diff options
| author | Steven Valdez <svaldez@google.com> | 2016-06-23 20:33:05 +0300 |
|---|---|---|
| committer | David Benjamin <davidben@google.com> | 2016-06-28 17:18:53 +0300 |
| commit | 025638597af11c3255d8151293ae12d46f05e8e4 (patch) | |
| tree | 75d79273bf29933ff4e66a2cc2bd886f02a6fdbe /include/openssl/ssl.h | |
| parent | 9d632f4582c25e37f33d502f3ba50b2f4fc794ac (diff) | |
Changing representation of signature/hash to use SignatureScheme.
As part of the SignatureAlgorithm change in the TLS 1.3 specification,
the existing signature/hash combinations are replaced with a combined
signature algorithm identifier. This change maintains the existing APIs
while fixing the internal representations. The signing code currently
still treats the SignatureAlgorithm as a decomposed value, which will be
fixed as part of a separate CL.
Change-Id: I0cd1660d74ad9bcf55ce5da4449bf2922660be36
Reviewed-on: https://boringssl-review.googlesource.com/8480
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Diffstat (limited to 'include/openssl/ssl.h')
| -rw-r--r-- | include/openssl/ssl.h | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 6ce9412d..797da389 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -2958,10 +2958,9 @@ OPENSSL_EXPORT SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx); * respectively. */ OPENSSL_EXPORT int SSL_get_shutdown(const SSL *ssl); -/* SSL_get_server_key_exchange_hash, on a client, returns the hash the server - * used to sign the ServerKeyExchange in TLS 1.2. If not applicable, it returns - * |TLSEXT_hash_none|. */ -OPENSSL_EXPORT uint8_t SSL_get_server_key_exchange_hash(const SSL *ssl); +/* SSL_get_peer_signature_algorithm returns the signature algorithm used by the + * peer. If not applicable, it returns zero. */ +OPENSSL_EXPORT uint16_t SSL_get_peer_signature_algorithm(const SSL *ssl); /* TODO(davidben): Remove this when wpa_supplicant in Android has synced with * upstream. */ @@ -3193,6 +3192,14 @@ OPENSSL_EXPORT void SSL_load_error_strings(void); OPENSSL_EXPORT int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); +/* SSL_get_server_key_exchange_hash, on a client, returns the hash the server + * used to sign the ServerKeyExchange in TLS 1.2. If not applicable, it returns + * |TLSEXT_hash_none|. + * + * TODO(davidben): Remove once Chromium switches to + * |SSL_get_peer_signature_algorithm|. */ +OPENSSL_EXPORT uint8_t SSL_get_server_key_exchange_hash(const SSL *ssl); + /* SSL_set_tlsext_use_srtp calls |SSL_set_srtp_profiles|. It returns zero on * success and one on failure. * @@ -4248,10 +4255,9 @@ typedef struct ssl3_state_st { * False Start. The client may write data at this point. */ char in_false_start; - /* server_key_exchange_hash, on a client, is the hash the server used to - * sign the ServerKeyExchange in TLS 1.2. If not applicable, it is - * |TLSEXT_hash_none|. */ - uint8_t server_key_exchange_hash; + /* peer_signature_algorithm is the signature algorithm used to authenticate + * the peer, or zero if not applicable. */ + uint16_t peer_signature_algorithm; /* ecdh_ctx is the current ECDH instance. */ SSL_ECDH_CTX ecdh_ctx; |