diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec index a3fce49548..91aa11d1a6 100644 --- a/crypto/err/openssl.ec +++ b/crypto/err/openssl.ec @@ -45,19 +45,19 @@ L OSSL_DECODER include/openssl/decodererr.h crypto/encode_decode/decoder_err L HTTP include/openssl/httperr.h crypto/http/http_err.c include/crypto/httperr.h # SSL/TLS alerts -R SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 -R SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 +R SSL_R_TLS_ALERT_UNEXPECTED_MESSAGE 1010 +R SSL_R_TLS_ALERT_BAD_RECORD_MAC 1020 R SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 R SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 -R SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 -R SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 -R SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 -R SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 -R SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 -R SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 -R SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 -R SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 -R SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 +R SSL_R_TLS_ALERT_DECOMPRESSION_FAILURE 1030 +R SSL_R_TLS_ALERT_HANDSHAKE_FAILURE 1040 +R SSL_R_TLS_ALERT_NO_CERTIFICATE 1041 +R SSL_R_TLS_ALERT_BAD_CERTIFICATE 1042 +R SSL_R_TLS_ALERT_UNSUPPORTED_CERTIFICATE 1043 +R SSL_R_TLS_ALERT_CERTIFICATE_REVOKED 1044 +R SSL_R_TLS_ALERT_CERTIFICATE_EXPIRED 1045 +R SSL_R_TLS_ALERT_CERTIFICATE_UNKNOWN 1046 +R SSL_R_TLS_ALERT_ILLEGAL_PARAMETER 1047 R SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 R SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 R SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 1c160cecb5..3302b94a1e 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -1586,22 +1586,22 @@ SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES:362:srtp could not allocate profiles SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG:363:\ srtp protection profile list too long SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE:364:srtp unknown protection profile -SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH:232:\ +SSL_R_TLS_EXT_INVALID_MAX_FRAGMENT_LENGTH:232:\ ssl3 ext invalid max fragment length -SSL_R_SSL3_EXT_INVALID_SERVERNAME:319:ssl3 ext invalid servername -SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE:320:ssl3 ext invalid servername type -SSL_R_SSL3_SESSION_ID_TOO_LONG:300:ssl3 session id too long -SSL_R_SSLV3_ALERT_BAD_CERTIFICATE:1042:ssl/tls alert bad certificate -SSL_R_SSLV3_ALERT_BAD_RECORD_MAC:1020:ssl/tls alert bad record mac -SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED:1045:ssl/tls alert certificate expired -SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED:1044:ssl/tls alert certificate revoked -SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN:1046:ssl/tls alert certificate unknown -SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE:1030:ssl/tls alert decompression failure -SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE:1040:ssl/tls alert handshake failure -SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER:1047:ssl/tls alert illegal parameter -SSL_R_SSLV3_ALERT_NO_CERTIFICATE:1041:ssl/tls alert no certificate -SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE:1010:ssl/tls alert unexpected message -SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE:1043:\ +SSL_R_TLS_EXT_INVALID_SERVERNAME:319:ssl3 ext invalid servername +SSL_R_TLS_EXT_INVALID_SERVERNAME_TYPE:320:ssl3 ext invalid servername type +SSL_R_TLS_SESSION_ID_TOO_LONG:300:ssl3 session id too long +SSL_R_TLS_ALERT_BAD_CERTIFICATE:1042:ssl/tls alert bad certificate +SSL_R_TLS_ALERT_BAD_RECORD_MAC:1020:ssl/tls alert bad record mac +SSL_R_TLS_ALERT_CERTIFICATE_EXPIRED:1045:ssl/tls alert certificate expired +SSL_R_TLS_ALERT_CERTIFICATE_REVOKED:1044:ssl/tls alert certificate revoked +SSL_R_TLS_ALERT_CERTIFICATE_UNKNOWN:1046:ssl/tls alert certificate unknown +SSL_R_TLS_ALERT_DECOMPRESSION_FAILURE:1030:ssl/tls alert decompression failure +SSL_R_TLS_ALERT_HANDSHAKE_FAILURE:1040:ssl/tls alert handshake failure +SSL_R_TLS_ALERT_ILLEGAL_PARAMETER:1047:ssl/tls alert illegal parameter +SSL_R_TLS_ALERT_NO_CERTIFICATE:1041:ssl/tls alert no certificate +SSL_R_TLS_ALERT_UNEXPECTED_MESSAGE:1010:ssl/tls alert unexpected message +SSL_R_TLS_ALERT_UNSUPPORTED_CERTIFICATE:1043:\ ssl/tls alert unsupported certificate SSL_R_SSL_COMMAND_SECTION_EMPTY:117:ssl command section empty SSL_R_SSL_COMMAND_SECTION_NOT_FOUND:125:ssl command section not found diff --git a/crypto/ssl_err.c b/crypto/ssl_err.c index c8963522a3..9fce52bf7c 100644 --- a/crypto/ssl_err.c +++ b/crypto/ssl_err.c @@ -422,36 +422,36 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { "srtp protection profile list too long" }, { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE), "srtp unknown protection