Expose the peer ephemeral public key used for TLSv1.3 key exchange.

SSL_get_server_tmp_key() provides the peer ephemeral public key used for key exchange. In the case of TLSv1.3 this is essentially the peer public key from the key share used for TLSv1.3 key exchange, hence make it availaable via SSL_get_server_tmp_key(). ok inoguchi@ tb@
author: jsing <> 2020-04-18 14:07:56 +0000
committer: jsing <> 2020-04-18 14:07:56 +0000
commit: d82ca953a5e7d61a103ae2e7c9744db82d74f016 (patch)
tree: b56b281a4429eb0ae90ce91eefde6f9a80d7d18f /src/lib/libssl/tls13_key_share.c
parent: 33d8c111a77ac681a8ecffcda0713ec96c6fe953 (diff)
download: openbsd-d82ca953a5e7d61a103ae2e7c9744db82d74f016.tar.gz
openbsd-d82ca953a5e7d61a103ae2e7c9744db82d74f016.tar.bz2
openbsd-d82ca953a5e7d61a103ae2e7c9744db82d74f016.zip
1 files changed, 17 insertions, 1 deletions
diff --git a/src/lib/libssl/tls13_key_share.c b/src/lib/libssl/tls13_key_share.c
index 58544dc1db..0d1c091462 100644
--- a/src/lib/libssl/tls13_key_share.c
+++ b/src/lib/libssl/tls13_key_share.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_key_share.c,v 1.5 2020/04/18 13:43:47 jsing Exp $ */
+/* $OpenBSD: tls13_key_share.c,v 1.6 2020/04/18 14:07:56 jsing Exp $ */
 /*
 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
 *
@@ -86,6 +86,22 @@ tls13_key_share_group(struct tls13_key_share *ks)
        return ks->group_id;
 }
+int
+tls13_key_share_peer_pkey(struct tls13_key_share *ks, EVP_PKEY *pkey)
+{
+        if (ks->nid == NID_X25519 && ks->x25519_peer_public != NULL) {
+                if (!ssl_kex_dummy_ecdhe_x25519(pkey))
+                        return 0;
+        } else if (ks->ecdhe_peer != NULL) {
+                if (!EVP_PKEY_set1_EC_KEY(pkey, ks->ecdhe_peer))
+                        return 0;
+        } else {
+                return 0;
+        }
+        return 1;
+}
 static int
 tls13_key_share_generate_ecdhe_ecp(struct tls13_key_share *ks)
 {
author	jsing <>	2020-04-18 14:07:56 +0000
committer	jsing <>	2020-04-18 14:07:56 +0000
commit	d82ca953a5e7d61a103ae2e7c9744db82d74f016 (patch)
tree	b56b281a4429eb0ae90ce91eefde6f9a80d7d18f /src/lib/libssl/tls13_key_share.c
parent	33d8c111a77ac681a8ecffcda0713ec96c6fe953 (diff)
download	openbsd-d82ca953a5e7d61a103ae2e7c9744db82d74f016.tar.gz openbsd-d82ca953a5e7d61a103ae2e7c9744db82d74f016.tar.bz2 openbsd-d82ca953a5e7d61a103ae2e7c9744db82d74f016.zip

diff --git a/src/lib/libssl/tls13_key_share.c b/src/lib/libssl/tls13_key_share.c index 58544dc1db..0d1c091462 100644 --- a/src/lib/libssl/tls13_key_share.c +++ b/src/lib/libssl/tls13_key_share.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_key_share.c,v 1.5 2020/04/18 13:43:47 jsing Exp $ */	1	/* $OpenBSD: tls13_key_share.c,v 1.6 2020/04/18 14:07:56 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2020 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -86,6 +86,22 @@ tls13_key_share_group(struct tls13_key_share *ks)
86	return ks->group_id;	86	return ks->group_id;
87	}	87	}
88		88
		89	int
		90	tls13_key_share_peer_pkey(struct tls13_key_share ks, EVP_PKEY pkey)
		91	{
		92	if (ks->nid == NID_X25519 && ks->x25519_peer_public != NULL) {
		93	if (!ssl_kex_dummy_ecdhe_x25519(pkey))
		94	return 0;
		95	} else if (ks->ecdhe_peer != NULL) {
		96	if (!EVP_PKEY_set1_EC_KEY(pkey, ks->ecdhe_peer))
		97	return 0;
		98	} else {
		99	return 0;
		100	}
		101
		102	return 1;
		103	}
		104
89	static int	105	static int
90	tls13_key_share_generate_ecdhe_ecp(struct tls13_key_share *ks)	106	tls13_key_share_generate_ecdhe_ecp(struct tls13_key_share *ks)
91	{	107	{