[openssl-commits] [openssl] master update

kaduk at mit.edu kaduk at mit.edu
Wed Aug 30 19:22:15 UTC 2017 

The branch master has been updated
       via  50966bfa119d129c4b2bc405b6ade1c6a21b84f2 (commit)
       via  22d1a340b644d5d833157de1c0c2d1f0d7690529 (commit)
      from  e44d37618018eb5dc8ba2d776b215abdaca6090a (commit)


- Log -----------------------------------------------------------------
commit 50966bfa119d129c4b2bc405b6ade1c6a21b84f2
Author: Paul Yang <yang.yang at baishancloud.com>
Date:   Wed Aug 23 00:37:10 2017 +0800

    Introduce SSL_CIPHER_get_protocol_id
    
    The returned ID matches with what IANA specifies (or goes on the
    wire anyway, IANA notwithstanding).
    
    Doc is added.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/4107)

commit 22d1a340b644d5d833157de1c0c2d1f0d7690529
Author: Paul Yang <yang.yang at baishancloud.com>
Date:   Mon Aug 7 22:05:46 2017 +0800

    Add two missing SSL_CIPHER_* functions
    
    This is yet another 'code health' commit to respond to this round of code health
    Tuesday
    
    [skip ci]
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/4107)

-----------------------------------------------------------------------

Summary of changes:
 doc/man3/SSL_CIPHER_get_name.pod | 20 +++++++++++++++++++-
 include/openssl/ssl.h            |  1 +
 ssl/ssl_ciph.c                   |  5 +++++
 util/libssl.num                  |  1 +
 4 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/doc/man3/SSL_CIPHER_get_name.pod b/doc/man3/SSL_CIPHER_get_name.pod
index 89f53d6..c82be8e 100644
--- a/doc/man3/SSL_CIPHER_get_name.pod
+++ b/doc/man3/SSL_CIPHER_get_name.pod
@@ -13,7 +13,10 @@ SSL_CIPHER_get_digest_nid,
 SSL_CIPHER_get_handshake_digest,
 SSL_CIPHER_get_kx_nid,
 SSL_CIPHER_get_auth_nid,
-SSL_CIPHER_is_aead
+SSL_CIPHER_is_aead,
+SSL_CIPHER_find,
+SSL_CIPHER_get_id,
+SSL_CIPHER_get_protocol_id
 - get SSL_CIPHER properties
 
 =head1 SYNOPSIS
@@ -32,6 +35,9 @@ SSL_CIPHER_is_aead
  int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c);
  int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c);
  int SSL_CIPHER_is_aead(const SSL_CIPHER *c);
+ const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr);
+ uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c);
+ uint32_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c);
 
 =head1 DESCRIPTION
 
@@ -88,6 +94,18 @@ TLS 1.3 cipher suites) B<NID_auth_any> is returned. Examples (not comprehensive)
 SSL_CIPHER_is_aead() returns 1 if the cipher B<c> is AEAD (e.g. GCM or
 ChaCha20/Poly1305), and 0 if it is not AEAD.
 
+SSL_CIPHER_find() returns a B<SSL_CIPHER> structure which has the cipher ID stored
+in B<ptr>. The B<ptr> parameter is a two element array of B<char>, which stores the
+two-byte TLS cipher ID (as allocated by IANA) in network byte order. This parameter
+is usually retrieved from a TLS packet by using functions like L<SSL_early_get0_ciphers(3)>.
+SSL_CIPHER_find() returns NULL if an error occurs or the indicated cipher is not found.
+
+SSL_CIPHER_get_id() returns the OpenSSL-specific ID of the given cipher B<c>. That ID is
+not the same as the IANA-specific ID.
+
+SSL_CIPHER_get_protocol_id() returns the two-byte ID used in the TLS protocol of the given
+cipher B<c>.
+
 SSL_CIPHER_description() returns a textual description of the cipher used
 into the buffer B<buf> of length B<len> provided.  If B<buf> is provided, it
 must be at least 128 bytes, otherwise a buffer will be allocated using
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 218dbdf..237c086 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1441,6 +1441,7 @@ __owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c);
 __owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c);
 __owur const char *OPENSSL_cipher_name(const char *rfc_name);
 __owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c);
+__owur uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c);
 __owur int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c);
 __owur int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c);
 __owur const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c);
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index deacef7..cba9e14 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1764,6 +1764,11 @@ uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c)
     return c->id;
 }
 
+uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c)
+{
+    return c->id & 0xFFFF;
+}
+
 SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
 {
     SSL_COMP *ctmp;
diff --git a/util/libssl.num b/util/libssl.num
index 7d4c01e..d577456 100644
--- a/util/libssl.num
+++ b/util/libssl.num
@@ -464,3 +464,4 @@ SSL_alloc_buffers                       464	1_1_1	EXIST::FUNCTION:
 SSL_free_buffers                        465	1_1_1	EXIST::FUNCTION:
 SSL_SESSION_dup                         466	1_1_1	EXIST::FUNCTION:
 SSL_get_pending_cipher                  467	1_1_1	EXIST::FUNCTION:
+SSL_CIPHER_get_protocol_id              468	1_1_1	EXIST::FUNCTION:

More information about the openssl-commits mailing list