build,src: remove sslv2 support

SSLv2 has been deprecated and known broken for nearly twenty years now.

I made SSLv2 support opt-in well over a year ago in commit 39aa894 and
now this commit removes it entirely.

PR-URL: https://github.com/iojs/io.js/pull/290
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Rod Vagg <rod@vagg.org>

1 files changed, 8 insertions, 58 deletions

diff --git a/src/node_crypto_clienthello.cc b/src/node_crypto_clienthello.cc
index fd7ed798cb..0423049fd3 100644
--- a/src/node_crypto_clienthello.cc
+++ b/src/node_crypto_clienthello.cc
@@ -32,7 +32,6 @@ void ClientHelloParser::Parse(const uint8_t* data, size_t avail) {
         break;
       // Fall through
     case kTLSHeader:
-    case kSSL2Header:
       ParseHeader(data, avail);
       break;
     case kPaused:
@@ -59,20 +58,8 @@ bool ClientHelloParser::ParseRecordHeader(const uint8_t* data, size_t avail) {
     state_ = kTLSHeader;
     body_offset_ = 5;
   } else {
-#ifdef OPENSSL_NO_SSL2
-    frame_len_ = ((data[0] << 8) & kSSL2HeaderMask) + data[1];
-    state_ = kSSL2Header;
-    if (data[0] & kSSL2TwoByteHeaderBit) {
-      // header without padding
-      body_offset_ = 2;
-    } else {
-      // header with padding
-      body_offset_ = 3;
-    }
-#else
     End();
     return false;
-#endif  // OPENSSL_NO_SSL2
   }
 
   // Sanity check (too big frame, or too small)
@@ -85,12 +72,6 @@ bool ClientHelloParser::ParseRecordHeader(const uint8_t* data, size_t avail) {
   return true;
 }
 
-#ifdef OPENSSL_NO_SSL2
-# define NODE_SSL2_VER_CHECK(buf) false
-#else
-# define NODE_SSL2_VER_CHECK(buf) ((buf)[0] == 0x00 && (buf)[1] == 0x02)
-#endif  // OPENSSL_NO_SSL2
-
 
 void ClientHelloParser::ParseHeader(const uint8_t* data, size_t avail) {
   ClientHello hello;
@@ -99,24 +80,20 @@ void ClientHelloParser::ParseHeader(const uint8_t* data, size_t avail) {
   if (body_offset_ + frame_len_ > avail)
     return;
 
-  // Skip unsupported frames and gather some data from frame
-  // Check hello protocol version
-  if (!(data[body_offset_ + 4] == 0x03 && data[body_offset_ + 5] <= 0x03) &&
-      !NODE_SSL2_VER_CHECK(data + body_offset_ + 4)) {
+  // Check hello protocol version.  Protocol tuples that we know about:
+  //
+  // (3,0) SSL v3.0
+  // (3,1) TLS v1.0
+  // (3,2) TLS v1.1
+  // (3,3) TLS v1.2
+  //
+  if (data[body_offset_ + 4] != 0x03 || data[body_offset_ + 5] > 0x03)
     goto fail;
-  }
 
   if (data[body_offset_] == kClientHello) {
     if (state_ == kTLSHeader) {
       if (!ParseTLSClientHello(data, avail))
         goto fail;
-    } else if (state_ == kSSL2Header) {
-#ifdef OPENSSL_NO_SSL2
-      if (!ParseSSL2ClientHello(data, avail))
-        goto fail;
-#else
-      abort();  // Unreachable
-#endif  // OPENSSL_NO_SSL2
     } else {
       // We couldn't get here, but whatever
       goto fail;
@@ -145,9 +122,6 @@ void ClientHelloParser::ParseHeader(const uint8_t* data, size_t avail) {
 }
 
 
-#undef NODE_SSL2_VER_CHECK
-
-
 void ClientHelloParser::ParseExtension(ClientHelloParser::ExtensionType type,
                                        const uint8_t* data,
                                        size_t len) {
@@ -269,28 +243,4 @@ bool ClientHelloParser::ParseTLSClientHello(const uint8_t* data, size_t avail) {
   return true;
 }
 
-
-#ifdef OPENSSL_NO_SSL2
-bool ClientHelloParser::ParseSSL2ClientHello(const uint8_t* data,
-                                             size_t avail) {
-  const uint8_t* body;
-
-  // Skip header, version
-  size_t session_offset = body_offset_ + 3;
-
-  if (session_offset + 4 < avail) {
-    body = data + session_offset;
-
-    uint16_t ciphers_size = (body[0] << 8) + body[1];
-
-    if (body + 4 + ciphers_size < data + avail) {
-      session_size_ = (body[2] << 8) + body[3];
-      session_id_ = body + 4 + ciphers_size;
-    }
-  }
-
-  return true;
-}
-#endif  // OPENSSL_NO_SSL2
-
 }  // namespace node