Convert publically visible structs to translucent structs.

This change adds an internal opaque struct for each of the significant
publically visible structs. The opaque struct is then allocated and
attached to the publically visible struct when the appropriate *_new()
function is called, then cleared and freed as necessary.

This will allow for changes to be made to the internals of libssl, without
requiring a major bump each time the publically visible structs are
modified.

ok beck@

1 files changed, 12 insertions, 4 deletions

diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index f6e2642aeb..0970633a86 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.53 2016/11/02 11:21:05 jsing Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.54 2017/01/22 03:50:45 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -199,10 +199,14 @@ SSL_SESSION_new(void)
 {
         SSL_SESSION *ss;
 
-        ss = calloc(1, sizeof(SSL_SESSION));
-        if (ss == NULL) {
+        if ((ss = calloc(1, sizeof(*ss))) == NULL) {
                 SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE);
-                return (0);
+                return (NULL);
+        }
+        if ((ss->internal = calloc(1, sizeof(*ss->internal))) == NULL) {
+                free(ss);
+                SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE);
+                return (NULL);
         }
 
         ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
@@ -706,6 +710,10 @@ SSL_SESSION_free(SSL_SESSION *ss)
         free(ss->tlsext_ecpointformatlist);
         ss->tlsext_ellipticcurvelist_length = 0;
         free(ss->tlsext_ellipticcurvelist);
+
+        explicit_bzero(ss->internal, sizeof(*ss->internal));
+        free(ss->internal);
+
         explicit_bzero(ss, sizeof(*ss));
         free(ss);
 }