diff --git a/CHANGES b/CHANGES index 534b9481e973f81caafe12402343576e6c23c343..cb42f9d3b088b043e6282da53122e4f559dbc6d1 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,10 @@ Changes between 1.0.x and 1.1.0 [xx XXX xxxx] + *) New ctrl and macro to retrieve supported points extensions. + Print out extension in s_server. + [Steve Henson] + *) New function ASN1_TIME_diff to calculate the difference between two ASN1_TIME structures or one structure and the current time. [Steve Henson] diff --git a/apps/s_apps.h b/apps/s_apps.h index 30ce8830a65dad69fd34a0e08a486a1ef384bd4e..5d7d158a7d53dc4c81bec8acb22fdeac89f7cb87 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -161,6 +161,7 @@ int set_cert_key_and_authz(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key, unsigned char *authz, size_t authz_length); # endif int ssl_print_sigalgs(BIO *out, SSL *s); +int ssl_print_point_formats(BIO *out, SSL *s); int ssl_print_curves(BIO *out, SSL *s, int noshared); #endif int ssl_print_tmp_key(BIO *out, SSL *s); diff --git a/apps/s_cb.c b/apps/s_cb.c index 11b6ea5d99c35bcc9d9c6408785f5b99223e3f92..c83687fb0b7d27fa049c8a83b6e7e79b996b684c 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -424,6 +424,44 @@ int ssl_print_sigalgs(BIO *out, SSL *s) return 1; } +int ssl_print_point_formats(BIO *out, SSL *s) + { + int i, nformats; + const char *pformats; + nformats = SSL_get0_ec_point_formats(s, &pformats); + if (nformats <= 0) + return 1; + BIO_puts(out, "Supported Elliptic Curve Point Formats: "); + for (i = 0; i < nformats; i++, pformats++) + { + if (i) + BIO_puts(out, ":"); + switch(*pformats) + { + case TLSEXT_ECPOINTFORMAT_uncompressed: + BIO_puts(out, "uncompressed"); + break; + + case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime: + BIO_puts(out, "ansiX962_compressed_prime"); + break; + + case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2: + BIO_puts(out, "ansiX962_compressed_char2"); + break; + + default: + BIO_printf(out, "unknown(%d)", (int)*pformats); + break; + + } + } + if (nformats <= 0) + BIO_puts(out, "NONE"); + BIO_puts(out, "\n"); + return 1; + } + int ssl_print_curves(BIO *out, SSL *s, int noshared) { int i, ncurves, *curves, nid; @@ -1528,7 +1566,10 @@ void print_ssl_summary(BIO *bio, SSL *s) if (peer) X509_free(peer); if (SSL_is_server(s)) + { + ssl_print_point_formats(bio, s); ssl_print_curves(bio, s, 1); + } else ssl_print_tmp_key(bio, s); } diff --git a/apps/s_server.c b/apps/s_server.c index 310f85b067f3592a9816454399aa89a19415b162..f9e33e72c29aeebd37c45f526246eebf9042f702 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2558,6 +2558,7 @@ static int init_ssl_connection(SSL *con) BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf); str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); ssl_print_sigalgs(bio_s_out, con); + ssl_print_point_formats(bio_s_out, con); ssl_print_curves(bio_s_out, con, 0); BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)"); diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 6a4ba395c1a1d0b4a8aca2b663341af9ca8f35d1..c6ecd8ff00b65f5e9403f20f6aaa67a868198eb7 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3530,6 +3530,19 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return 0; } + case SSL_CTRL_GET_EC_POINT_FORMATS: + if (!s->server) + return 0; + else + { + SSL_SESSION *sess = s->session; + const unsigned char **pformat = parg; + if (!sess || !sess->tlsext_ecpointformatlist) + return 0; + *pformat = sess->tlsext_ecpointformatlist; + return (int)sess->tlsext_ecpointformatlist_length; + } + default: break; } diff --git a/ssl/ssl.h b/ssl/ssl.h index 58086250e2639881ea44577abe83a374b9115e7d..3c9ba9c024c6dbd1d97ec11338e9587c1528e3c9 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1720,6 +1720,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTRL_GET_PEER_SIGNATURE_NID 108 #define SSL_CTRL_GET_SERVER_TMP_KEY 109 #define SSL_CTRL_GET_RAW_CIPHERLIST 110 +#define SSL_CTRL_GET_EC_POINT_FORMATS 111 #define DTLSv1_get_timeout(ssl, arg) \ SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) @@ -1853,6 +1854,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_get0_raw_cipherlist(s, plst) \ SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst) +#define SSL_get0_ec_point_formats(s, plst) \ + SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst) + #ifndef OPENSSL_NO_BIO BIO_METHOD *BIO_f_ssl(void); BIO *BIO_new_ssl(SSL_CTX *ctx,int client);