API to get negotiated key exchange algorithm in TLS1.3

Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9323)
2025-04-06 20:20:50 +08:00 · 2019-07-08 14:50:59 +05:30 · 2019-07-08 14:50:59 +05:30 · 84d4b9e31d
commit 84d4b9e31d
parent bbda79976b
5 changed files with 17 additions and 5 deletions
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@ -1316,6 +1316,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_CTRL_GET_MAX_PROTO_VERSION          131
 # define SSL_CTRL_GET_SIGNATURE_NID              132
 # define SSL_CTRL_GET_TMP_KEY                    133
+# define SSL_CTRL_GET_NEGOTIATED_GROUP           134
 # define SSL_CERT_SET_FIRST                      1
 # define SSL_CERT_SET_NEXT                       2
 # define SSL_CERT_SET_SERVER                     3
@ -1415,6 +1416,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
        SSL_ctrl(s,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(str))
 # define SSL_get_shared_group(s, n) \
        SSL_ctrl(s,SSL_CTRL_GET_SHARED_GROUP,n,NULL)
+# define SSL_get_negotiated_group(s) \
+        SSL_ctrl(s,SSL_CTRL_GET_NEGOTIATED_GROUP,0,NULL)
 # define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist))
 # define SSL_CTX_set1_sigalgs_list(ctx, s) \
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@ -3617,13 +3617,13 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
        {
            uint16_t id = tls1_shared_group(s, larg);

-            if (larg != -1) {
-                const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
-
-                return ginf == NULL ? 0 : ginf->nid;
-            }
+            if (larg != -1)
+                return tls1_group_id2nid(id);
            return id;
        }
+    case SSL_CTRL_GET_NEGOTIATED_GROUP:
+        ret = tls1_group_id2nid(s->s3.group_id);
+        break;
 #endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */

    case SSL_CTRL_SET_SIGALGS:
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@ -2530,6 +2530,7 @@ __owur int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);
 SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);

 __owur const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t curve_id);
+__owur int tls1_group_id2nid(uint16_t group_id);
 __owur int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_curves);
 __owur uint16_t tls1_shared_group(SSL *s, int nmatch);
 __owur int tls1_set_groups(uint16_t **pext, size_t *pextlen,
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@ -226,6 +226,13 @@ const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t group_id)
 }

 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
+int tls1_group_id2nid(uint16_t group_id)
+{
+    const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(group_id);
+
+    return ginf == NULL ? NID_undef : ginf->nid;
+}
+
 static uint16_t tls1_nid2group_id(int nid)
 {
    size_t i;
--- a/util/private.num
+++ b/util/private.num
@ -450,6 +450,7 @@ SSL_get_secure_renegotiation_support    define
 SSL_get_server_tmp_key                  define
 SSL_get_shared_curve                    define
 SSL_get_shared_group                    define
+SSL_get_negotiated_group                define
 SSL_get_signature_nid                   define
 SSL_get_time                            define
 SSL_get_timeout                         define