From 45f55f6a5bdcec411ef08a6f8aae41d5d3d234ad Mon Sep 17 00:00:00 2001
From: Kurt Roeckx <kurt@roeckx.be>
Date: Sun, 30 Nov 2014 15:35:22 +0100
Subject: Remove SSLv2 support

The only support for SSLv2 left is receiving a SSLv2 compatible client hello.

Reviewed-by: Richard Levitte <levitte@openssl.org>
---
 util/bat.sh     |  1 -
 util/mk1mf.pl   | 10 ++--------
 util/mkdef.pl   |  6 +-----
 util/ssleay.num |  6 +++---
 4 files changed, 6 insertions(+), 17 deletions(-)

(limited to 'util')

diff --git a/util/bat.sh b/util/bat.sh
index 4d9a8287d0..459cd9f7e3 100755
--- a/util/bat.sh
+++ b/util/bat.sh
@@ -94,7 +94,6 @@ sub var_add
 	@a=grep(!/^e_.*_c$/,@a) if $no_cast;
 	@a=grep(!/^e_rc4$/,@a) if $no_rc4;
 
-	@a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2;
 	@a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3;
 
 	@a=grep(!/(_sock$)|(_acpt$)|(_conn$)|(^pxy_)/,@a) if $no_sock;
diff --git a/util/mk1mf.pl b/util/mk1mf.pl
index 0fcadcbad8..e83ef7d37d 100755
--- a/util/mk1mf.pl
+++ b/util/mk1mf.pl
@@ -136,7 +136,7 @@ and [options] can be one of
 	no-rc2 no-rc4 no-rc5 no-idea no-des     - Skip this symetric cipher
 	no-bf no-cast no-aes no-camellia no-seed
 	no-rsa no-dsa no-dh			- Skip this public key cipher
-	no-ssl2 no-ssl3				- Skip this version of SSL
+	no-ssl3					- Skip this version of SSL
 	just-ssl				- remove all non-ssl keys/digest
 	no-asm 					- No x86 asm
 	no-krb5					- No KRB5
@@ -180,9 +180,6 @@ $no_mdc2=1 if ($no_des);
 $no_ssl3=1 if ($no_md5 || $no_sha);
 $no_ssl3=1 if ($no_rsa && $no_dh);
 
-$no_ssl2=1 if ($no_md5);
-$no_ssl2=1 if ($no_rsa);
-
 $out_def="out";
 $inc_def="outinc";
 $tmp_def="tmp";
@@ -296,7 +293,6 @@ $cflags.=" -DOPENSSL_NO_DSA"  if $no_dsa;
 $cflags.=" -DOPENSSL_NO_DH"   if $no_dh;
 $cflags.=" -DOPENSSL_NO_WHIRLPOOL"   if $no_whirlpool;
 $cflags.=" -DOPENSSL_NO_SOCK" if $no_sock;
-$cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2;
 $cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3;
 $cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext;
 $cflags.=" -DOPENSSL_NO_SRP" if $no_srp;
@@ -1107,7 +1103,6 @@ sub var_add
 	@a=grep(!/^e_camellia$/,@a) if $no_camellia;
 	@a=grep(!/^e_seed$/,@a) if $no_seed;
 
-	#@a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2;
 	#@a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3;
 
 	@a=grep(!/(_sock$)|(_acpt$)|(_conn$)|(^pxy_)/,@a) if $no_sock;
@@ -1430,7 +1425,6 @@ sub read_options
 		"nw-nasm" => \$nw_nasm,
 		"nw-mwasm" => \$nw_mwasm,
 		"gaswin" => \$gaswin,
-		"no-ssl2" => \$no_ssl2,
 		"no-ssl3" => \$no_ssl3,
 		"no-ssl3-method" => 0,
 		"no-tlsext" => \$no_tlsext,
@@ -1451,7 +1445,7 @@ sub read_options
 		"just-ssl" =>
 			[\$no_rc2, \$no_idea, \$no_des, \$no_bf, \$no_cast,
 			  \$no_md2, \$no_sha, \$no_mdc2, \$no_dsa, \$no_dh,
-			  \$no_ssl2, \$no_err, \$no_ripemd, \$no_rc5,
+			  \$no_err, \$no_ripemd, \$no_rc5,
 			  \$no_aes, \$no_camellia, \$no_seed, \$no_srp],
 		"rsaref" => 0,
 		"gcc" => \$gcc,
diff --git a/util/mkdef.pl b/util/mkdef.pl
index 460d56523a..651fa6acd5 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -106,8 +106,6 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
 			 "CMS",
 			 # CryptoAPI Engine
 			 "CAPIENG",
-			 # SSL v2
-			 "SSL2",
 			 # SSL v3 method
 			 "SSL3_METHOD",
 			 # JPAKE
@@ -144,7 +142,7 @@ my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
 my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
 my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
 my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
-my $no_jpake; my $no_srp; my $no_ssl2; my $no_ec2m; my $no_nistp_gcc; 
+my $no_jpake; my $no_srp; my $no_ec2m; my $no_nistp_gcc; 
 my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace;
 my $no_unit_test; my $no_ssl3_method;
 
@@ -240,7 +238,6 @@ foreach (@ARGV, split(/ /, $options))
 	elsif (/^no-ec2m$/)	{ $no_ec2m=1; }
  	elsif (/^no-ec-nistp224-64-gcc-128$/)	{ $no_nistp_gcc=1; }
 	elsif (/^no-nextprotoneg$/)	{ $no_nextprotoneg=1; }
-	elsif (/^no-ssl2$/)	{ $no_ssl2=1; }
 	elsif (/^no-ssl3-method$/) { $no_ssl3_method=1; }
 	elsif (/^no-ssl-trace$/) { $no_ssl_trace=1; }
 	elsif (/^no-capieng$/)	{ $no_capieng=1; }
@@ -1212,7 +1209,6 @@ sub is_valid
 					{ return 0; }
 			if ($keyword eq "EC2M" && $no_ec2m) { return 0; }
 			if ($keyword eq "NEXTPROTONEG" && $no_nextprotoneg) { return 0; }
-			if ($keyword eq "SSL2" && $no_ssl2) { return 0; }
 			if ($keyword eq "SSL3_METHOD" && $no_ssl3_method) { return 0; }
 			if ($keyword eq "SSL_TRACE" && $no_ssl_trace) { return 0; }
 			if ($keyword eq "CAPIENG" && $no_capieng) { return 0; }
diff --git a/util/ssleay.num b/util/ssleay.num
index a289559c20..53dbe6dabb 100755
--- a/util/ssleay.num
+++ b/util/ssleay.num
@@ -98,9 +98,9 @@ SSLeay_add_ssl_algorithms               109	NOEXIST::FUNCTION:
 SSLv23_client_method                    110	EXIST::FUNCTION:RSA
 SSLv23_method                           111	EXIST::FUNCTION:RSA
 SSLv23_server_method                    112	EXIST::FUNCTION:RSA
-SSLv2_client_method                     113	EXIST::FUNCTION:RSA,SSL2
-SSLv2_method                            114	EXIST::FUNCTION:RSA,SSL2
-SSLv2_server_method                     115	EXIST::FUNCTION:RSA,SSL2
+SSLv2_client_method                     113	NOEXIST::FUNCTION:
+SSLv2_method                            114	NOEXIST::FUNCTION:
+SSLv2_server_method                     115	NOEXIST::FUNCTION:
 SSLv3_client_method                     116	EXIST::FUNCTION:SSL3_METHOD
 SSLv3_method                            117	EXIST::FUNCTION:SSL3_METHOD
 SSLv3_server_method                     118	EXIST::FUNCTION:SSL3_METHOD
-- 
cgit v1.2.3