Add TLS 1.2 digests patch

Fixes a bug with handling TLS 1.2 and digest functions for DSA and ECDSA
keys.

Patch from Adam Langley <agl@chromium.org>

Change-Id: I11b74472c0df16eca8de3aa36413686603814243

1 files changed, 10 insertions, 1 deletions

diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h
index fee9671..215b985 100644
--- a/include/openssl/ssl3.h
+++ b/include/openssl/ssl3.h
@@ -550,6 +550,16 @@ typedef struct ssl3_state_st
 	 *     verified Channel ID from the client: a P256 point, (x,y), where
 	 *     each are big-endian values. */
 	unsigned char tlsext_channel_id[64];
+
+	/* These point to the digest function to use for signatures made with
+	 * each type of public key. A NULL value indicates that the default
+	 * digest should be used, which is SHA1 as of TLS 1.2.
+	 *
+	 * (These should be in the tmp member, but we have to put them here to
+	 * ensure binary compatibility with earlier OpenSSL 1.0.* releases.) */
+	const EVP_MD *digest_rsa;
+	const EVP_MD *digest_dsa;
+	const EVP_MD *digest_ecdsa;
 	} SSL3_STATE;
 
 #endif
@@ -699,4 +709,3 @@ typedef struct ssl3_state_st
 }
 #endif
 #endif
-