Convert publically visible structs to translucent structs.

This change adds an internal opaque struct for each of the significant
publically visible structs. The opaque struct is then allocated and
attached to the publically visible struct when the appropriate *_new()
function is called, then cleared and freed as necessary.

This will allow for changes to be made to the internals of libssl, without
requiring a major bump each time the publically visible structs are
modified.

ok beck@

8 files changed, 111 insertions, 29 deletions

diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c
index 56c79f30aa..3bc1b42583 100644
--- a/src/lib/libssl/d1_lib.c
+++ b/src/lib/libssl/d1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_lib.c,v 1.34 2016/11/04 18:33:11 guenther Exp $ */
+/* $OpenBSD: d1_lib.c,v 1.35 2017/01/22 03:50:45 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -105,7 +105,12 @@ dtls1_new(SSL *s)
 
         if (!ssl3_new(s))
                 return (0);
-        if ((d1 = calloc(1, sizeof *d1)) == NULL) {
+        if ((d1 = calloc(1, sizeof(*d1))) == NULL) {
+                ssl3_free(s);
+                return (0);
+        }
+        if ((d1->internal = calloc(1, sizeof(*d1->internal))) == NULL) {
+                free(d1);
                 ssl3_free(s);
                 return (0);
         }
@@ -199,14 +204,19 @@ dtls1_free(SSL *s)
         pqueue_free(s->d1->sent_messages);
         pqueue_free(s->d1->buffered_app_data.q);
 
-        explicit_bzero(s->d1, sizeof *s->d1);
+        explicit_bzero(s->d1->internal, sizeof(*s->d1->internal));
+        free(s->d1->internal);
+
+        explicit_bzero(s->d1, sizeof(*s->d1));
         free(s->d1);
+
         s->d1 = NULL;
 }
 
 void
 dtls1_clear(SSL *s)
 {
+        struct dtls1_state_internal_st *internal;
         pqueue unprocessed_rcds;
         pqueue processed_rcds;
         pqueue buffered_messages;
@@ -224,7 +234,10 @@ dtls1_clear(SSL *s)
 
                 dtls1_clear_queues(s);
 
-                memset(s->d1, 0, sizeof(*(s->d1)));
+                memset(s->d1->internal, 0, sizeof(*s->d1->internal));
+                internal = s->d1->internal;
+                memset(s->d1, 0, sizeof(*s->d1));
+                s->d1->internal = internal;
 
                 if (s->server) {
                         s->d1->cookie_len = sizeof(s->d1->cookie);
diff --git a/src/lib/libssl/dtls1.h b/src/lib/libssl/dtls1.h
index 8ec0bb8421..812b90592d 100644
--- a/src/lib/libssl/dtls1.h
+++ b/src/lib/libssl/dtls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: dtls1.h,v 1.19 2016/12/30 15:10:57 jsing Exp $ */
+/* $OpenBSD: dtls1.h,v 1.20 2017/01/22 03:50:45 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -150,6 +150,8 @@ typedef struct hm_fragment_st {
         unsigned char *reassembly;
 } hm_fragment;
 
+struct dtls1_state_internal_st;
+
 typedef struct dtls1_state_st {
         unsigned int send_cookie;
         unsigned char cookie[DTLS1_COOKIE_LENGTH];
@@ -222,7 +224,7 @@ typedef struct dtls1_state_st {
         unsigned int retransmitting;
         unsigned int change_cipher_spec_ok;
 
-
+        struct dtls1_state_internal_st *internal;
 } DTLS1_STATE;
 
 typedef struct dtls1_record_data_st {
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 0dda987d4c..6f5ee4fa50 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.117 2017/01/22 00:09:13 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.118 2017/01/22 03:50:45 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1811,6 +1811,10 @@ ssl3_new(SSL *s)
 {
         if ((s->s3 = calloc(1, sizeof(*s->s3))) == NULL)
                 return (0);
+        if ((s->s3->internal = calloc(1, sizeof(*s->s3->internal))) == NULL) {
+                free(s->s3);
+                return (0);
+        }
 
         s->method->ssl_clear(s);
 
@@ -1840,14 +1844,19 @@ ssl3_free(SSL *s)
         tls1_free_digest_list(s);
         free(s->s3->alpn_selected);
 
