diff options
| author |   jsing <jsing@openbsd.org> | 2020-04-18 14:07:56 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2020-04-18 14:07:56 +0000 |
| commit | 501dd9a599fa9b94d2fd4a4942afb8a6cea49cd4 (patch) | |
| tree | b80961f9971062c09b48b81f0afd771b3cf73d64 /lib/libssl/ssl_kex.c | |
| parent | Tweak previous active cipher suite code. (diff) | |
| download | wireguard-openbsd-501dd9a599fa9b94d2fd4a4942afb8a6cea49cd4.tar.xz wireguard-openbsd-501dd9a599fa9b94d2fd4a4942afb8a6cea49cd4.zip | |
Expose the peer ephemeral public key used for TLSv1.3 key exchange.
SSL_get_server_tmp_key() provides the peer ephemeral public key used
for key exchange. In the case of TLSv1.3 this is essentially the peer
public key from the key share used for TLSv1.3 key exchange, hence make it
availaable via SSL_get_server_tmp_key().
ok inoguchi@ tb@
Diffstat (limited to 'lib/libssl/ssl_kex.c')
| -rw-r--r-- | lib/libssl/ssl_kex.c | 43 |
1 files changed, 42 insertions, 1 deletions
diff --git a/lib/libssl/ssl_kex.c b/lib/libssl/ssl_kex.c index 439c1702b32..9f05fd60c9b 100644 --- a/lib/libssl/ssl_kex.c +++ b/lib/libssl/ssl_kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_kex.c,v 1.1 2020/01/30 16:25:09 jsing Exp $ */ +/* $OpenBSD: ssl_kex.c,v 1.2 2020/04/18 14:07:56 jsing Exp $ */ /* * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> * @@ -19,10 +19,51 @@ #include <openssl/ec.h> #include <openssl/ecdh.h> +#include <openssl/evp.h> +#include <openssl/objects.h> #include "bytestring.h" int +ssl_kex_dummy_ecdhe_x25519(EVP_PKEY *pkey) +{ + EC_GROUP *group = NULL; + EC_POINT *point = NULL; + EC_KEY *ec_key = NULL; + BIGNUM *order = NULL; + int ret = 0; + + /* Fudge up an EC_KEY that looks like X25519... */ + if ((group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) == NULL) + goto err; + if ((point = EC_POINT_new(group)) == NULL) + goto err; + if ((order = BN_new()) == NULL) + goto err; + if (!BN_set_bit(order, 252)) + goto err; + if (!EC_GROUP_set_generator(group, point, order, NULL)) + goto err; + EC_GROUP_set_curve_name(group, NID_X25519); + if ((ec_key = EC_KEY_new()) == NULL) + goto err; + if (!EC_KEY_set_group(ec_key, group)) + goto err; + if (!EVP_PKEY_set1_EC_KEY(pkey, ec_key)) + goto err; + + ret = 1; + + err: + EC_GROUP_free(group); + EC_POINT_free(point); + EC_KEY_free(ec_key); + BN_free(order); + + return ret; +} + +int ssl_kex_generate_ecdhe_ecp(EC_KEY *ecdh, int nid) { EC_GROUP *group; |