Switch BORINGSSL_INTERNAL_CXX_TYPES in favor of subclassing games.
The previous attempt around the 'struct ssl_st' compatibility mess
offended OSS-Fuzz and UBSan because one compilation unit passed a
function pointer with ssl_st* and another called it with
bssl::SSLConnection*.
Linkers don't retain such types, of course, but to silence this alert,
instead make C-visible types be separate from the implementation and
subclass the public type. This does mean we risk polluting the symbol
namespace, but hopefully the compiler is smart enough to inline the
visible struct's constructor and destructor.
Bug: 132
Change-Id: Ia75a89b3a22a202883ad671a630b72d0aeef680e
Reviewed-on: https://boringssl-review.googlesource.com/18224
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
diff --git a/include/openssl/base.h b/include/openssl/base.h
index 37d4419..dec0e3f 100644
--- a/include/openssl/base.h
+++ b/include/openssl/base.h
@@ -317,8 +317,10 @@
typedef struct srtp_protection_profile_st SRTP_PROTECTION_PROFILE;
typedef struct ssl_cipher_st SSL_CIPHER;
typedef struct ssl_ctx_st SSL_CTX;
+typedef struct ssl_method_st SSL_METHOD;
typedef struct ssl_private_key_method_st SSL_PRIVATE_KEY_METHOD;
typedef struct ssl_session_st SSL_SESSION;
+typedef struct ssl_st SSL;
typedef struct ssl_ticket_aead_method_st SSL_TICKET_AEAD_METHOD;
typedef struct st_ERR_FNS ERR_FNS;
typedef struct v3_ext_ctx X509V3_CTX;
@@ -335,25 +337,6 @@
typedef void *OPENSSL_BLOCK;
-/* The following opaque types are visible in public header files but are defined
- * internally in C++. For compatibility with projects which copy the historical
- * typedefs in forward declarations, the typedefs cannot change for external
- * consumers. The C++ implementation files define |BORINGSSL_INTERNAL_CXX_TYPES|
- * to namespace the underlying types. */
-#if defined(BORINGSSL_INTERNAL_CXX_TYPES)
-extern "C++" {
-namespace bssl {
-struct SSLConnection;
-struct SSLMethod;
-}
-using SSL = bssl::SSLConnection;
-using SSL_METHOD = bssl::SSLMethod;
-}
-#else
-typedef struct ssl_st SSL;
-typedef struct ssl_method_st SSL_METHOD;
-#endif
-
#if defined(__cplusplus)
} /* extern C */
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index e60bb88..04ec4b8 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -3985,22 +3985,8 @@
/* TODO(davidben): Opaquify most or all of |SSL_CTX| and |SSL_SESSION| so these
* forward declarations are not needed. */
-#if defined(BORINGSSL_INTERNAL_CXX_TYPES)
-extern "C++" {
-namespace bssl {
-struct CERT;
-struct SSLProtocolMethod;
-struct SSLX509Method;
-}
-using SSL_CERT_CONFIG = bssl::CERT;
-using SSL_PROTOCOL_METHOD = bssl::SSLProtocolMethod;
-using SSL_X509_METHOD = bssl::SSLX509Method;
-}
-#else
-typedef struct ssl_cert_config_st SSL_CERT_CONFIG;
typedef struct ssl_protocol_method_st SSL_PROTOCOL_METHOD;
typedef struct ssl_x509_method_st SSL_X509_METHOD;
-#endif
DECLARE_STACK_OF(SSL_CUSTOM_EXTENSION)
@@ -4298,7 +4284,7 @@
uint32_t mode;
uint32_t max_cert_list;
- SSL_CERT_CONFIG *cert;
+ struct cert_st *cert;
/* callback that allows applications to peek at protocol messages */
void (*msg_callback)(int write_p, int version, int content_type,
diff --git a/ssl/custom_extensions.cc b/ssl/custom_extensions.cc
index 84463fa..d86bd48 100644
--- a/ssl/custom_extensions.cc
+++ b/ssl/custom_extensions.cc
@@ -12,8 +12,6 @@
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <openssl/ssl.h>
#include <assert.h>
diff --git a/ssl/d1_both.cc b/ssl/d1_both.cc
index 591189f..3a46977 100644
--- a/ssl/d1_both.cc
+++ b/ssl/d1_both.cc
@@ -111,8 +111,6 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.] */
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <openssl/ssl.h>
#include <assert.h>
diff --git a/ssl/d1_lib.cc b/ssl/d1_lib.cc
index 2157ab7..8ef1aa2 100644
--- a/ssl/d1_lib.cc
+++ b/ssl/d1_lib.cc
@@ -54,8 +54,6 @@
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com). */
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <openssl/ssl.h>
#include <assert.h>
diff --git a/ssl/d1_pkt.cc b/ssl/d1_pkt.cc
index 189c85b..52e8111 100644
--- a/ssl/d1_pkt.cc
+++ b/ssl/d1_pkt.cc
@@ -109,8 +109,6 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.] */
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <openssl/ssl.h>
#include <assert.h>
diff --git a/ssl/d1_srtp.cc b/ssl/d1_srtp.cc
index 829e8ba..2d94bd2 100644
--- a/ssl/d1_srtp.cc
+++ b/ssl/d1_srtp.cc
@@ -114,8 +114,6 @@
Copyright (C) 2011, RTFM, Inc.
