Add support for printing out and retrieving EC point formats extension.
authorDr. Stephen Henson <steve@openssl.org>
Thu, 22 Nov 2012 15:20:53 +0000 (15:20 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 22 Nov 2012 15:20:53 +0000 (15:20 +0000)
CHANGES
apps/s_apps.h
apps/s_cb.c
apps/s_server.c
ssl/s3_lib.c
ssl/ssl.h

diff --git a/CHANGES b/CHANGES
index 534b948..cb42f9d 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 1.0.x and 1.1.0  [xx XXX xxxx]
 
+  *) New ctrl and macro to retrieve supported points extensions.
+     Print out extension in s_server.
+     [Steve Henson]
+
   *) New function ASN1_TIME_diff to calculate the difference between two
      ASN1_TIME structures or one structure and the current time.
      [Steve Henson]
index 30ce883..5d7d158 100644 (file)
@@ -161,6 +161,7 @@ int set_cert_key_and_authz(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
                            unsigned char *authz, size_t authz_length);
 # endif
 int ssl_print_sigalgs(BIO *out, SSL *s);
+int ssl_print_point_formats(BIO *out, SSL *s);
 int ssl_print_curves(BIO *out, SSL *s, int noshared);
 #endif
 int ssl_print_tmp_key(BIO *out, SSL *s);
index 11b6ea5..c83687f 100644 (file)
@@ -424,6 +424,44 @@ int ssl_print_sigalgs(BIO *out, SSL *s)
        return 1;
        }
 
+int ssl_print_point_formats(BIO *out, SSL *s)
+       {
+       int i, nformats;
+       const char *pformats;
+       nformats = SSL_get0_ec_point_formats(s, &pformats);
+       if (nformats <= 0)
+               return 1;
+       BIO_puts(out, "Supported Elliptic Curve Point Formats: ");
+       for (i = 0; i < nformats; i++, pformats++)
+               {
+               if (i)
+                       BIO_puts(out, ":");
+               switch(*pformats)
+                       {
+               case TLSEXT_ECPOINTFORMAT_uncompressed:
+                       BIO_puts(out, "uncompressed");
+                       break;
+
+               case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime:
+                       BIO_puts(out, "ansiX962_compressed_prime");
+                       break;
+
+               case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2:
+                       BIO_puts(out, "ansiX962_compressed_char2");
+                       break;
+
+               default:
+                       BIO_printf(out, "unknown(%d)", (int)*pformats);
+                       break;
+
+                       }
+               }
+       if (nformats <= 0)
+               BIO_puts(out, "NONE");
+       BIO_puts(out, "\n");
+       return 1;
+       }
+
 int ssl_print_curves(BIO *out, SSL *s, int noshared)
        {
        int i, ncurves, *curves, nid;
@@ -1528,7 +1566,10 @@ void print_ssl_summary(BIO *bio, SSL *s)
        if (peer)
                X509_free(peer);
        if (SSL_is_server(s))
+               {
+               ssl_print_point_formats(bio, s);
                ssl_print_curves(bio, s, 1);
+               }
        else
                ssl_print_tmp_key(bio, s);
        }
index 310f85b..f9e33e7 100644 (file)
@@ -2558,6 +2558,7 @@ static int init_ssl_connection(SSL *con)
                BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
        str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
        ssl_print_sigalgs(bio_s_out, con);
+       ssl_print_point_formats(bio_s_out, con);
        ssl_print_curves(bio_s_out, con, 0);
        BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
 
index 6a4ba39..c6ecd8f 100644 (file)
@@ -3530,6 +3530,19 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                        return 0;
                        }
 
+       case SSL_CTRL_GET_EC_POINT_FORMATS:
+               if (!s->server)
+                       return 0;
+               else
+                       {
+                       SSL_SESSION *sess = s->session;
+                       const unsigned char **pformat = parg;
+                       if (!sess || !sess->tlsext_ecpointformatlist)
+                               return 0;
+                       *pformat = sess->tlsext_ecpointformatlist;
+                       return (int)sess->tlsext_ecpointformatlist_length;
+                       }
+
        default:
                break;
                }
index 5808625..3c9ba9c 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1720,6 +1720,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_CTRL_GET_PEER_SIGNATURE_NID                108
 #define SSL_CTRL_GET_SERVER_TMP_KEY            109
 #define SSL_CTRL_GET_RAW_CIPHERLIST            110
+#define SSL_CTRL_GET_EC_POINT_FORMATS          111
 
 #define DTLSv1_get_timeout(ssl, arg) \
        SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
@@ -1853,6 +1854,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_get0_raw_cipherlist(s, plst) \
        SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst)
 
+#define SSL_get0_ec_point_formats(s, plst) \
+       SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst)
+
 #ifndef OPENSSL_NO_BIO
 BIO_METHOD *BIO_f_ssl(void);
 BIO *BIO_new_ssl(SSL_CTX *ctx,int client);