Provide tls_conn_cipher_strength().

This returns the strength in bits of the symmetric cipher used for the connection. Diff from gilles@ ok tb@
author: jsing <> 2019-11-02 13:37:59 +0000
committer: jsing <> 2019-11-02 13:37:59 +0000
commit: 3c2988a5030b1e619c1c04fa6111186dc8223e48 (patch)
tree: 26dff2e2873d1fd641e2d14891cef32db1d1f78c /src/lib
parent: a25bde481efe993b20eb0b871199c1fd4a3a4935 (diff)
download: openbsd-3c2988a5030b1e619c1c04fa6111186dc8223e48.tar.gz
openbsd-3c2988a5030b1e619c1c04fa6111186dc8223e48.tar.bz2
openbsd-3c2988a5030b1e619c1c04fa6111186dc8223e48.zip
4 files changed, 15 insertions, 3 deletions
diff --git a/src/lib/libtls/Symbols.list b/src/lib/libtls/Symbols.list
index 4064be1b08..e3fcb67fb3 100644
--- a/src/lib/libtls/Symbols.list
+++ b/src/lib/libtls/Symbols.list
@@ -51,6 +51,7 @@ tls_config_verify_client_optional
 tls_configure
 tls_conn_alpn_selected
 tls_conn_cipher
+tls_conn_cipher_strength
 tls_conn_servername
 tls_conn_session_resumed
 tls_conn_version
diff --git a/src/lib/libtls/tls.h b/src/lib/libtls/tls.h
index 560809ee19..fee60c7cc8 100644
--- a/src/lib/libtls/tls.h
+++ b/src/lib/libtls/tls.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.h,v 1.55 2018/11/29 14:24:23 tedu Exp $ */
+/* $OpenBSD: tls.h,v 1.56 2019/11/02 13:37:59 jsing Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -190,6 +190,7 @@ const uint8_t *tls_peer_cert_chain_pem(struct tls *_ctx, size_t *_len);
 const char *tls_conn_alpn_selected(struct tls *_ctx);
 const char *tls_conn_cipher(struct tls *_ctx);
+int tls_conn_cipher_strength(struct tls *_ctx);
 const char *tls_conn_servername(struct tls *_ctx);
 int tls_conn_session_resumed(struct tls *_ctx);
 const char *tls_conn_version(struct tls *_ctx);
diff --git a/src/lib/libtls/tls_conninfo.c b/src/lib/libtls/tls_conninfo.c
index 8e479ed84c..d44dc842b6 100644
--- a/src/lib/libtls/tls_conninfo.c
+++ b/src/lib/libtls/tls_conninfo.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_conninfo.c,v 1.20 2018/02/10 04:48:44 jsing Exp $ */
+/* $OpenBSD: tls_conninfo.c,v 1.21 2019/11/02 13:37:59 jsing Exp $ */
 /*
 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
@@ -246,6 +246,7 @@ tls_conninfo_populate(struct tls *ctx)
                goto err;
        if ((ctx->conninfo->cipher = strdup(tmp)) == NULL)
                goto err;
+        ctx->conninfo->cipher_strength = SSL_get_cipher_bits(ctx->ssl_conn, NULL);
        if (ctx->servername != NULL) {
                if ((ctx->conninfo->servername =
@@ -312,6 +313,14 @@ tls_conn_cipher(struct tls *ctx)
        return (ctx->conninfo->cipher);
 }
+int
+tls_conn_cipher_strength(struct tls *ctx)
+{
+        if (ctx->conninfo == NULL)
+                return (0);
+        return (ctx->conninfo->cipher_strength);
+}
 const char *
 tls_conn_servername(struct tls *ctx)
 {
diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h
index 3842439d58..efccc9fdbe 100644
--- a/src/lib/libtls/tls_internal.h
+++ b/src/lib/libtls/tls_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_internal.h,v 1.74 2019/04/01 15:58:02 jsing Exp $ */
+/* $OpenBSD: tls_internal.h,v 1.75 2019/11/02 13:37:59 jsing Exp $ */
 /*
 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -112,6 +112,7 @@ struct tls_config {
 struct tls_conninfo {
        char *alpn;
        char *cipher;
+        int cipher_strength;
        char *servername;
        int session_resumed;
        char *version;
author	jsing <>	2019-11-02 13:37:59 +0000
committer	jsing <>	2019-11-02 13:37:59 +0000
commit	3c2988a5030b1e619c1c04fa6111186dc8223e48 (patch)
tree	26dff2e2873d1fd641e2d14891cef32db1d1f78c /src/lib
parent	a25bde481efe993b20eb0b871199c1fd4a3a4935 (diff)
download	openbsd-3c2988a5030b1e619c1c04fa6111186dc8223e48.tar.gz openbsd-3c2988a5030b1e619c1c04fa6111186dc8223e48.tar.bz2 openbsd-3c2988a5030b1e619c1c04fa6111186dc8223e48.zip