Display details of the server ephemeral key, based on OpenSSL.

ok doug@

3 files changed, 44 insertions, 3 deletions

diff --git a/src/usr.bin/openssl/s_apps.h b/src/usr.bin/openssl/s_apps.h
index cd0a057845..ecadff5c01 100644
--- a/src/usr.bin/openssl/s_apps.h
+++ b/src/usr.bin/openssl/s_apps.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: s_apps.h,v 1.3 2015/09/10 06:36:45 bcook Exp $ */
+/* $OpenBSD: s_apps.h,v 1.4 2016/12/30 17:25:48 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -128,6 +128,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx);
 int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
 int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
 #endif
+int ssl_print_tmp_key(BIO *out, SSL *s);
 int init_client(int *sock, char *server, char *port, int type, int af);
 int should_retry(int i);
 int extract_port(char *str, short *port_ptr);
diff --git a/src/usr.bin/openssl/s_cb.c b/src/usr.bin/openssl/s_cb.c
index ac3a0076bd..d8ab83fb01 100644
--- a/src/usr.bin/openssl/s_cb.c
+++ b/src/usr.bin/openssl/s_cb.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s_cb.c,v 1.6 2015/09/10 19:08:46 jsing Exp $ */
+/* $OpenBSD: s_cb.c,v 1.7 2016/12/30 17:25:48 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -285,6 +285,43 @@ set_cert_key_stuff(SSL_CTX * ctx, X509 * cert, EVP_PKEY * key)
         return 1;
 }
 
+int
+ssl_print_tmp_key(BIO *out, SSL *s)
+{
+        const char *cname;
+        EVP_PKEY *pkey;
+        EC_KEY *ec;
+        int nid;
+
+        if (!SSL_get_server_tmp_key(s, &pkey))
+                return 0;
+
+        BIO_puts(out, "Server Temp Key: ");
+        switch (EVP_PKEY_id(pkey)) {
+        case EVP_PKEY_DH:
+                BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(pkey));
+                break;
+
+        case EVP_PKEY_EC:
+                ec = EVP_PKEY_get1_EC_KEY(pkey);
+                nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+                EC_KEY_free(ec);
+
+                if ((cname = EC_curve_nid2nist(nid)) == NULL)
+                        cname = OBJ_nid2sn(nid);
+
+                BIO_printf(out, "ECDH, %s, %d bits\n", cname, EVP_PKEY_bits(pkey));
+                break;
+
+        default:
+                BIO_printf(out, "%s, %d bits\n", OBJ_nid2sn(EVP_PKEY_id(pkey)),
+                    EVP_PKEY_bits(pkey));
+        }
+
+        EVP_PKEY_free(pkey);
+        return 1;
+}
+
 long
 bio_dump_callback(BIO * bio, int cmd, const char *argp,
     int argi, long argl, long ret)
diff --git a/src/usr.bin/openssl/s_client.c b/src/usr.bin/openssl/s_client.c
index b35fa8c3fc..78909873b8 100644
--- a/src/usr.bin/openssl/s_client.c
+++ b/src/usr.bin/openssl/s_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s_client.c,v 1.28 2016/06/21 03:56:43 bcook Exp $ */
+/* $OpenBSD: s_client.c,v 1.29 2016/12/30 17:25:48 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1365,6 +1365,9 @@ print_stuff(BIO * bio, SSL * s, int full)
                         }
                         BIO_write(bio, "\n", 1);
                 }
+
+                ssl_print_tmp_key(bio, s);
+
                 BIO_printf(bio, "---\nSSL handshake has read %ld bytes and written %ld bytes\n",
                     BIO_number_read(SSL_get_rbio(s)),
                     BIO_number_written(SSL_get_wbio(s)));