diff options
| author | jsing <> | 2021-06-13 15:47:11 +0000 |
|---|---|---|
| committer | jsing <> | 2021-06-13 15:47:11 +0000 |
| commit | cca5f4b774f73afe5ba37042bdd020d0205f8f2c (patch) | |
| tree | 2476825cefcc33fed1c57a651360cf0aa187c8bd | |
| parent | cbbda7771dfc3fb2545ee7458ce5ecef7c589352 (diff) | |
| download | openbsd-cca5f4b774f73afe5ba37042bdd020d0205f8f2c.tar.gz openbsd-cca5f4b774f73afe5ba37042bdd020d0205f8f2c.tar.bz2 openbsd-cca5f4b774f73afe5ba37042bdd020d0205f8f2c.zip | |
Define SSL_AD_* as actual values.
Rather than having SSL_AD_* as defines that refer to SSL3_AD_* or
TLS1_AD_*, just give them actual values directly since it is more readable
and the indirection provides no value. Place SSL3_AD_* and TLS1_AD_* under
#ifndef LIBRESSL_INTERNAL to prevent further usage.
ok tb@
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/ssl.h | 77 | ||||
| -rw-r--r-- | src/lib/libssl/ssl3.h | 4 | ||||
| -rw-r--r-- | src/lib/libssl/tls1.h | 10 |
3 files changed, 49 insertions, 42 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index 509b353fd5..1b81c2aed3 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl.h,v 1.192 2021/06/13 15:29:54 jsing Exp $ */ | 1 | /* $OpenBSD: ssl.h,v 1.193 2021/06/13 15:47:11 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -988,43 +988,52 @@ SSL_SESSION *PEM_read_SSL_SESSION(FILE *fp, SSL_SESSION **x, | |||
| 988 | int PEM_write_bio_SSL_SESSION(BIO *bp, SSL_SESSION *x); | 988 | int PEM_write_bio_SSL_SESSION(BIO *bp, SSL_SESSION *x); |
| 989 | int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x); | 989 | int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x); |
| 990 | 990 | ||
| 991 | #define SSL_AD_REASON_OFFSET 1000 /* offset to get SSL_R_... value from SSL_AD_... */ | 991 | /* |
| 992 | * TLS Alerts. | ||
| 993 | * | ||
| 994 | * https://www.iana.org/assignments/tls-parameters/#tls-parameters-6 | ||
| 995 | */ | ||
| 992 | 996 | ||
| 997 | /* Obsolete alerts. */ | ||
| 993 | #ifndef LIBRESSL_INTERNAL | 998 | #ifndef LIBRESSL_INTERNAL |
| 994 | #define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED /* Removed in TLSv1.1 */ | 999 | #define SSL_AD_DECRYPTION_FAILED 21 /* Removed in TLSv1.1 */ |
| 995 | #define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Removed in TLSv1.0 */ | 1000 | #define SSL_AD_NO_CERTIFICATE 41 /* Removed in TLSv1.0 */ |
| 996 | #define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION /* Removed in TLSv1.1 */ | 1001 | #define SSL_AD_EXPORT_RESTRICTION 60 /* Removed in TLSv1.1 */ |
| 997 | #endif | 1002 | #endif |
| 998 | 1003 | ||
| 999 | /* These alert types are for SSLv3 and TLSv1 */ | 1004 | #define SSL_AD_CLOSE_NOTIFY 0 |
| 1000 | #define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY | 1005 | #define SSL_AD_UNEXPECTED_MESSAGE 10 |
| 1001 | #define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */ | 1006 | #define SSL_AD_BAD_RECORD_MAC 20 |
| 1002 | #define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC /* fatal */ | 1007 | #define SSL_AD_RECORD_OVERFLOW 22 |
| 1003 | #define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW | 1008 | #define SSL_AD_DECOMPRESSION_FAILURE 30 /* Removed in TLSv1.3 */ |
| 1004 | #define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE/* fatal */ | 1009 | #define SSL_AD_HANDSHAKE_FAILURE 40 |
| 1005 | #define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE/* fatal */ | 1010 | #define SSL_AD_BAD_CERTIFICATE 42 |
| 1006 | #define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE | 1011 | #define SSL_AD_UNSUPPORTED_CERTIFICATE 43 |
| 1007 | #define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE | 1012 | #define SSL_AD_CERTIFICATE_REVOKED 44 |
| 1008 | #define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED | 1013 | #define SSL_AD_CERTIFICATE_EXPIRED 45 |
| 1009 | #define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED | 1014 | #define SSL_AD_CERTIFICATE_UNKNOWN 46 |
| 1010 | #define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN | 1015 | #define SSL_AD_ILLEGAL_PARAMETER 47 |
| 1011 | #define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */ | 1016 | #define SSL_AD_UNKNOWN_CA 48 |
| 1012 | #define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */ | 1017 | #define SSL_AD_ACCESS_DENIED 49 |
| 1013 | #define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */ | 1018 | #define SSL_AD_DECODE_ERROR 50 |
| 1014 | #define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */ | 1019 | #define SSL_AD_DECRYPT_ERROR 51 |
| 1015 | #define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR | 1020 | #define SSL_AD_PROTOCOL_VERSION 70 |
| 1016 | #define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */ | 1021 | #define SSL_AD_INSUFFICIENT_SECURITY 71 |
| 1017 | #define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */ | 1022 | #define SSL_AD_INTERNAL_ERROR 80 |
