提交 20b431e3 编写于 作者: D Dr. Stephen Henson

Add support for printing out and retrieving EC point formats extension.

上级 e83aefb3
...@@ -4,6 +4,10 @@ ...@@ -4,6 +4,10 @@
Changes between 1.0.x and 1.1.0 [xx XXX xxxx] Changes between 1.0.x and 1.1.0 [xx XXX xxxx]
*) New ctrl and macro to retrieve supported points extensions.
Print out extension in s_server.
[Steve Henson]
*) New function ASN1_TIME_diff to calculate the difference between two *) New function ASN1_TIME_diff to calculate the difference between two
ASN1_TIME structures or one structure and the current time. ASN1_TIME structures or one structure and the current time.
[Steve Henson] [Steve Henson]
......
...@@ -161,6 +161,7 @@ int set_cert_key_and_authz(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key, ...@@ -161,6 +161,7 @@ int set_cert_key_and_authz(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
unsigned char *authz, size_t authz_length); unsigned char *authz, size_t authz_length);
# endif # endif
int ssl_print_sigalgs(BIO *out, SSL *s); int ssl_print_sigalgs(BIO *out, SSL *s);
int ssl_print_point_formats(BIO *out, SSL *s);
int ssl_print_curves(BIO *out, SSL *s, int noshared); int ssl_print_curves(BIO *out, SSL *s, int noshared);
#endif #endif
int ssl_print_tmp_key(BIO *out, SSL *s); int ssl_print_tmp_key(BIO *out, SSL *s);
......
...@@ -424,6 +424,44 @@ int ssl_print_sigalgs(BIO *out, SSL *s) ...@@ -424,6 +424,44 @@ int ssl_print_sigalgs(BIO *out, SSL *s)
return 1; return 1;
} }
int ssl_print_point_formats(BIO *out, SSL *s)
{
int i, nformats;
const char *pformats;
nformats = SSL_get0_ec_point_formats(s, &pformats);
if (nformats <= 0)
return 1;
BIO_puts(out, "Supported Elliptic Curve Point Formats: ");
for (i = 0; i < nformats; i++, pformats++)
{
if (i)
BIO_puts(out, ":");
switch(*pformats)
{
case TLSEXT_ECPOINTFORMAT_uncompressed:
BIO_puts(out, "uncompressed");
break;
case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime:
BIO_puts(out, "ansiX962_compressed_prime");
break;
case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2:
BIO_puts(out, "ansiX962_compressed_char2");
break;
default:
BIO_printf(out, "unknown(%d)", (int)*pformats);
break;
}
}
if (nformats <= 0)
BIO_puts(out, "NONE");
BIO_puts(out, "\n");
return 1;
}
int ssl_print_curves(BIO *out, SSL *s, int noshared) int ssl_print_curves(BIO *out, SSL *s, int noshared)
{ {
int i, ncurves, *curves, nid; int i, ncurves, *curves, nid;
...@@ -1528,7 +1566,10 @@ void print_ssl_summary(BIO *bio, SSL *s) ...@@ -1528,7 +1566,10 @@ void print_ssl_summary(BIO *bio, SSL *s)
if (peer) if (peer)
X509_free(peer); X509_free(peer);
if (SSL_is_server(s)) if (SSL_is_server(s))
{
ssl_print_point_formats(bio, s);
ssl_print_curves(bio, s, 1); ssl_print_curves(bio, s, 1);
}
else else
ssl_print_tmp_key(bio, s); ssl_print_tmp_key(bio, s);
} }
......
...@@ -2558,6 +2558,7 @@ static int init_ssl_connection(SSL *con) ...@@ -2558,6 +2558,7 @@ static int init_ssl_connection(SSL *con)
BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf); BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
ssl_print_sigalgs(bio_s_out, con); ssl_print_sigalgs(bio_s_out, con);
ssl_print_point_formats(bio_s_out, con);
ssl_print_curves(bio_s_out, con, 0); ssl_print_curves(bio_s_out, con, 0);
BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)"); BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
......
...@@ -3530,6 +3530,19 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) ...@@ -3530,6 +3530,19 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
return 0; return 0;
} }
case SSL_CTRL_GET_EC_POINT_FORMATS:
if (!s->server)
return 0;
else
{
SSL_SESSION *sess = s->session;
const unsigned char **pformat = parg;
if (!sess || !sess->tlsext_ecpointformatlist)
return 0;
*pformat = sess->tlsext_ecpointformatlist;
return (int)sess->tlsext_ecpointformatlist_length;
}
default: default:
break; break;
} }
......
...@@ -1720,6 +1720,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) ...@@ -1720,6 +1720,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
#define SSL_CTRL_GET_PEER_SIGNATURE_NID 108 #define SSL_CTRL_GET_PEER_SIGNATURE_NID 108
#define SSL_CTRL_GET_SERVER_TMP_KEY 109 #define SSL_CTRL_GET_SERVER_TMP_KEY 109
#define SSL_CTRL_GET_RAW_CIPHERLIST 110 #define SSL_CTRL_GET_RAW_CIPHERLIST 110
#define SSL_CTRL_GET_EC_POINT_FORMATS 111
#define DTLSv1_get_timeout(ssl, arg) \ #define DTLSv1_get_timeout(ssl, arg) \
SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
...@@ -1853,6 +1854,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) ...@@ -1853,6 +1854,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
#define SSL_get0_raw_cipherlist(s, plst) \ #define SSL_get0_raw_cipherlist(s, plst) \
SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst) SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst)
#define SSL_get0_ec_point_formats(s, plst) \
SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst)
#ifndef OPENSSL_NO_BIO #ifndef OPENSSL_NO_BIO
BIO_METHOD *BIO_f_ssl(void); BIO_METHOD *BIO_f_ssl(void);
BIO *BIO_new_ssl(SSL_CTX *ctx,int client); BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册