1 files changed, 126 insertions, 1 deletions

diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 7ff3e0713d..f102c2fc95 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.358 2021/08/30 19:25:43 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.359 2021/10/15 16:48:47 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -361,6 +361,11 @@ __BEGIN_HIDDEN_DECLS
 #define EXPLICIT_CHAR2_CURVE_TYPE  2
 #define NAMED_CURVE_TYPE           3
 
+struct ssl_comp_st {
+        int id;
+        const char *name;
+};
+
 struct ssl_cipher_st {
         int valid;
         const char *name;               /* text name */
@@ -611,6 +616,14 @@ typedef struct ssl_handshake_st {
         SSL_HANDSHAKE_TLS13 tls13;
 } SSL_HANDSHAKE;
 
+typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
+
+/* TLS Session Ticket extension struct. */
+struct tls_session_ticket_ext_st {
+        unsigned short length;
+        void *data;
+};
+
 struct tls12_key_block;
 
 struct tls12_key_block *tls12_key_block_new(void);
@@ -832,6 +845,44 @@ typedef struct ssl_ctx_internal_st {
         uint16_t *tlsext_supportedgroups; /* our list */
 } SSL_CTX_INTERNAL;
 
+struct ssl_ctx_st {
+        const SSL_METHOD *method;
+
+        STACK_OF(SSL_CIPHER) *cipher_list;
+
+        struct x509_store_st /* X509_STORE */ *cert_store;
+
+        /* If timeout is not 0, it is the default timeout value set
+         * when SSL_new() is called.  This has been put in to make
+         * life easier to set things up */
+        long session_timeout;
+
+        int references;
+
+        /* Default values to use in SSL structures follow (these are copied by SSL_new) */
+
+        STACK_OF(X509) *extra_certs;
+
+        int verify_mode;
+        unsigned int sid_ctx_length;
+        unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+
+        X509_VERIFY_PARAM *param;
+
+        /*
+         * XXX
+         * default_passwd_cb used by python and openvpn, need to keep it until we
+         * add an accessor
+         */
+        /* Default password callback. */
+        pem_password_cb *default_passwd_callback;
+
+        /* Default password callback user data. */
+        void *default_passwd_callback_userdata;
+
+        struct ssl_ctx_internal_st *internal;
+};
+
 typedef struct ssl_internal_st {
         struct tls13_ctx *tls13;
 
@@ -973,6 +1024,80 @@ typedef struct ssl_internal_st {
         int empty_record_count;
 } SSL_INTERNAL;
 
+struct ssl_st {
+        /* protocol version
+         * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
+         */
+        int version;
+
+        const SSL_METHOD *method; /* SSLv3 */
+
+        /* There are 2 BIO's even though they are normally both the
+         * same.  This is so data can be read and written to different
+         * handlers */
+
+        BIO *rbio; /* used by SSL_read */
+        BIO *wbio; /* used by SSL_write */
+        BIO *bbio; /* used during session-id reuse to concatenate
+                    * messages */
+        int server;     /* are we the server side? - mostly used by SSL_clear*/
+
+        struct ssl3_state_st *s3; /* SSLv3 variables */
+        struct dtls1_state_st *d1; /* DTLSv1 variables */
+
+        X509_VERIFY_PARAM *param;
+
+        /* crypto */
+        STACK_OF(SSL_CIPHER) *cipher_list;
+
+        /* This is used to hold the server certificate used */
+        struct cert_st /* CERT */ *cert;
+
+        /* the session_id_context is used to ensure sessions are only reused
+         * in the appropriate context */
+        unsigned int sid_ctx_length;
+        unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+
+        /* This can also be in the session once a session is established */
+        SSL_SESSION *session;
+
+        /* Used in SSL2 and SSL3 */
+        int verify_mode;        /* 0 don't care about verify failure.
+                                 * 1 fail if verify fails */
+        int error;              /* error bytes to be written */
+        int error_code;         /* actual code */
+
+        SSL_CTX *ctx;
+
+        long verify_result;
+
+        int references;
+
+        int client_version;     /* what was passed, used for
+                                 * SSLv3/TLS rollback check */
+
+        unsigned int max_send_fragment;
+
+        char *tlsext_hostname;
+
+        /* certificate status request info */
+        /* Status type or -1 if no status type */
+        int tlsext_status_type;
+
+        SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
+#define session_ctx initial_ctx
+
+        /*
+         * XXX really should be internal, but is
+         * touched unnaturally by wpa-supplicant
+         * and freeradius and other perversions
+         */
+        EVP_CIPHER_CTX *enc_read_ctx;           /* cryptographic state */
+        EVP_MD_CTX *read_hash;                  /* used for mac generation */
+
+        struct ssl_internal_st *internal;
+};
+
 typedef struct ssl3_record_internal_st {
         int type;               /* type of record */
         unsigned int length;    /* How many bytes available */