From 0eff443f2ac1ae9043870f2d40d9dc0d57f236d6 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Mon, 23 Jan 2017 13:36:13 +0000
Subject: Split most of SSL_METHOD out into an internal variant, which is
 opaque.

Discussed with beck@
---
 src/lib/libssl/s3_srvr.c | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

(limited to 'src/lib/libssl/s3_srvr.c')

diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index fa958d96f8..59320ea0f6 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.148 2017/01/23 08:48:44 beck Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.149 2017/01/23 13:36:13 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -519,7 +519,7 @@ ssl3_accept(SSL *s)
 					if (S3I(s)->handshake_dgst[dgst_num]) {
 					int dgst_size;
 
-					s->method->ssl3_enc->cert_verify_mac(s,
+					s->method->internal->ssl3_enc->cert_verify_mac(s,
 					    EVP_MD_CTX_type(
 					    S3I(s)->handshake_dgst[dgst_num]),
 					    &(S3I(s)->tmp.cert_verify_md[offset]));
@@ -598,7 +598,7 @@ ssl3_accept(SSL *s)
 		case SSL3_ST_SW_CHANGE_B:
 
 			s->session->cipher = S3I(s)->tmp.new_cipher;
-			if (!s->method->ssl3_enc->setup_key_block(s)) {
+			if (!s->method->internal->ssl3_enc->setup_key_block(s)) {
 				ret = -1;
 				goto end;
 			}
@@ -611,7 +611,7 @@ ssl3_accept(SSL *s)
 			s->internal->state = SSL3_ST_SW_FINISHED_A;
 			s->internal->init_num = 0;
 
-			if (!s->method->ssl3_enc->change_cipher_state(
+			if (!s->method->internal->ssl3_enc->change_cipher_state(
 			    s, SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
 				ret = -1;
 				goto end;
@@ -623,8 +623,8 @@ ssl3_accept(SSL *s)
 		case SSL3_ST_SW_FINISHED_B:
 			ret = ssl3_send_finished(s,
 			SSL3_ST_SW_FINISHED_A, SSL3_ST_SW_FINISHED_B,
-			s->method->ssl3_enc->server_finished_label,
-			s->method->ssl3_enc->server_finished_label_len);
+			s->method->internal->ssl3_enc->server_finished_label,
+			s->method->internal->ssl3_enc->server_finished_label_len);
 			if (ret <= 0)
 				goto end;
 			s->internal->state = SSL3_ST_SW_FLUSH;
@@ -742,7 +742,7 @@ ssl3_get_client_hello(SSL *s)
 		s->internal->state = SSL3_ST_SR_CLNT_HELLO_B;
 	}
 	s->internal->first_packet = 1;
-	n = s->method->ssl_get_message(s, SSL3_ST_SR_CLNT_HELLO_B,
+	n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_CLNT_HELLO_B,
 	    SSL3_ST_SR_CLNT_HELLO_C, SSL3_MT_CLIENT_HELLO,
 	    SSL3_RT_MAX_PLAIN_LENGTH, &ok);
 
@@ -1803,7 +1803,7 @@ ssl3_get_client_kex_rsa(SSL *s, unsigned char *p, long n)
 	}
 
 	s->session->master_key_length =
-	    s->method->ssl3_enc->generate_master_secret(s,
+	    s->method->internal->ssl3_enc->generate_master_secret(s,
 	        s->session->master_key, p, i);
 
 	explicit_bzero(p, i);
@@ -1859,7 +1859,7 @@ ssl3_get_client_kex_dhe(SSL *s, unsigned char *p, long n)
 	}
 
 	s->session->master_key_length =
-	    s->method->ssl3_enc->generate_master_secret(
+	    s->method->internal->ssl3_enc->generate_master_secret(
 	        s, s->session->master_key, p, key_size);
 
 	explicit_bzero(p, key_size);
@@ -2013,7 +2013,7 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n)
 
 	/* Compute the master secret */
 	s->session->master_key_length =
-	    s->method->ssl3_enc->generate_master_secret(
+	    s->method->internal->ssl3_enc->generate_master_secret(
 		s, s->session->master_key, p, i);
 
 	explicit_bzero(p, i);
@@ -2055,7 +2055,7 @@ ssl3_get_client_kex_ecdhe_ecx(SSL *s, unsigned char *p, long n)
 	S3I(s)->tmp.x25519 = NULL;
 
 	s->session->master_key_length =
-	    s->method->ssl3_enc->generate_master_secret(
+	    s->method->internal->ssl3_enc->generate_master_secret(
 		s, s->session->master_key, shared_key, X25519_KEY_LENGTH);
 
 	ret = 1;
@@ -2131,7 +2131,7 @@ ssl3_get_client_kex_gost(SSL *s, unsigned char *p, long n)
 	}
 	/* Generate master secret */
 	s->session->master_key_length =
-	    s->method->ssl3_enc->generate_master_secret(
+	    s->method->internal->ssl3_enc->generate_master_secret(
 		s, s->session->master_key, premaster_secret, 32);
 	/* Check if pubkey from client certificate was used */
 	if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1,
@@ -2164,7 +2164,7 @@ ssl3_get_client_key_exchange(SSL *s)
 	long n;
 
 	/* 2048 maxlen is a guess.  How long a key does that permit? */
-	n = s->method->ssl_get_message(s, SSL3_ST_SR_KEY_EXCH_A,
+	n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_KEY_EXCH_A,
 	    SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048, &ok);
 	if (!ok)
 		return ((int)n);
@@ -2213,7 +2213,7 @@ ssl3_get_cert_verify(SSL *s)
 	EVP_MD_CTX mctx;
 	EVP_MD_CTX_init(&mctx);
 
-	n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_VRFY_A,
+	n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_CERT_VRFY_A,
 	    SSL3_ST_SR_CERT_VRFY_B, -1, SSL3_RT_MAX_PLAIN_LENGTH, &ok);
 	if (!ok)
 		return ((int)n);
@@ -2476,7 +2476,7 @@ ssl3_get_client_certificate(SSL *s)
 	const unsigned char *q;
 	STACK_OF(X509) *sk = NULL;
 
-	n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,
+	n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,
 	    -1, s->internal->max_cert_list, &ok);
 
 	if (!ok)
@@ -2867,7 +2867,7 @@ ssl3_get_next_proto(SSL *s)
 	}
 
 	/* 514 maxlen is enough for the payload format below */
-	n = s->method->ssl_get_message(s, SSL3_ST_SR_NEXT_PROTO_A,
+	n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_NEXT_PROTO_A,
 	    SSL3_ST_SR_NEXT_PROTO_B, SSL3_MT_NEXT_PROTO, 514, &ok);
 	if (!ok)
 		return ((int)n);
-- 
cgit v1.2.3-55-g6feb