提交 33a8de69 编写于 作者: D Dr. Stephen Henson

new ctrl to retrive value of received temporary key in server key exchange...

new ctrl to retrive value of received temporary key in server key exchange message, print out details in s_client
上级 319354eb
......@@ -163,6 +163,7 @@ int set_cert_key_and_authz(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
int ssl_print_sigalgs(BIO *out, SSL *s);
int ssl_print_curves(BIO *out, SSL *s);
#endif
int ssl_print_tmp_key(BIO *out, SSL *s);
int init_client(int *sock, char *server, int port, int type);
int should_retry(int i);
int extract_port(char *str, short *port_ptr);
......
......@@ -466,6 +466,40 @@ int ssl_print_curves(BIO *out, SSL *s)
return 1;
}
int ssl_print_tmp_key(BIO *out, SSL *s)
{
EVP_PKEY *key;
if (!SSL_get_server_tmp_key(s, &key))
return 1;
BIO_puts(out, "Server Temp Key: ");
switch (EVP_PKEY_id(key))
{
case EVP_PKEY_RSA:
BIO_printf(out, "RSA, %d bits\n", EVP_PKEY_bits(key));
break;
case EVP_PKEY_DH:
BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key));
break;
case EVP_PKEY_EC:
{
EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
int nid;
const char *cname;
nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
EC_KEY_free(ec);
cname = EC_curve_nid2nist(nid);
if (!cname)
cname = OBJ_nid2sn(nid);
BIO_printf(out, "ECDH, %s, %d bits\n",
cname, EVP_PKEY_bits(key));
}
}
EVP_PKEY_free(key);
return 1;
}
long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
int argi, long argl, long ret)
......
......@@ -2105,6 +2105,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
}
ssl_print_sigalgs(bio, s);
ssl_print_tmp_key(bio, s);
BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
BIO_number_read(SSL_get_rbio(s)),
......
......@@ -3477,6 +3477,43 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
else
return 0;
case SSL_CTRL_GET_SERVER_TMP_KEY:
if (s->server || !s->session || !s->session->sess_cert)
return 0;
else
{
SESS_CERT *sc;
EVP_PKEY *ptmp;
int rv = 0;
sc = s->session->sess_cert;
if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp
&& !sc->peer_ecdh_tmp)
return 0;
ptmp = EVP_PKEY_new();
if (!ptmp)
return 0;
if (0);
#ifndef OPENSSL_NO_RSA
else if (sc->peer_rsa_tmp)
rv = EVP_PKEY_set1_RSA(ptmp, sc->peer_rsa_tmp);
#endif
#ifndef OPENSSL_NO_DH
else if (sc->peer_dh_tmp)
rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp);
#endif
#ifndef OPENSSL_NO_ECDH
else if (sc->peer_ecdh_tmp)
rv = EVP_PKEY_set1_EC_KEY(ptmp, sc->peer_ecdh_tmp);
#endif
if (rv)
{
*(EVP_PKEY **)parg = ptmp;
return 1;
}
EVP_PKEY_free(ptmp);
return 0;
}
default:
break;
}
......
......@@ -1708,6 +1708,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
#define SSL_CTRL_SET_VERIFY_CERT_STORE 106
#define SSL_CTRL_SET_CHAIN_CERT_STORE 107
#define SSL_CTRL_GET_PEER_SIGNATURE_NID 108
#define SSL_CTRL_GET_SERVER_TMP_KEY 109
#define DTLSv1_get_timeout(ssl, arg) \
SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
......@@ -1835,6 +1836,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
#define SSL_get_peer_signature_nid(s, pn) \
SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn)
#define SSL_get_server_tmp_key(s, pk) \
SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk)
#ifndef OPENSSL_NO_BIO
BIO_METHOD *BIO_f_ssl(void);
BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册