Move some structs from public to private headers.

Move struct ssl_cipher_st, struct ssl_method_st, struct ssl_session_st and struct ssl3_state_st from public to private headers. These are already under #ifdef LIBRESSL_INTERNAL and are no longer publicly visible. ok inoguchi@ tb@
author: jsing <> 2021-06-30 18:04:06 +0000
committer: jsing <> 2021-06-30 18:04:06 +0000
commit: f10208a76db206460e96c8cf49a915d09538ab21 (patch)
tree: faa7cc470a3bd4e999d41af306237c63acea368c /src/lib/libssl/ssl.h
parent: 3cdac1818a4ed4bf937ad8d44b26bdf7ab8fd4e4 (diff)
download: openbsd-f10208a76db206460e96c8cf49a915d09538ab21.tar.gz
openbsd-f10208a76db206460e96c8cf49a915d09538ab21.tar.bz2
openbsd-f10208a76db206460e96c8cf49a915d09538ab21.zip
1 files changed, 1 insertions, 108 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 4719a50c7e..4158d62cd8 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.194 2021/06/13 15:51:10 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.195 2021/06/30 18:04:05 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -377,113 +377,6 @@ typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data,
 typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
    STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
-#ifdef LIBRESSL_INTERNAL
-/* used to hold info on the particular ciphers used */
-struct ssl_cipher_st {
-        int valid;
-        const char *name;               /* text name */
-        unsigned long id;               /* id, 4 bytes, first is version */
-        unsigned long algorithm_mkey;   /* key exchange algorithm */
-        unsigned long algorithm_auth;   /* server authentication */
-        unsigned long algorithm_enc;    /* symmetric encryption */
-        unsigned long algorithm_mac;    /* symmetric authentication */
-        unsigned long algorithm_ssl;    /* (major) protocol version */
-        unsigned long algo_strength;    /* strength and export flags */
-        unsigned long algorithm2;       /* Extra flags */
-        int strength_bits;              /* Number of bits really used */
-        int alg_bits;                   /* Number of bits for algorithm */
-};
-/* Used to hold functions for SSLv3/TLSv1 functions */
-struct ssl_method_internal_st;
-struct ssl_method_st {
-        int (*ssl_dispatch_alert)(SSL *s);
-        int (*num_ciphers)(void);
-        const SSL_CIPHER *(*get_cipher)(unsigned int ncipher);
-        const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
-        int (*put_cipher_by_char)(const SSL_CIPHER *cipher, unsigned char *ptr);
-        const struct ssl_method_internal_st *internal;
-};
-/* Lets make this into an ASN.1 type structure as follows
- * SSL_SESSION_ID ::= SEQUENCE {
- *      version                 INTEGER,        -- structure version number
- *      SSLversion              INTEGER,        -- SSL version number
- *      Cipher                  OCTET STRING,   -- the 3 byte cipher ID
- *      Session_ID              OCTET STRING,   -- the Session ID
- *      Master_key              OCTET STRING,   -- the master key
- *      KRB5_principal          OCTET STRING    -- optional Kerberos principal
- *      Time [ 1 ] EXPLICIT     INTEGER,        -- optional Start Time
- *      Timeout [ 2 ] EXPLICIT  INTEGER,        -- optional Timeout ins seconds
- *      Peer [ 3 ] EXPLICIT     X509,           -- optional Peer Certificate
- *      Session_ID_context [ 4 ] EXPLICIT OCTET STRING,   -- the Session ID context
- *      Verify_result [ 5 ] EXPLICIT INTEGER,   -- X509_V_... code for `Peer'
- *      HostName [ 6 ] EXPLICIT OCTET STRING,   -- optional HostName from servername TLS extension
- *      PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
- *      PSK_identity [ 8 ] EXPLICIT OCTET STRING,  -- optional PSK identity
- *      Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket
- *      Ticket [10]             EXPLICIT OCTET STRING, -- session ticket (clients only)
- *      Compression_meth [11]   EXPLICIT OCTET STRING, -- optional compression method
- *      SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
- *      }
- * Look in ssl/ssl_asn1.c for more details
- * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
- */
-struct ssl_session_internal_st;
-struct ssl_session_st {
-        int ssl_version;        /* what ssl version session info is
-                                 * being kept in here? */
-        int master_key_length;
-        unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
-        /* session_id - valid? */
-        unsigned int session_id_length;
-        unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
-        /* this is used to determine whether the session is being reused in
-         * the appropriate context. It is up to the application to set this,
-         * via SSL_new */
-        unsigned int sid_ctx_length;
-        unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-        /* This is the cert for the other end. */
-        X509 *peer;
-        /* when app_verify_callback accepts a session where the peer's certificate
-         * is not ok, we must remember the error for session reuse: */
-        long verify_result; /* only for servers */
-        long timeout;
-        time_t time;
-        int references;
-        const SSL_CIPHER *cipher;
-        unsigned long cipher_id;        /* when ASN.1 loaded, this
-                                         * needs to be used to load
-                                         * the 'cipher' structure */
-        STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
-        char *tlsext_hostname;
-        /* RFC4507 info */
-        unsigned char *tlsext_tick;     /* Session ticket */
