new ctrl to retrive value of received temporary key in server key exchange message, print out details in s_client

(backport from HEAD)
This commit is contained in:
Dr. Stephen Henson 2012-12-26 16:23:36 +00:00
parent a50ecaee56
commit 2001129f09
5 changed files with 77 additions and 0 deletions

View file

@ -163,6 +163,7 @@ int set_cert_key_and_authz(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
int ssl_print_sigalgs(BIO *out, SSL *s); int ssl_print_sigalgs(BIO *out, SSL *s);
int ssl_print_curves(BIO *out, SSL *s); int ssl_print_curves(BIO *out, SSL *s);
#endif #endif
int ssl_print_tmp_key(BIO *out, SSL *s);
int init_client(int *sock, char *server, int port, int type); int init_client(int *sock, char *server, int port, int type);
int should_retry(int i); int should_retry(int i);
int extract_port(char *str, short *port_ptr); int extract_port(char *str, short *port_ptr);

View file

@ -466,6 +466,40 @@ int ssl_print_curves(BIO *out, SSL *s)
return 1; return 1;
} }
int ssl_print_tmp_key(BIO *out, SSL *s)
{
EVP_PKEY *key;
if (!SSL_get_server_tmp_key(s, &key))
return 1;
BIO_puts(out, "Server Temp Key: ");
switch (EVP_PKEY_id(key))
{
case EVP_PKEY_RSA:
BIO_printf(out, "RSA, %d bits\n", EVP_PKEY_bits(key));
break;
case EVP_PKEY_DH:
BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key));
break;
case EVP_PKEY_EC:
{
EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
int nid;
const char *cname;
nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
EC_KEY_free(ec);
cname = EC_curve_nid2nist(nid);
if (!cname)
cname = OBJ_nid2sn(nid);
BIO_printf(out, "ECDH, %s, %d bits\n",
cname, EVP_PKEY_bits(key));
}
}
EVP_PKEY_free(key);
return 1;
}
long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
int argi, long argl, long ret) int argi, long argl, long ret)

View file

@ -2082,6 +2082,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
} }
ssl_print_sigalgs(bio, s); ssl_print_sigalgs(bio, s);
ssl_print_tmp_key(bio, s);
BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n", BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
BIO_number_read(SSL_get_rbio(s)), BIO_number_read(SSL_get_rbio(s)),

View file

@ -3477,6 +3477,43 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
else else
return 0; return 0;
case SSL_CTRL_GET_SERVER_TMP_KEY:
if (s->server || !s->session || !s->session->sess_cert)
return 0;
else
{
SESS_CERT *sc;
EVP_PKEY *ptmp;
int rv = 0;
sc = s->session->sess_cert;
if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp
&& !sc->peer_ecdh_tmp)
return 0;
ptmp = EVP_PKEY_new();
if (!ptmp)
return 0;
if (0);
#ifndef OPENSSL_NO_RSA
else if (sc->peer_rsa_tmp)
rv = EVP_PKEY_set1_RSA(ptmp, sc->peer_rsa_tmp);
#endif
#ifndef OPENSSL_NO_DH
else if (sc->peer_dh_tmp)
rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp);
#endif
#ifndef OPENSSL_NO_ECDH
else if (sc->peer_ecdh_tmp)
rv = EVP_PKEY_set1_EC_KEY(ptmp, sc->peer_ecdh_tmp);
#endif
if (rv)
{
*(EVP_PKEY **)parg = ptmp;
return 1;
}
EVP_PKEY_free(ptmp);
return 0;
}
default: default:
break; break;
} }

View file

@ -1698,6 +1698,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
#define SSL_CTRL_SET_VERIFY_CERT_STORE 106 #define SSL_CTRL_SET_VERIFY_CERT_STORE 106
#define SSL_CTRL_SET_CHAIN_CERT_STORE 107 #define SSL_CTRL_SET_CHAIN_CERT_STORE 107
#define SSL_CTRL_GET_PEER_SIGNATURE_NID 108 #define SSL_CTRL_GET_PEER_SIGNATURE_NID 108
#define SSL_CTRL_GET_SERVER_TMP_KEY 109
#define DTLSv1_get_timeout(ssl, arg) \ #define DTLSv1_get_timeout(ssl, arg) \
SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
@ -1825,6 +1826,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
#define SSL_get_peer_signature_nid(s, pn) \ #define SSL_get_peer_signature_nid(s, pn) \
SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn) SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn)
#define SSL_get_server_tmp_key(s, pk) \
SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk)
#ifndef OPENSSL_NO_BIO #ifndef OPENSSL_NO_BIO
BIO_METHOD *BIO_f_ssl(void); BIO_METHOD *BIO_f_ssl(void);
BIO *BIO_new_ssl(SSL_CTX *ctx,int client); BIO *BIO_new_ssl(SSL_CTX *ctx,int client);