Commit e7f8ff43 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

New ctrls to retrieve supported signature algorithms and curves and 

extensions to s_client and s_server to print out retrieved valued.

Extend CERT structure to cache supported signature algorithm data.
parent 62b6948a

CHANGES

+5 −0
Original line number Diff line number Diff line
@@ -4,6 +4,11 @@ 


 Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]



  *) New ctrls to retrieve supported signature algorithms and 

     supported curve values as an array of NIDs. Extend openssl utility

     to print out received values.

     [Steve Henson]



  *) Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert

     between NIDs and the more common NIST names such as "P-256". Enhance

     ecparam utility and ECC method to recognise the NIST names for curves.

apps/s_apps.h

+2 −0
Original line number Diff line number Diff line
@@ -155,6 +155,8 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); 
#ifdef HEADER_SSL_H

int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);

int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);

int ssl_print_sigalgs(BIO *out, SSL *s);

int ssl_print_curves(BIO *out, SSL *s);

#endif

int init_client(int *sock, char *server, int port, int type);

int should_retry(int i);

apps/s_cb.c

+71 −0
Original line number Diff line number Diff line
@@ -278,6 +278,77 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key) 
	return 1;

	}



int ssl_print_sigalgs(BIO *out, SSL *s)

	{

	int i, nsig;

	nsig = SSL_get_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL);

	if (nsig == 0)

		return 1;



	BIO_puts(out, "Signature Algorithms: ");

	for (i = 0; i < nsig; i++)

		{

		int hash_nid, sign_nid;

		unsigned char rhash, rsign;

		const char *sstr = NULL;

		SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL,

							&rsign, &rhash);

		if (i)

			BIO_puts(out, ":");

		if (sign_nid == EVP_PKEY_RSA)

			sstr = "RSA";

		else if(sign_nid == EVP_PKEY_DSA)

			sstr = "DSA";

		else if(sign_nid == EVP_PKEY_EC)

			sstr = "ECDSA";

		if (sstr)

			BIO_printf(out,"%s+", sstr);

		else

			BIO_printf(out,"0x%02X+", (int)rsign);

		if (hash_nid != NID_undef)

			BIO_printf(out, "%s", OBJ_nid2sn(hash_nid));

		else

			BIO_printf(out,"0x%02X", (int)rhash);

		}

	BIO_puts(out, "\n");

	return 1;

	}



int ssl_print_curves(BIO *out, SSL *s)

	{

	int i, ncurves, *curves;

	ncurves = SSL_get1_curvelist(s, NULL);

	if (ncurves <= 0)

		return 1;

	curves = OPENSSL_malloc(ncurves * sizeof(int));

	SSL_get1_curvelist(s, curves);



	BIO_puts(out, "Supported Elliptic Curves: ");

	for (i = 0; i < ncurves; i++)

		{

		int nid;

		const char *cname;

		if (i)

			BIO_puts(out, ":");

		nid = curves[i];

		/* If unrecognised print out hex version */

		if (nid & TLSEXT_nid_unknown)

			BIO_printf(out, "0x%04X", nid & 0xFFFF);

		else

			{

			/* Use NIST name for curve if it exists */

			cname = EC_curve_nid2nist(nid);

			if (!cname)

				cname = OBJ_nid2sn(nid);

			BIO_printf(out, "%s", cname);

			}

		}

	BIO_puts(out, "\n");

	OPENSSL_free(curves);

	return 1;

	}





long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,

				   int argi, long argl, long ret)

	{

apps/s_client.c

+2 −0
Original line number Diff line number Diff line
@@ -2018,6 +2018,8 @@ static void print_stuff(BIO *bio, SSL *s, int full) 
			BIO_write(bio,"\n",1);

			}



		ssl_print_sigalgs(bio, s);



		BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",

			BIO_number_read(SSL_get_rbio(s)),

			BIO_number_written(SSL_get_wbio(s)));

apps/s_server.c

+5 −0
Original line number Diff line number Diff line
@@ -2472,7 +2472,10 @@ static int init_ssl_connection(SSL *con) 
	if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL)

		BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);

	str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));

	ssl_print_sigalgs(bio_s_out, con);

	ssl_print_curves(bio_s_out, con);

	BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");



#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)

	SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len);

	if (next_proto_neg)
@@ -2806,6 +2809,8 @@ static int www_body(char *hostname, int s, unsigned char *context) 
					}

				BIO_puts(io,"\n");

				}

			ssl_print_sigalgs(io, con);

			ssl_print_curves(io, con);

			BIO_printf(io,(SSL_cache_hit(con)

				?"---\nReused, "

				:"---\nNew, "));