From: Jacob Champion Date: Mon, 6 May 2024 16:50:11 +0000 (-0700) Subject: Add reason codes with the correct offset for two alerts X-Git-Tag: openssl-3.4.0-alpha1~561 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a401aaf9ed6eb34842cdedfcc35448bdc4174df3;p=thirdparty%2Fopenssl.git Add reason codes with the correct offset for two alerts Fixes #24300. The current values of SSL_R_NO_APPLICATION_PROTOCOL and SSL_R_PSK_IDENTITY_NOT_FOUND don't allow for a correct lookup of the corresponding reason strings. CLA: trivial Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/24351) --- diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec index f1917136d8d..f3802a05b5c 100644 --- a/crypto/err/openssl.ec +++ b/crypto/err/openssl.ec @@ -76,4 +76,6 @@ R SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 R SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 R SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 R SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 +R SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY 1115 R SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED 1116 +R SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL 1120 diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 0584f687c92..c2bcf98f8bf 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -1601,10 +1601,13 @@ SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION:1060:tlsv1 alert export restriction SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK:1086:tlsv1 alert inappropriate fallback SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY:1071:tlsv1 alert insufficient security SSL_R_TLSV1_ALERT_INTERNAL_ERROR:1080:tlsv1 alert internal error +SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL:1120:\ + tlsv1 alert no application protocol SSL_R_TLSV1_ALERT_NO_RENEGOTIATION:1100:tlsv1 alert no renegotiation SSL_R_TLSV1_ALERT_PROTOCOL_VERSION:1070:tlsv1 alert protocol version SSL_R_TLSV1_ALERT_RECORD_OVERFLOW:1022:tlsv1 alert record overflow SSL_R_TLSV1_ALERT_UNKNOWN_CA:1048:tlsv1 alert unknown ca +SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY:1115:tlsv1 alert unknown psk identity SSL_R_TLSV1_ALERT_USER_CANCELLED:1090:tlsv1 alert user cancelled SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE:1114:tlsv1 bad certificate hash value SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE:1113:\ diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h index 16305674ca1..8222b25febd 100644 --- a/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h @@ -309,10 +309,12 @@ # define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 # define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 # define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 +# define SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL 1120 # define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 # define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 # define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 # define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 +# define SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY 1115 # define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 # define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 # define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index ddd0e2a36af..50d78b4769d 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -500,6 +500,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { "tlsv1 alert insufficient security"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_INTERNAL_ERROR), "tlsv1 alert internal error"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL), + "tlsv1 alert no application protocol"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_NO_RENEGOTIATION), "tlsv1 alert no renegotiation"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_PROTOCOL_VERSION), @@ -508,6 +510,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { "tlsv1 alert record overflow"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_UNKNOWN_CA), "tlsv1 alert unknown ca"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY), + "tlsv1 alert unknown psk identity"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_USER_CANCELLED), "tlsv1 alert user cancelled"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE),