Rename ssl3_send_alert and ssl3_protocol_version.
These are common between TLS and DTLS so should not have the ssl3_
prefix. (TLS-only stuff should really have a tls_ prefix, but we still
have a lot of that one.)
This also fixes a stray reference to ssl3_send_client_key_exchange..
Change-Id: Ia05b360aa090ab3b5f075d5f80f133cbfe0520d4
Reviewed-on: https://boringssl-review.googlesource.com/21346
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
diff --git a/ssl/custom_extensions.cc b/ssl/custom_extensions.cc
index c22f4fe..85b8a33 100644
--- a/ssl/custom_extensions.cc
+++ b/ssl/custom_extensions.cc
@@ -114,7 +114,7 @@
break;
default:
- ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
OPENSSL_PUT_ERROR(SSL, SSL_R_CUSTOM_EXTENSION_ERROR);
ERR_add_error_dataf("extension %u", (unsigned) ext->value);
return 0;
diff --git a/ssl/d1_both.cc b/ssl/d1_both.cc
index 24bd915..f865de9 100644
--- a/ssl/d1_both.cc
+++ b/ssl/d1_both.cc
@@ -287,7 +287,7 @@
if (frag->type != msg_hdr->type ||
frag->msg_len != msg_hdr->msg_len) {
OPENSSL_PUT_ERROR(SSL, SSL_R_FRAGMENT_MISMATCH);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
return NULL;
}
return frag;
@@ -315,7 +315,7 @@
case SSL3_RT_APPLICATION_DATA:
// Unencrypted application data records are always illegal.
if (ssl->s3->aead_read_ctx->is_null_cipher()) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_RECORD);
return -1;
}
@@ -330,14 +330,14 @@
// We do not support renegotiation, so encrypted ChangeCipherSpec records
// are illegal.
if (!ssl->s3->aead_read_ctx->is_null_cipher()) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_RECORD);
return -1;
}
if (rr->length != 1 || rr->data[0] != SSL3_MT_CCS) {
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_CHANGE_CIPHER_SPEC);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
return -1;
}
@@ -355,7 +355,7 @@
break;
default:
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_RECORD);
return -1;
}
@@ -369,7 +369,7 @@
CBS body;
if (!dtls1_parse_fragment(&cbs, &msg_hdr, &body)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_HANDSHAKE_RECORD);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return -1;
}
@@ -380,14 +380,14 @@
frag_off + frag_len > msg_len ||
msg_len > ssl_max_handshake_message_len(ssl)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESSIVE_MESSAGE_SIZE);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
return -1;
}
// The encrypted epoch in DTLS has only one handshake message.
if (ssl->d1->r_epoch == 1 && msg_hdr.seq != ssl->d1->handshake_read_seq) {
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_RECORD);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
return -1;
}
diff --git a/ssl/d1_pkt.cc b/ssl/d1_pkt.cc
index 92a9663..0c01532 100644
--- a/ssl/d1_pkt.cc
+++ b/ssl/d1_pkt.cc
@@ -193,7 +193,7 @@
case ssl_open_record_error:
if (alert != 0) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
}
return -1;
}
@@ -226,7 +226,7 @@
struct hm_header_st msg_hdr;
CBS_init(&cbs, rr->data, rr->length);
if (!dtls1_parse_fragment(&cbs, &msg_hdr, &body)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_HANDSHAKE_RECORD);
return -1;
}
@@ -253,7 +253,7 @@
}
if (rr->type != SSL3_RT_APPLICATION_DATA) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_RECORD);
return -1;
}
diff --git a/ssl/dtls_method.cc b/ssl/dtls_method.cc
index 050246d..f433428 100644
--- a/ssl/dtls_method.cc
+++ b/ssl/dtls_method.cc
@@ -86,7 +86,7 @@
// Cipher changes are illegal when there are buffered incoming messages.
if (dtls_has_incoming_messages(ssl) || ssl->d1->has_change_cipher_spec) {
OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFERED_MESSAGES_ON_CIPHER_CHANGE);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
return 0;
}
diff --git a/ssl/handshake.cc b/ssl/handshake.cc
index d599aec..604227f 100644
--- a/ssl/handshake.cc
+++ b/ssl/handshake.cc
@@ -162,7 +162,7 @@
int ssl_check_message_type(SSL *ssl, const SSLMessage &msg, int type) {
if (msg.type != type) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
ERR_add_error_dataf("got type %d, wanted type %d", msg.type, type);
return 0;
@@ -194,7 +194,7 @@
return kMaxMessageLen;
}
- if (ssl3_protocol_version(ssl) < TLS1_3_VERSION) {
+ if (ssl_protocol_version(ssl) < TLS1_3_VERSION) {
// In TLS 1.2 and below, the largest acceptable post-handshake message is
// a HelloRequest.
return 0;
@@ -292,7 +292,7 @@
if (sk_CRYPTO_BUFFER_num(prev_session->certs) !=
sk_CRYPTO_BUFFER_num(hs->new_session->certs)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_SERVER_CERT_CHANGED);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
return ssl_verify_invalid;
}
@@ -306,7 +306,7 @@
CRYPTO_BUFFER_data(new_cert),
CRYPTO_BUFFER_len(old_cert)) != 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_SERVER_CERT_CHANGED);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
return ssl_verify_invalid;
}
}
@@ -346,7 +346,7 @@
if (ret == ssl_verify_invalid) {
OPENSSL_PUT_ERROR(SSL, SSL_R_CERTIFICATE_VERIFY_FAILED);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
}
return ret;
@@ -362,7 +362,7 @@
: ssl->s3->client_random[index];
// The first four bytes of server_random are a timestamp prior to TLS 1.3, but
// servers have no fields to GREASE until TLS 1.3.
- assert(!ssl->server || ssl3_protocol_version(ssl) >= TLS1_3_VERSION);
+ assert(!ssl->server || ssl_protocol_version(ssl) >= TLS1_3_VERSION);
// This generates a random value of the form 0xωaωa, for all 0 ≤ ω < 16.
ret = (ret & 0xf0) | 0x0a;
ret |= ret << 8;
@@ -394,7 +394,7 @@
finished_ok = 1;
#endif
if (!finished_ok) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
OPENSSL_PUT_ERROR(SSL, SSL_R_DIGEST_CHECK_FAILED);
return ssl_hs_error;
}
diff --git a/ssl/handshake_client.cc b/ssl/handshake_client.cc
index b2d5384..bf9209f 100644
--- a/ssl/handshake_client.cc
+++ b/ssl/handshake_client.cc
@@ -358,7 +358,7 @@
SSL *const ssl = hs->ssl;
if (msg.type != SSL3_MT_SERVER_HELLO &&
msg.type != SSL3_MT_HELLO_RETRY_REQUEST) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
return 0;
}
@@ -366,7 +366,7 @@
CBS server_hello = msg.body;
if (!CBS_get_u16(&server_hello, out)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return 0;
}
@@ -382,7 +382,7 @@
!CBS_skip(&server_hello, sid_length + 2 /* cipher_suite */ +
1 /* compression_method */)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return 0;
}
@@ -395,7 +395,7 @@
if (!CBS_get_u16_length_prefixed(&server_hello, &extensions) ||
CBS_len(&server_hello) != 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return 0;
}
@@ -410,14 +410,14 @@
if (!ssl_parse_extensions(&extensions, &alert, ext_types,
OPENSSL_ARRAY_SIZE(ext_types),
1 /* ignore unknown */)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
return 0;
}
if (have_supported_versions &&
(!CBS_get_u16(&supported_versions, out) ||
CBS_len(&supported_versions) != 0)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return 0;
}
@@ -542,7 +542,7 @@
CBS_len(&cookie) > sizeof(ssl->d1->cookie) ||
CBS_len(&hello_verify_request) != 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return ssl_hs_error;
}
@@ -578,7 +578,7 @@
if (!ssl_supports_version(hs, server_version)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_UNSUPPORTED_PROTOCOL);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_PROTOCOL_VERSION);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_PROTOCOL_VERSION);
return ssl_hs_error;
}
@@ -591,11 +591,11 @@
ssl->s3->aead_write_ctx->SetVersionIfNullCipher(ssl->version);
} else if (server_version != ssl->version) {
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SSL_VERSION);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_PROTOCOL_VERSION);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_PROTOCOL_VERSION);
return ssl_hs_error;
}
- if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
hs->state = state_tls13;
return ssl_hs_ok;
}
@@ -609,7 +609,7 @@
// fallback described in draft-ietf-tls-tls13-18 appendix C.3.
if (hs->early_data_offered) {
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_VERSION_ON_EARLY_DATA);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_PROTOCOL_VERSION);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_PROTOCOL_VERSION);
return ssl_hs_error;
}
@@ -627,7 +627,7 @@
!CBS_get_u16(&server_hello, &cipher_suite) ||
!CBS_get_u8(&server_hello, &compression_method)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return ssl_hs_error;
}
@@ -648,7 +648,7 @@
// fill out.
ssl_set_session(ssl, NULL);
if (!ssl_get_new_session(hs, 0 /* client */)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return ssl_hs_error;
}
// Note: session_id could be empty.
@@ -661,7 +661,7 @@
if (cipher == NULL) {
// unknown cipher
OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CIPHER_RETURNED);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
return ssl_hs_error;
}
@@ -669,30 +669,30 @@
uint32_t mask_a, mask_k;
ssl_get_client_disabled(ssl, &mask_a, &mask_k);
if ((cipher->algorithm_mkey & mask_k) || (cipher->algorithm_auth & mask_a) ||
- SSL_CIPHER_get_min_version(cipher) > ssl3_protocol_version(ssl) ||
- SSL_CIPHER_get_max_version(cipher) < ssl3_protocol_version(ssl) ||
+ SSL_CIPHER_get_min_version(cipher) > ssl_protocol_version(ssl) ||
+ SSL_CIPHER_get_max_version(cipher) < ssl_protocol_version(ssl) ||
!sk_SSL_CIPHER_find(SSL_get_ciphers(ssl), NULL, cipher)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CIPHER_RETURNED);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
return ssl_hs_error;
}
if (ssl->session != NULL) {
if (ssl->session->ssl_version != ssl->version) {
OPENSSL_PUT_ERROR(SSL, SSL_R_OLD_SESSION_VERSION_NOT_RETURNED);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
return ssl_hs_error;
}
if (ssl->session->cipher != cipher) {
OPENSSL_PUT_ERROR(SSL, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
return ssl_hs_error;
}
if (!ssl_session_is_context_valid(ssl, ssl->session)) {
// This is actually a client application bug.
OPENSSL_PUT_ERROR(SSL,
SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
return ssl_hs_error;
}
} else {
@@ -702,9 +702,9 @@
// Now that the cipher is known, initialize the handshake hash and hash the
// ServerHello.
- if (!hs->transcript.InitHash(ssl3_protocol_version(ssl), hs->new_cipher) ||
+ if (!hs->transcript.InitHash(ssl_protocol_version(ssl), hs->new_cipher) ||
!ssl_hash_message(hs, msg)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return ssl_hs_error;
}
@@ -719,7 +719,7 @@
// Only the NULL compression algorithm is supported.
if (compression_method != 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
return ssl_hs_error;
}
@@ -733,7 +733,7 @@
if (CBS_len(&server_hello) != 0) {
// wrong packet length
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return ssl_hs_error;
}
@@ -744,7 +744,7 @@
} else {
OPENSSL_PUT_ERROR(SSL, SSL_R_RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION);
}
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
return ssl_hs_error;
}
@@ -792,7 +792,7 @@
UniquePtr<STACK_OF(CRYPTO_BUFFER)> chain;
if (!ssl_parse_cert_chain(&alert, &chain, &hs->peer_pubkey, NULL, &body,
ssl->ctx->pool)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
return ssl_hs_error;
}
sk_CRYPTO_BUFFER_pop_free(hs->new_session->certs, CRYPTO_BUFFER_free);
@@ -802,14 +802,14 @@
CBS_len(&body) != 0 ||
!ssl->ctx->x509_method->session_cache_objects(hs->new_session.get())) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return ssl_hs_error;
}
if (!ssl_check_leaf_certificate(
hs, hs->peer_pubkey.get(),
sk_CRYPTO_BUFFER_value(hs->new_session->certs, 0))) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
return ssl_hs_error;
}
@@ -851,7 +851,7 @@
CBS_len(&ocsp_response) == 0 ||
CBS_len(&certificate_status) != 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return ssl_hs_error;
}
@@ -859,7 +859,7 @@
hs->new_session->ocsp_response =
CRYPTO_BUFFER_new_from_CBS(&ocsp_response, ssl->ctx->pool);
if (hs->new_session->ocsp_response == nullptr) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return ssl_hs_error;
}
@@ -900,7 +900,7 @@
// Some ciphers (pure PSK) have an optional ServerKeyExchange message.
if (ssl_cipher_requires_server_key_exchange(hs->new_cipher)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
return ssl_hs_error;
}
@@ -922,21 +922,21 @@
if (!CBS_get_u16_length_prefixed(&server_key_exchange,
&psk_identity_hint)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return ssl_hs_error;
}
- // Store PSK identity hint for later use, hint is used in
- // ssl3_send_client_key_exchange. Assume that the maximum length of a PSK
- // identity hint can be as long as the maximum length of a PSK identity.
- // Also do not allow NULL characters; identities are saved as C strings.
+ // Store the PSK identity hint for the ClientKeyExchange. Assume that the
+ // maximum length of a PSK identity hint can be as long as the maximum
+ // length of a PSK identity. Also do not allow NULL characters; identities
+ // are saved as C strings.
//
// TODO(davidben): Should invalid hints be ignored? It's a hint rather than
// a specific identity.
if (CBS_len(&psk_identity_hint) > PSK_MAX_IDENTITY_LEN ||
CBS_contains_zero_byte(&psk_identity_hint)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DATA_LENGTH_TOO_LONG);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
return ssl_hs_error;
}
@@ -949,7 +949,7 @@
if (CBS_len(&psk_identity_hint) != 0 &&
!CBS_strdup(&psk_identity_hint, &raw)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return ssl_hs_error;
}
hs->peer_psk_identity_hint.reset(raw);
@@ -965,7 +965,7 @@
!CBS_get_u16(&server_key_exchange, &group_id) ||
!CBS_get_u8_length_prefixed(&server_key_exchange, &point)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return ssl_hs_error;
}
hs->new_session->group_id = group_id;
@@ -973,7 +973,7 @@
// Ensure the group is consistent with preferences.
if (!tls1_check_group_id(ssl, group_id)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CURVE);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
return ssl_hs_error;
}
@@ -985,7 +985,7 @@
}
} else if (!(alg_k & SSL_kPSK)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
return ssl_hs_error;
}
@@ -999,22 +999,22 @@
// ServerKeyExchange should be signed by the server's public key.
if (ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
uint16_t signature_algorithm = 0;
- if (ssl3_protocol_version(ssl) >= TLS1_2_VERSION) {
+ if (ssl_protocol_version(ssl) >= TLS1_2_VERSION) {
if (!CBS_get_u16(&server_key_exchange, &signature_algorithm)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return ssl_hs_error;
}
uint8_t alert = SSL_AD_DECODE_ERROR;
if (!tls12_check_peer_sigalg(ssl, &alert, signature_algorithm)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
return ssl_hs_error;
}
hs->new_session->peer_signature_algorithm = signature_algorithm;
} else if (!tls1_get_legacy_signature_algorithm(&signature_algorithm,
hs->peer_pubkey.get())) {
OPENSSL_PUT_ERROR(SSL, SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_CERTIFICATE);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_CERTIFICATE);
return ssl_hs_error;
}
@@ -1023,7 +1023,7 @@
if (!CBS_get_u16_length_prefixed(&server_key_exchange, &signature) ||
CBS_len(&server_key_exchange) != 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return ssl_hs_error;
}
@@ -1040,7 +1040,7 @@
CBS_len(¶meter)) ||
!CBB_finish(transcript.get(), &transcript_data, &transcript_len)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return ssl_hs_error;
}
@@ -1056,7 +1056,7 @@
if (!sig_ok) {
// bad signature
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SIGNATURE);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
return ssl_hs_error;
}
} else {
@@ -1065,7 +1065,7 @@
if (CBS_len(&server_key_exchange) > 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_EXTRA_DATA_IN_MESSAGE);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return ssl_hs_error;
}
}
@@ -1104,21 +1104,21 @@
// Get the certificate types.
