Add a new unsolicited extension error code and add enum tag

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3418)

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 5e32845c42c72d9610e6b21901a4d932e12bd5ca..20ec1e5d4636d46a5a911efc26394f219cae3468 100644 (file)
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2829,6 +2829,7 @@ int ERR_load_SSL_strings(void);
 # define SSL_R_UNKNOWN_SSL_VERSION                        254
 # define SSL_R_UNKNOWN_STATE                              255
 # define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED       338
+# define SSL_R_UNSOLICITED_EXTENSION                      217
 # define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM          257
 # define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE                 315
 # define SSL_R_UNSUPPORTED_PROTOCOL                       258

diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 62d7d76835f1bb397397fdccc97b7655ae849a66..f7de9f61d96b986ae6a3f1b1657f813c8c516687 100644 (file)
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -843,6 +843,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
     {ERR_REASON(SSL_R_UNKNOWN_STATE), "unknown state"},
     {ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),
      "unsafe legacy renegotiation disabled"},
+    {ERR_REASON(SSL_R_UNSOLICITED_EXTENSION), "unsolicited extension"},
     {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),
      "unsupported compression algorithm"},
     {ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),

diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 9854cf0db92a4e034e137511c16076f857464a3a..fd76337564024f16f49efb615f2f6bfa8db42af7 100644 (file)
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -510,7 +510,7 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,
                 && type != TLSEXT_TYPE_renegotiate
                 && type != TLSEXT_TYPE_signed_certificate_timestamp
                 && (s->ext.extflags[idx] & SSL_EXT_FLAG_SENT) == 0) {
-            SSLerr(SSL_F_TLS_COLLECT_EXTENSIONS, SSL_R_BAD_EXTENSION);
+            SSLerr(SSL_F_TLS_COLLECT_EXTENSIONS, SSL_R_UNSOLICITED_EXTENSION);
             *al = SSL_AD_UNSUPPORTED_EXTENSION;
             goto err;
         }

diff --git a/ssl/statem/statem_locl.h b/ssl/statem/statem_locl.h
index 13fe5bfd674cbaf3d3834f1f869a7747e7cb99db..673822a7c504a505a6f3ff4c0cf45172ee9039e7 100644 (file)
--- a/ssl/statem/statem_locl.h
+++ b/ssl/statem/statem_locl.h
@@ -156,7 +156,7 @@ MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL *s, PACKET *pkt);
 
 /* Extension processing */
 
-typedef enum {
+typedef enum ext_return_en {
     EXT_RETURN_FAIL,
     EXT_RETURN_SENT,
     EXT_RETURN_NOT_SENT