[openssl-users] Server-side visibility of signature algorithm and key exchange properties?

Viktor Dukhovni openssl-users at dukhovni.org
Fri Nov 9 19:42:13 UTC 2018

On Fri, Nov 09, 2018 at 06:42:28PM +0000, Matt Caswell wrote:

> > I am having a bit of trouble finding the equivalent information for
> > the 3rd line on the server side.  Anyone know how, in TLS 1.3 where
> > these are not implied by the ciphersuite, to determine the signature
> > algorithm (and curve for ECDSA), the hash algorithm and key exchange
> > public key (with bit count for DH or curve name for ECDSA)?
> I don't believe we currently expose the signature algorithm selected on
> the server side. It's held in s->s3->tmp.sigalg, but AFAICT that is only
> ever used internally.

Thanks for confirming, it is then not surprising I failed to find
the relevant interfaces. :-)

> Similarly the key exchange public key is held in s->s3->peer_tmp. We do
> expose that via SSL_get_server_tmp_key(), but its a client side only
> function. We explicitly check that and return 0 if called on the server
> side.

Quick question about that, since the client may also sign the key
exchange when a client certificate is requested and returned, what
is held on the server in s->s3->tmp.sigalg?  [ I expect still the
signature the server used in its CertificateVerify. And on the
client side, I would expect this to hold the algorithm used by the
client to sign its ClientVerify if a client cert was used. ]

And it seems that on the server side s->s3->peer_tmp does actually
hold the client's key exchange public key, which is necessarily for
the same group as the server, so all we'd need to do is remove that
'explicit check' and that key be visible on the server side, right?


More information about the openssl-users mailing list