From 7a087580717329de5ef02600e4e1489d86249a88 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sun, 2 Oct 2022 16:36:42 +0000
Subject: Get rid of SSL_CTX_INTERNAL and SSL_INTERNAL.

These are no longer necessary due to SSL_CTX and SSL now being fully
opaque. Merge SSL_CTX_INTERNAL back into SSL_CTX and SSL_INTERNAL back
into SSL.

Prompted by tb@
---
 src/lib/libssl/s3_lib.c | 132 ++++++++++++++++++++++++------------------------
 1 file changed, 66 insertions(+), 66 deletions(-)

(limited to 'src/lib/libssl/s3_lib.c')

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 989165b207..52ad16a697 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.238 2022/08/21 19:39:44 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.239 2022/10/02 16:36:41 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1441,7 +1441,7 @@ ssl3_cipher_get_value(const SSL_CIPHER *c)
 int
 ssl3_pending(const SSL *s)
 {
-	if (s->internal->rstate == SSL_ST_READ_BODY)
+	if (s->rstate == SSL_ST_READ_BODY)
 		return 0;
 
 	return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ?
@@ -1493,13 +1493,13 @@ ssl3_handshake_msg_finish(SSL *s, CBB *handshake)
 	if (outlen > INT_MAX)
 		goto err;
 
-	if (!BUF_MEM_grow_clean(s->internal->init_buf, outlen))
+	if (!BUF_MEM_grow_clean(s->init_buf, outlen))
 		goto err;
 
-	memcpy(s->internal->init_buf->data, data, outlen);
+	memcpy(s->init_buf->data, data, outlen);
 
-	s->internal->init_num = (int)outlen;
-	s->internal->init_off = 0;
+	s->init_num = (int)outlen;
+	s->init_off = 0;
 
 	if (SSL_is_dtls(s)) {
 		unsigned long len;
@@ -1572,7 +1572,7 @@ ssl3_free(SSL *s)
 	tls_buffer_free(s->s3->hs.tls13.quic_read_buffer);
 
 	sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free);
-	sk_X509_pop_free(s->internal->verified_chain, X509_free);
+	sk_X509_pop_free(s->verified_chain, X509_free);
 
 	tls1_transcript_free(s);
 	tls1_transcript_hash_free(s);
@@ -1595,8 +1595,8 @@ ssl3_clear(SSL *s)
 
 	tls1_cleanup_key_block(s);
 	sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free);
-	sk_X509_pop_free(s->internal->verified_chain, X509_free);
-	s->internal->verified_chain = NULL;
+	sk_X509_pop_free(s->verified_chain, X509_free);
+	s->verified_chain = NULL;
 
 	freezero(s->s3->hs.sigalgs, s->s3->hs.sigalgs_len);
 	s->s3->hs.sigalgs = NULL;
@@ -1656,7 +1656,7 @@ ssl3_clear(SSL *s)
 	s->s3->num_renegotiations = 0;
 	s->s3->in_read_app_data = 0;
 
-	s->internal->packet_length = 0;
+	s->packet_length = 0;
 	s->version = TLS1_VERSION;
 
 	s->s3->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
@@ -1725,7 +1725,7 @@ _SSL_get_peer_tmp_key(SSL *s, EVP_PKEY **key)
 static int
 _SSL_session_reused(SSL *s)
 {
-	return s->internal->hit;
+	return s->hit;
 }
 
 static int
@@ -1834,7 +1834,7 @@ _SSL_set_tlsext_host_name(SSL *s, const char *name)
 static int
 _SSL_set_tlsext_debug_arg(SSL *s, void *arg)
 {
-	s->internal->tlsext_debug_arg = arg;
+	s->tlsext_debug_arg = arg;
 	return 1;
 }
 
@@ -1854,7 +1854,7 @@ _SSL_set_tlsext_status_type(SSL *s, int type)
 static int
 _SSL_get_tlsext_status_exts(SSL *s, STACK_OF(X509_EXTENSION) **exts)
 {
-	*exts = s->internal->tlsext_ocsp_exts;
+	*exts = s->tlsext_ocsp_exts;
 	return 1;
 }
 
