Remove more remnants of SSLv3.
Mostly in comments, but there is one special-case around renegotiation_info
that can now be removed.
Change-Id: I2a9114cbff05e0cfff95fe93270fe42379728012
Reviewed-on: https://boringssl-review.googlesource.com/29824
Reviewed-by: Steven Valdez <svaldez@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/crypto/cipher_extra/aead_test.cc b/crypto/cipher_extra/aead_test.cc
index 5e34ee3..996cb22 100644
--- a/crypto/cipher_extra/aead_test.cc
+++ b/crypto/cipher_extra/aead_test.cc
@@ -36,8 +36,8 @@
const char *test_vectors;
// limited_implementation indicates that tests that assume a generic AEAD
// interface should not be performed. For example, the key-wrap AEADs only
- // handle inputs that are a multiple of eight bytes in length and the
- // SSLv3/TLS AEADs have the concept of “direction”.
+ // handle inputs that are a multiple of eight bytes in length and the TLS CBC
+ // AEADs have the concept of “direction”.
bool limited_implementation;
// truncated_tags is true if the AEAD supports truncating tags to arbitrary
// lengths.
diff --git a/include/openssl/aead.h b/include/openssl/aead.h
index 342b841..620855e 100644
--- a/include/openssl/aead.h
+++ b/include/openssl/aead.h
@@ -399,7 +399,7 @@
// EVP_AEAD_CTX_get_iv sets |*out_len| to the length of the IV for |ctx| and
// sets |*out_iv| to point to that many bytes of the current IV. This is only
-// meaningful for AEADs with implicit IVs (i.e. CBC mode in SSLv3 and TLS 1.0).
+// meaningful for AEADs with implicit IVs (i.e. CBC mode in TLS 1.0).
//
// It returns one on success or zero on error.
OPENSSL_EXPORT int EVP_AEAD_CTX_get_iv(const EVP_AEAD_CTX *ctx,
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 5fe5853..cf424a7 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -185,7 +185,7 @@
// multiple threads. Once shared, functions which change the |SSL_CTX|'s
// configuration may not be used.
-// TLS_method is the |SSL_METHOD| used for TLS (and SSLv3) connections.
+// TLS_method is the |SSL_METHOD| used for TLS connections.
OPENSSL_EXPORT const SSL_METHOD *TLS_method(void);
// DTLS_method is the |SSL_METHOD| used for DTLS connections.
@@ -719,10 +719,10 @@
// and |SSL_CB_HANDSHAKE_DONE| from |SSL_CTX_set_info_callback|.
#define SSL_MODE_ENABLE_FALSE_START 0x00000080L
-// SSL_MODE_CBC_RECORD_SPLITTING causes multi-byte CBC records in SSL 3.0 and
-// TLS 1.0 to be split in two: the first record will contain a single byte and
-// the second will contain the remainder. This effectively randomises the IV and
-// prevents BEAST attacks.
+// SSL_MODE_CBC_RECORD_SPLITTING causes multi-byte CBC records in TLS 1.0 to be
+// split in two: the first record will contain a single byte and the second will
+// contain the remainder. This effectively randomises the IV and prevents BEAST
+// attacks.
#define SSL_MODE_CBC_RECORD_SPLITTING 0x00000100L
// SSL_MODE_NO_SESSION_CREATION will cause any attempts to create a session to
@@ -1588,7 +1588,7 @@
const uint8_t *in, size_t in_len, const SSL_CTX *ctx);
// SSL_SESSION_get_version returns a string describing the TLS or DTLS version
-// |session| was established at. For example, "TLSv1.2" or "SSLv3".
+// |session| was established at. For example, "TLSv1.2" or "DTLSv1".
OPENSSL_EXPORT const char *SSL_SESSION_get_version(const SSL_SESSION *session);
// SSL_SESSION_get_protocol_version returns the TLS or DTLS version |session|
@@ -3147,11 +3147,11 @@
// Alerts.
//
-// TLS and SSL 3.0 use alerts to signal error conditions. Alerts have a type
-// (warning or fatal) and description. OpenSSL internally handles fatal alerts
-// with dedicated error codes (see |SSL_AD_REASON_OFFSET|). Except for
-// close_notify, warning alerts are silently ignored and may only be surfaced
-// with |SSL_CTX_set_info_callback|.
+// TLS uses alerts to signal error conditions. Alerts have a type (warning or
+// fatal) and description. OpenSSL internally handles fatal alerts with
+// dedicated error codes (see |SSL_AD_REASON_OFFSET|). Except for close_notify,
+// warning alerts are silently ignored and may only be surfaced with
+// |SSL_CTX_set_info_callback|.
// SSL_AD_REASON_OFFSET is the offset between error reasons and |SSL_AD_*|
// values. Any error code under |ERR_LIB_SSL| with an error reason above this
@@ -3162,7 +3162,7 @@
// This value must be kept in sync with reservedReasonCode in make_errors.h
#define SSL_AD_REASON_OFFSET 1000
-// SSL_AD_* are alert descriptions for SSL 3.0 and TLS.
+// SSL_AD_* are alert descriptions.
#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY
#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE
#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC
@@ -3170,7 +3170,7 @@
#define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW
#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE
#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE
-#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE // Not used in TLS
+#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE // Legacy SSL 3.0 value
#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE
#define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE
#define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED
@@ -3250,7 +3250,7 @@
// SSL_get_ivs sets |*out_iv_len| to the length of the IVs for the ciphers
// underlying |ssl| and sets |*out_read_iv| and |*out_write_iv| to point to the
// current IVs for the read and write directions. This is only meaningful for
-// connections with implicit IVs (i.e. CBC mode with SSLv3 or TLS 1.0).
+// connections with implicit IVs (i.e. CBC mode with TLS 1.0).
//
// It returns one on success or zero on error.
OPENSSL_EXPORT int SSL_get_ivs(const SSL *ssl, const uint8_t **out_read_iv,
@@ -3994,7 +3994,7 @@
OPENSSL_EXPORT long SSL_get_default_timeout(const SSL *ssl);
// SSL_get_version returns a string describing the TLS version used by |ssl|.
-// For example, "TLSv1.2" or "SSLv3".
+// For example, "TLSv1.2" or "DTLSv1".
OPENSSL_EXPORT const char *SSL_get_version(const SSL *ssl);
// SSL_get_cipher_list returns the name of the |n|th cipher in the output of
@@ -4041,15 +4041,15 @@
// SSL_get_finished writes up to |count| bytes of the Finished message sent by
// |ssl| to |buf|. It returns the total untruncated length or zero if none has
- // been sent yet. At SSL 3.0 or TLS 1.3 and later, it returns zero.
+ // been sent yet. At TLS 1.3 and later, it returns zero.
//
// Use |SSL_get_tls_unique| instead.
OPENSSL_EXPORT size_t SSL_get_finished(const SSL *ssl, void *buf, size_t count);
// SSL_get_peer_finished writes up to |count| bytes of the Finished message
// received from |ssl|'s peer to |buf|. It returns the total untruncated length
- // or zero if none has been received yet. At SSL 3.0 or TLS 1.3 and later, it
- // returns zero.
+ // or zero if none has been received yet. At TLS 1.3 and later, it returns
+ // zero.
//
// Use |SSL_get_tls_unique| instead.
OPENSSL_EXPORT size_t SSL_get_peer_finished(const SSL *ssl, void *buf,
diff --git a/ssl/internal.h b/ssl/internal.h
index 7f7ba2b..970a86a 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -3083,8 +3083,8 @@
// progress.
bssl::ssl_hs_wait_t (*do_handshake)(bssl::SSL_HANDSHAKE *hs) = nullptr;
- bssl::SSL3_STATE *s3 = nullptr; // SSLv3 variables
- bssl::DTLS1_STATE *d1 = nullptr; // DTLSv1 variables
+ bssl::SSL3_STATE *s3 = nullptr; // TLS variables
+ bssl::DTLS1_STATE *d1 = nullptr; // DTLS variables
// callback that allows applications to peek at protocol messages
void (*msg_callback)(int write_p, int version, int content_type,
diff --git a/ssl/ssl_cipher.cc b/ssl/ssl_cipher.cc
index 02380c1..54459a1 100644
--- a/ssl/ssl_cipher.cc
+++ b/ssl/ssl_cipher.cc
@@ -1269,7 +1269,8 @@
uint16_t ssl_cipher_get_value(const SSL_CIPHER *cipher) {
uint32_t id = cipher->id;
- // All ciphers are SSLv3.
+ // All OpenSSL cipher IDs are prefaced with 0x03. Historically this referred
+ // to SSLv2 vs SSLv3.
assert((id & 0xff000000) == 0x03000000);
return id & 0xffff;
}
diff --git a/ssl/ssl_versions.cc b/ssl/ssl_versions.cc
index a5a7cd9..6a8143d 100644
--- a/ssl/ssl_versions.cc
+++ b/ssl/ssl_versions.cc
@@ -172,7 +172,7 @@
uint16_t version) {
// Zero is interpreted as the default minimum version.
if (version == 0) {
- // SSL 3.0 is disabled by default and TLS 1.0 does not exist in DTLS.
+ // TLS 1.0 does not exist in DTLS.
*out = method->is_dtls ? TLS1_1_VERSION : TLS1_VERSION;
return true;
}
diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc
index 976cbb6..430b13d 100644
--- a/ssl/t1_lib.cc
+++ b/ssl/t1_lib.cc
@@ -3329,10 +3329,8 @@
static_assert(kNumExtensions <= sizeof(hs->extensions.sent) * 8,
"too many bits");
- if (!(hs->extensions.sent & (1u << ext_index)) &&
- type != TLSEXT_TYPE_renegotiate) {
- // If the extension was never sent then it is illegal, except for the
- // renegotiation extension which, in SSL 3.0, is signaled via SCSV.
+ if (!(hs->extensions.sent & (1u << ext_index))) {
+ // If the extension was never sent then it is illegal.
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
ERR_add_error_dataf("extension :%u", (unsigned)type);
*out_alert = SSL_AD_UNSUPPORTED_EXTENSION;