Make structs in evp.h and hmac.h opaque

This moves most structs to evp_locl.h and moves HMAC_CTX to hmac_local.h. ok inoguchi jsing
author: tb <> 2022-01-14 08:04:14 +0000
committer: tb <> 2022-01-14 08:04:14 +0000
commit: 2937a039a92eb7f2f17179de8df55799204e6141 (patch)
tree: e6c9c95b7894bbe0a42a0f0d771270850f565812 /src
parent: 086a3376c584abf6d0f6e827e4dc60484eb236d2 (diff)
download: openbsd-2937a039a92eb7f2f17179de8df55799204e6141.tar.gz
openbsd-2937a039a92eb7f2f17179de8df55799204e6141.tar.bz2
openbsd-2937a039a92eb7f2f17179de8df55799204e6141.zip
4 files changed, 142 insertions, 146 deletions
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index 012b06befc..acf0650f9a 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp.h,v 1.97 2022/01/14 07:49:49 tb Exp $ */
+/* $OpenBSD: evp.h,v 1.98 2022/01/14 08:04:14 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -119,72 +119,12 @@
 extern "C" {
 #endif
-/* Move to evp_locl.h */
-/* Type needs to be a bit field
- * Sub-type needs to be for variations on the method, as in, can it do
- * arbitrary encryption.... */
-struct evp_pkey_st {
-        int type;
-        int save_type;
-        int references;
-        const EVP_PKEY_ASN1_METHOD *ameth;
-        ENGINE *engine;
-        union   {
-                char *ptr;
-#ifndef OPENSSL_NO_RSA
-                struct rsa_st *rsa;     /* RSA */
-#endif
-#ifndef OPENSSL_NO_DSA
-                struct dsa_st *dsa;     /* DSA */
-#endif
-#ifndef OPENSSL_NO_DH
-                struct dh_st *dh;       /* DH */
-#endif
-#ifndef OPENSSL_NO_EC
-                struct ec_key_st *ec;   /* ECC */
-#endif
-#ifndef OPENSSL_NO_GOST
-                struct gost_key_st *gost; /* GOST */
-#endif
-        } pkey;
-        int save_parameters;
-        STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
-} /* EVP_PKEY */;
 #define EVP_PKEY_MO_SIGN        0x0001
 #define EVP_PKEY_MO_VERIFY      0x0002
 #define EVP_PKEY_MO_ENCRYPT     0x0004
 #define EVP_PKEY_MO_DECRYPT     0x0008
-typedef int evp_sign_method(int type, const unsigned char *m,
-    unsigned int m_length, unsigned char *sigret, unsigned int *siglen,
-    void *key);
-typedef int evp_verify_method(int type, const unsigned char *m,
-    unsigned int m_length, const unsigned char *sigbuf, unsigned int siglen,
-    void *key);
 #ifndef EVP_MD
-/* Move to evp_locl.h */
-struct env_md_st {
-        int type;
-        int pkey_type;
-        int md_size;
-        unsigned long flags;
-        int (*init)(EVP_MD_CTX *ctx);
-        int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count);
-        int (*final)(EVP_MD_CTX *ctx, unsigned char *md);
-        int (*copy)(EVP_MD_CTX *to, const EVP_MD_CTX *from);
-        int (*cleanup)(EVP_MD_CTX *ctx);
-        evp_sign_method *sign;
-        evp_verify_method *verify;
-        int required_pkey_type[5]; /*EVP_PKEY_xxx */
-        int block_size;
-        int ctx_size; /* how big does the ctx->md_data need to be */
-        /* control function */
-        int (*md_ctrl)(EVP_MD_CTX *ctx, int cmd, int p1, void *p2);
-} /* EVP_MD */;
 #define EVP_MD_FLAG_ONESHOT     0x0001 /* digest can only handle a single
                                        * block */
@@ -260,18 +200,6 @@ struct env_md_st {
 #endif /* !EVP_MD */
-/* Move to evp_locl.h. */
-struct env_md_ctx_st {
-        const EVP_MD *digest;
-        ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */
-        unsigned long flags;
-        void *md_data;
-        /* Public key context for sign/verify */
-        EVP_PKEY_CTX *pctx;
-        /* Update function: usually copied from EVP_MD */
-        int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count);
-} /* EVP_MD_CTX */;
 /* values for EVP_MD_CTX flags */
 #define EVP_MD_CTX_FLAG_ONESHOT         0x0001 /* digest update will be called
@@ -298,25 +226,6 @@ struct env_md_ctx_st {
 #define EVP_MD_CTX_FLAG_NO_INIT         0x0100 /* Don't initialize md_data */
-/* Move to evp_locl.h */
-struct evp_cipher_st {
-        int nid;
-        int block_size;
-        int key_len;            /* Default value for variable length ciphers */
-        int iv_len;
-        unsigned long flags;    /* Various flags */
-        int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-            const unsigned char *iv, int enc);  /* init key */
-        int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out,
-            const unsigned char *in, size_t inl);/* encrypt/decrypt data */
-        int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */
-        int ctx_size;           /* how big ctx->cipher_data needs to be */
-        int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */
-        int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */
-        int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Miscellaneous operations */
-        void *app_data;         /* Application data */
-} /* EVP_CIPHER */;
 /* Values for cipher flags */
 /* Modes for ciphers */
@@ -417,41 +326,6 @@ typedef struct evp_cipher_info_st {
        unsigned char iv[EVP_MAX_IV_LENGTH];
 } EVP_CIPHER_INFO;
-/* Move to evp_locl.h */
-struct evp_cipher_ctx_st {
-        const EVP_CIPHER *cipher;
-        ENGINE *engine; /* functional reference if 'cipher' is ENGINE-provided */
-        int encrypt;            /* encrypt or decrypt */
-        int buf_len;            /* number we have left */
-        unsigned char  oiv[EVP_MAX_IV_LENGTH];  /* original iv */
-        unsigned char  iv[EVP_MAX_IV_LENGTH];   /* working iv */
-        unsigned char buf[EVP_MAX_BLOCK_LENGTH];/* saved partial block */
-        int num;                                /* used by cfb/ofb/ctr mode */
-        void *app_data;         /* application stuff */
-        int key_len;            /* May change for variable length cipher */
-        unsigned long flags;    /* Various flags */
-        void *cipher_data; /* per EVP data */
-        int final_used;
-        int block_mask;
-        unsigned char final[EVP_MAX_BLOCK_LENGTH];/* possible final block */
-} /* EVP_CIPHER_CTX */;
-/* Move to evp_locl.h */
-struct evp_Encode_Ctx_st {
-        int num;        /* number saved in a partial encode/decode */
-        int length;     /* The length is either the output line length
-                         * (in input bytes) or the shortest input line
-                         * length that is ok.  Once decoding begins,
-                         * the length is adjusted up each time a longer
-                         * line is decoded */
-        unsigned char enc_data[80];     /* data to encode */
-        int line_num;   /* number read on current line */
-        int expect_nl;
-} /* EVP_ENCODE_CTX */;
 /* Password based encryption function */
 typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
    ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de);
@@ -1317,7 +1191,6 @@ void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth,
 * message has a unique, per-message nonce and, optionally, additional data
 * which is authenticated but not included in the output. */
-struct evp_aead_st;
 typedef struct evp_aead_st EVP_AEAD;
 #ifndef OPENSSL_NO_AES
@@ -1351,11 +1224,7 @@ size_t EVP_AEAD_max_tag_len(const EVP_AEAD *aead);
 /* An EVP_AEAD_CTX represents an AEAD algorithm configured with a specific key
 * and message-independent IV. */
-typedef struct evp_aead_ctx_st {
+typedef struct evp_aead_ctx_st EVP_AEAD_CTX;
-        const EVP_AEAD *aead;
-        /* aead_state is an opaque pointer to the AEAD specific state. */
-        void *aead_state;
-} EVP_AEAD_CTX;
 /* EVP_AEAD_MAX_TAG_LENGTH is the maximum tag length used by any AEAD
 * defined in this header. */
diff --git a/src/lib/libcrypto/evp/evp_locl.h b/src/lib/libcrypto/evp/evp_locl.h
