diff options
| author | Viktor Dukhovni <openssl-users@dukhovni.org> | 2018-11-10 07:53:56 +0100 |
|---|---|---|
| committer | Viktor Dukhovni <openssl-users@dukhovni.org> | 2018-11-12 22:55:38 +0100 |
| commit | a51c9f637cdef7926d8a8991365e4b58975346db (patch) | |
| tree | 12af19e095f480092b42d3884a6c07e8ba79f985 /ssl | |
| parent | Merge the CA list documentation for clarity (diff) | |
| download | openssl-a51c9f637cdef7926d8a8991365e4b58975346db.tar.xz openssl-a51c9f637cdef7926d8a8991365e4b58975346db.zip | |
Added missing signature algorithm reflection functions
SSL_get_signature_nid() -- local signature algorithm
SSL_get_signature_type_nid() -- local signature algorithm key type
SSL_get_peer_tmp_key() -- Peer key-exchange public key
SSL_get_tmp_key -- local key exchange public key
Aliased pre-existing SSL_get_server_tmp_key(), which was formerly
just for clients, to SSL_get_peer_tmp_key(). Changed internal
calls to use the new name.
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/s3_lib.c | 24 | ||||
| -rw-r--r-- | ssl/t1_lib.c | 8 |
2 files changed, 30 insertions, 2 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 7713f767b2..866ca4dfa9 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3681,9 +3681,15 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) *(int *)parg = s->s3->tmp.peer_sigalg->hash; return 1; - case SSL_CTRL_GET_SERVER_TMP_KEY: + case SSL_CTRL_GET_SIGNATURE_NID: + if (s->s3->tmp.sigalg == NULL) + return 0; + *(int *)parg = s->s3->tmp.sigalg->hash; + return 1; + + case SSL_CTRL_GET_PEER_TMP_KEY: #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) - if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) { + if (s->session == NULL || s->s3->peer_tmp == NULL) { return 0; } else { EVP_PKEY_up_ref(s->s3->peer_tmp); @@ -3693,6 +3699,20 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) #else return 0; #endif + + case SSL_CTRL_GET_TMP_KEY: +#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) + if (s->session == NULL || s->s3->tmp.pkey == NULL) { + return 0; + } else { + EVP_PKEY_up_ref(s->s3->tmp.pkey); + *(EVP_PKEY **)parg = s->s3->tmp.pkey; + return 1; + } +#else + return 0; +#endif + #ifndef OPENSSL_NO_EC case SSL_CTRL_GET_EC_POINT_FORMATS: { diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index ddafa0c623..fe13a39c38 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1122,6 +1122,14 @@ int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid) return 1; } +int SSL_get_signature_type_nid(const SSL *s, int *pnid) +{ + if (s->s3->tmp.sigalg == NULL) + return 0; + *pnid = s->s3->tmp.sigalg->sig; + return 1; +} + /* * Set a mask of disabled algorithms: an algorithm is disabled if it isn't * supported, doesn't appear in supported signature algorithms, isn't supported |