diff options
| author | Todd Short <tshort@akamai.com> | 2016-03-05 09:47:46 -0500 |
|---|---|---|
| committer | Rich Salz <rsalz@openssl.org> | 2016-03-08 09:19:15 -0500 |
| commit | 3ec13237f00d3b06a2fd1d228da16390803eb238 (patch) | |
| tree | ac84a525f00d975969651c149f9212bc5530ad02 /ssl | |
| parent | 7b8e12d24eea68017ce96b0faf79d12f3c3ba9f1 (diff) | |
Add cipher query functions
Add functions to determine authentication, key-exchange, FIPS and AEAD.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/ssl_ciph.c | 52 |
1 files changed, 48 insertions, 4 deletions
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index acf5c00dad..5059e93748 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -240,6 +240,29 @@ static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; +static const ssl_cipher_table ssl_cipher_table_kx[] = { + { SSL_kRSA, NID_kx_rsa }, + { SSL_kECDHE, NID_kx_ecdhe }, + { SSL_kDHE, NID_kx_dhe }, + { SSL_kECDHEPSK, NID_kx_ecdhe_psk }, + { SSL_kDHEPSK, NID_kx_dhe_psk }, + { SSL_kRSAPSK, NID_kx_rsa_psk }, + { SSL_kPSK, NID_kx_psk }, + { SSL_kSRP, NID_kx_srp }, + { SSL_kGOST, NID_kx_gost } +}; + +static const ssl_cipher_table ssl_cipher_table_auth[] = { + { SSL_aRSA, NID_auth_rsa }, + { SSL_aECDSA, NID_auth_ecdsa }, + { SSL_aPSK, NID_auth_psk }, + { SSL_aDSS, NID_auth_dss }, + { SSL_aGOST01, NID_auth_gost01 }, + { SSL_aGOST12, NID_auth_gost12 }, + { SSL_aSRP, NID_auth_srp }, + { SSL_aNULL, NID_auth_null } +}; + /* Utility function for table lookup */ static int ssl_cipher_info_find(const ssl_cipher_table * table, size_t table_cnt, uint32_t mask) @@ -2005,10 +2028,10 @@ int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c) { int i; if (c == NULL) - return -1; + return NID_undef; i = ssl_cipher_info_lookup(ssl_cipher_table_cipher, c->algorithm_enc); if (i == -1) - return -1; + return NID_undef; return ssl_cipher_table_cipher[i].nid; } @@ -2016,9 +2039,30 @@ int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c) { int i; if (c == NULL) - return -1; + return NID_undef; i = ssl_cipher_info_lookup(ssl_cipher_table_mac, c->algorithm_mac); if (i == -1) - return -1; + return NID_undef; return ssl_cipher_table_mac[i].nid; } + +int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c) +{ + int i = ssl_cipher_info_lookup(ssl_cipher_table_kx, c->algorithm_mkey); + if (i == -1) + return NID_undef; + return ssl_cipher_table_kx[i].nid; +} + +int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c) +{ + int i = ssl_cipher_info_lookup(ssl_cipher_table_kx, c->algorithm_auth); + if (i == -1) + return NID_undef; + return ssl_cipher_table_kx[i].nid; +} + +int SSL_CIPHER_is_aead(const SSL_CIPHER *c) +{ + return (c->algorithm_mac & SSL_AEAD) ? 1 : 0; +} |