diff options
author | Viktor Dukhovni <openssl-users@dukhovni.org> | 2018-11-10 01:53:56 -0500 |
---|---|---|
committer | Viktor Dukhovni <openssl-users@dukhovni.org> | 2018-11-12 16:55:38 -0500 |
commit | a51c9f637cdef7926d8a8991365e4b58975346db (patch) | |
tree | 12af19e095f480092b42d3884a6c07e8ba79f985 /doc/man3 | |
parent | 6e68dae85a8f91944370125561c7ec0d5da46c20 (diff) |
Added missing signature algorithm reflection functions
SSL_get_signature_nid() -- local signature algorithm
SSL_get_signature_type_nid() -- local signature algorithm key type
SSL_get_peer_tmp_key() -- Peer key-exchange public key
SSL_get_tmp_key -- local key exchange public key
Aliased pre-existing SSL_get_server_tmp_key(), which was formerly
just for clients, to SSL_get_peer_tmp_key(). Changed internal
calls to use the new name.
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'doc/man3')
-rw-r--r-- | doc/man3/SSL_get_peer_signature_nid.pod | 12 | ||||
-rw-r--r-- | doc/man3/SSL_get_peer_tmp_key.pod (renamed from doc/man3/SSL_get_server_tmp_key.pod) | 22 |
2 files changed, 25 insertions, 9 deletions
diff --git a/doc/man3/SSL_get_peer_signature_nid.pod b/doc/man3/SSL_get_peer_signature_nid.pod index ce6ab61f5e..dbca8cffb9 100644 --- a/doc/man3/SSL_get_peer_signature_nid.pod +++ b/doc/man3/SSL_get_peer_signature_nid.pod @@ -2,8 +2,9 @@ =head1 NAME -SSL_get_peer_signature_nid, SSL_get_peer_signature_type_nid - get TLS -message signing types +SSL_get_peer_signature_nid, SSL_get_peer_signature_type_nid, +SSL_get_signature_nid, SSL_get_signature_type_nid - get TLS message signing +types =head1 SYNOPSIS @@ -11,6 +12,8 @@ message signing types int SSL_get_peer_signature_nid(SSL *ssl, int *psig_nid); int SSL_get_peer_signature_type_nid(const SSL *ssl, int *psigtype_nid); + int SSL_get_signature_nid(SSL *ssl, int *psig_nid); + int SSL_get_signature_type_nid(const SSL *ssl, int *psigtype_nid); =head1 DESCRIPTION @@ -24,12 +27,15 @@ where it is B<EVP_PKEY_RSA_PSS>. To differentiate between B<rsa_pss_rsae_*> and B<rsa_pss_pss_*> signatures, it's necessary to check the type of public key in the peer's certificate. +SSL_get_signature_nid() and SSL_get_signature_type_nid() return the equivalent +information for the local end of the connection. + =head1 RETURN VALUES These functions return 1 for success and 0 for failure. There are several possible reasons for failure: the cipher suite has no signature (e.g. it uses RSA key exchange or is anonymous), the TLS version is below 1.2 or -the functions were called before the peer signed a message. +the functions were called too early, e.g. before the peer signed a message. =head1 SEE ALSO diff --git a/doc/man3/SSL_get_server_tmp_key.pod b/doc/man3/SSL_get_peer_tmp_key.pod index fda891b7a8..23006b3a12 100644 --- a/doc/man3/SSL_get_server_tmp_key.pod +++ b/doc/man3/SSL_get_peer_tmp_key.pod @@ -2,26 +2,36 @@ =head1 NAME -SSL_get_server_tmp_key - get information about the server's temporary key used -during a handshake +SSL_get_peer_tmp_key, SSL_get_server_tmp_key, SSL_get_tmp_key - get information +about temporary keys used during a handshake =head1 SYNOPSIS #include <openssl/ssl.h> + long SSL_get_peer_tmp_key(SSL *ssl, EVP_PKEY **key); long SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **key); + long SSL_get_tmp_key(SSL *ssl, EVP_PKEY **key); =head1 DESCRIPTION -SSL_get_server_tmp_key() returns the temporary key provided by the server and +SSL_get_peer_tmp_key() returns the temporary key provided by the peer and used during key exchange. For example, if ECDHE is in use, then this represents -the server's public ECDHE key. On success a pointer to the key is stored in +the peer's public ECDHE key. On success a pointer to the key is stored in B<*key>. It is the caller's responsibility to free this key after use using -L<EVP_PKEY_free(3)>. This function may only be called by the client. +L<EVP_PKEY_free(3)>. + +SSL_get_server_tmp_key() is a backwards compatibility alias for +SSL_get_peer_tmp_key(). +Under that name it worked just on the client side of the connection, its +behaviour on the server end is release-dependent. + +SSL_get_tmp_key() returns the equivalent information for the local +end of the connection. =head1 RETURN VALUES -SSL_get_server_tmp_key() returns 1 on success or 0 otherwise. +All these functions return 1 on success and 0 otherwise. =head1 NOTES |