From 50966bfa119d129c4b2bc405b6ade1c6a21b84f2 Mon Sep 17 00:00:00 2001 From: Paul Yang Date: Wed, 23 Aug 2017 00:37:10 +0800 Subject: [PATCH] Introduce SSL_CIPHER_get_protocol_id The returned ID matches with what IANA specifies (or goes on the wire anyway, IANA notwithstanding). Doc is added. Reviewed-by: Matt Caswell Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/4107) --- doc/man3/SSL_CIPHER_get_name.pod | 14 ++++++++------ include/openssl/ssl.h | 1 + ssl/ssl_ciph.c | 5 +++++ util/libssl.num | 1 + 4 files changed, 15 insertions(+), 6 deletions(-) diff --git a/doc/man3/SSL_CIPHER_get_name.pod b/doc/man3/SSL_CIPHER_get_name.pod index 2f8dcae9f7..c82be8e4e2 100644 --- a/doc/man3/SSL_CIPHER_get_name.pod +++ b/doc/man3/SSL_CIPHER_get_name.pod @@ -15,7 +15,8 @@ SSL_CIPHER_get_kx_nid, SSL_CIPHER_get_auth_nid, SSL_CIPHER_is_aead, SSL_CIPHER_find, -SSL_CIPHER_get_id +SSL_CIPHER_get_id, +SSL_CIPHER_get_protocol_id - get SSL_CIPHER properties =head1 SYNOPSIS @@ -36,6 +37,7 @@ SSL_CIPHER_get_id int SSL_CIPHER_is_aead(const SSL_CIPHER *c); const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); + uint32_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c); =head1 DESCRIPTION @@ -98,11 +100,11 @@ two-byte TLS cipher ID (as allocated by IANA) in network byte order. This parame is usually retrieved from a TLS packet by using functions like L. SSL_CIPHER_find() returns NULL if an error occurs or the indicated cipher is not found. -SSL_CIPHER_get_id() returns the ID of the given cipher B. The ID here is an -OpenSSL-specific concept, which stores a prefix of 0x0300 in the higher two bytes, -and the IANA-specified chipher suite ID in the lower two bytes. For instance, -TLS_RSA_WITH_NULL_MD5 has IANA ID "0x00, 0x01", but the SSL_CIPHER_get_id() -function will return an ID with value 0x03000001. +SSL_CIPHER_get_id() returns the OpenSSL-specific ID of the given cipher B. That ID is +not the same as the IANA-specific ID. + +SSL_CIPHER_get_protocol_id() returns the two-byte ID used in the TLS protocol of the given +cipher B. SSL_CIPHER_description() returns a textual description of the cipher used into the buffer B of length B provided. If B is provided, it diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 218dbdf0e6..237c086bae 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1441,6 +1441,7 @@ __owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); __owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c); __owur const char *OPENSSL_cipher_name(const char *rfc_name); __owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); +__owur uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c); __owur int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c); __owur int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c); __owur const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c); diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index deacef7b70..cba9e14c26 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1764,6 +1764,11 @@ uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c) return c->id; } +uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c) +{ + return c->id & 0xFFFF; +} + SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) { SSL_COMP *ctmp; diff --git a/util/libssl.num b/util/libssl.num index 7d4c01e80f..d5774566e0 100644 --- a/util/libssl.num +++ b/util/libssl.num @@ -464,3 +464,4 @@ SSL_alloc_buffers 464 1_1_1 EXIST::FUNCTION: SSL_free_buffers 465 1_1_1 EXIST::FUNCTION: SSL_SESSION_dup 466 1_1_1 EXIST::FUNCTION: SSL_get_pending_cipher 467 1_1_1 EXIST::FUNCTION: +SSL_CIPHER_get_protocol_id 468 1_1_1 EXIST::FUNCTION: -- 2.25.1