index 44e2d5cadb..f0b47a497c 100644
--- a/src/lib/libcrypto/evp/evp_locl.h
+++ b/src/lib/libcrypto/evp/evp_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_locl.h,v 1.20 2022/01/10 12:10:26 tb Exp $ */
+/* $OpenBSD: evp_locl.h,v 1.21 2022/01/14 08:04:14 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
@@ -67,6 +67,126 @@ __BEGIN_HIDDEN_DECLS
 */
 #define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX   0x0400
+typedef int evp_sign_method(int type, const unsigned char *m,
+    unsigned int m_length, unsigned char *sigret, unsigned int *siglen,
+    void *key);
+typedef int evp_verify_method(int type, const unsigned char *m,
+    unsigned int m_length, const unsigned char *sigbuf, unsigned int siglen,
+    void *key);
+/* Type needs to be a bit field
+ * Sub-type needs to be for variations on the method, as in, can it do
+ * arbitrary encryption.... */
+struct evp_pkey_st {
+        int type;
+        int save_type;
+        int references;
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        ENGINE *engine;
+        union   {
+                char *ptr;
+#ifndef OPENSSL_NO_RSA
+                struct rsa_st *rsa;     /* RSA */
+#endif
+#ifndef OPENSSL_NO_DSA
+                struct dsa_st *dsa;     /* DSA */
+#endif
+#ifndef OPENSSL_NO_DH
+                struct dh_st *dh;       /* DH */
+#endif
+#ifndef OPENSSL_NO_EC
+                struct ec_key_st *ec;   /* ECC */
+#endif
+#ifndef OPENSSL_NO_GOST
+                struct gost_key_st *gost; /* GOST */
+#endif
+        } pkey;
+        int save_parameters;
+        STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
+} /* EVP_PKEY */;
+struct env_md_st {
+        int type;
+        int pkey_type;
+        int md_size;
+        unsigned long flags;
+        int (*init)(EVP_MD_CTX *ctx);
+        int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count);
+        int (*final)(EVP_MD_CTX *ctx, unsigned char *md);
+        int (*copy)(EVP_MD_CTX *to, const EVP_MD_CTX *from);
+        int (*cleanup)(EVP_MD_CTX *ctx);
+        evp_sign_method *sign;
+        evp_verify_method *verify;
+        int required_pkey_type[5]; /*EVP_PKEY_xxx */
+        int block_size;
+        int ctx_size; /* how big does the ctx->md_data need to be */
+        /* control function */
+        int (*md_ctrl)(EVP_MD_CTX *ctx, int cmd, int p1, void *p2);
+} /* EVP_MD */;
+struct env_md_ctx_st {
+        const EVP_MD *digest;
+        ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */
+        unsigned long flags;
+        void *md_data;
+        /* Public key context for sign/verify */
+        EVP_PKEY_CTX *pctx;
+        /* Update function: usually copied from EVP_MD */
+        int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count);
+} /* EVP_MD_CTX */;
+struct evp_cipher_st {
+        int nid;
+        int block_size;
+        int key_len;            /* Default value for variable length ciphers */
+        int iv_len;
+        unsigned long flags;    /* Various flags */
+        int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+            const unsigned char *iv, int enc);  /* init key */
+        int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out,
+            const unsigned char *in, size_t inl);/* encrypt/decrypt data */
+        int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */
+        int ctx_size;           /* how big ctx->cipher_data needs to be */
+        int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */
+        int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */
+        int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Miscellaneous operations */
+        void *app_data;         /* Application data */
+} /* EVP_CIPHER */;
+struct evp_cipher_ctx_st {
+        const EVP_CIPHER *cipher;
+        ENGINE *engine; /* functional reference if 'cipher' is ENGINE-provided */