*/
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <openssl/ssl.h>
#include <string.h>
diff --git a/ssl/dtls_method.cc b/ssl/dtls_method.cc
index 245f1c3..15c4608 100644
--- a/ssl/dtls_method.cc
+++ b/ssl/dtls_method.cc
@@ -54,8 +54,6 @@
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com). */
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <openssl/ssl.h>
#include <assert.h>
diff --git a/ssl/dtls_record.cc b/ssl/dtls_record.cc
index 5c77165..c7ee646 100644
--- a/ssl/dtls_record.cc
+++ b/ssl/dtls_record.cc
@@ -109,8 +109,6 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.] */
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <openssl/ssl.h>
#include <assert.h>
diff --git a/ssl/handshake_client.cc b/ssl/handshake_client.cc
index 1bd62ce..6460458 100644
--- a/ssl/handshake_client.cc
+++ b/ssl/handshake_client.cc
@@ -147,8 +147,6 @@
* OTHERWISE.
*/
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <openssl/ssl.h>
#include <assert.h>
diff --git a/ssl/handshake_server.cc b/ssl/handshake_server.cc
index 35ea402..397f071 100644
--- a/ssl/handshake_server.cc
+++ b/ssl/handshake_server.cc
@@ -146,8 +146,6 @@
* OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
* OTHERWISE. */
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <openssl/ssl.h>
#include <assert.h>
diff --git a/ssl/internal.h b/ssl/internal.h
index b09f27d..fe3d9fd 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -142,10 +142,6 @@
#ifndef OPENSSL_HEADER_SSL_INTERNAL_H
#define OPENSSL_HEADER_SSL_INTERNAL_H
-#if !defined(BORINGSSL_INTERNAL_CXX_TYPES)
-#error "Files including this header must define BORINGSSL_INTERNAL_CXX_TYPES before including any headers"
-#endif
-
#include <openssl/base.h>
#include <type_traits>
@@ -168,6 +164,8 @@
#endif
+typedef struct cert_st CERT;
+
namespace bssl {
struct SSL_HANDSHAKE;
@@ -1488,7 +1486,7 @@
/* From RFC4492, used in encoding the curve type in ECParameters */
#define NAMED_CURVE_TYPE 3
-struct CERT {
+struct SSLCertConfig {
EVP_PKEY *privatekey;
/* chain contains the certificate chain, with the leaf at the beginning. The
@@ -1555,146 +1553,6 @@
unsigned enable_early_data:1;
};
-/* SSLMethod backs the public |SSL_METHOD| type. It is a compatibility structure
- * to support the legacy version-locked methods. */
-struct SSLMethod {
- /* version, if non-zero, is the only protocol version acceptable to an
- * SSL_CTX initialized from this method. */
- uint16_t version;
- /* method is the underlying SSL_PROTOCOL_METHOD that initializes the
- * SSL_CTX. */
- const SSL_PROTOCOL_METHOD *method;
- /* x509_method contains pointers to functions that might deal with |X509|
- * compatibility, or might be a no-op, depending on the application. */
- const SSL_X509_METHOD *x509_method;
-};
-
-/* SSLProtocolMethod is use to hold functions for SSLv2 or SSLv3/TLSv1
- * functions */
-struct SSLProtocolMethod {
- /* is_dtls is one if the protocol is DTLS and zero otherwise. */
- char is_dtls;
- int (*ssl_new)(SSL *ssl);
- void (*ssl_free)(SSL *ssl);
- /* ssl_get_message reads the next handshake message. On success, it returns
- * one and sets |ssl->s3->tmp.message_type|, |ssl->init_msg|, and
- * |ssl->init_num|. Otherwise, it returns <= 0. */
- int (*ssl_get_message)(SSL *ssl);
- /* get_current_message sets |*out| to the current handshake message. This
- * includes the protocol-specific message header. */
- void (*get_current_message)(const SSL *ssl, CBS *out);
- /* release_current_message is called to release the current handshake message.
