1 files changed, 1 insertions, 130 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 2c208b098b..2a55cf0efb 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.209 2021/09/14 23:07:18 inoguchi Exp $ */
+/* $OpenBSD: ssl.h,v 1.210 2021/10/15 16:48:46 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -357,9 +357,6 @@ extern "C" {
 * in SSL_CTX. */
 typedef struct ssl_st *ssl_crock_st;
-#if defined(LIBRESSL_INTERNAL)
-typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
-#endif
 typedef struct ssl_method_st SSL_METHOD;
 typedef struct ssl_cipher_st SSL_CIPHER;
 typedef struct ssl_session_st SSL_SESSION;
@@ -537,57 +534,10 @@ typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
 typedef struct ssl_comp_st SSL_COMP;
 #ifdef LIBRESSL_INTERNAL
-struct ssl_comp_st {
-        int id;
-        const char *name;
-};
 DECLARE_STACK_OF(SSL_COMP)
 struct lhash_st_SSL_SESSION {
        int dummy;
 };
-struct ssl_ctx_internal_st;
-struct ssl_ctx_st {
-        const SSL_METHOD *method;
-        STACK_OF(SSL_CIPHER) *cipher_list;
-        struct x509_store_st /* X509_STORE */ *cert_store;
-        /* If timeout is not 0, it is the default timeout value set
-         * when SSL_new() is called.  This has been put in to make
-         * life easier to set things up */
-        long session_timeout;
-        int references;
-        /* Default values to use in SSL structures follow (these are copied by SSL_new) */
-        STACK_OF(X509) *extra_certs;
-        int verify_mode;
-        unsigned int sid_ctx_length;
-        unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-        X509_VERIFY_PARAM *param;
-        /*
-         * XXX
-         * default_passwd_cb used by python and openvpn, need to keep it until we
-         * add an accessor
-         */
-        /* Default password callback. */
-        pem_password_cb *default_passwd_callback;
-        /* Default password callback user data. */
-        void *default_passwd_callback_userdata;
-        struct ssl_ctx_internal_st *internal;
-};
 #endif
 #define SSL_SESS_CACHE_OFF                      0x0000
@@ -703,85 +653,6 @@ void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb);
 #define SSL_MAC_FLAG_READ_MAC_STREAM 1
 #define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
-#if defined(LIBRESSL_INTERNAL)
-struct ssl_internal_st;
-struct ssl_st {
-        /* protocol version
-         * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
-         */
-        int version;
-        const SSL_METHOD *method; /* SSLv3 */
-        /* There are 2 BIO's even though they are normally both the
-         * same.  This is so data can be read and written to different
-         * handlers */
-        BIO *rbio; /* used by SSL_read */
-        BIO *wbio; /* used by SSL_write */
-        BIO *bbio; /* used during session-id reuse to concatenate
-                    * messages */
-        int server;     /* are we the server side? - mostly used by SSL_clear*/
-        struct ssl3_state_st *s3; /* SSLv3 variables */
-        struct dtls1_state_st *d1; /* DTLSv1 variables */
-        X509_VERIFY_PARAM *param;
-        /* crypto */
-        STACK_OF(SSL_CIPHER) *cipher_list;
-        /* This is used to hold the server certificate used */
-        struct cert_st /* CERT */ *cert;
-        /* the session_id_context is used to ensure sessions are only reused
-         * in the appropriate context */
-        unsigned int sid_ctx_length;
-        unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-        /* This can also be in the session once a session is established */
-        SSL_SESSION *session;
-        /* Used in SSL2 and SSL3 */
-        int verify_mode;        /* 0 don't care about verify failure.
