From d82ca953a5e7d61a103ae2e7c9744db82d74f016 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sat, 18 Apr 2020 14:07:56 +0000
Subject: Expose the peer ephemeral public key used for TLSv1.3 key exchange.

SSL_get_server_tmp_key() provides the peer ephemeral public key used
for key exchange. In the case of TLSv1.3 this is essentially the peer
public key from the key share used for TLSv1.3 key exchange, hence make it
availaable via SSL_get_server_tmp_key().

ok inoguchi@ tb@
---
 src/lib/libssl/tls13_key_share.c | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

(limited to 'src/lib/libssl/tls13_key_share.c')

diff --git a/src/lib/libssl/tls13_key_share.c b/src/lib/libssl/tls13_key_share.c
index 58544dc1db..0d1c091462 100644
--- a/src/lib/libssl/tls13_key_share.c
+++ b/src/lib/libssl/tls13_key_share.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_key_share.c,v 1.5 2020/04/18 13:43:47 jsing Exp $ */
+/* $OpenBSD: tls13_key_share.c,v 1.6 2020/04/18 14:07:56 jsing Exp $ */
 /*
  * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
  *
@@ -86,6 +86,22 @@ tls13_key_share_group(struct tls13_key_share *ks)
 	return ks->group_id;
 }
 
+int
+tls13_key_share_peer_pkey(struct tls13_key_share *ks, EVP_PKEY *pkey)
+{
+	if (ks->nid == NID_X25519 && ks->x25519_peer_public != NULL) {
+		if (!ssl_kex_dummy_ecdhe_x25519(pkey))
+			return 0;
+	} else if (ks->ecdhe_peer != NULL) {
+		if (!EVP_PKEY_set1_EC_KEY(pkey, ks->ecdhe_peer))
+			return 0;
+	} else {
+		return 0;
+	}
+
+	return 1;
+}
+
 static int
 tls13_key_share_generate_ecdhe_ecp(struct tls13_key_share *ks)
 {
-- 
cgit v1.2.3-55-g6feb