CBS body = msg.body, certificate_types;
if (!CBS_get_u8_length_prefixed(&body, &certificate_types)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
return ssl_hs_error;
}
if (!hs->certificate_types.CopyFrom(certificate_types)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return ssl_hs_error;
}
- if (ssl3_protocol_version(ssl) >= TLS1_2_VERSION) {
+ if (ssl_protocol_version(ssl) >= TLS1_2_VERSION) {
CBS supported_signature_algorithms;
if (!CBS_get_u16_length_prefixed(&body, &supported_signature_algorithms) ||
!tls1_parse_peer_sigalgs(hs, &supported_signature_algorithms)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
return ssl_hs_error;
}
@@ -1128,12 +1128,12 @@
UniquePtr<STACK_OF(CRYPTO_BUFFER)> ca_names =
ssl_parse_client_CA_list(ssl, &alert, &body);
if (!ca_names) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
return ssl_hs_error;
}
if (CBS_len(&body) != 0) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
return ssl_hs_error;
}
@@ -1161,7 +1161,7 @@
// ServerHelloDone is empty.
if (CBS_len(&msg.body) != 0) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
return ssl_hs_error;
}
@@ -1184,7 +1184,7 @@
if (ssl->cert->cert_cb != NULL) {
int rv = ssl->cert->cert_cb(ssl, ssl->cert->cert_cb_arg);
if (rv == 0) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
OPENSSL_PUT_ERROR(SSL, SSL_R_CERT_CB_ERROR);
return ssl_hs_error;
}
@@ -1251,7 +1251,7 @@
identity, sizeof(identity), psk, sizeof(psk));
if (psk_len == 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_PSK_IDENTITY_NOT_FOUND);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
return ssl_hs_error;
}
assert(psk_len <= PSK_MAX_PSK_LEN);
@@ -1319,7 +1319,7 @@
// Compute the premaster.
uint8_t alert = SSL_AD_DECODE_ERROR;
if (!hs->key_share->Accept(&child, &pms, &alert, hs->peer_key)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
return ssl_hs_error;
}
if (!CBB_flush(&body)) {
@@ -1337,7 +1337,7 @@
}
OPENSSL_memset(pms.data(), 0, pms.size());
} else {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
return ssl_hs_error;
}
@@ -1399,7 +1399,7 @@
if (!tls1_choose_signature_algorithm(hs, &signature_algorithm)) {
return ssl_hs_error;
}
- if (ssl3_protocol_version(ssl) >= TLS1_2_VERSION) {
+ if (ssl_protocol_version(ssl) >= TLS1_2_VERSION) {
// Write out the digest type in TLS 1.2.
if (!CBB_add_u16(&body, signature_algorithm)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
@@ -1418,7 +1418,7 @@
size_t sig_len = max_sig_len;
// The SSL3 construction for CertificateVerify does not decompose into a
// single final digest and signature, and must be special-cased.
- if (ssl3_protocol_version(ssl) == SSL3_VERSION) {
+ if (ssl_protocol_version(ssl) == SSL3_VERSION) {
if (ssl->cert->key_method != NULL) {
OPENSSL_PUT_ERROR(SSL, SSL_R_UNSUPPORTED_PROTOCOL_FOR_CUSTOM_KEY);
return ssl_hs_error;
@@ -1570,7 +1570,7 @@
if (!CBS_get_u32(&new_session_ticket, &tlsext_tick_lifetime_hint) ||
!CBS_get_u16_length_prefixed(&new_session_ticket, &ticket) ||
CBS_len(&new_session_ticket) != 0) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
return ssl_hs_error;
}
diff --git a/ssl/handshake_server.cc b/ssl/handshake_server.cc
index 5507250..bce9502 100644
--- a/ssl/handshake_server.cc
+++ b/ssl/handshake_server.cc
@@ -281,7 +281,7 @@
// Handle FALLBACK_SCSV.
if (ssl_client_cipher_list_contains_cipher(client_hello,
SSL3_CK_FALLBACK_SCSV & 0xffff) &&
- ssl3_protocol_version(ssl) < hs->max_version) {
+ ssl_protocol_version(ssl) < hs->max_version) {
OPENSSL_PUT_ERROR(SSL, SSL_R_INAPPROPRIATE_FALLBACK);
*out_alert = SSL3_AD_INAPPROPRIATE_FALLBACK;
return 0;
@@ -392,8 +392,8 @@
size_t cipher_index;
if (// Check if the cipher is supported for the current version.
- SSL_CIPHER_get_min_version(c) <= ssl3_protocol_version(ssl) &&
- ssl3_protocol_version(ssl) <= SSL_CIPHER_get_max_version(c) &&
+ SSL_CIPHER_get_min_version(c) <= ssl_protocol_version(ssl) &&
+ ssl_protocol_version(ssl) <= SSL_CIPHER_get_max_version(c) &&
// Check the cipher is supported for the server configuration.
(c->algorithm_mkey & mask_k) &&
(c->algorithm_auth & mask_a) &&
@@ -444,7 +444,7 @@
SSL_CLIENT_HELLO client_hello;
if (!ssl_client_hello_init(ssl, &client_hello, msg)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return ssl_hs_error;
}
@@ -457,7 +457,7 @@
case ssl_select_cert_error:
// Connection rejected.
OPENSSL_PUT_ERROR(SSL, SSL_R_CONNECTION_REJECTED);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
return ssl_hs_error;
default:
@@ -472,7 +472,7 @@
uint8_t alert = SSL_AD_DECODE_ERROR;
if (!negotiate_version(hs, &alert, &client_hello)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
return ssl_hs_error;
}
@@ -488,10 +488,10 @@
// advertise no other compression.
if (OPENSSL_memchr(client_hello.compression_methods, 0,
client_hello.compression_methods_len) == NULL ||
- (ssl3_protocol_version(ssl) >= TLS1_3_VERSION &&
+ (ssl_protocol_version(ssl) >= TLS1_3_VERSION &&
client_hello.compression_methods_len != 1)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_COMPRESSION_LIST);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
return ssl_hs_error;
}
@@ -518,7 +518,7 @@
int rv = ssl->cert->cert_cb(ssl, ssl->cert->cert_cb_arg);
if (rv == 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_CERT_CB_ERROR);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return ssl_hs_error;
}
if (rv < 0) {
@@ -530,7 +530,7 @@
return ssl_hs_error;
}
- if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
// Jump to the TLS 1.3 state machine.
hs->state = state_tls13;
return ssl_hs_ok;
@@ -547,7 +547,7 @@
ssl3_choose_cipher(hs, &client_hello, ssl_get_cipher_preferences(ssl));
if (hs->new_cipher == NULL) {
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_SHARED_CIPHER);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
return ssl_hs_error;
}
@@ -592,7 +592,7 @@
// A ClientHello without EMS that attempts to resume a session with EMS
// is fatal to the connection.
OPENSSL_PUT_ERROR(SSL, SSL_R_RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
return ssl_hs_error;
}
@@ -626,7 +626,7 @@
ssl->ctx->dos_protection_cb(&client_hello) == 0) {
// Connection rejected for DOS reasons.
OPENSSL_PUT_ERROR(SSL, SSL_R_CONNECTION_REJECTED);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return ssl_hs_error;
}
@@ -656,15 +656,15 @@
// deferred. Complete it now.
uint8_t alert = SSL_AD_DECODE_ERROR;
if (!ssl_negotiate_alpn(hs, &alert, &client_hello)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
return ssl_hs_error;
}
// Now that all parameters are known, initialize the handshake hash and hash
// the ClientHello.
- if (!hs->transcript.InitHash(ssl3_protocol_version(ssl), hs->new_cipher) ||
+ if (!hs->transcript.InitHash(ssl_protocol_version(ssl), hs->new_cipher) ||
!ssl_hash_message(hs, msg)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return ssl_hs_error;
}
@@ -800,7 +800,7 @@
uint16_t group_id;
if (!tls1_get_shared_group(hs, &group_id)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
return ssl_hs_error;
}
hs->new_session->group_id = group_id;
@@ -849,7 +849,7 @@
// Add a signature.
if (ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
if (!ssl_has_private_key(ssl)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return ssl_hs_error;
}
@@ -858,10 +858,10 @@
if (!tls1_choose_signature_algorithm(hs, &signature_algorithm)) {
return ssl_hs_error;
}
- if (ssl3_protocol_version(ssl) >= TLS1_2_VERSION) {
+ if (ssl_protocol_version(ssl) >= TLS1_2_VERSION) {
if (!CBB_add_u16(&body, signature_algorithm)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return ssl_hs_error;
}
}
@@ -912,9 +912,9 @@
SSL3_MT_CERTIFICATE_REQUEST) ||
!CBB_add_u8_length_prefixed(&body, &cert_types) ||
!CBB_add_u8(&cert_types, SSL3_CT_RSA_SIGN) ||
- (ssl3_protocol_version(ssl) >= TLS1_VERSION &&
+ (ssl_protocol_version(ssl) >= TLS1_VERSION &&
!CBB_add_u8(&cert_types, TLS_CT_ECDSA_SIGN)) ||
- (ssl3_protocol_version(ssl) >= TLS1_2_VERSION &&
+ (ssl_protocol_version(ssl) >= TLS1_2_VERSION &&
(!CBB_add_u16_length_prefixed(&body, &sigalgs_cbb) ||
!tls12_add_verify_sigalgs(ssl, &sigalgs_cbb))) ||
!ssl_add_client_CA_list(ssl, &body) ||
@@ -955,7 +955,7 @@
// certificate.