@@ -1862,14 +1862,14 @@ static int
 _SSL_set_tlsext_status_exts(SSL *s, STACK_OF(X509_EXTENSION) *exts)
 {
 	/* XXX - leak... */
-	s->internal->tlsext_ocsp_exts = exts;
+	s->tlsext_ocsp_exts = exts;
 	return 1;
 }
 
 static int
 _SSL_get_tlsext_status_ids(SSL *s, STACK_OF(OCSP_RESPID) **ids)
 {
-	*ids = s->internal->tlsext_ocsp_ids;
+	*ids = s->tlsext_ocsp_ids;
 	return 1;
 }
 
@@ -1877,17 +1877,17 @@ static int
 _SSL_set_tlsext_status_ids(SSL *s, STACK_OF(OCSP_RESPID) *ids)
 {
 	/* XXX - leak... */
-	s->internal->tlsext_ocsp_ids = ids;
+	s->tlsext_ocsp_ids = ids;
 	return 1;
 }
 
 static int
 _SSL_get_tlsext_status_ocsp_resp(SSL *s, unsigned char **resp)
 {
-	if (s->internal->tlsext_ocsp_resp != NULL &&
-	    s->internal->tlsext_ocsp_resp_len < INT_MAX) {
-		*resp = s->internal->tlsext_ocsp_resp;
-		return (int)s->internal->tlsext_ocsp_resp_len;
+	if (s->tlsext_ocsp_resp != NULL &&
+	    s->tlsext_ocsp_resp_len < INT_MAX) {
+		*resp = s->tlsext_ocsp_resp;
+		return (int)s->tlsext_ocsp_resp_len;
 	}
 
 	*resp = NULL;
@@ -1898,15 +1898,15 @@ _SSL_get_tlsext_status_ocsp_resp(SSL *s, unsigned char **resp)
 static int
 _SSL_set_tlsext_status_ocsp_resp(SSL *s, unsigned char *resp, int resp_len)
 {
-	free(s->internal->tlsext_ocsp_resp);
-	s->internal->tlsext_ocsp_resp = NULL;
-	s->internal->tlsext_ocsp_resp_len = 0;
+	free(s->tlsext_ocsp_resp);
+	s->tlsext_ocsp_resp = NULL;
+	s->tlsext_ocsp_resp_len = 0;
 
 	if (resp_len < 0)
 		return 0;
 
-	s->internal->tlsext_ocsp_resp = resp;
-	s->internal->tlsext_ocsp_resp_len = (size_t)resp_len;
+	s->tlsext_ocsp_resp = resp;
+	s->tlsext_ocsp_resp_len = (size_t)resp_len;
 
 	return 1;
 }
@@ -1955,15 +1955,15 @@ SSL_clear_chain_certs(SSL *ssl)
 int
 SSL_set1_groups(SSL *s, const int *groups, size_t groups_len)
 {
-	return tls1_set_groups(&s->internal->tlsext_supportedgroups,
-	    &s->internal->tlsext_supportedgroups_length, groups, groups_len);
+	return tls1_set_groups(&s->tlsext_supportedgroups,
+	    &s->tlsext_supportedgroups_length, groups, groups_len);
 }
 
 int
 SSL_set1_groups_list(SSL *s, const char *groups)
 {
-	return tls1_set_group_list(&s->internal->tlsext_supportedgroups,
-	    &s->internal->tlsext_supportedgroups_length, groups);
+	return tls1_set_group_list(&s->tlsext_supportedgroups,
+	    &s->tlsext_supportedgroups_length, groups);
 }
 
 static int
@@ -2183,7 +2183,7 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
 		return 1;
 
 	case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
-		s->internal->tlsext_debug_cb = (void (*)(SSL *, int , int,
+		s->tlsext_debug_cb = (void (*)(SSL *, int , int,
 		    unsigned char *, int, void *))fp;
 		return 1;
 	}
@@ -2211,8 +2211,8 @@ _SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh)
 		return 0;
 	}
 
