Add support for printing out and retrieving EC point formats extension.

6 files changed, 64 insertions, 0 deletions

diff --git a/CHANGES b/CHANGES
index 534b9481e9..cb42f9d3b0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 1.0.x and 1.1.0  [xx XXX xxxx]
 
+  *) New ctrl and macro to retrieve supported points extensions.
+     Print out extension in s_server.
+     [Steve Henson]
+
   *) New function ASN1_TIME_diff to calculate the difference between two
      ASN1_TIME structures or one structure and the current time.
      [Steve Henson]
diff --git a/apps/s_apps.h b/apps/s_apps.h
index 30ce8830a6..5d7d158a7d 100644
--- a/apps/s_apps.h
+++ b/apps/s_apps.h
@@ -161,6 +161,7 @@ int set_cert_key_and_authz(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
                            unsigned char *authz, size_t authz_length);
 # endif
 int ssl_print_sigalgs(BIO *out, SSL *s);
+int ssl_print_point_formats(BIO *out, SSL *s);
 int ssl_print_curves(BIO *out, SSL *s, int noshared);
 #endif
 int ssl_print_tmp_key(BIO *out, SSL *s);
diff --git a/apps/s_cb.c b/apps/s_cb.c
index 11b6ea5d99..c83687fb0b 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -424,6 +424,44 @@ int ssl_print_sigalgs(BIO *out, SSL *s)
 	return 1;
 	}
 
+int ssl_print_point_formats(BIO *out, SSL *s)
+	{
+	int i, nformats;
+	const char *pformats;
+	nformats = SSL_get0_ec_point_formats(s, &pformats);
+	if (nformats <= 0)
+		return 1;
+	BIO_puts(out, "Supported Elliptic Curve Point Formats: ");
+	for (i = 0; i < nformats; i++, pformats++)
+		{
+		if (i)
+			BIO_puts(out, ":");
+		switch(*pformats)
+			{
+		case TLSEXT_ECPOINTFORMAT_uncompressed:
+			BIO_puts(out, "uncompressed");
+			break;
+
+		case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime:
+			BIO_puts(out, "ansiX962_compressed_prime");
+			break;
+
+		case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2:
+			BIO_puts(out, "ansiX962_compressed_char2");
+			break;
+
+		default:
+			BIO_printf(out, "unknown(%d)", (int)*pformats);
+			break;
+
+			}
+		}
+	if (nformats <= 0)
+		BIO_puts(out, "NONE");
+	BIO_puts(out, "\n");
+	return 1;
+	}
+
 int ssl_print_curves(BIO *out, SSL *s, int noshared)
 	{
 	int i, ncurves, *curves, nid;
@@ -1528,7 +1566,10 @@ void print_ssl_summary(BIO *bio, SSL *s)
 	if (peer)
 		X509_free(peer);
 	if (SSL_is_server(s))
+		{
+		ssl_print_point_formats(bio, s);
 		ssl_print_curves(bio, s, 1);
+		}
 	else
 		ssl_print_tmp_key(bio, s);
 	}
diff --git a/apps/s_server.c b/apps/s_server.c
index 310f85b067..f9e33e72c2 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -2558,6 +2558,7 @@ static int init_ssl_connection(SSL *con)
 		BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
 	str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
 	ssl_print_sigalgs(bio_s_out, con);
+	ssl_print_point_formats(bio_s_out, con);
 	ssl_print_curves(bio_s_out, con, 0);
 	BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
 
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 6a4ba395c1..c6ecd8ff00 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3530,6 +3530,19 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 			return 0;
 			}
 
+	case SSL_CTRL_GET_EC_POINT_FORMATS:
+		if (!s->server)
+			return 0;
+		else
+			{
+			SSL_SESSION *sess = s->session;
+			const unsigned char **pformat = parg;
+			if (!sess || !sess->tlsext_ecpointformatlist)
+				return 0;
+			*pformat = sess->tlsext_ecpointformatlist;
+			return (int)sess->tlsext_ecpointformatlist_length;
+			}
+
 	default:
 		break;
 		}
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 58086250e2..3c9ba9c024 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1720,6 +1720,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_CTRL_GET_PEER_SIGNATURE_NID		108
 #define SSL_CTRL_GET_SERVER_TMP_KEY		109
 #define SSL_CTRL_GET_RAW_CIPHERLIST		110
+#define SSL_CTRL_GET_EC_POINT_FORMATS		111
 
 #define DTLSv1_get_timeout(ssl, arg) \
 	SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
@@ -1853,6 +1854,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_get0_raw_cipherlist(s, plst) \
 	SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst)
 
+#define SSL_get0_ec_point_formats(s, plst) \
+	SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst)
+
 #ifndef OPENSSL_NO_BIO
 BIO_METHOD *BIO_f_ssl(void);
 BIO *BIO_new_ssl(SSL_CTX *ctx,int client);