-        explicit_bzero(s->s3, sizeof *s->s3);
+        explicit_bzero(s->s3->internal, sizeof(*s->s3->internal));
+        free(s->s3->internal);
+
+        explicit_bzero(s->s3, sizeof(*s->s3));
         free(s->s3);
+
         s->s3 = NULL;
 }
 
 void
 ssl3_clear(SSL *s)
 {
+        struct ssl3_state_internal_st *internal;
         unsigned char   *rp, *wp;
         size_t           rlen, wlen;
 
@@ -1878,7 +1887,10 @@ ssl3_clear(SSL *s)
         free(s->s3->alpn_selected);
         s->s3->alpn_selected = NULL;
 
-        memset(s->s3, 0, sizeof *s->s3);
+        memset(s->s3->internal, 0, sizeof(*s->s3->internal));
+        internal = s->s3->internal;
+        memset(s->s3, 0, sizeof(*s->s3));
+        s->s3->internal = internal;
 
         s->s3->rbuf.buf = rp;
         s->s3->wbuf.buf = wp;
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 37844bdeaa..e8ad9fb470 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.102 2016/12/30 17:20:51 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.103 2017/01/22 03:50:45 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -353,6 +353,7 @@ extern "C" {
  * 'struct ssl_st *' function parameters used to prototype callbacks
  * in SSL_CTX. */
 typedef struct ssl_st *ssl_crock_st;
+
 typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
 typedef struct ssl_method_st SSL_METHOD;
 typedef struct ssl_cipher_st SSL_CIPHER;
@@ -455,6 +456,8 @@ struct ssl_method_st {
  * Look in ssl/ssl_asn1.c for more details
  * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
  */
+struct ssl_session_internal_st;
+
 struct ssl_session_st {
         int ssl_version;        /* what ssl version session info is
                                  * being kept in here? */
@@ -513,6 +516,8 @@ struct ssl_session_st {
         unsigned char *tlsext_tick;     /* Session ticket */
         size_t tlsext_ticklen;          /* Session ticket length */
         long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
+
+        struct ssl_session_internal_st *internal;
 };
 
 #endif
@@ -687,6 +692,8 @@ struct lhash_st_SSL_SESSION {
         int dummy;
 };
 
+struct ssl_ctx_internal_st;
+
 struct ssl_ctx_st {
         const SSL_METHOD *method;
 
@@ -885,6 +892,8 @@ struct ssl_ctx_st {
 
         /* SRTP profiles we are willing to do from RFC 5764 */
         STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
+
+        struct ssl_ctx_internal_st *internal;
 };
 
 #endif
@@ -997,6 +1006,7 @@ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
 #define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
 
 #ifndef OPENSSL_NO_SSL_INTERN
+struct ssl_internal_st;
 
 struct ssl_st {
         /* protocol version
@@ -1192,6 +1202,7 @@ struct ssl_st {
         void *tls_session_secret_cb_arg;
 
         SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
+#define session_ctx initial_ctx
 
         /* Next protocol negotiation. For the client, this is the protocol that
          * we sent in NextProtocol and is set when handling ServerHello
@@ -1203,8 +1214,6 @@ struct ssl_st {
         unsigned char *next_proto_negotiated;
         unsigned char next_proto_negotiated_len;
 
-#define session_ctx initial_ctx
-
         STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;       /* What we'll do */
         SRTP_PROTECTION_PROFILE *srtp_profile;                  /* What's been chosen */
 
@@ -1224,6 +1233,7 @@ struct ssl_st {
                          * 2 if we are a server and are inside a handshake
                          * (i.e. not just sending a HelloRequest) */
 
+        struct ssl_internal_st *internal;
 };
 
 #endif
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
index c52c0a780e..6344176105 100644
--- a/src/lib/libssl/ssl3.h
+++ b/src/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl3.h,v 1.43 2016/12/30 15:10:57 jsing Exp $ */
+/* $OpenBSD: ssl3.h,v 1.44 2017/01/22 03:50:45 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -359,6 +359,8 @@ typedef struct ssl3_buffer_st {
 
 #ifndef OPENSSL_NO_SSL_INTERN
 
+struct ssl3_state_internal_st;
+
 typedef struct ssl3_state_st {
         long flags;
         int delay_buf_pop_ret;
@@ -489,6 +491,8 @@ typedef struct ssl3_state_st {
          */
         unsigned char *alpn_selected;
         unsigned int alpn_selected_len;
+
+        struct ssl3_state_internal_st *internal;
 } SSL3_STATE;
 
