Hide struct internals under LIBRESSL_CRYPTO_INTERNAL so that other

parts of LibreSSL can no longer reach into them.

discussed with beck, jsing

diff --git a/lib/libcrypto/Makefile b/lib/libcrypto/Makefile
index 1caac51..f626c16 100644 (file)
--- a/lib/libcrypto/Makefile
+++ b/lib/libcrypto/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.47 2021/10/23 09:13:51 beck Exp $
+# $OpenBSD: Makefile,v 1.48 2021/10/31 16:51:16 tb Exp $
 
 LIB=   crypto
 LIBREBUILD=y
@@ -18,7 +18,7 @@ CFLAGS+= -Wall -Wundef
 .if ${COMPILER_VERSION:L} == "clang"
 CFLAGS+= -Werror
 .endif
-CFLAGS+= -DLIBRESSL_INTERNAL
+CFLAGS+= -DLIBRESSL_INTERNAL -DLIBRESSL_CRYPTO_INTERNAL
 
 .if !defined(NOPIC)
 CFLAGS+= -DDSO_DLFCN -DHAVE_DLFCN_H -DHAVE_FUNOPEN

diff --git a/lib/libcrypto/x509/x509.h b/lib/libcrypto/x509/x509.h
index 70e3f75..43b2307 100644 (file)
--- a/lib/libcrypto/x509/x509.h
+++ b/lib/libcrypto/x509/x509.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.h,v 1.84 2021/10/31 16:29:58 tb Exp $ */
+/* $OpenBSD: x509.h,v 1.85 2021/10/31 16:51:16 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -139,7 +139,7 @@ typedef struct X509_val_st {
        ASN1_TIME *notAfter;
 } X509_VAL;
 
-#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
+#if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
 struct X509_pubkey_st {
        X509_ALGOR *algor;
        ASN1_BIT_STRING *public_key;
@@ -164,7 +164,7 @@ typedef struct X509_name_entry_st X509_NAME_ENTRY;
 
 DECLARE_STACK_OF(X509_NAME_ENTRY)
 
-#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
+#if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
 /* we always keep X509_NAMEs in 2 forms. */
 struct X509_name_st {
        STACK_OF(X509_NAME_ENTRY) *entries;
@@ -184,7 +184,7 @@ DECLARE_STACK_OF(X509_NAME)
 
 #define X509_EX_V_NETSCAPE_HACK                0x8000
 #define X509_EX_V_INIT                 0x0001
-#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
+#if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
 typedef struct X509_extension_st {
        ASN1_OBJECT *object;
        ASN1_BOOLEAN critical;
@@ -199,7 +199,7 @@ typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;
 DECLARE_STACK_OF(X509_EXTENSION)
 
 /* a sequence of these are used */
-#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
+#if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
 typedef struct x509_attributes_st {
        ASN1_OBJECT *object;
        int single; /* 0 for a set, 1 for a single item (which is wrong) */
@@ -216,7 +216,7 @@ typedef struct x509_attributes_st X509_ATTRIBUTE;
 DECLARE_STACK_OF(X509_ATTRIBUTE)
 
 
-#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
+#if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
 typedef struct X509_req_info_st {
        ASN1_ENCODING enc;
        ASN1_INTEGER *version;
@@ -258,7 +258,7 @@ typedef struct x509_cinf_st X509_CINF;
  * the end of the certificate itself
  */
 
-#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
+#if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
 typedef struct x509_cert_aux_st {
        STACK_OF(ASN1_OBJECT) *trust;           /* trusted uses */
        STACK_OF(ASN1_OBJECT) *reject;          /* rejected uses */
@@ -272,7 +272,7 @@ typedef struct x509_cert_aux_st X509_CERT_AUX;
 
 struct x509_st;
 
-#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
+#if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
 struct x509_st {
        X509_CINF *cert_info;
        X509_ALGOR *sig_alg;
@@ -422,7 +422,7 @@ DECLARE_STACK_OF(X509_TRUST)
                        XN_FLAG_FN_LN | \
                        XN_FLAG_FN_ALIGN)
 
-#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
+#if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
 struct x509_revoked_st {
        ASN1_INTEGER *serialNumber;
        ASN1_TIME *revocationDate;
@@ -437,7 +437,7 @@ struct x509_revoked_st {
 
 DECLARE_STACK_OF(X509_REVOKED)
 
-#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
+#if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
 typedef struct X509_crl_info_st {
        ASN1_INTEGER *version;
        X509_ALGOR *sig_alg;
@@ -452,7 +452,7 @@ typedef struct X509_crl_info_st {
 typedef struct X509_crl_info_st X509_CRL_INFO;
 #endif
 
-#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
+#if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
 struct X509_crl_st {
        /* actual signature */
        X509_CRL_INFO *crl;
@@ -564,7 +564,7 @@ typedef struct PBKDF2PARAM_st {
 
 /* PKCS#8 private key info structure */
 
-#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
+#if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
 struct pkcs8_priv_key_info_st {
         ASN1_INTEGER *version;
         X509_ALGOR *pkeyalg;

diff --git a/lib/libcrypto/x509/x509_vfy.h b/lib/libcrypto/x509/x509_vfy.h
index d84df8a..676145c 100644 (file)
--- a/lib/libcrypto/x509/x509_vfy.h
+++ b/lib/libcrypto/x509/x509_vfy.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.h,v 1.43 2021/10/31 16:26:08 tb Exp $ */
+/* $OpenBSD: x509_vfy.h,v 1.44 2021/10/31 16:51:16 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -100,7 +100,7 @@ typedef enum {
        X509_LU_CRL,
 } X509_LOOKUP_TYPE;
 
-#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
+#if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
 typedef struct x509_object_st {
        /* one of the above types */
        int type;
@@ -120,7 +120,7 @@ typedef struct x509_lookup_st X509_LOOKUP;
 DECLARE_STACK_OF(X509_LOOKUP)
 DECLARE_STACK_OF(X509_OBJECT)
 
-#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
+#if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
 /* This is a static that defines the function interface */
 typedef struct x509_lookup_method_st {
        const char *name;
@@ -165,7 +165,7 @@ typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM;
 
 DECLARE_STACK_OF(X509_VERIFY_PARAM)
 
-#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
+#if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
 /*
  * This is used to hold everything.  It is used for all certificate
  * validation.  Once we have a certificate chain, the 'verify'
@@ -205,7 +205,7 @@ int X509_STORE_set_depth(X509_STORE *store, int depth);
 #define X509_STORE_set_verify_func(ctx,func)   ((ctx)->verify=(func))
 #endif
 
-#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
+#if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
 /* This is the functions plus an instance of the local variables. */
 struct x509_lookup_st {
        int init;                       /* have we been started */