From 170946b3b91778b9ddabc70350391384aed3835a Mon Sep 17 00:00:00 2001 From: tb Date: Sat, 2 Mar 2024 11:46:55 +0000 Subject: [PATCH] Make {SSL3,TLS}_CT_* internal And here goes a bunch of unused macros that just had to be in two headers so they could get out of sync. Three of these constants are used in a single function... ok jsing --- lib/libssl/s3_lib.c | 8 ++++++-- lib/libssl/ssl3.h | 15 +-------------- lib/libssl/tls1.h | 13 +------------ 3 files changed, 8 insertions(+), 28 deletions(-) diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index 9836d20bd03..6ebe2605dae 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.250 2024/03/02 11:44:47 tb Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.251 2024/03/02 11:46:55 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2594,6 +2594,10 @@ ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, return (ret); } +#define SSL3_CT_RSA_SIGN 1 +#define SSL3_CT_RSA_FIXED_DH 3 +#define SSL3_CT_ECDSA_SIGN 64 + int ssl3_get_req_cert_types(SSL *s, CBB *cbb) { @@ -2613,7 +2617,7 @@ ssl3_get_req_cert_types(SSL *s, CBB *cbb) * ECDSA certs can be used with RSA cipher suites as well * so we don't need to check for SSL_kECDH or SSL_kECDHE. */ - if (!CBB_add_u8(cbb, TLS_CT_ECDSA_SIGN)) + if (!CBB_add_u8(cbb, SSL3_CT_ECDSA_SIGN)) return 0; return 1; diff --git a/lib/libssl/ssl3.h b/lib/libssl/ssl3.h index 603d9ccb4f1..55fbf72242f 100644 --- a/lib/libssl/ssl3.h +++ b/lib/libssl/ssl3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl3.h,v 1.58 2024/02/03 15:58:33 beck Exp $ */ +/* $OpenBSD: ssl3.h,v 1.59 2024/03/02 11:46:55 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -314,19 +314,6 @@ extern "C" { #define TLS1_HB_REQUEST 1 #define TLS1_HB_RESPONSE 2 -#define SSL3_CT_RSA_SIGN 1 -#define SSL3_CT_DSS_SIGN 2 -#define SSL3_CT_RSA_FIXED_DH 3 -#define SSL3_CT_DSS_FIXED_DH 4 -#define SSL3_CT_RSA_EPHEMERAL_DH 5 -#define SSL3_CT_DSS_EPHEMERAL_DH 6 -#define SSL3_CT_FORTEZZA_DMS 20 -/* SSL3_CT_NUMBER is used to size arrays and it must be large - * enough to contain all of the cert types defined either for - * SSLv3 and TLSv1. - */ -#define SSL3_CT_NUMBER 7 - #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 #define TLS1_FLAGS_FREEZE_TRANSCRIPT 0x0020 diff --git a/lib/libssl/tls1.h b/lib/libssl/tls1.h index 05514b8f4d2..21666291fff 100644 --- a/lib/libssl/tls1.h +++ b/lib/libssl/tls1.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls1.h,v 1.58 2024/03/02 11:44:47 tb Exp $ */ +/* $OpenBSD: tls1.h,v 1.59 2024/03/02 11:46:55 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -740,17 +740,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) #define TLS1_3_RFC_AES_128_CCM_8_SHA256 "TLS_AES_128_CCM_8_SHA256" #endif -#define TLS_CT_RSA_SIGN 1 -#define TLS_CT_DSS_SIGN 2 -#define TLS_CT_RSA_FIXED_DH 3 -#define TLS_CT_DSS_FIXED_DH 4 -#define TLS_CT_ECDSA_SIGN 64 -#define TLS_CT_RSA_FIXED_ECDH 65 -#define TLS_CT_ECDSA_FIXED_ECDH 66 -/* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see - * comment there) */ -#define TLS_CT_NUMBER 7 - #define TLS1_FINISH_MAC_LENGTH 12 #define TLS_MD_MAX_CONST_SIZE 20 -- 2.20.1