new ctrl to retrive value of received temporary key in server key exchange message...
authorDr. Stephen Henson <steve@openssl.org>
Sat, 8 Sep 2012 13:59:51 +0000 (13:59 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Sat, 8 Sep 2012 13:59:51 +0000 (13:59 +0000)
apps/s_apps.h
apps/s_cb.c
apps/s_client.c
ssl/s3_lib.c
ssl/ssl.h

index c7e6926..b45c1b9 100644 (file)
@@ -163,6 +163,7 @@ int set_cert_key_and_authz(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
 int ssl_print_sigalgs(BIO *out, SSL *s);
 int ssl_print_curves(BIO *out, SSL *s);
 #endif
+int ssl_print_tmp_key(BIO *out, SSL *s);
 int init_client(int *sock, char *server, int port, int type);
 int should_retry(int i);
 int extract_port(char *str, short *port_ptr);
index b592870..fc40f39 100644 (file)
@@ -466,6 +466,40 @@ int ssl_print_curves(BIO *out, SSL *s)
        return 1;
        }
 
+int ssl_print_tmp_key(BIO *out, SSL *s)
+       {
+       EVP_PKEY *key;
+       if (!SSL_get_server_tmp_key(s, &key))
+               return 1;
+       BIO_puts(out, "Server Temp Key: ");
+       switch (EVP_PKEY_id(key))
+               {
+       case EVP_PKEY_RSA:
+               BIO_printf(out, "RSA, %d bits\n", EVP_PKEY_bits(key));
+               break;
+
+       case EVP_PKEY_DH:
+               BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key));
+               break;
+
+       case EVP_PKEY_EC:
+                       {
+                       EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
+                       int nid;
+                       const char *cname;
+                       nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+                       EC_KEY_free(ec);
+                       cname = EC_curve_nid2nist(nid);
+                       if (!cname)
+                               cname = OBJ_nid2sn(nid);
+                       BIO_printf(out, "ECDH, %s, %d bits\n",
+                                               cname, EVP_PKEY_bits(key));
+                       }
+               }
+       EVP_PKEY_free(key);
+       return 1;
+       }
+               
 
 long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
                                   int argi, long argl, long ret)
index 0591add..ea0a321 100644 (file)
@@ -2105,6 +2105,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
                        }
 
                ssl_print_sigalgs(bio, s);
+               ssl_print_tmp_key(bio, s);
 
                BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
                        BIO_number_read(SSL_get_rbio(s)),
index 9484a76..f1e703b 100644 (file)
@@ -3477,6 +3477,43 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                else
                        return 0;
 
+       case SSL_CTRL_GET_SERVER_TMP_KEY:
+               if (s->server || !s->session || !s->session->sess_cert)
+                       return 0;
+               else
+                       {
+                       SESS_CERT *sc;
+                       EVP_PKEY *ptmp;
+                       int rv = 0;
+                       sc = s->session->sess_cert;
+                       if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp
+                                                       && !sc->peer_ecdh_tmp)
+                               return 0;
+                       ptmp = EVP_PKEY_new();
+                       if (!ptmp)
+                               return 0;
+                       if (0);
+#ifndef OPENSSL_NO_RSA
+                       else if (sc->peer_rsa_tmp)
+                               rv = EVP_PKEY_set1_RSA(ptmp, sc->peer_rsa_tmp);
+#endif
+#ifndef OPENSSL_NO_DH
+                       else if (sc->peer_dh_tmp)
+                               rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp);
+#endif
+#ifndef OPENSSL_NO_ECDH
+                       else if (sc->peer_ecdh_tmp)
+                               rv = EVP_PKEY_set1_EC_KEY(ptmp, sc->peer_ecdh_tmp);
+#endif
+                       if (rv)
+                               {
+                               *(EVP_PKEY **)parg = ptmp;
+                               return 1;
+                               }
+                       EVP_PKEY_free(ptmp);
+                       return 0;
+                       }
+
        default:
                break;
                }
index 72504db..8300bda 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1708,6 +1708,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_CTRL_SET_VERIFY_CERT_STORE         106
 #define SSL_CTRL_SET_CHAIN_CERT_STORE          107
 #define SSL_CTRL_GET_PEER_SIGNATURE_NID                108
+#define SSL_CTRL_GET_SERVER_TMP_KEY            109
 
 #define DTLSv1_get_timeout(ssl, arg) \
        SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
@@ -1835,6 +1836,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_get_peer_signature_nid(s, pn) \
        SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn)
 
+#define SSL_get_server_tmp_key(s, pk) \
+       SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk)
+
 #ifndef OPENSSL_NO_BIO
 BIO_METHOD *BIO_f_ssl(void);
 BIO *BIO_new_ssl(SSL_CTX *ctx,int client);