diff --git a/ssl/internal.h b/ssl/internal.h index 8a5ebe96..03240613 100644 --- a/ssl/internal.h +++ b/ssl/internal.h @@ -856,7 +856,6 @@ struct ssl3_enc_method { const uint8_t *seed2, size_t seed2_len); int (*final_finish_mac)(SSL *ssl, int from_server, uint8_t *out); int (*cert_verify_mac)(SSL *, int, uint8_t *); - int (*alert_value)(int); }; #define SSL_HM_HEADER_LENGTH(ssl) ssl->method->hhlen diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 16c2a315..a25877ca 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -386,109 +386,10 @@ static int ssl3_handshake_mac(SSL *ssl, int md_nid, const char *sender, return ret; } -static int ssl3_alert_code(int code) { - switch (code) { - case SSL_AD_CLOSE_NOTIFY: - return SSL3_AD_CLOSE_NOTIFY; - case SSL_AD_UNEXPECTED_MESSAGE: - return SSL3_AD_UNEXPECTED_MESSAGE; - - case SSL_AD_BAD_RECORD_MAC: - return SSL3_AD_BAD_RECORD_MAC; - - case SSL_AD_DECRYPTION_FAILED: - return SSL3_AD_BAD_RECORD_MAC; - - case SSL_AD_RECORD_OVERFLOW: - return SSL3_AD_BAD_RECORD_MAC; - - case SSL_AD_DECOMPRESSION_FAILURE: - return SSL3_AD_DECOMPRESSION_FAILURE; - - case SSL_AD_HANDSHAKE_FAILURE: - return SSL3_AD_HANDSHAKE_FAILURE; - - case SSL_AD_NO_CERTIFICATE: - return SSL3_AD_NO_CERTIFICATE; - - case SSL_AD_BAD_CERTIFICATE: - return SSL3_AD_BAD_CERTIFICATE; - - case SSL_AD_UNSUPPORTED_CERTIFICATE: - return SSL3_AD_UNSUPPORTED_CERTIFICATE; - - case SSL_AD_CERTIFICATE_REVOKED: - return SSL3_AD_CERTIFICATE_REVOKED; - - case SSL_AD_CERTIFICATE_EXPIRED: - return SSL3_AD_CERTIFICATE_EXPIRED; - - case SSL_AD_CERTIFICATE_UNKNOWN: - return SSL3_AD_CERTIFICATE_UNKNOWN; - - case SSL_AD_ILLEGAL_PARAMETER: - return SSL3_AD_ILLEGAL_PARAMETER; - - case SSL_AD_UNKNOWN_CA: - return SSL3_AD_BAD_CERTIFICATE; - - case SSL_AD_ACCESS_DENIED: - return SSL3_AD_HANDSHAKE_FAILURE; - - case SSL_AD_DECODE_ERROR: - return SSL3_AD_HANDSHAKE_FAILURE; - - case SSL_AD_DECRYPT_ERROR: - return SSL3_AD_HANDSHAKE_FAILURE; - - case SSL_AD_EXPORT_RESTRICTION: - return SSL3_AD_HANDSHAKE_FAILURE; - - case SSL_AD_PROTOCOL_VERSION: - return SSL3_AD_HANDSHAKE_FAILURE; - - case SSL_AD_INSUFFICIENT_SECURITY: - return SSL3_AD_HANDSHAKE_FAILURE; - - case SSL_AD_INTERNAL_ERROR: - return SSL3_AD_HANDSHAKE_FAILURE; - - case SSL_AD_USER_CANCELLED: - return SSL3_AD_HANDSHAKE_FAILURE; - - case SSL_AD_NO_RENEGOTIATION: - return -1; /* Don't send it. */ - - case SSL_AD_UNSUPPORTED_EXTENSION: - return SSL3_AD_HANDSHAKE_FAILURE; - - case SSL_AD_CERTIFICATE_UNOBTAINABLE: - return SSL3_AD_HANDSHAKE_FAILURE; - - case SSL_AD_UNRECOGNIZED_NAME: - return SSL3_AD_HANDSHAKE_FAILURE; - - case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: - return SSL3_AD_HANDSHAKE_FAILURE; - - case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: - return SSL3_AD_HANDSHAKE_FAILURE; - - case SSL_AD_UNKNOWN_PSK_IDENTITY: - return TLS1_AD_UNKNOWN_PSK_IDENTITY; - - case SSL_AD_INAPPROPRIATE_FALLBACK: - return SSL3_AD_INAPPROPRIATE_FALLBACK; - - default: - return -1; - } -} const SSL3_ENC_METHOD SSLv3_enc_data = { ssl3_prf, ssl3_final_finish_mac, ssl3_cert_verify_mac, - ssl3_alert_code, }; diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 51084d33..81d163e8 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -638,16 +638,6 @@ err: } int ssl3_send_alert(SSL *ssl, int level, int desc) { - /* Map tls/ssl alert value to correct one */ - desc = ssl->enc_method->alert_value(desc); - if (ssl->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION) { - /* SSL 3.0 does not have protocol_version alerts */ - desc = SSL_AD_HANDSHAKE_FAILURE; - } - if (desc < 0) { - return -1; - } - /* If a fatal one, remove from cache */ if (level == 2 && ssl->session != NULL) { SSL_CTX_remove_session(ssl->ctx, ssl->session); diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index c728a0ac..39711d51 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -554,108 +554,8 @@ int SSL_export_keying_material(SSL *ssl, uint8_t *out, size_t out_len, return ret; } -static int tls1_alert_code(int code) { - switch (code) { - case SSL_AD_CLOSE_NOTIFY: - return SSL3_AD_CLOSE_NOTIFY; - - case SSL_AD_UNEXPECTED_MESSAGE: - return SSL3_AD_UNEXPECTED_MESSAGE; - - case SSL_AD_BAD_RECORD_MAC: - return SSL3_AD_BAD_RECORD_MAC; - - case SSL_AD_DECRYPTION_FAILED: - return TLS1_AD_DECRYPTION_FAILED; - - case SSL_AD_RECORD_OVERFLOW: - return TLS1_AD_RECORD_OVERFLOW; - - case SSL_AD_DECOMPRESSION_FAILURE: - return SSL3_AD_DECOMPRESSION_FAILURE; - - case SSL_AD_HANDSHAKE_FAILURE: - return SSL3_AD_HANDSHAKE_FAILURE; - - case SSL_AD_NO_CERTIFICATE: - return -1; - - case SSL_AD_BAD_CERTIFICATE: - return SSL3_AD_BAD_CERTIFICATE; - - case SSL_AD_UNSUPPORTED_CERTIFICATE: - return SSL3_AD_UNSUPPORTED_CERTIFICATE; - - case SSL_AD_CERTIFICATE_REVOKED: - return SSL3_AD_CERTIFICATE_REVOKED; - - case SSL_AD_CERTIFICATE_EXPIRED: - return SSL3_AD_CERTIFICATE_EXPIRED; - - case SSL_AD_CERTIFICATE_UNKNOWN: - return SSL3_AD_CERTIFICATE_UNKNOWN; - - case SSL_AD_ILLEGAL_PARAMETER: - return SSL3_AD_ILLEGAL_PARAMETER; - - case SSL_AD_UNKNOWN_CA: - return TLS1_AD_UNKNOWN_CA; - - case SSL_AD_ACCESS_DENIED: - return TLS1_AD_ACCESS_DENIED; - - case SSL_AD_DECODE_ERROR: - return TLS1_AD_DECODE_ERROR; - - case SSL_AD_DECRYPT_ERROR: - return TLS1_AD_DECRYPT_ERROR; - case SSL_AD_EXPORT_RESTRICTION: - return TLS1_AD_EXPORT_RESTRICTION; - - case SSL_AD_PROTOCOL_VERSION: - return TLS1_AD_PROTOCOL_VERSION; - - case SSL_AD_INSUFFICIENT_SECURITY: - return TLS1_AD_INSUFFICIENT_SECURITY; - - case SSL_AD_INTERNAL_ERROR: - return TLS1_AD_INTERNAL_ERROR; - - case SSL_AD_USER_CANCELLED: - return TLS1_AD_USER_CANCELLED; - - case SSL_AD_NO_RENEGOTIATION: - return TLS1_AD_NO_RENEGOTIATION; - - case SSL_AD_UNSUPPORTED_EXTENSION: - return TLS1_AD_UNSUPPORTED_EXTENSION; - - case SSL_AD_CERTIFICATE_UNOBTAINABLE: - return TLS1_AD_CERTIFICATE_UNOBTAINABLE; - - case SSL_AD_UNRECOGNIZED_NAME: - return TLS1_AD_UNRECOGNIZED_NAME; - - case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: - return TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE; - - case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: - return TLS1_AD_BAD_CERTIFICATE_HASH_VALUE; - - case SSL_AD_UNKNOWN_PSK_IDENTITY: - return TLS1_AD_UNKNOWN_PSK_IDENTITY; - - case SSL_AD_INAPPROPRIATE_FALLBACK: - return SSL3_AD_INAPPROPRIATE_FALLBACK; - - default: - return -1; - } -} - const SSL3_ENC_METHOD TLSv1_enc_data = { tls1_prf, tls1_final_finish_mac, tls1_cert_verify_mac, - tls1_alert_code, }; diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index baafc068..75f56ce6 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -3249,11 +3249,7 @@ func addMinimumVersionTests() { } else { shouldFail = true expectedError = ":UNSUPPORTED_PROTOCOL:" - if runnerVers.version > VersionSSL30 { - expectedLocalError = "remote error: protocol version not supported" - } else { - expectedLocalError = "remote error: handshake failure" - } + expectedLocalError = "remote error: protocol version not supported" } testCases = append(testCases, testCase{