Define SSL_AD_* as actual values.

Rather than having SSL_AD_* as defines that refer to SSL3_AD_* or TLS1_AD_*, just give them actual values directly since it is more readable and the indirection provides no value. Place SSL3_AD_* and TLS1_AD_* under #ifndef LIBRESSL_INTERNAL to prevent further usage. ok tb@
author: jsing <> 2021-06-13 15:47:11 +0000
committer: jsing <> 2021-06-13 15:47:11 +0000
commit: 585c11d2b544684d641066bf05e3fc3734d50309 (patch)
tree: 2476825cefcc33fed1c57a651360cf0aa187c8bd /src/lib/libssl/ssl.h
parent: 83aea7ddd63a4f3e06d9e54201546df2afd0807b (diff)
download: openbsd-585c11d2b544684d641066bf05e3fc3734d50309.tar.gz
openbsd-585c11d2b544684d641066bf05e3fc3734d50309.tar.bz2
openbsd-585c11d2b544684d641066bf05e3fc3734d50309.zip
1 files changed, 43 insertions, 34 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 509b353fd5..1b81c2aed3 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.192 2021/06/13 15:29:54 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.193 2021/06/13 15:47:11 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -988,43 +988,52 @@ SSL_SESSION *PEM_read_SSL_SESSION(FILE *fp, SSL_SESSION **x,
 int PEM_write_bio_SSL_SESSION(BIO *bp, SSL_SESSION *x);
 int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x);
-#define SSL_AD_REASON_OFFSET            1000 /* offset to get SSL_R_... value from SSL_AD_... */
+/*
+ * TLS Alerts.
+ *
+ * https://www.iana.org/assignments/tls-parameters/#tls-parameters-6
+ */
+/* Obsolete alerts. */
 #ifndef LIBRESSL_INTERNAL
-#define SSL_AD_DECRYPTION_FAILED        TLS1_AD_DECRYPTION_FAILED       /* Removed in TLSv1.1 */
+#define SSL_AD_DECRYPTION_FAILED                21      /* Removed in TLSv1.1 */
-#define SSL_AD_NO_CERTIFICATE           SSL3_AD_NO_CERTIFICATE          /* Removed in TLSv1.0 */
+#define SSL_AD_NO_CERTIFICATE                   41      /* Removed in TLSv1.0 */
-#define SSL_AD_EXPORT_RESTRICTION       TLS1_AD_EXPORT_RESTRICTION      /* Removed in TLSv1.1 */
+#define SSL_AD_EXPORT_RESTRICTION               60      /* Removed in TLSv1.1 */
 #endif
-/* These alert types are for SSLv3 and TLSv1 */
+#define SSL_AD_CLOSE_NOTIFY                     0
-#define SSL_AD_CLOSE_NOTIFY             SSL3_AD_CLOSE_NOTIFY
+#define SSL_AD_UNEXPECTED_MESSAGE               10
-#define SSL_AD_UNEXPECTED_MESSAGE       SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
+#define SSL_AD_BAD_RECORD_MAC                   20
-#define SSL_AD_BAD_RECORD_MAC           SSL3_AD_BAD_RECORD_MAC     /* fatal */
+#define SSL_AD_RECORD_OVERFLOW                  22
-#define SSL_AD_RECORD_OVERFLOW          TLS1_AD_RECORD_OVERFLOW
+#define SSL_AD_DECOMPRESSION_FAILURE            30      /* Removed in TLSv1.3 */
-#define SSL_AD_DECOMPRESSION_FAILURE    SSL3_AD_DECOMPRESSION_FAILURE/* fatal */
+#define SSL_AD_HANDSHAKE_FAILURE                40
-#define SSL_AD_HANDSHAKE_FAILURE        SSL3_AD_HANDSHAKE_FAILURE/* fatal */
+#define SSL_AD_BAD_CERTIFICATE                  42
-#define SSL_AD_BAD_CERTIFICATE          SSL3_AD_BAD_CERTIFICATE
+#define SSL_AD_UNSUPPORTED_CERTIFICATE          43
-#define SSL_AD_UNSUPPORTED_CERTIFICATE  SSL3_AD_UNSUPPORTED_CERTIFICATE
+#define SSL_AD_CERTIFICATE_REVOKED              44
-#define SSL_AD_CERTIFICATE_REVOKED      SSL3_AD_CERTIFICATE_REVOKED
+#define SSL_AD_CERTIFICATE_EXPIRED              45
-#define SSL_AD_CERTIFICATE_EXPIRED      SSL3_AD_CERTIFICATE_EXPIRED
+#define SSL_AD_CERTIFICATE_UNKNOWN              46
-#define SSL_AD_CERTIFICATE_UNKNOWN      SSL3_AD_CERTIFICATE_UNKNOWN
+#define SSL_AD_ILLEGAL_PARAMETER                47
-#define SSL_AD_ILLEGAL_PARAMETER        SSL3_AD_ILLEGAL_PARAMETER   /* fatal */
+#define SSL_AD_UNKNOWN_CA                       48
-#define SSL_AD_UNKNOWN_CA               TLS1_AD_UNKNOWN_CA      /* fatal */
+#define SSL_AD_ACCESS_DENIED                    49
-#define SSL_AD_ACCESS_DENIED            TLS1_AD_ACCESS_DENIED   /* fatal */
+#define SSL_AD_DECODE_ERROR                     50
-#define SSL_AD_DECODE_ERROR             TLS1_AD_DECODE_ERROR    /* fatal */
+#define SSL_AD_DECRYPT_ERROR                    51
-#define SSL_AD_DECRYPT_ERROR            TLS1_AD_DECRYPT_ERROR
+#define SSL_AD_PROTOCOL_VERSION                 70
-#define SSL_AD_PROTOCOL_VERSION         TLS1_AD_PROTOCOL_VERSION /* fatal */
+#define SSL_AD_INSUFFICIENT_SECURITY            71
-#define SSL_AD_INSUFFICIENT_SECURITY    TLS1_AD_INSUFFICIENT_SECURITY/* fatal */
+#define SSL_AD_INTERNAL_ERROR                   80
-#define SSL_AD_INTERNAL_ERROR           TLS1_AD_INTERNAL_ERROR  /* fatal */
+#define SSL_AD_INAPPROPRIATE_FALLBACK           86
-#define SSL_AD_INAPPROPRIATE_FALLBACK   TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */
+#define SSL_AD_USER_CANCELLED                   90
-#define SSL_AD_USER_CANCELLED           TLS1_AD_USER_CANCELLED
+#define SSL_AD_NO_RENEGOTIATION                 100     /* Removed in TLSv1.3 */
-#define SSL_AD_NO_RENEGOTIATION         TLS1_AD_NO_RENEGOTIATION
+#define SSL_AD_UNSUPPORTED_EXTENSION            110
-#define SSL_AD_UNSUPPORTED_EXTENSION    TLS1_AD_UNSUPPORTED_EXTENSION
+#define SSL_AD_CERTIFICATE_UNOBTAINABLE         111     /* Removed in TLSv1.3 */
-#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
+#define SSL_AD_UNRECOGNIZED_NAME                112
-#define SSL_AD_UNRECOGNIZED_NAME        TLS1_AD_UNRECOGNIZED_NAME
+#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE  113
-#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
+#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE       114     /* Removed in TLSv1.3 */
-#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
+#define SSL_AD_UNKNOWN_PSK_IDENTITY             115
-#define SSL_AD_UNKNOWN_PSK_IDENTITY     TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */
+#define SSL_AD_CERTIFICATE_REQUIRED             116
+#define SSL_AD_NO_APPLICATION_PROTOCOL          120
+/* Offset to get an SSL_R_... value from an SSL_AD_... value. */
+#define SSL_AD_REASON_OFFSET                    1000
 #define SSL_ERROR_NONE                  0
 #define SSL_ERROR_SSL                   1
author	jsing <>	2021-06-13 15:47:11 +0000
committer	jsing <>	2021-06-13 15:47:11 +0000
commit	585c11d2b544684d641066bf05e3fc3734d50309 (patch)
tree	2476825cefcc33fed1c57a651360cf0aa187c8bd /src/lib/libssl/ssl.h
parent	83aea7ddd63a4f3e06d9e54201546df2afd0807b (diff)
download	openbsd-585c11d2b544684d641066bf05e3fc3734d50309.tar.gz openbsd-585c11d2b544684d641066bf05e3fc3734d50309.tar.bz2 openbsd-585c11d2b544684d641066bf05e3fc3734d50309.zip

diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index 509b353fd5..1b81c2aed3 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl.h,v 1.192 2021/06/13 15:29:54 jsing Exp $ */	1	/* $OpenBSD: ssl.h,v 1.193 2021/06/13 15:47:11 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -988,43 +988,52 @@ SSL_SESSION PEM_read_SSL_SESSION(FILE fp, SSL_SESSION **x,
988	int PEM_write_bio_SSL_SESSION(BIO bp, SSL_SESSION x);	988	int PEM_write_bio_SSL_SESSION(BIO bp, SSL_SESSION x);
989	int PEM_write_SSL_SESSION(FILE fp, SSL_SESSION x);	989	int PEM_write_SSL_SESSION(FILE fp, SSL_SESSION x);
990		990
991	#define SSL_AD_REASON_OFFSET 1000 /* offset to get SSL_R_... value from SSL_AD_... */	991	/*
		992	* TLS Alerts.
		993	*
		994	* https://www.iana.org/assignments/tls-parameters/#tls-parameters-6
		995	*/
992		996
		997	/* Obsolete alerts. */
993	#ifndef LIBRESSL_INTERNAL	998	#ifndef LIBRESSL_INTERNAL
994	#define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED /* Removed in TLSv1.1 */	999	#define SSL_AD_DECRYPTION_FAILED 21 /* Removed in TLSv1.1 */
995	#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Removed in TLSv1.0 */	1000	#define SSL_AD_NO_CERTIFICATE 41 /* Removed in TLSv1.0 */
996	#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION /* Removed in TLSv1.1 */	1001	#define SSL_AD_EXPORT_RESTRICTION 60 /* Removed in TLSv1.1 */
997	#endif	1002	#endif
998		1003
999	/* These alert types are for SSLv3 and TLSv1 */	1004	#define SSL_AD_CLOSE_NOTIFY 0
1000	#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY	1005	#define SSL_AD_UNEXPECTED_MESSAGE 10
1001	#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */	1006	#define SSL_AD_BAD_RECORD_MAC 20
1002	#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC /* fatal */	1007	#define SSL_AD_RECORD_OVERFLOW 22
1003	#define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW	1008	#define SSL_AD_DECOMPRESSION_FAILURE 30 /* Removed in TLSv1.3 */
1004	#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE/* fatal */	1009	#define SSL_AD_HANDSHAKE_FAILURE 40
1005	#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE/* fatal */	1010	#define SSL_AD_BAD_CERTIFICATE 42
1006	#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE	1011	#define SSL_AD_UNSUPPORTED_CERTIFICATE 43
1007	#define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE	1012	#define SSL_AD_CERTIFICATE_REVOKED 44
1008	#define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED	1013	#define SSL_AD_CERTIFICATE_EXPIRED 45
1009	#define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED	1014	#define SSL_AD_CERTIFICATE_UNKNOWN 46
1010	#define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN	1015	#define SSL_AD_ILLEGAL_PARAMETER 47
1011	#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */	1016	#define SSL_AD_UNKNOWN_CA 48
1012	#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */	1017	#define SSL_AD_ACCESS_DENIED 49
1013	#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */	1018	#define SSL_AD_DECODE_ERROR 50
1014	#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */	1019	#define SSL_AD_DECRYPT_ERROR 51
1015	#define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR	1020	#define SSL_AD_PROTOCOL_VERSION 70
1016	#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */	1021	#define SSL_AD_INSUFFICIENT_SECURITY 71
1017	#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */	1022	#define SSL_AD_INTERNAL_ERROR 80
1018	#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */	1023	#define SSL_AD_INAPPROPRIATE_FALLBACK 86
1019	#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */	1024	#define SSL_AD_USER_CANCELLED 90
1020	#define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED	1025	#define SSL_AD_NO_RENEGOTIATION 100 /* Removed in TLSv1.3 */
1021	#define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION	1026	#define SSL_AD_UNSUPPORTED_EXTENSION 110
1022	#define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION	1027	#define SSL_AD_CERTIFICATE_UNOBTAINABLE 111 /* Removed in TLSv1.3 */
1023	#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE	1028	#define SSL_AD_UNRECOGNIZED_NAME 112
1024	#define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME	1029	#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
1025	#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE	1030	#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE 114 /* Removed in TLSv1.3 */
1026	#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE	1031	#define SSL_AD_UNKNOWN_PSK_IDENTITY 115
1027	#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */	1032	#define SSL_AD_CERTIFICATE_REQUIRED 116
		1033	#define SSL_AD_NO_APPLICATION_PROTOCOL 120
		1034
		1035	/* Offset to get an SSL_R_... value from an SSL_AD_... value. */
		1036	#define SSL_AD_REASON_OFFSET 1000
1028		1037
1029	#define SSL_ERROR_NONE 0	1038	#define SSL_ERROR_NONE 0
1030	#define SSL_ERROR_SSL 1	1039	#define SSL_ERROR_SSL 1