New tls channel id version for OpenSSL

openssl/ssl/ssl_locl.h

Index: openssl/ssl/ssl_locl.h
diff --git a/openssl/ssl/ssl_locl.h b/openssl/ssl/ssl_locl.h
index 37328256ed281ace41df76186175b9542610675e..9eeef9b7fd3aed9ec431ece34313f640d7a55cf6 100644
--- a/openssl/ssl/ssl_locl.h
+++ b/openssl/ssl/ssl_locl.h
@@ -1102,6 +1102,7 @@ void ssl_free_wbio_buffer(SSL *s);
 int tls1_change_cipher_state(SSL *s, int which);
 int tls1_setup_key_block(SSL *s);
 int tls1_enc(SSL *s, int snd);
+int tls1_handshake_digest(SSL *s, unsigned char *out, size_t out_len);

[wtc, 2014/04/30 14:11:50]

Nit: tls1_handshake_digest => tls1_handshake_hash ?

Unless handshake digest is the term commonly used in OpenSSL.

[haavardm, 2014/05/05 14:12:45]

Handshake digest seems to be the term OpenSSL uses.

 int tls1_final_finish_mac(SSL *s,
 	const char *str, int slen, unsigned char *p);
 int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
@@ -1158,6 +1159,7 @@ int tls12_get_sigid(const EVP_PKEY *pk);
 const EVP_MD *tls12_get_hash(unsigned char hash_alg);
 
 int tls1_channel_id_hash(EVP_MD_CTX *ctx, SSL *s);
+int tls1_record_handshake_hashes_for_channel_id(SSL *s);

[wtc, 2014/04/30 14:11:50]

Nit: handshake_hashes => handshake_hash (singular)?

[haavardm, 2014/05/05 14:12:45]

The naming here seems to be a bit inconsistent. I would argue that plural is
correct and that session->original_handshake_hash should be renamed to
original_hashes, since session->original_handshake_hash contains a concatenation
of all hashes in the handshake.

 #endif
 
 int ssl3_can_cutthrough(const SSL *s);