From 47ccd49111fe110183d4a93c6183695e41c656c4 Mon Sep 17 00:00:00 2001 From: jsing Date: Fri, 15 Oct 2021 16:48:46 +0000 Subject: [PATCH] Move various structs from ssl.h/tls1.h to ssl_locl.h. These were already under LIBRESSL_INTERNAL hence no ABI change. ok tb@ --- lib/libssl/ssl.h | 131 +----------------------------------------- lib/libssl/ssl_locl.h | 127 +++++++++++++++++++++++++++++++++++++++- lib/libssl/tls1.h | 10 +--- 3 files changed, 128 insertions(+), 140 deletions(-) diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h index 2c208b098bd..2a55cf0efb0 100644 --- a/lib/libssl/ssl.h +++ b/lib/libssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.209 2021/09/14 23:07:18 inoguchi Exp $ */ +/* $OpenBSD: ssl.h,v 1.210 2021/10/15 16:48:46 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -357,9 +357,6 @@ extern "C" { * in SSL_CTX. */ typedef struct ssl_st *ssl_crock_st; -#if defined(LIBRESSL_INTERNAL) -typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT; -#endif typedef struct ssl_method_st SSL_METHOD; typedef struct ssl_cipher_st SSL_CIPHER; typedef struct ssl_session_st SSL_SESSION; @@ -537,57 +534,10 @@ typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id, typedef struct ssl_comp_st SSL_COMP; #ifdef LIBRESSL_INTERNAL - -struct ssl_comp_st { - int id; - const char *name; -}; - DECLARE_STACK_OF(SSL_COMP) struct lhash_st_SSL_SESSION { int dummy; }; - -struct ssl_ctx_internal_st; - -struct ssl_ctx_st { - const SSL_METHOD *method; - - STACK_OF(SSL_CIPHER) *cipher_list; - - struct x509_store_st /* X509_STORE */ *cert_store; - - /* If timeout is not 0, it is the default timeout value set - * when SSL_new() is called. This has been put in to make - * life easier to set things up */ - long session_timeout; - - int references; - - /* Default values to use in SSL structures follow (these are copied by SSL_new) */ - - STACK_OF(X509) *extra_certs; - - int verify_mode; - unsigned int sid_ctx_length; - unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; - - X509_VERIFY_PARAM *param; - - /* - * XXX - * default_passwd_cb used by python and openvpn, need to keep it until we - * add an accessor - */ - /* Default password callback. */ - pem_password_cb *default_passwd_callback; - - /* Default password callback user data. */ - void *default_passwd_callback_userdata; - - struct ssl_ctx_internal_st *internal; -}; - #endif #define SSL_SESS_CACHE_OFF 0x0000 @@ -703,85 +653,6 @@ void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb); #define SSL_MAC_FLAG_READ_MAC_STREAM 1 #define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 -#if defined(LIBRESSL_INTERNAL) -struct ssl_internal_st; - -struct ssl_st { - /* protocol version - * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION) - */ - int version; - - const SSL_METHOD *method; /* SSLv3 */ - - /* There are 2 BIO's even though they are normally both the - * same. This is so data can be read and written to different - * handlers */ - - BIO *rbio; /* used by SSL_read */ - BIO *wbio; /* used by SSL_write */ - BIO *bbio; /* used during session-id reuse to concatenate - * messages */ - int server; /* are we the server side? - mostly used by SSL_clear*/ - - struct ssl3_state_st *s3; /* SSLv3 variables */ - struct dtls1_state_st *d1; /* DTLSv1 variables */ - - X509_VERIFY_PARAM *param; - - /* crypto */ - STACK_OF(SSL_CIPHER) *cipher_list; - - /* This is used to hold the server certificate used */ - struct cert_st /* CERT */ *cert; - - /* the session_id_context is used to ensure sessions are only reused - * in the appropriate context */ - unsigned int sid_ctx_length; - unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; - - /* This can also be in the session once a session is established */ - SSL_SESSION *session; - - /* Used in SSL2 and SSL3 */ - int verify_mode; /* 0 don't care about verify failure. - * 1 fail if verify fails */ - int error; /* error bytes to be written */ - int error_code; /* actual code */ - - SSL_CTX *ctx; - - long verify_result; - - int references; - - int client_version; /* what was passed, used for - * SSLv3/TLS rollback check */ - - unsigned int max_send_fragment; - - char *tlsext_hostname; - - /* certificate status request info */ - /* Status type or -1 if no status type */ - int tlsext_status_type; - - SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ -#define session_ctx initial_ctx - - /* - * XXX really should be internal, but is - * touched unnaturally by wpa-supplicant - * and freeradius and other perversions - */ - EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ - EVP_MD_CTX *read_hash; /* used for mac generation */ - - struct ssl_internal_st *internal; -}; - -#endif - #ifdef __cplusplus } #endif diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 7ff3e0713dc..f102c2fc95c 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.358 