Add reason codes with the correct offset for two alerts

Fixes #24300. The current values of SSL_R_NO_APPLICATION_PROTOCOL and
SSL_R_PSK_IDENTITY_NOT_FOUND don't allow for a correct lookup of the
corresponding reason strings.

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24351)

(cherry picked from commit a401aaf9ed6eb34842cdedfcc35448bdc4174df3)

diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec
index f1917136d8da00a16cf66760f4e23732581faa12..f3802a05b5c325fa83d3f229c3ec5375146344ea 100644 (file)
--- a/crypto/err/openssl.ec
+++ b/crypto/err/openssl.ec
@@ -76,4 +76,6 @@ R SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE          1111
 R SSL_R_TLSV1_UNRECOGNIZED_NAME                 1112
 R SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE   1113
 R SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE        1114
+R SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY        1115
 R SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED       1116
+R SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL     1120

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 1607ad835f3d40a834062873aba802b9e013c579..6882eebcd137f34613cdf368111cd56d5e93cc74 100644 (file)
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -1596,10 +1596,13 @@ SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION:1060:tlsv1 alert export restriction
 SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK:1086:tlsv1 alert inappropriate fallback
 SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY:1071:tlsv1 alert insufficient security
 SSL_R_TLSV1_ALERT_INTERNAL_ERROR:1080:tlsv1 alert internal error
+SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL:1120:\
+       tlsv1 alert no application protocol
 SSL_R_TLSV1_ALERT_NO_RENEGOTIATION:1100:tlsv1 alert no renegotiation
 SSL_R_TLSV1_ALERT_PROTOCOL_VERSION:1070:tlsv1 alert protocol version
 SSL_R_TLSV1_ALERT_RECORD_OVERFLOW:1022:tlsv1 alert record overflow
 SSL_R_TLSV1_ALERT_UNKNOWN_CA:1048:tlsv1 alert unknown ca
+SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY:1115:tlsv1 alert unknown psk identity
 SSL_R_TLSV1_ALERT_USER_CANCELLED:1090:tlsv1 alert user cancelled
 SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE:1114:tlsv1 bad certificate hash value
 SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE:1113:\

diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
index 980a6c7b2fd4fa2b470cb6598c43ef96f582a838..ec35df64e5b266897c9b9ee2262224b08390575a 100644 (file)
--- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h
@@ -308,10 +308,12 @@
 # define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK         1086
 # define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY          1071
 # define SSL_R_TLSV1_ALERT_INTERNAL_ERROR                 1080
+# define SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL        1120
 # define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION               1100
 # define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION               1070
 # define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW                1022
 # define SSL_R_TLSV1_ALERT_UNKNOWN_CA                     1048
+# define SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY           1115
 # define SSL_R_TLSV1_ALERT_USER_CANCELLED                 1090
 # define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE           1114
 # define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE      1113

diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index a1da9fde3946cd1334015d08e32690559757d17d..f5fb4107f6e5696b70aa7a397d50ae6bd5052f98 100644 (file)
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -498,6 +498,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
     "tlsv1 alert insufficient security"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_INTERNAL_ERROR),
     "tlsv1 alert internal error"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL),
+    "tlsv1 alert no application protocol"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),
     "tlsv1 alert no renegotiation"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),
@@ -506,6 +508,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
     "tlsv1 alert record overflow"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_UNKNOWN_CA),
     "tlsv1 alert unknown ca"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY),
+    "tlsv1 alert unknown psk identity"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_USER_CANCELLED),
     "tlsv1 alert user cancelled"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE),