1 files changed, 11 insertions, 14 deletions

diff --git a/src/lib/libssl/ssl_local.h b/src/lib/libssl/ssl_local.h
index 6095940388..acb87f8650 100644
--- a/src/lib/libssl/ssl_local.h
+++ b/src/lib/libssl/ssl_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_local.h,v 1.27 2025/03/09 15:12:18 tb Exp $ */
+/* $OpenBSD: ssl_local.h,v 1.33 2025/05/10 06:04:36 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -203,7 +203,7 @@ __BEGIN_HIDDEN_DECLS
 /* Bits for algorithm_auth (server authentication) */
 #define SSL_aRSA                0x00000001L /* RSA auth */
 #define SSL_aNULL               0x00000004L /* no auth (i.e. use ADH or AECDH) */
-#define SSL_aECDSA              0x00000040L /* ECDSA auth*/
+#define SSL_aECDSA              0x00000040L /* ECDSA auth*/
 #define SSL_aTLS1_3             0x00000400L /* TLSv1.3 authentication */
 
 /* Bits for algorithm_enc (symmetric encryption) */
@@ -289,12 +289,8 @@ __BEGIN_HIDDEN_DECLS
  * SSL_aDSS <- DSA_SIGN
  */
 
-/* From ECC-TLS draft, used in encoding the curve type in
- * ECParameters
- */
-#define EXPLICIT_PRIME_CURVE_TYPE  1
-#define EXPLICIT_CHAR2_CURVE_TYPE  2
-#define NAMED_CURVE_TYPE           3
+/* From RFC 4492, section 5.4. Only named curves are supported. */
+#define NAMED_CURVE_TYPE        3
 
 typedef struct ssl_cert_pkey_st {
         X509 *x509;
@@ -396,7 +392,7 @@ struct ssl_method_st {
  *      PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
  *      PSK_identity [ 8 ] EXPLICIT OCTET STRING,  -- optional PSK identity
  *      Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket
- *      Ticket [10]             EXPLICIT OCTET STRING, -- session ticket (clients only)
+ *      Ticket [10]             EXPLICIT OCTET STRING, -- session ticket (clients only)
  *      Compression_meth [11]   EXPLICIT OCTET STRING, -- optional compression method
  *      SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
  * }
@@ -1054,7 +1050,7 @@ struct ssl_st {
 
         int renegotiate;/* 1 if we are renegotiating.
                          * 2 if we are a server and are inside a handshake
-                         * (i.e. not just sending a HelloRequest) */
+                         * (i.e. not just sending a HelloRequest) */
 
         int rstate;     /* where we are when reading */
 
@@ -1078,7 +1074,7 @@ typedef struct ssl3_record_internal_st {
 
 typedef struct ssl3_buffer_internal_st {
         unsigned char *buf;     /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
-                                 * see ssl3_setup_buffers() */
+                                 * see ssl3_setup_buffers() */
         size_t len;             /* buffer size */
         int offset;             /* where to 'copy from' */
         int left;               /* how many bytes left */
@@ -1443,9 +1439,10 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char *md_out,
     unsigned int mac_secret_length);
 int SSL_state_func_code(int _state);
 
-#define SSLerror(s, r) SSL_error_internal(s, r, OPENSSL_FILE, OPENSSL_LINE)
-#define SSLerrorx(r) ERR_PUT_error(ERR_LIB_SSL,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE)
-void SSL_error_internal(const SSL *s, int r, char *f, int l);
+void SSL_error_internal(const SSL *s, int r, const char *f, int l);
+#define SSLerror(s, r)  SSL_error_internal(s, r, OPENSSL_FILE, OPENSSL_LINE)
+#define SSLerrorx(r)    ERR_PUT_error(ERR_LIB_SSL,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE)
+#define SYSerror(r)     ERR_PUT_error(ERR_LIB_SYS,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE)
 
 #ifndef OPENSSL_NO_SRTP