Prepare to provide SSL_get_signature_nid() and friends.

This adds functionality for SSL_get_signature_nid(), SSL_get_peer_signature_nid(), SSL_get_signature_type_nid() and SSL_get_peer_signature_type_nid(). This is not currently publicly visible and will be exposed at a later date. ok inoguchi@ tb@
author: jsing <> 2021-06-30 18:07:50 +0000
committer: jsing <> 2021-06-30 18:07:50 +0000
commit: 4d5427125387cb1cb51a22fc68ee6aaf9f6dcd65 (patch)
tree: b4db4f2c1ecc3502b42799e3f0d49bf2f55bbdd5 /src
parent: f10208a76db206460e96c8cf49a915d09538ab21 (diff)
download: openbsd-4d5427125387cb1cb51a22fc68ee6aaf9f6dcd65.tar.gz
openbsd-4d5427125387cb1cb51a22fc68ee6aaf9f6dcd65.tar.bz2
openbsd-4d5427125387cb1cb51a22fc68ee6aaf9f6dcd65.zip
2 files changed, 81 insertions, 2 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index f056c3bae4..0cdf9edd2f 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.210 2021/05/16 13:56:30 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.211 2021/06/30 18:07:50 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -161,6 +161,7 @@
 #include "bytestring.h"
 #include "dtls_locl.h"
 #include "ssl_locl.h"
+#include "ssl_sigalgs.h"
 #define SSL3_NUM_CIPHERS        (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER))
@@ -1929,6 +1930,64 @@ SSL_set1_groups_list(SSL *s, const char *groups)
            &s->internal->tlsext_supportedgroups_length, groups);
 }
+static int
+_SSL_get_signature_nid(SSL *s, int *nid)
+{
+        const struct ssl_sigalg *sigalg;
+        if ((sigalg = S3I(s)->hs.our_sigalg) == NULL)
+                return 0;
+        *nid = EVP_MD_type(sigalg->md());
+        return 1;
+}
+static int
+_SSL_get_peer_signature_nid(SSL *s, int *nid)
+{
+        const struct ssl_sigalg *sigalg;
+        if ((sigalg = S3I(s)->hs.peer_sigalg) == NULL)
+                return 0;
+        *nid = EVP_MD_type(sigalg->md());
+        return 1;
+}
+int
+SSL_get_signature_type_nid(const SSL *s, int *nid)
+{
+        const struct ssl_sigalg *sigalg;
+        if ((sigalg = S3I(s)->hs.our_sigalg) == NULL)
+                return 0;
+        *nid = sigalg->key_type;
+        if (sigalg->key_type == EVP_PKEY_RSA &&
+            (sigalg->flags & SIGALG_FLAG_RSA_PSS))
+                *nid = EVP_PKEY_RSA_PSS;
+        return 1;
+}
+int
+SSL_get_peer_signature_type_nid(const SSL *s, int *nid)
+{
+        const struct ssl_sigalg *sigalg;
+        if ((sigalg = S3I(s)->hs.peer_sigalg) == NULL)
+                return 0;
+        *nid = sigalg->key_type;
+        if (sigalg->key_type == EVP_PKEY_RSA &&
+            (sigalg->flags & SIGALG_FLAG_RSA_PSS))
+                *nid = EVP_PKEY_RSA_PSS;
+        return 1;
+}
 long
 ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 {
@@ -2039,6 +2098,12 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                        return 0;
                return SSL_set_max_proto_version(s, larg);
+        case SSL_CTRL_GET_SIGNATURE_NID:
+                return _SSL_get_signature_nid(s, parg);
+        case SSL_CTRL_GET_PEER_SIGNATURE_NID:
+                return _SSL_get_peer_signature_nid(s, parg);
        /*
         * Legacy controls that should eventually be removed.
