Blame SOURCES/openssl-1.0.1e-ephemeral-key-size.patch

2b5643
diff -up openssl-1.0.1e/apps/s_apps.h.ephemeral openssl-1.0.1e/apps/s_apps.h
2b5643
--- openssl-1.0.1e/apps/s_apps.h.ephemeral	2014-02-12 14:49:14.333513753 +0100
2b5643
+++ openssl-1.0.1e/apps/s_apps.h	2014-02-12 14:49:14.417515629 +0100
2b5643
@@ -156,6 +156,7 @@ int MS_CALLBACK verify_callback(int ok,
2b5643
 int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
2b5643
 int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
2b5643
 #endif
2b5643
+int ssl_print_tmp_key(BIO *out, SSL *s);
2b5643
 int init_client(int *sock, char *server, char *port, int type);
2b5643
 int should_retry(int i);
2b5643
 int extract_host_port(char *str,char **host_ptr,char **port_ptr);
2b5643
diff -up openssl-1.0.1e/apps/s_cb.c.ephemeral openssl-1.0.1e/apps/s_cb.c
2b5643
--- openssl-1.0.1e/apps/s_cb.c.ephemeral	2013-02-11 16:26:04.000000000 +0100
2b5643
+++ openssl-1.0.1e/apps/s_cb.c	2014-02-12 14:56:25.584142499 +0100
2b5643
@@ -338,6 +338,38 @@ void MS_CALLBACK apps_ssl_info_callback(
2b5643
 		}
2b5643
 	}
2b5643
 
2b5643
+int ssl_print_tmp_key(BIO *out, SSL *s)
2b5643
+	{
2b5643
+	EVP_PKEY *key;
2b5643
+	if (!SSL_get_server_tmp_key(s, &key))
2b5643
+		return 1;
2b5643
+	BIO_puts(out, "Server Temp Key: ");
2b5643
+	switch (EVP_PKEY_id(key))
2b5643
+		{
2b5643
+	case EVP_PKEY_RSA:
2b5643
+		BIO_printf(out, "RSA, %d bits\n", EVP_PKEY_bits(key));
2b5643
+		break;
2b5643
+
2b5643
+	case EVP_PKEY_DH:
2b5643
+		BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key));
2b5643
+		break;
2b5643
+
2b5643
+	case EVP_PKEY_EC:
2b5643
+			{
2b5643
+			EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
2b5643
+			int nid;
2b5643
+			const char *cname;
2b5643
+			nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
2b5643
+			EC_KEY_free(ec);
2b5643
+			cname = OBJ_nid2sn(nid);
2b5643
+			BIO_printf(out, "ECDH, %s, %d bits\n",
2b5643
+						cname, EVP_PKEY_bits(key));
2b5643
+			}
2b5643
+		}
2b5643
+	EVP_PKEY_free(key);
2b5643
+	return 1;
2b5643
+	}
2b5643
+		
2b5643
 
2b5643
 void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
2b5643
 	{
2b5643
diff -up openssl-1.0.1e/apps/s_client.c.ephemeral openssl-1.0.1e/apps/s_client.c
2b5643
--- openssl-1.0.1e/apps/s_client.c.ephemeral	2014-02-12 14:49:14.407515406 +0100
2b5643
+++ openssl-1.0.1e/apps/s_client.c	2014-02-12 14:49:14.418515652 +0100
2b5643
@@ -2032,6 +2032,8 @@ static void print_stuff(BIO *bio, SSL *s
2b5643
 			BIO_write(bio,"\n",1);
2b5643
 			}
2b5643
 
2b5643
+		ssl_print_tmp_key(bio, s);
2b5643
+
2b5643
 		BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
2b5643
 			BIO_number_read(SSL_get_rbio(s)),
2b5643
 			BIO_number_written(SSL_get_wbio(s)));
2b5643
diff -up openssl-1.0.1e/ssl/ssl.h.ephemeral openssl-1.0.1e/ssl/ssl.h
2b5643
--- openssl-1.0.1e/ssl/ssl.h.ephemeral	2014-02-12 14:49:14.391515049 +0100
2b5643
+++ openssl-1.0.1e/ssl/ssl.h	2014-02-12 14:49:14.418515652 +0100
2b5643
@@ -1563,6 +1563,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
2b5643
 #define SSL_CTRL_GET_EXTRA_CHAIN_CERTS		82
2b5643
 #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS	83
2b5643
 
2b5643
+#define SSL_CTRL_GET_SERVER_TMP_KEY		109
2b5643
+
2b5643
 #define DTLSv1_get_timeout(ssl, arg) \
2b5643
 	SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
2b5643
 #define DTLSv1_handle_timeout(ssl) \
2b5643
@@ -1604,6 +1606,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
2b5643
 #define SSL_CTX_clear_extra_chain_certs(ctx) \
2b5643
 	SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
2b5643
 
2b5643
+#define SSL_get_server_tmp_key(s, pk) \
2b5643
+	SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk)
2b5643
+
2b5643
 #ifndef OPENSSL_NO_BIO
2b5643
 BIO_METHOD *BIO_f_ssl(void);
2b5643
 BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
2b5643
diff -up openssl-1.0.1e/ssl/s3_lib.c.ephemeral openssl-1.0.1e/ssl/s3_lib.c
2b5643
--- openssl-1.0.1e/ssl/s3_lib.c.ephemeral	2014-02-12 14:49:14.412515518 +0100
2b5643
+++ openssl-1.0.1e/ssl/s3_lib.c	2014-02-12 14:49:14.418515652 +0100
2b5643
@@ -3350,6 +3350,44 @@ long ssl3_ctrl(SSL *s, int cmd, long lar
2b5643
 #endif
2b5643
 
2b5643
 #endif /* !OPENSSL_NO_TLSEXT */
2b5643
+	case SSL_CTRL_GET_SERVER_TMP_KEY:
2b5643
+		if (s->server || !s->session || !s->session->sess_cert)
2b5643
+			return 0;
2b5643
+		else
2b5643
+			{
2b5643
+			SESS_CERT *sc;
2b5643
+			EVP_PKEY *ptmp;
2b5643
+			int rv = 0;
2b5643
+			sc = s->session->sess_cert;
2b5643
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC)
2b5643
+			if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp
2b5643
+							&& !sc->peer_ecdh_tmp)
2b5643
+				return 0;
2b5643
+#endif
2b5643
+			ptmp = EVP_PKEY_new();
2b5643
+			if (!ptmp)
2b5643
+				return 0;
2b5643
+			if (0);
2b5643
+#ifndef OPENSSL_NO_RSA
2b5643
+			else if (sc->peer_rsa_tmp)
2b5643
+				rv = EVP_PKEY_set1_RSA(ptmp, sc->peer_rsa_tmp);
2b5643
+#endif
2b5643
+#ifndef OPENSSL_NO_DH
2b5643
+			else if (sc->peer_dh_tmp)
2b5643
+				rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp);
2b5643
+#endif
2b5643
+#ifndef OPENSSL_NO_ECDH
2b5643
+			else if (sc->peer_ecdh_tmp)
2b5643
+				rv = EVP_PKEY_set1_EC_KEY(ptmp, sc->peer_ecdh_tmp);
2b5643
+#endif
2b5643
+			if (rv)
2b5643
+				{
2b5643
+				*(EVP_PKEY **)parg = ptmp;
2b5643
+				return 1;
2b5643
+				}
2b5643
+			EVP_PKEY_free(ptmp);
2b5643
+			return 0;
2b5643
+			}
2b5643
 	default:
2b5643
 		break;
2b5643
 		}