From: jsing Date: Sun, 13 Jun 2021 15:34:41 +0000 (+0000) Subject: Remove tls1_alert_code(). X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=4bf5bada3341a226b7514d0e0842fc7525c73669;p=openbsd Remove tls1_alert_code(). After running the preprocessor, this function becomes: switch (code) { case 0: return (0); case 10: return (10); case 20: return (20); ... } Its intended purpose was to prevent SSLv3 alerts being sent from TLS code, however now that we've removed "no_certificate" from LibreSSL's reach, it no longer does anything useful. ok tb@ --- diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index df115725a0c..e6b55765451 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.347 2021/05/16 15:49:01 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.348 2021/06/13 15:34:41 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1257,7 +1257,6 @@ int tls1_generate_key_block(SSL *s, uint8_t *key_block, size_t key_block_len); int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, const char *label, size_t llen, const unsigned char *p, size_t plen, int use_context); -int tls1_alert_code(int code); int ssl_ok(SSL *s); int tls12_derive_finished(SSL *s); diff --git a/lib/libssl/ssl_pkt.c b/lib/libssl/ssl_pkt.c index ae47055079c..e959ccaf2fa 100644 --- a/lib/libssl/ssl_pkt.c +++ b/lib/libssl/ssl_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_pkt.c,v 1.43 2021/05/16 14:10:43 jsing Exp $ */ +/* $OpenBSD: ssl_pkt.c,v 1.44 2021/06/13 15:34:41 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1181,10 +1181,6 @@ ssl3_do_change_cipher_spec(SSL *s) int ssl3_send_alert(SSL *s, int level, int desc) { - /* Map tls/ssl alert value to correct one */ - desc = tls1_alert_code(desc); - if (desc < 0) - return -1; /* If a fatal one, remove from cache */ if ((level == 2) && (s->session != NULL)) SSL_CTX_remove_session(s->ctx, s->session); diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c index 87d2f9e5904..15afb1bae8f 100644 --- a/lib/libssl/t1_enc.c +++ b/lib/libssl/t1_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_enc.c,v 1.149 2021/06/13 15:29:19 jsing Exp $ */ +/* $OpenBSD: t1_enc.c,v 1.150 2021/06/13 15:34:41 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -494,68 +494,3 @@ tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, return (rv); } - -int -tls1_alert_code(int code) -{ - switch (code) { - case SSL_AD_CLOSE_NOTIFY: - return (SSL3_AD_CLOSE_NOTIFY); - case SSL_AD_UNEXPECTED_MESSAGE: - return (SSL3_AD_UNEXPECTED_MESSAGE); - case SSL_AD_BAD_RECORD_MAC: - return (SSL3_AD_BAD_RECORD_MAC); - case SSL_AD_RECORD_OVERFLOW: - return (TLS1_AD_RECORD_OVERFLOW); - case SSL_AD_DECOMPRESSION_FAILURE: - return (SSL3_AD_DECOMPRESSION_FAILURE); - case SSL_AD_HANDSHAKE_FAILURE: - return (SSL3_AD_HANDSHAKE_FAILURE); - case SSL_AD_BAD_CERTIFICATE: - return (SSL3_AD_BAD_CERTIFICATE); - case SSL_AD_UNSUPPORTED_CERTIFICATE: - return (SSL3_AD_UNSUPPORTED_CERTIFICATE); - case SSL_AD_CERTIFICATE_REVOKED: - return (SSL3_AD_CERTIFICATE_REVOKED); - case SSL_AD_CERTIFICATE_EXPIRED: - return (SSL3_AD_CERTIFICATE_EXPIRED); - case SSL_AD_CERTIFICATE_UNKNOWN: - return (SSL3_AD_CERTIFICATE_UNKNOWN); - case SSL_AD_ILLEGAL_PARAMETER: - return (SSL3_AD_ILLEGAL_PARAMETER); - case SSL_AD_UNKNOWN_CA: - return (TLS1_AD_UNKNOWN_CA); - case SSL_AD_ACCESS_DENIED: - return (TLS1_AD_ACCESS_DENIED); - case SSL_AD_DECODE_ERROR: - return (TLS1_AD_DECODE_ERROR); - case SSL_AD_DECRYPT_ERROR: - return (TLS1_AD_DECRYPT_ERROR); - case SSL_AD_PROTOCOL_VERSION: - return (TLS1_AD_PROTOCOL_VERSION); - case SSL_AD_INSUFFICIENT_SECURITY: - return (TLS1_AD_INSUFFICIENT_SECURITY); - case SSL_AD_INTERNAL_ERROR: - return (TLS1_AD_INTERNAL_ERROR); - case SSL_AD_INAPPROPRIATE_FALLBACK: - return(TLS1_AD_INAPPROPRIATE_FALLBACK); - case SSL_AD_USER_CANCELLED: - return (TLS1_AD_USER_CANCELLED); - case SSL_AD_NO_RENEGOTIATION: - return (TLS1_AD_NO_RENEGOTIATION); - case SSL_AD_UNSUPPORTED_EXTENSION: - return (TLS1_AD_UNSUPPORTED_EXTENSION); - case SSL_AD_CERTIFICATE_UNOBTAINABLE: - return (TLS1_AD_CERTIFICATE_UNOBTAINABLE); - case SSL_AD_UNRECOGNIZED_NAME: - return (TLS1_AD_UNRECOGNIZED_NAME); - case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: - return (TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE); - case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: - return (TLS1_AD_BAD_CERTIFICATE_HASH_VALUE); - case SSL_AD_UNKNOWN_PSK_IDENTITY: - return (TLS1_AD_UNKNOWN_PSK_IDENTITY); - default: - return (-1); - } -}