if (ssl->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
OPENSSL_PUT_ERROR(SSL, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
return ssl_hs_error;
}
@@ -967,7 +967,7 @@
}
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
return ssl_hs_error;
}
@@ -983,7 +983,7 @@
? hs->new_session->peer_sha256
: NULL,
&certificate_msg, ssl->ctx->pool)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
return ssl_hs_error;
}
sk_CRYPTO_BUFFER_pop_free(hs->new_session->certs, CRYPTO_BUFFER_free);
@@ -992,7 +992,7 @@
if (CBS_len(&certificate_msg) != 0 ||
!ssl->ctx->x509_method->session_cache_objects(hs->new_session.get())) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return ssl_hs_error;
}
@@ -1004,14 +1004,14 @@
// Certificate message.
if (ssl->version == SSL3_VERSION) {
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CERTIFICATES_RETURNED);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
return ssl_hs_error;
}
if (ssl->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
// Fail for TLS only if we required a certificate
OPENSSL_PUT_ERROR(SSL, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
return ssl_hs_error;
}
@@ -1068,20 +1068,20 @@
if (!CBS_get_u16_length_prefixed(&client_key_exchange, &psk_identity) ||
((alg_k & SSL_kPSK) && CBS_len(&client_key_exchange) != 0)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return ssl_hs_error;
}
if (CBS_len(&psk_identity) > PSK_MAX_IDENTITY_LEN ||
CBS_contains_zero_byte(&psk_identity)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DATA_LENGTH_TOO_LONG);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
return ssl_hs_error;
}
if (!CBS_strdup(&psk_identity, &hs->new_session->psk_identity)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return ssl_hs_error;
}
}
@@ -1095,7 +1095,7 @@
&encrypted_premaster_secret) ||
CBS_len(&client_key_exchange) != 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return ssl_hs_error;
}
} else {
@@ -1125,7 +1125,7 @@
if (decrypt_len != decrypt_buf.size()) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECRYPTION_FAILED);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
return ssl_hs_error;
}
@@ -1140,7 +1140,7 @@
// publicly invalid.
if (decrypt_len < 11 + premaster_secret.size()) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECRYPTION_FAILED);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
return ssl_hs_error;
}
@@ -1172,14 +1172,14 @@
if (!CBS_get_u8_length_prefixed(&client_key_exchange, &peer_key) ||
CBS_len(&client_key_exchange) != 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return ssl_hs_error;
}
// Compute the premaster.
uint8_t alert = SSL_AD_DECODE_ERROR;
if (!hs->key_share->Finish(&premaster_secret, &alert, peer_key)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
return ssl_hs_error;
}
@@ -1187,7 +1187,7 @@
hs->key_share.reset();
} else if (!(alg_k & SSL_kPSK)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
return ssl_hs_error;
}
@@ -1196,7 +1196,7 @@
if (alg_a & SSL_aPSK) {
if (ssl->psk_server_callback == NULL) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return ssl_hs_error;
}
@@ -1206,12 +1206,12 @@
ssl, hs->new_session->psk_identity, psk, sizeof(psk));
if (psk_len > PSK_MAX_PSK_LEN) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return ssl_hs_error;
} else if (psk_len == 0) {
// PSK related to the given identity not found.
OPENSSL_PUT_ERROR(SSL, SSL_R_PSK_IDENTITY_NOT_FOUND);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNKNOWN_PSK_IDENTITY);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNKNOWN_PSK_IDENTITY);
return ssl_hs_error;
}
@@ -1285,22 +1285,22 @@
// Determine the signature algorithm.
uint16_t signature_algorithm = 0;
- if (ssl3_protocol_version(ssl) >= TLS1_2_VERSION) {
+ if (ssl_protocol_version(ssl) >= TLS1_2_VERSION) {
if (!CBS_get_u16(&certificate_verify, &signature_algorithm)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return ssl_hs_error;
}
uint8_t alert = SSL_AD_DECODE_ERROR;
if (!tls12_check_peer_sigalg(ssl, &alert, signature_algorithm)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
return ssl_hs_error;
}
hs->new_session->peer_signature_algorithm = signature_algorithm;
} else if (!tls1_get_legacy_signature_algorithm(&signature_algorithm,
hs->peer_pubkey.get())) {
OPENSSL_PUT_ERROR(SSL, SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_CERTIFICATE);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_CERTIFICATE);
return ssl_hs_error;
}
@@ -1308,14 +1308,14 @@
if (!CBS_get_u16_length_prefixed(&certificate_verify, &signature) ||
CBS_len(&certificate_verify) != 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return ssl_hs_error;
}
int sig_ok;
// The SSL3 construction for CertificateVerify does not decompose into a
// single final digest and signature, and must be special-cased.
- if (ssl3_protocol_version(ssl) == SSL3_VERSION) {
+ if (ssl_protocol_version(ssl) == SSL3_VERSION) {
uint8_t digest[EVP_MAX_MD_SIZE];
size_t digest_len;
if (!hs->transcript.GetSSL3CertVerifyHash(
@@ -1342,7 +1342,7 @@
#endif
if (!sig_ok) {
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SIGNATURE);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
return ssl_hs_error;
}
@@ -1395,7 +1395,7 @@
!CBS_get_u8_length_prefixed(&next_protocol, &padding) ||
CBS_len(&next_protocol) != 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return ssl_hs_error;
}
diff --git a/ssl/internal.h b/ssl/internal.h
index 09bda6e..8b98ba5 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -388,9 +388,9 @@
bool ssl_negotiate_version(SSL_HANDSHAKE *hs, uint8_t *out_alert,
uint16_t *out_version, const CBS *peer_versions);
-// ssl3_protocol_version returns |ssl|'s protocol version. It is an error to
+// ssl_protocol_version returns |ssl|'s protocol version. It is an error to
// call this function before the version is determined.
-uint16_t ssl3_protocol_version(const SSL *ssl);
+uint16_t ssl_protocol_version(const SSL *ssl);
// ssl_is_resumption_experiment returns whether the version corresponds to a
// TLS 1.3 resumption experiment.
@@ -2673,7 +2673,7 @@
void ssl_update_cache(SSL_HANDSHAKE *hs, int mode);
enum ssl_hs_wait_t ssl_get_finished(SSL_HANDSHAKE *hs);
-int ssl3_send_alert(SSL *ssl, int level, int desc);
+int ssl_send_alert(SSL *ssl, int level, int desc);
bool ssl3_get_message(SSL *ssl, SSLMessage *out);
int ssl3_read_message(SSL *ssl);
void ssl3_next_message(SSL *ssl);
diff --git a/ssl/s3_both.cc b/ssl/s3_both.cc
index 28eebdd..8442c62 100644
--- a/ssl/s3_both.cc
+++ b/ssl/s3_both.cc
@@ -552,7 +552,7 @@
// Enforce the limit so the peer cannot force us to buffer 16MB.
if (bytes_needed > 4 + ssl_max_handshake_message_len(ssl)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESSIVE_MESSAGE_SIZE);
return -1;
}
diff --git a/ssl/s3_pkt.cc b/ssl/s3_pkt.cc
index 8911c98..890e8b7 100644
--- a/ssl/s3_pkt.cc
+++ b/ssl/s3_pkt.cc
@@ -179,7 +179,7 @@
case ssl_open_record_error:
if (alert != 0) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
}
return -1;
}
@@ -394,15 +394,15 @@
// by an alert.
if (SSL_in_init(ssl)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_RECORD);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
return -1;
}
// Post-handshake data prior to TLS 1.3 is always renegotiation, which we
// never accept as a server. Otherwise |ssl3_get_message| will send
// |SSL_R_EXCESSIVE_MESSAGE_SIZE|.
- if (ssl->server && ssl3_protocol_version(ssl) < TLS1_3_VERSION) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_NO_RENEGOTIATION);
+ if (ssl->server && ssl_protocol_version(ssl) < TLS1_3_VERSION) {
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_NO_RENEGOTIATION);
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_RENEGOTIATION);
return -1;
}
@@ -419,7 +419,7 @@
const int is_early_data_read = ssl->server &&
ssl->s3->hs != NULL &&
ssl->s3->hs->can_early_read &&
- ssl3_protocol_version(ssl) >= TLS1_3_VERSION;
+ ssl_protocol_version(ssl) >= TLS1_3_VERSION;
// Handle the end_of_early_data alert.
if (rr->type == SSL3_RT_ALERT &&
@@ -438,14 +438,14 @@
if (rr->type != SSL3_RT_APPLICATION_DATA) {
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_RECORD);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
return -1;
}
if (is_early_data_read) {
if (rr->length > kMaxEarlyDataAccepted - ssl->s3->hs->early_data_read) {
OPENSSL_PUT_ERROR(SSL, SSL_R_TOO_MUCH_READ_EARLY_DATA);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL3_AD_UNEXPECTED_MESSAGE);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL3_AD_UNEXPECTED_MESSAGE);
return -1;
}
@@ -471,14 +471,14 @@
}
if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_RECORD);
return -1;
}
if (rr->length != 1 || rr->data[0] != SSL3_MT_CCS) {
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_CHANGE_CIPHER_SPEC);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
return -1;
}
@@ -516,13 +516,13 @@
if (!ssl->server && rr->type == SSL3_RT_APPLICATION_DATA &&
ssl->s3->aead_read_ctx->is_null_cipher()) {
OPENSSL_PUT_ERROR(SSL, SSL_R_APPLICATION_DATA_INSTEAD_OF_HANDSHAKE);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
return -1;
}
if (rr->type != SSL3_RT_HANDSHAKE) {
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_RECORD);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
return -1;
}
@@ -534,7 +534,7 @@
}
}
-int ssl3_send_alert(SSL *ssl, int level, int desc) {
+int ssl_send_alert(SSL *ssl, int level, int desc) {
// It is illegal to send an alert when we've already sent a closing one.
if (ssl->s3->write_shutdown != ssl_shutdown_none) {
OPENSSL_PUT_ERROR(SSL, SSL_R_PROTOCOL_IS_SHUTDOWN);
diff --git a/ssl/ssl_cert.cc b/ssl/ssl_cert.cc
index de761d6..cd586a0 100644
--- a/ssl/ssl_cert.cc
+++ b/ssl/ssl_cert.cc
@@ -732,7 +732,7 @@
int ssl_check_leaf_certificate(SSL_HANDSHAKE *hs, EVP_PKEY *pkey,
const CRYPTO_BUFFER *leaf) {
SSL *const ssl = hs->ssl;
- assert(ssl3_protocol_version(ssl) < TLS1_3_VERSION);
+ assert(ssl_protocol_version(ssl) < TLS1_3_VERSION);
// Check the certificate's type matches the cipher.
if (!(hs->new_cipher->algorithm_auth & ssl_cipher_auth_mask_for_key(pkey))) {
diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index 1fed95c..48ca9ff 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc
@@ -852,7 +852,7 @@
}
static int ssl_do_post_handshake(SSL *ssl, const SSLMessage &msg) {
- if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
return tls13_post_handshake(ssl, msg);
}
@@ -864,7 +864,7 @@
}
if (msg.type != SSL3_MT_HELLO_REQUEST || CBS_len(&msg.body) != 0) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_HELLO_REQUEST);
return 0;
}
@@ -909,7 +909,7 @@
return 1;
no_renegotiation:
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_NO_RENEGOTIATION);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_NO_RENEGOTIATION);
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_RENEGOTIATION);
return 0;
}
@@ -1032,7 +1032,7 @@
if (ssl->s3->write_shutdown != ssl_shutdown_close_notify) {
// Send a close_notify.
- if (ssl3_send_alert(ssl, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY) <= 0) {
+ if (ssl_send_alert(ssl, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY) <= 0) {
return -1;
}
} else if (ssl->s3->alert_dispatch) {
@@ -1063,7 +1063,7 @@
return ssl->method->dispatch_alert(ssl);
}
- return ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
+ return ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
}
void SSL_CTX_set_early_data_enabled(SSL_CTX *ctx, int enabled) {
@@ -1272,8 +1272,8 @@
// tls-unique is not defined for SSL 3.0 or TLS 1.3.
if (!ssl->s3->initial_handshake_complete ||
- ssl3_protocol_version(ssl) < TLS1_VERSION ||
- ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
+ ssl_protocol_version(ssl) < TLS1_VERSION ||
+ ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
return 0;
}
@@ -1411,8 +1411,8 @@
size_t SSL_get_finished(const SSL *ssl, void *buf, size_t count) {
if (!ssl->s3->initial_handshake_complete ||
- ssl3_protocol_version(ssl) < TLS1_VERSION ||
- ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
+ ssl_protocol_version(ssl) < TLS1_VERSION ||
+ ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
return 0;
}
@@ -1427,8 +1427,8 @@
size_t SSL_get_peer_finished(const SSL *ssl, void *buf, size_t count) {
if (!ssl->s3->initial_handshake_complete ||
- ssl3_protocol_version(ssl) < TLS1_VERSION ||
- ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
+ ssl_protocol_version(ssl) < TLS1_VERSION ||
+ ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
return 0;
}
@@ -1449,7 +1449,7 @@
if (!ssl->s3->have_version) {
return 0;
}
- if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
return 1;
}
@@ -1567,7 +1567,7 @@
if (!ssl->s3->have_version) {
return 0;
}
- return ssl3_protocol_version(ssl) >= TLS1_3_VERSION ||
+ return ssl_protocol_version(ssl) >= TLS1_3_VERSION ||
ssl->s3->send_connection_binding;
}
diff --git a/ssl/ssl_privkey.cc b/ssl/ssl_privkey.cc
index d275561..a07f291 100644
--- a/ssl/ssl_privkey.cc
+++ b/ssl/ssl_privkey.cc
@@ -147,7 +147,7 @@
return 0;
}
- if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
// RSA keys may only be used with RSA-PSS.
if (alg->pkey_type == EVP_PKEY_RSA && !alg->is_rsa_pss) {
return 0;
diff --git a/ssl/ssl_session.cc b/ssl/ssl_session.cc
index aff9c0f..ea3c53f 100644
--- a/ssl/ssl_session.cc
+++ b/ssl/ssl_session.cc
@@ -377,7 +377,7 @@
ssl_get_current_time(ssl, &now);
session->time = now.tv_sec;
- uint16_t version = ssl3_protocol_version(ssl);
+ uint16_t version = ssl_protocol_version(ssl);
if (version >= TLS1_3_VERSION) {
// TLS 1.3 uses tickets as authenticators, so we are willing to use them for
// longer.
diff --git a/ssl/ssl_versions.cc b/ssl/ssl_versions.cc
index 56653b1..ccae6ef 100644
--- a/ssl/ssl_versions.cc
+++ b/ssl/ssl_versions.cc
@@ -287,7 +287,7 @@
return ssl->version;
}
-uint16_t ssl3_protocol_version(const SSL *ssl) {
+uint16_t ssl_protocol_version(const SSL *ssl) {
assert(ssl->s3->have_version);
uint16_t version;
if (!ssl_protocol_version_from_wire(&version, ssl->version)) {
diff --git a/ssl/t1_enc.cc b/ssl/t1_enc.cc
index 85c368c..e1578bd 100644
--- a/ssl/t1_enc.cc
+++ b/ssl/t1_enc.cc
@@ -331,7 +331,7 @@
size_t mac_secret_len, fixed_iv_len;
if (session->cipher == NULL ||
!ssl_cipher_get_evp_aead(&aead, &mac_secret_len, &fixed_iv_len,
- session->cipher, ssl3_protocol_version(ssl),
+ session->cipher, ssl_protocol_version(ssl),
SSL_is_dtls(ssl))) {
OPENSSL_PUT_ERROR(SSL, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
return 0;
@@ -422,7 +422,7 @@
return 0;
}
} else {
- if (ssl3_protocol_version(ssl) == SSL3_VERSION) {
+ if (ssl_protocol_version(ssl) == SSL3_VERSION) {
if (!ssl3_prf(out, SSL3_MASTER_SECRET_SIZE, premaster, premaster_len,
TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE,
ssl->s3->client_random, SSL3_RANDOM_SIZE,
@@ -455,7 +455,7 @@
int SSL_generate_key_block(const SSL *ssl, uint8_t *out, size_t out_len) {
const SSL_SESSION *session = SSL_get_session(ssl);
- if (ssl3_protocol_version(ssl) == SSL3_VERSION) {
+ if (ssl_protocol_version(ssl) == SSL3_VERSION) {
return ssl3_prf(out, out_len, session->master_key,
session->master_key_length, TLS_MD_KEY_EXPANSION_CONST,
TLS_MD_KEY_EXPANSION_CONST_SIZE, ssl->s3->server_random,
@@ -482,7 +482,7 @@
return 0;
}
- if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
return tls13_export_keying_material(ssl, out, out_len, label, label_len,
context, context_len, use_context);
}
diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc
index 5d27f63..3ebb15d 100644
--- a/ssl/t1_lib.cc
+++ b/ssl/t1_lib.cc
@@ -694,7 +694,7 @@
static bool ext_ri_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
CBS *contents) {
SSL *const ssl = hs->ssl;
- if (contents != NULL && ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
+ if (contents != NULL && ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
return false;
}
@@ -781,7 +781,7 @@
// called after the initial handshake.
assert(!ssl->s3->initial_handshake_complete);
- if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
return true;
}
@@ -815,7 +815,7 @@
// called after the initial handshake.
assert(!ssl->s3->initial_handshake_complete);
- if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
return true;
}
@@ -852,7 +852,7 @@
SSL *const ssl = hs->ssl;
if (contents != NULL) {
- if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION ||
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION ||
ssl->version == SSL3_VERSION ||
CBS_len(contents) != 0) {
return false;
@@ -875,7 +875,7 @@
static bool ext_ems_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
CBS *contents) {
- uint16_t version = ssl3_protocol_version(hs->ssl);
+ uint16_t version = ssl_protocol_version(hs->ssl);
if (version >= TLS1_3_VERSION ||
version == SSL3_VERSION) {
return true;
@@ -953,7 +953,7 @@
return true;
}
- if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
return false;
}
@@ -1059,7 +1059,7 @@
}
// TLS 1.3 OCSP responses are included in the Certificate extensions.
- if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
return false;
}
@@ -1097,7 +1097,7 @@
static bool ext_ocsp_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
- if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION ||
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION ||
!hs->ocsp_stapling_requested ||
ssl->cert->ocsp_response == NULL ||
ssl->s3->session_reused ||
@@ -1139,7 +1139,7 @@
return true;
}
- if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
return false;
}
@@ -1194,7 +1194,7 @@
static bool ext_npn_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
CBS *contents) {
SSL *const ssl = hs->ssl;
- if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
return true;
}
@@ -1269,7 +1269,7 @@
}
// TLS 1.3 SCTs are included in the Certificate extensions.
- if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
*out_alert = SSL_AD_DECODE_ERROR;
return false;
}
@@ -1318,7 +1318,7 @@
static bool ext_sct_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
// The extension shouldn't be sent when resuming sessions.
- if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION ||
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION ||
ssl->s3->session_reused ||
ssl->cert->signed_cert_timestamp_list == NULL) {
return true;
@@ -1754,7 +1754,7 @@
return true;
}
- if (ssl3_protocol_version(hs->ssl) >= TLS1_3_VERSION) {
+ if (ssl_protocol_version(hs->ssl) >= TLS1_3_VERSION) {
return false;
}
@@ -1778,7 +1778,7 @@
static bool ext_ec_point_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
CBS *contents) {
- if (ssl3_protocol_version(hs->ssl) >= TLS1_3_VERSION) {
+ if (ssl_protocol_version(hs->ssl) >= TLS1_3_VERSION) {
return true;
}
@@ -1787,7 +1787,7 @@
static bool ext_ec_point_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
- if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
return true;
}
@@ -2043,7 +2043,7 @@
uint8_t *out_alert, CBS *contents) {
SSL *const ssl = hs->ssl;
if (contents == NULL ||
- ssl3_protocol_version(ssl) < TLS1_3_VERSION) {
+ ssl_protocol_version(ssl) < TLS1_3_VERSION) {
return true;
}
@@ -2707,7 +2707,7 @@
}
// Discard empty extensions blocks before TLS 1.3.
- if (ssl3_protocol_version(ssl) < TLS1_3_VERSION &&
+ if (ssl_protocol_version(ssl) < TLS1_3_VERSION &&
CBB_len(&extensions) == 0) {
CBB_discard_child(out);
}
@@ -2809,7 +2809,7 @@
SSL *const ssl = hs->ssl;
int alert = SSL_AD_DECODE_ERROR;
if (ssl_scan_clienthello_tlsext(hs, client_hello, &alert) <= 0) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
return 0;
}
@@ -2825,7 +2825,7 @@
int *out_alert) {
SSL *const ssl = hs->ssl;
// Before TLS 1.3, ServerHello extensions blocks may be omitted if empty.
- if (CBS_len(cbs) == 0 && ssl3_protocol_version(ssl) < TLS1_3_VERSION) {
+ if (CBS_len(cbs) == 0 && ssl_protocol_version(ssl) < TLS1_3_VERSION) {
return 1;
}
@@ -2917,7 +2917,7 @@
switch (ret) {
case SSL_TLSEXT_ERR_ALERT_FATAL:
- ssl3_send_alert(ssl, SSL3_AL_FATAL, al);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, al);
return -1;
case SSL_TLSEXT_ERR_NOACK:
@@ -2933,7 +2933,7 @@
SSL *const ssl = hs->ssl;
int alert = SSL_AD_DECODE_ERROR;
if (ssl_scan_serverhello_tlsext(hs, cbs, &alert) <= 0) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
return 0;
}
@@ -3141,7 +3141,7 @@
int tls1_parse_peer_sigalgs(SSL_HANDSHAKE *hs, const CBS *in_sigalgs) {
// Extension ignored for inappropriate versions
- if (ssl3_protocol_version(hs->ssl) < TLS1_2_VERSION) {
+ if (ssl_protocol_version(hs->ssl) < TLS1_2_VERSION) {
return 1;
}
@@ -3167,7 +3167,7 @@
// Before TLS 1.2, the signature algorithm isn't negotiated as part of the
// handshake.
- if (ssl3_protocol_version(ssl) < TLS1_2_VERSION) {
+ if (ssl_protocol_version(ssl) < TLS1_2_VERSION) {
if (!tls1_get_legacy_signature_algorithm(out, hs->local_pubkey.get())) {
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_COMMON_SIGNATURE_ALGORITHMS);
return 0;
@@ -3181,7 +3181,7 @@
}
Span<const uint16_t> peer_sigalgs = hs->peer_sigalgs;
- if (peer_sigalgs.empty() && ssl3_protocol_version(ssl) < TLS1_3_VERSION) {
+ if (peer_sigalgs.empty() && ssl_protocol_version(ssl) < TLS1_3_VERSION) {
// If the client didn't specify any signature_algorithms extension then
// we can assume that it supports SHA1. See
// http://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
@@ -3222,7 +3222,7 @@
extension_type != TLSEXT_TYPE_channel_id ||
CBS_len(&extension) != TLSEXT_CHANNEL_ID_SIZE) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return 0;
}
@@ -3268,7 +3268,7 @@
#endif
if (!sig_ok) {
OPENSSL_PUT_ERROR(SSL, SSL_R_CHANNEL_ID_SIGNATURE_INVALID);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
ssl->s3->tlsext_channel_id_valid = false;
return 0;
}
@@ -3329,7 +3329,7 @@
int tls1_channel_id_hash(SSL_HANDSHAKE *hs, uint8_t *out, size_t *out_len) {
SSL *const ssl = hs->ssl;
- if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
uint8_t *msg;
size_t msg_len;
if (!tls13_get_cert_verify_signature_input(hs, &msg, &msg_len,
diff --git a/ssl/tls13_both.cc b/ssl/tls13_both.cc
index e0fefe3..1e7bdf1 100644
--- a/ssl/tls13_both.cc
+++ b/ssl/tls13_both.cc
@@ -98,14 +98,14 @@
CBS_len(&context) != 0 ||
!CBS_get_u24_length_prefixed(&body, &certificate_list) ||
CBS_len(&body) != 0) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
return 0;
}
UniquePtr<STACK_OF(CRYPTO_BUFFER)> certs(sk_CRYPTO_BUFFER_new_null());
if (!certs) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
@@ -118,7 +118,7 @@
if (!CBS_get_u24_length_prefixed(&certificate_list, &certificate) ||
!CBS_get_u16_length_prefixed(&certificate_list, &extensions) ||
CBS_len(&certificate) == 0) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
OPENSSL_PUT_ERROR(SSL, SSL_R_CERT_LENGTH_MISMATCH);
return 0;
}
@@ -126,14 +126,14 @@
if (sk_CRYPTO_BUFFER_num(certs.get()) == 0) {
pkey = ssl_cert_parse_pubkey(&certificate);
if (!pkey) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
return 0;
}
// TLS 1.3 always uses certificate keys for signing thus the correct
// keyUsage is enforced.