-	DH_free(ctx->internal->cert->dhe_params);
-	ctx->internal->cert->dhe_params = dhe_params;
+	DH_free(ctx->cert->dhe_params);
+	ctx->cert->dhe_params = dhe_params;
 
 	return 1;
 }
@@ -2220,7 +2220,7 @@ _SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh)
 static int
 _SSL_CTX_set_dh_auto(SSL_CTX *ctx, int state)
 {
-	ctx->internal->cert->dhe_params_auto = state;
+	ctx->cert->dhe_params_auto = state;
 	return 1;
 }
 
@@ -2248,7 +2248,7 @@ _SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int state)
 static int
 _SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg)
 {
-	ctx->internal->tlsext_servername_arg = arg;
+	ctx->tlsext_servername_arg = arg;
 	return 1;
 }
 
@@ -2263,9 +2263,9 @@ _SSL_CTX_get_tlsext_ticket_keys(SSL_CTX *ctx, unsigned char *keys, int keys_len)
 		return 0;
 	}
 
-	memcpy(keys, ctx->internal->tlsext_tick_key_name, 16);
-	memcpy(keys + 16, ctx->internal->tlsext_tick_hmac_key, 16);
-	memcpy(keys + 32, ctx->internal->tlsext_tick_aes_key, 16);
+	memcpy(keys, ctx->tlsext_tick_key_name, 16);
+	memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
+	memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
 
 	return 1;
 }
@@ -2281,9 +2281,9 @@ _SSL_CTX_set_tlsext_ticket_keys(SSL_CTX *ctx, unsigned char *keys, int keys_len)
 		return 0;
 	}
 
-	memcpy(ctx->internal->tlsext_tick_key_name, keys, 16);
-	memcpy(ctx->internal->tlsext_tick_hmac_key, keys + 16, 16);
-	memcpy(ctx->internal->tlsext_tick_aes_key, keys + 32, 16);
+	memcpy(ctx->tlsext_tick_key_name, keys, 16);
+	memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
+	memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
 
 	return 1;
 }
@@ -2291,14 +2291,14 @@ _SSL_CTX_set_tlsext_ticket_keys(SSL_CTX *ctx, unsigned char *keys, int keys_len)
 static int
 _SSL_CTX_get_tlsext_status_arg(SSL_CTX *ctx, void **arg)
 {
-	*arg = ctx->internal->tlsext_status_arg;
+	*arg = ctx->tlsext_status_arg;
 	return 1;
 }
 
 static int
 _SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg)
 {
-	ctx->internal->tlsext_status_arg = arg;
+	ctx->tlsext_status_arg = arg;
 	return 1;
 }
 
@@ -2331,8 +2331,8 @@ SSL_CTX_get0_chain_certs(const SSL_CTX *ctx, STACK_OF(X509) **out_chain)
 {
 	*out_chain = NULL;
 
-	if (ctx->internal->cert->key != NULL)
-		*out_chain = ctx->internal->cert->key->chain;
+	if (ctx->cert->key != NULL)
+		*out_chain = ctx->cert->key->chain;
 
 	return 1;
 }
@@ -2361,7 +2361,7 @@ _SSL_CTX_get_extra_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **certs)
 {
 	*certs = ctx->extra_certs;
 	if (*certs == NULL)
-		*certs = ctx->internal->cert->key->chain;
+		*certs = ctx->cert->key->chain;
 
 	return 1;
 }
@@ -2384,15 +2384,15 @@ _SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx)
 int
 SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t groups_len)
 {
-	return tls1_set_groups(&ctx->internal->tlsext_supportedgroups,
-	    &ctx->internal->tlsext_supportedgroups_length, groups, groups_len);
+	return tls1_set_groups(&ctx->tlsext_supportedgroups,
+	    &ctx->tlsext_supportedgroups_length, groups, groups_len);
 }
 
 int
 SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups)
 {
-	return tls1_set_group_list(&ctx->internal->tlsext_supportedgroups,
-	    &ctx->internal->tlsext_supportedgroups_length, groups);
+	return tls1_set_group_list(&ctx->tlsext_supportedgroups,
+	    &ctx->tlsext_supportedgroups_length, groups);
 }
 
 long
@@ -2507,7 +2507,7 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
 		return 0;
 
 	case SSL_CTRL_SET_TMP_DH_CB:
-		ctx->internal->cert->dhe_params_cb =
+		ctx->cert->dhe_params_cb =
 		    (DH *(*)(SSL *, int, int))fp;
 		return 1;
 
@@ -2515,20 +2515,20 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
 		return 1;
 
 	case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
-		ctx->internal->tlsext_servername_callback =
+		ctx->tlsext_servername_callback =
 		    (int (*)(SSL *, int *, void *))fp;
 		return 1;
 
 	case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
-		*(int (**)(SSL *, void *))fp = ctx->internal->tlsext_status_cb;
+		*(int (**)(SSL *, void *))fp = ctx->tlsext_status_cb;
 		return 1;
 
 	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
-		ctx->internal->tlsext_status_cb = (int (*)(SSL *, void *))fp;
+		ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
 		return 1;
 
 	case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
-		ctx->internal->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char  *,
+		ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char  *,
 		    unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp;
 		return 1;
 	}
@@ -2559,7 +2559,7 @@ ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 	 * but would have to pay with the price of sk_SSL_CIPHER_dup().
 	 */
 
-	if (s->internal->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
+	if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
 		prio = srvr;
 		allow = clnt;
 	} else {
@@ -2670,13 +2670,13 @@ ssl3_shutdown(SSL *s)
 	 * Don't do anything much if we have not done the handshake or
 	 * we don't want to send messages :-)
 	 */
-	if ((s->internal->quiet_shutdown) || (s->s3->hs.state == SSL_ST_BEFORE)) {
-		s->internal->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+	if ((s->quiet_shutdown) || (s->s3->hs.state == SSL_ST_BEFORE)) {
+		s->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
 		return (1);
 	}
 
-	if (!(s->internal->shutdown & SSL_SENT_SHUTDOWN)) {
-		s->internal->shutdown|=SSL_SENT_SHUTDOWN;
+	if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
+		s->shutdown|=SSL_SENT_SHUTDOWN;
 		ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
 		/*
 		 * Our shutdown alert has been sent now, and if it still needs
@@ -2696,15 +2696,15 @@ ssl3_shutdown(SSL *s)
 			 */
 			return (ret);
 		}
-	} else if (!(s->internal->shutdown & SSL_RECEIVED_SHUTDOWN)) {
+	} else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
 		/* If we are waiting for a close from our peer, we are closed */
 		s->method->ssl_read_bytes(s, 0, NULL, 0, 0);
-		if (!(s->internal->shutdown & SSL_RECEIVED_SHUTDOWN)) {
+		if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
 			return (-1);	/* return WANT_READ */
 		}
 	}
 
-	if ((s->internal->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
+	if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
 	    !s->s3->alert_dispatch)
 		return (1);
 	else
@@ -2737,16 +2737,16 @@ ssl3_read_internal(SSL *s, void *buf, int len, int peek)
 	    peek);
 	if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
 		/*
-		 * ssl3_read_bytes decided to call s->internal->handshake_func,
+		 * ssl3_read_bytes decided to call s->handshake_func,
 		 * which called ssl3_read_bytes to read handshake data.
 		 * However, ssl3_read_bytes actually found application data
 		 * and thinks that application data makes sense here; so disable
 		 * handshake processing and try to read application data again.
 		 */
-		s->internal->in_handshake++;
+		s->in_handshake++;
 		ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA,
 		    buf, len, peek);
-		s->internal->in_handshake--;
+		s->in_handshake--;
 	} else
 		s->s3->in_read_app_data = 0;
 
@@ -2768,7 +2768,7 @@ ssl3_peek(SSL *s, void *buf, int len)
 int
 ssl3_renegotiate(SSL *s)
 {
-	if (s->internal->handshake_func == NULL)
+	if (s->handshake_func == NULL)
 		return 1;
 
 	if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
-- 
cgit v1.2.3-55-g6feb