1 files changed, 86 insertions, 94 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index a8d5308e8c..8046ad8c86 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.426 2022/10/01 16:23:15 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.427 2022/10/02 16:36:41 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -713,7 +713,42 @@ typedef void (ssl_info_callback_fn)(const SSL *s, int type, int val);
 typedef void (ssl_msg_callback_fn)(int is_write, int version, int content_type,
    const void *buf, size_t len, SSL *ssl, void *arg);
-typedef struct ssl_ctx_internal_st {
+struct ssl_ctx_st {
+        const SSL_METHOD *method;
+        const SSL_QUIC_METHOD *quic_method;
+        STACK_OF(SSL_CIPHER) *cipher_list;
+        struct x509_store_st /* X509_STORE */ *cert_store;
+        /* If timeout is not 0, it is the default timeout value set
+         * when SSL_new() is called.  This has been put in to make
+         * life easier to set things up */
+        long session_timeout;
+        int references;
+        /* Default values to use in SSL structures follow (these are copied by SSL_new) */
+        STACK_OF(X509) *extra_certs;
+        int verify_mode;
+        size_t sid_ctx_length;
+        unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+        X509_VERIFY_PARAM *param;
+        /*
+         * XXX
+         * default_passwd_cb used by python and openvpn, need to keep it until we
+         * add an accessor
+         */
+        /* Default password callback. */
+        pem_password_cb *default_passwd_callback;
+        /* Default password callback user data. */
+        void *default_passwd_callback_userdata;
        uint16_t min_tls_version;
        uint16_t max_tls_version;
@@ -879,48 +914,72 @@ typedef struct ssl_ctx_internal_st {
        uint16_t *tlsext_supportedgroups; /* our list */
        SSL_CTX_keylog_cb_func keylog_callback; /* Unused. For OpenSSL compatibility. */
        size_t num_tickets; /* Unused, for OpenSSL compatibility */
-} SSL_CTX_INTERNAL;
+};
+struct ssl_st {
+        /* protocol version
+         * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
+         */
+        int version;
-struct ssl_ctx_st {
        const SSL_METHOD *method;
        const SSL_QUIC_METHOD *quic_method;
-        STACK_OF(SSL_CIPHER) *cipher_list;
+        /* There are 2 BIO's even though they are normally both the
+         * same.  This is so data can be read and written to different
+         * handlers */
-        struct x509_store_st /* X509_STORE */ *cert_store;
+        BIO *rbio; /* used by SSL_read */
+        BIO *wbio; /* used by SSL_write */
+        BIO *bbio; /* used during session-id reuse to concatenate
+                    * messages */
+        int server;     /* are we the server side? - mostly used by SSL_clear*/
-        /* If timeout is not 0, it is the default timeout value set
+        struct ssl3_state_st *s3; /* SSLv3 variables */
-         * when SSL_new() is called.  This has been put in to make
+        struct dtls1_state_st *d1; /* DTLSv1 variables */
-         * life easier to set things up */
-        long session_timeout;
-        int references;
+        X509_VERIFY_PARAM *param;
-        /* Default values to use in SSL structures follow (these are copied by SSL_new) */
+        /* crypto */
+        STACK_OF(SSL_CIPHER) *cipher_list;
-        STACK_OF(X509) *extra_certs;
+        /* This is used to hold the server certificate used */
+        SSL_CERT *cert;
-        int verify_mode;
+        /* the session_id_context is used to ensure sessions are only reused
+         * in the appropriate context */
        size_t sid_ctx_length;
        unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-        X509_VERIFY_PARAM *param;
+        /* This can also be in the session once a session is established */
+        SSL_SESSION *session;
-        /*
+        /* Used in SSL2 and SSL3 */
-         * XXX
+        int verify_mode;        /* 0 don't care about verify failure.
-         * default_passwd_cb used by python and openvpn, need to keep it until we
+                                 * 1 fail if verify fails */
-         * add an accessor
+        int error;              /* error bytes to be written */
-         */
+        int error_code;         /* actual code */
-        /* Default password callback. */
-        pem_password_cb *default_passwd_callback;
-        /* Default password callback user data. */
+        SSL_CTX *ctx;
-        void *default_passwd_callback_userdata;
-        struct ssl_ctx_internal_st *internal;
+        long verify_result;
-};
+        int references;
+        int client_version;     /* what was passed, used for
+                                 * SSLv3/TLS rollback check */
+        unsigned int max_send_fragment;
+        char *tlsext_hostname;
+        /* certificate status request info */
+        /* Status type or -1 if no status type */
+        int tlsext_status_type;
+        SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
+#define session_ctx initial_ctx
-typedef struct ssl_internal_st {
        struct tls13_ctx *tls13;
        uint16_t min_tls_version;
@@ -1066,73 +1125,6 @@ typedef struct ssl_internal_st {
        size_t num_tickets; /* Unused, for OpenSSL compatibility */
        STACK_OF(X509) *verified_chain;
-} SSL_INTERNAL;
-struct ssl_st {
-        /* protocol version
-         * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
-         */
-        int version;
-        const SSL_METHOD *method;
-        const SSL_QUIC_METHOD *quic_method;
-        /* There are 2 BIO's even though they are normally both the
-         * same.  This is so data can be read and written to different
-         * handlers */
-        BIO *rbio; /* used by SSL_read */
-        BIO *wbio; /* used by SSL_write */
-        BIO *bbio; /* used during session-id reuse to concatenate
-                    * messages */
-        int server;     /* are we the server side? - mostly used by SSL_clear*/
-        struct ssl3_state_st *s3; /* SSLv3 variables */
-        struct dtls1_state_st *d1; /* DTLSv1 variables */
-        X509_VERIFY_PARAM *param;
-        /* crypto */
-        STACK_OF(SSL_CIPHER) *cipher_list;
-        /* This is used to hold the server certificate used */
-        SSL_CERT *cert;
-        /* the session_id_context is used to ensure sessions are only reused
-         * in the appropriate context */
-        size_t sid_ctx_length;
-        unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-        /* This can also be in the session once a session is established */
-        SSL_SESSION *session;
-        /* Used in SSL2 and SSL3 */
-        int verify_mode;        /* 0 don't care about verify failure.
