Add server side of versions, keyshare, and client and server of cookie

extensions for tls1.3.
versions is currently defanged to ignore its result until tls13 server
side wired in full, so that server side code still works today when
we only support tls 1.2
ok bcook@ tb@ jsing@

1 files changed, 9 insertions, 1 deletions

diff --git a/src/lib/libssl/ssl_tlsext.h b/src/lib/libssl/ssl_tlsext.h
index e82be579d0..2f90a03ee9 100644
--- a/src/lib/libssl/ssl_tlsext.h
+++ b/src/lib/libssl/ssl_tlsext.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.h,v 1.19 2019/01/23 18:24:40 beck Exp $ */
+/* $OpenBSD: ssl_tlsext.h,v 1.20 2019/01/24 02:56:41 beck Exp $ */
 /*
  * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -101,6 +101,13 @@ int tlsext_keyshare_server_needs(SSL *s);
 int tlsext_keyshare_server_build(SSL *s, CBB *cbb);
 int tlsext_keyshare_server_parse(SSL *s, CBS *cbs, int *alert);
 
+int tlsext_cookie_client_needs(SSL *s);
+int tlsext_cookie_client_build(SSL *s, CBB *cbb);
+int tlsext_cookie_client_parse(SSL *s, CBS *cbs, int *alert);
+int tlsext_cookie_server_needs(SSL *s);
+int tlsext_cookie_server_build(SSL *s, CBB *cbb);
+int tlsext_cookie_server_parse(SSL *s, CBS *cbs, int *alert);
+
 #ifndef OPENSSL_NO_SRTP
 int tlsext_srtp_client_needs(SSL *s);
 int tlsext_srtp_client_build(SSL *s, CBB *cbb);
@@ -116,6 +123,7 @@ int tlsext_client_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg_type);
 int tlsext_server_build(SSL *s, CBB *cbb, uint16_t msg_type);
 int tlsext_server_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg_type);
 
+struct tls_extension *tls_extension_find(uint16_t, size_t *);
 __END_HIDDEN_DECLS
 
 #endif