profile" }, - { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH), - "ssl3 ext invalid max fragment length" }, - { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_SERVERNAME), - "ssl3 ext invalid servername" }, - { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE), - "ssl3 ext invalid servername type" }, - { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_SESSION_ID_TOO_LONG), - "ssl3 session id too long" }, - { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_BAD_CERTIFICATE), - "ssl/tls alert bad certificate" }, - { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_BAD_RECORD_MAC), - "ssl/tls alert bad record mac" }, - { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED), - "ssl/tls alert certificate expired" }, - { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED), - "ssl/tls alert certificate revoked" }, - { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN), - "ssl/tls alert certificate unknown" }, - { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE), - "ssl/tls alert decompression failure" }, - { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE), - "ssl/tls alert handshake failure" }, - { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER), - "ssl/tls alert illegal parameter" }, - { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_NO_CERTIFICATE), - "ssl/tls alert no certificate" }, - { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE), - "ssl/tls alert unexpected message" }, - { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE), - "ssl/tls alert unsupported certificate" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_EXT_INVALID_MAX_FRAGMENT_LENGTH), + "tls ext invalid max fragment length" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_EXT_INVALID_SERVERNAME), + "tls ext invalid servername" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_EXT_INVALID_SERVERNAME_TYPE), + "tls ext invalid servername type" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_SESSION_ID_TOO_LONG), + "tls session id too long" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_BAD_CERTIFICATE), + "tls alert bad certificate" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_BAD_RECORD_MAC), + "tls alert bad record mac" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_CERTIFICATE_EXPIRED), + "tls alert certificate expired" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_CERTIFICATE_REVOKED), + "tls alert certificate revoked" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_CERTIFICATE_UNKNOWN), + "tls alert certificate unknown" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_DECOMPRESSION_FAILURE), + "tls alert decompression failure" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_HANDSHAKE_FAILURE), + "tls alert handshake failure" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_ILLEGAL_PARAMETER), + "tls alert illegal parameter" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_NO_CERTIFICATE), + "tls alert no certificate" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_UNEXPECTED_MESSAGE), + "tls alert unexpected message" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_UNSUPPORTED_CERTIFICATE), + "tls alert unsupported certificate" }, { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_COMMAND_SECTION_EMPTY), "ssl command section empty" }, { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_COMMAND_SECTION_NOT_FOUND), diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h index 3f0568f285..24dbf0d7c3 100644 --- a/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h @@ -266,21 +266,21 @@ #define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362 #define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363 #define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364 -#define SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH 232 -#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319 -#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320 -#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 -#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 -#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 -#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 -#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 -#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 -#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 -#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 -#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 -#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 -#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 -#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 +#define SSL_R_TLS_EXT_INVALID_MAX_FRAGMENT_LENGTH 232 +#define SSL_R_TLS_EXT_INVALID_SERVERNAME 319 +#define SSL_R_TLS_EXT_INVALID_SERVERNAME_TYPE 320 +#define SSL_R_TLS_SESSION_ID_TOO_LONG 300 +#define SSL_R_TLS_ALERT_BAD_CERTIFICATE 1042 +#define SSL_R_TLS_ALERT_BAD_RECORD_MAC 1020 +#define SSL_R_TLS_ALERT_CERTIFICATE_EXPIRED 1045 +#define SSL_R_TLS_ALERT_CERTIFICATE_REVOKED 1044 +#define SSL_R_TLS_ALERT_CERTIFICATE_UNKNOWN 1046 +#define SSL_R_TLS_ALERT_DECOMPRESSION_FAILURE 1030 +#define SSL_R_TLS_ALERT_HANDSHAKE_FAILURE 1040 +#define SSL_R_TLS_ALERT_ILLEGAL_PARAMETER 1047 +#define SSL_R_TLS_ALERT_NO_CERTIFICATE 1041 +#define SSL_R_TLS_ALERT_UNEXPECTED_MESSAGE 1010 +#define SSL_R_TLS_ALERT_UNSUPPORTED_CERTIFICATE 1043 #define SSL_R_SSL_COMMAND_SECTION_EMPTY 117 #define SSL_R_SSL_COMMAND_SECTION_NOT_FOUND 125 #define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 diff --git a/include/openssl/sslerr_legacy.h b/include/openssl/sslerr_legacy.h index 8cf1ebd7b0..fd3453e413 100644 --- a/include/openssl/sslerr_legacy.h +++ b/include/openssl/sslerr_legacy.h @@ -461,6 +461,26 @@ OSSL_DEPRECATEDIN_3_0 int ERR_load_SSL_strings(void); #define SSL_F_WRITE_STATE_MACHINE 0 #endif +#ifndef OPENSSL_NO_DEPRECATED_4_0 + +#define SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH 232 +#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319 +#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320 +#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 +#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 +#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 +#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 +#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 +#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 +#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 +#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 +#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 +#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 +#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 +#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 + +#endif + #ifdef __cplusplus } #endif diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 397ddf4bf5..872812e4f4 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -4003,7 +4003,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) break; len = strlen((char *)parg); if (len == 0 || len > TLSEXT_MAXLEN_host_name) { - ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME); + ERR_raise(ERR_LIB_SSL, SSL_R_TLS_EXT_INVALID_SERVERNAME); return 0; } if ((sc->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) { @@ -4011,7 +4011,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return 0; } } else { - ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); + ERR_raise(ERR_LIB_SSL, SSL_R_TLS_EXT_INVALID_SERVERNAME_TYPE); return 0; } break; diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 1833a61799..e91b7400ea 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -1365,7 +1365,7 @@ int tls_parse_stoc_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt, /* |value| should contains a valid max-fragment-length code. */ if (!IS_MAX_FRAGMENT_LENGTH_EXT_VALID(value)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); + SSL_R_TLS_EXT_INVALID_MAX_FRAGMENT_LENGTH); return 0; } @@ -1377,7 +1377,7 @@ int tls_parse_stoc_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt, */ if (value != s->ext.max_fragment_len_mode) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); + SSL_R_TLS_EXT_INVALID_MAX_FRAGMENT_LENGTH); return 0; } diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index c4aef4c939..f241861740 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -188,7 +188,7 @@ int tls_parse_ctos_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt, /* Received |value| should be a valid max-fragment-length code. */ if (!IS_MAX_FRAGMENT_LENGTH_EXT_VALID(value)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); + SSL_R_TLS_EXT_INVALID_MAX_FRAGMENT_LENGTH); return 0; } diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index a9b229fca3..3907664ebc 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1518,7 +1518,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, PACKET *pkt) session_id_len = PACKET_remaining(&session_id); if (session_id_len > sizeof(s->session->session_id) || session_id_len > SSL3_SESSION_ID_SIZE) { - SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_SSL3_SESSION_ID_TOO_LONG); + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_TLS_SESSION_ID_TOO_LONG); goto err; } diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 9ece318950..02f5d43055 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -4779,7 +4779,7 @@ int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode) { if (mode != TLSEXT_max_fragment_length_DISABLED && !IS_MAX_FRAGMENT_LENGTH_EXT_VALID(mode)) { - ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); + ERR_raise(ERR_LIB_SSL, SSL_R_TLS_EXT_INVALID_MAX_FRAGMENT_LENGTH); return 0; } @@ -4797,7 +4797,7 @@ int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode) if (mode != TLSEXT_max_fragment_length_DISABLED && !IS_MAX_FRAGMENT_LENGTH_EXT_VALID(mode)) { - ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); + ERR_raise(ERR_LIB_SSL, SSL_R_TLS_EXT_INVALID_MAX_FRAGMENT_LENGTH); return 0; }