-                                 * 1 fail if verify fails */
-        int error;              /* error bytes to be written */
-        int error_code;         /* actual code */
-        SSL_CTX *ctx;
-        long verify_result;
-        int references;
-        int client_version;     /* what was passed, used for
-                                 * SSLv3/TLS rollback check */
-        unsigned int max_send_fragment;
-        char *tlsext_hostname;
-        /* certificate status request info */
-        /* Status type or -1 if no status type */
-        int tlsext_status_type;
-        SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
-#define session_ctx initial_ctx
-        /*
-         * XXX really should be internal, but is
-         * touched unnaturally by wpa-supplicant
-         * and freeradius and other perversions
-         */
-        EVP_CIPHER_CTX *enc_read_ctx;           /* cryptographic state */
-        EVP_MD_CTX *read_hash;                  /* used for mac generation */
-        struct ssl_internal_st *internal;
-};
-#endif
 #ifdef __cplusplus
 }
 #endif

diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index 2c208b098b..2a55cf0efb 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl.h,v 1.209 2021/09/14 23:07:18 inoguchi Exp $ */	1	/* $OpenBSD: ssl.h,v 1.210 2021/10/15 16:48:46 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -357,9 +357,6 @@ extern "C" {
357	* in SSL_CTX. */	357	* in SSL_CTX. */
358	typedef struct ssl_st *ssl_crock_st;	358	typedef struct ssl_st *ssl_crock_st;
359		359
360	#if defined(LIBRESSL_INTERNAL)
361	typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
362	#endif
363	typedef struct ssl_method_st SSL_METHOD;	360	typedef struct ssl_method_st SSL_METHOD;
364	typedef struct ssl_cipher_st SSL_CIPHER;	361	typedef struct ssl_cipher_st SSL_CIPHER;
365	typedef struct ssl_session_st SSL_SESSION;	362	typedef struct ssl_session_st SSL_SESSION;
@@ -537,57 +534,10 @@ typedef int (GEN_SESSION_CB)(const SSL ssl, unsigned char *id,
537	typedef struct ssl_comp_st SSL_COMP;	534	typedef struct ssl_comp_st SSL_COMP;
538		535
539	#ifdef LIBRESSL_INTERNAL	536	#ifdef LIBRESSL_INTERNAL
540
541	struct ssl_comp_st {
542	int id;
543	const char *name;
544	};
545
546	DECLARE_STACK_OF(SSL_COMP)	537	DECLARE_STACK_OF(SSL_COMP)
547	struct lhash_st_SSL_SESSION {	538	struct lhash_st_SSL_SESSION {
548	int dummy;	539	int dummy;
549	};	540	};
550
551	struct ssl_ctx_internal_st;
552
553	struct ssl_ctx_st {
554	const SSL_METHOD *method;
555
556	STACK_OF(SSL_CIPHER) *cipher_list;
557
558	struct x509_store_st /* X509_STORE / cert_store;
559
560	/* If timeout is not 0, it is the default timeout value set
561	* when SSL_new() is called. This has been put in to make
562	* life easier to set things up */
563	long session_timeout;
564
565	int references;
566
567	/* Default values to use in SSL structures follow (these are copied by SSL_new) */
568
569	STACK_OF(X509) *extra_certs;
570
571	int verify_mode;
572	unsigned int sid_ctx_length;
573	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
574
575	X509_VERIFY_PARAM *param;
576
577	/*
578	* XXX
579	* default_passwd_cb used by python and openvpn, need to keep it until we
580	* add an accessor
581	*/
582	/* Default password callback. */
583	pem_password_cb *default_passwd_callback;
584
585	/* Default password callback user data. */
586	void *default_passwd_callback_userdata;
587
588	struct ssl_ctx_internal_st *internal;
589	};
590
591	#endif	541	#endif
592		542
593	#define SSL_SESS_CACHE_OFF 0x0000	543	#define SSL_SESS_CACHE_OFF 0x0000
@@ -703,85 +653,6 @@ void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb);
703	#define SSL_MAC_FLAG_READ_MAC_STREAM 1	653	#define SSL_MAC_FLAG_READ_MAC_STREAM 1
704	#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2	654	#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
705		655
706	#if defined(LIBRESSL_INTERNAL)
707	struct ssl_internal_st;
708
709	struct ssl_st {
710	/* protocol version
711	* (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
712	*/
713	int version;
714
715	const SSL_METHOD method; / SSLv3 */
716
717	/* There are 2 BIO's even though they are normally both the
718	* same. This is so data can be read and written to different
719	* handlers */
720
721	BIO rbio; / used by SSL_read */
722	BIO wbio; / used by SSL_write */
723	BIO bbio; / used during session-id reuse to concatenate
724	* messages */
725	int server; /* are we the server side? - mostly used by SSL_clear*/
726
727	struct ssl3_state_st s3; / SSLv3 variables */
728	struct dtls1_state_st d1; / DTLSv1 variables */
729
730	X509_VERIFY_PARAM *param;
731
732	/* crypto */
733	STACK_OF(SSL_CIPHER) *cipher_list;
734
735	/* This is used to hold the server certificate used */
736	struct cert_st /* CERT / cert;
737
738	/* the session_id_context is used to ensure sessions are only reused
739	* in the appropriate context */
740	unsigned int sid_ctx_length;
741	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
742
743	/* This can also be in the session once a session is established */
744	SSL_SESSION *session;
745
746	/* Used in SSL2 and SSL3 */
747	int verify_mode; /* 0 don't care about verify failure.
748	* 1 fail if verify fails */
749	int error; /* error bytes to be written */
750	int error_code; /* actual code */
751
752	SSL_CTX *ctx;
753
754	long verify_result;
755
756	int references;
757
758	int client_version; /* what was passed, used for
759	* SSLv3/TLS rollback check */
760
761	unsigned int max_send_fragment;
762
763	char *tlsext_hostname;
764
765	/* certificate status request info */
766	/* Status type or -1 if no status type */
767	int tlsext_status_type;
768
769	SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
770	#define session_ctx initial_ctx
771
772	/*
773	* XXX really should be internal, but is
774	* touched unnaturally by wpa-supplicant
775	* and freeradius and other perversions
776	*/
777	EVP_CIPHER_CTX enc_read_ctx; / cryptographic state */
778	EVP_MD_CTX read_hash; / used for mac generation */
779
780	struct ssl_internal_st *internal;
781	};
782
783	#endif
784
785	#ifdef __cplusplus	656	#ifdef __cplusplus
786	}	657	}
787	#endif	658	#endif