diff --git a/apps/s_apps.h b/apps/s_apps.h index c7e6926a27..b45c1b9a56 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -163,6 +163,7 @@ int set_cert_key_and_authz(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key, int ssl_print_sigalgs(BIO *out, SSL *s); int ssl_print_curves(BIO *out, SSL *s); #endif +int ssl_print_tmp_key(BIO *out, SSL *s); int init_client(int *sock, char *server, int port, int type); int should_retry(int i); int extract_port(char *str, short *port_ptr); diff --git a/apps/s_cb.c b/apps/s_cb.c index b592870f96..fc40f391e3 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -466,6 +466,40 @@ int ssl_print_curves(BIO *out, SSL *s) return 1; } +int ssl_print_tmp_key(BIO *out, SSL *s) + { + EVP_PKEY *key; + if (!SSL_get_server_tmp_key(s, &key)) + return 1; + BIO_puts(out, "Server Temp Key: "); + switch (EVP_PKEY_id(key)) + { + case EVP_PKEY_RSA: + BIO_printf(out, "RSA, %d bits\n", EVP_PKEY_bits(key)); + break; + + case EVP_PKEY_DH: + BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key)); + break; + + case EVP_PKEY_EC: + { + EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key); + int nid; + const char *cname; + nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); + EC_KEY_free(ec); + cname = EC_curve_nid2nist(nid); + if (!cname) + cname = OBJ_nid2sn(nid); + BIO_printf(out, "ECDH, %s, %d bits\n", + cname, EVP_PKEY_bits(key)); + } + } + EVP_PKEY_free(key); + return 1; + } + long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, int argi, long argl, long ret) diff --git a/apps/s_client.c b/apps/s_client.c index 90b6af80cb..8cc57743e0 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -2082,6 +2082,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) } ssl_print_sigalgs(bio, s); + ssl_print_tmp_key(bio, s); BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n", BIO_number_read(SSL_get_rbio(s)), diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 177511da68..088ca05e67 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3477,6 +3477,43 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) else return 0; + case SSL_CTRL_GET_SERVER_TMP_KEY: + if (s->server || !s->session || !s->session->sess_cert) + return 0; + else + { + SESS_CERT *sc; + EVP_PKEY *ptmp; + int rv = 0; + sc = s->session->sess_cert; + if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp + && !sc->peer_ecdh_tmp) + return 0; + ptmp = EVP_PKEY_new(); + if (!ptmp) + return 0; + if (0); +#ifndef OPENSSL_NO_RSA + else if (sc->peer_rsa_tmp) + rv = EVP_PKEY_set1_RSA(ptmp, sc->peer_rsa_tmp); +#endif +#ifndef OPENSSL_NO_DH + else if (sc->peer_dh_tmp) + rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp); +#endif +#ifndef OPENSSL_NO_ECDH + else if (sc->peer_ecdh_tmp) + rv = EVP_PKEY_set1_EC_KEY(ptmp, sc->peer_ecdh_tmp); +#endif + if (rv) + { + *(EVP_PKEY **)parg = ptmp; + return 1; + } + EVP_PKEY_free(ptmp); + return 0; + } + default: break; } diff --git a/ssl/ssl.h b/ssl/ssl.h index 4979a94ae3..0611bf27d3 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1698,6 +1698,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTRL_SET_VERIFY_CERT_STORE 106 #define SSL_CTRL_SET_CHAIN_CERT_STORE 107 #define SSL_CTRL_GET_PEER_SIGNATURE_NID 108 +#define SSL_CTRL_GET_SERVER_TMP_KEY 109 #define DTLSv1_get_timeout(ssl, arg) \ SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) @@ -1825,6 +1826,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_get_peer_signature_nid(s, pn) \ SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn) +#define SSL_get_server_tmp_key(s, pk) \ + SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk) + #ifndef OPENSSL_NO_BIO BIO_METHOD *BIO_f_ssl(void); BIO *BIO_new_ssl(SSL_CTX *ctx,int client);