Get rid of ssl_undefined_*
The only place using it is export keying material which can do the
version check inline.
Change-Id: I1893966c130aa43fa97a6116d91bb8b04f80c6fb
Reviewed-on: https://boringssl-review.googlesource.com/4615
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/err/ssl.errordata b/crypto/err/ssl.errordata
index ee7b5a2..afeaaeb 100644
--- a/crypto/err/ssl.errordata
+++ b/crypto/err/ssl.errordata
@@ -159,9 +159,6 @@
SSL,function,246,ssl_sess_cert_new
SSL,function,247,ssl_set_cert
SSL,function,248,ssl_set_pkey
-SSL,function,249,ssl_undefined_const_function
-SSL,function,250,ssl_undefined_function
-SSL,function,251,ssl_undefined_void_function
SSL,function,252,ssl_verify_cert_chain
SSL,function,253,tls12_check_peer_sigalg
SSL,function,254,tls1_aead_ctx_init
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 12ce73f..c7279ec 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2652,9 +2652,6 @@
#define SSL_F_ssl_sess_cert_new 246
#define SSL_F_ssl_set_cert 247
#define SSL_F_ssl_set_pkey 248
-#define SSL_F_ssl_undefined_const_function 249
-#define SSL_F_ssl_undefined_function 250
-#define SSL_F_ssl_undefined_void_function 251
#define SSL_F_ssl_verify_cert_chain 252
#define SSL_F_tls12_check_peer_sigalg 253
#define SSL_F_tls1_aead_ctx_init 254
diff --git a/ssl/internal.h b/ssl/internal.h
index 4a26380..d1e667d 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -691,9 +691,6 @@
int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l);
int ssl_build_cert_chain(CERT *c, X509_STORE *chain_store, int flags);
int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref);
-int ssl_undefined_function(SSL *s);
-int ssl_undefined_void_function(void);
-int ssl_undefined_const_function(const SSL *s);
CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c);
int ssl_cert_type(EVP_PKEY *pkey);
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 0c68b48..b3562f0 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -488,8 +488,7 @@
SSL3_MD_CLIENT_FINISHED_CONST, 4,
SSL3_MD_SERVER_FINISHED_CONST, 4,
ssl3_alert_code,
- (int (*)(SSL *, uint8_t *, size_t, const char *, size_t, const uint8_t *,
- size_t, int use_context)) ssl_undefined_function,
+ tls1_export_keying_material,
0,
};
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 041e1a7..5fd70ba 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2155,24 +2155,6 @@
ssl_clear_cipher_ctx(s);
}
-int ssl_undefined_function(SSL *s) {
- OPENSSL_PUT_ERROR(SSL, ssl_undefined_function,
- ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return 0;
-}
-
-int ssl_undefined_void_function(void) {
- OPENSSL_PUT_ERROR(SSL, ssl_undefined_void_function,
- ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return 0;
-}
-
-int ssl_undefined_const_function(const SSL *s) {
- OPENSSL_PUT_ERROR(SSL, ssl_undefined_const_function,
- ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return 0;
-}
-
static const char *ssl_get_version(int version) {
switch (version) {
case TLS1_2_VERSION:
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 1d23815..3eaffe7 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -866,6 +866,12 @@
const char *label, size_t label_len,
const uint8_t *context, size_t context_len,
int use_context) {
+ if (!s->s3->have_version || s->version == SSL3_VERSION) {
+ OPENSSL_PUT_ERROR(SSL, tls1_export_keying_material,
+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+
size_t seed_len = 2 * SSL3_RANDOM_SIZE;
if (use_context) {
if (context_len >= 1u << 16) {
