1 files changed, 1 insertions, 103 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 99ac44d769..4069fcd024 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.113 2017/01/23 05:27:22 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.114 2017/01/23 06:45:30 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -828,8 +828,6 @@ struct ssl_st {
         */
        int version;
-        int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
        const SSL_METHOD *method; /* SSLv3 */
        /* There are 2 BIO's even though they are normally both the
@@ -846,76 +844,19 @@ struct ssl_st {
        char *wbio; /* used by SSL_write */
        char *bbio;
 #endif
-        /* This holds a variable that indicates what we were doing
-         * when a 0 or -1 is returned.  This is needed for
-         * non-blocking IO so we know what request needs re-doing when
-         * in SSL_accept or SSL_connect */
-        int rwstate;
-        /* Imagine that here's a boolean member "init" that is
-         * switched as soon as SSL_set_{accept/connect}_state
-         * is called for the first time, so that "state" and
-         * "handshake_func" are properly initialized.  But as
-         * handshake_func is == 0 until then, we use this
-         * test instead of an "init" member.
-         */
        int server;     /* are we the server side? - mostly used by SSL_clear*/
-        int new_session;/* Generate a new session or reuse an old one.
-                         * NB: For servers, the 'new' session may actually be a previously
-                         * cached session or even the previous session unless
-                         * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
-        int quiet_shutdown;/* don't send shutdown packets */
-        int shutdown;   /* we have shut things down, 0x01 sent, 0x02
-                         * for received */
        int state;      /* where we are */
        int rstate;     /* where we are when reading */
-        BUF_MEM *init_buf;      /* buffer used during init */
-        void *init_msg;         /* pointer to handshake message body, set by ssl3_get_message() */
-        int init_num;           /* amount read/written */
-        int init_off;           /* amount read/written */
-        /* used internally to point at a raw packet */
-        unsigned char *packet;
-        unsigned int packet_length;
        struct ssl3_state_st *s3; /* SSLv3 variables */
        struct dtls1_state_st *d1; /* DTLSv1 variables */
-        int read_ahead;         /* Read as many input bytes as possible
-                                 * (for non-blocking reads) */
-        int hit;                /* reusing a previous session */
        X509_VERIFY_PARAM *param;
        /* crypto */
        STACK_OF(SSL_CIPHER) *cipher_list;
-        STACK_OF(SSL_CIPHER) *cipher_list_by_id;
-        /* These are the ones being used, the ones in SSL_SESSION are
-         * the ones to be 'copied' into these ones */
-        int mac_flags;
-        SSL_AEAD_CTX *aead_read_ctx;    /* AEAD context. If non-NULL, then
-                                           enc_read_ctx and read_hash are
-                                           ignored. */
-        EVP_CIPHER_CTX *enc_read_ctx;           /* cryptographic state */
-        EVP_MD_CTX *read_hash;                  /* used for mac generation */
-        SSL_AEAD_CTX *aead_write_ctx;   /* AEAD context. If non-NULL, then
-                                           enc_write_ctx and write_hash are
-                                           ignored. */
-        EVP_CIPHER_CTX *enc_write_ctx;          /* cryptographic state */
-        EVP_MD_CTX *write_hash;                 /* used for mac generation */
-        /* session info */
-        /* client cert? */
        /* This is used to hold the server certificate used */
        struct cert_st /* CERT */ *cert;
@@ -933,69 +874,26 @@ struct ssl_st {
        int error;              /* error bytes to be written */
        int error_code;         /* actual code */
        SSL_CTX *ctx;
-        /* set this flag to 1 and a sleep(1) is put into all SSL_read()
-         * and SSL_write() calls, good for nbio debuging :-) */
-        int debug;
-        /* extra application data */
        long verify_result;
-        CRYPTO_EX_DATA ex_data;
-        /* for server side, keep the list of CA_dn we can use */
-        STACK_OF(X509_NAME) *client_CA;
        int references;
        unsigned long options; /* protocol behaviour */
        unsigned long mode; /* API behaviour */
-        long max_cert_list;
-        int first_packet;
        int client_version;     /* what was passed, used for
                                 * SSLv3/TLS rollback check */
        unsigned int max_send_fragment;
        char *tlsext_hostname;
-        int servername_done;    /* no further mod of servername
-                                   0 : call the servername extension callback.
-                                   1 : prepare 2, allow last ack just after in server callback.
