3 files changed, 44 insertions, 3 deletions
diff --git a/src/usr.bin/openssl/s_apps.h b/src/usr.bin/openssl/s_apps.h
index cd0a057845..ecadff5c01 100644
--- a/src/usr.bin/openssl/s_apps.h
+++ b/src/usr.bin/openssl/s_apps.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: s_apps.h,v 1.3 2015/09/10 06:36:45 bcook Exp $ */
+/* $OpenBSD: s_apps.h,v 1.4 2016/12/30 17:25:48 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -128,6 +128,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx);
 int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
 int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
 #endif
+int ssl_print_tmp_key(BIO *out, SSL *s);
 int init_client(int *sock, char *server, char *port, int type, int af);
 int should_retry(int i);
 int extract_port(char *str, short *port_ptr);
diff --git a/src/usr.bin/openssl/s_cb.c b/src/usr.bin/openssl/s_cb.c
index ac3a0076bd..d8ab83fb01 100644
--- a/src/usr.bin/openssl/s_cb.c
+++ b/src/usr.bin/openssl/s_cb.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s_cb.c,v 1.6 2015/09/10 19:08:46 jsing Exp $ */
+/* $OpenBSD: s_cb.c,v 1.7 2016/12/30 17:25:48 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -285,6 +285,43 @@ set_cert_key_stuff(SSL_CTX * ctx, X509 * cert, EVP_PKEY * key)
        return 1;
 }
+int
+ssl_print_tmp_key(BIO *out, SSL *s)
+{
+        const char *cname;
+        EVP_PKEY *pkey;
+        EC_KEY *ec;
+        int nid;
+        if (!SSL_get_server_tmp_key(s, &pkey))
+                return 0;
+        BIO_puts(out, "Server Temp Key: ");
+        switch (EVP_PKEY_id(pkey)) {
+        case EVP_PKEY_DH:
+                BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(pkey));
+                break;
+        case EVP_PKEY_EC:
+                ec = EVP_PKEY_get1_EC_KEY(pkey);
+                nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+                EC_KEY_free(ec);
+                if ((cname = EC_curve_nid2nist(nid)) == NULL)
+                        cname = OBJ_nid2sn(nid);
+                BIO_printf(out, "ECDH, %s, %d bits\n", cname, EVP_PKEY_bits(pkey));
+                break;
+        default:
+                BIO_printf(out, "%s, %d bits\n", OBJ_nid2sn(EVP_PKEY_id(pkey)),
+                    EVP_PKEY_bits(pkey));
+        }
+        EVP_PKEY_free(pkey);
+        return 1;
+}
 long
 bio_dump_callback(BIO * bio, int cmd, const char *argp,
    int argi, long argl, long ret)
diff --git a/src/usr.bin/openssl/s_client.c b/src/usr.bin/openssl/s_client.c
index b35fa8c3fc..78909873b8 100644
--- a/src/usr.bin/openssl/s_client.c
+++ b/src/usr.bin/openssl/s_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s_client.c,v 1.28 2016/06/21 03:56:43 bcook Exp $ */
+/* $OpenBSD: s_client.c,v 1.29 2016/12/30 17:25:48 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1365,6 +1365,9 @@ print_stuff(BIO * bio, SSL * s, int full)
                        }
                        BIO_write(bio, "\n", 1);
                }
+                ssl_print_tmp_key(bio, s);
                BIO_printf(bio, "---\nSSL handshake has read %ld bytes and written %ld bytes\n",
                    BIO_number_read(SSL_get_rbio(s)),
                    BIO_number_written(SSL_get_wbio(s)));

diff --git a/src/usr.bin/openssl/s_apps.h b/src/usr.bin/openssl/s_apps.h index cd0a057845..ecadff5c01 100644 --- a/src/usr.bin/openssl/s_apps.h +++ b/src/usr.bin/openssl/s_apps.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s_apps.h,v 1.3 2015/09/10 06:36:45 bcook Exp $ */	1	/* $OpenBSD: s_apps.h,v 1.4 2016/12/30 17:25:48 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -128,6 +128,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx);
128	int set_cert_stuff(SSL_CTX ctx, char cert_file, char *key_file);	128	int set_cert_stuff(SSL_CTX ctx, char cert_file, char *key_file);
129	int set_cert_key_stuff(SSL_CTX ctx, X509 cert, EVP_PKEY *key);	129	int set_cert_key_stuff(SSL_CTX ctx, X509 cert, EVP_PKEY *key);
130	#endif	130	#endif
		131	int ssl_print_tmp_key(BIO out, SSL s);
131	int init_client(int sock, char server, char *port, int type, int af);	132	int init_client(int sock, char server, char *port, int type, int af);
132	int should_retry(int i);	133	int should_retry(int i);
133	int extract_port(char str, short port_ptr);	134	int extract_port(char str, short port_ptr);


diff --git a/src/usr.bin/openssl/s_cb.c b/src/usr.bin/openssl/s_cb.c index ac3a0076bd..d8ab83fb01 100644 --- a/src/usr.bin/openssl/s_cb.c +++ b/src/usr.bin/openssl/s_cb.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s_cb.c,v 1.6 2015/09/10 19:08:46 jsing Exp $ */	1	/* $OpenBSD: s_cb.c,v 1.7 2016/12/30 17:25:48 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -285,6 +285,43 @@ set_cert_key_stuff(SSL_CTX * ctx, X509 * cert, EVP_PKEY * key)
285	return 1;	285	return 1;
286	}	286	}
287		287
		288	int
		289	ssl_print_tmp_key(BIO out, SSL s)
		290	{
		291	const char *cname;
		292	EVP_PKEY *pkey;
		293	EC_KEY *ec;
		294	int nid;
		295
		296	if (!SSL_get_server_tmp_key(s, &pkey))
		297	return 0;
		298
		299	BIO_puts(out, "Server Temp Key: ");
		300	switch (EVP_PKEY_id(pkey)) {
		301	case EVP_PKEY_DH:
		302	BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(pkey));
		303	break;
		304
		305	case EVP_PKEY_EC:
		306	ec = EVP_PKEY_get1_EC_KEY(pkey);
		307	nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
		308	EC_KEY_free(ec);
		309
		310	if ((cname = EC_curve_nid2nist(nid)) == NULL)
		311	cname = OBJ_nid2sn(nid);
		312
		313	BIO_printf(out, "ECDH, %s, %d bits\n", cname, EVP_PKEY_bits(pkey));
		314	break;
		315
		316	default:
		317	BIO_printf(out, "%s, %d bits\n", OBJ_nid2sn(EVP_PKEY_id(pkey)),
		318	EVP_PKEY_bits(pkey));
		319	}
		320
		321	EVP_PKEY_free(pkey);
		322	return 1;
		323	}
		324
288	long	325	long
289	bio_dump_callback(BIO * bio, int cmd, const char *argp,	326	bio_dump_callback(BIO * bio, int cmd, const char *argp,
290	int argi, long argl, long ret)	327	int argi, long argl, long ret)


diff --git a/src/usr.bin/openssl/s_client.c b/src/usr.bin/openssl/s_client.c index b35fa8c3fc..78909873b8 100644 --- a/src/usr.bin/openssl/s_client.c +++ b/src/usr.bin/openssl/s_client.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s_client.c,v 1.28 2016/06/21 03:56:43 bcook Exp $ */	1	/* $OpenBSD: s_client.c,v 1.29 2016/12/30 17:25:48 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1365,6 +1365,9 @@ print_stuff(BIO * bio, SSL * s, int full)
1365	}	1365	}
1366	BIO_write(bio, "\n", 1);	1366	BIO_write(bio, "\n", 1);
1367	}	1367	}
		1368
		1369	ssl_print_tmp_key(bio, s);
		1370
1368	BIO_printf(bio, "---\nSSL handshake has read %ld bytes and written %ld bytes\n",	1371	BIO_printf(bio, "---\nSSL handshake has read %ld bytes and written %ld bytes\n",
1369	BIO_number_read(SSL_get_rbio(s)),	1372	BIO_number_read(SSL_get_rbio(s)),
1370	BIO_number_written(SSL_get_wbio(s)));	1373	BIO_number_written(SSL_get_wbio(s)));