4 files changed, 52 insertions, 52 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index a1ed22b778..e8a11ebdb9 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.247 2025/03/12 14:03:55 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.248 2025/04/18 07:34:01 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -231,9 +231,9 @@ extern "C" {
 #define SSL_TXT_kRSA            "kRSA"
 #define SSL_TXT_kDHr            "kDHr" /* no such ciphersuites supported! */
 #define SSL_TXT_kDHd            "kDHd" /* no such ciphersuites supported! */
-#define SSL_TXT_kDH             "kDH"  /* no such ciphersuites supported! */
+#define SSL_TXT_kDH             "kDH"  /* no such ciphersuites supported! */
 #define SSL_TXT_kEDH            "kEDH"
-#define SSL_TXT_kKRB5           "kKRB5"
+#define SSL_TXT_kKRB5           "kKRB5"
 #define SSL_TXT_kECDHr          "kECDHr"
 #define SSL_TXT_kECDHe          "kECDHe"
 #define SSL_TXT_kECDH           "kECDH"
@@ -245,7 +245,7 @@ extern "C" {
 #define SSL_TXT_aDSS            "aDSS"
 #define SSL_TXT_aDH             "aDH" /* no such ciphersuites supported! */
 #define SSL_TXT_aECDH           "aECDH"
-#define SSL_TXT_aKRB5           "aKRB5"
+#define SSL_TXT_aKRB5           "aKRB5"
 #define SSL_TXT_aECDSA          "aECDSA"
 #define SSL_TXT_aPSK            "aPSK"
@@ -260,7 +260,7 @@ extern "C" {
 #define SSL_TXT_EECDH           "EECDH" /* previous name for ECDHE */
 #define SSL_TXT_AECDH           "AECDH"
 #define SSL_TXT_ECDSA           "ECDSA"
-#define SSL_TXT_KRB5            "KRB5"
+#define SSL_TXT_KRB5            "KRB5"
 #define SSL_TXT_PSK             "PSK"
 #define SSL_TXT_SRP             "SRP"
@@ -1117,7 +1117,7 @@ const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
 int     SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
 const char *    SSL_CIPHER_get_version(const SSL_CIPHER *c);
 const char *    SSL_CIPHER_get_name(const SSL_CIPHER *c);
-unsigned long   SSL_CIPHER_get_id(const SSL_CIPHER *c);
+unsigned long   SSL_CIPHER_get_id(const SSL_CIPHER *c);
 uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *c);
 const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr);
 int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c);
@@ -1272,16 +1272,16 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
 SSL *SSL_new(SSL_CTX *ctx);
 void    SSL_free(SSL *ssl);
 int     SSL_up_ref(SSL *ssl);
-int     SSL_accept(SSL *ssl);
+int     SSL_accept(SSL *ssl);
-int     SSL_connect(SSL *ssl);
+int     SSL_connect(SSL *ssl);
 int     SSL_is_dtls(const SSL *s);
 int     SSL_is_server(const SSL *s);
-int     SSL_read(SSL *ssl, void *buf, int num);
+int     SSL_read(SSL *ssl, void *buf, int num);
-int     SSL_peek(SSL *ssl, void *buf, int num);
+int     SSL_peek(SSL *ssl, void *buf, int num);
-int     SSL_write(SSL *ssl, const void *buf, int num);
+int     SSL_write(SSL *ssl, const void *buf, int num);
-int     SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *bytes_read);
+int     SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *bytes_read);
-int     SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *bytes_peeked);
+int     SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *bytes_peeked);
-int     SSL_write_ex(SSL *ssl, const void *buf, size_t num, size_t *bytes_written);
+int     SSL_write_ex(SSL *ssl, const void *buf, size_t num, size_t *bytes_written);
 #if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
 uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx);
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
index 1b1110b4e9..03dda33530 100644
--- a/src/lib/libssl/ssl3.h
+++ b/src/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl3.h,v 1.60 2024/03/02 11:47:41 tb Exp $ */
+/* $OpenBSD: ssl3.h,v 1.61 2025/04/18 07:34:01 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -134,7 +134,7 @@ extern "C" {
 #define SSL3_CK_RSA_NULL_MD5                    0x03000001
 #define SSL3_CK_RSA_NULL_SHA                    0x03000002
-#define SSL3_CK_RSA_RC4_40_MD5                  0x03000003
+#define SSL3_CK_RSA_RC4_40_MD5                  0x03000003
 #define SSL3_CK_RSA_RC4_128_MD5                 0x03000004
 #define SSL3_CK_RSA_RC4_128_SHA                 0x03000005
 #define SSL3_CK_RSA_RC2_40_MD5                  0x03000006
@@ -145,10 +145,10 @@ extern "C" {
 #define SSL3_CK_DH_DSS_DES_40_CBC_SHA           0x0300000B
 #define SSL3_CK_DH_DSS_DES_64_CBC_SHA           0x0300000C
-#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA         0x0300000D
+#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA         0x0300000D
 #define SSL3_CK_DH_RSA_DES_40_CBC_SHA           0x0300000E
 #define SSL3_CK_DH_RSA_DES_64_CBC_SHA           0x0300000F
-#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA         0x03000010
+#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA         0x03000010
 #define SSL3_CK_EDH_DSS_DES_40_CBC_SHA          0x03000011
 #define SSL3_CK_EDH_DSS_DES_64_CBC_SHA          0x03000012
@@ -168,22 +168,22 @@ extern "C" {
 #define SSL3_CK_KRB5_DES_64_CBC_SHA             0x0300001E
 #define SSL3_CK_KRB5_DES_192_CBC3_SHA           0x0300001F
 #define SSL3_CK_KRB5_RC4_128_SHA                0x03000020
-#define SSL3_CK_KRB5_IDEA_128_CBC_SHA           0x03000021
+#define SSL3_CK_KRB5_IDEA_128_CBC_SHA           0x03000021
-#define SSL3_CK_KRB5_DES_64_CBC_MD5             0x03000022
+#define SSL3_CK_KRB5_DES_64_CBC_MD5             0x03000022
-#define SSL3_CK_KRB5_DES_192_CBC3_MD5           0x03000023
+#define SSL3_CK_KRB5_DES_192_CBC3_MD5           0x03000023
-#define SSL3_CK_KRB5_RC4_128_MD5                0x03000024
+#define SSL3_CK_KRB5_RC4_128_MD5                0x03000024
-#define SSL3_CK_KRB5_IDEA_128_CBC_MD5           0x03000025
+#define SSL3_CK_KRB5_IDEA_128_CBC_MD5           0x03000025
-#define SSL3_CK_KRB5_DES_40_CBC_SHA             0x03000026
+#define SSL3_CK_KRB5_DES_40_CBC_SHA             0x03000026
-#define SSL3_CK_KRB5_RC2_40_CBC_SHA             0x03000027
+#define SSL3_CK_KRB5_RC2_40_CBC_SHA             0x03000027
-#define SSL3_CK_KRB5_RC4_40_SHA                 0x03000028
+#define SSL3_CK_KRB5_RC4_40_SHA                 0x03000028
-#define SSL3_CK_KRB5_DES_40_CBC_MD5             0x03000029
+#define SSL3_CK_KRB5_DES_40_CBC_MD5             0x03000029
-#define SSL3_CK_KRB5_RC2_40_CBC_MD5             0x0300002A
+#define SSL3_CK_KRB5_RC2_40_CBC_MD5             0x0300002A
-#define SSL3_CK_KRB5_RC4_40_MD5                 0x0300002B
+#define SSL3_CK_KRB5_RC4_40_MD5                 0x0300002B
 #define SSL3_TXT_RSA_NULL_MD5                   "NULL-MD5"
 #define SSL3_TXT_RSA_NULL_SHA                   "NULL-SHA"
-#define SSL3_TXT_RSA_RC4_40_MD5                 "EXP-RC4-MD5"
+#define SSL3_TXT_RSA_RC4_40_MD5                 "EXP-RC4-MD5"
 #define SSL3_TXT_RSA_RC4_128_MD5                "RC4-MD5"
 #define SSL3_TXT_RSA_RC4_128_SHA                "RC4-SHA"
 #define SSL3_TXT_RSA_RC2_40_MD5                 "EXP-RC2-CBC-MD5"
@@ -194,10 +194,10 @@ extern "C" {
 #define SSL3_TXT_DH_DSS_DES_40_CBC_SHA          "EXP-DH-DSS-DES-CBC-SHA"
 #define SSL3_TXT_DH_DSS_DES_64_CBC_SHA          "DH-DSS-DES-CBC-SHA"
-#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA        "DH-DSS-DES-CBC3-SHA"
+#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA        "DH-DSS-DES-CBC3-SHA"
 #define SSL3_TXT_DH_RSA_DES_40_CBC_SHA          "EXP-DH-RSA-DES-CBC-SHA"
 #define SSL3_TXT_DH_RSA_DES_64_CBC_SHA          "DH-RSA-DES-CBC-SHA"
-#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA        "DH-RSA-DES-CBC3-SHA"
+#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA        "DH-RSA-DES-CBC3-SHA"
 #define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA         "EXP-EDH-DSS-DES-CBC-SHA"
 #define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA         "EDH-DSS-DES-CBC-SHA"
@@ -215,18 +215,18 @@ extern "C" {
 #define SSL3_TXT_KRB5_DES_64_CBC_SHA            "KRB5-DES-CBC-SHA"
 #define SSL3_TXT_KRB5_DES_192_CBC3_SHA          "KRB5-DES-CBC3-SHA"
 #define SSL3_TXT_KRB5_RC4_128_SHA               "KRB5-RC4-SHA"
-#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA          "KRB5-IDEA-CBC-SHA"
+#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA          "KRB5-IDEA-CBC-SHA"
-#define SSL3_TXT_KRB5_DES_64_CBC_MD5            "KRB5-DES-CBC-MD5"
+#define SSL3_TXT_KRB5_DES_64_CBC_MD5            "KRB5-DES-CBC-MD5"
-#define SSL3_TXT_KRB5_DES_192_CBC3_MD5          "KRB5-DES-CBC3-MD5"
+#define SSL3_TXT_KRB5_DES_192_CBC3_MD5          "KRB5-DES-CBC3-MD5"
 #define SSL3_TXT_KRB5_RC4_128_MD5               "KRB5-RC4-MD5"
-#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5          "KRB5-IDEA-CBC-MD5"
+#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5          "KRB5-IDEA-CBC-MD5"
-#define SSL3_TXT_KRB5_DES_40_CBC_SHA            "EXP-KRB5-DES-CBC-SHA"
+#define SSL3_TXT_KRB5_DES_40_CBC_SHA            "EXP-KRB5-DES-CBC-SHA"
-#define SSL3_TXT_KRB5_RC2_40_CBC_SHA            "EXP-KRB5-RC2-CBC-SHA"
+#define SSL3_TXT_KRB5_RC2_40_CBC_SHA            "EXP-KRB5-RC2-CBC-SHA"
-#define SSL3_TXT_KRB5_RC4_40_SHA                "EXP-KRB5-RC4-SHA"
+#define SSL3_TXT_KRB5_RC4_40_SHA                "EXP-KRB5-RC4-SHA"
-#define SSL3_TXT_KRB5_DES_40_CBC_MD5            "EXP-KRB5-DES-CBC-MD5"
+#define SSL3_TXT_KRB5_DES_40_CBC_MD5            "EXP-KRB5-DES-CBC-MD5"
-#define SSL3_TXT_KRB5_RC2_40_CBC_MD5            "EXP-KRB5-RC2-CBC-MD5"
+#define SSL3_TXT_KRB5_RC2_40_CBC_MD5            "EXP-KRB5-RC2-CBC-MD5"
-#define SSL3_TXT_KRB5_RC4_40_MD5                "EXP-KRB5-RC4-MD5"
+#define SSL3_TXT_KRB5_RC4_40_MD5                "EXP-KRB5-RC4-MD5"
 #define SSL3_SSL_SESSION_ID_LENGTH              32
 #define SSL3_MAX_SSL_SESSION_ID_LENGTH          32
diff --git a/src/lib/libssl/ssl_local.h b/src/lib/libssl/ssl_local.h
index 6095940388..1230ecd49e 100644
--- a/src/lib/libssl/ssl_local.h
+++ b/src/lib/libssl/ssl_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_local.h,v 1.27 2025/03/09 15:12:18 tb Exp $ */
+/* $OpenBSD: ssl_local.h,v 1.28 2025/04/18 07:34:01 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -203,7 +203,7 @@ __BEGIN_HIDDEN_DECLS
 /* Bits for algorithm_auth (server authentication) */
 #define SSL_aRSA                0x00000001L /* RSA auth */
 #define SSL_aNULL               0x00000004L /* no auth (i.e. use ADH or AECDH) */
-#define SSL_aECDSA              0x00000040L /* ECDSA auth*/
+#define SSL_aECDSA              0x00000040L /* ECDSA auth*/
 #define SSL_aTLS1_3             0x00000400L /* TLSv1.3 authentication */
 /* Bits for algorithm_enc (symmetric encryption) */
@@ -396,7 +396,7 @@ struct ssl_method_st {
 *      PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
 *      PSK_identity [ 8 ] EXPLICIT OCTET STRING,  -- optional PSK identity
 *      Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket
- *      Ticket [10]             EXPLICIT OCTET STRING, -- session ticket (clients only)
+ *      Ticket [10]             EXPLICIT OCTET STRING, -- session ticket (clients only)
 *      Compression_meth [11]   EXPLICIT OCTET STRING, -- optional compression method
 *      SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
 * }
@@ -1054,7 +1054,7 @@ struct ssl_st {
        int renegotiate;/* 1 if we are renegotiating.
                         * 2 if we are a server and are inside a handshake
-                         * (i.e. not just sending a HelloRequest) */
+                         * (i.e. not just sending a HelloRequest) */
        int rstate;     /* where we are when reading */
@@ -1078,7 +1078,7 @@ typedef struct ssl3_record_internal_st {
 typedef struct ssl3_buffer_internal_st {
        unsigned char *buf;     /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
-                                 * see ssl3_setup_buffers() */
+                                 * see ssl3_setup_buffers() */
        size_t len;             /* buffer size */
        int offset;             /* where to 'copy from' */
        int left;               /* how many bytes left */
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index d018fced5c..2d5dffc6cf 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls1.h,v 1.60 2024/10/23 01:57:19 jsg Exp $ */
+/* $OpenBSD: tls1.h,v 1.61 2025/04/18 07:34:01 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -197,7 +197,7 @@ extern "C" {
 /* Codes 110-114 from RFC 3546. */
 #define TLS1_AD_UNSUPPORTED_EXTENSION           110
 #define TLS1_AD_CERTIFICATE_UNOBTAINABLE        111
-#define TLS1_AD_UNRECOGNIZED_NAME               112
+#define TLS1_AD_UNRECOGNIZED_NAME               112
 #define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
 #define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE      114
 /* Code 115 from RFC 4279. */
@@ -455,7 +455,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_CK_DH_RSA_WITH_SEED_SHA                    0x03000098
 #define TLS1_CK_DHE_DSS_WITH_SEED_SHA                   0x03000099
 #define TLS1_CK_DHE_RSA_WITH_SEED_SHA                   0x0300009A
-#define TLS1_CK_ADH_WITH_SEED_SHA                       0x0300009B
+#define TLS1_CK_ADH_WITH_SEED_SHA                       0x0300009B
 /* TLS v1.2 GCM ciphersuites from RFC 5288. */
 #define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256             0x0300009C

diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index a1ed22b778..e8a11ebdb9 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl.h,v 1.247 2025/03/12 14:03:55 jsing Exp $ */	1	/* $OpenBSD: ssl.h,v 1.248 2025/04/18 07:34:01 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -231,9 +231,9 @@ extern "C" {
231	#define SSL_TXT_kRSA "kRSA"	231	#define SSL_TXT_kRSA "kRSA"
232	#define SSL_TXT_kDHr "kDHr" /* no such ciphersuites supported! */	232	#define SSL_TXT_kDHr "kDHr" /* no such ciphersuites supported! */
233	#define SSL_TXT_kDHd "kDHd" /* no such ciphersuites supported! */	233	#define SSL_TXT_kDHd "kDHd" /* no such ciphersuites supported! */
234	#define SSL_TXT_kDH "kDH" /* no such ciphersuites supported! */	234	#define SSL_TXT_kDH "kDH" /* no such ciphersuites supported! */
235	#define SSL_TXT_kEDH "kEDH"	235	#define SSL_TXT_kEDH "kEDH"
236	#define SSL_TXT_kKRB5 "kKRB5"	236	#define SSL_TXT_kKRB5 "kKRB5"
237	#define SSL_TXT_kECDHr "kECDHr"	237	#define SSL_TXT_kECDHr "kECDHr"
238	#define SSL_TXT_kECDHe "kECDHe"	238	#define SSL_TXT_kECDHe "kECDHe"
239	#define SSL_TXT_kECDH "kECDH"	239	#define SSL_TXT_kECDH "kECDH"
@@ -245,7 +245,7 @@ extern "C" {
245	#define SSL_TXT_aDSS "aDSS"	245	#define SSL_TXT_aDSS "aDSS"
246	#define SSL_TXT_aDH "aDH" /* no such ciphersuites supported! */	246	#define SSL_TXT_aDH "aDH" /* no such ciphersuites supported! */
247	#define SSL_TXT_aECDH "aECDH"	247	#define SSL_TXT_aECDH "aECDH"
248	#define SSL_TXT_aKRB5 "aKRB5"	248	#define SSL_TXT_aKRB5 "aKRB5"
249	#define SSL_TXT_aECDSA "aECDSA"	249	#define SSL_TXT_aECDSA "aECDSA"
250	#define SSL_TXT_aPSK "aPSK"	250	#define SSL_TXT_aPSK "aPSK"
251		251
@@ -260,7 +260,7 @@ extern "C" {
260	#define SSL_TXT_EECDH "EECDH" /* previous name for ECDHE */	260	#define SSL_TXT_EECDH "EECDH" /* previous name for ECDHE */
261	#define SSL_TXT_AECDH "AECDH"	261	#define SSL_TXT_AECDH "AECDH"
262	#define SSL_TXT_ECDSA "ECDSA"	262	#define SSL_TXT_ECDSA "ECDSA"
263	#define SSL_TXT_KRB5 "KRB5"	263	#define SSL_TXT_KRB5 "KRB5"
264	#define SSL_TXT_PSK "PSK"	264	#define SSL_TXT_PSK "PSK"
265	#define SSL_TXT_SRP "SRP"	265	#define SSL_TXT_SRP "SRP"
266		266
@@ -1117,7 +1117,7 @@ const SSL_CIPHER SSL_get_current_cipher(const SSL s);
1117	int SSL_CIPHER_get_bits(const SSL_CIPHER c, int alg_bits);	1117	int SSL_CIPHER_get_bits(const SSL_CIPHER c, int alg_bits);
1118	const char * SSL_CIPHER_get_version(const SSL_CIPHER *c);	1118	const char * SSL_CIPHER_get_version(const SSL_CIPHER *c);
1119	const char * SSL_CIPHER_get_name(const SSL_CIPHER *c);	1119	const char * SSL_CIPHER_get_name(const SSL_CIPHER *c);
1120	unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c);	1120	unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c);
1121	uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *c);	1121	uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *c);
1122	const SSL_CIPHER SSL_CIPHER_find(SSL ssl, const unsigned char *ptr);	1122	const SSL_CIPHER SSL_CIPHER_find(SSL ssl, const unsigned char *ptr);
1123	int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c);	1123	int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c);
@@ -1272,16 +1272,16 @@ int SSL_set1_param(SSL ssl, X509_VERIFY_PARAM vpm);
1272	SSL SSL_new(SSL_CTX ctx);	1272	SSL SSL_new(SSL_CTX ctx);
1273	void SSL_free(SSL *ssl);	1273	void SSL_free(SSL *ssl);
1274	int SSL_up_ref(SSL *ssl);	1274	int SSL_up_ref(SSL *ssl);
1275	int SSL_accept(SSL *ssl);	1275	int SSL_accept(SSL *ssl);
1276	int SSL_connect(SSL *ssl);	1276	int SSL_connect(SSL *ssl);
1277	int SSL_is_dtls(const SSL *s);	1277	int SSL_is_dtls(const SSL *s);
1278	int SSL_is_server(const SSL *s);	1278	int SSL_is_server(const SSL *s);
1279	int SSL_read(SSL ssl, void buf, int num);	1279	int SSL_read(SSL ssl, void buf, int num);
1280	int SSL_peek(SSL ssl, void buf, int num);	1280	int SSL_peek(SSL ssl, void buf, int num);
1281	int SSL_write(SSL ssl, const void buf, int num);	1281	int SSL_write(SSL ssl, const void buf, int num);
1282	int SSL_read_ex(SSL ssl, void buf, size_t num, size_t *bytes_read);	1282	int SSL_read_ex(SSL ssl, void buf, size_t num, size_t *bytes_read);
1283	int SSL_peek_ex(SSL ssl, void buf, size_t num, size_t *bytes_peeked);	1283	int SSL_peek_ex(SSL ssl, void buf, size_t num, size_t *bytes_peeked);
1284	int SSL_write_ex(SSL ssl, const void buf, size_t num, size_t *bytes_written);	1284	int SSL_write_ex(SSL ssl, const void buf, size_t num, size_t *bytes_written);
1285		1285
1286	#if defined(LIBRESSL_HAS_TLS1_3) \|\| defined(LIBRESSL_INTERNAL)	1286	#if defined(LIBRESSL_HAS_TLS1_3) \|\| defined(LIBRESSL_INTERNAL)
1287	uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx);	1287	uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx);


diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h index 1b1110b4e9..03dda33530 100644 --- a/src/lib/libssl/ssl3.h +++ b/src/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl3.h,v 1.60 2024/03/02 11:47:41 tb Exp $ */	1	/* $OpenBSD: ssl3.h,v 1.61 2025/04/18 07:34:01 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -134,7 +134,7 @@ extern "C" {
134		134
135	#define SSL3_CK_RSA_NULL_MD5 0x03000001	135	#define SSL3_CK_RSA_NULL_MD5 0x03000001
136	#define SSL3_CK_RSA_NULL_SHA 0x03000002	136	#define SSL3_CK_RSA_NULL_SHA 0x03000002
137	#define SSL3_CK_RSA_RC4_40_MD5 0x03000003	137	#define SSL3_CK_RSA_RC4_40_MD5 0x03000003
138	#define SSL3_CK_RSA_RC4_128_MD5 0x03000004	138	#define SSL3_CK_RSA_RC4_128_MD5 0x03000004
139	#define SSL3_CK_RSA_RC4_128_SHA 0x03000005	139	#define SSL3_CK_RSA_RC4_128_SHA 0x03000005
140	#define SSL3_CK_RSA_RC2_40_MD5 0x03000006	140	#define SSL3_CK_RSA_RC2_40_MD5 0x03000006
@@ -145,10 +145,10 @@ extern "C" {
145		145
146	#define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B	146	#define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B
147	#define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C	147	#define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C
148	#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D	148	#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D
149	#define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E	149	#define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E
150	#define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F	150	#define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F
151	#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010	151	#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010
152		152
153	#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011	153	#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011
154	#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012	154	#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012
@@ -168,22 +168,22 @@ extern "C" {
168	#define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E	168	#define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E
169	#define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F	169	#define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F
170	#define SSL3_CK_KRB5_RC4_128_SHA 0x03000020	170	#define SSL3_CK_KRB5_RC4_128_SHA 0x03000020
171	#define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021	171	#define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021
172	#define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022	172	#define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022
173	#define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023	173	#define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023
174	#define SSL3_CK_KRB5_RC4_128_MD5 0x03000024	174	#define SSL3_CK_KRB5_RC4_128_MD5 0x03000024
175	#define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025	175	#define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025
176		176
177	#define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026	177	#define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026
178	#define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027	178	#define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027
179	#define SSL3_CK_KRB5_RC4_40_SHA 0x03000028	179	#define SSL3_CK_KRB5_RC4_40_SHA 0x03000028
180	#define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029	180	#define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029
181	#define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A	181	#define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A
182	#define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B	182	#define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B
183		183
184	#define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5"	184	#define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5"
185	#define SSL3_TXT_RSA_NULL_SHA "NULL-SHA"	185	#define SSL3_TXT_RSA_NULL_SHA "NULL-SHA"
186	#define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5"	186	#define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5"
187	#define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5"	187	#define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5"
188	#define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA"	188	#define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA"
189	#define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5"	189	#define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5"
@@ -194,10 +194,10 @@ extern "C" {
194		194
195	#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA"	195	#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA"
196	#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA"	196	#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA"
197	#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA"	197	#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA"
198	#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA"	198	#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA"
199	#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA"	199	#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA"
200	#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA"	200	#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA"
201		201
202	#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA"	202	#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA"
203	#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA"	203	#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA"
@@ -215,18 +215,18 @@ extern "C" {
215	#define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA"	215	#define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA"
216	#define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA"	216	#define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA"
217	#define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA"	217	#define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA"
218	#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA"	218	#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA"
219	#define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5"	219	#define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5"
220	#define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5"	220	#define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5"
221	#define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5"	221	#define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5"
222	#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5"	222	#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5"
223		223
224	#define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA"	224	#define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA"
225	#define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA"	225	#define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA"
226	#define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA"	226	#define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA"
227	#define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5"	227	#define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5"
228	#define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5"	228	#define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5"
229	#define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5"	229	#define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5"
230		230
231	#define SSL3_SSL_SESSION_ID_LENGTH 32	231	#define SSL3_SSL_SESSION_ID_LENGTH 32
232	#define SSL3_MAX_SSL_SESSION_ID_LENGTH 32	232	#define SSL3_MAX_SSL_SESSION_ID_LENGTH 32


diff --git a/src/lib/libssl/ssl_local.h b/src/lib/libssl/ssl_local.h index 6095940388..1230ecd49e 100644 --- a/src/lib/libssl/ssl_local.h +++ b/src/lib/libssl/ssl_local.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_local.h,v 1.27 2025/03/09 15:12:18 tb Exp $ */	1	/* $OpenBSD: ssl_local.h,v 1.28 2025/04/18 07:34:01 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -203,7 +203,7 @@ __BEGIN_HIDDEN_DECLS
203	/* Bits for algorithm_auth (server authentication) */	203	/* Bits for algorithm_auth (server authentication) */
204	#define SSL_aRSA 0x00000001L /* RSA auth */	204	#define SSL_aRSA 0x00000001L /* RSA auth */
205	#define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */	205	#define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */
206	#define SSL_aECDSA 0x00000040L /* ECDSA auth*/	206	#define SSL_aECDSA 0x00000040L /* ECDSA auth*/
207	#define SSL_aTLS1_3 0x00000400L /* TLSv1.3 authentication */	207	#define SSL_aTLS1_3 0x00000400L /* TLSv1.3 authentication */
208		208
209	/* Bits for algorithm_enc (symmetric encryption) */	209	/* Bits for algorithm_enc (symmetric encryption) */
@@ -396,7 +396,7 @@ struct ssl_method_st {
396	* PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint	396	* PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
397	* PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity	397	* PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity
398	* Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket	398	* Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket
399	* Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only)	399	* Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only)
400	* Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method	400	* Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method
401	* SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username	401	* SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
402	* }	402	* }
@@ -1054,7 +1054,7 @@ struct ssl_st {
1054		1054
1055	int renegotiate;/* 1 if we are renegotiating.	1055	int renegotiate;/* 1 if we are renegotiating.
1056	* 2 if we are a server and are inside a handshake	1056	* 2 if we are a server and are inside a handshake
1057	* (i.e. not just sending a HelloRequest) */	1057	* (i.e. not just sending a HelloRequest) */
1058		1058
1059	int rstate; /* where we are when reading */	1059	int rstate; /* where we are when reading */
1060		1060
@@ -1078,7 +1078,7 @@ typedef struct ssl3_record_internal_st {
1078		1078
1079	typedef struct ssl3_buffer_internal_st {	1079	typedef struct ssl3_buffer_internal_st {
1080	unsigned char buf; / at least SSL3_RT_MAX_PACKET_SIZE bytes,	1080	unsigned char buf; / at least SSL3_RT_MAX_PACKET_SIZE bytes,
1081	* see ssl3_setup_buffers() */	1081	* see ssl3_setup_buffers() */
1082	size_t len; /* buffer size */	1082	size_t len; /* buffer size */
1083	int offset; /* where to 'copy from' */	1083	int offset; /* where to 'copy from' */
1084	int left; /* how many bytes left */	1084	int left; /* how many bytes left */


diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h index d018fced5c..2d5dffc6cf 100644 --- a/src/lib/libssl/tls1.h +++ b/src/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls1.h,v 1.60 2024/10/23 01:57:19 jsg Exp $ */	1	/* $OpenBSD: tls1.h,v 1.61 2025/04/18 07:34:01 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -197,7 +197,7 @@ extern "C" {
197	/* Codes 110-114 from RFC 3546. */	197	/* Codes 110-114 from RFC 3546. */
198	#define TLS1_AD_UNSUPPORTED_EXTENSION 110	198	#define TLS1_AD_UNSUPPORTED_EXTENSION 110
199	#define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111	199	#define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
200	#define TLS1_AD_UNRECOGNIZED_NAME 112	200	#define TLS1_AD_UNRECOGNIZED_NAME 112
201	#define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113	201	#define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
202	#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114	202	#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
203	/* Code 115 from RFC 4279. */	203	/* Code 115 from RFC 4279. */
@@ -455,7 +455,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
455	#define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098	455	#define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098
456	#define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099	456	#define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099
457	#define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A	457	#define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A
458	#define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B	458	#define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B
459		459
460	/* TLS v1.2 GCM ciphersuites from RFC 5288. */	460	/* TLS v1.2 GCM ciphersuites from RFC 5288. */
461	#define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C	461	#define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C