new ctrl to retrive value of received temporary key in server key exchange...

new ctrl to retrive value of received temporary key in server key exchange message, print out details in s_client

apps/s_apps.h

@@ -163,6 +163,7 @@ int set_cert_key_and_authz(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
 int ssl_print_sigalgs(BIO *out, SSL *s);
 int ssl_print_curves(BIO *out, SSL *s);
 #endif
+int ssl_print_tmp_key(BIO *out, SSL *s);
 int init_client(int *sock, char *server, int port, int type);
 int should_retry(int i);
 int extract_port(char *str, short *port_ptr);

apps/s_cb.c

@@ -466,6 +466,40 @@ int ssl_print_curves(BIO *out, SSL *s)
 	return 1;
 	}
 
+int ssl_print_tmp_key(BIO *out, SSL *s)
+	{
+	EVP_PKEY *key;
+	if (!SSL_get_server_tmp_key(s, &key))
+		return 1;
+	BIO_puts(out, "Server Temp Key: ");
+	switch (EVP_PKEY_id(key))
+		{
+	case EVP_PKEY_RSA:
+		BIO_printf(out, "RSA, %d bits\n", EVP_PKEY_bits(key));
+		break;
+
+	case EVP_PKEY_DH:
+		BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key));
+		break;
+
+	case EVP_PKEY_EC:
+			{
+			EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
+			int nid;
+			const char *cname;
+			nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+			EC_KEY_free(ec);
+			cname = EC_curve_nid2nist(nid);
+			if (!cname)
+				cname = OBJ_nid2sn(nid);
+			BIO_printf(out, "ECDH, %s, %d bits\n",
+						cname, EVP_PKEY_bits(key));
+			}
+		}
+	EVP_PKEY_free(key);
+	return 1;
+	}
+		
 
 long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
 				   int argi, long argl, long ret)

apps/s_client.c

@@ -2105,6 +2105,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
 			}
 
 		ssl_print_sigalgs(bio, s);
+		ssl_print_tmp_key(bio, s);
 
 		BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
 			BIO_number_read(SSL_get_rbio(s)),

ssl/s3_lib.c

@@ -3477,6 +3477,43 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 		else
 			return 0;
 
+	case SSL_CTRL_GET_SERVER_TMP_KEY:
+		if (s->server || !s->session || !s->session->sess_cert)
+			return 0;
+		else
+			{
+			SESS_CERT *sc;
+			EVP_PKEY *ptmp;
+			int rv = 0;
+			sc = s->session->sess_cert;
+			if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp
+							&& !sc->peer_ecdh_tmp)
+				return 0;
+			ptmp = EVP_PKEY_new();
+			if (!ptmp)
+				return 0;
+			if (0);
+#ifndef OPENSSL_NO_RSA
+			else if (sc->peer_rsa_tmp)
+				rv = EVP_PKEY_set1_RSA(ptmp, sc->peer_rsa_tmp);
+#endif
+#ifndef OPENSSL_NO_DH
+			else if (sc->peer_dh_tmp)
+				rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp);
+#endif
+#ifndef OPENSSL_NO_ECDH
+			else if (sc->peer_ecdh_tmp)
+				rv = EVP_PKEY_set1_EC_KEY(ptmp, sc->peer_ecdh_tmp);
+#endif
+			if (rv)
+				{
+				*(EVP_PKEY **)parg = ptmp;
+				return 1;
+				}
+			EVP_PKEY_free(ptmp);
+			return 0;
+			}
+
 	default:
 		break;
 		}

ssl/ssl.h

@@ -1708,6 +1708,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_CTRL_SET_VERIFY_CERT_STORE		106
 #define SSL_CTRL_SET_CHAIN_CERT_STORE		107
 #define SSL_CTRL_GET_PEER_SIGNATURE_NID		108
+#define SSL_CTRL_GET_SERVER_TMP_KEY		109
 
 #define DTLSv1_get_timeout(ssl, arg) \
 	SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
@@ -1835,6 +1836,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_get_peer_signature_nid(s, pn) \
 	SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn)
 
+#define SSL_get_server_tmp_key(s, pk) \
+	SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk)
+
 #ifndef OPENSSL_NO_BIO
 BIO_METHOD *BIO_f_ssl(void);
 BIO *BIO_new_ssl(SSL_CTX *ctx,int client);