Remove some unnecessary OPENSSL_FIPS references

[openssl.git] / ssl / s23_srvr.c

diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index 79d974f5a511977e1c75ebdc9d37cabcc5e25e56..08aa5b6cf0882366c014b47290177dcbf3393458 100644 (file)
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -115,21 +115,16 @@
 #include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 
 static const SSL_METHOD *ssl23_get_server_method(int ver);
 int ssl23_get_client_hello(SSL *s);
 static const SSL_METHOD *ssl23_get_server_method(int ver)
        {
-#ifndef OPENSSL_NO_SSL2
-       if (ver == SSL2_VERSION)
-               return(SSLv2_server_method());
-#endif
+#ifndef OPENSSL_NO_SSL3
        if (ver == SSL3_VERSION)
                return(SSLv3_server_method());
-       else if (ver == TLS1_VERSION)
+#endif
+       if (ver == TLS1_VERSION)
                return(TLSv1_server_method());
        else if (ver == TLS1_1_VERSION)
                return(TLSv1_1_server_method());
@@ -234,7 +229,6 @@ end:
        return(ret);
        }
 
-
 int ssl23_get_client_hello(SSL *s)
        {
        char buf_space[11]; /* Request this many bytes in initial read.
@@ -281,8 +275,6 @@ int ssl23_get_client_hello(SSL *s)
                                {
                                v[0]=p[3]; v[1]=p[4];
                                /* SSLv2 */
-                               if (!(s->options & SSL_OP_NO_SSLv2))
-                                       type=1;
                                }
                        else if (p[3] == SSL3_VERSION_MAJOR)
                                {
@@ -315,10 +307,6 @@ int ssl23_get_client_hello(SSL *s)
                                                /* type=2; */
                                                s->state=SSL23_ST_SR_CLNT_HELLO_B;
                                                }
-                                       else if (!(s->options & SSL_OP_NO_SSLv2))
-                                               {
-                                               type=1;
-                                               }
                                        }
                                else if (!(s->options & SSL_OP_NO_SSLv3))
                                        {
@@ -326,9 +314,6 @@ int ssl23_get_client_hello(SSL *s)
                                        /* type=2; */
                                        s->state=SSL23_ST_SR_CLNT_HELLO_B;
                                        }
-                               else if (!(s->options & SSL_OP_NO_SSLv2))
-                                       type=1;
-
                                }
                        }
                else if ((p[0] == SSL3_RT_HANDSHAKE) &&
@@ -431,14 +416,12 @@ int ssl23_get_client_hello(SSL *s)
                goto err;
                }
 
-#ifdef OPENSSL_FIPS
        if (FIPS_mode() && (s->version < TLS1_VERSION))
                {
                SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
                                        SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
                goto err;
                }
-#endif
 
        if (!ssl_security(s, SSL_SECOP_VERSION, 0, s->version, NULL))
                {
@@ -562,57 +545,17 @@ int ssl23_get_client_hello(SSL *s)
        /* imaginary new state (for program structure): */
        /* s->state = SSL23_SR_CLNT_HELLO_C */
 
-       if (type == 1)
+       if ((type == 2) || (type == 3))
                {
-#ifdef OPENSSL_NO_SSL2
-               SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
-               goto err;
-#else
-               /* we are talking sslv2 */
-               /* we need to clean up the SSLv3/TLSv1 setup and put in the
-                * sslv2 stuff. */
-
-               if (s->s2 == NULL)
-                       {
-                       if (!ssl2_new(s))
-                               goto err;
-                       }
-               else
-                       ssl2_clear(s);
-
-               if (s->s3 != NULL) ssl3_free(s);
-
-               if (!BUF_MEM_grow_clean(s->init_buf,
-                       SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
+               /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
+               const SSL_METHOD *new_method;
+               new_method = ssl23_get_server_method(s->version);
+               if (new_method == NULL)
                        {
+                       SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
                        goto err;
                        }
-
-               s->state=SSL2_ST_GET_CLIENT_HELLO_A;
-               if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
-                       s->s2->ssl2_rollback=0;
-               else
-                       /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
-                        * (SSL 3.0 draft/RFC 2246, App. E.2) */
-                       s->s2->ssl2_rollback=1;
-
-               /* setup the n bytes we have read so we get them from
-                * the sslv2 buffer */
-               s->rstate=SSL_ST_READ_HEADER;
-               s->packet_length=n;
-               s->packet= &(s->s2->rbuf[0]);
-               memcpy(s->packet,buf,n);
-               s->s2->rbuf_left=n;
-               s->s2->rbuf_offs=0;
-
-               s->method=SSLv2_server_method();
-               s->handshake_func=s->method->ssl_accept;
-#endif
-               }
-
-       if ((type == 2) || (type == 3))
-               {
-               /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
+               s->method = new_method;
 
                if (!ssl_init_wbio_buffer(s,1)) goto err;
 
@@ -640,21 +583,12 @@ int ssl23_get_client_hello(SSL *s)
                        s->s3->rbuf.left=0;
                        s->s3->rbuf.offset=0;
                        }
-               if (s->version == TLS1_2_VERSION)
-                       s->method = TLSv1_2_server_method();
-               else if (s->version == TLS1_1_VERSION)
-                       s->method = TLSv1_1_server_method();
-               else if (s->version == TLS1_VERSION)
-                       s->method = TLSv1_server_method();
-               else
-                       s->method = SSLv3_server_method();
 #if 0 /* ssl3_get_client_hello does this */
                s->client_version=(v[0]<<8)|v[1];
 #endif
                s->handshake_func=s->method->ssl_accept;
                }
-       
-       if ((type < 1) || (type > 3))
+       else
                {
                /* bad, very bad */
                SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL);