diff options
| author | tb <> | 2021-10-31 16:51:16 +0000 |
|---|---|---|
| committer | tb <> | 2021-10-31 16:51:16 +0000 |
| commit | 125ed695394bdaa6554f2a49599600db43abe881 (patch) | |
| tree | 0a0bb1eb5683c2a6bd66e9b08430197e4e00b64e | |
| parent | 9088131a0bf4a9930c61b7096992aa4e3fec2959 (diff) | |
| download | openbsd-125ed695394bdaa6554f2a49599600db43abe881.tar.gz openbsd-125ed695394bdaa6554f2a49599600db43abe881.tar.bz2 openbsd-125ed695394bdaa6554f2a49599600db43abe881.zip | |
Hide struct internals under LIBRESSL_CRYPTO_INTERNAL so that other
parts of LibreSSL can no longer reach into them.
discussed with beck, jsing
| -rw-r--r-- | src/lib/libcrypto/Makefile | 4 | ||||
| -rw-r--r-- | src/lib/libcrypto/x509/x509.h | 24 | ||||
| -rw-r--r-- | src/lib/libcrypto/x509/x509_vfy.h | 10 |
3 files changed, 19 insertions, 19 deletions
diff --git a/src/lib/libcrypto/Makefile b/src/lib/libcrypto/Makefile index 1caac51601..f626c16e91 100644 --- a/src/lib/libcrypto/Makefile +++ b/src/lib/libcrypto/Makefile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.47 2021/10/23 09:13:51 beck Exp $ | 1 | # $OpenBSD: Makefile,v 1.48 2021/10/31 16:51:16 tb Exp $ |
| 2 | 2 | ||
| 3 | LIB= crypto | 3 | LIB= crypto |
| 4 | LIBREBUILD=y | 4 | LIBREBUILD=y |
| @@ -18,7 +18,7 @@ CFLAGS+= -Wall -Wundef | |||
| 18 | .if ${COMPILER_VERSION:L} == "clang" | 18 | .if ${COMPILER_VERSION:L} == "clang" |
| 19 | CFLAGS+= -Werror | 19 | CFLAGS+= -Werror |
| 20 | .endif | 20 | .endif |
| 21 | CFLAGS+= -DLIBRESSL_INTERNAL | 21 | CFLAGS+= -DLIBRESSL_INTERNAL -DLIBRESSL_CRYPTO_INTERNAL |
| 22 | 22 | ||
| 23 | .if !defined(NOPIC) | 23 | .if !defined(NOPIC) |
| 24 | CFLAGS+= -DDSO_DLFCN -DHAVE_DLFCN_H -DHAVE_FUNOPEN | 24 | CFLAGS+= -DDSO_DLFCN -DHAVE_DLFCN_H -DHAVE_FUNOPEN |
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h index 70e3f756c6..43b2307c8f 100644 --- a/src/lib/libcrypto/x509/x509.h +++ b/src/lib/libcrypto/x509/x509.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509.h,v 1.84 2021/10/31 16:29:58 tb Exp $ */ | 1 | /* $OpenBSD: x509.h,v 1.85 2021/10/31 16:51:16 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -139,7 +139,7 @@ typedef struct X509_val_st { | |||
| 139 | ASN1_TIME *notAfter; | 139 | ASN1_TIME *notAfter; |
| 140 | } X509_VAL; | 140 | } X509_VAL; |
| 141 | 141 | ||
| 142 | #if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) | 142 | #if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) |
| 143 | struct X509_pubkey_st { | 143 | struct X509_pubkey_st { |
| 144 | X509_ALGOR *algor; | 144 | X509_ALGOR *algor; |
| 145 | ASN1_BIT_STRING *public_key; | 145 | ASN1_BIT_STRING *public_key; |
| @@ -164,7 +164,7 @@ typedef struct X509_name_entry_st X509_NAME_ENTRY; | |||
| 164 | 164 | ||
| 165 | DECLARE_STACK_OF(X509_NAME_ENTRY) | 165 | DECLARE_STACK_OF(X509_NAME_ENTRY) |
| 166 | 166 | ||
| 167 | #if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) | 167 | #if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) |
| 168 | /* we always keep X509_NAMEs in 2 forms. */ | 168 | /* we always keep X509_NAMEs in 2 forms. */ |
| 169 | struct X509_name_st { | 169 | struct X509_name_st { |
| 170 | STACK_OF(X509_NAME_ENTRY) *entries; | 170 | STACK_OF(X509_NAME_ENTRY) *entries; |
| @@ -184,7 +184,7 @@ DECLARE_STACK_OF(X509_NAME) | |||
| 184 | 184 | ||
| 185 | #define X509_EX_V_NETSCAPE_HACK 0x8000 | 185 | #define X509_EX_V_NETSCAPE_HACK 0x8000 |
| 186 | #define X509_EX_V_INIT 0x0001 | 186 | #define X509_EX_V_INIT 0x0001 |
| 187 | #if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) | 187 | #if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) |
| 188 | typedef struct X509_extension_st { | 188 | typedef struct X509_extension_st { |
| 189 | ASN1_OBJECT *object; | 189 | ASN1_OBJECT *object; |
| 190 | ASN1_BOOLEAN critical; | 190 | ASN1_BOOLEAN critical; |
| @@ -199,7 +199,7 @@ typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; | |||
| 199 | DECLARE_STACK_OF(X509_EXTENSION) | 199 | DECLARE_STACK_OF(X509_EXTENSION) |
| 200 | 200 | ||
| 201 | /* a sequence of these are used */ | 201 | /* a sequence of these are used */ |
| 202 | #if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) | 202 | #if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) |
| 203 | typedef struct x509_attributes_st { | 203 | typedef struct x509_attributes_st { |
| 204 | ASN1_OBJECT *object; | 204 | ASN1_OBJECT *object; |
| 205 | int single; /* 0 for a set, 1 for a single item (which is wrong) */ | 205 | int single; /* 0 for a set, 1 for a single item (which is wrong) */ |
| @@ -216,7 +216,7 @@ typedef struct x509_attributes_st X509_ATTRIBUTE; | |||
| 216 | DECLARE_STACK_OF(X509_ATTRIBUTE) | 216 | DECLARE_STACK_OF(X509_ATTRIBUTE) |
| 217 | 217 | ||
| 218 | 218 | ||
| 219 | #if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) | 219 | #if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) |
| 220 | typedef struct X509_req_info_st { | 220 | typedef struct X509_req_info_st { |
| 221 | ASN1_ENCODING enc; | 221 | ASN1_ENCODING enc; |
| 222 | ASN1_INTEGER *version; | 222 | ASN1_INTEGER *version; |
| @@ -258,7 +258,7 @@ typedef struct x509_cinf_st X509_CINF; | |||
| 258 | * the end of the certificate itself | 258 | * the end of the certificate itself |
| 259 | */ | 259 | */ |
| 260 | 260 | ||
| 261 | #if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) | 261 | #if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) |
| 262 | typedef struct x509_cert_aux_st { | 262 | typedef struct x509_cert_aux_st { |
| 263 | STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */ | 263 | STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */ |
| 264 | STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */ | 264 | STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */ |
| @@ -272,7 +272,7 @@ typedef struct x509_cert_aux_st X509_CERT_AUX; | |||
| 272 | 272 | ||
| 273 | struct x509_st; | 273 | struct x509_st; |
| 274 | 274 | ||
| 275 | #if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) | 275 | #if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) |
| 276 | struct x509_st { | 276 | struct x509_st { |
| 277 | X509_CINF *cert_info; | 277 | X509_CINF *cert_info; |
| 278 | X509_ALGOR *sig_alg; | 278 | X509_ALGOR *sig_alg; |
| @@ -422,7 +422,7 @@ DECLARE_STACK_OF(X509_TRUST) | |||
| 422 | XN_FLAG_FN_LN | \ | 422 | XN_FLAG_FN_LN | \ |
| 423 | XN_FLAG_FN_ALIGN) | 423 | XN_FLAG_FN_ALIGN) |
| 424 | 424 | ||
| 425 | #if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) | 425 | #if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) |
| 426 | struct x509_revoked_st { | 426 | struct x509_revoked_st { |
| 427 | ASN1_INTEGER *serialNumber; | 427 | ASN1_INTEGER *serialNumber; |
| 428 | ASN1_TIME *revocationDate; | 428 | ASN1_TIME *revocationDate; |
| @@ -437,7 +437,7 @@ struct x509_revoked_st { | |||
| 437 | 437 | ||
| 438 | DECLARE_STACK_OF(X509_REVOKED) | 438 | DECLARE_STACK_OF(X509_REVOKED) |
| 439 | 439 | ||
| 440 | #if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) | 440 | #if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) |
| 441 | typedef struct X509_crl_info_st { | 441 | typedef struct X509_crl_info_st { |
| 442 | ASN1_INTEGER *version; | 442 | ASN1_INTEGER *version; |
| 443 | X509_ALGOR *sig_alg; | 443 | X509_ALGOR *sig_alg; |
| @@ -452,7 +452,7 @@ typedef struct X509_crl_info_st { | |||
| 452 | typedef struct X509_crl_info_st X509_CRL_INFO; | 452 | typedef struct X509_crl_info_st X509_CRL_INFO; |
| 453 | #endif | 453 | #endif |
| 454 | 454 | ||
| 455 | #if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) | 455 | #if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) |
| 456 | struct X509_crl_st { | 456 | struct X509_crl_st { |
| 457 | /* actual signature */ | 457 | /* actual signature */ |
| 458 | X509_CRL_INFO *crl; | 458 | X509_CRL_INFO *crl; |
| @@ -564,7 +564,7 @@ typedef struct PBKDF2PARAM_st { | |||
| 564 | 564 | ||
| 565 | /* PKCS#8 private key info structure */ | 565 | /* PKCS#8 private key info structure */ |
| 566 | 566 | ||
| 567 | #if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) | 567 | #if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) |
| 568 | struct pkcs8_priv_key_info_st { | 568 | struct pkcs8_priv_key_info_st { |
| 569 | ASN1_INTEGER *version; | 569 | ASN1_INTEGER *version; |
| 570 | X509_ALGOR *pkeyalg; | 570 | X509_ALGOR *pkeyalg; |
diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h index d84df8a96e..676145cca7 100644 --- a/src/lib/libcrypto/x509/x509_vfy.h +++ b/src/lib/libcrypto/x509/x509_vfy.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_vfy.h,v 1.43 2021/10/31 16:26:08 tb Exp $ */ | 1 | /* $OpenBSD: x509_vfy.h,v 1.44 2021/10/31 16:51:16 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -100,7 +100,7 @@ typedef enum { | |||
| 100 | X509_LU_CRL, | 100 | X509_LU_CRL, |
| 101 | } X509_LOOKUP_TYPE; | 101 | } X509_LOOKUP_TYPE; |
| 102 | 102 | ||
| 103 | #if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) | 103 | #if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) |
| 104 | typedef struct x509_object_st { | 104 | typedef struct x509_object_st { |
| 105 | /* one of the above types */ | 105 | /* one of the above types */ |
| 106 | int type; | 106 | int type; |
| @@ -120,7 +120,7 @@ typedef struct x509_lookup_st X509_LOOKUP; | |||
| 120 | DECLARE_STACK_OF(X509_LOOKUP) | 120 | DECLARE_STACK_OF(X509_LOOKUP) |
| 121 | DECLARE_STACK_OF(X509_OBJECT) | 121 | DECLARE_STACK_OF(X509_OBJECT) |
| 122 | 122 | ||
| 123 | #if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) | 123 | #if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) |
| 124 | /* This is a static that defines the function interface */ | 124 | /* This is a static that defines the function interface */ |
| 125 | typedef struct x509_lookup_method_st { | 125 | typedef struct x509_lookup_method_st { |
| 126 | const char *name; | 126 | const char *name; |
| @@ -165,7 +165,7 @@ typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM; | |||
| 165 | 165 | ||
| 166 | DECLARE_STACK_OF(X509_VERIFY_PARAM) | 166 | DECLARE_STACK_OF(X509_VERIFY_PARAM) |
| 167 | 167 | ||
| 168 | #if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) | 168 | #if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) |
| 169 | /* | 169 | /* |
| 170 | * This is used to hold everything. It is used for all certificate | 170 | * This is used to hold everything. It is used for all certificate |
| 171 | * validation. Once we have a certificate chain, the 'verify' | 171 | * validation. Once we have a certificate chain, the 'verify' |
| @@ -205,7 +205,7 @@ int X509_STORE_set_depth(X509_STORE *store, int depth); | |||
| 205 | #define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func)) | 205 | #define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func)) |
| 206 | #endif | 206 | #endif |
| 207 | 207 | ||
| 208 | #if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) | 208 | #if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) |
| 209 | /* This is the functions plus an instance of the local variables. */ | 209 | /* This is the functions plus an instance of the local variables. */ |
| 210 | struct x509_lookup_st { | 210 | struct x509_lookup_st { |
| 211 | int init; /* have we been started */ | 211 | int init; /* have we been started */ |