Split most of SSL_METHOD out into an internal variant, which is opaque.

Discussed with beck@

1 files changed, 49 insertions, 33 deletions

diff --git a/lib/libssl/t1_meth.c b/lib/libssl/t1_meth.c
index 521839184c1..51c129b2c9c 100644
--- a/lib/libssl/t1_meth.c
+++ b/lib/libssl/t1_meth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_meth.c,v 1.20 2017/01/23 10:22:06 jsing Exp $ */
+/* $OpenBSD: t1_meth.c,v 1.21 2017/01/23 13:36:13 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -64,7 +64,7 @@
 
 static const SSL_METHOD *tls1_get_method(int ver);
 
-static const SSL_METHOD TLS_method_data = {
+static const SSL_METHOD_INTERNAL TLS_method_internal_data = {
 	.version = TLS1_2_VERSION,
 	.min_version = TLS1_VERSION,
 	.max_version = TLS1_2_VERSION,
@@ -77,24 +77,28 @@ static const SSL_METHOD TLS_method_data = {
 	.ssl_peek = ssl23_peek,
 	.ssl_write = ssl23_write,
 	.ssl_shutdown = ssl_undefined_function,
+	.ssl_pending = ssl_undefined_const_function,
+	.get_ssl_method = tls1_get_method,
+	.get_timeout = ssl23_default_timeout,
+	.ssl_version = ssl_undefined_void_function,
 	.ssl_renegotiate = ssl_undefined_function,
 	.ssl_renegotiate_check = ssl_ok,
 	.ssl_get_message = ssl3_get_message,
 	.ssl_read_bytes = ssl3_read_bytes,
 	.ssl_write_bytes = ssl3_write_bytes,
+	.ssl3_enc = &ssl3_undef_enc_method,
+};
+
+static const SSL_METHOD TLS_method_data = {
 	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.ssl_pending = ssl_undefined_const_function,
 	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = ssl3_get_cipher,
-	.get_ssl_method = tls1_get_method,
-	.get_timeout = ssl23_default_timeout,
-	.ssl3_enc = &ssl3_undef_enc_method,
-	.ssl_version = ssl_undefined_void_function,
+	.get_cipher_by_char = ssl3_get_cipher_by_char,
+	.put_cipher_by_char = ssl3_put_cipher_by_char,
+	.internal = &TLS_method_internal_data,
 };
 
-static const SSL_METHOD TLSv1_method_data = {
+static const SSL_METHOD_INTERNAL TLSv1_method_internal_data = {
 	.version = TLS1_VERSION,
 	.min_version = TLS1_VERSION,
 	.max_version = TLS1_VERSION,
@@ -107,24 +111,28 @@ static const SSL_METHOD TLSv1_method_data = {
 	.ssl_peek = ssl3_peek,
 	.ssl_write = ssl3_write,
 	.ssl_shutdown = ssl3_shutdown,
+	.ssl_pending = ssl3_pending,
+	.get_ssl_method = tls1_get_method,
+	.get_timeout = tls1_default_timeout,
+	.ssl_version = ssl_undefined_void_function,
 	.ssl_renegotiate = ssl3_renegotiate,
 	.ssl_renegotiate_check = ssl3_renegotiate_check,
 	.ssl_get_message = ssl3_get_message,
 	.ssl_read_bytes = ssl3_read_bytes,
 	.ssl_write_bytes = ssl3_write_bytes,
+	.ssl3_enc = &TLSv1_enc_data,
+};
+
+static const SSL_METHOD TLSv1_method_data = {
 	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.ssl_pending = ssl3_pending,
 	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = ssl3_get_cipher,
-	.get_ssl_method = tls1_get_method,
-	.get_timeout = tls1_default_timeout,
-	.ssl3_enc = &TLSv1_enc_data,
-	.ssl_version = ssl_undefined_void_function,
+	.get_cipher_by_char = ssl3_get_cipher_by_char,
+	.put_cipher_by_char = ssl3_put_cipher_by_char,
+	.internal = &TLSv1_method_internal_data,
 };
 
-static const SSL_METHOD TLSv1_1_method_data = {
+static const SSL_METHOD_INTERNAL TLSv1_1_method_internal_data = {
 	.version = TLS1_1_VERSION,
 	.min_version = TLS1_1_VERSION,
 	.max_version = TLS1_1_VERSION,
@@ -137,24 +145,28 @@ static const SSL_METHOD TLSv1_1_method_data = {
 	.ssl_peek = ssl3_peek,
 	.ssl_write = ssl3_write,
 	.ssl_shutdown = ssl3_shutdown,
+	.ssl_pending = ssl3_pending,
+	.get_ssl_method = tls1_get_method,
+	.get_timeout = tls1_default_timeout,
+	.ssl_version = ssl_undefined_void_function,
 	.ssl_renegotiate = ssl3_renegotiate,
 	.ssl_renegotiate_check = ssl3_renegotiate_check,
 	.ssl_get_message = ssl3_get_message,
 	.ssl_read_bytes = ssl3_read_bytes,
 	.ssl_write_bytes = ssl3_write_bytes,
+	.ssl3_enc = &TLSv1_1_enc_data,
+};
+
+static const SSL_METHOD TLSv1_1_method_data = {
 	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.ssl_pending = ssl3_pending,
 	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = ssl3_get_cipher,
-	.get_ssl_method = tls1_get_method,
-	.get_timeout = tls1_default_timeout,
-	.ssl3_enc = &TLSv1_1_enc_data,
-	.ssl_version = ssl_undefined_void_function,
+	.get_cipher_by_char = ssl3_get_cipher_by_char,
+	.put_cipher_by_char = ssl3_put_cipher_by_char,
+	.internal = &TLSv1_1_method_internal_data,
 };
 
-static const SSL_METHOD TLSv1_2_method_data = {
+static const SSL_METHOD_INTERNAL TLSv1_2_method_internal_data = {
 	.version = TLS1_2_VERSION,
 	.min_version = TLS1_2_VERSION,
 	.max_version = TLS1_2_VERSION,
@@ -167,21 +179,25 @@ static const SSL_METHOD TLSv1_2_method_data = {
 	.ssl_peek = ssl3_peek,
 	.ssl_write = ssl3_write,
 	.ssl_shutdown = ssl3_shutdown,
+	.ssl_pending = ssl3_pending,
+	.get_ssl_method = tls1_get_method,
+	.get_timeout = tls1_default_timeout,
+	.ssl_version = ssl_undefined_void_function,
 	.ssl_renegotiate = ssl3_renegotiate,
 	.ssl_renegotiate_check = ssl3_renegotiate_check,
 	.ssl_get_message = ssl3_get_message,
 	.ssl_read_bytes = ssl3_read_bytes,
 	.ssl_write_bytes = ssl3_write_bytes,
+	.ssl3_enc = &TLSv1_2_enc_data,
+};
+
+static const SSL_METHOD TLSv1_2_method_data = {
 	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.ssl_pending = ssl3_pending,
 	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = ssl3_get_cipher,
-	.get_ssl_method = tls1_get_method,
-	.get_timeout = tls1_default_timeout,
-	.ssl3_enc = &TLSv1_2_enc_data,
-	.ssl_version = ssl_undefined_void_function,
+	.get_cipher_by_char = ssl3_get_cipher_by_char,
+	.put_cipher_by_char = ssl3_put_cipher_by_char,
+	.internal = &TLSv1_2_method_internal_data,
 };
 
 static const SSL_METHOD *