-                                   2 : don't call servername callback, no ack in server hello
-                                   */
        /* certificate status request info */
        /* Status type or -1 if no status type */
        int tlsext_status_type;
-        /* Expect OCSP CertificateStatus message */
-        int tlsext_status_expected;
-        /* OCSP status request only */
-        STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids;
-        X509_EXTENSIONS *tlsext_ocsp_exts;
-        /* OCSP response received or to be sent */
-        unsigned char *tlsext_ocsp_resp;
-        int tlsext_ocsp_resplen;
-        /* RFC4507 session ticket expected to be received or sent */
-        int tlsext_ticket_expected;
-        size_t tlsext_ecpointformatlist_length;
-        uint8_t *tlsext_ecpointformatlist; /* our list */
-        size_t tlsext_ellipticcurvelist_length;
-        uint16_t *tlsext_ellipticcurvelist; /* our list */
-        /* TLS Session Ticket extension override */
-        TLS_SESSION_TICKET_EXT *tlsext_session_ticket;
        SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
 #define session_ctx initial_ctx
-        STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;       /* What we'll do */
-        SRTP_PROTECTION_PROFILE *srtp_profile;                  /* What's been chosen */
-        int renegotiate;/* 1 if we are renegotiating.
-                         * 2 if we are a server and are inside a handshake
-                         * (i.e. not just sending a HelloRequest) */
        struct ssl_internal_st *internal;
 };

diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index 99ac44d769..4069fcd024 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl.h,v 1.113 2017/01/23 05:27:22 jsing Exp $ */	1	/* $OpenBSD: ssl.h,v 1.114 2017/01/23 06:45:30 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -828,8 +828,6 @@ struct ssl_st {
828	*/	828	*/
829	int version;	829	int version;
830		830
831	int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
832
833	const SSL_METHOD method; / SSLv3 */	831	const SSL_METHOD method; / SSLv3 */
834		832
835	/* There are 2 BIO's even though they are normally both the	833	/* There are 2 BIO's even though they are normally both the
@@ -846,76 +844,19 @@ struct ssl_st {
846	char wbio; / used by SSL_write */	844	char wbio; / used by SSL_write */
847	char *bbio;	845	char *bbio;
848	#endif	846	#endif
849	/* This holds a variable that indicates what we were doing
850	* when a 0 or -1 is returned. This is needed for
851	* non-blocking IO so we know what request needs re-doing when
852	* in SSL_accept or SSL_connect */
853	int rwstate;
854
855	/* Imagine that here's a boolean member "init" that is
856	* switched as soon as SSL_set_{accept/connect}_state
857	* is called for the first time, so that "state" and
858	* "handshake_func" are properly initialized. But as
859	* handshake_func is == 0 until then, we use this
860	* test instead of an "init" member.
861	*/
862
863	int server; /* are we the server side? - mostly used by SSL_clear*/	847	int server; /* are we the server side? - mostly used by SSL_clear*/
864		848
865	int new_session;/* Generate a new session or reuse an old one.
866	* NB: For servers, the 'new' session may actually be a previously
867	* cached session or even the previous session unless
868	* SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
869	int quiet_shutdown;/* don't send shutdown packets */
870	int shutdown; /* we have shut things down, 0x01 sent, 0x02
871	* for received */
872	int state; /* where we are */	849	int state; /* where we are */
873	int rstate; /* where we are when reading */	850	int rstate; /* where we are when reading */
874		851
875	BUF_MEM init_buf; / buffer used during init */
876	void init_msg; / pointer to handshake message body, set by ssl3_get_message() */
877	int init_num; /* amount read/written */
878	int init_off; /* amount read/written */
879
880	/* used internally to point at a raw packet */
881	unsigned char *packet;
882	unsigned int packet_length;
883
884	struct ssl3_state_st s3; / SSLv3 variables */	852	struct ssl3_state_st s3; / SSLv3 variables */
885	struct dtls1_state_st d1; / DTLSv1 variables */	853	struct dtls1_state_st d1; / DTLSv1 variables */
886		854
