commit 31168c9999b452e9782eb7cfcd6c32b2df9e2a03
author David Benjamin <davidben@google.com> Fri Sep 09 16:49:02 2016 -0400
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Fri Sep 09 21:42:30 2016 +0000
tree 53a03c996fb2b419f14ace84639b851a306ccd6e
parent ed6c5d39100fce575ef6c94b12c43f25c55d4205

Print out the signature algorithm in bssl client.

I keep wishing we had that available and patching this in.

Change-Id: I4ef04fcc6be5b00a9fcbdc2771a7ee7e2313b5c5
Reviewed-on: https://boringssl-review.googlesource.com/10980
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

tool/transport_common.cc

diff --git a/tool/transport_common.cc b/tool/transport_common.cc
index 23fa3bb..9a3612c 100644
--- a/tool/transport_common.cc
+++ b/tool/transport_common.cc
@@ -201,6 +201,36 @@
   return false;
 }
 
+static const char *SignatureAlgorithmToString(uint16_t version, uint16_t sigalg) {
+  const bool is_tls12 = version == TLS1_2_VERSION || version == DTLS1_2_VERSION;
+  switch (sigalg) {
+    case SSL_SIGN_RSA_PKCS1_SHA1:
+      return "rsa_pkcs1_sha1";
+    case SSL_SIGN_RSA_PKCS1_SHA256:
+      return "rsa_pkcs1_sha256";
+    case SSL_SIGN_RSA_PKCS1_SHA384:
+      return "rsa_pkcs1_sha384";
+    case SSL_SIGN_RSA_PKCS1_SHA512:
+      return "rsa_pkcs1_sha512";
+    case SSL_SIGN_ECDSA_SHA1:
+      return "ecdsa_sha1";
+    case SSL_SIGN_ECDSA_SECP256R1_SHA256:
+      return is_tls12 ? "ecdsa_sha256" : "ecdsa_secp256r1_sha256";
+    case SSL_SIGN_ECDSA_SECP384R1_SHA384:
+      return is_tls12 ? "ecdsa_sha384" : "ecdsa_secp384r1_sha384";
+    case SSL_SIGN_ECDSA_SECP521R1_SHA512:
+      return is_tls12 ? "ecdsa_sha512" : "ecdsa_secp521r1_sha512";
+    case SSL_SIGN_RSA_PSS_SHA256:
+      return "rsa_pss_sha256";
+    case SSL_SIGN_RSA_PSS_SHA384:
+      return "rsa_pss_sha384";
+    case SSL_SIGN_RSA_PSS_SHA512:
+      return "rsa_pss_sha512";
+    default:
+      return "(unknown)";
+  }
+}
+
 void PrintConnectionInfo(const SSL *ssl) {
   const SSL_CIPHER *cipher = SSL_get_current_cipher(ssl);
 
@@ -216,6 +246,11 @@
   if (dhe_bits != 0) {
     fprintf(stderr, "  DHE group size: %u bits\n", dhe_bits);
   }
+  uint16_t sigalg = SSL_get_peer_signature_algorithm(ssl);
+  if (sigalg != 0) {
+    fprintf(stderr, "  Signature algorithm: %s\n",
+            SignatureAlgorithmToString(SSL_version(ssl), sigalg));
+  }
   fprintf(stderr, "  Secure renegotiation: %s\n",
           SSL_get_secure_renegotiation_support(ssl) ? "yes" : "no");
   fprintf(stderr, "  Extended master secret: %s\n",