Make libssl opaque. Move all structures that were previously protected by

OPENSSL_NO_SSL_INTERN into internal header files.

Reviewed-by: Richard Levitte <levitte@openssl.org>

1 files changed, 0 insertions, 204 deletions

diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index 23eb156c04..7d16d70de5 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -380,62 +380,6 @@ extern "C" {
 # define TLS1_HB_REQUEST         1
 # define TLS1_HB_RESPONSE        2
 
-# ifndef OPENSSL_NO_SSL_INTERN
-
-typedef struct ssl3_record_st {
-    /* type of record */
-    /*
-     * r
-     */ int type;
-    /* How many bytes available */
-    /*
-     * rw
-     */ unsigned int length;
-    /*
-     * How many bytes were available before padding was removed? This is used
-     * to implement the MAC check in constant time for CBC records.
-     */
-    /*
-     * rw
-     */ unsigned int orig_len;
-    /* read/write offset into 'buf' */
-    /*
-     * r
-     */ unsigned int off;
-    /* pointer to the record data */
-    /*
-     * rw
-     */ unsigned char *data;
-    /* where the decode bytes are */
-    /*
-     * rw
-     */ unsigned char *input;
-    /* only used with decompression - malloc()ed */
-    /*
-     * r
-     */ unsigned char *comp;
-    /* epoch number, needed by DTLS1 */
-    /*
-     * r
-     */ unsigned long epoch;
-    /* sequence number, needed by DTLS1 */
-    /*
-     * r
-     */ unsigned char seq_num[8];
-} SSL3_RECORD;
-
-typedef struct ssl3_buffer_st {
-    /* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */
-    unsigned char *buf;
-    /* buffer size */
-    size_t len;
-    /* where to 'copy from' */
-    int offset;
-    /* how many bytes left */
-    int left;
-} SSL3_BUFFER;
-
-# endif
 
 # define SSL3_CT_RSA_SIGN                        1
 # define SSL3_CT_DSS_SIGN                        2
@@ -465,154 +409,6 @@ typedef struct ssl3_buffer_st {
 /* Set if we encrypt then mac instead of usual mac then encrypt */
 # define TLS1_FLAGS_ENCRYPT_THEN_MAC             0x0100
 
-# ifndef OPENSSL_NO_SSL_INTERN
-
-typedef struct ssl3_state_st {
-    long flags;
-    int delay_buf_pop_ret;
-    unsigned char read_sequence[8];
-    int read_mac_secret_size;
-    unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
-    unsigned char write_sequence[8];
-    int write_mac_secret_size;
-    unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
-    unsigned char server_random[SSL3_RANDOM_SIZE];
-    unsigned char client_random[SSL3_RANDOM_SIZE];
-    /* flags for countermeasure against known-IV weakness */
-    int need_empty_fragments;
-    int empty_fragment_done;
-    /* The value of 'extra' when the buffers were initialized */
-    int init_extra;
-    SSL3_BUFFER rbuf;           /* read IO goes into here */
-    SSL3_BUFFER wbuf;           /* write IO goes into here */
-    SSL3_RECORD rrec;           /* each decoded record goes in here */
-    SSL3_RECORD wrec;           /* goes out from here */
-    /*
-     * storage for Alert/Handshake protocol data received but not yet
-     * processed by ssl3_read_bytes:
-     */
-    unsigned char alert_fragment[2];
-    unsigned int alert_fragment_len;
-    unsigned char handshake_fragment[4];
-    unsigned int handshake_fragment_len;
-    /* partial write - check the numbers match */
-    unsigned int wnum;          /* number of bytes sent so far */
-    int wpend_tot;              /* number bytes written */
-    int wpend_type;
-    int wpend_ret;              /* number of bytes submitted */
-    const unsigned char *wpend_buf;
-    /* used during startup, digest all incoming/outgoing packets */
-    BIO *handshake_buffer;
-    /*
-     * When set of handshake digests is determined, buffer is hashed and
-     * freed and MD_CTX-es for all required digests are stored in this array
-     */
-    EVP_MD_CTX **handshake_dgst;
-    /*
-     * Set whenever an expected ChangeCipherSpec message is processed.
-     * Unset when the peer's Finished message is received.
-     * Unexpected ChangeCipherSpec messages trigger a fatal alert.
-     */
-    int change_cipher_spec;
-    int warn_alert;
-    int fatal_alert;
-    /*
-     * we allow one fatal and one warning alert to be outstanding, send close
-     * alert via the warning alert
-     */
-    int alert_dispatch;
-    unsigned char send_alert[2];
-    /*
-     * This flag is set when we should renegotiate ASAP, basically when there
-     * is no more data in the read or write buffers
-     */
-    int renegotiate;
-    int total_renegotiations;
-    int num_renegotiations;
-    int in_read_app_data;
-    struct {
-        /* actually only needs to be 16+20 */
-        unsigned char cert_verify_md[EVP_MAX_MD_SIZE * 2];
-        /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
-        unsigned char finish_md[EVP_MAX_MD_SIZE * 2];
-        int finish_md_len;
-        unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2];
-        int peer_finish_md_len;
-        unsigned long message_size;
-        int message_type;
-        /* used to hold the new cipher we are going to use */
-        const SSL_CIPHER *new_cipher;
-#  ifndef OPENSSL_NO_DH
-        DH *dh;
-#  endif
-#  ifndef OPENSSL_NO_ECDH
-        EC_KEY *ecdh;           /* holds short lived ECDH key */
-#  endif
-        /* used when SSL_ST_FLUSH_DATA is entered */
-        int next_state;
-        int reuse_message;
-        /* used for certificate requests */
-        int cert_req;
-        int ctype_num;
-        char ctype[SSL3_CT_NUMBER];
-        STACK_OF(X509_NAME) *ca_names;
-        int use_rsa_tmp;
-        int key_block_length;
-        unsigned char *key_block;
-        const EVP_CIPHER *new_sym_enc;
-        const EVP_MD *new_hash;
-        int new_mac_pkey_type;
-        int new_mac_secret_size;
-#  ifndef OPENSSL_NO_COMP
-        const SSL_COMP *new_compression;
-#  else
-        char *new_compression;
-#  endif
-        int cert_request;
-    } tmp;
-
-    /* Connection binding to prevent renegotiation attacks */
-    unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
-    unsigned char previous_client_finished_len;
-    unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
-    unsigned char previous_server_finished_len;
-    int send_connection_binding; /* TODOEKR */
-
-#  ifndef OPENSSL_NO_NEXTPROTONEG
-    /*
-     * Set if we saw the Next Protocol Negotiation extension from our peer.
-     */
-    int next_proto_neg_seen;
-#  endif
-
-#  ifndef OPENSSL_NO_TLSEXT
-
-    /*
-     * ALPN information (we are in the process of transitioning from NPN to
-     * ALPN.)
-     */
-
-    /*
-     * In a server these point to the selected ALPN protocol after the
-     * ClientHello has been processed. In a client these contain the protocol
-     * that the server selected once the ServerHello has been processed.
-     */
-    unsigned char *alpn_selected;
-    unsigned alpn_selected_len;
-
-#   ifndef OPENSSL_NO_EC
-    /*
-     * This is set to true if we believe that this is a version of Safari
-     * running on OS X 10.6 or newer. We wish to know this because Safari on
-     * 10.8 .. 10.8.3 has broken ECDHE-ECDSA support.
-     */
-    char is_probably_safari;
-#   endif                       /* !OPENSSL_NO_EC */
-
-#  endif                        /* !OPENSSL_NO_TLSEXT */
-} SSL3_STATE;
-
-# endif
 
 /* SSLv3 */
 /*