if (s->msg_callback)
@@ -951,12 +949,6 @@
s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
s->init_num=DTLS1_CCS_HEADER_LENGTH;
- if (s->version == DTLS1_BAD_VER) {
- s->d1->next_handshake_write_seq++;
- s2n(s->d1->handshake_write_seq,p);
- s->init_num+=2;
- }
-
s->init_off=0;
dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index e4f458e..b34ed42 100644
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -130,7 +130,7 @@
static const SSL_METHOD *dtls1_get_client_method(int ver)
{
- if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
+ if (ver == DTLS1_VERSION)
return(DTLSv1_client_method());
else if (ver == DTLS1_2_VERSION)
return(DTLSv1_2_client_method());
@@ -196,8 +196,7 @@
s->server=0;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
- if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) &&
- (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00))
+ if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00))
{
OPENSSL_PUT_ERROR(SSL, dtls1_connect, ERR_R_INTERNAL_ERROR);
ret = -1;
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index d4c3233..96ce496 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -271,9 +271,7 @@
}
ssl3_clear(s);
- if (s->options & SSL_OP_CISCO_ANYCONNECT)
- s->version=DTLS1_BAD_VER;
- else if (s->method->version == DTLS_ANY_VERSION)
+ if (s->method->version == DTLS_ANY_VERSION)
s->version=DTLS1_2_VERSION;
else
s->version=s->method->version;
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 161f939..e2855b8 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -1101,9 +1101,6 @@
dtls1_get_ccs_header(rr->data, &ccs_hdr);
- if (s->version == DTLS1_BAD_VER)
- ccs_hdr_len = 3;
-
/* 'Change Cipher Spec' is just a single byte, so we know
* exactly what the record payload has to look like */
/* XDTLS: check that epoch is consistent */
@@ -1138,9 +1135,6 @@
/* do this whenever CCS is processed */
dtls1_reset_seq_numbers(s, SSL3_CC_READ);
- if (s->version == DTLS1_BAD_VER)
- s->d1->handshake_read_seq++;
-
goto start;
}
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 18d2470..33cd349 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -327,8 +327,7 @@
s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
/* HelloVerifyRequest resets Finished MAC */
- if (s->version != DTLS1_BAD_VER)
- ssl3_init_finished_mac(s);
+ ssl3_init_finished_mac(s);
break;
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index f45ca62..d053354 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -628,7 +628,7 @@
unsigned char *p;
size_t len,align=0,headerlen;
- if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
+ if (SSL_IS_DTLS(s))
headerlen = DTLS1_RT_HEADER_LENGTH + 1;
else
headerlen = SSL3_RT_HEADER_LENGTH;
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 19a121d..f84d8d4 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1993,12 +1993,7 @@
}
rsa=pkey->pkey.rsa;
- /* TLS and [incidentally] DTLS{0xFEFF}
- *
- * TODO(davidben): Should this (and
- * ssl3_send_client_key_exchange) include DTLS1_BAD_VER?
- * Alternatively, get rid of DTLS1_BAD_VER?
- */
+ /* TLS and [incidentally] DTLS{0xFEFF} */
if (s->version > SSL3_VERSION)
{
CBS copy = client_key_exchange;
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 50d9190..a9f7f9e 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -319,11 +319,6 @@
ss->ssl_version=TLS1_2_VERSION;
ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
}
- else if (s->version == DTLS1_BAD_VER)
- {
- ss->ssl_version=DTLS1_BAD_VER;
- ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
- }
else if (s->version == DTLS1_VERSION)
{
ss->ssl_version=DTLS1_VERSION;
diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c
index 1b78c4b..bf33ce4 100644
--- a/ssl/ssl_txt.c
+++ b/ssl/ssl_txt.c
@@ -126,8 +126,6 @@
s="DTLSv1";
else if (x->ssl_version == DTLS1_2_VERSION)
s="DTLSv1.2";
- else if (x->ssl_version == DTLS1_BAD_VER)
- s="DTLSv1-bad";
else
s="unknown";
if (BIO_printf(bp," Protocol : %s\n",s) <= 0) goto err;