- * If |free_buffer| is one, buffers will also be released. */
- void (*release_current_message)(SSL *ssl, int free_buffer);
- /* read_app_data reads up to |len| bytes of application data into |buf|. On
- * success, it returns the number of bytes read. Otherwise, it returns <= 0
- * and sets |*out_got_handshake| to whether the failure was due to a
- * post-handshake handshake message. If so, it fills in the current message as
- * in |ssl_get_message|. */
- int (*read_app_data)(SSL *ssl, int *out_got_handshake, uint8_t *buf, int len,
- int peek);
- int (*read_change_cipher_spec)(SSL *ssl);
- void (*read_close_notify)(SSL *ssl);
- int (*write_app_data)(SSL *ssl, int *out_needs_handshake, const uint8_t *buf,
- int len);
- int (*dispatch_alert)(SSL *ssl);
- /* supports_cipher returns one if |cipher| is supported by this protocol and
- * zero otherwise. */
- int (*supports_cipher)(const SSL_CIPHER *cipher);
- /* init_message begins a new handshake message of type |type|. |cbb| is the
- * root CBB to be passed into |finish_message|. |*body| is set to a child CBB
- * the caller should write to. It returns one on success and zero on error. */
- int (*init_message)(SSL *ssl, CBB *cbb, CBB *body, uint8_t type);
- /* finish_message finishes a handshake message. It sets |*out_msg| to a
- * newly-allocated buffer with the serialized message. The caller must
- * release it with |OPENSSL_free| when done. It returns one on success and
- * zero on error. */
- int (*finish_message)(SSL *ssl, CBB *cbb, uint8_t **out_msg, size_t *out_len);
- /* add_message adds a handshake message to the pending flight. It returns one
- * on success and zero on error. In either case, it takes ownership of |msg|
- * and releases it with |OPENSSL_free| when done. */
- int (*add_message)(SSL *ssl, uint8_t *msg, size_t len);
- /* add_change_cipher_spec adds a ChangeCipherSpec record to the pending
- * flight. It returns one on success and zero on error. */
- int (*add_change_cipher_spec)(SSL *ssl);
- /* add_alert adds an alert to the pending flight. It returns one on success
- * and zero on error. */
- int (*add_alert)(SSL *ssl, uint8_t level, uint8_t desc);
- /* flush_flight flushes the pending flight to the transport. It returns one on
- * success and <= 0 on error. */
- int (*flush_flight)(SSL *ssl);
- /* expect_flight is called when the handshake expects a flight of messages from
- * the peer. */
- void (*expect_flight)(SSL *ssl);
- /* received_flight is called when the handshake has received a flight of
- * messages from the peer. */
- void (*received_flight)(SSL *ssl);
- /* set_read_state sets |ssl|'s read cipher state to |aead_ctx|. It returns
- * one on success and zero if changing the read state is forbidden at this
- * point. */
- int (*set_read_state)(SSL *ssl, UniquePtr<SSLAEADContext> aead_ctx);
- /* set_write_state sets |ssl|'s write cipher state to |aead_ctx|. It returns
- * one on success and zero if changing the write state is forbidden at this
- * point. */
- int (*set_write_state)(SSL *ssl, UniquePtr<SSLAEADContext> aead_ctx);
-};
-
-struct SSLX509Method {
- /* check_client_CA_list returns one if |names| is a good list of X.509
- * distinguished names and zero otherwise. This is used to ensure that we can
- * reject unparsable values at handshake time when using crypto/x509. */
- int (*check_client_CA_list)(STACK_OF(CRYPTO_BUFFER) *names);
-
- /* cert_clear frees and NULLs all X509 certificate-related state. */
- void (*cert_clear)(CERT *cert);
- /* cert_free frees all X509-related state. */
- void (*cert_free)(CERT *cert);
- /* cert_flush_cached_chain drops any cached |X509|-based certificate chain
- * from |cert|. */
- /* cert_dup duplicates any needed fields from |cert| to |new_cert|. */
- void (*cert_dup)(CERT *new_cert, const CERT *cert);
- void (*cert_flush_cached_chain)(CERT *cert);
- /* cert_flush_cached_chain drops any cached |X509|-based leaf certificate
- * from |cert|. */
- void (*cert_flush_cached_leaf)(CERT *cert);
-
- /* session_cache_objects fills out |sess->x509_peer| and |sess->x509_chain|
- * from |sess->certs| and erases |sess->x509_chain_without_leaf|. It returns
- * one on success or zero on error. */
- int (*session_cache_objects)(SSL_SESSION *session);
- /* session_dup duplicates any needed fields from |session| to |new_session|.