-        size_t tlsext_ticklen;          /* Session ticket length */
-        long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
-        struct ssl_session_internal_st *internal;
-};
-#endif
 /* Allow initial connection to servers that don't support RI */
 #define SSL_OP_LEGACY_SERVER_CONNECT                    0x00000004L
author	jsing <>	2021-06-30 18:04:06 +0000
committer	jsing <>	2021-06-30 18:04:06 +0000
commit	f10208a76db206460e96c8cf49a915d09538ab21 (patch)
tree	faa7cc470a3bd4e999d41af306237c63acea368c /src/lib/libssl/ssl.h
parent	3cdac1818a4ed4bf937ad8d44b26bdf7ab8fd4e4 (diff)
download	openbsd-f10208a76db206460e96c8cf49a915d09538ab21.tar.gz openbsd-f10208a76db206460e96c8cf49a915d09538ab21.tar.bz2 openbsd-f10208a76db206460e96c8cf49a915d09538ab21.zip

diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index 4719a50c7e..4158d62cd8 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl.h,v 1.194 2021/06/13 15:51:10 jsing Exp $ */	1	/* $OpenBSD: ssl.h,v 1.195 2021/06/30 18:04:05 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -377,113 +377,6 @@ typedef int (tls_session_ticket_ext_cb_fn)(SSL s, const unsigned char *data,
377	typedef int (tls_session_secret_cb_fn)(SSL s, void secret, int secret_len,	377	typedef int (tls_session_secret_cb_fn)(SSL s, void secret, int secret_len,
378	STACK_OF(SSL_CIPHER) peer_ciphers, SSL_CIPHER cipher, void arg);	378	STACK_OF(SSL_CIPHER) peer_ciphers, SSL_CIPHER cipher, void arg);
379		379
380	#ifdef LIBRESSL_INTERNAL
381
382	/* used to hold info on the particular ciphers used */
383	struct ssl_cipher_st {
384	int valid;
385	const char name; / text name */
386	unsigned long id; /* id, 4 bytes, first is version */
387
388	unsigned long algorithm_mkey; /* key exchange algorithm */
389	unsigned long algorithm_auth; /* server authentication */
390	unsigned long algorithm_enc; /* symmetric encryption */
391	unsigned long algorithm_mac; /* symmetric authentication */
392	unsigned long algorithm_ssl; /* (major) protocol version */
393
394	unsigned long algo_strength; /* strength and export flags */
395	unsigned long algorithm2; /* Extra flags */
396	int strength_bits; /* Number of bits really used */
397	int alg_bits; /* Number of bits for algorithm */
398	};
399
400
401	/* Used to hold functions for SSLv3/TLSv1 functions */
402	struct ssl_method_internal_st;
403
404	struct ssl_method_st {
405	int (ssl_dispatch_alert)(SSL s);
406	int (*num_ciphers)(void);
407	const SSL_CIPHER (get_cipher)(unsigned int ncipher);
408	const SSL_CIPHER (get_cipher_by_char)(const unsigned char *ptr);
409	int (put_cipher_by_char)(const SSL_CIPHER cipher, unsigned char *ptr);
410
411	const struct ssl_method_internal_st *internal;
412	};
413
414	/* Lets make this into an ASN.1 type structure as follows
415	* SSL_SESSION_ID ::= SEQUENCE {
416	* version INTEGER, -- structure version number
417	* SSLversion INTEGER, -- SSL version number
418	* Cipher OCTET STRING, -- the 3 byte cipher ID
419	* Session_ID OCTET STRING, -- the Session ID
420	* Master_key OCTET STRING, -- the master key
421	* KRB5_principal OCTET STRING -- optional Kerberos principal
422	* Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time
423	* Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds
424	* Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate
425	* Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context
426	* Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer'
427	* HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension
428	* PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
429	* PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity
430	* Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket
431	* Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only)
432	* Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method
433	* SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
434	* }
435	* Look in ssl/ssl_asn1.c for more details
436	* I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
437	*/
438	struct ssl_session_internal_st;
439
440	struct ssl_session_st {
441	int ssl_version; /* what ssl version session info is
442	* being kept in here? */
443
444	int master_key_length;
445	unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
446
447	/* session_id - valid? */
448	unsigned int session_id_length;
449	unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
450
451	/* this is used to determine whether the session is being reused in
452	* the appropriate context. It is up to the application to set this,
453	* via SSL_new */
454	unsigned int sid_ctx_length;
455	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
456
457	/* This is the cert for the other end. */
458	X509 *peer;
459
460	/* when app_verify_callback accepts a session where the peer's certificate
461	* is not ok, we must remember the error for session reuse: */
462	long verify_result; /* only for servers */
463
464	long timeout;
465	time_t time;
466	int references;
467
468	const SSL_CIPHER *cipher;
469	unsigned long cipher_id; /* when ASN.1 loaded, this
470	* needs to be used to load
471	* the 'cipher' structure */
472
473	STACK_OF(SSL_CIPHER) ciphers; / shared ciphers? */
474
475	char *tlsext_hostname;
476
477	/* RFC4507 info */
478	unsigned char tlsext_tick; / Session ticket */
479	size_t tlsext_ticklen; /* Session ticket length */
480	long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
481
482	struct ssl_session_internal_st *internal;
483	};
484
485	#endif
486
487	/* Allow initial connection to servers that don't support RI */	380	/* Allow initial connection to servers that don't support RI */
488	#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L	381	#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
489		382