Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
大约 1 年 前同步成功

通知 9
Star 18
Fork 1
T
Third Party Openssl

体验新版 GitCode,发现更多精彩内容 >>

提交 319354eb 编写于 作者: D Dr. Stephen Henson
浏览文件
操作

store and print out message digest peer signed with in TLS 1.2

上级 e7db9896
隐藏空白更改
内联 并排
Showing with 31 addition and 0 deletion
apps/s_cb.c
浏览文件 @ 319354eb
...@@ -409,10 +409,13 @@ static int do_print_sigalgs(BIO *out, SSL *s, int shared) ...@@ -409,10 +409,13 @@ static int do_print_sigalgs(BIO *out, SSL *s, int shared)
int ssl_print_sigalgs(BIO *out, SSL *s) int ssl_print_sigalgs(BIO *out, SSL *s)
{ {
int mdnid;
if (!SSL_is_server(s)) if (!SSL_is_server(s))
ssl_print_client_cert_types(out, s); ssl_print_client_cert_types(out, s);
do_print_sigalgs(out, s, 0); do_print_sigalgs(out, s, 0);
do_print_sigalgs(out, s, 1); do_print_sigalgs(out, s, 1);
if (SSL_get_peer_signature_nid(s, &mdnid))
BIO_printf(out, "Peer signing digest: %s\n", OBJ_nid2sn(mdnid));
return 1; return 1;
} }
......
ssl/s3_lib.c
浏览文件 @ 319354eb
...@@ -3458,6 +3458,25 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) ...@@ -3458,6 +3458,25 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
case SSL_CTRL_SET_CHAIN_CERT_STORE: case SSL_CTRL_SET_CHAIN_CERT_STORE:
return ssl_cert_set_cert_store(s->cert, parg, 1, larg); return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
case SSL_CTRL_GET_PEER_SIGNATURE_NID:
if (TLS1_get_version(s) >= TLS1_2_VERSION)
{
if (s->session && s->session->sess_cert)
{
const EVP_MD *sig;
sig = s->session->sess_cert->peer_key->digest;
if (sig)
{
*(int *)parg = EVP_MD_type(sig);
return 1;
}
}
return 0;
}
/* Might want to do something here for other versions */
else
return 0;
default: default:
break; break;
} }
......
ssl/ssl.h
浏览文件 @ 319354eb
...@@ -1707,6 +1707,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) ...@@ -1707,6 +1707,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
#define SSL_CTRL_BUILD_CERT_CHAIN 105 #define SSL_CTRL_BUILD_CERT_CHAIN 105
#define SSL_CTRL_SET_VERIFY_CERT_STORE 106 #define SSL_CTRL_SET_VERIFY_CERT_STORE 106
#define SSL_CTRL_SET_CHAIN_CERT_STORE 107 #define SSL_CTRL_SET_CHAIN_CERT_STORE 107
#define SSL_CTRL_GET_PEER_SIGNATURE_NID 108
#define DTLSv1_get_timeout(ssl, arg) \ #define DTLSv1_get_timeout(ssl, arg) \
SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
...@@ -1831,6 +1832,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) ...@@ -1831,6 +1832,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
#define SSL_set1_client_certificate_types(s, clist, clistlen) \ #define SSL_set1_client_certificate_types(s, clist, clistlen) \
SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)clist) SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)clist)
#define SSL_get_peer_signature_nid(s, pn) \
SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn)
#ifndef OPENSSL_NO_BIO #ifndef OPENSSL_NO_BIO
BIO_METHOD *BIO_f_ssl(void); BIO_METHOD *BIO_f_ssl(void);
BIO *BIO_new_ssl(SSL_CTX *ctx,int client); BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
......
ssl/t1_lib.c
浏览文件 @ 319354eb
...@@ -922,6 +922,11 @@ int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s, ...@@ -922,6 +922,11 @@ int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG,SSL_R_UNKNOWN_DIGEST); SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG,SSL_R_UNKNOWN_DIGEST);
return 0; return 0;
} }
/* Store the digest used so applications can retrieve it if they
* wish.
*/
if (s->session && s->session->sess_cert)
s->session->sess_cert->peer_key->digest = *pmd;
return 1; return 1;
} }
/* Get a mask of disabled algorithms: an algorithm is disabled /* Get a mask of disabled algorithms: an algorithm is disabled
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册