Use internal versions of SSL3_BUFFER, SSL3_RECORD and DTLS1_RECORD_DATA.

SSL3_BUFFER, SSL3_RECORD and DTLS1_RECORD_DATA are currently still in
public headers, even though their usage is internal. This moves to
using _INTERNAL suffixed versions that are in internal headers, which
then allows us to change them without any potential public API fallout.

ok inoguchi@ tb@

9 files changed, 83 insertions, 53 deletions

diff --git a/src/lib/libssl/d1_enc.c b/src/lib/libssl/d1_enc.c
index 20686d2963..3927fbfe0d 100644
--- a/src/lib/libssl/d1_enc.c
+++ b/src/lib/libssl/d1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_enc.c,v 1.14 2017/01/23 08:08:06 beck Exp $ */
+/* $OpenBSD: d1_enc.c,v 1.15 2020/03/12 17:01:53 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -132,7 +132,7 @@
 int
 dtls1_enc(SSL *s, int send)
 {
-        SSL3_RECORD *rec;
+        SSL3_RECORD_INTERNAL *rec;
         EVP_CIPHER_CTX *ds;
         unsigned long l;
         int bs, i, j, k, mac_size = 0;
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c
index 6171035d23..b7ba6b1092 100644
--- a/src/lib/libssl/d1_lib.c
+++ b/src/lib/libssl/d1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_lib.c,v 1.44 2020/03/10 17:02:21 jsing Exp $ */
+/* $OpenBSD: d1_lib.c,v 1.45 2020/03/12 17:01:53 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -136,17 +136,17 @@ dtls1_clear_queues(SSL *s)
 {
         pitem *item = NULL;
         hm_fragment *frag = NULL;
-        DTLS1_RECORD_DATA *rdata;
+        DTLS1_RECORD_DATA_INTERNAL *rdata;
 
         while ((item = pqueue_pop(D1I(s)->unprocessed_rcds.q)) != NULL) {
-                rdata = (DTLS1_RECORD_DATA *) item->data;
+                rdata = (DTLS1_RECORD_DATA_INTERNAL *) item->data;
                 free(rdata->rbuf.buf);
                 free(item->data);
                 pitem_free(item);
         }
 
         while ((item = pqueue_pop(D1I(s)->processed_rcds.q)) != NULL) {
-                rdata = (DTLS1_RECORD_DATA *) item->data;
+                rdata = (DTLS1_RECORD_DATA_INTERNAL *) item->data;
                 free(rdata->rbuf.buf);
                 free(item->data);
                 pitem_free(item);
@@ -167,7 +167,7 @@ dtls1_clear_queues(SSL *s)
         }
 
         while ((item = pqueue_pop(D1I(s)->buffered_app_data.q)) != NULL) {
-                rdata = (DTLS1_RECORD_DATA *) item->data;
+                rdata = (DTLS1_RECORD_DATA_INTERNAL *) item->data;
                 free(rdata->rbuf.buf);
                 free(item->data);
                 pitem_free(item);
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index 101017449c..31415b7c3a 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.70 2020/03/10 17:02:21 jsing Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.71 2020/03/12 17:01:53 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -186,7 +186,7 @@ static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
     int len, int peek);
 static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap);
 static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
-static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
+static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD_INTERNAL *rr,
     unsigned int *is_next_epoch);
 static int dtls1_buffer_record(SSL *s, record_pqueue *q,
     unsigned char *priority);
@@ -196,16 +196,16 @@ static int dtls1_process_record(SSL *s);
 static int
 dtls1_copy_record(SSL *s, pitem *item)
 {
-        DTLS1_RECORD_DATA *rdata;
+        DTLS1_RECORD_DATA_INTERNAL *rdata;
 
-        rdata = (DTLS1_RECORD_DATA *)item->data;
+        rdata = (DTLS1_RECORD_DATA_INTERNAL *)item->data;
 
         free(S3I(s)->rbuf.buf);
 
         s->internal->packet = rdata->packet;
         s->internal->packet_length = rdata->packet_length;
-        memcpy(&(S3I(s)->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
-        memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
+        memcpy(&(S3I(s)->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER_INTERNAL));
+        memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD_INTERNAL));
 