- * It returns one on success or zero on error. */
- int (*session_dup)(SSL_SESSION *new_session, const SSL_SESSION *session);
- /* session_clear frees any X509-related state from |session|. */
- void (*session_clear)(SSL_SESSION *session);
- /* session_verify_cert_chain verifies the certificate chain in |session|,
- * sets |session->verify_result| and returns one on success or zero on
- * error. */
- int (*session_verify_cert_chain)(SSL_SESSION *session, SSL *ssl,
- uint8_t *out_alert);
-
- /* hs_flush_cached_ca_names drops any cached |X509_NAME|s from |hs|. */
- void (*hs_flush_cached_ca_names)(SSL_HANDSHAKE *hs);
- /* ssl_new does any neccessary initialisation of |ssl|. It returns one on
- * success or zero on error. */
- int (*ssl_new)(SSL *ssl);
- /* ssl_free frees anything created by |ssl_new|. */
- void (*ssl_free)(SSL *ssl);
- /* ssl_flush_cached_client_CA drops any cached |X509_NAME|s from |ssl|. */
- void (*ssl_flush_cached_client_CA)(SSL *ssl);
- /* ssl_auto_chain_if_needed runs the deprecated auto-chaining logic if
- * necessary. On success, it updates |ssl|'s certificate configuration as
- * needed and returns one. Otherwise, it returns zero. */
- int (*ssl_auto_chain_if_needed)(SSL *ssl);
- /* ssl_ctx_new does any neccessary initialisation of |ctx|. It returns one on
- * success or zero on error. */
- int (*ssl_ctx_new)(SSL_CTX *ctx);
- /* ssl_ctx_free frees anything created by |ssl_ctx_new|. */
- void (*ssl_ctx_free)(SSL_CTX *ctx);
- /* ssl_ctx_flush_cached_client_CA drops any cached |X509_NAME|s from |ctx|. */
- void (*ssl_ctx_flush_cached_client_CA)(SSL_CTX *ssl);
-};
-
/* ssl_crypto_x509_method provides the |SSL_X509_METHOD| functions using
* crypto/x509. */
extern const SSL_X509_METHOD ssl_crypto_x509_method;
@@ -1991,7 +1849,8 @@
unsigned timeout_duration_ms;
};
-/* SSLConnection backs the public |SSL| type. */
+/* SSLConnection backs the public |SSL| type. Due to compatibility constraints,
+ * it is a base class for |ssl_st|. */
struct SSLConnection {
/* method is the method table corresponding to the current protocol (DTLS or
* TLS). */
@@ -2464,4 +2323,159 @@
} // namespace bssl
+/* Opaque C types.
