From c70a1fee71119a9005b1f304a3bf47694b4a53ac Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Wed, 26 Dec 2012 14:26:16 +0000
Subject: Reorganise supported signature algorithm extension processing.

Only store encoded versions of peer and configured signature algorithms.
Determine shared signature algorithms and cache the result along with NID
equivalents of each algorithm.
(backport from HEAD)
---
 apps/s_cb.c | 26 +++++++++++++++++++++++---
 1 file changed, 23 insertions(+), 3 deletions(-)

(limited to 'apps/s_cb.c')

diff --git a/apps/s_cb.c b/apps/s_cb.c
index 4e21475332..bb9064b67a 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -285,20 +285,33 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
 	return 1;
 	}
 
-int ssl_print_sigalgs(BIO *out, SSL *s)
+static int do_print_sigalgs(BIO *out, SSL *s, int client, int shared)
 	{
 	int i, nsig;
-	nsig = SSL_get_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL);
+	if (shared)
+		nsig = SSL_get_shared_sigalgs(s, -1, NULL, NULL, NULL,
+							NULL, NULL);
+	else
+		nsig = SSL_get_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL);
 	if (nsig == 0)
 		return 1;
 
+	if (shared)
+		BIO_puts(out, "Shared ");
+
+	if (client)
+		BIO_puts(out, "Requested ");
 	BIO_puts(out, "Signature Algorithms: ");
 	for (i = 0; i < nsig; i++)
 		{
 		int hash_nid, sign_nid;
 		unsigned char rhash, rsign;
 		const char *sstr = NULL;
-		SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL,
+		if (shared)
+			SSL_get_shared_sigalgs(s, i, &sign_nid, &hash_nid, NULL,
+							&rsign, &rhash);
+		else
+			SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL,
 							&rsign, &rhash);
 		if (i)
 			BIO_puts(out, ":");
@@ -321,6 +334,13 @@ int ssl_print_sigalgs(BIO *out, SSL *s)
 	return 1;
 	}
 
+int ssl_print_sigalgs(BIO *out, SSL *s, int client)
+	{
+	do_print_sigalgs(out, s, client, 0);
+	do_print_sigalgs(out, s, client, 1);
+	return 1;
+	}
+
 int ssl_print_curves(BIO *out, SSL *s)
 	{
 	int i, ncurves, *curves, nid;
-- 
cgit v1.2.3