summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_lib.c
diff options
context:
space:
mode:
authorjsing <>2016-12-30 17:20:51 +0000
committerjsing <>2016-12-30 17:20:51 +0000
commit1cc76fd07be78b0b955623d8e844d5345cae0cd1 (patch)
treedf6feaced005fb3195d597d5bfcbe8ecc80acbc8 /src/lib/libssl/s3_lib.c
parent3922abd3757d557199c7b180a07bf3b9862080f1 (diff)
downloadopenbsd-1cc76fd07be78b0b955623d8e844d5345cae0cd1.tar.gz
openbsd-1cc76fd07be78b0b955623d8e844d5345cae0cd1.tar.bz2
openbsd-1cc76fd07be78b0b955623d8e844d5345cae0cd1.zip
Add support for SSL_get_server_tmp_key().
ok doug@
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
-rw-r--r--src/lib/libssl/s3_lib.c68
1 files changed, 67 insertions, 1 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 212de5f7a4..5c7f2cb27c 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.114 2016/12/21 16:44:31 jsing Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.115 2016/12/30 17:20:51 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -151,6 +151,7 @@
151#include <limits.h> 151#include <limits.h>
152#include <stdio.h> 152#include <stdio.h>
153 153
154#include <openssl/bn.h>
154#include <openssl/curve25519.h> 155#include <openssl/curve25519.h>
155#include <openssl/dh.h> 156#include <openssl/dh.h>
156#include <openssl/md5.h> 157#include <openssl/md5.h>
@@ -1904,6 +1905,67 @@ ssl3_clear(SSL *s)
1904 s->next_proto_negotiated_len = 0; 1905 s->next_proto_negotiated_len = 0;
1905} 1906}
1906 1907
1908static long
1909ssl_ctrl_get_server_tmp_key(SSL *s, EVP_PKEY **pkey_tmp)
1910{
1911 EVP_PKEY *pkey = NULL;
1912 EC_GROUP *group = NULL;
1913 EC_POINT *point = NULL;
1914 EC_KEY *ec_key = NULL;
1915 BIGNUM *order = NULL;
1916 SESS_CERT *sc;
1917 int ret = 0;
1918
1919 *pkey_tmp = NULL;
1920
1921 if (s->server != 0)
1922 return 0;
1923 if (s->session == NULL || s->session->sess_cert == NULL)
1924 return 0;
1925
1926 sc = s->session->sess_cert;
1927
1928 if ((pkey = EVP_PKEY_new()) == NULL)
1929 return 0;
1930
1931 if (sc->peer_dh_tmp != NULL) {
1932 ret = EVP_PKEY_set1_DH(pkey, sc->peer_dh_tmp);
1933 } else if (sc->peer_ecdh_tmp) {
1934 ret = EVP_PKEY_set1_EC_KEY(pkey, sc->peer_ecdh_tmp);
1935 } else if (sc->peer_x25519_tmp != NULL) {
1936 /* Fudge up an EC_KEY that looks like X25519... */
1937 if ((group = EC_GROUP_new(EC_GFp_mont_method())) == NULL)
1938 goto err;
1939 if ((point = EC_POINT_new(group)) == NULL)
1940 goto err;
1941 if ((order = BN_new()) == NULL)
1942 goto err;
1943 if (!BN_set_bit(order, 252))
1944 goto err;
1945 if (!EC_GROUP_set_generator(group, point, order, NULL))
1946 goto err;
1947 EC_GROUP_set_curve_name(group, NID_X25519);
1948 if ((ec_key = EC_KEY_new()) == NULL)
1949 goto err;
1950 if (!EC_KEY_set_group(ec_key, group))
1951 goto err;
1952 ret = EVP_PKEY_set1_EC_KEY(pkey, ec_key);
1953 }
1954
1955 if (ret == 1) {
1956 *pkey_tmp = pkey;
1957 pkey = NULL;
1958 }
1959
1960 err:
1961 EVP_PKEY_free(pkey);
1962 EC_GROUP_free(group);
1963 EC_POINT_free(point);
1964 EC_KEY_free(ec_key);
1965 BN_free(order);
1966
1967 return (ret);
1968}
1907 1969
1908long 1970long
1909ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) 1971ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
@@ -2077,6 +2139,10 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2077 ret = 1; 2139 ret = 1;
2078 break; 2140 break;
2079 2141
2142 case SSL_CTRL_GET_SERVER_TMP_KEY:
2143 ret = ssl_ctrl_get_server_tmp_key(s, parg);
2144 break;
2145
2080 default: 2146 default:
2081 break; 2147 break;
2082 } 2148 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-25 16:51:09 +0000