Google Git
Sign in
boringssl/boringssl.git/2b23d24c385f5132db82782c851765aa14e396fa^!/./ssl/s3_clnt.c
commit
2b23d24c385f5132db82782c851765aa14e396fa
[log]
author
Sigbjorn Vik <sigbjorn@opera.com>
Mon Jun 29 15:07:26 2015 +0200
committer
Adam Langley <agl@google.com>
Tue Aug 18 22:09:27 2015 +0000
tree
ef5f7fa08adf572ae3bab46ed2340cb1e3cb3f7d
parent
894f48c6b3824f2dfa232089426dc821c72ef80e [diff] [blame]
Make key exchange strength available.

This change stores the size of the group/modulus (for RSA/DHE) or curve
ID (for ECDHE) in the |SSL_SESSION|. This makes it available for UIs
where desired.

Change-Id: I354141da432a08f71704c9683f298b361362483d
Reviewed-on: https://boringssl-review.googlesource.com/5280
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index ef24316..1ed1507 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c

@@ -1186,7 +1186,8 @@
       goto err;
     }
 
-    if (DH_num_bits(dh) < 1024) {
+    s->session->key_exchange_info = DH_num_bits(dh);
+    if (s->session->key_exchange_info < 1024) {
       OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_DH_P_LENGTH);
       goto err;
     }
@@ -1215,6 +1216,7 @@
     }
 
     ecdh = EC_KEY_new_by_curve_name(curve_nid);
+    s->session->key_exchange_info = curve_id;
     if (ecdh == NULL) {
       OPENSSL_PUT_ERROR(SSL, ERR_R_EC_LIB);
       goto err;
@@ -1696,6 +1698,7 @@
         goto err;
       }
 
+      s->session->key_exchange_info = EVP_PKEY_bits(pkey);
       rsa = pkey->pkey.rsa;
       EVP_PKEY_free(pkey);