Browse Source

API to get negotiated key exchange algorithm in TLS1.3

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9323)
master
raja-ashok 3 years ago
committed by Matt Caswell
parent
commit
84d4b9e31d
5 changed files with 17 additions and 5 deletions
  1. +3
    -0
      include/openssl/ssl.h
  2. +5
    -5
      ssl/s3_lib.c
  3. +1
    -0
      ssl/ssl_locl.h
  4. +7
    -0
      ssl/t1_lib.c
  5. +1
    -0
      util/private.num

+ 3
- 0
include/openssl/ssl.h View File

@ -1316,6 +1316,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
# define SSL_CTRL_GET_MAX_PROTO_VERSION 131
# define SSL_CTRL_GET_SIGNATURE_NID 132
# define SSL_CTRL_GET_TMP_KEY 133
# define SSL_CTRL_GET_NEGOTIATED_GROUP 134
# define SSL_CERT_SET_FIRST 1
# define SSL_CERT_SET_NEXT 2
# define SSL_CERT_SET_SERVER 3
@ -1415,6 +1416,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
SSL_ctrl(s,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(str))
# define SSL_get_shared_group(s, n) \
SSL_ctrl(s,SSL_CTRL_GET_SHARED_GROUP,n,NULL)
# define SSL_get_negotiated_group(s) \
SSL_ctrl(s,SSL_CTRL_GET_NEGOTIATED_GROUP,0,NULL)
# define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist))
# define SSL_CTX_set1_sigalgs_list(ctx, s) \


+ 5
- 5
ssl/s3_lib.c View File

@ -3617,13 +3617,13 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
{
uint16_t id = tls1_shared_group(s, larg);
if (larg != -1) {
const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
return ginf == NULL ? 0 : ginf->nid;
}
if (larg != -1)
return tls1_group_id2nid(id);
return id;
}
case SSL_CTRL_GET_NEGOTIATED_GROUP:
ret = tls1_group_id2nid(s->s3.group_id);
break;
#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
case SSL_CTRL_SET_SIGALGS:


+ 1
- 0
ssl/ssl_locl.h View File

@ -2530,6 +2530,7 @@ __owur int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);
SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
__owur const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t curve_id);
__owur int tls1_group_id2nid(uint16_t group_id);
__owur int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_curves);
__owur uint16_t tls1_shared_group(SSL *s, int nmatch);
__owur int tls1_set_groups(uint16_t **pext, size_t *pextlen,


+ 7
- 0
ssl/t1_lib.c View File

@ -226,6 +226,13 @@ const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t group_id)
}
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
int tls1_group_id2nid(uint16_t group_id)
{
const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(group_id);
return ginf == NULL ? NID_undef : ginf->nid;
}
static uint16_t tls1_nid2group_id(int nid)
{
size_t i;


+ 1
- 0
util/private.num View File

@ -450,6 +450,7 @@ SSL_get_secure_renegotiation_support define
SSL_get_server_tmp_key define
SSL_get_shared_curve define
SSL_get_shared_group define
SSL_get_negotiated_group define
SSL_get_signature_nid define
SSL_get_time define
SSL_get_timeout define


Loading…
Cancel
Save