Commit 4dcb4b91 authored by Kurt Roeckx's avatar Kurt Roeckx
Browse files

return unexpected message when receiving kx with kDHr or kDHd 



It was saying that it was an illegal parameter / unsupported cipher

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
parent 93f1c136

ssl/s3_clnt.c

+0 −5
Original line number Diff line number Diff line
@@ -1722,11 +1722,6 @@ int ssl3_get_key_exchange(SSL *s) 


        s->session->sess_cert->peer_dh_tmp = dh;

        dh = NULL;

    } else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd)) {

        al = SSL_AD_ILLEGAL_PARAMETER;

        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,

               SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);

        goto f_err;

    }

#endif                          /* !OPENSSL_NO_DH */

ssl/ssl.h

+0 −1
Original line number Diff line number Diff line
@@ -2387,7 +2387,6 @@ void ERR_load_SSL_strings(void); 
# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST             157

# define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233

# define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG    234

# define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER            235

# define SSL_R_UNABLE_TO_DECODE_DH_CERTS                  236

# define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS                313

# define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS               238

ssl/ssl_err.c

+0 −2
Original line number Diff line number Diff line
@@ -665,8 +665,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = { 
     "tls peer did not respond with certificate list"},

    {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),

     "tls rsa encrypted value length is wrong"},

    {ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),

     "tried to use unsupported cipher"},

    {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS), "unable to decode dh certs"},

    {ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS),

     "unable to decode ecdh certs"},