From: Andrew Dinh <andrewd@openssl.org>
Date: Wed, 10 Sep 2025 14:17:35 +0000 (+1000)
Subject: Remove unused SSLv3 specific error codes
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4574e1b3cb20e95cfad9a72d2fac3ac8ed2d2a14;p=thirdparty%2Fopenssl.git

Remove unused SSLv3 specific error codes

Also remove the SSL_TXT_SSLV3 name.

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29338)
---

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 922cecbaa5..1c160cecb5 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -1298,7 +1298,6 @@ RSA_R_RANDOMNESS_SOURCE_STRENGTH_INSUFFICIENT:180:\
 RSA_R_RSA_OPERATIONS_NOT_SUPPORTED:130:rsa operations not supported
 RSA_R_SLEN_CHECK_FAILED:136:salt length check failed
 RSA_R_SLEN_RECOVERY_FAILED:135:salt length recovery failed
-RSA_R_SSLV3_ROLLBACK_ATTACK:115:sslv3 rollback attack
 RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD:116:\
 	the asn1 object identifier is not known for this md
 RSA_R_UNKNOWN_ALGORITHM_TYPE:117:unknown algorithm type
@@ -1656,8 +1655,6 @@ SSL_R_TOO_MUCH_EARLY_DATA:164:too much early data
 SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS:314:unable to find ecdh parameters
 SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS:239:\
 	unable to find public key parameters
-SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines
-SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines
 SSL_R_UNEXPECTED_CCS_MESSAGE:262:unexpected ccs message
 SSL_R_UNEXPECTED_END_OF_EARLY_DATA:178:unexpected end of early data
 SSL_R_UNEXPECTED_EOF_WHILE_READING:294:unexpected eof while reading
diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c
index 8f20f68efe..aced712b1d 100644
--- a/crypto/rsa/rsa_err.c
+++ b/crypto/rsa/rsa_err.c
@@ -127,8 +127,6 @@ static const ERR_STRING_DATA RSA_str_reasons[] = {
         "salt length check failed" },
     { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_SLEN_RECOVERY_FAILED),
         "salt length recovery failed" },
-    { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_SSLV3_ROLLBACK_ATTACK),
-        "sslv3 rollback attack" },
     { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),
         "the asn1 object identifier is not known for this md" },
     { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNKNOWN_ALGORITHM_TYPE),
diff --git a/crypto/ssl_err.c b/crypto/ssl_err.c
index 6b88675200..c8963522a3 100644
--- a/crypto/ssl_err.c
+++ b/crypto/ssl_err.c
@@ -544,10 +544,6 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
         "unable to find ecdh parameters" },
     { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),
         "unable to find public key parameters" },
-    { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),
-        "unable to load ssl3 md5 routines" },
-    { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),
-        "unable to load ssl3 sha1 routines" },
     { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_CCS_MESSAGE),
         "unexpected ccs message" },
     { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA),
diff --git a/include/openssl/rsaerr.h b/include/openssl/rsaerr.h
index 8432f5f655..781e333132 100644
--- a/include/openssl/rsaerr.h
+++ b/include/openssl/rsaerr.h
@@ -88,7 +88,6 @@
 #define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130
 #define RSA_R_SLEN_CHECK_FAILED 136
 #define RSA_R_SLEN_RECOVERY_FAILED 135
-#define RSA_R_SSLV3_ROLLBACK_ATTACK 115
 #define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
 #define RSA_R_UNKNOWN_ALGORITHM_TYPE 117
 #define RSA_R_UNKNOWN_DIGEST 166
diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
index 6b7d8c0d16..61e7ce67ef 100644
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
@@ -163,7 +163,6 @@ extern "C" {
 #define SSL_TXT_SHA256 "SHA256"
 #define SSL_TXT_SHA384 "SHA384"
 
-#define SSL_TXT_SSLV3 "SSLv3"
 #define SSL_TXT_TLSV1 "TLSv1"
 #define SSL_TXT_TLSV1_1 "TLSv1.1"
 #define SSL_TXT_TLSV1_2 "TLSv1.2"
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
index 6993255b19..3f0568f285 100644
--- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h
@@ -330,8 +330,6 @@
 #define SSL_R_TOO_MUCH_EARLY_DATA 164
 #define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314
 #define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239
-#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242
-#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243
 #define SSL_R_UNEXPECTED_CCS_MESSAGE 262
 #define SSL_R_UNEXPECTED_END_OF_EARLY_DATA 178
 #define SSL_R_UNEXPECTED_EOF_WHILE_READING 294
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index d6f1dd16dc..5c694ca6b8 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -254,7 +254,6 @@ static const SSL_CIPHER cipher_aliases[] = {
     { 0, SSL_TXT_GOST12, NULL, 0, 0, 0, 0, SSL_GOST12_256 },
 
     /* protocol version aliases */
-    { 0, SSL_TXT_SSLV3, NULL, 0, 0, 0, 0, 0, SSL3_VERSION },
     { 0, SSL_TXT_TLSV1, NULL, 0, 0, 0, 0, 0, TLS1_VERSION },
     { 0, "TLSv1.0", NULL, 0, 0, 0, 0, 0, TLS1_VERSION },
     { 0, SSL_TXT_TLSV1_2, NULL, 0, 0, 0, 0, 0, TLS1_2_VERSION },