Provide tls_conn_cipher_strength().

This returns the strength in bits of the symmetric cipher used for the
connection.

Diff from gilles@

ok tb@

1 files changed, 10 insertions, 1 deletions

diff --git a/src/lib/libtls/tls_conninfo.c b/src/lib/libtls/tls_conninfo.c
index 8e479ed84c..d44dc842b6 100644
--- a/src/lib/libtls/tls_conninfo.c
+++ b/src/lib/libtls/tls_conninfo.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_conninfo.c,v 1.20 2018/02/10 04:48:44 jsing Exp $ */
+/* $OpenBSD: tls_conninfo.c,v 1.21 2019/11/02 13:37:59 jsing Exp $ */
 /*
  * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
@@ -246,6 +246,7 @@ tls_conninfo_populate(struct tls *ctx)
                 goto err;
         if ((ctx->conninfo->cipher = strdup(tmp)) == NULL)
                 goto err;
+        ctx->conninfo->cipher_strength = SSL_get_cipher_bits(ctx->ssl_conn, NULL);
 
         if (ctx->servername != NULL) {
                 if ((ctx->conninfo->servername =
@@ -312,6 +313,14 @@ tls_conn_cipher(struct tls *ctx)
         return (ctx->conninfo->cipher);
 }
 
+int
+tls_conn_cipher_strength(struct tls *ctx)
+{
+        if (ctx->conninfo == NULL)
+                return (0);
+        return (ctx->conninfo->cipher_strength);
+}
+
 const char *
 tls_conn_servername(struct tls *ctx)
 {