diff options
author | Viktor Dukhovni <openssl-users@dukhovni.org> | 2018-11-10 01:53:56 -0500 |
---|---|---|
committer | Viktor Dukhovni <openssl-users@dukhovni.org> | 2018-11-12 16:53:32 -0500 |
commit | 45f247258a87b73e76f95631e0f4aa22298fd19c (patch) | |
tree | d041844eb6eb0047c6c37b4cdf3c1f08b6e7f245 /ssl | |
parent | 44197e961a66b8a2eda2a66857c8aa0c5059459c (diff) |
Added missing signature algorithm reflection functions
SSL_get_signature_nid() -- local signature algorithm
SSL_get_signature_type_nid() -- local signature algorithm key type
SSL_get_peer_tmp_key() -- Peer key-exchange public key
SSL_get_tmp_key -- local key exchange public key
Aliased pre-existing SSL_get_server_tmp_key(), which was formerly
just for clients, to SSL_get_peer_tmp_key(). Changed internal
calls to use the new name.
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s3_lib.c | 24 | ||||
-rw-r--r-- | ssl/t1_lib.c | 8 |
2 files changed, 30 insertions, 2 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 7713f767b2..866ca4dfa9 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3681,9 +3681,15 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) *(int *)parg = s->s3->tmp.peer_sigalg->hash; return 1; - case SSL_CTRL_GET_SERVER_TMP_KEY: + case SSL_CTRL_GET_SIGNATURE_NID: + if (s->s3->tmp.sigalg == NULL) + return 0; + *(int *)parg = s->s3->tmp.sigalg->hash; + return 1; + + case SSL_CTRL_GET_PEER_TMP_KEY: #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) - if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) { + if (s->session == NULL || s->s3->peer_tmp == NULL) { return 0; } else { EVP_PKEY_up_ref(s->s3->peer_tmp); @@ -3693,6 +3699,20 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) #else return 0; #endif + + case SSL_CTRL_GET_TMP_KEY: +#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) + if (s->session == NULL || s->s3->tmp.pkey == NULL) { + return 0; + } else { + EVP_PKEY_up_ref(s->s3->tmp.pkey); + *(EVP_PKEY **)parg = s->s3->tmp.pkey; + return 1; + } +#else + return 0; +#endif + #ifndef OPENSSL_NO_EC case SSL_CTRL_GET_EC_POINT_FORMATS: { diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 8e73d06c61..e79c7bf7d1 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1122,6 +1122,14 @@ int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid) return 1; } +int SSL_get_signature_type_nid(const SSL *s, int *pnid) +{ + if (s->s3->tmp.sigalg == NULL) + return 0; + *pnid = s->s3->tmp.sigalg->sig; + return 1; +} + /* * Set a mask of disabled algorithms: an algorithm is disabled if it isn't * supported, doesn't appear in supported signature algorithms, isn't supported |