The branch master has been updated via 508fafd8efa97083ef449e185b6f83e19b5a4e8f (commit) via 090c8118e8d37f5631a421384a24ded35940690c (commit) from a0cb628b17ecfd6e161870376b925a0045c99d00 (commit)
- Log ----------------------------------------------------------------- commit 508fafd8efa97083ef449e185b6f83e19b5a4e8f Author: Matt Caswell <m...@openssl.org> Date: Mon Apr 3 15:41:21 2017 +0100 Add documentation for SSL_get_server_tmp_key() Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3114) commit 090c8118e8d37f5631a421384a24ded35940690c Author: Matt Caswell <m...@openssl.org> Date: Mon Apr 3 15:24:06 2017 +0100 Fix calls to SSL_get_server_tmp_key() in TLSv1.3 The macro SSL_get_server_tmp_key() returns information about the temp key used by the server during a handshake. This was returning NULL for TLSv1.3 and causing s_client to omit this information in its connection summary. Fixes #3081 Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3114) ----------------------------------------------------------------------- Summary of changes: doc/man3/SSL_get_server_tmp_key.pod | 43 +++++++++++++++++++++++++++++++++++++ ssl/statem/extensions_clnt.c | 4 ++-- 2 files changed, 45 insertions(+), 2 deletions(-) create mode 100644 doc/man3/SSL_get_server_tmp_key.pod diff --git a/doc/man3/SSL_get_server_tmp_key.pod b/doc/man3/SSL_get_server_tmp_key.pod new file mode 100644 index 0000000..fda891b --- /dev/null +++ b/doc/man3/SSL_get_server_tmp_key.pod @@ -0,0 +1,43 @@ +=pod + +=head1 NAME + +SSL_get_server_tmp_key - get information about the server's temporary key used +during a handshake + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + long SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **key); + +=head1 DESCRIPTION + +SSL_get_server_tmp_key() returns the temporary key provided by the server and +used during key exchange. For example, if ECDHE is in use, then this represents +the server's public ECDHE key. On success a pointer to the key is stored in +B<*key>. It is the caller's responsibility to free this key after use using +L<EVP_PKEY_free(3)>. This function may only be called by the client. + +=head1 RETURN VALUES + +SSL_get_server_tmp_key() returns 1 on success or 0 otherwise. + +=head1 NOTES + +This function is implemented as a macro. + +=head1 SEE ALSO + +L<ssl(7)>, L<EVP_PKEY_free(3)> + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L<https://www.openssl.org/source/license.html>. + +=cut diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 939ad4c..8bb9a88 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -1295,7 +1295,7 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, EVP_PKEY *ckey = s->s3->tmp.pkey, *skey = NULL; /* Sanity check */ - if (ckey == NULL) { + if (ckey == NULL || s->s3->peer_tmp != NULL) { *al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_TLS_PARSE_STOC_KEY_SHARE, ERR_R_INTERNAL_ERROR); return 0; @@ -1386,7 +1386,7 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, EVP_PKEY_free(skey); return 0; } - EVP_PKEY_free(skey); + s->s3->peer_tmp = skey; #endif return 1; _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits