Google Git
Sign in
boringssl/boringssl/f1df2b3fbffd55e6697e8c8ac21e1639bb479310^!/.
commit
f1df2b3fbffd55e6697e8c8ac21e1639bb479310
[log]
author
Adam Langley <agl@chromium.org>
Mon Aug 11 17:37:53 2014 -0700
committer
Adam Langley <agl@chromium.org>
Tue Aug 12 14:13:12 2014 -0700
tree
de8b78c4916bbbcc99e6430ebe6afead978b92b9
parent
8eaaa86da3691e7729adc7c19004344633ffc9d1 [diff]
Add SSL_CIPHER_get_kx_name.

This is needed by Android because it passes this string to a handshake
callback. It's implemented in Android's OpenSSL in this patch:
  https://android.googlesource.com/platform/external/openssl.git/+/master/patches/0003-jsse.patch

(Note that it's called |SSL_authentication_method| there.)

I didn't format this function in OpenSSL style because it's crazy and
because we'll probably clang-format ssl/ soon.

Change-Id: I865540511b50859c339da5d76ce37810449aa444

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index a1412ab..5a65fac 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -1950,6 +1950,9 @@
 OPENSSL_EXPORT int	SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits);
 OPENSSL_EXPORT const char *	SSL_CIPHER_get_version(const SSL_CIPHER *c);
 OPENSSL_EXPORT const char *	SSL_CIPHER_get_name(const SSL_CIPHER *c);
+/* SSL_CIPHER_get_kx_name returns a string that describes the key-exchange
+ * method used by |c|. For example, "ECDHE-ECDSA". */
+OPENSSL_EXPORT const char *	SSL_CIPHER_get_kx_name(const SSL_CIPHER *cipher);
 OPENSSL_EXPORT unsigned long 	SSL_CIPHER_get_id(const SSL_CIPHER *c);
 
 OPENSSL_EXPORT int	SSL_get_fd(const SSL *s);

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 5a86683..da29878 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c

@@ -1742,6 +1742,49 @@
 	return("(NONE)");
 	}
 
+const char *SSL_CIPHER_get_kx_name(const SSL_CIPHER *cipher) {
+  if (cipher == NULL) {
+    return "";
+  }
+
+  switch (cipher->algorithm_mkey) {
+    case SSL_kRSA:
+      return SSL_TXT_RSA;
+    case SSL_kDHr:
+      return SSL_TXT_DH "_" SSL_TXT_RSA;
+    case SSL_kDHd:
+      return SSL_TXT_DH "_" SSL_TXT_DSS;
+    case SSL_kEDH:
+      switch (cipher->algorithm_auth) {
+        case SSL_aDSS:
+          return "DHE_" SSL_TXT_DSS;
+        case SSL_aRSA:
+          return "DHE_" SSL_TXT_RSA;
+        case SSL_aNULL:
+          return SSL_TXT_DH "_anon";
+        default:
+          return "UNKNOWN";
+      }
+    case SSL_kECDHr:
+      return SSL_TXT_ECDH "_" SSL_TXT_RSA;
+    case SSL_kECDHe:
+      return SSL_TXT_ECDH "_" SSL_TXT_ECDSA;
+    case SSL_kEECDH:
+      switch (cipher->algorithm_auth) {
+        case SSL_aECDSA:
+          return "ECDHE_" SSL_TXT_ECDSA;
+        case SSL_aRSA:
+          return "ECDHE_" SSL_TXT_RSA;
+        case SSL_aNULL:
+          return SSL_TXT_ECDH "_anon";
+        default:
+          return "UNKNOWN";
+      }
+    default:
+      return "UNKNOWN";
+  }
+}
+
 /* number of bits for symmetric cipher */
 int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
 	{