From 811354ae1302b7cd68c86866b02f4ab4cf11322b Mon Sep 17 00:00:00 2001
From: beck <>
Date: Wed, 23 Jan 2019 16:46:04 +0000
Subject: Modify sigalgs extension processing for TLS 1.3. - Make a separate
 sigalgs list for TLS 1.3 including only modern   algorithm choices which we
 use when the handshake will not negotiate   TLS 1.2 - Modify the legacy
 sigalgs for TLS 1.2 to include the RSA PSS algorithms as   mandated by
 RFC8446 when the handshake will permit negotiation of TLS 1.2 ok jsing@ tb@

---
 src/lib/libssl/ssl_locl.h | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'src/lib/libssl/ssl_locl.h')

diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 7903d84890..e4b1341db5 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.228 2019/01/21 10:28:52 tb Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.229 2019/01/23 16:46:04 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -429,6 +429,9 @@ typedef struct ssl_handshake_st {
 	/* key_block is the record-layer key block for TLS 1.2 and earlier. */
 	int key_block_len;
 	unsigned char *key_block;
+
+	/* Extensions seen in this handshake. */
+	uint32_t extensions_seen;
 } SSL_HANDSHAKE;
 
 typedef struct ssl_handshake_tls13_st {
@@ -445,6 +448,9 @@ typedef struct ssl_handshake_tls13_st {
 	uint8_t *x25519_peer_public;
 
 	struct tls13_secrets *secrets;
+
+	uint8_t *cookie;
+	size_t cookie_len;
 } SSL_HANDSHAKE_TLS13;
 
 typedef struct ssl_ctx_internal_st {
@@ -1313,7 +1319,7 @@ int tls1_process_ticket(SSL *s, const unsigned char *session_id,
     int session_id_len, CBS *ext_block, SSL_SESSION **ret);
 
 long ssl_get_algorithm2(SSL *s);
-int tls1_process_sigalgs(SSL *s, CBS *cbs);
+int tls1_process_sigalgs(SSL *s, CBS *cbs, uint16_t *, size_t);
 
 int tls1_check_ec_server_key(SSL *s);
 
-- 
cgit v1.2.3-55-g6feb