return unexpected message when receiving kx with kDHr or kDHd

It was saying that it was an illegal parameter / unsupported cipher

Reviewed-by: Matt Caswell <matt@openssl.org>

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 81381efa78e9dce48f63e5e4e87ea11a118fccb0..f4b60bed4914dc74f095c39a34bc2aee2a8f75c1 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1722,11 +1722,6 @@ int ssl3_get_key_exchange(SSL *s)
 
         s->session->sess_cert->peer_dh_tmp = dh;
         dh = NULL;
-    } else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd)) {
-        al = SSL_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
-               SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
-        goto f_err;
     }
 #endif                          /* !OPENSSL_NO_DH */
 

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 3a6f9fbe176d235b420d91161839fffddc7bde28..dec3abc8596ff37429fcbd7e76cd2d26917c3cf2 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -2387,7 +2387,6 @@ void ERR_load_SSL_strings(void);
 # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST             157
 # define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
 # define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG    234
-# define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER            235
 # define SSL_R_UNABLE_TO_DECODE_DH_CERTS                  236
 # define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS                313
 # define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS               238

diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 75ca68438a9636590a808ea1428c959f653ac8f4..5792906744245c02ae81da16bcb485d1fda3d591 100644 (file)
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -665,8 +665,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
      "tls peer did not respond with certificate list"},
     {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),
      "tls rsa encrypted value length is wrong"},
-    {ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),
-     "tried to use unsupported cipher"},
     {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS), "unable to decode dh certs"},
     {ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS),
      "unable to decode ecdh certs"},