diff options
| author | beck <> | 2019-01-23 16:46:04 +0000 |
|---|---|---|
| committer | beck <> | 2019-01-23 16:46:04 +0000 |
| commit | 811354ae1302b7cd68c86866b02f4ab4cf11322b (patch) | |
| tree | b41a9c3ad5801c2f161aede880a9a198b66706f7 /src/lib/libssl/ssl_locl.h | |
| parent | 37392584e512230f90ecbecb535ed1ac0bedd0af (diff) | |
| download | openbsd-811354ae1302b7cd68c86866b02f4ab4cf11322b.tar.gz openbsd-811354ae1302b7cd68c86866b02f4ab4cf11322b.tar.bz2 openbsd-811354ae1302b7cd68c86866b02f4ab4cf11322b.zip | |
Modify sigalgs extension processing for TLS 1.3.
- Make a separate sigalgs list for TLS 1.3 including only modern
algorithm choices which we use when the handshake will not negotiate
TLS 1.2
- Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as
mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2
ok jsing@ tb@
Diffstat (limited to 'src/lib/libssl/ssl_locl.h')
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 7903d84890..e4b1341db5 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.228 2019/01/21 10:28:52 tb Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.229 2019/01/23 16:46:04 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -429,6 +429,9 @@ typedef struct ssl_handshake_st { | |||
| 429 | /* key_block is the record-layer key block for TLS 1.2 and earlier. */ | 429 | /* key_block is the record-layer key block for TLS 1.2 and earlier. */ |
| 430 | int key_block_len; | 430 | int key_block_len; |
| 431 | unsigned char *key_block; | 431 | unsigned char *key_block; |
| 432 | |||
| 433 | /* Extensions seen in this handshake. */ | ||
| 434 | uint32_t extensions_seen; | ||
| 432 | } SSL_HANDSHAKE; | 435 | } SSL_HANDSHAKE; |
| 433 | 436 | ||
| 434 | typedef struct ssl_handshake_tls13_st { | 437 | typedef struct ssl_handshake_tls13_st { |
| @@ -445,6 +448,9 @@ typedef struct ssl_handshake_tls13_st { | |||
| 445 | uint8_t *x25519_peer_public; | 448 | uint8_t *x25519_peer_public; |
| 446 | 449 | ||
| 447 | struct tls13_secrets *secrets; | 450 | struct tls13_secrets *secrets; |
| 451 | |||
| 452 | uint8_t *cookie; | ||
| 453 | size_t cookie_len; | ||
| 448 | } SSL_HANDSHAKE_TLS13; | 454 | } SSL_HANDSHAKE_TLS13; |
| 449 | 455 | ||
| 450 | typedef struct ssl_ctx_internal_st { | 456 | typedef struct ssl_ctx_internal_st { |
| @@ -1313,7 +1319,7 @@ int tls1_process_ticket(SSL *s, const unsigned char *session_id, | |||
| 1313 | int session_id_len, CBS *ext_block, SSL_SESSION **ret); | 1319 | int session_id_len, CBS *ext_block, SSL_SESSION **ret); |
| 1314 | 1320 | ||
| 1315 | long ssl_get_algorithm2(SSL *s); | 1321 | long ssl_get_algorithm2(SSL *s); |
| 1316 | int tls1_process_sigalgs(SSL *s, CBS *cbs); | 1322 | int tls1_process_sigalgs(SSL *s, CBS *cbs, uint16_t *, size_t); |
| 1317 | 1323 | ||
| 1318 | int tls1_check_ec_server_key(SSL *s); | 1324 | int tls1_check_ec_server_key(SSL *s); |
| 1319 | 1325 | ||