diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2012-12-26 18:13:49 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2012-12-26 18:13:49 +0000 |
| commit | 78b5d89ddfdc66b5bf5919b7858f11d2e491efbf (patch) | |
| tree | 47ad5f10067f62f4c9dcfc04ecfad8d758cc2b20 | |
| parent | b79df62eff0f48399a6e8d0cf4509992524bb0bd (diff) | |
Add support for printing out and retrieving EC point formats extension.
(backport from HEAD)
| -rw-r--r-- | CHANGES | 4 | ||||
| -rw-r--r-- | apps/s_apps.h | 1 | ||||
| -rw-r--r-- | apps/s_cb.c | 39 | ||||
| -rw-r--r-- | ssl/s3_lib.c | 13 | ||||
| -rw-r--r-- | ssl/ssl.h | 4 |
5 files changed, 61 insertions, 0 deletions
@@ -4,6 +4,10 @@ Changes between 1.0.1 and 1.0.2 [xx XXX xxxx] + *) New ctrl and macro to retrieve supported points extensions. + Print out extension in s_server. + [Steve Henson] + *) New functions to retrieve certificate signature and signature OID NID. [Steve Henson] diff --git a/apps/s_apps.h b/apps/s_apps.h index b45c1b9a56..e4e9bbcdbf 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -161,6 +161,7 @@ int set_cert_key_and_authz(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key, unsigned char *authz, size_t authz_length); # endif int ssl_print_sigalgs(BIO *out, SSL *s); +int ssl_print_point_formats(BIO *out, SSL *s); int ssl_print_curves(BIO *out, SSL *s); #endif int ssl_print_tmp_key(BIO *out, SSL *s); diff --git a/apps/s_cb.c b/apps/s_cb.c index fc40f391e3..2ac7656f06 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -418,6 +418,45 @@ int ssl_print_sigalgs(BIO *out, SSL *s) BIO_printf(out, "Peer signing digest: %s\n", OBJ_nid2sn(mdnid)); return 1; } + +int ssl_print_point_formats(BIO *out, SSL *s) + { + int i, nformats; + const char *pformats; + nformats = SSL_get0_ec_point_formats(s, &pformats); + if (nformats <= 0) + return 1; + BIO_puts(out, "Supported Elliptic Curve Point Formats: "); + for (i = 0; i < nformats; i++, pformats++) + { + if (i) + BIO_puts(out, ":"); + switch(*pformats) + { + case TLSEXT_ECPOINTFORMAT_uncompressed: + BIO_puts(out, "uncompressed"); + break; + + case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime: + BIO_puts(out, "ansiX962_compressed_prime"); + break; + + case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2: + BIO_puts(out, "ansiX962_compressed_char2"); + break; + + default: + BIO_printf(out, "unknown(%d)", (int)*pformats); + break; + + } + } + if (nformats <= 0) + BIO_puts(out, "NONE"); + BIO_puts(out, "\n"); + return 1; + } + int ssl_print_curves(BIO *out, SSL *s) { diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index f8b3e4a32a..9f5331ef32 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3514,6 +3514,19 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return 0; } + case SSL_CTRL_GET_EC_POINT_FORMATS: + if (!s->server) + return 0; + else + { + SSL_SESSION *sess = s->session; + const unsigned char **pformat = parg; + if (!sess || !sess->tlsext_ecpointformatlist) + return 0; + *pformat = sess->tlsext_ecpointformatlist; + return (int)sess->tlsext_ecpointformatlist_length; + } + default: break; } @@ -1700,6 +1700,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTRL_GET_PEER_SIGNATURE_NID 108 #define SSL_CTRL_GET_SERVER_TMP_KEY 109 #define SSL_CTRL_GET_RAW_CIPHERLIST 110 +#define SSL_CTRL_GET_EC_POINT_FORMATS 111 #define DTLSv1_get_timeout(ssl, arg) \ SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) @@ -1833,6 +1834,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_get0_raw_cipherlist(s, plst) \ SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst) +#define SSL_get0_ec_point_formats(s, plst) \ + SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst) + #ifndef OPENSSL_NO_BIO BIO_METHOD *BIO_f_ssl(void); BIO *BIO_new_ssl(SSL_CTX *ctx,int client); |