+ *
+ * The following types are exported to C code as public typedefs, so they must
+ * be defined outside of the namespace. */
+
+/* ssl_method_st backs the public |SSL_METHOD| type. It is a compatibility
+ * structure to support the legacy version-locked methods. */
+struct ssl_method_st {
+ /* version, if non-zero, is the only protocol version acceptable to an
+ * SSL_CTX initialized from this method. */
+ uint16_t version;
+ /* method is the underlying SSL_PROTOCOL_METHOD that initializes the
+ * SSL_CTX. */
+ const SSL_PROTOCOL_METHOD *method;
+ /* x509_method contains pointers to functions that might deal with |X509|
+ * compatibility, or might be a no-op, depending on the application. */
+ const SSL_X509_METHOD *x509_method;
+};
+
+/* ssl_protocol_method_st, aka |SSL_PROTOCOL_METHOD| abstracts between TLS and
+ * DTLS. */
+struct ssl_protocol_method_st {
+ /* is_dtls is one if the protocol is DTLS and zero otherwise. */
+ char is_dtls;
+ int (*ssl_new)(SSL *ssl);
+ void (*ssl_free)(SSL *ssl);
+ /* ssl_get_message reads the next handshake message. On success, it returns
+ * one and sets |ssl->s3->tmp.message_type|, |ssl->init_msg|, and
+ * |ssl->init_num|. Otherwise, it returns <= 0. */
+ int (*ssl_get_message)(SSL *ssl);
+ /* get_current_message sets |*out| to the current handshake message. This
+ * includes the protocol-specific message header. */
+ void (*get_current_message)(const SSL *ssl, CBS *out);
+ /* release_current_message is called to release the current handshake message.
+ * If |free_buffer| is one, buffers will also be released. */
+ void (*release_current_message)(SSL *ssl, int free_buffer);
+ /* read_app_data reads up to |len| bytes of application data into |buf|. On
+ * success, it returns the number of bytes read. Otherwise, it returns <= 0
+ * and sets |*out_got_handshake| to whether the failure was due to a
+ * post-handshake handshake message. If so, it fills in the current message as
+ * in |ssl_get_message|. */
+ int (*read_app_data)(SSL *ssl, int *out_got_handshake, uint8_t *buf, int len,
+ int peek);
+ int (*read_change_cipher_spec)(SSL *ssl);
+ void (*read_close_notify)(SSL *ssl);
+ int (*write_app_data)(SSL *ssl, int *out_needs_handshake, const uint8_t *buf,
+ int len);
+ int (*dispatch_alert)(SSL *ssl);
+ /* supports_cipher returns one if |cipher| is supported by this protocol and
+ * zero otherwise. */
+ int (*supports_cipher)(const SSL_CIPHER *cipher);
+ /* init_message begins a new handshake message of type |type|. |cbb| is the
+ * root CBB to be passed into |finish_message|. |*body| is set to a child CBB
+ * the caller should write to. It returns one on success and zero on error. */
+ int (*init_message)(SSL *ssl, CBB *cbb, CBB *body, uint8_t type);
+ /* finish_message finishes a handshake message. It sets |*out_msg| to a
+ * newly-allocated buffer with the serialized message. The caller must
+ * release it with |OPENSSL_free| when done. It returns one on success and
+ * zero on error. */
+ int (*finish_message)(SSL *ssl, CBB *cbb, uint8_t **out_msg, size_t *out_len);
+ /* add_message adds a handshake message to the pending flight. It returns one
+ * on success and zero on error. In either case, it takes ownership of |msg|
+ * and releases it with |OPENSSL_free| when done. */
+ int (*add_message)(SSL *ssl, uint8_t *msg, size_t len);
+ /* add_change_cipher_spec adds a ChangeCipherSpec record to the pending
+ * flight. It returns one on success and zero on error. */
+ int (*add_change_cipher_spec)(SSL *ssl);
+ /* add_alert adds an alert to the pending flight. It returns one on success
+ * and zero on error. */
+ int (*add_alert)(SSL *ssl, uint8_t level, uint8_t desc);
+ /* flush_flight flushes the pending flight to the transport. It returns one on
+ * success and <= 0 on error. */
+ int (*flush_flight)(SSL *ssl);
+ /* expect_flight is called when the handshake expects a flight of messages from
