Move various structs from ssl.h/tls1.h to ssl_locl.h.

These were already under LIBRESSL_INTERNAL hence no ABI change. ok tb@
author: jsing <> 2021-10-15 16:48:47 +0000
committer: jsing <> 2021-10-15 16:48:47 +0000
commit: 18d6ce4a991ce71cfcdc91336fb45476fa746ce0 (patch)
tree: ffd913ac88d9aad7a0edaba0f078fc8ebce5c9b0 /src
parent: c4d1ec84a073844d3850f9017c607ce1e58ea7c3 (diff)
download: openbsd-18d6ce4a991ce71cfcdc91336fb45476fa746ce0.tar.gz
openbsd-18d6ce4a991ce71cfcdc91336fb45476fa746ce0.tar.bz2
openbsd-18d6ce4a991ce71cfcdc91336fb45476fa746ce0.zip
3 files changed, 128 insertions, 140 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 2c208b098b..2a55cf0efb 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.209 2021/09/14 23:07:18 inoguchi Exp $ */
+/* $OpenBSD: ssl.h,v 1.210 2021/10/15 16:48:46 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -357,9 +357,6 @@ extern "C" {
 * in SSL_CTX. */
 typedef struct ssl_st *ssl_crock_st;
-#if defined(LIBRESSL_INTERNAL)
-typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
-#endif
 typedef struct ssl_method_st SSL_METHOD;
 typedef struct ssl_cipher_st SSL_CIPHER;
 typedef struct ssl_session_st SSL_SESSION;
@@ -537,57 +534,10 @@ typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
 typedef struct ssl_comp_st SSL_COMP;
 #ifdef LIBRESSL_INTERNAL
-struct ssl_comp_st {
-        int id;
-        const char *name;
-};
 DECLARE_STACK_OF(SSL_COMP)
 struct lhash_st_SSL_SESSION {
        int dummy;
 };
-struct ssl_ctx_internal_st;
-struct ssl_ctx_st {
-        const SSL_METHOD *method;
-        STACK_OF(SSL_CIPHER) *cipher_list;
-        struct x509_store_st /* X509_STORE */ *cert_store;
-        /* If timeout is not 0, it is the default timeout value set
-         * when SSL_new() is called.  This has been put in to make
-         * life easier to set things up */
-        long session_timeout;
-        int references;
-        /* Default values to use in SSL structures follow (these are copied by SSL_new) */
-        STACK_OF(X509) *extra_certs;
-        int verify_mode;
-        unsigned int sid_ctx_length;
-        unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-        X509_VERIFY_PARAM *param;
-        /*
-         * XXX
-         * default_passwd_cb used by python and openvpn, need to keep it until we
-         * add an accessor
-         */
-        /* Default password callback. */
-        pem_password_cb *default_passwd_callback;
-        /* Default password callback user data. */
-        void *default_passwd_callback_userdata;
-        struct ssl_ctx_internal_st *internal;
-};
 #endif
 #define SSL_SESS_CACHE_OFF                      0x0000
@@ -703,85 +653,6 @@ void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb);
 #define SSL_MAC_FLAG_READ_MAC_STREAM 1
 #define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
-#if defined(LIBRESSL_INTERNAL)
-struct ssl_internal_st;
-struct ssl_st {
-        /* protocol version
-         * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
-         */
-        int version;
-        const SSL_METHOD *method; /* SSLv3 */
-        /* There are 2 BIO's even though they are normally both the
-         * same.  This is so data can be read and written to different
-         * handlers */
-        BIO *rbio; /* used by SSL_read */
-        BIO *wbio; /* used by SSL_write */
-        BIO *bbio; /* used during session-id reuse to concatenate
-                    * messages */
-        int server;     /* are we the server side? - mostly used by SSL_clear*/
-        struct ssl3_state_st *s3; /* SSLv3 variables */
-        struct dtls1_state_st *d1; /* DTLSv1 variables */
-        X509_VERIFY_PARAM *param;
-        /* crypto */
-        STACK_OF(SSL_CIPHER) *cipher_list;
-        /* This is used to hold the server certificate used */
-        struct cert_st /* CERT */ *cert;
-        /* the session_id_context is used to ensure sessions are only reused
-         * in the appropriate context */
-        unsigned int sid_ctx_length;
-        unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-        /* This can also be in the session once a session is established */
-        SSL_SESSION *session;
-        /* Used in SSL2 and SSL3 */
-        int verify_mode;        /* 0 don't care about verify failure.