         */
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 4158d62cd8..46f24b2ea9 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.195 2021/06/30 18:04:05 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.196 2021/06/30 18:07:50 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1039,6 +1039,7 @@ int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x);
 #define SSL_CTRL_SET_ECDH_AUTO                  94
 #if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
+#define SSL_CTRL_GET_PEER_SIGNATURE_NID                 108
 #define SSL_CTRL_GET_PEER_TMP_KEY                       109
 #define SSL_CTRL_GET_SERVER_TMP_KEY SSL_CTRL_GET_PEER_TMP_KEY
 #else
@@ -1054,6 +1055,10 @@ int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x);
 #define SSL_CTRL_GET_MIN_PROTO_VERSION                  130
 #define SSL_CTRL_GET_MAX_PROTO_VERSION                  131
+#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
+#define SSL_CTRL_GET_SIGNATURE_NID                      132
+#endif
 #define DTLSv1_get_timeout(ssl, arg) \
        SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
 #define DTLSv1_handle_timeout(ssl) \
@@ -1151,8 +1156,17 @@ const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx);
        SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk)
 #if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
+#define SSL_get_signature_nid(s, pn) \
+        SSL_ctrl(s, SSL_CTRL_GET_SIGNATURE_NID, 0, pn)
+#define SSL_get_peer_signature_nid(s, pn) \
+        SSL_ctrl(s, SSL_CTRL_GET_PEER_SIGNATURE_NID, 0, pn)
 #define SSL_get_peer_tmp_key(s, pk) \
        SSL_ctrl(s, SSL_CTRL_GET_PEER_TMP_KEY, 0, pk)
+int SSL_get_signature_type_nid(const SSL *ssl, int *nid);
+int SSL_get_peer_signature_type_nid(const SSL *ssl, int *nid);
 #endif /* LIBRESSL_HAS_TLS1_3 || LIBRESSL_INTERNAL */
 #ifndef LIBRESSL_INTERNAL
author	jsing <>	2021-06-30 18:07:50 +0000
committer	jsing <>	2021-06-30 18:07:50 +0000
commit	4d5427125387cb1cb51a22fc68ee6aaf9f6dcd65 (patch)
tree	b4db4f2c1ecc3502b42799e3f0d49bf2f55bbdd5 /src
parent	f10208a76db206460e96c8cf49a915d09538ab21 (diff)
download	openbsd-4d5427125387cb1cb51a22fc68ee6aaf9f6dcd65.tar.gz openbsd-4d5427125387cb1cb51a22fc68ee6aaf9f6dcd65.tar.bz2 openbsd-4d5427125387cb1cb51a22fc68ee6aaf9f6dcd65.zip

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index f056c3bae4..0cdf9edd2f 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.210 2021/05/16 13:56:30 jsing Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.211 2021/06/30 18:07:50 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -161,6 +161,7 @@
161	#include "bytestring.h"	161	#include "bytestring.h"
162	#include "dtls_locl.h"	162	#include "dtls_locl.h"
163	#include "ssl_locl.h"	163	#include "ssl_locl.h"
		164	#include "ssl_sigalgs.h"
164		165
165	#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER))	166	#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER))
166		167
@@ -1929,6 +1930,64 @@ SSL_set1_groups_list(SSL s, const char groups)
1929	&s->internal->tlsext_supportedgroups_length, groups);	1930	&s->internal->tlsext_supportedgroups_length, groups);
1930	}	1931	}
1931		1932
		1933	static int
		1934	_SSL_get_signature_nid(SSL s, int nid)
		1935	{
		1936	const struct ssl_sigalg *sigalg;
		1937
		1938	if ((sigalg = S3I(s)->hs.our_sigalg) == NULL)
		1939	return 0;
		1940
		1941	*nid = EVP_MD_type(sigalg->md());
		1942
		1943	return 1;
		1944	}
		1945
		1946	static int
		1947	_SSL_get_peer_signature_nid(SSL s, int nid)
		1948	{
		1949	const struct ssl_sigalg *sigalg;
		1950
		1951	if ((sigalg = S3I(s)->hs.peer_sigalg) == NULL)
		1952	return 0;
		1953
		1954	*nid = EVP_MD_type(sigalg->md());
		1955
		1956	return 1;
		1957	}
		1958
		1959	int
		1960	SSL_get_signature_type_nid(const SSL s, int nid)
		1961	{
		1962	const struct ssl_sigalg *sigalg;
		1963
		1964	if ((sigalg = S3I(s)->hs.our_sigalg) == NULL)
		1965	return 0;
		1966
		1967	*nid = sigalg->key_type;
		1968	if (sigalg->key_type == EVP_PKEY_RSA &&
		1969	(sigalg->flags & SIGALG_FLAG_RSA_PSS))
		1970	*nid = EVP_PKEY_RSA_PSS;
		1971
		1972	return 1;
		1973	}
		1974
		1975	int
		1976	SSL_get_peer_signature_type_nid(const SSL s, int nid)
		1977	{
		1978	const struct ssl_sigalg *sigalg;
		1979
		1980	if ((sigalg = S3I(s)->hs.peer_sigalg) == NULL)
		1981	return 0;
		1982
		1983	*nid = sigalg->key_type;
		1984	if (sigalg->key_type == EVP_PKEY_RSA &&
		1985	(sigalg->flags & SIGALG_FLAG_RSA_PSS))
		1986	*nid = EVP_PKEY_RSA_PSS;
		1987
		1988	return 1;
		1989	}
		1990
1932	long	1991	long
1933	ssl3_ctrl(SSL s, int cmd, long larg, void parg)	1992	ssl3_ctrl(SSL s, int cmd, long larg, void parg)
1934	{	1993	{
@@ -2039,6 +2098,12 @@ ssl3_ctrl(SSL s, int cmd, long larg, void parg)
2039	return 0;	2098	return 0;
2040	return SSL_set_max_proto_version(s, larg);	2099	return SSL_set_max_proto_version(s, larg);
2041		2100
		2101	case SSL_CTRL_GET_SIGNATURE_NID:
		2102	return _SSL_get_signature_nid(s, parg);
		2103
		2104	case SSL_CTRL_GET_PEER_SIGNATURE_NID:
		2105	return _SSL_get_peer_signature_nid(s, parg);
		2106
2042	/*	2107	/*
2043	* Legacy controls that should eventually be removed.	2108	* Legacy controls that should eventually be removed.
2044	*/	2109	*/


diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index 4158d62cd8..46f24b2ea9 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl.h,v 1.195 2021/06/30 18:04:05 jsing Exp $ */	1	/* $OpenBSD: ssl.h,v 1.196 2021/06/30 18:07:50 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1039,6 +1039,7 @@ int PEM_write_SSL_SESSION(FILE fp, SSL_SESSION x);
1039	#define SSL_CTRL_SET_ECDH_AUTO 94	1039	#define SSL_CTRL_SET_ECDH_AUTO 94
1040		1040
1041	#if defined(LIBRESSL_HAS_TLS1_3) \|\| defined(LIBRESSL_INTERNAL)	1041	#if defined(LIBRESSL_HAS_TLS1_3) \|\| defined(LIBRESSL_INTERNAL)
		1042	#define SSL_CTRL_GET_PEER_SIGNATURE_NID 108
1042	#define SSL_CTRL_GET_PEER_TMP_KEY 109	1043	#define SSL_CTRL_GET_PEER_TMP_KEY 109
1043	#define SSL_CTRL_GET_SERVER_TMP_KEY SSL_CTRL_GET_PEER_TMP_KEY	1044	#define SSL_CTRL_GET_SERVER_TMP_KEY SSL_CTRL_GET_PEER_TMP_KEY
1044	#else	1045	#else
@@ -1054,6 +1055,10 @@ int PEM_write_SSL_SESSION(FILE fp, SSL_SESSION x);
1054	#define SSL_CTRL_GET_MIN_PROTO_VERSION 130	1055	#define SSL_CTRL_GET_MIN_PROTO_VERSION 130
1055	#define SSL_CTRL_GET_MAX_PROTO_VERSION 131	1056	#define SSL_CTRL_GET_MAX_PROTO_VERSION 131
1056		1057
		1058	#if defined(LIBRESSL_HAS_TLS1_3) \|\| defined(LIBRESSL_INTERNAL)
		1059	#define SSL_CTRL_GET_SIGNATURE_NID 132
		1060	#endif
		1061
1057	#define DTLSv1_get_timeout(ssl, arg) \	1062	#define DTLSv1_get_timeout(ssl, arg) \
1058	SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)	1063	SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
1059	#define DTLSv1_handle_timeout(ssl) \	1064	#define DTLSv1_handle_timeout(ssl) \
@@ -1151,8 +1156,17 @@ const SSL_METHOD SSL_CTX_get_ssl_method(const SSL_CTX ctx);
1151	SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk)	1156	SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk)
1152		1157
1153	#if defined(LIBRESSL_HAS_TLS1_3) \|\| defined(LIBRESSL_INTERNAL)	1158	#if defined(LIBRESSL_HAS_TLS1_3) \|\| defined(LIBRESSL_INTERNAL)
		1159	#define SSL_get_signature_nid(s, pn) \
		1160	SSL_ctrl(s, SSL_CTRL_GET_SIGNATURE_NID, 0, pn)
		1161
		1162	#define SSL_get_peer_signature_nid(s, pn) \
		1163	SSL_ctrl(s, SSL_CTRL_GET_PEER_SIGNATURE_NID, 0, pn)
1154	#define SSL_get_peer_tmp_key(s, pk) \	1164	#define SSL_get_peer_tmp_key(s, pk) \
1155	SSL_ctrl(s, SSL_CTRL_GET_PEER_TMP_KEY, 0, pk)	1165	SSL_ctrl(s, SSL_CTRL_GET_PEER_TMP_KEY, 0, pk)
		1166
		1167	int SSL_get_signature_type_nid(const SSL ssl, int nid);
		1168	int SSL_get_peer_signature_type_nid(const SSL ssl, int nid);
		1169
1156	#endif /* LIBRESSL_HAS_TLS1_3 \|\| LIBRESSL_INTERNAL */	1170	#endif /* LIBRESSL_HAS_TLS1_3 \|\| LIBRESSL_INTERNAL */
1157		1171
1158	#ifndef LIBRESSL_INTERNAL	1172	#ifndef LIBRESSL_INTERNAL