From 1324188a30314d698172f950c155f353a37edb50 Mon Sep 17 00:00:00 2001 From: Theo Buehler Date: Sun, 31 Oct 2021 16:51:17 +0000 Subject: Hide struct internals under LIBRESSL_CRYPTO_INTERNAL so that other parts of LibreSSL can no longer reach into them. discussed with beck, jsing --- lib/libcrypto/Makefile | 4 ++-- lib/libcrypto/x509/x509.h | 24 ++++++++++++------------ lib/libcrypto/x509/x509_vfy.h | 10 +++++----- 3 files changed, 19 insertions(+), 19 deletions(-) (limited to 'lib') diff --git a/lib/libcrypto/Makefile b/lib/libcrypto/Makefile index 1caac51601f..f626c16e91f 100644 --- a/lib/libcrypto/Makefile +++ b/lib/libcrypto/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.47 2021/10/23 09:13:51 beck Exp $ +# $OpenBSD: Makefile,v 1.48 2021/10/31 16:51:16 tb Exp $ LIB= crypto LIBREBUILD=y @@ -18,7 +18,7 @@ CFLAGS+= -Wall -Wundef .if ${COMPILER_VERSION:L} == "clang" CFLAGS+= -Werror .endif -CFLAGS+= -DLIBRESSL_INTERNAL +CFLAGS+= -DLIBRESSL_INTERNAL -DLIBRESSL_CRYPTO_INTERNAL .if !defined(NOPIC) CFLAGS+= -DDSO_DLFCN -DHAVE_DLFCN_H -DHAVE_FUNOPEN diff --git a/lib/libcrypto/x509/x509.h b/lib/libcrypto/x509/x509.h index 70e3f756c6d..43b2307c8f1 100644 --- a/lib/libcrypto/x509/x509.h +++ b/lib/libcrypto/x509/x509.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.h,v 1.84 2021/10/31 16:29:58 tb Exp $ */ +/* $OpenBSD: x509.h,v 1.85 2021/10/31 16:51:16 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -139,7 +139,7 @@ typedef struct X509_val_st { ASN1_TIME *notAfter; } X509_VAL; -#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) +#if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) struct X509_pubkey_st { X509_ALGOR *algor; ASN1_BIT_STRING *public_key; @@ -164,7 +164,7 @@ typedef struct X509_name_entry_st X509_NAME_ENTRY; DECLARE_STACK_OF(X509_NAME_ENTRY) -#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) +#if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) /* we always keep X509_NAMEs in 2 forms. */ struct X509_name_st { STACK_OF(X509_NAME_ENTRY) *entries; @@ -184,7 +184,7 @@ DECLARE_STACK_OF(X509_NAME) #define X509_EX_V_NETSCAPE_HACK 0x8000 #define X509_EX_V_INIT 0x0001 -#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) +#if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) typedef struct X509_extension_st { ASN1_OBJECT *object; ASN1_BOOLEAN critical; @@ -199,7 +199,7 @@ typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; DECLARE_STACK_OF(X509_EXTENSION) /* a sequence of these are used */ -#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) +#if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) typedef struct x509_attributes_st { ASN1_OBJECT *object; int single; /* 0 for a set, 1 for a single item (which is wrong) */ @@ -216,7 +216,7 @@ typedef struct x509_attributes_st X509_ATTRIBUTE; DECLARE_STACK_OF(X509_ATTRIBUTE) -#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) +#if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) typedef struct X509_req_info_st { ASN1_ENCODING enc; ASN1_INTEGER *version; @@ -258,7 +258,7 @@ typedef struct x509_cinf_st X509_CINF; * the end of the certificate itself */ -#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) +#if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) typedef struct x509_cert_aux_st { STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */ STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */ @@ -272,7 +272,7 @@ typedef struct x509_cert_aux_st X509_CERT_AUX; struct x509_st; -#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) +#if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) struct x509_st { X509_CINF *cert_info; X509_ALGOR *sig_alg; @@ -422,7 +422,7 @@ DECLARE_STACK_OF(X509_TRUST) XN_FLAG_FN_LN | \ XN_FLAG_FN_ALIGN) -#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) +#if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) struct x509_revoked_st { ASN1_INTEGER *serialNumber; ASN1_TIME *revocationDate; @@ -437,7 +437,7 @@ struct x509_revoked_st { DECLARE_STACK_OF(X509_REVOKED) -#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) +#if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) typedef struct X509_crl_info_st { ASN1_INTEGER *version; X509_ALGOR *sig_alg; @@ -452,7 +452,7 @@ typedef struct X509_crl_info_st { typedef struct X509_crl_info_st X509_CRL_INFO; #endif -#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) +#if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) struct X509_crl_st { /* actual signature */ X509_CRL_INFO *crl; @@ -564,7 +564,7 @@ typedef struct PBKDF2PARAM_st { /* PKCS#8 private key info structure */ -#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) +#if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) struct pkcs8_priv_key_info_st { ASN1_INTEGER *version; X509_ALGOR *pkeyalg; diff --git a/lib/libcrypto/x509/x509_vfy.h b/lib/libcrypto/x509/x509_vfy.h index d84df8a96e2..676145cca7e 100644 --- a/lib/libcrypto/x509/x509_vfy.h +++ b/lib/libcrypto/x509/x509_vfy.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_vfy.h,v 1.43 2021/10/31 16:26:08 tb Exp $ */ +/* $OpenBSD: x509_vfy.h,v 1.44 2021/10/31 16:51:16 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -100,7 +100,7 @@ typedef enum { X509_LU_CRL, } X509_LOOKUP_TYPE; -#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) +#if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) typedef struct x509_object_st { /* one of the above types */ int type; @@ -120,7 +120,7 @@ typedef struct x509_lookup_st X509_LOOKUP; DECLARE_STACK_OF(X509_LOOKUP) DECLARE_STACK_OF(X509_OBJECT) -#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) +#if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) /* This is a static that defines the function interface */ typedef struct x509_lookup_method_st { const char *name; @@ -165,7 +165,7 @@ typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM; DECLARE_STACK_OF(X509_VERIFY_PARAM) -#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) +#if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) /* * This is used to hold everything. It is used for all certificate * validation. Once we have a certificate chain, the 'verify' @@ -205,7 +205,7 @@ int X509_STORE_set_depth(X509_STORE *store, int depth); #define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func)) #endif -#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) +#if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509) /* This is the functions plus an instance of the local variables. */ struct x509_lookup_st { int init; /* have we been started */ -- cgit v1.2.3