From 84d4b9e31d5fd63408a0a43e02ec0780673362cf Mon Sep 17 00:00:00 2001 From: raja-ashok Date: Mon, 8 Jul 2019 14:50:59 +0530 Subject: [PATCH] API to get negotiated key exchange algorithm in TLS1.3 Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9323) --- include/openssl/ssl.h | 3 +++ ssl/s3_lib.c | 10 +++++----- ssl/ssl_locl.h | 1 + ssl/t1_lib.c | 7 +++++++ util/private.num | 1 + 5 files changed, 17 insertions(+), 5 deletions(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 7219d83420..93f6bbc8f8 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1316,6 +1316,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_GET_MAX_PROTO_VERSION 131 # define SSL_CTRL_GET_SIGNATURE_NID 132 # define SSL_CTRL_GET_TMP_KEY 133 +# define SSL_CTRL_GET_NEGOTIATED_GROUP 134 # define SSL_CERT_SET_FIRST 1 # define SSL_CERT_SET_NEXT 2 # define SSL_CERT_SET_SERVER 3 @@ -1415,6 +1416,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_ctrl(s,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(str)) # define SSL_get_shared_group(s, n) \ SSL_ctrl(s,SSL_CTRL_GET_SHARED_GROUP,n,NULL) +# define SSL_get_negotiated_group(s) \ + SSL_ctrl(s,SSL_CTRL_GET_NEGOTIATED_GROUP,0,NULL) # define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist)) # define SSL_CTX_set1_sigalgs_list(ctx, s) \ diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 8a22d01325..d23f932ce9 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3617,13 +3617,13 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) { uint16_t id = tls1_shared_group(s, larg); - if (larg != -1) { - const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id); - - return ginf == NULL ? 0 : ginf->nid; - } + if (larg != -1) + return tls1_group_id2nid(id); return id; } + case SSL_CTRL_GET_NEGOTIATED_GROUP: + ret = tls1_group_id2nid(s->s3.group_id); + break; #endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */ case SSL_CTRL_SET_SIGALGS: diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 49c45109a8..b66979b4da 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -2530,6 +2530,7 @@ __owur int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s); SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); __owur const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t curve_id); +__owur int tls1_group_id2nid(uint16_t group_id); __owur int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_curves); __owur uint16_t tls1_shared_group(SSL *s, int nmatch); __owur int tls1_set_groups(uint16_t **pext, size_t *pextlen, diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 93b14b80a2..24702704db 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -226,6 +226,13 @@ const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t group_id) } #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) +int tls1_group_id2nid(uint16_t group_id) +{ + const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(group_id); + + return ginf == NULL ? NID_undef : ginf->nid; +} + static uint16_t tls1_nid2group_id(int nid) { size_t i; diff --git a/util/private.num b/util/private.num index 82cb72e606..351828268c 100644 --- a/util/private.num +++ b/util/private.num @@ -450,6 +450,7 @@ SSL_get_secure_renegotiation_support define SSL_get_server_tmp_key define SSL_get_shared_curve define SSL_get_shared_group define +SSL_get_negotiated_group define SSL_get_signature_nid define SSL_get_time define SSL_get_timeout define -- 2.34.1