From a8b45803d3fb6170b4567bc459cc88846d7d09ee Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Fri, 30 Dec 2016 17:25:48 +0000
Subject: Display details of the server ephemeral key, based on OpenSSL.

ok doug@
---
 src/usr.bin/openssl/s_apps.h   |  3 ++-
 src/usr.bin/openssl/s_cb.c     | 39 ++++++++++++++++++++++++++++++++++++++-
 src/usr.bin/openssl/s_client.c |  5 ++++-
 3 files changed, 44 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/usr.bin/openssl/s_apps.h b/src/usr.bin/openssl/s_apps.h
index cd0a057845..ecadff5c01 100644
--- a/src/usr.bin/openssl/s_apps.h
+++ b/src/usr.bin/openssl/s_apps.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: s_apps.h,v 1.3 2015/09/10 06:36:45 bcook Exp $ */
+/* $OpenBSD: s_apps.h,v 1.4 2016/12/30 17:25:48 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -128,6 +128,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx);
 int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
 int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
 #endif
+int ssl_print_tmp_key(BIO *out, SSL *s);
 int init_client(int *sock, char *server, char *port, int type, int af);
 int should_retry(int i);
 int extract_port(char *str, short *port_ptr);
diff --git a/src/usr.bin/openssl/s_cb.c b/src/usr.bin/openssl/s_cb.c
index ac3a0076bd..d8ab83fb01 100644
--- a/src/usr.bin/openssl/s_cb.c
+++ b/src/usr.bin/openssl/s_cb.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s_cb.c,v 1.6 2015/09/10 19:08:46 jsing Exp $ */
+/* $OpenBSD: s_cb.c,v 1.7 2016/12/30 17:25:48 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -285,6 +285,43 @@ set_cert_key_stuff(SSL_CTX * ctx, X509 * cert, EVP_PKEY * key)
 	return 1;
 }
 
+int
+ssl_print_tmp_key(BIO *out, SSL *s)
+{
+	const char *cname;
+	EVP_PKEY *pkey;
+	EC_KEY *ec;
+	int nid;
+
+	if (!SSL_get_server_tmp_key(s, &pkey))
+		return 0;
+
+	BIO_puts(out, "Server Temp Key: ");
+	switch (EVP_PKEY_id(pkey)) {
+	case EVP_PKEY_DH:
+		BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(pkey));
+		break;
+
+	case EVP_PKEY_EC:
+		ec = EVP_PKEY_get1_EC_KEY(pkey);
+		nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+		EC_KEY_free(ec);
+
+		if ((cname = EC_curve_nid2nist(nid)) == NULL)
+			cname = OBJ_nid2sn(nid);
+
+		BIO_printf(out, "ECDH, %s, %d bits\n", cname, EVP_PKEY_bits(pkey));
+		break;
+
+	default:
+		BIO_printf(out, "%s, %d bits\n", OBJ_nid2sn(EVP_PKEY_id(pkey)),
+		    EVP_PKEY_bits(pkey));
+	}
+
+	EVP_PKEY_free(pkey);
+	return 1;
+}
+
 long
 bio_dump_callback(BIO * bio, int cmd, const char *argp,
     int argi, long argl, long ret)
diff --git a/src/usr.bin/openssl/s_client.c b/src/usr.bin/openssl/s_client.c
index b35fa8c3fc..78909873b8 100644
--- a/src/usr.bin/openssl/s_client.c
+++ b/src/usr.bin/openssl/s_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s_client.c,v 1.28 2016/06/21 03:56:43 bcook Exp $ */
+/* $OpenBSD: s_client.c,v 1.29 2016/12/30 17:25:48 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1365,6 +1365,9 @@ print_stuff(BIO * bio, SSL * s, int full)
 			}
 			BIO_write(bio, "\n", 1);
 		}
+
+		ssl_print_tmp_key(bio, s);
+
 		BIO_printf(bio, "---\nSSL handshake has read %ld bytes and written %ld bytes\n",
 		    BIO_number_read(SSL_get_rbio(s)),
 		    BIO_number_written(SSL_get_wbio(s)));
-- 
cgit v1.2.3-55-g6feb