         /* Set proper sequence number for mac calculation */
         memcpy(&(S3I(s)->read_sequence[2]), &(rdata->packet[5]), 6);
@@ -217,30 +217,29 @@ dtls1_copy_record(SSL *s, pitem *item)
 static int
 dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
 {
-        DTLS1_RECORD_DATA *rdata;
+        DTLS1_RECORD_DATA_INTERNAL *rdata;
         pitem *item;
 
         /* Limit the size of the queue to prevent DOS attacks */
         if (pqueue_size(queue->q) >= 100)
                 return 0;
 
-        rdata = malloc(sizeof(DTLS1_RECORD_DATA));
+        rdata = malloc(sizeof(DTLS1_RECORD_DATA_INTERNAL));
         item = pitem_new(priority, rdata);
         if (rdata == NULL || item == NULL)
                 goto init_err;
 
         rdata->packet = s->internal->packet;
         rdata->packet_length = s->internal->packet_length;
-        memcpy(&(rdata->rbuf), &(S3I(s)->rbuf), sizeof(SSL3_BUFFER));
-        memcpy(&(rdata->rrec), &(S3I(s)->rrec), sizeof(SSL3_RECORD));
+        memcpy(&(rdata->rbuf), &(S3I(s)->rbuf), sizeof(SSL3_BUFFER_INTERNAL));
+        memcpy(&(rdata->rrec), &(S3I(s)->rrec), sizeof(SSL3_RECORD_INTERNAL));
 
         item->data = rdata;
 
-
         s->internal->packet = NULL;
         s->internal->packet_length = 0;
-        memset(&(S3I(s)->rbuf), 0, sizeof(SSL3_BUFFER));
-        memset(&(S3I(s)->rrec), 0, sizeof(SSL3_RECORD));
+        memset(&(S3I(s)->rbuf), 0, sizeof(SSL3_BUFFER_INTERNAL));
+        memset(&(S3I(s)->rrec), 0, sizeof(SSL3_RECORD_INTERNAL));
 
         if (!ssl3_setup_buffers(s))
                 goto err;
@@ -329,7 +328,7 @@ dtls1_process_record(SSL *s)
         int i, al;
         int enc_err;
         SSL_SESSION *sess;
-        SSL3_RECORD *rr;
+        SSL3_RECORD_INTERNAL *rr;
         unsigned int mac_size, orig_len;
         unsigned char md[EVP_MAX_MD_SIZE];
 
@@ -467,7 +466,7 @@ err:
 int
 dtls1_get_record(SSL *s)
 {
-        SSL3_RECORD *rr;
+        SSL3_RECORD_INTERNAL *rr;
         unsigned char *p = NULL;
         DTLS1_BITMAP *bitmap;
         unsigned int is_next_epoch;
@@ -638,7 +637,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
 {
         int al, i, j, ret;
         unsigned int n;
-        SSL3_RECORD *rr;
+        SSL3_RECORD_INTERNAL *rr;
         void (*cb)(const SSL *ssl, int type2, int val) = NULL;
 
         if (S3I(s)->rbuf.buf == NULL) /* Not initialized yet */
@@ -1178,15 +1177,15 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
 {
         unsigned char *p;
         int i, mac_size, clear = 0;
-        SSL3_RECORD *wr;
-        SSL3_BUFFER *wb;
+        SSL3_RECORD_INTERNAL *wr;
+        SSL3_BUFFER_INTERNAL *wb;
         SSL_SESSION *sess;
         int bs;
         CBB cbb;
 
         memset(&cbb, 0, sizeof(cbb));
 
-        /* first check if there is a SSL3_BUFFER still being written
+        /* first check if there is a SSL3_BUFFER_INTERNAL still being written
          * out.  This will happen with non blocking IO */
         if (S3I(s)->wbuf.left != 0) {
                 OPENSSL_assert(0); /* XDTLS:  want to see if we ever get here */
@@ -1408,7 +1407,7 @@ dtls1_dispatch_alert(SSL *s)
 
 
 static DTLS1_BITMAP *
-dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch)
+dtls1_get_bitmap(SSL *s, SSL3_RECORD_INTERNAL *rr, unsigned int *is_next_epoch)
 {
 
         *is_next_epoch = 0;
diff --git a/src/lib/libssl/dtls1.h b/src/lib/libssl/dtls1.h
index cc672a5934..1ed7c2dc30 100644
--- a/src/lib/libssl/dtls1.h
+++ b/src/lib/libssl/dtls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: dtls1.h,v 1.22 2018/08/24 19:35:05 jsing Exp $ */
+/* $OpenBSD: dtls1.h,v 1.23 2020/03/12 17:01:53 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -161,6 +161,8 @@ typedef struct dtls1_state_st {
         struct dtls1_state_internal_st *internal;
 } DTLS1_STATE;
 
+#ifndef LIBRESSL_INTERNAL
+
 typedef struct dtls1_record_data_st {
         unsigned char *packet;
         unsigned int   packet_length;
@@ -170,6 +172,8 @@ typedef struct dtls1_record_data_st {
 
 #endif
 
+#endif
+
 /* Timeout multipliers (timeout slice is defined in apps/timeouts.h */
 #define DTLS1_TMO_READ_COUNT                      2
 #define DTLS1_TMO_WRITE_COUNT                     2
diff --git a/src/lib/libssl/s3_cbc.c b/src/lib/libssl/s3_cbc.c
index 4b66e1f17a..371c68cfcc 100644
--- a/src/lib/libssl/s3_cbc.c
+++ b/src/lib/libssl/s3_cbc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_cbc.c,v 1.18 2020/02/21 16:07:00 jsing Exp $ */
+/* $OpenBSD: s3_cbc.c,v 1.19 2020/03/12 17:01:53 jsing Exp $ */
 /* ====================================================================
  * Copyright (c) 2012 The OpenSSL Project.  All rights reserved.
  *
@@ -113,8 +113,8 @@ constant_time_eq_8(unsigned a, unsigned b)
  *   1: if the padding was valid
  *  -1: otherwise. */
 int
-tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size,
-    unsigned mac_size)
+tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD_INTERNAL *rec,
+    unsigned block_size, unsigned mac_size)
 {
         unsigned padding_length, good, to_check, i;
         const unsigned overhead = 1 /* padding length byte */ + mac_size;
@@ -194,7 +194,7 @@ tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size,
 #define CBC_MAC_ROTATE_IN_PLACE
 
 void
-ssl3_cbc_copy_mac(unsigned char* out, const SSL3_RECORD *rec,
+ssl3_cbc_copy_mac(unsigned char* out, const SSL3_RECORD_INTERNAL *rec,
     unsigned md_size, unsigned orig_len)
 {
 #if defined(CBC_MAC_ROTATE_IN_PLACE)
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
index cadf7fd387..30dc4c5d7d 100644
--- a/src/lib/libssl/ssl3.h
+++ b/src/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl3.h,v 1.49 2018/11/08 22:28:52 jsing Exp $ */
+/* $OpenBSD: ssl3.h,v 1.50 2020/03/12 17:01:53 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -314,6 +314,7 @@ extern "C" {
 #define TLS1_HB_RESPONSE        2
 
 #ifndef OPENSSL_NO_SSL_INTERN
+#ifndef LIBRESSL_INTERNAL
 
 typedef struct ssl3_record_st {
 /*r */  int type;               /* type of record */
@@ -334,6 +335,7 @@ typedef struct ssl3_buffer_st {
 } SSL3_BUFFER;
 
 #endif
+#endif
 
 #define SSL3_CT_RSA_SIGN                        1
 #define SSL3_CT_DSS_SIGN                        2
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 77c1a51798..a696ef99b1 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.267 2020/03/10 17:02:21 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.268 2020/03/12 17:01:53 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -776,6 +776,24 @@ typedef struct ssl_internal_st {
         int empty_record_count;
 } SSL_INTERNAL;
 