| 1018 | #define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */ | 1023 | #define SSL_AD_INAPPROPRIATE_FALLBACK 86 |
| 1019 | #define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */ | 1024 | #define SSL_AD_USER_CANCELLED 90 |
| 1020 | #define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED | 1025 | #define SSL_AD_NO_RENEGOTIATION 100 /* Removed in TLSv1.3 */ |
| 1021 | #define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION | 1026 | #define SSL_AD_UNSUPPORTED_EXTENSION 110 |
| 1022 | #define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION | 1027 | #define SSL_AD_CERTIFICATE_UNOBTAINABLE 111 /* Removed in TLSv1.3 */ |
| 1023 | #define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE | 1028 | #define SSL_AD_UNRECOGNIZED_NAME 112 |
| 1024 | #define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME | 1029 | #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 |
| 1025 | #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE | 1030 | #define SSL_AD_BAD_CERTIFICATE_HASH_VALUE 114 /* Removed in TLSv1.3 */ |
| 1026 | #define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE | 1031 | #define SSL_AD_UNKNOWN_PSK_IDENTITY 115 |
| 1027 | #define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */ | 1032 | #define SSL_AD_CERTIFICATE_REQUIRED 116 |
| 1033 | #define SSL_AD_NO_APPLICATION_PROTOCOL 120 | ||
| 1034 | |||
| 1035 | /* Offset to get an SSL_R_... value from an SSL_AD_... value. */ | ||
| 1036 | #define SSL_AD_REASON_OFFSET 1000 | ||
| 1028 | 1037 | ||
| 1029 | #define SSL_ERROR_NONE 0 | 1038 | #define SSL_ERROR_NONE 0 |
| 1030 | #define SSL_ERROR_SSL 1 | 1039 | #define SSL_ERROR_SSL 1 |
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h index 631f8dee23..04c12bca9c 100644 --- a/src/lib/libssl/ssl3.h +++ b/src/lib/libssl/ssl3.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl3.h,v 1.53 2021/05/10 17:10:57 tb Exp $ */ | 1 | /* $OpenBSD: ssl3.h,v 1.54 2021/06/13 15:47:11 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -297,6 +297,7 @@ extern "C" { | |||
| 297 | #define SSL3_AL_WARNING 1 | 297 | #define SSL3_AL_WARNING 1 |
| 298 | #define SSL3_AL_FATAL 2 | 298 | #define SSL3_AL_FATAL 2 |
| 299 | 299 | ||
| 300 | #ifndef LIBRESSL_INTERNAL | ||
| 300 | #define SSL3_AD_CLOSE_NOTIFY 0 | 301 | #define SSL3_AD_CLOSE_NOTIFY 0 |
| 301 | #define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */ | 302 | #define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */ |
| 302 | #define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */ | 303 | #define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */ |
| @@ -309,6 +310,7 @@ extern "C" { | |||
| 309 | #define SSL3_AD_CERTIFICATE_EXPIRED 45 | 310 | #define SSL3_AD_CERTIFICATE_EXPIRED 45 |
| 310 | #define SSL3_AD_CERTIFICATE_UNKNOWN 46 | 311 | #define SSL3_AD_CERTIFICATE_UNKNOWN 46 |
| 311 | #define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */ | 312 | #define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */ |
| 313 | #endif | ||
| 312 | 314 | ||
| 313 | #define TLS1_HB_REQUEST 1 | 315 | #define TLS1_HB_REQUEST 1 |
| 314 | #define TLS1_HB_RESPONSE 2 | 316 | #define TLS1_HB_RESPONSE 2 |
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h index 628a6b2fca..771ed96fc9 100644 --- a/src/lib/libssl/tls1.h +++ b/src/lib/libssl/tls1.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls1.h,v 1.42 2021/03/10 18:32:38 jsing Exp $ */ | 1 | /* $OpenBSD: tls1.h,v 1.43 2021/06/13 15:47:11 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -185,12 +185,7 @@ extern "C" { | |||
| 185 | ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0) | 185 | ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0) |
| 186 | #endif | 186 | #endif |
| 187 | 187 | ||
| 188 | /* | 188 | #ifndef LIBRESSL_INTERNAL |
| 189 | * TLS Alert codes. | ||
| 190 | * | ||
| 191 | * https://www.iana.org/assignments/tls-parameters/#tls-parameters-6 | ||
| 192 | */ | ||
| 193 | |||
| 194 | #define TLS1_AD_DECRYPTION_FAILED 21 | 189 | #define TLS1_AD_DECRYPTION_FAILED 21 |
| 195 | #define TLS1_AD_RECORD_OVERFLOW 22 | 190 | #define TLS1_AD_RECORD_OVERFLOW 22 |
| 196 | #define TLS1_AD_UNKNOWN_CA 48 /* fatal */ | 191 | #define TLS1_AD_UNKNOWN_CA 48 /* fatal */ |
| @@ -213,6 +208,7 @@ extern "C" { | |||
| 213 | #define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 | 208 | #define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 |
| 214 | /* Code 115 from RFC 4279. */ | 209 | /* Code 115 from RFC 4279. */ |
| 215 | #define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */ | 210 | #define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */ |
| 211 | #endif | ||
| 216 | 212 | ||
| 217 | /* | 213 | /* |
| 218 | * TLS ExtensionType values. | 214 | * TLS ExtensionType values. |