Commit 54478ac9 authored by Rich Salz's avatar Rich Salz
Browse files

GH1278: Removed error code for alerts 



Commit aea145e3 removed some error codes that are generated
algorithmically: mapping alerts to error texts.  Found by
Andreas Karlsson.  This restores them, and adds two missing ones.

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
parent 91da5e77

crypto/err/openssl.ec

+32 −0
Original line number Diff line number Diff line
@@ -51,6 +51,38 @@ F RSAREF_F_RSA_PRIVATE_ENCRYPT 
F RSAREF_F_RSA_PUBLIC_DECRYPT

F RSAREF_F_RSA_PUBLIC_ENCRYPT



R SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE         1010

R SSL_R_SSLV3_ALERT_BAD_RECORD_MAC             1020

R SSL_R_TLSV1_ALERT_DECRYPTION_FAILED          1021

R SSL_R_TLSV1_ALERT_RECORD_OVERFLOW            1022

R SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE      1030

R SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE          1040

R SSL_R_SSLV3_ALERT_NO_CERTIFICATE             1041

R SSL_R_SSLV3_ALERT_BAD_CERTIFICATE            1042

R SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE    1043

R SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED        1044

R SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED        1045

R SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN        1046

R SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER          1047

R SSL_R_TLSV1_ALERT_UNKNOWN_CA                 1048

R SSL_R_TLSV1_ALERT_ACCESS_DENIED              1049

R SSL_R_TLSV1_ALERT_DECODE_ERROR               1050

R SSL_R_TLSV1_ALERT_DECRYPT_ERROR              1051

R SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION         1060

R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION           1070

R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY      1071

R SSL_R_TLSV1_ALERT_INTERNAL_ERROR             1080

R SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK     1086

R SSL_R_TLSV1_ALERT_USER_CANCELLED             1090

R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION           1100

R SSL_R_TLSV1_UNSUPPORTED_EXTENSION            1110

R SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE         1111

R SSL_R_TLSV1_UNRECOGNIZED_NAME                1112

R SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE  1113

R SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE       1114

R TLS1_AD_UNKNOWN_PSK_IDENTITY                 1115

R TLS1_AD_NO_APPLICATION_PROTOCOL              1120



R RSAREF_R_CONTENT_ENCODING			0x0400

R RSAREF_R_DATA					0x0401

R RSAREF_R_DIGEST_ALGORITHM			0x0402

include/openssl/ssl.h

+29 −0
Original line number Diff line number Diff line
@@ -2396,6 +2396,17 @@ void ERR_load_SSL_strings(void); 
# define SSL_R_SSL3_EXT_INVALID_SERVERNAME                319

# define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE           320

# define SSL_R_SSL3_SESSION_ID_TOO_LONG                   300

# define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE                1042

# define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC                 1020

# define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED            1045

# define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED            1044

# define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN            1046

# define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE          1030

# define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE              1040

# define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER              1047

# define SSL_R_SSLV3_ALERT_NO_CERTIFICATE                 1041

# define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE             1010

# define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE        1043

# define SSL_R_SSL_COMMAND_SECTION_EMPTY                  117

# define SSL_R_SSL_COMMAND_SECTION_NOT_FOUND              125

# define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION         228
@@ -2409,6 +2420,24 @@ void ERR_load_SSL_strings(void); 
# define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG            273

# define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH              303

# define SSL_R_SSL_SESSION_VERSION_MISMATCH               210

# define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049

# define SSL_R_TLSV1_ALERT_DECODE_ERROR                   1050

# define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED              1021

# define SSL_R_TLSV1_ALERT_DECRYPT_ERROR                  1051

# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION             1060

# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK         1086

# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY          1071

# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR                 1080

# define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION               1100

# define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION               1070

# define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW                1022

# define SSL_R_TLSV1_ALERT_UNKNOWN_CA                     1048

# define SSL_R_TLSV1_ALERT_USER_CANCELLED                 1090

# define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE           1114

# define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE      1113

# define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE             1111

# define SSL_R_TLSV1_UNRECOGNIZED_NAME                    1112

# define SSL_R_TLSV1_UNSUPPORTED_EXTENSION                1110

# define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT           365

# define SSL_R_TLS_HEARTBEAT_PENDING                      366

# define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL                 367

ssl/ssl_err.c

+56 −0
Original line number Diff line number Diff line
@@ -147,6 +147,7 @@ static ERR_STRING_DATA SSL_str_functs[] = { 
    {ERR_FUNC(SSL_F_SSL_DANE_ENABLE), "SSL_dane_enable"},

    {ERR_FUNC(SSL_F_SSL_DO_CONFIG), "ssl_do_config"},

    {ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"},

    {ERR_FUNC(SSL_F_SSL_DUP_CA_LIST), "SSL_dup_CA_list"},

    {ERR_FUNC(SSL_F_SSL_ENABLE_CT), "SSL_enable_ct"},

    {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "ssl_get_new_session"},

    {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "ssl_get_prev_session"},
@@ -501,6 +502,28 @@ static ERR_STRING_DATA SSL_str_reasons[] = { 
    {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),

     "ssl3 ext invalid servername type"},

    {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG), "ssl3 session id too long"},

    {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),

     "sslv3 alert bad certificate"},

    {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),

     "sslv3 alert bad record mac"},

    {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),

     "sslv3 alert certificate expired"},

    {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),

     "sslv3 alert certificate revoked"},

    {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),

     "sslv3 alert certificate unknown"},

    {ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),

     "sslv3 alert decompression failure"},

    {ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),

     "sslv3 alert handshake failure"},

    {ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),

     "sslv3 alert illegal parameter"},

    {ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE),

     "sslv3 alert no certificate"},

    {ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),

     "sslv3 alert unexpected message"},

    {ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),

     "sslv3 alert unsupported certificate"},

    {ERR_REASON(SSL_R_SSL_COMMAND_SECTION_EMPTY),

     "ssl command section empty"},

    {ERR_REASON(SSL_R_SSL_COMMAND_SECTION_NOT_FOUND),
@@ -522,6 +545,39 @@ static ERR_STRING_DATA SSL_str_reasons[] = { 
     "ssl session id has bad length"},

    {ERR_REASON(SSL_R_SSL_SESSION_VERSION_MISMATCH),

     "ssl session version mismatch"},

    {ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED),

     "tlsv1 alert access denied"},

    {ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR), "tlsv1 alert decode error"},

    {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),

     "tlsv1 alert decryption failed"},

    {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),

     "tlsv1 alert decrypt error"},

    {ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),

     "tlsv1 alert export restriction"},

    {ERR_REASON(SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK),

     "tlsv1 alert inappropriate fallback"},

    {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),

     "tlsv1 alert insufficient security"},

    {ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),

     "tlsv1 alert internal error"},

    {ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),

     "tlsv1 alert no renegotiation"},

    {ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),

     "tlsv1 alert protocol version"},

    {ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),

     "tlsv1 alert record overflow"},

    {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA), "tlsv1 alert unknown ca"},

    {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),

     "tlsv1 alert user cancelled"},

    {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE),

     "tlsv1 bad certificate hash value"},

    {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE),

     "tlsv1 bad certificate status response"},

    {ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE),

     "tlsv1 certificate unobtainable"},

    {ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME), "tlsv1 unrecognized name"},

    {ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION),

     "tlsv1 unsupported extension"},

    {ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT),

     "peer does not accept heartbeats"},

    {ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING),

util/find-unused-errs

+4 −0
Original line number Diff line number Diff line
@@ -21,6 +21,10 @@ for F in `cat $X1` ; do 
    git grep -l --full-name -F $F >$X2

    NUM=`wc -l <$X2`

    test $NUM -gt 2 && continue

    if grep -q $F crypto/err/openssl.ec ; then

        echo Possibly unused $F found in openssl.ec

        continue

    fi

    echo $F

    for FILE in `cat $X2` ; do

        grep -v -w $F <$FILE >$FILE.new