return unexpected message when receiving kx with kDHr or kDHd

It was saying that it was an illegal parameter / unsupported cipher Reviewed-by: Matt Caswell <matt@openssl.org>
2025-01-30 14:01:55 +08:00 · 2015-03-15 00:26:26 +01:00 · 2015-03-15 00:26:26 +01:00 · 4dcb4b91db
commit 4dcb4b91db
parent 93f1c13619
3 changed files with 0 additions and 8 deletions
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@ -1722,11 +1722,6 @@ int ssl3_get_key_exchange(SSL *s)

        s->session->sess_cert->peer_dh_tmp = dh;
        dh = NULL;
-    } else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd)) {
-        al = SSL_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
-               SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
-        goto f_err;
    }
 #endif                          /* !OPENSSL_NO_DH */

--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@ -2387,7 +2387,6 @@ void ERR_load_SSL_strings(void);
 # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST             157
 # define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
 # define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG    234
-# define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER            235
 # define SSL_R_UNABLE_TO_DECODE_DH_CERTS                  236
 # define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS                313
 # define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS               238
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@ -665,8 +665,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
     "tls peer did not respond with certificate list"},
    {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),
     "tls rsa encrypted value length is wrong"},
-    {ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),
-     "tried to use unsupported cipher"},
    {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS), "unable to decode dh certs"},
    {ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS),
     "unable to decode ecdh certs"},