Add reason codes with the correct offset for two alerts

Fixes #24300. The current values of SSL_R_NO_APPLICATION_PROTOCOL and SSL_R_PSK_IDENTITY_NOT_FOUND don't allow for a correct lookup of the corresponding reason strings. CLA: trivial Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #24351)
openssl · May 14, 2024 · a401aaf · a401aaf
1 parent d8dd1df
commit a401aaf
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 0 deletions.
diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec
@@ -76,4 +76,6 @@ R SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111
 R SSL_R_TLSV1_UNRECOGNIZED_NAME 1112
 R SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113
 R SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114
+R SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY 1115
 R SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED 1116
+R SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL 1120
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
@@ -1601,10 +1601,13 @@ SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION:1060:tlsv1 alert export restriction
 SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK:1086:tlsv1 alert inappropriate fallback
 SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY:1071:tlsv1 alert insufficient security
 SSL_R_TLSV1_ALERT_INTERNAL_ERROR:1080:tlsv1 alert internal error
+SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL:1120:\
+ tlsv1 alert no application protocol
 SSL_R_TLSV1_ALERT_NO_RENEGOTIATION:1100:tlsv1 alert no renegotiation
 SSL_R_TLSV1_ALERT_PROTOCOL_VERSION:1070:tlsv1 alert protocol version
 SSL_R_TLSV1_ALERT_RECORD_OVERFLOW:1022:tlsv1 alert record overflow
 SSL_R_TLSV1_ALERT_UNKNOWN_CA:1048:tlsv1 alert unknown ca
+SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY:1115:tlsv1 alert unknown psk identity
 SSL_R_TLSV1_ALERT_USER_CANCELLED:1090:tlsv1 alert user cancelled
 SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE:1114:tlsv1 bad certificate hash value
 SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE:1113:\

diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
@@ -309,10 +309,12 @@
 # define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086
 # define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071
 # define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080
+# define SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL 1120
 # define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100
 # define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070
 # define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
 # define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
+# define SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY 1115
 # define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090
 # define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114
 # define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113

diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
@@ -500,6 +500,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
  "tlsv1 alert insufficient security"},
  {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_INTERNAL_ERROR),
  "tlsv1 alert internal error"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL),
+ "tlsv1 alert no application protocol"},
  {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),
  "tlsv1 alert no renegotiation"},
  {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),
@@ -508,6 +510,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
  "tlsv1 alert record overflow"},
  {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_UNKNOWN_CA),
  "tlsv1 alert unknown ca"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY),
+ "tlsv1 alert unknown psk identity"},
  {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_USER_CANCELLED),
  "tlsv1 alert user cancelled"},
  {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE),