Reorganise supported signature algorithm extension processing.
Only store encoded versions of peer and configured signature algorithms. Determine shared signature algorithms and cache the result along with NID equivalents of each algorithm.
This commit is contained in:
Dr. Stephen Henson
@@ -160,7 +160,7 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
|
||||
int set_cert_key_and_authz(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
|
||||
unsigned char *authz, size_t authz_length);
|
||||
# endif
|
||||
int ssl_print_sigalgs(BIO *out, SSL *s);
|
||||
int ssl_print_sigalgs(BIO *out, SSL *s, int client);
|
||||
int ssl_print_curves(BIO *out, SSL *s);
|
||||
#endif
|
||||
int init_client(int *sock, char *server, int port, int type);
|
||||
|
||||
26
apps/s_cb.c
26
apps/s_cb.c
@@ -285,20 +285,33 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
|
||||
return 1;
|
||||
}
|
||||
|
||||
int ssl_print_sigalgs(BIO *out, SSL *s)
|
||||
static int do_print_sigalgs(BIO *out, SSL *s, int client, int shared)
|
||||
{
|
||||
int i, nsig;
|
||||
nsig = SSL_get_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL);
|
||||
if (shared)
|
||||
nsig = SSL_get_shared_sigalgs(s, -1, NULL, NULL, NULL,
|
||||
NULL, NULL);
|
||||
else
|
||||
nsig = SSL_get_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL);
|
||||
if (nsig == 0)
|
||||
return 1;
|
||||
|
||||
if (shared)
|
||||
BIO_puts(out, "Shared ");
|
||||
|
||||
if (client)
|
||||
BIO_puts(out, "Requested ");
|
||||
BIO_puts(out, "Signature Algorithms: ");
|
||||
for (i = 0; i < nsig; i++)
|
||||
{
|
||||
int hash_nid, sign_nid;
|
||||
unsigned char rhash, rsign;
|
||||
const char *sstr = NULL;
|
||||
SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL,
|
||||
if (shared)
|
||||
SSL_get_shared_sigalgs(s, i, &sign_nid, &hash_nid, NULL,
|
||||
&rsign, &rhash);
|
||||
else
|
||||
SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL,
|
||||
&rsign, &rhash);
|
||||
if (i)
|
||||
BIO_puts(out, ":");
|
||||
@@ -321,6 +334,13 @@ int ssl_print_sigalgs(BIO *out, SSL *s)
|
||||
return 1;
|
||||
}
|
||||
|
||||
int ssl_print_sigalgs(BIO *out, SSL *s, int client)
|
||||
{
|
||||
do_print_sigalgs(out, s, client, 0);
|
||||
do_print_sigalgs(out, s, client, 1);
|
||||
return 1;
|
||||
}
|
||||
|
||||
int ssl_print_curves(BIO *out, SSL *s)
|
||||
{
|
||||
int i, ncurves, *curves, nid;
|
||||
|
||||
@@ -2064,7 +2064,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
|
||||
BIO_write(bio,"\n",1);
|
||||
}
|
||||
|
||||
ssl_print_sigalgs(bio, s);
|
||||
ssl_print_sigalgs(bio, s, 1);
|
||||
|
||||
BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
|
||||
BIO_number_read(SSL_get_rbio(s)),
|
||||
|
||||
@@ -2572,7 +2572,7 @@ static int init_ssl_connection(SSL *con)
|
||||
if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL)
|
||||
BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
|
||||
str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
|
||||
ssl_print_sigalgs(bio_s_out, con);
|
||||
ssl_print_sigalgs(bio_s_out, con, 0);
|
||||
ssl_print_curves(bio_s_out, con);
|
||||
BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
|
||||
|
||||
@@ -2915,7 +2915,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
|
||||
}
|
||||
BIO_puts(io,"\n");
|
||||
}
|
||||
ssl_print_sigalgs(io, con);
|
||||
ssl_print_sigalgs(io, con, 0);
|
||||
ssl_print_curves(io, con);
|
||||
BIO_printf(io,(SSL_cache_hit(con)
|
||||
?"---\nReused, "
|
||||
|
||||
Reference in New Issue
Block a user