-                                 * 1 fail if verify fails */
-        int error;              /* error bytes to be written */
-        int error_code;         /* actual code */
-        SSL_CTX *ctx;
-        long verify_result;
-        int references;
-        int client_version;     /* what was passed, used for
-                                 * SSLv3/TLS rollback check */
-        unsigned int max_send_fragment;
-        char *tlsext_hostname;
-        /* certificate status request info */
-        /* Status type or -1 if no status type */
-        int tlsext_status_type;
-        SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
-#define session_ctx initial_ctx
-        /*
-         * XXX really should be internal, but is
-         * touched unnaturally by wpa-supplicant
-         * and freeradius and other perversions
-         */
-        EVP_CIPHER_CTX *enc_read_ctx;           /* cryptographic state */
-        EVP_MD_CTX *read_hash;                  /* used for mac generation */
-        struct ssl_internal_st *internal;
-};
-#endif
 #ifdef __cplusplus
 }
 #endif
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 7ff3e0713d..f102c2fc95 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.358 2021/08/30 19:25:43 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.359 2021/10/15 16:48:47 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -361,6 +361,11 @@ __BEGIN_HIDDEN_DECLS
 #define EXPLICIT_CHAR2_CURVE_TYPE  2
 #define NAMED_CURVE_TYPE           3
+struct ssl_comp_st {
+        int id;
+        const char *name;
+};
 struct ssl_cipher_st {
        int valid;
        const char *name;               /* text name */
@@ -611,6 +616,14 @@ typedef struct ssl_handshake_st {
        SSL_HANDSHAKE_TLS13 tls13;
 } SSL_HANDSHAKE;
+typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
+/* TLS Session Ticket extension struct. */
+struct tls_session_ticket_ext_st {
+        unsigned short length;
+        void *data;
+};
 struct tls12_key_block;
 struct tls12_key_block *tls12_key_block_new(void);
@@ -832,6 +845,44 @@ typedef struct ssl_ctx_internal_st {
        uint16_t *tlsext_supportedgroups; /* our list */
 } SSL_CTX_INTERNAL;
+struct ssl_ctx_st {
+        const SSL_METHOD *method;
+        STACK_OF(SSL_CIPHER) *cipher_list;
+        struct x509_store_st /* X509_STORE */ *cert_store;
+        /* If timeout is not 0, it is the default timeout value set
+         * when SSL_new() is called.  This has been put in to make
+         * life easier to set things up */
+        long session_timeout;
+        int references;
+        /* Default values to use in SSL structures follow (these are copied by SSL_new) */
+        STACK_OF(X509) *extra_certs;
+        int verify_mode;
+        unsigned int sid_ctx_length;
+        unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+        X509_VERIFY_PARAM *param;
+        /*
+         * XXX
+         * default_passwd_cb used by python and openvpn, need to keep it until we
+         * add an accessor
+         */
+        /* Default password callback. */
+        pem_password_cb *default_passwd_callback;
+        /* Default password callback user data. */
+        void *default_passwd_callback_userdata;
+        struct ssl_ctx_internal_st *internal;
+};
 typedef struct ssl_internal_st {
        struct tls13_ctx *tls13;
@@ -973,6 +1024,80 @@ typedef struct ssl_internal_st {
        int empty_record_count;
 } SSL_INTERNAL;
+struct ssl_st {
+        /* protocol version
+         * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
+         */
+        int version;
+        const SSL_METHOD *method; /* SSLv3 */
+        /* There are 2 BIO's even though they are normally both the
+         * same.  This is so data can be read and written to different
+         * handlers */
+        BIO *rbio; /* used by SSL_read */
+        BIO *wbio; /* used by SSL_write */
+        BIO *bbio; /* used during session-id reuse to concatenate
+                    * messages */
+        int server;     /* are we the server side? - mostly used by SSL_clear*/
+        struct ssl3_state_st *s3; /* SSLv3 variables */
+        struct dtls1_state_st *d1; /* DTLSv1 variables */
+        X509_VERIFY_PARAM *param;
+        /* crypto */
+        STACK_OF(SSL_CIPHER) *cipher_list;
+        /* This is used to hold the server certificate used */
+        struct cert_st /* CERT */ *cert;
+        /* the session_id_context is used to ensure sessions are only reused
+         * in the appropriate context */
+        unsigned int sid_ctx_length;
+        unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+        /* This can also be in the session once a session is established */
+        SSL_SESSION *session;
+        /* Used in SSL2 and SSL3 */
+        int verify_mode;        /* 0 don't care about verify failure.
+                                 * 1 fail if verify fails */
+        int error;              /* error bytes to be written */
+        int error_code;         /* actual code */
+        SSL_CTX *ctx;
+        long verify_result;
+        int references;
+        int client_version;     /* what was passed, used for
+                                 * SSLv3/TLS rollback check */
+        unsigned int max_send_fragment;
+        char *tlsext_hostname;
+        /* certificate status request info */
+        /* Status type or -1 if no status type */
+        int tlsext_status_type;
+        SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
+#define session_ctx initial_ctx
+        /*
+         * XXX really should be internal, but is
+         * touched unnaturally by wpa-supplicant
+         * and freeradius and other perversions
+         */
+        EVP_CIPHER_CTX *enc_read_ctx;           /* cryptographic state */
+        EVP_MD_CTX *read_hash;                  /* used for mac generation */
+        struct ssl_internal_st *internal;
+};
 typedef struct ssl3_record_internal_st {
        int type;               /* type of record */
        unsigned int length;    /* How many bytes available */
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index cb06a53969..90523dd0f9 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls1.h,v 1.49 2021/09/10 14:57:31 tb Exp $ */
+/* $OpenBSD: tls1.h,v 1.50 2021/10/15 16:48:47 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -761,14 +761,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS_MD_MASTER_SECRET_CONST              "master secret"
 #define TLS_MD_MASTER_SECRET_CONST_SIZE         13
-#if defined(LIBRESSL_INTERNAL)
-/* TLS Session Ticket extension struct. */
-struct tls_session_ticket_ext_st {
-        unsigned short length;
-        void *data;
-};
-#endif
 #ifdef  __cplusplus
 }
 #endif
author	jsing <>	2021-10-15 16:48:47 +0000
committer	jsing <>	2021-10-15 16:48:47 +0000
commit	18d6ce4a991ce71cfcdc91336fb45476fa746ce0 (patch)
tree	ffd913ac88d9aad7a0edaba0f078fc8ebce5c9b0 /src
parent	c4d1ec84a073844d3850f9017c607ce1e58ea7c3 (diff)
download	openbsd-18d6ce4a991ce71cfcdc91336fb45476fa746ce0.tar.gz openbsd-18d6ce4a991ce71cfcdc91336fb45476fa746ce0.tar.bz2 openbsd-18d6ce4a991ce71cfcdc91336fb45476fa746ce0.zip