Make libssl opaque. Move all structures that were previously protected by

#include <openssl/crypto.h>

#include <openssl/bio.h>

#include <openssl/err.h>

#include <openssl/ssl.h>

#include "ssl_locl.h"

static int ssl_write(BIO *h, const char *buf, int num);

static int ssl_read(BIO *h, char *buf, int size);

#  define DTLS1_AL_HEADER_LENGTH                   2

# endif

# ifndef OPENSSL_NO_SSL_INTERN

#  ifndef OPENSSL_NO_SCTP

#   define DTLS1_SCTP_AUTH_LABEL   "EXPORTER_DTLS_OVER_SCTP"

#  endif

/* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */

#  define DTLS1_MAX_MTU_OVERHEAD                   48

typedef struct dtls1_bitmap_st {

    unsigned long map;          /* track 32 packets on 32-bit systems and 64

                                 * - on 64-bit systems */

    unsigned char max_seq_num[8]; /* max record number seen so far, 64-bit

                                   * value in big-endian encoding */

} DTLS1_BITMAP;

struct dtls1_retransmit_state {

    EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */

    EVP_MD_CTX *write_hash;     /* used for mac generation */

#  ifndef OPENSSL_NO_COMP

    COMP_CTX *compress;         /* compression */

#  else

    char *compress;

#  endif

    SSL_SESSION *session;

    unsigned short epoch;

};

struct hm_header_st {

    unsigned char type;

    unsigned long msg_len;

    unsigned short seq;

    unsigned long frag_off;

    unsigned long frag_len;

    unsigned int is_ccs;

    struct dtls1_retransmit_state saved_retransmit_state;

};

struct ccs_header_st {

    unsigned char type;

    unsigned short seq;

};

struct dtls1_timeout_st {

    /* Number of read timeouts so far */

    unsigned int read_timeouts;

    /* Number of write timeouts so far */

    unsigned int write_timeouts;

    /* Number of alerts received so far */

    unsigned int num_alerts;

};

typedef struct record_pqueue_st {

    unsigned short epoch;

    pqueue q;

} record_pqueue;

typedef struct hm_fragment_st {

    struct hm_header_st msg_header;

    unsigned char *fragment;

    unsigned char *reassembly;

} hm_fragment;

typedef struct dtls1_state_st {

    unsigned int send_cookie;

    unsigned char cookie[DTLS1_COOKIE_LENGTH];

    unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH];

    unsigned int cookie_len;

    /*

     * The current data and handshake epoch.  This is initially

     * undefined, and starts at zero once the initial handshake is

     * completed

     */

    unsigned short r_epoch;

    unsigned short w_epoch;

    /* records being received in the current epoch */

    DTLS1_BITMAP bitmap;

    /* renegotiation starts a new set of sequence numbers */

    DTLS1_BITMAP next_bitmap;

    /* handshake message numbers */

    unsigned short handshake_write_seq;

    unsigned short next_handshake_write_seq;

    unsigned short handshake_read_seq;

    /* save last sequence number for retransmissions */

    unsigned char last_write_sequence[8];

    /* Received handshake records (processed and unprocessed) */

    record_pqueue unprocessed_rcds;

    record_pqueue processed_rcds;

    /* Buffered handshake messages */

    pqueue buffered_messages;

    /* Buffered (sent) handshake records */

    pqueue sent_messages;

    /*

     * Buffered application records. Only for records between CCS and

     * Finished to prevent either protocol violation or unnecessary message

     * loss.

     */

    record_pqueue buffered_app_data;

    /* Is set when listening for new connections with dtls1_listen() */

    unsigned int listen;

    unsigned int link_mtu;      /* max on-the-wire DTLS packet size */

    unsigned int mtu;           /* max DTLS packet size */

    struct hm_header_st w_msg_hdr;

    struct hm_header_st r_msg_hdr;

    struct dtls1_timeout_st timeout;

    /*

     * Indicates when the last handshake msg or heartbeat sent will timeout

     */

    struct timeval next_timeout;

    /* Timeout duration */

    unsigned short timeout_duration;

    /*

     * storage for Alert/Handshake protocol data received but not yet

     * processed by ssl3_read_bytes:

     */

    unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];

    unsigned int alert_fragment_len;

    unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];

    unsigned int handshake_fragment_len;

    unsigned int retransmitting;

    /*

     * Set when the handshake is ready to process peer's ChangeCipherSpec message.

