Define SSL_AD_* as actual values.

Rather than having SSL_AD_* as defines that refer to SSL3_AD_* or
TLS1_AD_*, just give them actual values directly since it is more readable
and the indirection provides no value. Place SSL3_AD_* and TLS1_AD_* under
#ifndef LIBRESSL_INTERNAL to prevent further usage.

ok tb@

diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h
index 509b353..1b81c2a 100644 (file)
--- a/lib/libssl/ssl.h
+++ b/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.192 2021/06/13 15:29:54 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.193 2021/06/13 15:47:11 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -988,43 +988,52 @@ SSL_SESSION *PEM_read_SSL_SESSION(FILE *fp, SSL_SESSION **x,
 int PEM_write_bio_SSL_SESSION(BIO *bp, SSL_SESSION *x);
 int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x);
 
-#define SSL_AD_REASON_OFFSET           1000 /* offset to get SSL_R_... value from SSL_AD_... */
+/*
+ * TLS Alerts.
+ *
+ * https://www.iana.org/assignments/tls-parameters/#tls-parameters-6
+ */
 
+/* Obsolete alerts. */
 #ifndef LIBRESSL_INTERNAL
-#define SSL_AD_DECRYPTION_FAILED       TLS1_AD_DECRYPTION_FAILED       /* Removed in TLSv1.1 */
-#define SSL_AD_NO_CERTIFICATE          SSL3_AD_NO_CERTIFICATE          /* Removed in TLSv1.0 */
-#define SSL_AD_EXPORT_RESTRICTION      TLS1_AD_EXPORT_RESTRICTION      /* Removed in TLSv1.1 */
+#define SSL_AD_DECRYPTION_FAILED               21      /* Removed in TLSv1.1 */
+#define SSL_AD_NO_CERTIFICATE                  41      /* Removed in TLSv1.0 */
+#define SSL_AD_EXPORT_RESTRICTION              60      /* Removed in TLSv1.1 */
 #endif
 
-/* These alert types are for SSLv3 and TLSv1 */
-#define SSL_AD_CLOSE_NOTIFY            SSL3_AD_CLOSE_NOTIFY
-#define SSL_AD_UNEXPECTED_MESSAGE      SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
-#define SSL_AD_BAD_RECORD_MAC          SSL3_AD_BAD_RECORD_MAC     /* fatal */
-#define SSL_AD_RECORD_OVERFLOW         TLS1_AD_RECORD_OVERFLOW
-#define SSL_AD_DECOMPRESSION_FAILURE   SSL3_AD_DECOMPRESSION_FAILURE/* fatal */
-#define SSL_AD_HANDSHAKE_FAILURE       SSL3_AD_HANDSHAKE_FAILURE/* fatal */
-#define SSL_AD_BAD_CERTIFICATE         SSL3_AD_BAD_CERTIFICATE
-#define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE
-#define SSL_AD_CERTIFICATE_REVOKED     SSL3_AD_CERTIFICATE_REVOKED
-#define SSL_AD_CERTIFICATE_EXPIRED     SSL3_AD_CERTIFICATE_EXPIRED
-#define SSL_AD_CERTIFICATE_UNKNOWN     SSL3_AD_CERTIFICATE_UNKNOWN
-#define SSL_AD_ILLEGAL_PARAMETER       SSL3_AD_ILLEGAL_PARAMETER   /* fatal */
-#define SSL_AD_UNKNOWN_CA              TLS1_AD_UNKNOWN_CA      /* fatal */
-#define SSL_AD_ACCESS_DENIED           TLS1_AD_ACCESS_DENIED   /* fatal */
-#define SSL_AD_DECODE_ERROR            TLS1_AD_DECODE_ERROR    /* fatal */
-#define SSL_AD_DECRYPT_ERROR           TLS1_AD_DECRYPT_ERROR
-#define SSL_AD_PROTOCOL_VERSION                TLS1_AD_PROTOCOL_VERSION /* fatal */
-#define SSL_AD_INSUFFICIENT_SECURITY   TLS1_AD_INSUFFICIENT_SECURITY/* fatal */
-#define SSL_AD_INTERNAL_ERROR          TLS1_AD_INTERNAL_ERROR  /* fatal */
-#define SSL_AD_INAPPROPRIATE_FALLBACK  TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */
-#define SSL_AD_USER_CANCELLED          TLS1_AD_USER_CANCELLED
-#define SSL_AD_NO_RENEGOTIATION                TLS1_AD_NO_RENEGOTIATION
-#define SSL_AD_UNSUPPORTED_EXTENSION   TLS1_AD_UNSUPPORTED_EXTENSION
-#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
-#define SSL_AD_UNRECOGNIZED_NAME       TLS1_AD_UNRECOGNIZED_NAME
-#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
-#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
-#define SSL_AD_UNKNOWN_PSK_IDENTITY    TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */
+#define SSL_AD_CLOSE_NOTIFY                    0
+#define SSL_AD_UNEXPECTED_MESSAGE              10
+#define SSL_AD_BAD_RECORD_MAC                  20
+#define SSL_AD_RECORD_OVERFLOW                 22
+#define SSL_AD_DECOMPRESSION_FAILURE           30      /* Removed in TLSv1.3 */
+#define SSL_AD_HANDSHAKE_FAILURE               40
+#define SSL_AD_BAD_CERTIFICATE                 42
+#define SSL_AD_UNSUPPORTED_CERTIFICATE         43
+#define SSL_AD_CERTIFICATE_REVOKED             44
+#define SSL_AD_CERTIFICATE_EXPIRED             45
+#define SSL_AD_CERTIFICATE_UNKNOWN             46
+#define SSL_AD_ILLEGAL_PARAMETER               47
+#define SSL_AD_UNKNOWN_CA                      48
+#define SSL_AD_ACCESS_DENIED                   49
+#define SSL_AD_DECODE_ERROR                    50
+#define SSL_AD_DECRYPT_ERROR                   51
+#define SSL_AD_PROTOCOL_VERSION                        70
+#define SSL_AD_INSUFFICIENT_SECURITY           71
+#define SSL_AD_INTERNAL_ERROR                  80
+#define SSL_AD_INAPPROPRIATE_FALLBACK          86
+#define SSL_AD_USER_CANCELLED                  90
+#define SSL_AD_NO_RENEGOTIATION                        100     /* Removed in TLSv1.3 */
+#define SSL_AD_UNSUPPORTED_EXTENSION           110
+#define SSL_AD_CERTIFICATE_UNOBTAINABLE                111     /* Removed in TLSv1.3 */
+#define SSL_AD_UNRECOGNIZED_NAME               112
+#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
+#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE      114     /* Removed in TLSv1.3 */
+#define SSL_AD_UNKNOWN_PSK_IDENTITY            115
+#define SSL_AD_CERTIFICATE_REQUIRED            116
+#define SSL_AD_NO_APPLICATION_PROTOCOL         120
+
+/* Offset to get an SSL_R_... value from an SSL_AD_... value. */
+#define SSL_AD_REASON_OFFSET                   1000
 
 #define SSL_ERROR_NONE                 0
 #define SSL_ERROR_SSL                  1

diff --git a/lib/libssl/ssl3.h b/lib/libssl/ssl3.h
index 631f8de..04c12bc 100644 (file)
--- a/lib/libssl/ssl3.h
+++ b/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl3.h,v 1.53 2021/05/10 17:10:57 tb Exp $ */
+/* $OpenBSD: ssl3.h,v 1.54 2021/06/13 15:47:11 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -297,6 +297,7 @@ extern "C" {
 #define SSL3_AL_WARNING                        1
 #define SSL3_AL_FATAL                  2
 
+#ifndef LIBRESSL_INTERNAL
 #define SSL3_AD_CLOSE_NOTIFY            0
 #define SSL3_AD_UNEXPECTED_MESSAGE     10      /* fatal */
 #define SSL3_AD_BAD_RECORD_MAC         20      /* fatal */
@@ -309,6 +310,7 @@ extern "C" {
 #define SSL3_AD_CERTIFICATE_EXPIRED    45
 #define SSL3_AD_CERTIFICATE_UNKNOWN    46
 #define SSL3_AD_ILLEGAL_PARAMETER      47      /* fatal */
+#endif
 
 #define TLS1_HB_REQUEST                1
 #define TLS1_HB_RESPONSE       2

diff --git a/lib/libssl/tls1.h b/lib/libssl/tls1.h
index 628a6b2..771ed96 100644 (file)
--- a/lib/libssl/tls1.h
+++ b/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls1.h,v 1.42 2021/03/10 18:32:38 jsing Exp $ */
+/* $OpenBSD: tls1.h,v 1.43 2021/06/13 15:47:11 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -185,12 +185,7 @@ extern "C" {
                ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0)
 #endif
 
-/*
- * TLS Alert codes.
- *
- * https://www.iana.org/assignments/tls-parameters/#tls-parameters-6
- */
-
+#ifndef LIBRESSL_INTERNAL
 #define TLS1_AD_DECRYPTION_FAILED              21
 #define TLS1_AD_RECORD_OVERFLOW                        22
 #define TLS1_AD_UNKNOWN_CA                     48      /* fatal */
@@ -213,6 +208,7 @@ extern "C" {
 #define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE     114
 /* Code 115 from RFC 4279. */
 #define TLS1_AD_UNKNOWN_PSK_IDENTITY           115     /* fatal */
+#endif
 
 /*
  * TLS ExtensionType values.