From 4d4bff89bb8ec345d289412f0f7f135c6e51b1a6 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Fri, 20 Jun 2014 12:00:00 -0700 Subject: [PATCH] Cipher family functions. This change adds functions to check membership of various cipher families. Clients and servers need this in order to optimise the size of records because different families have different amounts of prefix and postfix overhead. --- ssl/ssl.h | 4 ++++ ssl/ssl_ciph.c | 16 ++++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/ssl/ssl.h b/ssl/ssl.h index bae6a353..d5b4c0e6 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -2235,6 +2235,10 @@ long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); int SSL_get_error(const SSL *s,int ret_code); const char *SSL_get_version(const SSL *s); +int SSL_CIPHER_is_AES(const SSL_CIPHER *c); +int SSL_CIPHER_has_MD5_HMAC(const SSL_CIPHER *c); +int SSL_CIPHER_is_AESGCM(const SSL_CIPHER *c); + /* This sets the 'default' SSL version that SSL_new() will create */ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 03702cbd..1dc6b5ae 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1626,6 +1626,22 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) return(buf); } +/* Next three functions require non-null cipher */ +int SSL_CIPHER_is_AES(const SSL_CIPHER *c) + { + return (c->algorithm_enc & SSL_AES) != 0; + } + +int SSL_CIPHER_has_MD5_HMAC(const SSL_CIPHER *c) + { + return (c->algorithm_mac & SSL_MD5) != 0; + } + +int SSL_CIPHER_is_AESGCM(const SSL_CIPHER *c) + { + return (c->algorithm_mac & (SSL_AES128GCM|SSL_AES256GCM)) != 0; + } + char *SSL_CIPHER_get_version(const SSL_CIPHER *c) { int i;