     * Cleared after the message has been processed.

     */

    unsigned int change_cipher_spec_ok;

#  ifndef OPENSSL_NO_SCTP

    /* used when SSL_ST_XX_FLUSH is entered */

    int next_state;

    int shutdown_received;

#  endif

} DTLS1_STATE;

typedef struct dtls1_record_data_st {

    unsigned char *packet;

    unsigned int packet_length;

    SSL3_BUFFER rbuf;

    SSL3_RECORD rrec;

#  ifndef OPENSSL_NO_SCTP

    struct bio_dgram_sctp_rcvinfo recordinfo;

#  endif

} DTLS1_RECORD_DATA;

# endif

/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */

# define DTLS1_TMO_READ_COUNT                      2

# define TLS1_HB_REQUEST         1

# define TLS1_HB_RESPONSE        2

# ifndef OPENSSL_NO_SSL_INTERN

typedef struct ssl3_record_st {

    /* type of record */

    /*

     * r

     */ int type;

    /* How many bytes available */

    /*

     * rw

     */ unsigned int length;

    /*

     * How many bytes were available before padding was removed? This is used

     * to implement the MAC check in constant time for CBC records.

     */

    /*

     * rw

     */ unsigned int orig_len;

    /* read/write offset into 'buf' */

    /*

     * r

     */ unsigned int off;

    /* pointer to the record data */

    /*

     * rw

     */ unsigned char *data;

    /* where the decode bytes are */

    /*

     * rw

     */ unsigned char *input;

    /* only used with decompression - malloc()ed */

    /*

     * r

     */ unsigned char *comp;

    /* epoch number, needed by DTLS1 */

    /*

     * r

     */ unsigned long epoch;

    /* sequence number, needed by DTLS1 */

    /*

     * r

     */ unsigned char seq_num[8];

} SSL3_RECORD;

typedef struct ssl3_buffer_st {

    /* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */

    unsigned char *buf;

    /* buffer size */

    size_t len;

    /* where to 'copy from' */

    int offset;

    /* how many bytes left */

    int left;

} SSL3_BUFFER;

# endif

# define SSL3_CT_RSA_SIGN                        1

# define SSL3_CT_DSS_SIGN                        2

/* Set if we encrypt then mac instead of usual mac then encrypt */

# define TLS1_FLAGS_ENCRYPT_THEN_MAC             0x0100

# ifndef OPENSSL_NO_SSL_INTERN

typedef struct ssl3_state_st {

    long flags;

    int delay_buf_pop_ret;

    unsigned char read_sequence[8];

    int read_mac_secret_size;

    unsigned char read_mac_secret[EVP_MAX_MD_SIZE];

    unsigned char write_sequence[8];

    int write_mac_secret_size;

    unsigned char write_mac_secret[EVP_MAX_MD_SIZE];

    unsigned char server_random[SSL3_RANDOM_SIZE];

    unsigned char client_random[SSL3_RANDOM_SIZE];

    /* flags for countermeasure against known-IV weakness */

    int need_empty_fragments;

    int empty_fragment_done;

    /* The value of 'extra' when the buffers were initialized */

    int init_extra;

    SSL3_BUFFER rbuf;           /* read IO goes into here */

    SSL3_BUFFER wbuf;           /* write IO goes into here */

    SSL3_RECORD rrec;           /* each decoded record goes in here */

    SSL3_RECORD wrec;           /* goes out from here */

    /*

     * storage for Alert/Handshake protocol data received but not yet

     * processed by ssl3_read_bytes:

     */

    unsigned char alert_fragment[2];

    unsigned int alert_fragment_len;

    unsigned char handshake_fragment[4];

    unsigned int handshake_fragment_len;

    /* partial write - check the numbers match */

    unsigned int wnum;          /* number of bytes sent so far */

    int wpend_tot;              /* number bytes written */

    int wpend_type;

    int wpend_ret;              /* number of bytes submitted */

    const unsigned char *wpend_buf;

    /* used during startup, digest all incoming/outgoing packets */

    BIO *handshake_buffer;

    /*

     * When set of handshake digests is determined, buffer is hashed and

     * freed and MD_CTX-es for all required digests are stored in this array

     */

    EVP_MD_CTX **handshake_dgst;

    /*

     * Set whenever an expected ChangeCipherSpec message is processed.

