From 9727f4e7fd02e55b637058249cd8e1bc80501c7f Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Fri, 20 Mar 2020 12:37:20 +0000
Subject: Use a fetched cipher for the TLSv1.3 early secret

We should use an explicitly fetched cipher to ensure that we are using
the correct libctx and property query.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11402)
---
 ssl/ssl_local.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'ssl/ssl_local.h')

diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index d9092161ff..c48bcb9a9a 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -2363,6 +2363,8 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
                                 STACK_OF(SSL_CIPHER) **scsvs, int sslv2format,
                                 int fatal);
 void ssl_update_cache(SSL *s, int mode);
+__owur int ssl_cipher_get_evp_cipher(SSL_CTX *ctx, const SSL_CIPHER *sslc,
+                                     const EVP_CIPHER **enc);
 __owur int ssl_cipher_get_evp(SSL_CTX *ctxc, const SSL_SESSION *s,
                               const EVP_CIPHER **enc, const EVP_MD **md,
                               int *mac_pkey_type, size_t *mac_secret_size,
-- 
cgit v1.2.3