Remove support for DTLS_BAD_VER. We do not support non-standard and

incomplete implementations just so that we can interoperate with products
from vendors who have not bothered to fix things in the last ~10 years.

ok bcook@ miod@

10 files changed, 23 insertions, 49 deletions

diff --git a/lib/libssl/src/ssl/d1_both.c b/lib/libssl/src/ssl/d1_both.c
index b479c61322e..567a0745358 100644
--- a/lib/libssl/src/ssl/d1_both.c
+++ b/lib/libssl/src/ssl/d1_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_both.c,v 1.34 2015/07/19 20:32:18 doug Exp $ */
+/* $OpenBSD: d1_both.c,v 1.35 2015/09/10 17:57:50 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -346,8 +346,7 @@ dtls1_do_write(SSL *s, int type)
 				const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
 				int xlen;
 
-				if (frag_off == 0 &&
-				    s->version != DTLS1_BAD_VER) {
+				if (frag_off == 0) {
 					/*
 					 * Reconstruct message header is if it
 					 * is being sent in single fragment
@@ -441,10 +440,9 @@ again:
 	s2n (msg_hdr->seq, p);
 	l2n3(0, p);
 	l2n3(msg_len, p);
-	if (s->version != DTLS1_BAD_VER) {
-		p -= DTLS1_HM_HEADER_LENGTH;
-		msg_len += DTLS1_HM_HEADER_LENGTH;
-	}
+
+	p -= DTLS1_HM_HEADER_LENGTH;
+	msg_len += DTLS1_HM_HEADER_LENGTH;
 
 	ssl3_finish_mac(s, p, msg_len);
 	if (s->msg_callback)
@@ -971,12 +969,6 @@ dtls1_send_change_cipher_spec(SSL *s, int a, int b)
 		s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
 		s->init_num = DTLS1_CCS_HEADER_LENGTH;
 
-		if (s->version == DTLS1_BAD_VER) {
-			s->d1->next_handshake_write_seq++;
-			s2n(s->d1->handshake_write_seq, p);
-			s->init_num += 2;
-		}
-
 		s->init_off = 0;
 
 		dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
diff --git a/lib/libssl/src/ssl/d1_clnt.c b/lib/libssl/src/ssl/d1_clnt.c
index 2b736b92439..5a755c3bbef 100644
--- a/lib/libssl/src/ssl/d1_clnt.c
+++ b/lib/libssl/src/ssl/d1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_clnt.c,v 1.49 2015/09/10 15:56:26 jsing Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.50 2015/09/10 17:57:50 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -171,7 +171,7 @@ DTLSv1_client_method(void)
 static const SSL_METHOD *
 dtls1_get_client_method(int ver)
 {
-	if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
+	if (ver == DTLS1_VERSION)
 		return (DTLSv1_client_method());
 	return (NULL);
 }
@@ -214,8 +214,7 @@ dtls1_connect(SSL *s)
 			if (cb != NULL)
 				cb(s, SSL_CB_HANDSHAKE_START, 1);
 
-			if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) &&
-			    (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00)) {
+			if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00)) {
 				SSLerr(SSL_F_DTLS1_CONNECT,
 				    ERR_R_INTERNAL_ERROR);
 				ret = -1;
diff --git a/lib/libssl/src/ssl/d1_lib.c b/lib/libssl/src/ssl/d1_lib.c
index e7eca4a8cd4..708f3d72064 100644
--- a/lib/libssl/src/ssl/d1_lib.c
+++ b/lib/libssl/src/ssl/d1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_lib.c,v 1.30 2015/09/10 15:56:26 jsing Exp $ */
+/* $OpenBSD: d1_lib.c,v 1.31 2015/09/10 17:57:50 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -246,10 +246,8 @@ dtls1_clear(SSL *s)
 	}
 
 	ssl3_clear(s);
-	if (s->options & SSL_OP_CISCO_ANYCONNECT)
-		s->version = DTLS1_BAD_VER;
-	else
-		s->version = DTLS1_VERSION;
+
+	s->version = DTLS1_VERSION;
 }
 
 long
diff --git a/lib/libssl/src/ssl/d1_pkt.c b/lib/libssl/src/ssl/d1_pkt.c
index c3574b43bd7..ca716a2222e 100644
--- a/lib/libssl/src/ssl/d1_pkt.c
+++ b/lib/libssl/src/ssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.46 2015/07/19 01:07:40 doug Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.47 2015/09/10 17:57:50 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -971,9 +971,6 @@ start:
 
 		dtls1_get_ccs_header(rr->data, &ccs_hdr);
 
-		if (s->version == DTLS1_BAD_VER)
-			ccs_hdr_len = 3;
-
 		/* 'Change Cipher Spec' is just a single byte, so we know
 		 * exactly what the record payload has to look like */
 		/* XDTLS: check that epoch is consistent */
@@ -1006,10 +1003,6 @@ start:
 		/* do this whenever CCS is processed */
 		dtls1_reset_seq_numbers(s, SSL3_CC_READ);
 
-		if (s->version == DTLS1_BAD_VER)
-			s->d1->handshake_read_seq++;
-
-
 		goto start;
 	}
 
diff --git a/lib/libssl/src/ssl/d1_srvr.c b/lib/libssl/src/ssl/d1_srvr.c
index 698292f33fc..e41c119b9c5 100644
--- a/lib/libssl/src/ssl/d1_srvr.c
+++ b/lib/libssl/src/ssl/d1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srvr.c,v 1.55 2015/06/18 22:51:05 doug Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.56 2015/09/10 17:57:50 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -335,11 +335,9 @@ dtls1_accept(SSL *s)
 			s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
 
 			/* HelloVerifyRequest resets Finished MAC */
-			if (s->version != DTLS1_BAD_VER) {
-				if (!ssl3_init_finished_mac(s)) {
-					ret = -1;
-					goto end;
-				}
+			if (!ssl3_init_finished_mac(s)) {
+				ret = -1;
+				goto end;
 			}
 			break;
 
diff --git a/lib/libssl/src/ssl/dtls1.h b/lib/libssl/src/ssl/dtls1.h
index 1d65dc58217..5aed28e99af 100644
--- a/lib/libssl/src/ssl/dtls1.h
+++ b/lib/libssl/src/ssl/dtls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: dtls1.h,v 1.17 2015/02/09 10:53:28 jsing Exp $ */
+/* $OpenBSD: dtls1.h,v 1.18 2015/09/10 17:57:50 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -73,7 +73,6 @@ extern "C" {
 #endif
 
 #define DTLS1_VERSION			0xFEFF
-#define DTLS1_BAD_VER			0x0100
 
 /* lengths of messages */
 #define DTLS1_COOKIE_LENGTH                     256
diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c
index b2c4f8e0d2b..4bbc160d587 100644
--- a/lib/libssl/src/ssl/s3_srvr.c
+++ b/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.116 2015/09/10 15:56:26 jsing Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.117 2015/09/10 17:57:50 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1650,7 +1650,7 @@ ssl3_get_client_key_exchange(SSL *s)
 		rsa = pkey->pkey.rsa;
 
 		/* TLS and [incidentally] DTLS{0xFEFF} */
-		if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER) {
+		if (s->version > SSL3_VERSION) {
 			if (2 > n)
 				goto truncated;
 			n2s(p, i);
diff --git a/lib/libssl/src/ssl/ssl.h b/lib/libssl/src/ssl/ssl.h
index e7873f5ed49..7c815df8e16 100644
--- a/lib/libssl/src/ssl/ssl.h
+++ b/lib/libssl/src/ssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.93 2015/08/27 06:21:15 doug Exp $ */
+/* $OpenBSD: ssl.h,v 1.94 2015/09/10 17:57:50 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -302,7 +302,6 @@ extern "C" {
 #define SSL_TXT_STREEBOG512		"STREEBOG512"
 
 #define SSL_TXT_DTLS1		"DTLSv1"
-#define SSL_TXT_DTLS1_BAD	"DTLSv1-bad"
 #define SSL_TXT_SSLV2		"SSLv2"
 #define SSL_TXT_SSLV3		"SSLv3"
 #define SSL_TXT_TLSV1		"TLSv1"
@@ -535,8 +534,6 @@ struct ssl_session_st {
 #define SSL_OP_COOKIE_EXCHANGE				0x00002000L
 /* Don't use RFC4507 ticket extension */
 #define SSL_OP_NO_TICKET				0x00004000L
-/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client)  */
-#define SSL_OP_CISCO_ANYCONNECT				0x00008000L
 
 /* As server, disallow session resumption on renegotiation */
 #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION	0x00010000L
@@ -590,6 +587,7 @@ struct ssl_session_st {
 #define SSL_OP_TLS_BLOCK_PADDING_BUG			0x0
 #define SSL_OP_TLS_D5_BUG				0x0
 #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER		0x0
+#define SSL_OP_CISCO_ANYCONNECT				0x0
 
 /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
  * when just a single record has been written): */
diff --git a/lib/libssl/src/ssl/ssl_lib.c b/lib/libssl/src/ssl/ssl_lib.c
index 8df885e9f77..7ace9fe688e 100644
--- a/lib/libssl/src/ssl/ssl_lib.c
+++ b/lib/libssl/src/ssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.107 2015/09/09 19:42:39 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.108 2015/09/10 17:57:50 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2545,8 +2545,6 @@ const char *
 ssl_version_string(int ver)
 {
 	switch (ver) {
-	case DTLS1_BAD_VER:
-		return (SSL_TXT_DTLS1_BAD);
 	case DTLS1_VERSION:
 		return (SSL_TXT_DTLS1);
 	case TLS1_VERSION:
diff --git a/lib/libssl/src/ssl/ssl_sess.c b/lib/libssl/src/ssl/ssl_sess.c
index 5d18c8a0b4e..7052e8aa56e 100644
--- a/lib/libssl/src/ssl/ssl_sess.c
+++ b/lib/libssl/src/ssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.47 2015/09/10 15:56:26 jsing Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.48 2015/09/10 17:57:50 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -303,7 +303,6 @@ ssl_get_new_session(SSL *s, int session)
 		case TLS1_VERSION:
 		case TLS1_1_VERSION:
 		case TLS1_2_VERSION:
-		case DTLS1_BAD_VER:
 		case DTLS1_VERSION:
 			ss->ssl_version = s->version;
 			ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;