-                                 * 1 fail if verify fails */
-        int error;              /* error bytes to be written */
-        int error_code;         /* actual code */
-        SSL_CTX *ctx;
-        long verify_result;
-        int references;
-        int client_version;     /* what was passed, used for
-                                 * SSLv3/TLS rollback check */
-        unsigned int max_send_fragment;
-        char *tlsext_hostname;
-        /* certificate status request info */
-        /* Status type or -1 if no status type */
-        int tlsext_status_type;
-        SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
-#define session_ctx initial_ctx
-        struct ssl_internal_st *internal;
 };
 typedef struct ssl3_record_internal_st {

diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index a8d5308e8c..8046ad8c86 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.426 2022/10/01 16:23:15 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.427 2022/10/02 16:36:41 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -713,7 +713,42 @@ typedef void (ssl_info_callback_fn)(const SSL *s, int type, int val);
713	typedef void (ssl_msg_callback_fn)(int is_write, int version, int content_type,	713	typedef void (ssl_msg_callback_fn)(int is_write, int version, int content_type,
714	const void buf, size_t len, SSL ssl, void *arg);	714	const void buf, size_t len, SSL ssl, void *arg);
715		715
716	typedef struct ssl_ctx_internal_st {	716	struct ssl_ctx_st {
		717	const SSL_METHOD *method;
		718	const SSL_QUIC_METHOD *quic_method;
		719
		720	STACK_OF(SSL_CIPHER) *cipher_list;
		721
		722	struct x509_store_st /* X509_STORE / cert_store;
		723
		724	/* If timeout is not 0, it is the default timeout value set
		725	* when SSL_new() is called. This has been put in to make
		726	* life easier to set things up */
		727	long session_timeout;
		728
		729	int references;
		730
		731	/* Default values to use in SSL structures follow (these are copied by SSL_new) */
		732
		733	STACK_OF(X509) *extra_certs;
		734
		735	int verify_mode;
		736	size_t sid_ctx_length;
		737	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
		738
		739	X509_VERIFY_PARAM *param;
		740
		741	/*
		742	* XXX
		743	* default_passwd_cb used by python and openvpn, need to keep it until we
		744	* add an accessor
		745	*/
		746	/* Default password callback. */
		747	pem_password_cb *default_passwd_callback;
		748
		749	/* Default password callback user data. */
		750	void *default_passwd_callback_userdata;
		751
717	uint16_t min_tls_version;	752	uint16_t min_tls_version;
718	uint16_t max_tls_version;	753	uint16_t max_tls_version;
719		754
@@ -879,48 +914,72 @@ typedef struct ssl_ctx_internal_st {
879	uint16_t tlsext_supportedgroups; / our list */	914	uint16_t tlsext_supportedgroups; / our list */
880	SSL_CTX_keylog_cb_func keylog_callback; /* Unused. For OpenSSL compatibility. */	915	SSL_CTX_keylog_cb_func keylog_callback; /* Unused. For OpenSSL compatibility. */
881	size_t num_tickets; /* Unused, for OpenSSL compatibility */	916	size_t num_tickets; /* Unused, for OpenSSL compatibility */
882	} SSL_CTX_INTERNAL;	917	};
		918
		919	struct ssl_st {
		920	/* protocol version
		921	* (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
		922	*/
		923	int version;
883		924
884	struct ssl_ctx_st {
885	const SSL_METHOD *method;	925	const SSL_METHOD *method;
886	const SSL_QUIC_METHOD *quic_method;	926	const SSL_QUIC_METHOD *quic_method;
887		927
888	STACK_OF(SSL_CIPHER) *cipher_list;	928	/* There are 2 BIO's even though they are normally both the
		929	* same. This is so data can be read and written to different
		930	* handlers */
889		931
890	struct x509_store_st /* X509_STORE / cert_store;	932	BIO rbio; / used by SSL_read */
		933	BIO wbio; / used by SSL_write */
		934	BIO bbio; / used during session-id reuse to concatenate
		935	* messages */
		936	int server; /* are we the server side? - mostly used by SSL_clear*/
891		937
892	/* If timeout is not 0, it is the default timeout value set	938	struct ssl3_state_st s3; / SSLv3 variables */
893	* when SSL_new() is called. This has been put in to make	939	struct dtls1_state_st d1; / DTLSv1 variables */
894	* life easier to set things up */
895	long session_timeout;
896		940
897	int references;	941	X509_VERIFY_PARAM *param;
898		942
899	/* Default values to use in SSL structures follow (these are copied by SSL_new) */	943	/* crypto */
		944	STACK_OF(SSL_CIPHER) *cipher_list;
900		945
901	STACK_OF(X509) *extra_certs;	946	/* This is used to hold the server certificate used */
		947	SSL_CERT *cert;
902		948
903	int verify_mode;	949	/* the session_id_context is used to ensure sessions are only reused
		950	* in the appropriate context */
904	size_t sid_ctx_length;	951	size_t sid_ctx_length;
905	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];	952	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
906		953
907	X509_VERIFY_PARAM *param;	954	/* This can also be in the session once a session is established */
		955	SSL_SESSION *session;
908		956
909	/*	957	/* Used in SSL2 and SSL3 */
910	* XXX	958	int verify_mode; /* 0 don't care about verify failure.