+        int encrypt;            /* encrypt or decrypt */
+        int buf_len;            /* number we have left */
+        unsigned char  oiv[EVP_MAX_IV_LENGTH];  /* original iv */
+        unsigned char  iv[EVP_MAX_IV_LENGTH];   /* working iv */
+        unsigned char buf[EVP_MAX_BLOCK_LENGTH];/* saved partial block */
+        int num;                                /* used by cfb/ofb/ctr mode */
+        void *app_data;         /* application stuff */
+        int key_len;            /* May change for variable length cipher */
+        unsigned long flags;    /* Various flags */
+        void *cipher_data; /* per EVP data */
+        int final_used;
+        int block_mask;
+        unsigned char final[EVP_MAX_BLOCK_LENGTH];/* possible final block */
+} /* EVP_CIPHER_CTX */;
+struct evp_Encode_Ctx_st {
+        int num;        /* number saved in a partial encode/decode */
+        int length;     /* The length is either the output line length
+                         * (in input bytes) or the shortest input line
+                         * length that is ok.  Once decoding begins,
+                         * the length is adjusted up each time a longer
+                         * line is decoded */
+        unsigned char enc_data[80];     /* data to encode */
+        int line_num;   /* number read on current line */
+        int expect_nl;
+} /* EVP_ENCODE_CTX */;
 /* Macros to code block cipher wrappers */
 /* Wrapper functions for each cipher mode */
@@ -380,6 +500,14 @@ struct evp_aead_st {
            const unsigned char *ad, size_t ad_len);
 };
+/* An EVP_AEAD_CTX represents an AEAD algorithm configured with a specific key
+ * and message-independent IV. */
+struct evp_aead_ctx_st {
+        const EVP_AEAD *aead;
+        /* aead_state is an opaque pointer to the AEAD specific state. */
+        void *aead_state;
+};
 int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md_name);
 __END_HIDDEN_DECLS
diff --git a/src/lib/libcrypto/hmac/hmac.h b/src/lib/libcrypto/hmac/hmac.h
index 2f91f55f9b..0fe894e7b1 100644
--- a/src/lib/libcrypto/hmac/hmac.h
+++ b/src/lib/libcrypto/hmac/hmac.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: hmac.h,v 1.14 2021/12/12 21:35:47 tb Exp $ */
+/* $OpenBSD: hmac.h,v 1.15 2022/01/14 08:04:14 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -72,16 +72,6 @@
 extern "C" {
 #endif
-/* Move to hmac_local.h */
-struct hmac_ctx_st {
-        const EVP_MD *md;
-        EVP_MD_CTX md_ctx;
-        EVP_MD_CTX i_ctx;
-        EVP_MD_CTX o_ctx;
-        unsigned int key_length;
-        unsigned char key[HMAC_MAX_MD_CBLOCK];
-} /* HMAC_CTX */;
 #define HMAC_size(e)    (EVP_MD_size(HMAC_CTX_get_md((e))))
 HMAC_CTX *HMAC_CTX_new(void);
diff --git a/src/lib/libcrypto/hmac/hmac_local.h b/src/lib/libcrypto/hmac/hmac_local.h
index 46f1a013cb..8358d9fa8b 100644
--- a/src/lib/libcrypto/hmac/hmac_local.h
+++ b/src/lib/libcrypto/hmac/hmac_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: hmac_local.h,v 1.1 2021/12/12 21:27:38 tb Exp $ */
+/* $OpenBSD: hmac_local.h,v 1.2 2022/01/14 08:04:14 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -66,6 +66,15 @@
 __BEGIN_HIDDEN_DECLS
+struct hmac_ctx_st {
+        const EVP_MD *md;
+        EVP_MD_CTX md_ctx;
+        EVP_MD_CTX i_ctx;
+        EVP_MD_CTX o_ctx;
+        unsigned int key_length;
+        unsigned char key[HMAC_MAX_MD_CBLOCK];
+} /* HMAC_CTX */;
 __END_HIDDEN_DECLS
 #endif /* !HEADER_HMAC_LOCAL_H */
author	tb <>	2022-01-14 08:04:14 +0000
committer	tb <>	2022-01-14 08:04:14 +0000
commit	2937a039a92eb7f2f17179de8df55799204e6141 (patch)
tree	e6c9c95b7894bbe0a42a0f0d771270850f565812 /src
parent	086a3376c584abf6d0f6e827e4dc60484eb236d2 (diff)
download	openbsd-2937a039a92eb7f2f17179de8df55799204e6141.tar.gz openbsd-2937a039a92eb7f2f17179de8df55799204e6141.tar.bz2 openbsd-2937a039a92eb7f2f17179de8df55799204e6141.zip