+ * the peer. */
+ void (*expect_flight)(SSL *ssl);
+ /* received_flight is called when the handshake has received a flight of
+ * messages from the peer. */
+ void (*received_flight)(SSL *ssl);
+ /* set_read_state sets |ssl|'s read cipher state to |aead_ctx|. It returns
+ * one on success and zero if changing the read state is forbidden at this
+ * point. */
+ int (*set_read_state)(SSL *ssl,
+ bssl::UniquePtr<bssl::SSLAEADContext> aead_ctx);
+ /* set_write_state sets |ssl|'s write cipher state to |aead_ctx|. It returns
+ * one on success and zero if changing the write state is forbidden at this
+ * point. */
+ int (*set_write_state)(SSL *ssl,
+ bssl::UniquePtr<bssl::SSLAEADContext> aead_ctx);
+};
+
+struct ssl_x509_method_st {
+ /* check_client_CA_list returns one if |names| is a good list of X.509
+ * distinguished names and zero otherwise. This is used to ensure that we can
+ * reject unparsable values at handshake time when using crypto/x509. */
+ int (*check_client_CA_list)(STACK_OF(CRYPTO_BUFFER) *names);
+
+ /* cert_clear frees and NULLs all X509 certificate-related state. */
+ void (*cert_clear)(CERT *cert);
+ /* cert_free frees all X509-related state. */
+ void (*cert_free)(CERT *cert);
+ /* cert_flush_cached_chain drops any cached |X509|-based certificate chain
+ * from |cert|. */
+ /* cert_dup duplicates any needed fields from |cert| to |new_cert|. */
+ void (*cert_dup)(CERT *new_cert, const CERT *cert);
+ void (*cert_flush_cached_chain)(CERT *cert);
+ /* cert_flush_cached_chain drops any cached |X509|-based leaf certificate
+ * from |cert|. */
+ void (*cert_flush_cached_leaf)(CERT *cert);
+
+ /* session_cache_objects fills out |sess->x509_peer| and |sess->x509_chain|
+ * from |sess->certs| and erases |sess->x509_chain_without_leaf|. It returns
+ * one on success or zero on error. */
+ int (*session_cache_objects)(SSL_SESSION *session);
+ /* session_dup duplicates any needed fields from |session| to |new_session|.
+ * It returns one on success or zero on error. */
+ int (*session_dup)(SSL_SESSION *new_session, const SSL_SESSION *session);
+ /* session_clear frees any X509-related state from |session|. */
+ void (*session_clear)(SSL_SESSION *session);
+ /* session_verify_cert_chain verifies the certificate chain in |session|,
+ * sets |session->verify_result| and returns one on success or zero on
+ * error. */
+ int (*session_verify_cert_chain)(SSL_SESSION *session, SSL *ssl,
+ uint8_t *out_alert);
+
+ /* hs_flush_cached_ca_names drops any cached |X509_NAME|s from |hs|. */
+ void (*hs_flush_cached_ca_names)(bssl::SSL_HANDSHAKE *hs);
+ /* ssl_new does any neccessary initialisation of |ssl|. It returns one on
+ * success or zero on error. */
+ int (*ssl_new)(SSL *ssl);
+ /* ssl_free frees anything created by |ssl_new|. */
+ void (*ssl_free)(SSL *ssl);
+ /* ssl_flush_cached_client_CA drops any cached |X509_NAME|s from |ssl|. */
+ void (*ssl_flush_cached_client_CA)(SSL *ssl);
+ /* ssl_auto_chain_if_needed runs the deprecated auto-chaining logic if
+ * necessary. On success, it updates |ssl|'s certificate configuration as
+ * needed and returns one. Otherwise, it returns zero. */
+ int (*ssl_auto_chain_if_needed)(SSL *ssl);
+ /* ssl_ctx_new does any neccessary initialisation of |ctx|. It returns one on
+ * success or zero on error. */
+ int (*ssl_ctx_new)(SSL_CTX *ctx);
+ /* ssl_ctx_free frees anything created by |ssl_ctx_new|. */
+ void (*ssl_ctx_free)(SSL_CTX *ctx);
+ /* ssl_ctx_flush_cached_client_CA drops any cached |X509_NAME|s from |ctx|. */
+ void (*ssl_ctx_flush_cached_client_CA)(SSL_CTX *ssl);
+};
+
+/* ssl_st backs the public |SSL| type. It subclasses the true type so that
+ * SSLConnection may be a C++ type with methods and destructor without
+ * polluting the global namespace. */
+struct ssl_st : public bssl::SSLConnection {};
+
+struct cert_st : public bssl::SSLCertConfig {};
+
+
#endif /* OPENSSL_HEADER_SSL_INTERNAL_H */
diff --git a/ssl/s3_both.cc b/ssl/s3_both.cc
index 79f72ea..63e6917 100644
--- a/ssl/s3_both.cc
+++ b/ssl/s3_both.cc
@@ -110,8 +110,6 @@
* ECC cipher suite support in OpenSSL originally developed by
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. */
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <openssl/ssl.h>
#include <assert.h>
diff --git a/ssl/s3_lib.cc b/ssl/s3_lib.cc
index f5c70c4..cc9be2d 100644
--- a/ssl/s3_lib.cc
+++ b/ssl/s3_lib.cc
@@ -146,8 +146,6 @@
* OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
* OTHERWISE. */
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <openssl/ssl.h>
#include <assert.h>
diff --git a/ssl/s3_pkt.cc b/ssl/s3_pkt.cc
index c677c68..262df6d 100644
--- a/ssl/s3_pkt.cc
+++ b/ssl/s3_pkt.cc
@@ -106,8 +106,6 @@
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com). */
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <openssl/ssl.h>
#include <assert.h>
diff --git a/ssl/ssl_aead_ctx.cc b/ssl/ssl_aead_ctx.cc
index 03bf0a9..3b8d1b2 100644
--- a/ssl/ssl_aead_ctx.cc
+++ b/ssl/ssl_aead_ctx.cc
@@ -12,8 +12,6 @@
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <openssl/ssl.h>
#include <assert.h>
diff --git a/ssl/ssl_asn1.cc b/ssl/ssl_asn1.cc
index 371e8e8..887606a 100644
--- a/ssl/ssl_asn1.cc
+++ b/ssl/ssl_asn1.cc
@@ -87,8 +87,6 @@
#define __STDC_LIMIT_MACROS
#endif
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <openssl/ssl.h>
#include <limits.h>
diff --git a/ssl/ssl_buffer.cc b/ssl/ssl_buffer.cc
index c5b5608..7f11b6f 100644
--- a/ssl/ssl_buffer.cc
+++ b/ssl/ssl_buffer.cc
@@ -12,8 +12,6 @@
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <openssl/ssl.h>
#include <assert.h>
diff --git a/ssl/ssl_cert.cc b/ssl/ssl_cert.cc
index 61d35b9..caa4801 100644
--- a/ssl/ssl_cert.cc
+++ b/ssl/ssl_cert.cc
@@ -112,8 +112,6 @@
* ECC cipher suite support in OpenSSL originally developed by
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. */
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <openssl/ssl.h>
#include <assert.h>
diff --git a/ssl/ssl_cipher.cc b/ssl/ssl_cipher.cc
index ecf87e8..dbb4c75 100644
--- a/ssl/ssl_cipher.cc
+++ b/ssl/ssl_cipher.cc
@@ -138,8 +138,6 @@
* OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
* OTHERWISE. */
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <openssl/ssl.h>
#include <assert.h>
diff --git a/ssl/ssl_ecdh.cc b/ssl/ssl_ecdh.cc
index 137f30a..d1b31af 100644
--- a/ssl/ssl_ecdh.cc
+++ b/ssl/ssl_ecdh.cc
@@ -12,8 +12,6 @@
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <openssl/ssl.h>
#include <assert.h>
diff --git a/ssl/ssl_file.cc b/ssl/ssl_file.cc
index 05643ed..59351a3 100644
--- a/ssl/ssl_file.cc
+++ b/ssl/ssl_file.cc
@@ -108,8 +108,6 @@
*
*/
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <openssl/ssl.h>
#include <errno.h>
diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index 60ee322..28e6cc0 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc
@@ -138,8 +138,6 @@
* OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
* OTHERWISE. */
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <openssl/ssl.h>
#include <assert.h>
diff --git a/ssl/ssl_privkey.cc b/ssl/ssl_privkey.cc
index 56a331d..0660714 100644
--- a/ssl/ssl_privkey.cc
+++ b/ssl/ssl_privkey.cc
@@ -54,8 +54,6 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.] */
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <openssl/ssl.h>
#include <assert.h>
diff --git a/ssl/ssl_session.cc b/ssl/ssl_session.cc
index 33d61b7..f065292 100644
--- a/ssl/ssl_session.cc
+++ b/ssl/ssl_session.cc
@@ -133,8 +133,6 @@
* OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
* OTHERWISE. */
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <openssl/ssl.h>
#include <assert.h>
diff --git a/ssl/ssl_stat.cc b/ssl/ssl_stat.cc
index a02e395..22149e2 100644
--- a/ssl/ssl_stat.cc
+++ b/ssl/ssl_stat.cc
@@ -81,8 +81,6 @@
* OTHERWISE.
