Fix BoringSSL public includes for Tree-sitter parsability.

- `<openssl/base.h>`, `<openssl/span.h>`, `<openssl/stack.h>`: moved
  includes out of extern block (as parse errors inside them due to using
  compiler specific extensions confuse Tree-sitter).
- `<openssl/ssl.h>`: work around Tree-sitter bugs regarding
  distunguishing expression statements from declarations by adding a
  typedef (which improves readability anyway).

Bug: 42220000
Change-Id: I9b92b4deb9f1b7f822589cf45e8cca520573ae58
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/84847
Reviewed-by: Adam Langley <agl@google.com>
Auto-Submit: Rudolf Polzer <rpolzer@google.com>
Commit-Queue: Adam Langley <agl@google.com>
diff --git a/include/openssl/base.h b/include/openssl/base.h
index e8d070c..f1eb590 100644
--- a/include/openssl/base.h
+++ b/include/openssl/base.h
@@ -415,10 +415,10 @@
 
 #if !defined(BORINGSSL_NO_CXX)
 
-extern "C++" {
-
 #include <memory>
 
+extern "C++" {
+
 // STLPort, used by some Android consumers, not have std::unique_ptr.
 #if defined(_STLPORT_VERSION)
 #define BORINGSSL_NO_CXX
diff --git a/include/openssl/span.h b/include/openssl/span.h
index 428a9f3..837c150 100644
--- a/include/openssl/span.h
+++ b/include/openssl/span.h
@@ -19,8 +19,6 @@
 
 #if !defined(BORINGSSL_NO_CXX)
 
-extern "C++" {
-
 #include <stdlib.h>
 
 #include <algorithm>
@@ -37,6 +35,8 @@
 #include <ranges>
 #endif
 
+extern "C++" {
+
 BSSL_NAMESPACE_BEGIN
 inline constexpr size_t dynamic_extent = std::numeric_limits<size_t>::max();
 
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index ff68ba6..a7d5954 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2264,6 +2264,10 @@
 // of time |time|. If |time| is zero, all sessions are removed.
 OPENSSL_EXPORT void SSL_CTX_flush_sessions(SSL_CTX *ctx, uint64_t time);
 
+// SSL_new_session_cb is the type of the callback that is called when a new
+// session is established and ready to be cached.
+typedef int (*SSL_new_session_cb)(SSL *ssl, SSL_SESSION *session);
+
 // SSL_CTX_sess_set_new_cb sets the callback to be called when a new session is
 // established and ready to be cached. If the session cache is disabled (the
 // appropriate one of |SSL_SESS_CACHE_CLIENT| or |SSL_SESS_CACHE_SERVER| is
@@ -2282,13 +2286,16 @@
 // |SSL_do_handshake| or |SSL_connect| completes if False Start is enabled. Thus
 // it's recommended to use this callback over calling |SSL_get_session| on
 // handshake completion.
-OPENSSL_EXPORT void SSL_CTX_sess_set_new_cb(
-    SSL_CTX *ctx, int (*new_session_cb)(SSL *ssl, SSL_SESSION *session));
+OPENSSL_EXPORT void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
+                                            SSL_new_session_cb new_session_cb);
 
 // SSL_CTX_sess_get_new_cb returns the callback set by
 // |SSL_CTX_sess_set_new_cb|.
-OPENSSL_EXPORT int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(
-    SSL *ssl, SSL_SESSION *session);
+OPENSSL_EXPORT SSL_new_session_cb SSL_CTX_sess_get_new_cb(SSL_CTX *ctx);
+
+// SSL_remove_session_cb is the type of the callback that is called when a
+// session is removed from the internal session cache.
+typedef void (*SSL_remove_session_cb)(SSL_CTX *ctx, SSL_SESSION *session);
 
 // SSL_CTX_sess_set_remove_cb sets a callback which is called when a session is
 // removed from the internal session cache.
@@ -2296,13 +2303,16 @@
 // TODO(davidben): What is the point of this callback? It seems useless since it
 // only fires on sessions in the internal cache.
 OPENSSL_EXPORT void SSL_CTX_sess_set_remove_cb(
-    SSL_CTX *ctx,
-    void (*remove_session_cb)(SSL_CTX *ctx, SSL_SESSION *session));
+    SSL_CTX *ctx, SSL_remove_session_cb remove_session_cb);
 
 // SSL_CTX_sess_get_remove_cb returns the callback set by
 // |SSL_CTX_sess_set_remove_cb|.
-OPENSSL_EXPORT void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(
-    SSL_CTX *ctx, SSL_SESSION *session);
+OPENSSL_EXPORT SSL_remove_session_cb SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx);
+
+// SSL_get_session_cb is the type of the callback that is called to look up a
+// session by ID for a server.
+typedef SSL_SESSION *(*SSL_get_session_cb)(SSL *ssl, const uint8_t *id,
+                                           int id_len, int *out_copy);
 
 // SSL_CTX_sess_set_get_cb sets a callback to look up a session by ID for a
 // server. The callback is passed the session ID and should return a matching
@@ -2323,14 +2333,12 @@
 //
 // If the internal session cache is enabled, the callback is only consulted if
 // the internal cache does not return a match.
-OPENSSL_EXPORT void SSL_CTX_sess_set_get_cb(
-    SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(SSL *ssl, const uint8_t *id,
-                                                 int id_len, int *out_copy));
+OPENSSL_EXPORT void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
+                                            SSL_get_session_cb get_session_cb);
 
 // SSL_CTX_sess_get_get_cb returns the callback set by
 // |SSL_CTX_sess_set_get_cb|.
-OPENSSL_EXPORT SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(
-    SSL *ssl, const uint8_t *id, int id_len, int *out_copy);
+OPENSSL_EXPORT SSL_get_session_cb SSL_CTX_sess_get_get_cb(SSL_CTX *ctx);
 
 // SSL_magic_pending_session_ptr returns a magic |SSL_SESSION|* which indicates
 // that the session isn't currently unavailable. |SSL_get_error| will then
diff --git a/include/openssl/stack.h b/include/openssl/stack.h
index f422403..151bd98 100644
--- a/include/openssl/stack.h
+++ b/include/openssl/stack.h
@@ -521,10 +521,11 @@
 #endif
 
 #if !defined(BORINGSSL_NO_CXX)
-extern "C++" {
 
 #include <type_traits>
 
+extern "C++" {
+
 BSSL_NAMESPACE_BEGIN
 
 namespace internal {