From: Dr. Stephen Henson Date: Wed, 26 Dec 2012 18:13:49 +0000 (+0000) Subject: Add support for printing out and retrieving EC point formats extension. X-Git-Tag: OpenSSL_1_0_2-beta1~487 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=78b5d89ddfdc66b5bf5919b7858f11d2e491efbf;p=oweals%2Fopenssl.git Add support for printing out and retrieving EC point formats extension. (backport from HEAD) --- diff --git a/CHANGES b/CHANGES index 0c64d156a1..1789ce49c8 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,10 @@ Changes between 1.0.1 and 1.0.2 [xx XXX xxxx] + *) New ctrl and macro to retrieve supported points extensions. + Print out extension in s_server. + [Steve Henson] + *) New functions to retrieve certificate signature and signature OID NID. [Steve Henson] diff --git a/apps/s_apps.h b/apps/s_apps.h index b45c1b9a56..e4e9bbcdbf 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -161,6 +161,7 @@ int set_cert_key_and_authz(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key, unsigned char *authz, size_t authz_length); # endif int ssl_print_sigalgs(BIO *out, SSL *s); +int ssl_print_point_formats(BIO *out, SSL *s); int ssl_print_curves(BIO *out, SSL *s); #endif int ssl_print_tmp_key(BIO *out, SSL *s); diff --git a/apps/s_cb.c b/apps/s_cb.c index fc40f391e3..2ac7656f06 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -418,6 +418,45 @@ int ssl_print_sigalgs(BIO *out, SSL *s) BIO_printf(out, "Peer signing digest: %s\n", OBJ_nid2sn(mdnid)); return 1; } + +int ssl_print_point_formats(BIO *out, SSL *s) + { + int i, nformats; + const char *pformats; + nformats = SSL_get0_ec_point_formats(s, &pformats); + if (nformats <= 0) + return 1; + BIO_puts(out, "Supported Elliptic Curve Point Formats: "); + for (i = 0; i < nformats; i++, pformats++) + { + if (i) + BIO_puts(out, ":"); + switch(*pformats) + { + case TLSEXT_ECPOINTFORMAT_uncompressed: + BIO_puts(out, "uncompressed"); + break; + + case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime: + BIO_puts(out, "ansiX962_compressed_prime"); + break; + + case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2: + BIO_puts(out, "ansiX962_compressed_char2"); + break; + + default: + BIO_printf(out, "unknown(%d)", (int)*pformats); + break; + + } + } + if (nformats <= 0) + BIO_puts(out, "NONE"); + BIO_puts(out, "\n"); + return 1; + } + int ssl_print_curves(BIO *out, SSL *s) { diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index f8b3e4a32a..9f5331ef32 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3514,6 +3514,19 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return 0; } + case SSL_CTRL_GET_EC_POINT_FORMATS: + if (!s->server) + return 0; + else + { + SSL_SESSION *sess = s->session; + const unsigned char **pformat = parg; + if (!sess || !sess->tlsext_ecpointformatlist) + return 0; + *pformat = sess->tlsext_ecpointformatlist; + return (int)sess->tlsext_ecpointformatlist_length; + } + default: break; } diff --git a/ssl/ssl.h b/ssl/ssl.h index c6cc41b1b2..f4b802bac8 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1700,6 +1700,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTRL_GET_PEER_SIGNATURE_NID 108 #define SSL_CTRL_GET_SERVER_TMP_KEY 109 #define SSL_CTRL_GET_RAW_CIPHERLIST 110 +#define SSL_CTRL_GET_EC_POINT_FORMATS 111 #define DTLSv1_get_timeout(ssl, arg) \ SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) @@ -1833,6 +1834,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_get0_raw_cipherlist(s, plst) \ SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst) +#define SSL_get0_ec_point_formats(s, plst) \ + SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst) + #ifndef OPENSSL_NO_BIO BIO_METHOD *BIO_f_ssl(void); BIO *BIO_new_ssl(SSL_CTX *ctx,int client);