diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2016-12-30 17:20:52 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2016-12-30 17:20:52 +0000 |
| commit | 8073943807935d58f6879367892101a33353de42 (patch) | |
| tree | 449dc4dc37199ba96c174832c64c224d00a99252 /lib | |
| parent | 9c4274fb0f29917a3676115adef8c707abcc9471 (diff) | |
Add support for SSL_get_server_tmp_key().
ok doug@
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libssl/s3_lib.c | 68 | ||||
| -rw-r--r-- | lib/libssl/ssl.h | 9 |
2 files changed, 74 insertions, 3 deletions
diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index 212de5f7a44..5c7f2cb27cf 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.114 2016/12/21 16:44:31 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.115 2016/12/30 17:20:51 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -151,6 +151,7 @@ #include <limits.h> #include <stdio.h> +#include <openssl/bn.h> #include <openssl/curve25519.h> #include <openssl/dh.h> #include <openssl/md5.h> @@ -1904,6 +1905,67 @@ ssl3_clear(SSL *s) s->next_proto_negotiated_len = 0; } +static long +ssl_ctrl_get_server_tmp_key(SSL *s, EVP_PKEY **pkey_tmp) +{ + EVP_PKEY *pkey = NULL; + EC_GROUP *group = NULL; + EC_POINT *point = NULL; + EC_KEY *ec_key = NULL; + BIGNUM *order = NULL; + SESS_CERT *sc; + int ret = 0; + + *pkey_tmp = NULL; + + if (s->server != 0) + return 0; + if (s->session == NULL || s->session->sess_cert == NULL) + return 0; + + sc = s->session->sess_cert; + + if ((pkey = EVP_PKEY_new()) == NULL) + return 0; + + if (sc->peer_dh_tmp != NULL) { + ret = EVP_PKEY_set1_DH(pkey, sc->peer_dh_tmp); + } else if (sc->peer_ecdh_tmp) { + ret = EVP_PKEY_set1_EC_KEY(pkey, sc->peer_ecdh_tmp); + } else if (sc->peer_x25519_tmp != NULL) { + /* Fudge up an EC_KEY that looks like X25519... */ + if ((group = EC_GROUP_new(EC_GFp_mont_method())) == NULL) + goto err; + if ((point = EC_POINT_new(group)) == NULL) + goto err; + if ((order = BN_new()) == NULL) + goto err; + if (!BN_set_bit(order, 252)) + goto err; + if (!EC_GROUP_set_generator(group, point, order, NULL)) + goto err; + EC_GROUP_set_curve_name(group, NID_X25519); + if ((ec_key = EC_KEY_new()) == NULL) + goto err; + if (!EC_KEY_set_group(ec_key, group)) + goto err; + ret = EVP_PKEY_set1_EC_KEY(pkey, ec_key); + } + + if (ret == 1) { + *pkey_tmp = pkey; + pkey = NULL; + } + + err: + EVP_PKEY_free(pkey); + EC_GROUP_free(group); + EC_POINT_free(point); + EC_KEY_free(ec_key); + BN_free(order); + + return (ret); +} long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) @@ -2077,6 +2139,10 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) ret = 1; break; + case SSL_CTRL_GET_SERVER_TMP_KEY: + ret = ssl_ctrl_get_server_tmp_key(s, parg); + break; + default: break; } diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h index d8c25cac429..37844bdeaa0 100644 --- a/lib/libssl/ssl.h +++ b/lib/libssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.101 2016/12/21 16:51:10 jsing Exp $ */ +/* $OpenBSD: ssl.h,v 1.102 2016/12/30 17:20:51 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1469,7 +1469,9 @@ int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x); #define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 -#define SSL_CTRL_SET_ECDH_AUTO 94 +#define SSL_CTRL_SET_ECDH_AUTO 94 + +#define SSL_CTRL_GET_SERVER_TMP_KEY 109 #define SSL_CTRL_SET_DH_AUTO 118 @@ -1522,6 +1524,9 @@ int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x); #define SSL_CTX_clear_extra_chain_certs(ctx) \ SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL) +#define SSL_get_server_tmp_key(s, pk) \ + SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk) + #ifndef OPENSSL_NO_BIO BIO_METHOD *BIO_f_ssl(void); BIO *BIO_new_ssl(SSL_CTX *ctx, int client); |