if (!ssl_cert_check_digital_signature_key_usage(&certificate)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
return 0;
}
@@ -148,7 +148,7 @@
CRYPTO_BUFFER_new_from_CBS(&certificate, ssl->ctx->pool));
if (!buf ||
!PushToStack(certs.get(), std::move(buf))) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
@@ -165,7 +165,7 @@
if (!ssl_parse_extensions(&extensions, &alert, ext_types,
OPENSSL_ARRAY_SIZE(ext_types),
0 /* reject unknown */)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
return 0;
}
@@ -174,7 +174,7 @@
if (have_status_request) {
if (ssl->server || !ssl->ocsp_stapling_enabled) {
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION);
return 0;
}
@@ -185,7 +185,7 @@
!CBS_get_u24_length_prefixed(&status_request, &ocsp_response) ||
CBS_len(&ocsp_response) == 0 ||
CBS_len(&status_request) != 0) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return 0;
}
@@ -194,7 +194,7 @@
hs->new_session->ocsp_response =
CRYPTO_BUFFER_new_from_CBS(&ocsp_response, ssl->ctx->pool);
if (hs->new_session->ocsp_response == nullptr) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return 0;
}
}
@@ -203,13 +203,13 @@
if (have_sct) {
if (ssl->server || !ssl->signed_cert_timestamps_enabled) {
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION);
return 0;
}
if (!ssl_is_sct_list_valid(&sct)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_PARSING_EXTENSION);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return 0;
}
@@ -218,7 +218,7 @@
hs->new_session->signed_cert_timestamp_list =
CRYPTO_BUFFER_new_from_CBS(&sct, ssl->ctx->pool);
if (hs->new_session->signed_cert_timestamp_list == nullptr) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return 0;
}
}
@@ -238,14 +238,14 @@
if (!ssl->ctx->x509_method->session_cache_objects(hs->new_session.get())) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return 0;
}
if (sk_CRYPTO_BUFFER_num(hs->new_session->certs) == 0) {
if (!allow_anonymous) {
OPENSSL_PUT_ERROR(SSL, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_CERTIFICATE_REQUIRED);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_CERTIFICATE_REQUIRED);
return 0;
}
@@ -274,13 +274,13 @@
!CBS_get_u16_length_prefixed(&body, &signature) ||
CBS_len(&body) != 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return 0;
}
uint8_t alert = SSL_AD_DECODE_ERROR;
if (!tls12_check_peer_sigalg(ssl, &alert, signature_algorithm)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
return 0;
}
hs->new_session->peer_signature_algorithm = signature_algorithm;
@@ -290,7 +290,7 @@
if (!tls13_get_cert_verify_signature_input(
hs, &input, &input_len,
ssl->server ? ssl_cert_verify_client : ssl_cert_verify_server)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return 0;
}
UniquePtr<uint8_t> free_input(input);
@@ -304,7 +304,7 @@
#endif
if (!sig_ok) {
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SIGNATURE);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
return 0;
}
@@ -334,7 +334,7 @@
finished_ok = 1;
#endif
if (!finished_ok) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
OPENSSL_PUT_ERROR(SSL, SSL_R_DIGEST_CHECK_FAILED);
return 0;
}
@@ -437,7 +437,7 @@
size_t sig_len;
if (!CBB_add_u16_length_prefixed(&body, &child) ||
!CBB_reserve(&child, &sig, max_sig_len)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return ssl_private_key_failure;
}
@@ -446,7 +446,7 @@
if (!tls13_get_cert_verify_signature_input(
hs, &msg, &msg_len,
ssl->server ? ssl_cert_verify_server : ssl_cert_verify_client)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return ssl_private_key_failure;
}
UniquePtr<uint8_t> free_msg(msg);
@@ -471,7 +471,7 @@
uint8_t verify_data[EVP_MAX_MD_SIZE];
if (!tls13_finished_mac(hs, verify_data, &verify_data_len, ssl->server)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
OPENSSL_PUT_ERROR(SSL, SSL_R_DIGEST_CHECK_FAILED);
return 0;
}
@@ -495,7 +495,7 @@
(key_update_request != SSL_KEY_UPDATE_NOT_REQUESTED &&
key_update_request != SSL_KEY_UPDATE_REQUESTED)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return 0;
}
@@ -531,7 +531,7 @@
ssl->s3->key_update_count++;
if (ssl->s3->key_update_count > kMaxKeyUpdates) {
OPENSSL_PUT_ERROR(SSL, SSL_R_TOO_MANY_KEY_UPDATES);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
return 0;
}
@@ -544,7 +544,7 @@
return tls13_process_new_session_ticket(ssl, msg);
}
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
return 0;
}
diff --git a/ssl/tls13_client.cc b/ssl/tls13_client.cc
index b02ee14..e75d976 100644
--- a/ssl/tls13_client.cc
+++ b/ssl/tls13_client.cc
@@ -70,7 +70,7 @@
CBS_len(&extensions) == 0 ||
CBS_len(&body) != 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return ssl_hs_error;
}
@@ -85,7 +85,7 @@
if (!ssl_parse_extensions(&extensions, &alert, ext_types,
OPENSSL_ARRAY_SIZE(ext_types),
0 /* reject unknown */)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
return ssl_hs_error;
}
@@ -95,7 +95,7 @@
CBS_len(&cookie_value) == 0 ||
CBS_len(&cookie) != 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return ssl_hs_error;
}
@@ -108,13 +108,13 @@
uint16_t group_id;
if (!CBS_get_u16(&key_share, &group_id) || CBS_len(&key_share) != 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return ssl_hs_error;
}
// The group must be supported.
if (!tls1_check_group_id(ssl, group_id)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CURVE);
return ssl_hs_error;
}
@@ -122,7 +122,7 @@
// Check that the HelloRetryRequest does not request the key share that
// was provided in the initial ClientHello.
if (hs->key_share->GroupID() == group_id) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CURVE);
return ssl_hs_error;
}
@@ -188,7 +188,7 @@
(!CBS_get_u8(&body, &compression_method) || compression_method != 0)) ||
!CBS_get_u16_length_prefixed(&body, &extensions) ||
CBS_len(&body) != 0) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
return ssl_hs_error;
}
@@ -197,7 +197,7 @@
? TLS1_2_VERSION
: ssl->version;
if (server_version != expected_version) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_VERSION_NUMBER);
return ssl_hs_error;
}
@@ -209,15 +209,15 @@
const SSL_CIPHER *cipher = SSL_get_cipher_by_value(cipher_suite);
if (cipher == NULL) {
OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CIPHER_RETURNED);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
return ssl_hs_error;
}
// Check if the cipher is a TLS 1.3 cipher.
- if (SSL_CIPHER_get_min_version(cipher) > ssl3_protocol_version(ssl) ||
- SSL_CIPHER_get_max_version(cipher) < ssl3_protocol_version(ssl)) {
+ if (SSL_CIPHER_get_min_version(cipher) > ssl_protocol_version(ssl) ||
+ SSL_CIPHER_get_max_version(cipher) < ssl_protocol_version(ssl)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CIPHER_RETURNED);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
return ssl_hs_error;
}
@@ -236,7 +236,7 @@
if (!ssl_parse_extensions(&extensions, &alert, ext_types,
OPENSSL_ARRAY_SIZE(ext_types),
0 /* reject unknown */)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
return ssl_hs_error;
}
@@ -244,7 +244,7 @@
// TLS 1.3 version.
if (have_supported_versions && !ssl_is_resumption_experiment(ssl->version)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION);
return ssl_hs_error;
}
@@ -252,25 +252,25 @@
if (have_pre_shared_key) {
if (ssl->session == NULL) {
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION);
return ssl_hs_error;
}
if (!ssl_ext_pre_shared_key_parse_serverhello(hs, &alert,
&pre_shared_key)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
return ssl_hs_error;
}
if (ssl->session->ssl_version != ssl->version) {
OPENSSL_PUT_ERROR(SSL, SSL_R_OLD_SESSION_VERSION_NOT_RETURNED);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
return ssl_hs_error;
}
if (ssl->session->cipher->algorithm_prf != cipher->algorithm_prf) {
OPENSSL_PUT_ERROR(SSL, SSL_R_OLD_SESSION_PRF_HASH_MISMATCH);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
return ssl_hs_error;
}
@@ -278,7 +278,7 @@
// This is actually a client application bug.
OPENSSL_PUT_ERROR(SSL,
SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
return ssl_hs_error;
}
@@ -286,7 +286,7 @@
// Only authentication information carries over in TLS 1.3.
hs->new_session = SSL_SESSION_dup(ssl->session, SSL_SESSION_DUP_AUTH_ONLY);
if (!hs->new_session) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return ssl_hs_error;
}
ssl_set_session(ssl, NULL);
@@ -295,7 +295,7 @@
ssl_session_renew_timeout(ssl, hs->new_session.get(),
ssl->session_ctx->session_psk_dhe_timeout);
} else if (!ssl_get_new_session(hs, 0)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return ssl_hs_error;
}
@@ -320,7 +320,7 @@
if (!have_key_share) {
// We do not support psk_ke and thus always require a key share.
OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_KEY_SHARE);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_MISSING_EXTENSION);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_MISSING_EXTENSION);
return ssl_hs_error;
}
@@ -329,7 +329,7 @@
alert = SSL_AD_DECODE_ERROR;
if (!ssl_ext_key_share_parse_serverhello(hs, &dhe_secret, &alert,
&key_share)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
return ssl_hs_error;
}
@@ -385,7 +385,7 @@
}
if (CBS_len(&body) != 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return ssl_hs_error;
}
@@ -394,7 +394,7 @@
hs->new_session->early_alpn = (uint8_t *)BUF_memdup(
ssl->s3->alpn_selected, ssl->s3->alpn_selected_len);
if (hs->new_session->early_alpn == NULL) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return ssl_hs_error;
}
hs->new_session->early_alpn_len = ssl->s3->alpn_selected_len;
@@ -452,7 +452,7 @@
!CBS_get_u16_length_prefixed(&body, &supported_signature_algorithms) ||
CBS_len(&supported_signature_algorithms) == 0 ||
!tls1_parse_peer_sigalgs(hs, &supported_signature_algorithms)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
return ssl_hs_error;
}
@@ -461,7 +461,7 @@
UniquePtr<STACK_OF(CRYPTO_BUFFER)> ca_names =
ssl_parse_client_CA_list(ssl, &alert, &body);
if (!ca_names) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
return ssl_hs_error;
}
@@ -469,7 +469,7 @@
CBS extensions;
if (!CBS_get_u16_length_prefixed(&body, &extensions) ||
CBS_len(&body) != 0) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
return ssl_hs_error;
}
@@ -589,7 +589,7 @@
if (ssl->cert->cert_cb != NULL) {
int rv = ssl->cert->cert_cb(ssl, ssl->cert->cert_cb_arg);
if (rv == 0) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
OPENSSL_PUT_ERROR(SSL, SSL_R_CERT_CB_ERROR);
return ssl_hs_error;
}
@@ -790,7 +790,7 @@
!CBS_stow(&ticket, &session->tlsext_tick, &session->tlsext_ticklen) ||
!CBS_get_u16_length_prefixed(&body, &extensions) ||
CBS_len(&body) != 0) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
return 0;
}
@@ -813,14 +813,14 @@
if (!ssl_parse_extensions(&extensions, &alert, ext_types,
OPENSSL_ARRAY_SIZE(ext_types),
1 /* ignore unknown */)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
return 0;
}
if (have_early_data_info && ssl->cert->enable_early_data) {
if (!CBS_get_u32(&early_data_info, &session->ticket_max_early_data) ||
CBS_len(&early_data_info) != 0) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
return 0;
}
diff --git a/ssl/tls13_enc.cc b/ssl/tls13_enc.cc
index 0a36aab..e4f14c3 100644
--- a/ssl/tls13_enc.cc
+++ b/ssl/tls13_enc.cc
@@ -47,7 +47,7 @@
}
int tls13_init_key_schedule(SSL_HANDSHAKE *hs) {
- if (!init_key_schedule(hs, ssl3_protocol_version(hs->ssl), hs->new_cipher)) {
+ if (!init_key_schedule(hs, ssl_protocol_version(hs->ssl), hs->new_cipher)) {
return 0;
}
diff --git a/ssl/tls13_server.cc b/ssl/tls13_server.cc
index f89e766..c48c5b4 100644
--- a/ssl/tls13_server.cc
+++ b/ssl/tls13_server.cc
@@ -69,7 +69,7 @@
if (!ssl_client_hello_get_extension(client_hello, &key_share,
TLSEXT_TYPE_key_share)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_KEY_SHARE);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_MISSING_EXTENSION);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_MISSING_EXTENSION);
return 0;
}
@@ -78,7 +78,7 @@
uint8_t alert = SSL_AD_DECODE_ERROR;
if (!ssl_ext_key_share_parse_clienthello(hs, &found_key_share, &dhe_secret,
&alert, &key_share)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
return 0;
}
@@ -114,7 +114,7 @@
client_hello->cipher_suites_len);
const int aes_is_fine = EVP_has_aes_hardware();
- const uint16_t version = ssl3_protocol_version(ssl);
+ const uint16_t version = ssl_protocol_version(ssl);
const SSL_CIPHER *best = NULL;
while (CBS_len(&cipher_suites) > 0) {
@@ -218,7 +218,7 @@
SSL_CLIENT_HELLO client_hello;
if (!ssl_client_hello_init(ssl, &client_hello, msg)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_CLIENTHELLO_PARSE_FAILED);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return ssl_hs_error;
}
@@ -230,7 +230,7 @@
hs->new_cipher = choose_tls13_cipher(ssl, &client_hello);
if (hs->new_cipher == NULL) {
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_SHARED_CIPHER);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
return ssl_hs_error;
}
@@ -238,7 +238,7 @@
// deferred. Complete it now.
uint8_t alert = SSL_AD_DECODE_ERROR;
if (!ssl_negotiate_alpn(hs, &alert, &client_hello)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
return ssl_hs_error;
}
@@ -349,7 +349,7 @@
SSL_CLIENT_HELLO client_hello;
if (!ssl_client_hello_init(ssl, &client_hello, msg)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_CLIENTHELLO_PARSE_FAILED);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return ssl_hs_error;
}
@@ -360,7 +360,7 @@
case ssl_ticket_aead_ignore_ticket:
assert(!session);
if (!ssl_get_new_session(hs, 1 /* server */)) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return ssl_hs_error;
}
break;
@@ -388,7 +388,7 @@
}
if (hs->new_session == NULL) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return ssl_hs_error;
}
@@ -400,7 +400,7 @@
break;
case ssl_ticket_aead_error:
- ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
return ssl_hs_error;
case ssl_ticket_aead_retry:
@@ -416,7 +416,7 @@
hs->new_session->early_alpn = (uint8_t *)BUF_memdup(
ssl->s3->alpn_selected, ssl->s3->alpn_selected_len);
if (hs->new_session->early_alpn == NULL) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return ssl_hs_error;
}
hs->new_session->early_alpn_len = ssl->s3->alpn_selected_len;
@@ -426,7 +426,7 @@
ssl->ctx->dos_protection_cb(&client_hello) == 0) {
// Connection rejected for DOS reasons.
OPENSSL_PUT_ERROR(SSL, SSL_R_CONNECTION_REJECTED);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return ssl_hs_error;
}
@@ -499,7 +499,7 @@
SSL_CLIENT_HELLO client_hello;
if (!ssl_client_hello_init(ssl, &client_hello, msg)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_CLIENTHELLO_PARSE_FAILED);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return ssl_hs_error;
}
@@ -507,7 +507,7 @@
if (!resolve_ecdhe_secret(hs, &need_retry, &client_hello)) {
if (need_retry) {
// Only send one HelloRetryRequest.
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CURVE);
}
return ssl_hs_error;
diff --git a/ssl/tls_method.cc b/ssl/tls_method.cc
index 286bf03..77f9d23 100644
--- a/ssl/tls_method.cc
+++ b/ssl/tls_method.cc
@@ -89,7 +89,7 @@
if (ssl->s3->rrec.length != 0) {
// There may not be unprocessed record data at a cipher change.
OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFERED_MESSAGES_ON_CIPHER_CHANGE);
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
return 0;
}
diff --git a/ssl/tls_record.cc b/ssl/tls_record.cc
index 83453ee..ba38bc9 100644
--- a/ssl/tls_record.cc
+++ b/ssl/tls_record.cc
@@ -541,7 +541,7 @@
// Warning alerts do not exist in TLS 1.3.
if (ssl->s3->have_version &&
- ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
+ ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
*out_alert = SSL_AD_DECODE_ERROR;
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_ALERT);
return ssl_open_record_error;
@@ -579,7 +579,7 @@
// and below.
if (SSL_in_init(ssl) ||
SSL_is_dtls(ssl) ||
- ssl3_protocol_version(ssl) > TLS1_2_VERSION) {
+ ssl_protocol_version(ssl) > TLS1_2_VERSION) {
assert(false);
*out_alert = SSL_AD_INTERNAL_ERROR;
return OpenRecordResult::kError;
@@ -635,7 +635,7 @@
// and below.
if (SSL_in_init(ssl) ||
SSL_is_dtls(ssl) ||
- ssl3_protocol_version(ssl) > TLS1_2_VERSION) {
+ ssl_protocol_version(ssl) > TLS1_2_VERSION) {
assert(false);
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
return false;