diff options
author | Ben Noordhuis <info@bnoordhuis.nl> | 2015-01-11 01:53:20 +0100 |
---|---|---|
committer | Ben Noordhuis <info@bnoordhuis.nl> | 2015-01-11 16:07:45 +0100 |
commit | 26dd9e15bb9e913af38473a74e2a1049c21df29b (patch) | |
tree | 5220a842f45f490372a5a6d5390efa8152f35e82 /src/node_crypto_clienthello.cc | |
parent | 3ecad1d542fd44a3638d8d8397eeb59f7252b1d7 (diff) | |
download | android-node-v8-26dd9e15bb9e913af38473a74e2a1049c21df29b.tar.gz android-node-v8-26dd9e15bb9e913af38473a74e2a1049c21df29b.tar.bz2 android-node-v8-26dd9e15bb9e913af38473a74e2a1049c21df29b.zip |
build,src: remove sslv2 support
SSLv2 has been deprecated and known broken for nearly twenty years now.
I made SSLv2 support opt-in well over a year ago in commit 39aa894 and
now this commit removes it entirely.
PR-URL: https://github.com/iojs/io.js/pull/290
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Diffstat (limited to 'src/node_crypto_clienthello.cc')
-rw-r--r-- | src/node_crypto_clienthello.cc | 66 |
1 files changed, 8 insertions, 58 deletions
diff --git a/src/node_crypto_clienthello.cc b/src/node_crypto_clienthello.cc index fd7ed798cb..0423049fd3 100644 --- a/src/node_crypto_clienthello.cc +++ b/src/node_crypto_clienthello.cc @@ -32,7 +32,6 @@ void ClientHelloParser::Parse(const uint8_t* data, size_t avail) { break; // Fall through case kTLSHeader: - case kSSL2Header: ParseHeader(data, avail); break; case kPaused: @@ -59,20 +58,8 @@ bool ClientHelloParser::ParseRecordHeader(const uint8_t* data, size_t avail) { state_ = kTLSHeader; body_offset_ = 5; } else { -#ifdef OPENSSL_NO_SSL2 - frame_len_ = ((data[0] << 8) & kSSL2HeaderMask) + data[1]; - state_ = kSSL2Header; - if (data[0] & kSSL2TwoByteHeaderBit) { - // header without padding - body_offset_ = 2; - } else { - // header with padding - body_offset_ = 3; - } -#else End(); return false; -#endif // OPENSSL_NO_SSL2 } // Sanity check (too big frame, or too small) @@ -85,12 +72,6 @@ bool ClientHelloParser::ParseRecordHeader(const uint8_t* data, size_t avail) { return true; } -#ifdef OPENSSL_NO_SSL2 -# define NODE_SSL2_VER_CHECK(buf) false -#else -# define NODE_SSL2_VER_CHECK(buf) ((buf)[0] == 0x00 && (buf)[1] == 0x02) -#endif // OPENSSL_NO_SSL2 - void ClientHelloParser::ParseHeader(const uint8_t* data, size_t avail) { ClientHello hello; @@ -99,24 +80,20 @@ void ClientHelloParser::ParseHeader(const uint8_t* data, size_t avail) { if (body_offset_ + frame_len_ > avail) return; - // Skip unsupported frames and gather some data from frame - // Check hello protocol version - if (!(data[body_offset_ + 4] == 0x03 && data[body_offset_ + 5] <= 0x03) && - !NODE_SSL2_VER_CHECK(data + body_offset_ + 4)) { + // Check hello protocol version. Protocol tuples that we know about: + // + // (3,0) SSL v3.0 + // (3,1) TLS v1.0 + // (3,2) TLS v1.1 + // (3,3) TLS v1.2 + // + if (data[body_offset_ + 4] != 0x03 || data[body_offset_ + 5] > 0x03) goto fail; - } if (data[body_offset_] == kClientHello) { if (state_ == kTLSHeader) { if (!ParseTLSClientHello(data, avail)) goto fail; - } else if (state_ == kSSL2Header) { -#ifdef OPENSSL_NO_SSL2 - if (!ParseSSL2ClientHello(data, avail)) - goto fail; -#else - abort(); // Unreachable -#endif // OPENSSL_NO_SSL2 } else { // We couldn't get here, but whatever goto fail; @@ -145,9 +122,6 @@ void ClientHelloParser::ParseHeader(const uint8_t* data, size_t avail) { } -#undef NODE_SSL2_VER_CHECK - - void ClientHelloParser::ParseExtension(ClientHelloParser::ExtensionType type, const uint8_t* data, size_t len) { @@ -269,28 +243,4 @@ bool ClientHelloParser::ParseTLSClientHello(const uint8_t* data, size_t avail) { return true; } - -#ifdef OPENSSL_NO_SSL2 -bool ClientHelloParser::ParseSSL2ClientHello(const uint8_t* data, - size_t avail) { - const uint8_t* body; - - // Skip header, version - size_t session_offset = body_offset_ + 3; - - if (session_offset + 4 < avail) { - body = data + session_offset; - - uint16_t ciphers_size = (body[0] << 8) + body[1]; - - if (body + 4 + ciphers_size < data + avail) { - session_size_ = (body[2] << 8) + body[3]; - session_id_ = body + 4 + ciphers_size; - } - } - - return true; -} -#endif // OPENSSL_NO_SSL2 - } // namespace node |