diff options
| -rw-r--r-- | doc/man3/SSL_CIPHER_get_name.pod | 14 | ||||
| -rw-r--r-- | include/openssl/ssl.h | 1 | ||||
| -rw-r--r-- | ssl/ssl_ciph.c | 5 | ||||
| -rw-r--r-- | util/libssl.num | 1 |
4 files changed, 15 insertions, 6 deletions
diff --git a/doc/man3/SSL_CIPHER_get_name.pod b/doc/man3/SSL_CIPHER_get_name.pod index 2f8dcae9f7..c82be8e4e2 100644 --- a/doc/man3/SSL_CIPHER_get_name.pod +++ b/doc/man3/SSL_CIPHER_get_name.pod @@ -15,7 +15,8 @@ SSL_CIPHER_get_kx_nid, SSL_CIPHER_get_auth_nid, SSL_CIPHER_is_aead, SSL_CIPHER_find, -SSL_CIPHER_get_id +SSL_CIPHER_get_id, +SSL_CIPHER_get_protocol_id - get SSL_CIPHER properties =head1 SYNOPSIS @@ -36,6 +37,7 @@ SSL_CIPHER_get_id int SSL_CIPHER_is_aead(const SSL_CIPHER *c); const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); + uint32_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c); =head1 DESCRIPTION @@ -98,11 +100,11 @@ two-byte TLS cipher ID (as allocated by IANA) in network byte order. This parame is usually retrieved from a TLS packet by using functions like L<SSL_early_get0_ciphers(3)>. SSL_CIPHER_find() returns NULL if an error occurs or the indicated cipher is not found. -SSL_CIPHER_get_id() returns the ID of the given cipher B<c>. The ID here is an -OpenSSL-specific concept, which stores a prefix of 0x0300 in the higher two bytes, -and the IANA-specified chipher suite ID in the lower two bytes. For instance, -TLS_RSA_WITH_NULL_MD5 has IANA ID "0x00, 0x01", but the SSL_CIPHER_get_id() -function will return an ID with value 0x03000001. +SSL_CIPHER_get_id() returns the OpenSSL-specific ID of the given cipher B<c>. That ID is +not the same as the IANA-specific ID. + +SSL_CIPHER_get_protocol_id() returns the two-byte ID used in the TLS protocol of the given +cipher B<c>. SSL_CIPHER_description() returns a textual description of the cipher used into the buffer B<buf> of length B<len> provided. If B<buf> is provided, it diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 218dbdf0e6..237c086bae 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1441,6 +1441,7 @@ __owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); __owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c); __owur const char *OPENSSL_cipher_name(const char *rfc_name); __owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); +__owur uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c); __owur int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c); __owur int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c); __owur const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c); diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index deacef7b70..cba9e14c26 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1764,6 +1764,11 @@ uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c) return c->id; } +uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c) +{ + return c->id & 0xFFFF; +} + SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) { SSL_COMP *ctmp; diff --git a/util/libssl.num b/util/libssl.num index 7d4c01e80f..d5774566e0 100644 --- a/util/libssl.num +++ b/util/libssl.num @@ -464,3 +464,4 @@ SSL_alloc_buffers 464 1_1_1 EXIST::FUNCTION: SSL_free_buffers 465 1_1_1 EXIST::FUNCTION: SSL_SESSION_dup 466 1_1_1 EXIST::FUNCTION: SSL_get_pending_cipher 467 1_1_1 EXIST::FUNCTION: +SSL_CIPHER_get_protocol_id 468 1_1_1 EXIST::FUNCTION: |