diff options
| author | Ben Laurie <ben@openssl.org> | 2011-11-15 23:51:22 +0000 |
|---|---|---|
| committer | Ben Laurie <ben@openssl.org> | 2011-11-15 23:51:22 +0000 |
| commit | b1d7429186658934e4ca8b7913c3640ef4426e45 (patch) | |
| tree | baa81aec5fc88283adf9389c7903eab77772dddc /apps/s_server.c | |
| parent | 060a38a2c06145df02d04af20e31bacf30f192e2 (diff) | |
Add TLS exporter.
Diffstat (limited to 'apps/s_server.c')
| -rw-r--r-- | apps/s_server.c | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/apps/s_server.c b/apps/s_server.c index 14cffa6fa9..e89b888888 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -293,6 +293,9 @@ static int cert_status_cb(SSL *s, void *arg); static int s_msg=0; static int s_quiet=0; +static char *keymatexportlabel=NULL; +static int keymatexportlen=20; + static int hack=0; #ifndef OPENSSL_NO_ENGINE static char *engine_id=NULL; @@ -543,6 +546,8 @@ static void sv_usage(void) # endif BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list"); #endif + BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); + BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n"); } static int local_argc=0; @@ -1315,6 +1320,17 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; srtp_profiles = *(++argv); } + else if (strcmp(*argv,"-keymatexport") == 0) + { + if (--argc < 1) goto bad; + keymatexportlabel= *(++argv); + } + else if (strcmp(*argv,"-keymatexportlen") == 0) + { + if (--argc < 1) goto bad; + keymatexportlen=atoi(*(++argv)); + if (keymatexportlen == 0) goto bad; + } else { BIO_printf(bio_err,"unknown option %s\n",*argv); @@ -2324,6 +2340,8 @@ static int init_ssl_connection(SSL *con) const unsigned char *next_proto_neg; unsigned next_proto_neg_len; #endif + unsigned char *exportedkeymat; + if ((i=SSL_accept(con)) <= 0) { @@ -2395,6 +2413,32 @@ static int init_ssl_connection(SSL *con) #endif /* OPENSSL_NO_KRB5 */ BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n", SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); + if (keymatexportlabel != NULL) { + BIO_printf(bio_s_out, "Keying material exporter:\n"); + BIO_printf(bio_s_out, " Label: '%s'\n", keymatexportlabel); + BIO_printf(bio_s_out, " Length: %i bytes\n", + keymatexportlen); + exportedkeymat = OPENSSL_malloc(keymatexportlen); + if (exportedkeymat != NULL) { + i = SSL_export_keying_material(con, exportedkeymat, + keymatexportlen, + keymatexportlabel, + strlen(keymatexportlabel), + NULL, 0, 0); + if (i != keymatexportlen) { + BIO_printf(bio_s_out, + " Error: return value %i\n", i); + } else { + BIO_printf(bio_s_out, " Keying material: "); + for (i=0; i<keymatexportlen; i++) + BIO_printf(bio_s_out, "%02X", + exportedkeymat[i]); + BIO_printf(bio_s_out, "\n"); + } + OPENSSL_free(exportedkeymat); + } + } + return(1); } |