+typedef struct ssl3_record_internal_st {
+        int type;               /* type of record */
+        unsigned int length;    /* How many bytes available */
+        unsigned int off;       /* read/write offset into 'buf' */
+        unsigned char *data;    /* pointer to the record data */
+        unsigned char *input;   /* where the decode bytes are */
+        unsigned long epoch;    /* epoch number, needed by DTLS1 */
+        unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */
+} SSL3_RECORD_INTERNAL;
+
+typedef struct ssl3_buffer_internal_st {
+        unsigned char *buf;     /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
+                                 * see ssl3_setup_buffers() */
+        size_t len;             /* buffer size */
+        int offset;             /* where to 'copy from' */
+        int left;               /* how many bytes left */
+} SSL3_BUFFER_INTERNAL;
+
 typedef struct ssl3_state_internal_st {
         unsigned char read_sequence[SSL3_SEQUENCE_SIZE];
         int read_mac_secret_size;
@@ -784,8 +802,8 @@ typedef struct ssl3_state_internal_st {
         int write_mac_secret_size;
         unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
 
-        SSL3_BUFFER rbuf;       /* read IO goes into here */
-        SSL3_BUFFER wbuf;       /* write IO goes into here */
+        SSL3_BUFFER_INTERNAL rbuf;      /* read IO goes into here */
+        SSL3_BUFFER_INTERNAL wbuf;      /* write IO goes into here */
 
         /* we allow one fatal and one warning alert to be outstanding,
          * send close alert via the warning alert */
@@ -796,8 +814,8 @@ typedef struct ssl3_state_internal_st {
         int need_empty_fragments;
         int empty_fragment_done;
 
-        SSL3_RECORD rrec;       /* each decoded record goes in here */
-        SSL3_RECORD wrec;       /* goes out from here */
+        SSL3_RECORD_INTERNAL rrec;      /* each decoded record goes in here */
+        SSL3_RECORD_INTERNAL wrec;      /* goes out from here */
 
         /* storage for Alert/Handshake protocol data received but not
          * yet processed by ssl3_read_bytes: */
@@ -897,6 +915,13 @@ typedef struct ssl3_state_internal_st {
 } SSL3_STATE_INTERNAL;
 #define S3I(s) (s->s3->internal)
 
+typedef struct dtls1_record_data_internal_st {
+        unsigned char *packet;
+        unsigned int packet_length;
+        SSL3_BUFFER_INTERNAL rbuf;
+        SSL3_RECORD_INTERNAL rrec;
+} DTLS1_RECORD_DATA_INTERNAL;
+
 typedef struct dtls1_state_internal_st {
         unsigned int send_cookie;
         unsigned char cookie[DTLS1_COOKIE_LENGTH];
@@ -1346,9 +1371,9 @@ long ssl_get_algorithm2(SSL *s);
 int tls1_check_ec_server_key(SSL *s);
 
 /* s3_cbc.c */
-void ssl3_cbc_copy_mac(unsigned char *out, const SSL3_RECORD *rec,
+void ssl3_cbc_copy_mac(unsigned char *out, const SSL3_RECORD_INTERNAL *rec,
     unsigned md_size, unsigned orig_len);
-int tls1_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec,
+int tls1_cbc_remove_padding(const SSL *s, SSL3_RECORD_INTERNAL *rec,
     unsigned block_size, unsigned mac_size);
 char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
 int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char *md_out,
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index 8126c42d1d..4302794d94 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_pkt.c,v 1.21 2020/03/10 17:02:21 jsing Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.22 2020/03/12 17:01:53 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -152,7 +152,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
         int i, len, left;
         size_t align;
         unsigned char *pkt;
-        SSL3_BUFFER *rb;
+        SSL3_BUFFER_INTERNAL *rb;
 
         if (n <= 0)
                 return n;
@@ -329,7 +329,7 @@ ssl3_get_record(SSL *s)
 {
         int al;
         int enc_err, n, i, ret = -1;
-        SSL3_RECORD *rr;
+        SSL3_RECORD_INTERNAL *rr;
         SSL_SESSION *sess;
         unsigned char md[EVP_MAX_MD_SIZE];
         unsigned mac_size, orig_len;
@@ -360,7 +360,7 @@ ssl3_get_record(SSL *s)
 
