diff options
| author | tb <> | 2024-10-09 08:00:29 +0000 |
|---|---|---|
| committer | tb <> | 2024-10-09 08:00:29 +0000 |
| commit | d5c2fbdd1baf24c551438cdb0ba8191eb07349ac (patch) | |
| tree | 384f8a9d7fdac7ecb0c5f588091a7bd40833c55f /src | |
| parent | 783ed0d8a88accb3c12a042a1139528aa7d568ce (diff) | |
| download | openbsd-d5c2fbdd1baf24c551438cdb0ba8191eb07349ac.tar.gz openbsd-d5c2fbdd1baf24c551438cdb0ba8191eb07349ac.tar.bz2 openbsd-d5c2fbdd1baf24c551438cdb0ba8191eb07349ac.zip | |
Add missing alert errors and error strings
For every TLS alert there needs a corresponding error with error code
having an offset of SSL_AD_REASON_OFFSET (aka 1000), otherwise the error
stack fails to set the reason correctly.
ok beck
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/ssl.h | 6 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_err.c | 6 |
2 files changed, 10 insertions, 2 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index 789a52b169..41d34d9d5e 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl.h,v 1.242 2024/08/31 10:51:48 tb Exp $ */ | 1 | /* $OpenBSD: ssl.h,v 1.243 2024/10/09 08:00:29 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -2239,7 +2239,10 @@ void ERR_load_SSL_strings(void); | |||
| 2239 | #define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 | 2239 | #define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 |
| 2240 | #define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231 | 2240 | #define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231 |
| 2241 | #define SSL_R_SSL_SESSION_ID_TOO_LONG 408 | 2241 | #define SSL_R_SSL_SESSION_ID_TOO_LONG 408 |
| 2242 | #define SSL_R_TLSV13_ALERT_MISSING_EXTENSION 1109 | ||
| 2243 | #define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED 1116 | ||
| 2242 | #define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 | 2244 | #define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 |
| 2245 | #define SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL 1120 | ||
| 2243 | #define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 | 2246 | #define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 |
| 2244 | #define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 | 2247 | #define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 |
| 2245 | #define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 | 2248 | #define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 |
| @@ -2251,6 +2254,7 @@ void ERR_load_SSL_strings(void); | |||
| 2251 | #define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 | 2254 | #define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 |
| 2252 | #define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 | 2255 | #define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 |
| 2253 | #define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 | 2256 | #define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 |
| 2257 | #define SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY 1115 | ||
| 2254 | #define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 | 2258 | #define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 |
| 2255 | #define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 | 2259 | #define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 |
| 2256 | #define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 | 2260 | #define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 |
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c index e0fb1a2bf4..eac2d9e61f 100644 --- a/src/lib/libssl/ssl_err.c +++ b/src/lib/libssl/ssl_err.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_err.c,v 1.52 2024/09/09 07:40:03 tb Exp $ */ | 1 | /* $OpenBSD: ssl_err.c,v 1.53 2024/10/09 08:00:29 tb Exp $ */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| @@ -392,6 +392,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { | |||
| 392 | {ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH), "ssl session id has bad length"}, | 392 | {ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH), "ssl session id has bad length"}, |
| 393 | {ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT), "ssl session id is different"}, | 393 | {ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT), "ssl session id is different"}, |
| 394 | {ERR_REASON(SSL_R_SSL_SESSION_ID_TOO_LONG), "ssl session id is too long"}, | 394 | {ERR_REASON(SSL_R_SSL_SESSION_ID_TOO_LONG), "ssl session id is too long"}, |
| 395 | {ERR_REASON(SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED), "tlsv13 alert certificate required"}, | ||
| 396 | {ERR_REASON(SSL_R_TLSV13_ALERT_MISSING_EXTENSION), "tlsv13 alert missing extension"}, | ||
| 395 | {ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED), "tlsv1 alert access denied"}, | 397 | {ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED), "tlsv1 alert access denied"}, |
| 396 | {ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR), "tlsv1 alert decode error"}, | 398 | {ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR), "tlsv1 alert decode error"}, |
| 397 | {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED), "tlsv1 alert decryption failed"}, | 399 | {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED), "tlsv1 alert decryption failed"}, |
| @@ -400,10 +402,12 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { | |||
| 400 | {ERR_REASON(SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK), "tlsv1 alert inappropriate fallback"}, | 402 | {ERR_REASON(SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK), "tlsv1 alert inappropriate fallback"}, |
| 401 | {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY), "tlsv1 alert insufficient security"}, | 403 | {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY), "tlsv1 alert insufficient security"}, |
| 402 | {ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR), "tlsv1 alert internal error"}, | 404 | {ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR), "tlsv1 alert internal error"}, |
| 405 | {ERR_REASON(SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL), "tlsv1 alert no application protocol"}, | ||
| 403 | {ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION), "tlsv1 alert no renegotiation"}, | 406 | {ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION), "tlsv1 alert no renegotiation"}, |
| 404 | {ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION), "tlsv1 alert protocol version"}, | 407 | {ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION), "tlsv1 alert protocol version"}, |
| 405 | {ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW), "tlsv1 alert record overflow"}, | 408 | {ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW), "tlsv1 alert record overflow"}, |
| 406 | {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA), "tlsv1 alert unknown ca"}, | 409 | {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA), "tlsv1 alert unknown ca"}, |
| 410 | {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY), "tlsv1 alert unknown psk_identity"}, | ||
| 407 | {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED), "tlsv1 alert user cancelled"}, | 411 | {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED), "tlsv1 alert user cancelled"}, |
| 408 | {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE), "tlsv1 bad certificate hash value"}, | 412 | {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE), "tlsv1 bad certificate hash value"}, |
| 409 | {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE), "tlsv1 bad certificate status response"}, | 413 | {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE), "tlsv1 bad certificate status response"}, |