Remove support for processing fragmented alerts

Prior to this change, BoringSSL maintained a 2-byte buffer for alerts,
and would support reassembly of fragmented alerts.

NSS does not support fragmented alerts, nor would any reasonable
implementation produce them. Remove fragmented alert handling and
produce an error if a fragmented alert has ever been encountered.

Change-Id: I31530ac372e8a90b47cf89404630c1c207cfb048
Reviewed-on: https://boringssl-review.googlesource.com/2125
Reviewed-by: Adam Langley <agl@google.com>

2 files changed, 2 insertions, 3 deletions

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index ab6e7f4..af3d55f 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2794,6 +2794,7 @@ OPENSSL_EXPORT void ERR_load_SSL_strings(void);
 #define SSL_R_HANDSHAKE_RECORD_BEFORE_CCS 441
 #define SSL_R_SESSION_MAY_NOT_BE_CREATED 442
 #define SSL_R_INVALID_SSL_SESSION 443
+#define SSL_R_BAD_ALERT 444
 #define SSL_R_SSLV3_ALERT_CLOSE_NOTIFY 1000
 #define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
 #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h
index 5083167..42e2154 100644
--- a/include/openssl/ssl3.h
+++ b/include/openssl/ssl3.h
@@ -372,10 +372,8 @@ typedef struct ssl3_state_st
 	SSL3_RECORD rrec;	/* each decoded record goes in here */
 	SSL3_RECORD wrec;	/* goes out from here */
 
-	/* storage for Alert/Handshake protocol data received but not
+	/* storage for Handshake protocol data received but not
 	 * yet processed by ssl3_read_bytes: */
-	unsigned char alert_fragment[2];
-	unsigned int alert_fragment_len;
 	unsigned char handshake_fragment[4];
 	unsigned int handshake_fragment_len;