gnutls_kx_algorithm_t kx;
const char *kx_str, *sign_str;
unsigned type;
- char kx_name[64];
+ char kx_name[64] = "";
char proto_name[32];
char _group_name[24];
const char *group_name = NULL;
unsigned sign_algo;
char *desc;
const struct gnutls_group_entry_st *group = get_group(session);
+ const version_entry_st *ver = get_version(session);
if (session->internals.initial_negotiation_completed == 0)
return NULL;
sign_algo = gnutls_sign_algorithm_get(session);
sign_str = gnutls_sign_get_name(sign_algo);
- kx_str = gnutls_kx_get_name(kx);
- if (kx_str) {
+ if (kx == 0 && ver->tls13_sem) { /* TLS 1.3 */
+ if (group && sign_str) {
+ if (group->curve)
+ snprintf(kx_name, sizeof(kx_name), "(ECDHE-%s)-(%s)",
+ group_name, sign_str);
+ else
+ snprintf(kx_name, sizeof(kx_name), "(DHE-%s)-(%s)",
+ group_name, sign_str);
+ }
+ } else {
+ kx_str = gnutls_kx_get_name(kx);
+ if (kx_str == NULL) {
+ gnutls_assert();
+ return NULL;
+ }
+
if (kx == GNUTLS_KX_ECDHE_ECDSA || kx == GNUTLS_KX_ECDHE_RSA ||
kx == GNUTLS_KX_ECDHE_PSK) {
if (sign_str)
snprintf(kx_name, sizeof(kx_name), "(%s)",
kx_str);
}
- } else {
- strcpy(kx_name, "(NULL)");
}
*
* Get currently used key exchange algorithm.
*
+ * This function will return %GNUTLS_KX_ECDHE_RSA, or %GNUTLS_KX_DHE_RSA
+ * under TLS 1.3, to indicate an elliptic curve DH key exchange or
+ * a finite field one. The precise group used is available
+ * by calling gnutls_group_get() instead.
+ *
* Returns: the key exchange algorithm used in the last handshake, a
* #gnutls_kx_algorithm_t value.
**/
{
if (session->security_parameters.cs == 0)
return 0;
+
+ if (session->security_parameters.cs->kx_algorithm == 0) { /* TLS 1.3 */
+ const version_entry_st *ver = get_version(session);
+ const gnutls_group_entry_st *group = get_group(session);
+
+ if (ver->tls13_sem && group) {
+ if (group->curve)
+ return GNUTLS_KX_ECDHE_RSA;
+ else
+ return GNUTLS_KX_DHE_RSA;
+ }
+ }
+
return session->security_parameters.cs->kx_algorithm;
}
projects / thirdparty / gnutls.git / commitdiff
