GH1278: Removed error code for alerts

Commit aea145e removed some error codes that are generated algorithmically: mapping alerts to error texts. Found by Andreas Karlsson. This restores them, and adds two missing ones. Reviewed-by: Matt Caswell <matt@openssl.org>
2016-07-01 20:10:03 -04:00 · 2016-07-01 20:10:03 -04:00 · 54478ac92a
commit 54478ac92a
parent 91da5e7710
4 changed files with 121 additions and 0 deletions
--- a/crypto/err/openssl.ec
+++ b/crypto/err/openssl.ec
@ -51,6 +51,38 @@ F RSAREF_F_RSA_PRIVATE_ENCRYPT
 F RSAREF_F_RSA_PUBLIC_DECRYPT
 F RSAREF_F_RSA_PUBLIC_ENCRYPT

+R SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE         1010
+R SSL_R_SSLV3_ALERT_BAD_RECORD_MAC             1020
+R SSL_R_TLSV1_ALERT_DECRYPTION_FAILED          1021
+R SSL_R_TLSV1_ALERT_RECORD_OVERFLOW            1022
+R SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE      1030
+R SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE          1040
+R SSL_R_SSLV3_ALERT_NO_CERTIFICATE             1041
+R SSL_R_SSLV3_ALERT_BAD_CERTIFICATE            1042
+R SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE    1043
+R SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED        1044
+R SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED        1045
+R SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN        1046
+R SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER          1047
+R SSL_R_TLSV1_ALERT_UNKNOWN_CA                 1048
+R SSL_R_TLSV1_ALERT_ACCESS_DENIED              1049
+R SSL_R_TLSV1_ALERT_DECODE_ERROR               1050
+R SSL_R_TLSV1_ALERT_DECRYPT_ERROR              1051
+R SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION         1060
+R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION           1070
+R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY      1071
+R SSL_R_TLSV1_ALERT_INTERNAL_ERROR             1080
+R SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK     1086
+R SSL_R_TLSV1_ALERT_USER_CANCELLED             1090
+R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION           1100
+R SSL_R_TLSV1_UNSUPPORTED_EXTENSION            1110
+R SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE         1111
+R SSL_R_TLSV1_UNRECOGNIZED_NAME                1112
+R SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE  1113
+R SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE       1114
+R TLS1_AD_UNKNOWN_PSK_IDENTITY                 1115
+R TLS1_AD_NO_APPLICATION_PROTOCOL              1120
+
 R RSAREF_R_CONTENT_ENCODING			0x0400
 R RSAREF_R_DATA					0x0401
 R RSAREF_R_DIGEST_ALGORITHM			0x0402
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@ -2396,6 +2396,17 @@ void ERR_load_SSL_strings(void);
 # define SSL_R_SSL3_EXT_INVALID_SERVERNAME                319
 # define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE           320
 # define SSL_R_SSL3_SESSION_ID_TOO_LONG                   300
+# define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE                1042
+# define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC                 1020
+# define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED            1045
+# define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED            1044
+# define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN            1046
+# define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE          1030
+# define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE              1040
+# define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER              1047
+# define SSL_R_SSLV3_ALERT_NO_CERTIFICATE                 1041
+# define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE             1010
+# define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE        1043
 # define SSL_R_SSL_COMMAND_SECTION_EMPTY                  117
 # define SSL_R_SSL_COMMAND_SECTION_NOT_FOUND              125
 # define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION         228
@ -2409,6 +2420,24 @@ void ERR_load_SSL_strings(void);
 # define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG            273
 # define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH              303
 # define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
+# define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
+# define SSL_R_TLSV1_ALERT_DECODE_ERROR                   1050
+# define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED              1021
+# define SSL_R_TLSV1_ALERT_DECRYPT_ERROR                  1051
+# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION             1060
+# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK         1086
+# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY          1071
+# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR                 1080
+# define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION               1100
+# define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION               1070
+# define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW                1022
+# define SSL_R_TLSV1_ALERT_UNKNOWN_CA                     1048
+# define SSL_R_TLSV1_ALERT_USER_CANCELLED                 1090
+# define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE           1114
+# define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE      1113
+# define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE             1111
+# define SSL_R_TLSV1_UNRECOGNIZED_NAME                    1112
+# define SSL_R_TLSV1_UNSUPPORTED_EXTENSION                1110
 # define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT           365
 # define SSL_R_TLS_HEARTBEAT_PENDING                      366
 # define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL                 367
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@ -147,6 +147,7 @@ static ERR_STRING_DATA SSL_str_functs[] = {
    {ERR_FUNC(SSL_F_SSL_DANE_ENABLE), "SSL_dane_enable"},
    {ERR_FUNC(SSL_F_SSL_DO_CONFIG), "ssl_do_config"},
    {ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"},
+    {ERR_FUNC(SSL_F_SSL_DUP_CA_LIST), "SSL_dup_CA_list"},
    {ERR_FUNC(SSL_F_SSL_ENABLE_CT), "SSL_enable_ct"},
    {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "ssl_get_new_session"},
    {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "ssl_get_prev_session"},
@ -501,6 +502,28 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
    {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),
     "ssl3 ext invalid servername type"},
    {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG), "ssl3 session id too long"},
+    {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),
+     "sslv3 alert bad certificate"},
+    {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),
+     "sslv3 alert bad record mac"},
+    {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),
+     "sslv3 alert certificate expired"},
+    {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),
+     "sslv3 alert certificate revoked"},
+    {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),
+     "sslv3 alert certificate unknown"},
+    {ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),
+     "sslv3 alert decompression failure"},
+    {ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),
+     "sslv3 alert handshake failure"},
+    {ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),
+     "sslv3 alert illegal parameter"},
+    {ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE),
+     "sslv3 alert no certificate"},
+    {ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),
+     "sslv3 alert unexpected message"},
+    {ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),
+     "sslv3 alert unsupported certificate"},
    {ERR_REASON(SSL_R_SSL_COMMAND_SECTION_EMPTY),
     "ssl command section empty"},
    {ERR_REASON(SSL_R_SSL_COMMAND_SECTION_NOT_FOUND),
@ -522,6 +545,39 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
     "ssl session id has bad length"},
    {ERR_REASON(SSL_R_SSL_SESSION_VERSION_MISMATCH),
     "ssl session version mismatch"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED),
+     "tlsv1 alert access denied"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR), "tlsv1 alert decode error"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),
+     "tlsv1 alert decryption failed"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),
+     "tlsv1 alert decrypt error"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),
+     "tlsv1 alert export restriction"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK),
+     "tlsv1 alert inappropriate fallback"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),
+     "tlsv1 alert insufficient security"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),
+     "tlsv1 alert internal error"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),
+     "tlsv1 alert no renegotiation"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),
+     "tlsv1 alert protocol version"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),
+     "tlsv1 alert record overflow"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA), "tlsv1 alert unknown ca"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),
+     "tlsv1 alert user cancelled"},
+    {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE),
+     "tlsv1 bad certificate hash value"},
+    {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE),
+     "tlsv1 bad certificate status response"},
+    {ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE),
+     "tlsv1 certificate unobtainable"},
+    {ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME), "tlsv1 unrecognized name"},
+    {ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION),
+     "tlsv1 unsupported extension"},
    {ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT),
     "peer does not accept heartbeats"},
    {ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING),
--- a/util/find-unused-errs
+++ b/util/find-unused-errs
@ -21,6 +21,10 @@ for F in `cat $X1` ; do
    git grep -l --full-name -F $F >$X2
    NUM=`wc -l <$X2`
    test $NUM -gt 2 && continue
+    if grep -q $F crypto/err/openssl.ec ; then
+        echo Possibly unused $F found in openssl.ec
+        continue
+    fi
    echo $F
    for FILE in `cat $X2` ; do
        grep -v -w $F <$FILE >$FILE.new