887	int read_ahead; /* Read as many input bytes as possible
888	* (for non-blocking reads) */
889
890	int hit; /* reusing a previous session */
891
892	X509_VERIFY_PARAM *param;	855	X509_VERIFY_PARAM *param;
893		856
894	/* crypto */	857	/* crypto */
895	STACK_OF(SSL_CIPHER) *cipher_list;	858	STACK_OF(SSL_CIPHER) *cipher_list;
896	STACK_OF(SSL_CIPHER) *cipher_list_by_id;
897
898	/* These are the ones being used, the ones in SSL_SESSION are
899	* the ones to be 'copied' into these ones */
900	int mac_flags;
901
902	SSL_AEAD_CTX aead_read_ctx; / AEAD context. If non-NULL, then
903	enc_read_ctx and read_hash are
904	ignored. */
905
906	EVP_CIPHER_CTX enc_read_ctx; / cryptographic state */
907	EVP_MD_CTX read_hash; / used for mac generation */
908		859
909	SSL_AEAD_CTX aead_write_ctx; / AEAD context. If non-NULL, then
910	enc_write_ctx and write_hash are
911	ignored. */
912
913	EVP_CIPHER_CTX enc_write_ctx; / cryptographic state */
914	EVP_MD_CTX write_hash; / used for mac generation */
915
916	/* session info */
917
918	/* client cert? */
919	/* This is used to hold the server certificate used */	860	/* This is used to hold the server certificate used */
920	struct cert_st /* CERT / cert;	861	struct cert_st /* CERT / cert;
921		862
@@ -933,69 +874,26 @@ struct ssl_st {
933	int error; /* error bytes to be written */	874	int error; /* error bytes to be written */
934	int error_code; /* actual code */	875	int error_code; /* actual code */
935		876
936
937
938	SSL_CTX *ctx;	877	SSL_CTX *ctx;
939	/* set this flag to 1 and a sleep(1) is put into all SSL_read()
940	* and SSL_write() calls, good for nbio debuging :-) */
941	int debug;
942		878
943
944	/* extra application data */
945	long verify_result;	879	long verify_result;
946	CRYPTO_EX_DATA ex_data;
947
948	/* for server side, keep the list of CA_dn we can use */
949	STACK_OF(X509_NAME) *client_CA;
950		880
951	int references;	881	int references;
952	unsigned long options; /* protocol behaviour */	882	unsigned long options; /* protocol behaviour */
953	unsigned long mode; /* API behaviour */	883	unsigned long mode; /* API behaviour */
954	long max_cert_list;
955	int first_packet;
956	int client_version; /* what was passed, used for	884	int client_version; /* what was passed, used for
957	* SSLv3/TLS rollback check */	885	* SSLv3/TLS rollback check */
958	unsigned int max_send_fragment;	886	unsigned int max_send_fragment;
959		887
960	char *tlsext_hostname;	888	char *tlsext_hostname;
961		889
962	int servername_done; /* no further mod of servername
963	0 : call the servername extension callback.
964	1 : prepare 2, allow last ack just after in server callback.
965	2 : don't call servername callback, no ack in server hello
966	*/
967	/* certificate status request info */	890	/* certificate status request info */
968	/* Status type or -1 if no status type */	891	/* Status type or -1 if no status type */
969	int tlsext_status_type;	892	int tlsext_status_type;
970	/* Expect OCSP CertificateStatus message */
971	int tlsext_status_expected;
972	/* OCSP status request only */
973	STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids;
974	X509_EXTENSIONS *tlsext_ocsp_exts;
975	/* OCSP response received or to be sent */
976	unsigned char *tlsext_ocsp_resp;
977	int tlsext_ocsp_resplen;
978
979	/* RFC4507 session ticket expected to be received or sent */
980	int tlsext_ticket_expected;
981	size_t tlsext_ecpointformatlist_length;
982	uint8_t tlsext_ecpointformatlist; / our list */
983	size_t tlsext_ellipticcurvelist_length;
984	uint16_t tlsext_ellipticcurvelist; / our list */
985
986	/* TLS Session Ticket extension override */
987	TLS_SESSION_TICKET_EXT *tlsext_session_ticket;
988		893
989	SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */	894	SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
990	#define session_ctx initial_ctx	895	#define session_ctx initial_ctx
991		896
992	STACK_OF(SRTP_PROTECTION_PROFILE) srtp_profiles; / What we'll do */
993	SRTP_PROTECTION_PROFILE srtp_profile; / What's been chosen */
994
995	int renegotiate;/* 1 if we are renegotiating.
996	* 2 if we are a server and are inside a handshake
997	* (i.e. not just sending a HelloRequest) */
998
999	struct ssl_internal_st *internal;	897	struct ssl_internal_st *internal;
1000	};	898	};
1001		899