911	* default_passwd_cb used by python and openvpn, need to keep it until we	959	* 1 fail if verify fails */
912	* add an accessor	960	int error; /* error bytes to be written */
913	*/	961	int error_code; /* actual code */
914	/* Default password callback. */
915	pem_password_cb *default_passwd_callback;
916		962
917	/* Default password callback user data. */	963	SSL_CTX *ctx;
918	void *default_passwd_callback_userdata;
919		964
920	struct ssl_ctx_internal_st *internal;	965	long verify_result;
921	};	966
		967	int references;
		968
		969	int client_version; /* what was passed, used for
		970	* SSLv3/TLS rollback check */
		971
		972	unsigned int max_send_fragment;
		973
		974	char *tlsext_hostname;
		975
		976	/* certificate status request info */
		977	/* Status type or -1 if no status type */
		978	int tlsext_status_type;
		979
		980	SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
		981	#define session_ctx initial_ctx
922		982
923	typedef struct ssl_internal_st {
924	struct tls13_ctx *tls13;	983	struct tls13_ctx *tls13;
925		984
926	uint16_t min_tls_version;	985	uint16_t min_tls_version;
@@ -1066,73 +1125,6 @@ typedef struct ssl_internal_st {
1066		1125
1067	size_t num_tickets; /* Unused, for OpenSSL compatibility */	1126	size_t num_tickets; /* Unused, for OpenSSL compatibility */
1068	STACK_OF(X509) *verified_chain;	1127	STACK_OF(X509) *verified_chain;
1069	} SSL_INTERNAL;
1070
1071	struct ssl_st {
1072	/* protocol version
1073	* (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
1074	*/
1075	int version;
1076
1077	const SSL_METHOD *method;
1078	const SSL_QUIC_METHOD *quic_method;
1079
1080	/* There are 2 BIO's even though they are normally both the
1081	* same. This is so data can be read and written to different
1082	* handlers */
1083
1084	BIO rbio; / used by SSL_read */
1085	BIO wbio; / used by SSL_write */
1086	BIO bbio; / used during session-id reuse to concatenate
1087	* messages */
1088	int server; /* are we the server side? - mostly used by SSL_clear*/
1089
1090	struct ssl3_state_st s3; / SSLv3 variables */
1091	struct dtls1_state_st d1; / DTLSv1 variables */
1092
1093	X509_VERIFY_PARAM *param;
1094
1095	/* crypto */
1096	STACK_OF(SSL_CIPHER) *cipher_list;
1097
1098	/* This is used to hold the server certificate used */
1099	SSL_CERT *cert;
1100
1101	/* the session_id_context is used to ensure sessions are only reused
1102	* in the appropriate context */
1103	size_t sid_ctx_length;
1104	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
1105
1106	/* This can also be in the session once a session is established */
1107	SSL_SESSION *session;
1108
1109	/* Used in SSL2 and SSL3 */
1110	int verify_mode; /* 0 don't care about verify failure.
1111	* 1 fail if verify fails */
1112	int error; /* error bytes to be written */
1113	int error_code; /* actual code */
1114
1115	SSL_CTX *ctx;
1116
1117	long verify_result;
1118
1119	int references;
1120
1121	int client_version; /* what was passed, used for
1122	* SSLv3/TLS rollback check */
1123
1124	unsigned int max_send_fragment;
1125
1126	char *tlsext_hostname;
1127
1128	/* certificate status request info */
1129	/* Status type or -1 if no status type */
1130	int tlsext_status_type;
1131
1132	SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
1133	#define session_ctx initial_ctx
1134
1135	struct ssl_internal_st *internal;
1136	};	1128	};
1137		1129
1138	typedef struct ssl3_record_internal_st {	1130	typedef struct ssl3_record_internal_st {