Get rid of SSL_CTX_INTERNAL and SSL_INTERNAL.

These are no longer necessary due to SSL_CTX and SSL now being fully
opaque. Merge SSL_CTX_INTERNAL back into SSL_CTX and SSL_INTERNAL back
into SSL.

Prompted by tb@

1 files changed, 86 insertions, 94 deletions

diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index a8d5308e8c..8046ad8c86 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.426 2022/10/01 16:23:15 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.427 2022/10/02 16:36:41 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -713,7 +713,42 @@ typedef void (ssl_info_callback_fn)(const SSL *s, int type, int val);
 typedef void (ssl_msg_callback_fn)(int is_write, int version, int content_type,
     const void *buf, size_t len, SSL *ssl, void *arg);
 
-typedef struct ssl_ctx_internal_st {
+struct ssl_ctx_st {
+        const SSL_METHOD *method;
+        const SSL_QUIC_METHOD *quic_method;
+
+        STACK_OF(SSL_CIPHER) *cipher_list;
+
+        struct x509_store_st /* X509_STORE */ *cert_store;
+
+        /* If timeout is not 0, it is the default timeout value set
+         * when SSL_new() is called.  This has been put in to make
+         * life easier to set things up */
+        long session_timeout;
+
+        int references;
+
+        /* Default values to use in SSL structures follow (these are copied by SSL_new) */
+
+        STACK_OF(X509) *extra_certs;
+
+        int verify_mode;
+        size_t sid_ctx_length;
+        unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+
+        X509_VERIFY_PARAM *param;
+
+        /*
+         * XXX
+         * default_passwd_cb used by python and openvpn, need to keep it until we
+         * add an accessor
+         */
+        /* Default password callback. */
+        pem_password_cb *default_passwd_callback;
+
+        /* Default password callback user data. */
+        void *default_passwd_callback_userdata;
+
         uint16_t min_tls_version;
         uint16_t max_tls_version;
 
@@ -879,48 +914,72 @@ typedef struct ssl_ctx_internal_st {
         uint16_t *tlsext_supportedgroups; /* our list */
         SSL_CTX_keylog_cb_func keylog_callback; /* Unused. For OpenSSL compatibility. */
         size_t num_tickets; /* Unused, for OpenSSL compatibility */
-} SSL_CTX_INTERNAL;
+};
+
+struct ssl_st {
+        /* protocol version
+         * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
+         */
+        int version;
 
-struct ssl_ctx_st {
         const SSL_METHOD *method;
         const SSL_QUIC_METHOD *quic_method;
 
-        STACK_OF(SSL_CIPHER) *cipher_list;
+        /* There are 2 BIO's even though they are normally both the
+         * same.  This is so data can be read and written to different
+         * handlers */
 
-        struct x509_store_st /* X509_STORE */ *cert_store;
+        BIO *rbio; /* used by SSL_read */
+        BIO *wbio; /* used by SSL_write */
+        BIO *bbio; /* used during session-id reuse to concatenate
+                    * messages */
+        int server;     /* are we the server side? - mostly used by SSL_clear*/
 
-        /* If timeout is not 0, it is the default timeout value set
-         * when SSL_new() is called.  This has been put in to make
-         * life easier to set things up */
-        long session_timeout;
+        struct ssl3_state_st *s3; /* SSLv3 variables */
+        struct dtls1_state_st *d1; /* DTLSv1 variables */
 
-        int references;
+        X509_VERIFY_PARAM *param;
 
-        /* Default values to use in SSL structures follow (these are copied by SSL_new) */
+        /* crypto */
+        STACK_OF(SSL_CIPHER) *cipher_list;
 
-        STACK_OF(X509) *extra_certs;
+        /* This is used to hold the server certificate used */
+        SSL_CERT *cert;
 
-        int verify_mode;
+        /* the session_id_context is used to ensure sessions are only reused
+         * in the appropriate context */
         size_t sid_ctx_length;
         unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
 
-        X509_VERIFY_PARAM *param;
+        /* This can also be in the session once a session is established */
+        SSL_SESSION *session;
 
-        /*
-         * XXX
-         * default_passwd_cb used by python and openvpn, need to keep it until we
-         * add an accessor
-         */
-        /* Default password callback. */
-        pem_password_cb *default_passwd_callback;
+        /* Used in SSL2 and SSL3 */
+        int verify_mode;        /* 0 don't care about verify failure.
+                                 * 1 fail if verify fails */
+        int error;              /* error bytes to be written */
+        int error_code;         /* actual code */
 
-        /* Default password callback user data. */
-        void *default_passwd_callback_userdata;
+        SSL_CTX *ctx;
 
-        struct ssl_ctx_internal_st *internal;
-};
+        long verify_result;
+
+        int references;
+
+        int client_version;     /* what was passed, used for
+                                 * SSLv3/TLS rollback check */
+
+        unsigned int max_send_fragment;
+
+        char *tlsext_hostname;
+
+        /* certificate status request info */
+        /* Status type or -1 if no status type */
+        int tlsext_status_type;
+
+        SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
+#define session_ctx initial_ctx
 
-typedef struct ssl_internal_st {
         struct tls13_ctx *tls13;
 
         uint16_t min_tls_version;
@@ -1066,73 +1125,6 @@ typedef struct ssl_internal_st {
 
         size_t num_tickets; /* Unused, for OpenSSL compatibility */
         STACK_OF(X509) *verified_chain;
-} SSL_INTERNAL;
-
-struct ssl_st {
-        /* protocol version
-         * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
-         */
-        int version;
-
-        const SSL_METHOD *method;
-        const SSL_QUIC_METHOD *quic_method;
-
-        /* There are 2 BIO's even though they are normally both the
-         * same.  This is so data can be read and written to different
-         * handlers */
-
-        BIO *rbio; /* used by SSL_read */
-        BIO *wbio; /* used by SSL_write */
-        BIO *bbio; /* used during session-id reuse to concatenate
-                    * messages */
-        int server;     /* are we the server side? - mostly used by SSL_clear*/
-
-        struct ssl3_state_st *s3; /* SSLv3 variables */
-        struct dtls1_state_st *d1; /* DTLSv1 variables */
-
-        X509_VERIFY_PARAM *param;
-
-        /* crypto */
-        STACK_OF(SSL_CIPHER) *cipher_list;
-
-        /* This is used to hold the server certificate used */
-        SSL_CERT *cert;
-
-        /* the session_id_context is used to ensure sessions are only reused
-         * in the appropriate context */
-        size_t sid_ctx_length;
-        unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-
-        /* This can also be in the session once a session is established */
-        SSL_SESSION *session;
-
-        /* Used in SSL2 and SSL3 */
-        int verify_mode;        /* 0 don't care about verify failure.
-                                 * 1 fail if verify fails */
-        int error;              /* error bytes to be written */
-        int error_code;         /* actual code */
-
-        SSL_CTX *ctx;
-
-        long verify_result;
-
-        int references;
-
-        int client_version;     /* what was passed, used for
-                                 * SSLv3/TLS rollback check */
-
-        unsigned int max_send_fragment;
-
-        char *tlsext_hostname;
-
-        /* certificate status request info */
-        /* Status type or -1 if no status type */
-        int tlsext_status_type;
-
-        SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
-#define session_ctx initial_ctx
-
-        struct ssl_internal_st *internal;
 };
 
 typedef struct ssl3_record_internal_st {