diff options
author | jsing <jsing@openbsd.org> | 2019-11-02 13:37:59 +0000 |
---|---|---|
committer | jsing <jsing@openbsd.org> | 2019-11-02 13:37:59 +0000 |
commit | bbf181b7fbdc573a340c829bb7c0f02c72ac9b13 (patch) | |
tree | 409240887b402531fcc12e42fab67114c33b4701 /lib/libtls | |
parent | Add a few more PCIe capability registers and bits. As usual, the names (diff) | |
download | wireguard-openbsd-bbf181b7fbdc573a340c829bb7c0f02c72ac9b13.tar.xz wireguard-openbsd-bbf181b7fbdc573a340c829bb7c0f02c72ac9b13.zip |
Provide tls_conn_cipher_strength().
This returns the strength in bits of the symmetric cipher used for the
connection.
Diff from gilles@
ok tb@
Diffstat (limited to 'lib/libtls')
-rw-r--r-- | lib/libtls/Symbols.list | 1 | ||||
-rw-r--r-- | lib/libtls/tls.h | 3 | ||||
-rw-r--r-- | lib/libtls/tls_conninfo.c | 11 | ||||
-rw-r--r-- | lib/libtls/tls_internal.h | 3 |
4 files changed, 15 insertions, 3 deletions
diff --git a/lib/libtls/Symbols.list b/lib/libtls/Symbols.list index 4064be1b087..e3fcb67fb3f 100644 --- a/lib/libtls/Symbols.list +++ b/lib/libtls/Symbols.list @@ -51,6 +51,7 @@ tls_config_verify_client_optional tls_configure tls_conn_alpn_selected tls_conn_cipher +tls_conn_cipher_strength tls_conn_servername tls_conn_session_resumed tls_conn_version diff --git a/lib/libtls/tls.h b/lib/libtls/tls.h index 560809ee190..fee60c7cc82 100644 --- a/lib/libtls/tls.h +++ b/lib/libtls/tls.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls.h,v 1.55 2018/11/29 14:24:23 tedu Exp $ */ +/* $OpenBSD: tls.h,v 1.56 2019/11/02 13:37:59 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * @@ -190,6 +190,7 @@ const uint8_t *tls_peer_cert_chain_pem(struct tls *_ctx, size_t *_len); const char *tls_conn_alpn_selected(struct tls *_ctx); const char *tls_conn_cipher(struct tls *_ctx); +int tls_conn_cipher_strength(struct tls *_ctx); const char *tls_conn_servername(struct tls *_ctx); int tls_conn_session_resumed(struct tls *_ctx); const char *tls_conn_version(struct tls *_ctx); diff --git a/lib/libtls/tls_conninfo.c b/lib/libtls/tls_conninfo.c index 8e479ed84c1..d44dc842b6e 100644 --- a/lib/libtls/tls_conninfo.c +++ b/lib/libtls/tls_conninfo.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_conninfo.c,v 1.20 2018/02/10 04:48:44 jsing Exp $ */ +/* $OpenBSD: tls_conninfo.c,v 1.21 2019/11/02 13:37:59 jsing Exp $ */ /* * Copyright (c) 2015 Joel Sing <jsing@openbsd.org> * Copyright (c) 2015 Bob Beck <beck@openbsd.org> @@ -246,6 +246,7 @@ tls_conninfo_populate(struct tls *ctx) goto err; if ((ctx->conninfo->cipher = strdup(tmp)) == NULL) goto err; + ctx->conninfo->cipher_strength = SSL_get_cipher_bits(ctx->ssl_conn, NULL); if (ctx->servername != NULL) { if ((ctx->conninfo->servername = @@ -312,6 +313,14 @@ tls_conn_cipher(struct tls *ctx) return (ctx->conninfo->cipher); } +int +tls_conn_cipher_strength(struct tls *ctx) +{ + if (ctx->conninfo == NULL) + return (0); + return (ctx->conninfo->cipher_strength); +} + const char * tls_conn_servername(struct tls *ctx) { diff --git a/lib/libtls/tls_internal.h b/lib/libtls/tls_internal.h index 3842439d586..efccc9fdbe4 100644 --- a/lib/libtls/tls_internal.h +++ b/lib/libtls/tls_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_internal.h,v 1.74 2019/04/01 15:58:02 jsing Exp $ */ +/* $OpenBSD: tls_internal.h,v 1.75 2019/11/02 13:37:59 jsing Exp $ */ /* * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> @@ -112,6 +112,7 @@ struct tls_config { struct tls_conninfo { char *alpn; char *cipher; + int cipher_strength; char *servername; int session_resumed; char *version; |