diff options
| author | Ben Laurie <ben@openssl.org> | 2011-11-15 23:50:52 +0000 |
|---|---|---|
| committer | Ben Laurie <ben@openssl.org> | 2011-11-15 23:50:52 +0000 |
| commit | e0af04056cafff7cbfd2f4426cd0b44700a374a4 (patch) | |
| tree | a8d2b07974989368206df6302fd9d13d67aa7c92 /apps/s_client.c | |
| parent | 333f926d677d12e42279274c525c7b9af52ece8c (diff) | |
| download | openssl-e0af04056cafff7cbfd2f4426cd0b44700a374a4.tar.gz | |
Add TLS exporter.
Diffstat (limited to 'apps/s_client.c')
| -rw-r--r-- | apps/s_client.c | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/apps/s_client.c b/apps/s_client.c index 5527dc2c9c..1621a0158a 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -206,6 +206,9 @@ static int c_status_req=0; static int c_msg=0; static int c_showcerts=0; +static char *keymatexportlabel=NULL; +static int keymatexportlen=20; + static void sc_usage(void); static void print_stuff(BIO *berr,SSL *con,int full); #ifndef OPENSSL_NO_TLSEXT @@ -360,6 +363,8 @@ static void sc_usage(void) #endif BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list"); + BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); + BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n"); } #ifndef OPENSSL_NO_TLSEXT @@ -942,6 +947,17 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; srtp_profiles = *(++argv); } + else if (strcmp(*argv,"-keymatexport") == 0) + { + if (--argc < 1) goto bad; + keymatexportlabel= *(++argv); + } + else if (strcmp(*argv,"-keymatexportlen") == 0) + { + if (--argc < 1) goto bad; + keymatexportlen=atoi(*(++argv)); + if (keymatexportlen == 0) goto bad; + } else { BIO_printf(bio_err,"unknown option %s\n",*argv); @@ -1900,6 +1916,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) #ifndef OPENSSL_NO_COMP const COMP_METHOD *comp, *expansion; #endif + unsigned char *exportedkeymat; if (full) { @@ -2045,6 +2062,30 @@ static void print_stuff(BIO *bio, SSL *s, int full) } SSL_SESSION_print(bio,SSL_get_session(s)); + if (keymatexportlabel != NULL) { + BIO_printf(bio, "Keying material exporter:\n"); + BIO_printf(bio, " Label: '%s'\n", keymatexportlabel); + BIO_printf(bio, " Length: %i bytes\n", keymatexportlen); + exportedkeymat = OPENSSL_malloc(keymatexportlen); + if (exportedkeymat != NULL) { + i = SSL_export_keying_material(s, exportedkeymat, + keymatexportlen, + keymatexportlabel, + strlen(keymatexportlabel), + NULL, 0, 0); + if (i != keymatexportlen) { + BIO_printf(bio, + " Error: return value %i\n", i); + } else { + BIO_printf(bio, " Keying material: "); + for (i=0; i<keymatexportlen; i++) + BIO_printf(bio, "%02X", + exportedkeymat[i]); + BIO_printf(bio, "\n"); + } + OPENSSL_free(exportedkeymat); + } + } BIO_printf(bio,"---\n"); if (peer != NULL) X509_free(peer); |