Enable PSK in FIPS mode.

[oweals/openssl.git] / ssl / ssl3.h

diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index 87d3e0fccbebdfeac35976cbf4526cc0a0ebe54a..cb8b2492ec976704c89ecc32e8009f051398ead4 100644 (file)
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -355,10 +355,6 @@ typedef struct ssl3_record_st
 /*r */ unsigned char *comp;    /* only used with decompression - malloc()ed */
 /*r */  unsigned long epoch;    /* epoch number, needed by DTLS1 */
 /*r */  unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */
-/*rw*/ unsigned int orig_len;  /* How many bytes were available before padding
-                                  was removed? This is used to implement the
-                                  MAC check in constant time for CBC records.
-                                */
        } SSL3_RECORD;
 
 typedef struct ssl3_buffer_st
@@ -543,6 +539,15 @@ typedef struct ssl3_state_st
        /* Set if we saw the Next Protocol Negotiation extension from our peer. */
        int next_proto_neg_seen;
 #endif
+
+#ifndef OPENSSL_NO_TLSEXT
+#ifndef OPENSSL_NO_EC
+       /* This is set to true if we believe that this is a version of Safari
+        * running on OS X 10.6 or newer. We wish to know this because Safari
+        * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */
+       char is_probably_safari;
+#endif /* !OPENSSL_NO_EC */
+#endif /* !OPENSSL_NO_TLSEXT */
        } SSL3_STATE;
 
 #endif