From 1376708c1cfee91a891057db132aa45aa2a81a98 Mon Sep 17 00:00:00 2001
From: Benjamin Kaduk <bkaduk@akamai.com>
Date: Fri, 21 May 2021 10:25:00 -0700
Subject: [PATCH] Allow TLS13_AD_MISSING_EXTENSION for older versions

Add a pass-through switch case for TLS13_AD_MISSING_EXTENSION in
ssl3_alert_code() and tls1_alert_code(), so that the call to
SSLfatal() in final_psk() will always actually generate an alert,
even for non-TLS1.3 protocol versions.

Fixes #15375

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15412)
---
 ssl/s3_enc.c | 2 ++
 ssl/t1_enc.c | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index cf4d5fe4e7b..88ac6e4205c 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -589,6 +589,8 @@ int ssl3_alert_code(int code)
         return TLS1_AD_NO_APPLICATION_PROTOCOL;
     case SSL_AD_CERTIFICATE_REQUIRED:
         return SSL_AD_HANDSHAKE_FAILURE;
+    case TLS13_AD_MISSING_EXTENSION:
+        return SSL_AD_HANDSHAKE_FAILURE;
     default:
         return -1;
     }
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 5e9c3a0ee52..886709bf4a5 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -848,6 +848,8 @@ int tls1_alert_code(int code)
         return TLS1_AD_NO_APPLICATION_PROTOCOL;
     case SSL_AD_CERTIFICATE_REQUIRED:
         return SSL_AD_HANDSHAKE_FAILURE;
+    case TLS13_AD_MISSING_EXTENSION:
+        return SSL_AD_HANDSHAKE_FAILURE;
     default:
         return -1;
     }
-- 
2.47.2