From 0ef5f8585d34b9d2de88692d29e28b65e20c9562 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Fri, 29 May 2020 18:00:10 +0000
Subject: Improve server certificate selection for TLSv1.3.

This allows an EC certificate to be selected and used, if the client
sigalgs would allow it.

With feedback from tb@

ok inoguchi@ tb@
---
 src/lib/libssl/ssl_locl.h | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

(limited to 'src/lib/libssl/ssl_locl.h')

diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 046c4bba52..e7e3e56154 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.276 2020/05/29 17:39:42 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.277 2020/05/29 18:00:10 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -435,6 +435,12 @@ typedef struct ssl_handshake_st {
 	uint8_t *sigalgs;
 } SSL_HANDSHAKE;
 
+typedef struct cert_pkey_st {
+	X509 *x509;
+	EVP_PKEY *privatekey;
+	STACK_OF(X509) *chain;
+} CERT_PKEY;
+
 typedef struct ssl_handshake_tls13_st {
 	uint16_t min_version;
 	uint16_t max_version;
@@ -443,6 +449,10 @@ typedef struct ssl_handshake_tls13_st {
 	int use_legacy;
 	int hrr;
 
+	/* Certificate and sigalg selected for use (static pointers). */
+	const CERT_PKEY *cpk;
+	const struct ssl_sigalg *sigalg;
+
 	/* Version proposed by peer server. */
 	uint16_t server_version;
 
@@ -985,12 +995,6 @@ typedef struct dtls1_state_internal_st {
 } DTLS1_STATE_INTERNAL;
 #define D1I(s) (s->d1->internal)
 
-typedef struct cert_pkey_st {
-	X509 *x509;
-	EVP_PKEY *privatekey;
-	STACK_OF(X509) *chain;
-} CERT_PKEY;
-
 typedef struct cert_st {
 	/* Current active set */
 	CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array
-- 
cgit v1.2.3-55-g6feb