Commit 50966bfa authored by Paul Yang's avatar Paul Yang Committed by Benjamin Kaduk
Browse files

Introduce SSL_CIPHER_get_protocol_id 



The returned ID matches with what IANA specifies (or goes on the
wire anyway, IANA notwithstanding).

Doc is added.

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
Reviewed-by: default avatarBen Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4107)
parent 22d1a340

doc/man3/SSL_CIPHER_get_name.pod

+8 −6
Original line number Diff line number Diff line
@@ -15,7 +15,8 @@ SSL_CIPHER_get_kx_nid, 
SSL_CIPHER_get_auth_nid,

SSL_CIPHER_is_aead,

SSL_CIPHER_find,

SSL_CIPHER_get_id

SSL_CIPHER_get_id,

SSL_CIPHER_get_protocol_id

- get SSL_CIPHER properties



=head1 SYNOPSIS
@@ -36,6 +37,7 @@ SSL_CIPHER_get_id 
 int SSL_CIPHER_is_aead(const SSL_CIPHER *c);

 const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr);

 uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c);

 uint32_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c);



=head1 DESCRIPTION
@@ -98,11 +100,11 @@ two-byte TLS cipher ID (as allocated by IANA) in network byte order. This parame 
is usually retrieved from a TLS packet by using functions like L<SSL_early_get0_ciphers(3)>.

SSL_CIPHER_find() returns NULL if an error occurs or the indicated cipher is not found.



SSL_CIPHER_get_id() returns the ID of the given cipher B<c>. The ID here is an

OpenSSL-specific concept, which stores a prefix of 0x0300 in the higher two bytes,

and the IANA-specified chipher suite ID in the lower two bytes. For instance,

TLS_RSA_WITH_NULL_MD5 has IANA ID "0x00, 0x01", but the SSL_CIPHER_get_id()

function will return an ID with value 0x03000001.

SSL_CIPHER_get_id() returns the OpenSSL-specific ID of the given cipher B<c>. That ID is

not the same as the IANA-specific ID.



SSL_CIPHER_get_protocol_id() returns the two-byte ID used in the TLS protocol of the given

cipher B<c>.



SSL_CIPHER_description() returns a textual description of the cipher used

into the buffer B<buf> of length B<len> provided.  If B<buf> is provided, it

include/openssl/ssl.h

+1 −0
Original line number Diff line number Diff line
@@ -1441,6 +1441,7 @@ __owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); 
__owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c);

__owur const char *OPENSSL_cipher_name(const char *rfc_name);

__owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c);

__owur uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c);

__owur int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c);

__owur int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c);

__owur const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c);

ssl/ssl_ciph.c

+5 −0
Original line number Diff line number Diff line
@@ -1764,6 +1764,11 @@ uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c) 
    return c->id;

}



uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c)

{

    return c->id & 0xFFFF;

}



SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)

{

    SSL_COMP *ctmp;

util/libssl.num

+1 −0
Original line number Diff line number Diff line
@@ -464,3 +464,4 @@ SSL_alloc_buffers 464 1_1_1 EXIST::FUNCTION: 
SSL_free_buffers                        465	1_1_1	EXIST::FUNCTION:

SSL_SESSION_dup                         466	1_1_1	EXIST::FUNCTION:

SSL_get_pending_cipher                  467	1_1_1	EXIST::FUNCTION:

SSL_CIPHER_get_protocol_id              468	1_1_1	EXIST::FUNCTION: