commit 6e8076577486a5d3d67682dbc4acae932daa6731
author David Benjamin <davidben@chromium.org> Mon Nov 02 12:02:20 2015 -0500
committer Adam Langley <agl@google.com> Fri Nov 06 22:35:28 2015 +0000
tree fbdbe9de19eb380892e6e6a559945333f41ccc9f
parent 788be4a3f47cea5fcb86abf59321c729057830ed

Add SSL_get_server_key_exchange_hash.

This exposes the ServerKeyExchange signature hash type used in the most recent
handshake, for histogramming on the client.

BUG=549662

Change-Id: I8a4e00ac735b1ecd2c2df824112c3a0bc62332a7
Reviewed-on: https://boringssl-review.googlesource.com/6413
Reviewed-by: Adam Langley <agl@google.com>

include/openssl/ssl.h

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index bf53d5e..38d838d 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2911,6 +2911,11 @@
  * respectively. */
 OPENSSL_EXPORT int SSL_get_shutdown(const SSL *ssl);
 
+/* SSL_get_server_key_exchange_hash, on a client, returns the hash the server
+ * used to sign the ServerKeyExchange in TLS 1.2. If not applicable, it returns
+ * |TLSEXT_hash_none|. */
+OPENSSL_EXPORT uint8_t SSL_get_server_key_exchange_hash(const SSL *ssl);
+
 
 /* Deprecated functions. */
 
@@ -4157,6 +4162,11 @@
      * False Start. The client may write data at this point. */
     char in_false_start;
 
+    /* server_key_exchange_hash, on a client, is the hash the server used to
+     * sign the ServerKeyExchange in TLS 1.2. If not applicable, it is
+     * |TLSEXT_hash_none|. */
+    uint8_t server_key_exchange_hash;
+
     /* peer_dh_tmp, on a client, is the server's DHE public key. */
     DH *peer_dh_tmp;