Mark many private tortls.h APIs as openssl-only.

This change lets us remove the openssl/ssl.h include from
test_link_handshake.c.

3 files changed, 29 insertions, 14 deletions

diff --git a/src/common/tortls.h b/src/common/tortls.h
index dcb82fcb23..a848039887 100644
--- a/src/common/tortls.h
+++ b/src/common/tortls.h
@@ -63,12 +63,17 @@ typedef enum {
 } tor_tls_state_t;
 #define tor_tls_state_bitfield_t ENUM_BF(tor_tls_state_t)
 
+struct x509_st;
+struct ssl_st;
+struct ssl_ctx_st;
+struct ssl_session_st;
+
 /** Holds a SSL_CTX object and related state used to configure TLS
  * connections.
  */
 typedef struct tor_tls_context_t {
   int refcnt;
-  SSL_CTX *ctx;
+  struct ssl_ctx_st *ctx;
   tor_x509_cert_t *my_link_cert;
   tor_x509_cert_t *my_id_cert;
   tor_x509_cert_t *my_auth_cert;
@@ -78,7 +83,7 @@ typedef struct tor_tls_context_t {
 
 /** Structure that we use for a single certificate. */
 struct tor_x509_cert_t {
-  X509 *cert;
+  struct x509_st *cert;
   uint8_t *encoded;
   size_t encoded_len;
   unsigned pkey_digests_set : 1;
@@ -92,7 +97,7 @@ struct tor_x509_cert_t {
 struct tor_tls_t {
   uint32_t magic;
   tor_tls_context_t *context; /** A link to the context object for this tls. */
-  SSL *ssl; /**< An OpenSSL SSL object. */
+  struct ssl_st *ssl; /**< An OpenSSL SSL object. */
   int socket; /**< The underlying file descriptor for this TLS connection. */
   char *address; /**< An address to log when describing this connection. */
   tor_tls_state_bitfield_t state : 3; /**< The current SSL state,
@@ -128,35 +133,45 @@ struct tor_tls_t {
 STATIC int tor_errno_to_tls_error(int e);
 STATIC int tor_tls_get_error(tor_tls_t *tls, int r, int extra,
                   const char *doing, int severity, int domain);
-STATIC tor_tls_t *tor_tls_get_by_ssl(const SSL *ssl);
+STATIC tor_tls_t *tor_tls_get_by_ssl(const struct ssl_st *ssl);
 STATIC void tor_tls_allocate_tor_tls_object_ex_data_index(void);
+#ifdef TORTLS_OPENSSL_PRIVATE
 STATIC int always_accept_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx);
-STATIC int tor_tls_classify_client_ciphers(const SSL *ssl,
+STATIC int tor_tls_classify_client_ciphers(const struct ssl_st *ssl,
                                            STACK_OF(SSL_CIPHER) *peer_ciphers);
-STATIC int tor_tls_client_is_using_v2_ciphers(const SSL *ssl);
+#endif
+STATIC int tor_tls_client_is_using_v2_ciphers(const struct ssl_st *ssl);
 MOCK_DECL(STATIC void, try_to_extract_certs_from_tls,
-          (int severity, tor_tls_t *tls, X509 **cert_out, X509 **id_cert_out));
+          (int severity, tor_tls_t *tls, struct x509_st **cert_out,
+           struct x509_st **id_cert_out));
 #ifndef HAVE_SSL_SESSION_GET_MASTER_KEY
-STATIC size_t SSL_SESSION_get_master_key(SSL_SESSION *s, uint8_t *out,
+STATIC size_t SSL_SESSION_get_master_key(struct ssl_session_st *s,
+                                         uint8_t *out,
                                          size_t len);
 #endif
-STATIC void tor_tls_debug_state_callback(const SSL *ssl, int type, int val);
-STATIC void tor_tls_server_info_callback(const SSL *ssl, int type, int val);
-STATIC int tor_tls_session_secret_cb(SSL *ssl, void *secret,
+STATIC void tor_tls_debug_state_callback(const struct ssl_st *ssl,
+                                         int type, int val);
+STATIC void tor_tls_server_info_callback(const struct ssl_st *ssl,
+                                         int type, int val);
+#ifdef TORTLS_OPENSSL_PRIVATE
+STATIC int tor_tls_session_secret_cb(struct ssl_st *ssl, void *secret,
                             int *secret_len,
                             STACK_OF(SSL_CIPHER) *peer_ciphers,
                             CONST_IF_OPENSSL_1_1_API SSL_CIPHER **cipher,
                             void *arg);
 STATIC int find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m,
                              uint16_t cipher);
-MOCK_DECL(STATIC X509*, tor_tls_create_certificate,(crypto_pk_t *rsa,
+#endif
+MOCK_DECL(STATIC struct x509_st *, tor_tls_create_certificate,
+                                                   (crypto_pk_t *rsa,
                                                     crypto_pk_t *rsa_sign,
                                                     const char *cname,
                                                     const char *cname_sign,
                                                   unsigned int cert_lifetime));
 STATIC tor_tls_context_t *tor_tls_context_new(crypto_pk_t *identity,
                    unsigned int key_lifetime, unsigned flags, int is_client);
-MOCK_DECL(STATIC tor_x509_cert_t *, tor_x509_cert_new,(X509 *x509_cert));
+MOCK_DECL(STATIC tor_x509_cert_t *, tor_x509_cert_new,
+          (struct x509_st *x509_cert));
 STATIC int tor_tls_context_init_one(tor_tls_context_t **ppcontext,
                                     crypto_pk_t *identity,
                                     unsigned int key_lifetime,
diff --git a/src/test/test_link_handshake.c b/src/test/test_link_handshake.c
index 4e9fe040ff..3f2f2b6f1d 100644
--- a/src/test/test_link_handshake.c
+++ b/src/test/test_link_handshake.c
@@ -14,7 +14,6 @@
  * srtp.h. Suppress the GCC warning so we can build with -Wredundant-decl. */
 DISABLE_GCC_WARNING(redundant-decls)
 #include <openssl/x509.h>
-#include <openssl/ssl.h>
 ENABLE_GCC_WARNING(redundant-decls)
 
 #include "or.h"
diff --git a/src/test/test_tortls.c b/src/test/test_tortls.c
index 18ffd4a8c1..7aa3051464 100644
--- a/src/test/test_tortls.c
+++ b/src/test/test_tortls.c
@@ -2,6 +2,7 @@
 /* See LICENSE for licensing information */
 
 #define TORTLS_PRIVATE
+#define TORTLS_OPENSSL_PRIVATE
 #define LOG_PRIVATE
 #include "orconfig.h"