From 07d70e2f624616050545c4fb6f6ba748c12b342e Mon Sep 17 00:00:00 2001
From: guenther <>
Date: Wed, 16 Apr 2014 15:10:07 +0000
Subject: Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from
 the SSLv23_* client code.  The server continues to accept it.  It also kills
 the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat
 handshake, the session that it creates has the correct version internally.

ok tedu@ beck@
---
 src/lib/libssl/ssl_lib.c | 84 ++++++++++++++++++------------------------------
 1 file changed, 32 insertions(+), 52 deletions(-)

(limited to 'src/lib/libssl/ssl_lib.c')

diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index b5ba0f4aac..a0882e4521 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -250,7 +250,7 @@ SSL_clear(SSL *s)
 	return (1);
 }
 
-/** Used to change an SSL_CTXs default SSL method type */
+/* Used to change an SSL_CTXs default SSL method type */
 int
 SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
 {
@@ -259,8 +259,7 @@ SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
 	ctx->method = meth;
 
 	sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list),
-	&(ctx->cipher_list_by_id),
-	meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
+	    &(ctx->cipher_list_by_id), SSL_DEFAULT_CIPHER_LIST);
 	if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
 		SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
 		return (0);
@@ -437,11 +436,13 @@ int
 SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
     unsigned int id_len)
 {
-	/* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
-	 * we can "construct" a session to give us the desired check - ie. to
-	 * find if there's a session in the hash table that would conflict with
-	 * any new session built out of this id/id_len and the ssl_version in
-	 * use by this SSL. */
+	/*
+	 * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp
+	 * shows how we can "construct" a session to give us the desired
+	 * check - ie. to find if there's a session in the hash table
+	 * that would conflict with any new session built out of this
+	 * id/id_len and the ssl_version in use by this SSL.
+	 */
 	SSL_SESSION r, *p;
 
 	if (id_len > sizeof r.session_id)
@@ -450,16 +451,6 @@ SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
 	r.ssl_version = ssl->version;
 	r.session_id_length = id_len;
 	memcpy(r.session_id, id, id_len);
-	/* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a
-	 * callback is calling us to check the uniqueness of a shorter ID, it
-	 * must be compared as a padded-out ID because that is what it will be
-	 * converted to when the callback has finished choosing it. */
-	if ((r.ssl_version == SSL2_VERSION) &&
-		(id_len < SSL2_SSL_SESSION_ID_LENGTH)) {
-		memset(r.session_id + id_len, 0,
-		SSL2_SSL_SESSION_ID_LENGTH - id_len);
-		r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
-	}
 
 	CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
 	p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
@@ -1777,11 +1768,10 @@ SSL_CTX
 	if (ret->cert_store == NULL)
 		goto err;
 
-	ssl_create_cipher_list(ret->method,
-	&ret->cipher_list, &ret->cipher_list_by_id,
-	meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
-	if (ret->cipher_list == NULL
-		|| sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
+	ssl_create_cipher_list(ret->method, &ret->cipher_list,
+	    &ret->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST);
+	if (ret->cipher_list == NULL ||
+	    sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
 		SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
 		goto err2;
 	}
@@ -1790,10 +1780,6 @@ SSL_CTX
 	if (!ret->param)
 		goto err;
 
-	if ((ret->rsa_md5 = EVP_get_digestbyname("ssl2-md5")) == NULL) {
-		SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
-		goto err2;
-	}
 	if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
 		SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
 		goto err2;
@@ -2483,15 +2469,16 @@ SSL_get_error(const SSL *s, int i)
 		if (BIO_should_read(bio))
 			return (SSL_ERROR_WANT_READ);
 		else if (BIO_should_write(bio))
-			/* This one doesn't make too much sense ... We never try
-			 * to write to the rbio, and an application program where
-			 * rbio and wbio are separate couldn't even know what it
-			 * should wait for.
-			 * However if we ever set s->rwstate incorrectly
-			 * (so that we have SSL_want_read(s) instead of
-			 * SSL_want_write(s)) and rbio and wbio *are* the same,
-			 * this test works around that bug; so it might be safer
-			 * to keep it. */
+			/*
+			 * This one doesn't make too much sense...  We never
+			 * try to write to the rbio, and an application
+			 * program where rbio and wbio are separate couldn't
+			 * even know what it should wait for.  However if we
+			 * ever set s->rwstate incorrectly (so that we have
+			 * SSL_want_read(s) instead of SSL_want_write(s))
+			 * and rbio and wbio *are* the same, this test works
+			 * around that bug; so it might be safer to keep it.
+			 */
 		return (SSL_ERROR_WANT_WRITE);
 		else if (BIO_should_io_special(bio)) {
 			reason = BIO_get_retry_reason(bio);
@@ -2526,14 +2513,9 @@ SSL_get_error(const SSL *s, int i)
 	}
 
 	if (i == 0) {
-		if (s->version == SSL2_VERSION) {
-			/* assume it is the socket being closed */
-			return (SSL_ERROR_ZERO_RETURN);
-		} else {
-			if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
-				(s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
-			return (SSL_ERROR_ZERO_RETURN);
-		}
+		if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
+		    (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
+		return (SSL_ERROR_ZERO_RETURN);
 	}
 	return (SSL_ERROR_SYSCALL);
 }
@@ -2605,15 +2587,15 @@ ssl_undefined_const_function(const SSL *s)
 	return (0);
 }
 
-SSL_METHOD
-*ssl_bad_method(int ver)
+SSL_METHOD *
+ssl_bad_method(int ver)
 {
 	SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
 	return (NULL);
 }
 
-const char
-*SSL_get_version(const SSL *s)
+const char *
+SSL_get_version(const SSL *s)
 {
 	if (s->version == TLS1_2_VERSION)
 		return("TLSv1.2");
@@ -2623,14 +2605,12 @@ const char
 		return("TLSv1");
 	else if (s->version == SSL3_VERSION)
 		return("SSLv3");
-	else if (s->version == SSL2_VERSION)
-		return("SSLv2");
 	else
 		return("unknown");
 }
 
-SSL
-*SSL_dup(SSL *s)
+SSL *
+SSL_dup(SSL *s)
 {
 	STACK_OF(X509_NAME) *sk;
 	X509_NAME *xn;
-- 
cgit v1.2.3-55-g6feb