 #endif
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 7eb192eb2c..d9e5166cdd 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.125 2017/01/21 04:16:49 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.126 2017/01/22 03:50:45 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -274,10 +274,15 @@ SSL_new(SSL_CTX *ctx)
                 return (NULL);
         }
 
-        s = calloc(1, sizeof(SSL));
-        if (s == NULL)
-                goto err;
-
+        if ((s = calloc(1, sizeof(*s))) == NULL) {
+                SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
+                return (NULL);
+        }
+        if ((s->internal = calloc(1, sizeof(*s->internal))) == NULL) {
+                free(s);
+                SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
+                return (NULL);
+        }
 
         s->options = ctx->options;
         s->mode = ctx->mode;
@@ -361,7 +366,7 @@ SSL_new(SSL_CTX *ctx)
 
         return (s);
 
-err:
+ err:
         SSL_free(s);
         SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
         return (NULL);
@@ -549,7 +554,6 @@ SSL_free(SSL *s)
 
         SSL_CTX_free(s->ctx);
 
-
         free(s->next_proto_negotiated);
         free(s->alpn_client_proto_list);
 
@@ -558,6 +562,7 @@ SSL_free(SSL *s)
                 sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
 #endif
 
+        free(s->internal);
         free(s);
 }
 
@@ -1792,21 +1797,28 @@ ssl_session_LHASH_COMP(const void *arg1, const void *arg2)
 SSL_CTX *
 SSL_CTX_new(const SSL_METHOD *meth)
 {
-        SSL_CTX *ret = NULL;
+        SSL_CTX *ret;
 
         if (meth == NULL) {
                 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED);
                 return (NULL);
         }
 
+        if ((ret = calloc(1, sizeof(*ret))) == NULL) {
+                SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
+                return (NULL);
+        }
+        if ((ret->internal = calloc(1, sizeof(*ret->internal))) == NULL) {
+                free(ret);
+                SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
+                return (NULL);
+        }
+
         if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
                 SSLerr(SSL_F_SSL_CTX_NEW,
                     SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
                 goto err;
         }
-        ret = calloc(1, sizeof(SSL_CTX));
-        if (ret == NULL)
-                goto err;
 
         ret->method = meth;
 
@@ -1993,6 +2005,7 @@ SSL_CTX_free(SSL_CTX *a)
 
         free(a->alpn_client_proto_list);
 
+        free(a->internal);
         free(a);
 }
 
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 5748875092..50f527aad5 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.145 2017/01/21 04:18:18 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.146 2017/01/22 03:50:45 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -372,6 +372,26 @@ __BEGIN_HIDDEN_DECLS
 #define EXPLICIT_CHAR2_CURVE_TYPE  2
 #define NAMED_CURVE_TYPE           3
 
+typedef struct ssl_session_internal_st {
+
+} SSL_SESSION_INTERNAL;
+
+typedef struct ssl_ctx_internal_st {
+
+} SSL_CTX_INTERNAL;
+
+typedef struct ssl_internal_st {
+
+} SSL_INTERNAL;
+
+typedef struct ssl3_state_internal_st {
+
+} SSL3_STATE_INTERNAL;
+
+typedef struct dtls1_state_internal_st {
+
+} DTLS1_STATE_INTERNAL;
+
 typedef struct cert_pkey_st {
         X509 *x509;
         EVP_PKEY *privatekey;
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index f6e2642aeb..0970633a86 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.53 2016/11/02 11:21:05 jsing Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.54 2017/01/22 03:50:45 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -199,10 +199,14 @@ SSL_SESSION_new(void)
 {
         SSL_SESSION *ss;
 
-        ss = calloc(1, sizeof(SSL_SESSION));
-        if (ss == NULL) {
+        if ((ss = calloc(1, sizeof(*ss))) == NULL) {
                 SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE);
-                return (0);
+                return (NULL);
+        }
+        if ((ss->internal = calloc(1, sizeof(*ss->internal))) == NULL) {
+                free(ss);
+                SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE);
+                return (NULL);
         }
 
         ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
@@ -706,6 +710,10 @@ SSL_SESSION_free(SSL_SESSION *ss)
         free(ss->tlsext_ecpointformatlist);
         ss->tlsext_ellipticcurvelist_length = 0;
         free(ss->tlsext_ellipticcurvelist);
+
+        explicit_bzero(ss->internal, sizeof(*ss->internal));
+        free(ss->internal);
+
         explicit_bzero(ss, sizeof(*ss));
         free(ss);
 }