*/
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <openssl/ssl.h>
#include <assert.h>
diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
index 38cac4b..45cebd7 100644
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc
@@ -12,8 +12,6 @@
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <stdio.h>
#include <string.h>
#include <time.h>
diff --git a/ssl/ssl_transcript.cc b/ssl/ssl_transcript.cc
index 7436027..cd62a3d 100644
--- a/ssl/ssl_transcript.cc
+++ b/ssl/ssl_transcript.cc
@@ -133,8 +133,6 @@
* OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
* OTHERWISE. */
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <openssl/ssl.h>
#include <assert.h>
diff --git a/ssl/ssl_versions.cc b/ssl/ssl_versions.cc
index f7184b0..0b13781 100644
--- a/ssl/ssl_versions.cc
+++ b/ssl/ssl_versions.cc
@@ -12,8 +12,6 @@
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <openssl/ssl.h>
#include <assert.h>
diff --git a/ssl/ssl_x509.cc b/ssl/ssl_x509.cc
index 95c8ac0..a4d21b1 100644
--- a/ssl/ssl_x509.cc
+++ b/ssl/ssl_x509.cc
@@ -138,8 +138,6 @@
* OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
* OTHERWISE. */
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <openssl/ssl.h>
#include <assert.h>
diff --git a/ssl/t1_enc.cc b/ssl/t1_enc.cc
index c3c4bdd..af43018 100644
--- a/ssl/t1_enc.cc
+++ b/ssl/t1_enc.cc
@@ -133,8 +133,6 @@
* OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
* OTHERWISE. */
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <openssl/ssl.h>
#include <assert.h>
diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc
index 338f78e..368ec39 100644
--- a/ssl/t1_lib.cc
+++ b/ssl/t1_lib.cc
@@ -106,8 +106,6 @@
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com). */
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <openssl/ssl.h>
#include <assert.h>
diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc
index 038f23a..20abf67 100644
--- a/ssl/test/bssl_shim.cc
+++ b/ssl/test/bssl_shim.cc
@@ -16,8 +16,6 @@
#define __STDC_FORMAT_MACROS
#endif
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <openssl/base.h>
#if !defined(OPENSSL_WINDOWS)
diff --git a/ssl/tls13_both.cc b/ssl/tls13_both.cc
index 634ab68..3bda39d 100644
--- a/ssl/tls13_both.cc
+++ b/ssl/tls13_both.cc
@@ -12,8 +12,6 @@
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <openssl/ssl.h>
#include <assert.h>
diff --git a/ssl/tls13_client.cc b/ssl/tls13_client.cc
index 516dd3d..217dd34 100644
--- a/ssl/tls13_client.cc
+++ b/ssl/tls13_client.cc
@@ -12,8 +12,6 @@
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <openssl/ssl.h>
#include <assert.h>
diff --git a/ssl/tls13_enc.cc b/ssl/tls13_enc.cc
index bd15bcb..14dbb9d 100644
--- a/ssl/tls13_enc.cc
+++ b/ssl/tls13_enc.cc
@@ -12,8 +12,6 @@
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <openssl/ssl.h>
#include <assert.h>
diff --git a/ssl/tls13_server.cc b/ssl/tls13_server.cc
index 89649a0..f1c5a2d 100644
--- a/ssl/tls13_server.cc
+++ b/ssl/tls13_server.cc
@@ -19,8 +19,6 @@
#define __STDC_LIMIT_MACROS
#endif
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <openssl/ssl.h>
#include <assert.h>
diff --git a/ssl/tls_method.cc b/ssl/tls_method.cc
index 12735aa..4751e2e 100644
--- a/ssl/tls_method.cc
+++ b/ssl/tls_method.cc
@@ -54,8 +54,6 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.] */
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <openssl/ssl.h>
#include <assert.h>
diff --git a/ssl/tls_record.cc b/ssl/tls_record.cc
index b5e101c..437d02f 100644
--- a/ssl/tls_record.cc
+++ b/ssl/tls_record.cc
@@ -106,8 +106,6 @@
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com). */
-#define BORINGSSL_INTERNAL_CXX_TYPES
-
#include <openssl/ssl.h>
#include <assert.h>
