From 33fc2ba4e2606e1fab3925b570c4778c85c41665 Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@google.com>
Date: Wed, 13 Sep 2017 16:22:58 -0400
Subject: [PATCH] Opaquify SSL_CIPHER.

Bug: 6
Change-Id: Ieb2a8816b63425dce64e26ac41ded894a6c5e61b
Reviewed-on: https://boringssl-review.googlesource.com/20264
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
---
 include/openssl/ssl.h | 16 ----------------
 ssl/internal.h        | 20 ++++++++++++++++++++
 2 files changed, 20 insertions(+), 16 deletions(-)

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 36f61a6f..e9eb2366 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -3981,22 +3981,6 @@ typedef struct ssl_x509_method_st SSL_X509_METHOD;
 
 DECLARE_STACK_OF(SSL_CUSTOM_EXTENSION)
 
-struct ssl_cipher_st {
-  // name is the OpenSSL name for the cipher.
-  const char *name;
-  // standard_name is the IETF name for the cipher.
-  const char *standard_name;
-  // id is the cipher suite value bitwise OR-d with 0x03000000.
-  uint32_t id;
-
-  // algorithm_* are internal fields. See ssl/internal.h for their values.
-  uint32_t algorithm_mkey;
-  uint32_t algorithm_auth;
-  uint32_t algorithm_enc;
-  uint32_t algorithm_mac;
-  uint32_t algorithm_prf;
-};
-
 #define SSL_MAX_SSL_SESSION_ID_LENGTH 32
 #define SSL_MAX_SID_CTX_LENGTH 32
 #define SSL_MAX_MASTER_KEY_LENGTH 48
diff --git a/ssl/internal.h b/ssl/internal.h
index 2fb36148..9e674575 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -302,6 +302,26 @@ bool ssl_is_resumption_record_version_experiment(uint16_t version);
 
 // Cipher suites.
 
+}  // namespace bssl
+
+struct ssl_cipher_st {
+  // name is the OpenSSL name for the cipher.
+  const char *name;
+  // standard_name is the IETF name for the cipher.
+  const char *standard_name;
+  // id is the cipher suite value bitwise OR-d with 0x03000000.
+  uint32_t id;
+
+  // algorithm_* determine the cipher suite. See constants below for the values.
+  uint32_t algorithm_mkey;
+  uint32_t algorithm_auth;
+  uint32_t algorithm_enc;
+  uint32_t algorithm_mac;
+  uint32_t algorithm_prf;
+};
+
+namespace bssl {
+
 // Bits for |algorithm_mkey| (key exchange algorithm).
 #define SSL_kRSA 0x00000001u
 #define SSL_kECDHE 0x00000002u