     * Unset when the peer's Finished message is received.

     * Unexpected ChangeCipherSpec messages trigger a fatal alert.

     */

    int change_cipher_spec;

    int warn_alert;

    int fatal_alert;

    /*

     * we allow one fatal and one warning alert to be outstanding, send close

     * alert via the warning alert

     */

    int alert_dispatch;

    unsigned char send_alert[2];

    /*

     * This flag is set when we should renegotiate ASAP, basically when there

     * is no more data in the read or write buffers

     */

    int renegotiate;

    int total_renegotiations;

    int num_renegotiations;

    int in_read_app_data;

    struct {

        /* actually only needs to be 16+20 */

        unsigned char cert_verify_md[EVP_MAX_MD_SIZE * 2];

        /* actually only need to be 16+20 for SSLv3 and 12 for TLS */

        unsigned char finish_md[EVP_MAX_MD_SIZE * 2];

        int finish_md_len;

        unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2];

        int peer_finish_md_len;

        unsigned long message_size;

        int message_type;

        /* used to hold the new cipher we are going to use */

        const SSL_CIPHER *new_cipher;

#  ifndef OPENSSL_NO_DH

        DH *dh;

#  endif

#  ifndef OPENSSL_NO_ECDH

        EC_KEY *ecdh;           /* holds short lived ECDH key */

#  endif

        /* used when SSL_ST_FLUSH_DATA is entered */

        int next_state;

        int reuse_message;

        /* used for certificate requests */

        int cert_req;

        int ctype_num;

        char ctype[SSL3_CT_NUMBER];

        STACK_OF(X509_NAME) *ca_names;

        int use_rsa_tmp;

        int key_block_length;

        unsigned char *key_block;

        const EVP_CIPHER *new_sym_enc;

        const EVP_MD *new_hash;

        int new_mac_pkey_type;

        int new_mac_secret_size;

#  ifndef OPENSSL_NO_COMP

        const SSL_COMP *new_compression;

#  else

        char *new_compression;

#  endif

        int cert_request;

    } tmp;

    /* Connection binding to prevent renegotiation attacks */

    unsigned char previous_client_finished[EVP_MAX_MD_SIZE];

    unsigned char previous_client_finished_len;

    unsigned char previous_server_finished[EVP_MAX_MD_SIZE];

    unsigned char previous_server_finished_len;

    int send_connection_binding; /* TODOEKR */

#  ifndef OPENSSL_NO_NEXTPROTONEG

    /*

     * Set if we saw the Next Protocol Negotiation extension from our peer.

     */

    int next_proto_neg_seen;

#  endif

#  ifndef OPENSSL_NO_TLSEXT

    /*

     * ALPN information (we are in the process of transitioning from NPN to

     * ALPN.)

     */

    /*

     * In a server these point to the selected ALPN protocol after the

     * ClientHello has been processed. In a client these contain the protocol

     * that the server selected once the ServerHello has been processed.

     */

    unsigned char *alpn_selected;

    unsigned alpn_selected_len;

#   ifndef OPENSSL_NO_EC

    /*

     * This is set to true if we believe that this is a version of Safari

     * running on OS X 10.6 or newer. We wish to know this because Safari on

     * 10.8 .. 10.8.3 has broken ECDHE-ECDSA support.

     */

    char is_probably_safari;

#   endif                       /* !OPENSSL_NO_EC */

#  endif                        /* !OPENSSL_NO_TLSEXT */

} SSL3_STATE;

# endif

/* SSLv3 */

/*