SSL_get_shared_sigalgs¶

NAME¶

SSL_get0_shared_sigalg, SSL_get0_sigalg, SSL_get_shared_sigalgs, SSL_get_sigalgs - get shared or peer signature algorithms

SYNOPSIS¶

#include <openssl/ssl.h>

int SSL_get0_sigalg(SSL *s, int idx, unsigned int *codepoint,
    const char **name);

int SSL_get0_shared_sigalg(SSL *s, int idx, unsigned int *codepoint,
    const char **name);

int SSL_get_shared_sigalgs(SSL *s, int idx,
                           int *psign, int *phash, int *psignhash,
                           unsigned char *rsig, unsigned char *rhash);

int SSL_get_sigalgs(SSL *s, int idx,
                    int *psign, int *phash, int *psignhash,
                    unsigned char *rsig, unsigned char *rhash);

DESCRIPTION¶

SSL_get0_shared_sigalg() returns the names and codepoints of signature algorithms shared with the peer in the SSL connection s. When idx is negative, the number of algorithms is returned, and the output parameters remain unmodified. Otherwise, when idx is nonnegative, it is the index of the shared signature algorithm to return starting from zero. The signature algorithm name is written to *name (if name) is not NULL). The name reported is the IANA registered name for that algorithm, and is expected to work verbatim if used in a SignatureAlgorithms configuration setting (see SSL_CONF_cmd(3)). The signature algorithm codepoint is written to *codepoint (if codepoint is not NULL). This function is better suited for inspecting TLS 1.3 signature algorithms than the older SSL_get_shared_sigalgs().

SSL_get0_sigalg() returns the names and codepoints of signature algorithms advertised by the peer in the SSL connection s. When idx is negative, the number of algorithms is returned, and the output parameters remain unmodified. Otherwise, when idx is nonnegative, it is the index of the peer signature algorithm to return starting from zero. For signature algorithms that are locally known, the name reported is the IANA registered name for that algorithm, and is expected to work verbatim if used in a SignatureAlgorithms configuration setting (see SSL_CONF_cmd(3)). The signature algorithm codepoint is written to *codepoint (if codepoint is not NULL). If the signature algorithm is known, its name is written to *name (if name) is not NULL). This function is better suited for inspecting TLS 1.3 signature algorithms than the older SSL_get_sigalgs().

SSL_get_shared_sigalgs() returns information about the supported signature algorithms shared with the peer in the SSL connection s. When idx is negative, the number of shared algorithms is returned, and the output parameters remain unmodified. Otherwise, when idx is nonnegative, it is the index of the shared signature algorithm to return starting from zero. The signature algorithm NID is written to *psign, the hash NID to *phash and the sign and hash NID to *psignhash. As of TLS 1.3 signature algorithms are not always a pairing of of a separate public key algorithm and a digest algorithm, and so *phash and *psignhash may not always be meaningful. The raw hash and signature bytes of the signature algorithm codepoint are written to *rhash and *rsig. For example, the rsa_pkcs1_sha256 signature algorithm, with codepoint 0x0401, gives 0x04 for *rhash and 0x01 for *rsig.

SSL_get_sigalgs() is similar to SSL_get_shared_sigalgs() except it returns information about all signature algorithms advertised by the peer in the order they were sent by the peer.

RETURN VALUES¶

SSL_get0_sigalg(), SSL_get0_shared_sigalg(), SSL_get_shared_sigalgs() and SSL_get_sigalgs() return the number of signature algorithms or 0 if the idx parameter is out of range (too large).

NOTES¶

These functions are typically called for debugging purposes (to report the peer's preferences) or where an application wants finer control over certificate selection. Most applications will rely on internal handling and will not need to call them.

If an application is only interested in the highest preference shared signature algorithm it can just set idx to zero.

Any or all of the parameters psign, phash, psignhash, rsig or rhash can be set to NULL if the value is not required. By setting them all to NULL and setting idx to zero the total number of signature algorithms can be determined: which can be zero.

These functions must be called after the peer has sent a list of supported signature algorithms: after a client hello (for servers) or a certificate request (for clients). They can (for example) be called in the certificate callback.

Only TLS 1.2, TLS 1.3 and DTLS 1.2 currently support signature algorithms. If these functions are called on an earlier version of TLS or DTLS zero is returned.

The shared signature algorithms returned by SSL_get_shared_sigalgs() are ordered according to configuration and peer preferences.

The raw values correspond to the on the wire form as defined by RFC5246 et al. The NIDs are OpenSSL equivalents. For example if the peer sent sha256(4) and rsa(1) then *rhash would be 4, *rsign 1, *phash NID_sha256, *psig NID_rsaEncryption and *psignhash NID_sha256WithRSAEncryption.

If a signature algorithm is not recognised the corresponding NIDs will be set to NID_undef. This may be because the value is not supported, is not an appropriate combination (for example MD5 and DSA) or the signature algorithm does not use a hash (for example Ed25519).

SEE ALSO¶

SSL_CTX_set_cert_cb(3), ssl(7)

HISTORY¶

Prior to OpenSSL 4.0 SSL_get_shared_sigalgs() treated negative idx values the same way as out-of-range (too large positive) values, and returned 0.

SSL_get0_shared_sigalg() and SSL_get0_sigalg() were added in OpenSSL 4.0.

COPYRIGHT¶

Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.