                 CBS_init(&header, s->internal->packet, SSL3_RT_HEADER_LENGTH);
 
-                /* Pull apart the header into the SSL3_RECORD */
+                /* Pull apart the header into the SSL3_RECORD_INTERNAL */
                 if (!CBS_get_u8(&header, &type) ||
                     !CBS_get_u16(&header, &ssl_version) ||
                     !CBS_get_u16(&header, &len)) {
@@ -621,7 +621,7 @@ static int
 ssl3_create_record(SSL *s, unsigned char *p, int type, const unsigned char *buf,
     unsigned int len)
 {
-        SSL3_RECORD *wr = &(S3I(s)->wrec);
+        SSL3_RECORD_INTERNAL *wr = &(S3I(s)->wrec);
         SSL_SESSION *sess = s->session;
         int eivlen, mac_size;
         uint16_t version;
@@ -729,8 +729,8 @@ ssl3_create_record(SSL *s, unsigned char *p, int type, const unsigned char *buf,
 static int
 do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
 {
-        SSL3_RECORD *wr = &(S3I(s)->wrec);
-        SSL3_BUFFER *wb = &(S3I(s)->wbuf);
+        SSL3_RECORD_INTERNAL *wr = &(S3I(s)->wrec);
+        SSL3_BUFFER_INTERNAL *wb = &(S3I(s)->wbuf);
         SSL_SESSION *sess = s->session;
         unsigned char *p;
         int i, clear = 0;
@@ -741,7 +741,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
                 if (!ssl3_setup_write_buffer(s))
                         return -1;
 
-        /* first check if there is a SSL3_BUFFER still being written
+        /* first check if there is a SSL3_BUFFER_INTERNAL still being written
          * out.  This will happen with non blocking IO */
         if (wb->left != 0)
                 return (ssl3_write_pending(s, type, buf, len));
@@ -830,7 +830,7 @@ int
 ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
 {
         int i;
-        SSL3_BUFFER *wb = &(S3I(s)->wbuf);
+        SSL3_BUFFER_INTERNAL *wb = &(S3I(s)->wbuf);
 
         /* XXXX */
         if ((S3I(s)->wpend_tot > (int)len) || ((S3I(s)->wpend_buf != buf) &&
@@ -906,7 +906,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
         void (*cb)(const SSL *ssl, int type2, int val) = NULL;
         int al, i, j, ret, rrcount = 0;
         unsigned int n;
-        SSL3_RECORD *rr;
+        SSL3_RECORD_INTERNAL *rr;
 
         if (S3I(s)->rbuf.buf == NULL) /* Not initialized yet */
                 if (!ssl3_setup_read_buffer(s))
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 1eaa087383..b399f2bd3c 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.118 2019/05/13 22:48:30 bcook Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.119 2020/03/12 17:01:53 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -668,7 +668,7 @@ tls1_enc(SSL *s, int send)
         const SSL_AEAD_CTX *aead;
         const EVP_CIPHER *enc;
         EVP_CIPHER_CTX *ds;
-        SSL3_RECORD *rec;
+        SSL3_RECORD_INTERNAL *rec;
         unsigned char *seq;
         unsigned long l;
         int bs, i, j, k, ret, mac_size = 0;
@@ -931,7 +931,7 @@ tls1_final_finish_mac(SSL *s, const char *str, int str_len, unsigned char *out)
 int
 tls1_mac(SSL *ssl, unsigned char *md, int send)
 {
-        SSL3_RECORD *rec;
+        SSL3_RECORD_INTERNAL *rec;
         unsigned char *seq;
         EVP_MD_CTX *hash;
         size_t md_size, orig_len;