2021/08/30 19:25:43 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.359 2021/10/15 16:48:47 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -361,6 +361,11 @@ __BEGIN_HIDDEN_DECLS #define EXPLICIT_CHAR2_CURVE_TYPE 2 #define NAMED_CURVE_TYPE 3 +struct ssl_comp_st { + int id; + const char *name; +}; + struct ssl_cipher_st { int valid; const char *name; /* text name */ @@ -611,6 +616,14 @@ typedef struct ssl_handshake_st { SSL_HANDSHAKE_TLS13 tls13; } SSL_HANDSHAKE; +typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT; + +/* TLS Session Ticket extension struct. */ +struct tls_session_ticket_ext_st { + unsigned short length; + void *data; +}; + struct tls12_key_block; struct tls12_key_block *tls12_key_block_new(void); @@ -832,6 +845,44 @@ typedef struct ssl_ctx_internal_st { uint16_t *tlsext_supportedgroups; /* our list */ } SSL_CTX_INTERNAL; +struct ssl_ctx_st { + const SSL_METHOD *method; + + STACK_OF(SSL_CIPHER) *cipher_list; + + struct x509_store_st /* X509_STORE */ *cert_store; + + /* If timeout is not 0, it is the default timeout value set + * when SSL_new() is called. This has been put in to make + * life easier to set things up */ + long session_timeout; + + int references; + + /* Default values to use in SSL structures follow (these are copied by SSL_new) */ + + STACK_OF(X509) *extra_certs; + + int verify_mode; + unsigned int sid_ctx_length; + unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; + + X509_VERIFY_PARAM *param; + + /* + * XXX + * default_passwd_cb used by python and openvpn, need to keep it until we + * add an accessor + */ + /* Default password callback. */ + pem_password_cb *default_passwd_callback; + + /* Default password callback user data. */ + void *default_passwd_callback_userdata; + + struct ssl_ctx_internal_st *internal; +}; + typedef struct ssl_internal_st { struct tls13_ctx *tls13; @@ -973,6 +1024,80 @@ typedef struct ssl_internal_st { int empty_record_count; } SSL_INTERNAL; +struct ssl_st { + /* protocol version + * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION) + */ + int version; + + const SSL_METHOD *method; /* SSLv3 */ + + /* There are 2 BIO's even though they are normally both the + * same. This is so data can be read and written to different + * handlers */ + + BIO *rbio; /* used by SSL_read */ + BIO *wbio; /* used by SSL_write */ + BIO *bbio; /* used during session-id reuse to concatenate + * messages */ + int server; /* are we the server side? - mostly used by SSL_clear*/ + + struct ssl3_state_st *s3; /* SSLv3 variables */ + struct dtls1_state_st *d1; /* DTLSv1 variables */ + + X509_VERIFY_PARAM *param; + + /* crypto */ + STACK_OF(SSL_CIPHER) *cipher_list; + + /* This is used to hold the server certificate used */ + struct cert_st /* CERT */ *cert; + + /* the session_id_context is used to ensure sessions are only reused + * in the appropriate context */ + unsigned int sid_ctx_length; + unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; + + /* This can also be in the session once a session is established */ + SSL_SESSION *session; + + /* Used in SSL2 and SSL3 */ + int verify_mode; /* 0 don't care about verify failure. + * 1 fail if verify fails */ + int error; /* error bytes to be written */ + int error_code; /* actual code */ + + SSL_CTX *ctx; + + long verify_result; + + int references; + + int client_version; /* what was passed, used for + * SSLv3/TLS rollback check */ + + unsigned int max_send_fragment; + + char *tlsext_hostname; + + /* certificate status request info */ + /* Status type or -1 if no status type */ + int tlsext_status_type; + + SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ +#define session_ctx initial_ctx + + /* + * XXX really should be internal, but is + * touched unnaturally by wpa-supplicant + * and freeradius and other perversions + */ + EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ + EVP_MD_CTX *read_hash; /* used for mac generation */ + + struct ssl_internal_st *internal; +}; + typedef struct ssl3_record_internal_st { int type; /* type of record */ unsigned int length; /* How many bytes available */ diff --git a/lib/libssl/tls1.h b/lib/libssl/tls1.h index cb06a539699..90523dd0f98 100644 --- a/lib/libssl/tls1.h +++ b/lib/libssl/tls1.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls1.h,v 1.49 2021/09/10 14:57:31 tb Exp $ */ +/* $OpenBSD: tls1.h,v 1.50 2021/10/15 16:48:47 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -761,14 +761,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) #define TLS_MD_MASTER_SECRET_CONST "master secret" #define TLS_MD_MASTER_SECRET_CONST_SIZE 13 -#if defined(LIBRESSL_INTERNAL) -/* TLS Session Ticket extension struct. */ -struct tls_session_ticket_ext_st { - unsigned short length; - void *data; -}; -#endif - #ifdef __cplusplus } #endif -- 2.20.1