Make {SSL3,TLS}_CT_* internal

And here goes a bunch of unused macros that just had to be in two
headers so they could get out of sync. Three of these constants
are used in a single function...

ok jsing

diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index 9836d20..6ebe260 100644 (file)
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.250 2024/03/02 11:44:47 tb Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.251 2024/03/02 11:46:55 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2594,6 +2594,10 @@ ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
        return (ret);
 }
 
+#define SSL3_CT_RSA_SIGN       1
+#define SSL3_CT_RSA_FIXED_DH   3
+#define SSL3_CT_ECDSA_SIGN     64
+
 int
 ssl3_get_req_cert_types(SSL *s, CBB *cbb)
 {
@@ -2613,7 +2617,7 @@ ssl3_get_req_cert_types(SSL *s, CBB *cbb)
         * ECDSA certs can be used with RSA cipher suites as well
         * so we don't need to check for SSL_kECDH or SSL_kECDHE.
         */
-       if (!CBB_add_u8(cbb, TLS_CT_ECDSA_SIGN))
+       if (!CBB_add_u8(cbb, SSL3_CT_ECDSA_SIGN))
                return 0;
 
        return 1;

diff --git a/lib/libssl/ssl3.h b/lib/libssl/ssl3.h
index 603d9cc..55fbf72 100644 (file)
--- a/lib/libssl/ssl3.h
+++ b/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl3.h,v 1.58 2024/02/03 15:58:33 beck Exp $ */
+/* $OpenBSD: ssl3.h,v 1.59 2024/03/02 11:46:55 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -314,19 +314,6 @@ extern "C" {
 #define TLS1_HB_REQUEST                1
 #define TLS1_HB_RESPONSE       2
 
-#define SSL3_CT_RSA_SIGN                       1
-#define SSL3_CT_DSS_SIGN                       2
-#define SSL3_CT_RSA_FIXED_DH                   3
-#define SSL3_CT_DSS_FIXED_DH                   4
-#define SSL3_CT_RSA_EPHEMERAL_DH               5
-#define SSL3_CT_DSS_EPHEMERAL_DH               6
-#define SSL3_CT_FORTEZZA_DMS                   20
-/* SSL3_CT_NUMBER is used to size arrays and it must be large
- * enough to contain all of the cert types defined either for
- * SSLv3 and TLSv1.
- */
-#define SSL3_CT_NUMBER                 7
-
 #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS      0x0001
 #define TLS1_FLAGS_SKIP_CERT_VERIFY            0x0010
 #define TLS1_FLAGS_FREEZE_TRANSCRIPT           0x0020

diff --git a/lib/libssl/tls1.h b/lib/libssl/tls1.h
index 05514b8..2166629 100644 (file)
--- a/lib/libssl/tls1.h
+++ b/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls1.h,v 1.58 2024/03/02 11:44:47 tb Exp $ */
+/* $OpenBSD: tls1.h,v 1.59 2024/03/02 11:46:55 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -740,17 +740,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_3_RFC_AES_128_CCM_8_SHA256                        "TLS_AES_128_CCM_8_SHA256"
 #endif
 
-#define TLS_CT_RSA_SIGN                        1
-#define TLS_CT_DSS_SIGN                        2
-#define TLS_CT_RSA_FIXED_DH            3
-#define TLS_CT_DSS_FIXED_DH            4
-#define TLS_CT_ECDSA_SIGN              64
-#define TLS_CT_RSA_FIXED_ECDH          65
-#define TLS_CT_ECDSA_FIXED_ECDH        66
-/* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
- * comment there) */
-#define TLS_CT_NUMBER                  7
-
 #define TLS1_FINISH_MAC_LENGTH         12
 
 #define TLS_MD_MAX_CONST_SIZE                  20