Move SSL_CIPHER section just above cipher suite configuration.
Putting it at the top was probably a mistake? Even though SSL_CIPHER (like SSL_SESSION) doesn't depend on SSL, if you're reading through the header, SSL_CTX and SSL are the most important types. You could even use the library without touch cipher suite configs if you don't care since the default is decently reasonable, though it does include a lot of ciphers. (Hard to change that if we wanted to because DEFAULT is often used somewhat like ALL and then people subtract from it.) Change-Id: Ic9ddfc921858f7a4c141972fe0d1e465ca196b9d Reviewed-on: https://boringssl-review.googlesource.com/5963 Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin
Adam Langley
parent
32876b3dbb
commit
df6a3f8b95
@ -179,64 +179,6 @@ extern "C" {
|
||||
OPENSSL_EXPORT int SSL_library_init(void);
|
||||
|
||||
|
||||
/* Cipher suites.
|
||||
*
|
||||
* |SSL_CIPHER| objects represent cipher suites. */
|
||||
|
||||
DECLARE_STACK_OF(SSL_CIPHER)
|
||||
|
||||
/* SSL_get_cipher_by_value returns the structure representing a TLS cipher
|
||||
* suite based on its assigned number, or NULL if unknown. See
|
||||
* https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4. */
|
||||
OPENSSL_EXPORT const SSL_CIPHER *SSL_get_cipher_by_value(uint16_t value);
|
||||
|
||||
/* SSL_CIPHER_get_id returns |cipher|'s id. It may be cast to a |uint16_t| to
|
||||
* get the cipher suite value. */
|
||||
OPENSSL_EXPORT uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *cipher);
|
||||
|
||||
/* SSL_CIPHER_is_AES returns one if |cipher| uses AES (either GCM or CBC
|
||||
* mode). */
|
||||
OPENSSL_EXPORT int SSL_CIPHER_is_AES(const SSL_CIPHER *cipher);
|
||||
|
||||
/* SSL_CIPHER_has_MD5_HMAC returns one if |cipher| uses HMAC-MD5. */
|
||||
OPENSSL_EXPORT int SSL_CIPHER_has_MD5_HMAC(const SSL_CIPHER *cipher);
|
||||
|
||||
/* SSL_CIPHER_is_AESGCM returns one if |cipher| uses AES-GCM. */
|
||||
OPENSSL_EXPORT int SSL_CIPHER_is_AESGCM(const SSL_CIPHER *cipher);
|
||||
|
||||
/* SSL_CIPHER_is_CHACHA20POLY1305 returns one if |cipher| uses
|
||||
* CHACHA20_POLY1305. */
|
||||
OPENSSL_EXPORT int SSL_CIPHER_is_CHACHA20POLY1305(const SSL_CIPHER *cipher);
|
||||
|
||||
/* SSL_CIPHER_is_NULL returns one if |cipher| does not encrypt. */
|
||||
OPENSSL_EXPORT int SSL_CIPHER_is_NULL(const SSL_CIPHER *cipher);
|
||||
|
||||
/* SSL_CIPHER_is_RC4 returns one if |cipher| uses RC4. */
|
||||
OPENSSL_EXPORT int SSL_CIPHER_is_RC4(const SSL_CIPHER *cipher);
|
||||
|
||||
/* SSL_CIPHER_is_block_cipher returns one if |cipher| is a block cipher. */
|
||||
OPENSSL_EXPORT int SSL_CIPHER_is_block_cipher(const SSL_CIPHER *cipher);
|
||||
|
||||
/* SSL_CIPHER_get_name returns the OpenSSL name of |cipher|. */
|
||||
OPENSSL_EXPORT const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher);
|
||||
|
||||
/* SSL_CIPHER_get_kx_name returns a string that describes the key-exchange
|
||||
* method used by |cipher|. For example, "ECDHE_ECDSA". */
|
||||
OPENSSL_EXPORT const char *SSL_CIPHER_get_kx_name(const SSL_CIPHER *cipher);
|
||||
|
||||
/* SSL_CIPHER_get_rfc_name returns a newly-allocated string with the standard
|
||||
* name for |cipher| or NULL on error. For example,
|
||||
* "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256". The caller is responsible for
|
||||
* calling |OPENSSL_free| on the result. */
|
||||
OPENSSL_EXPORT char *SSL_CIPHER_get_rfc_name(const SSL_CIPHER *cipher);
|
||||
|
||||
/* SSL_CIPHER_get_bits returns the strength, in bits, of |cipher|. If
|
||||
* |out_alg_bits| is not NULL, it writes the number of bits consumed by the
|
||||
* symmetric algorithm to |*out_alg_bits|. */
|
||||
OPENSSL_EXPORT int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher,
|
||||
int *out_alg_bits);
|
||||
|
||||
|
||||
/* SSL contexts.
|
||||
*
|
||||
* |SSL_CTX| objects manage shared state and configuration between multiple TLS
|
||||
@ -913,6 +855,64 @@ OPENSSL_EXPORT void SSL_set_private_key_method(
|
||||
SSL *ssl, const SSL_PRIVATE_KEY_METHOD *key_method);
|
||||
|
||||
|
||||
/* Cipher suites.
|
||||
*
|
||||
* |SSL_CIPHER| objects represent cipher suites. */
|
||||
|
||||
DECLARE_STACK_OF(SSL_CIPHER)
|
||||
|
||||
/* SSL_get_cipher_by_value returns the structure representing a TLS cipher
|
||||
* suite based on its assigned number, or NULL if unknown. See
|
||||
* https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4. */
|
||||
OPENSSL_EXPORT const SSL_CIPHER *SSL_get_cipher_by_value(uint16_t value);
|
||||
|
||||
/* SSL_CIPHER_get_id returns |cipher|'s id. It may be cast to a |uint16_t| to
|
||||
* get the cipher suite value. */
|
||||
OPENSSL_EXPORT uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *cipher);
|
||||
|
||||
/* SSL_CIPHER_is_AES returns one if |cipher| uses AES (either GCM or CBC
|
||||
* mode). */
|
||||
OPENSSL_EXPORT int SSL_CIPHER_is_AES(const SSL_CIPHER *cipher);
|
||||
|
||||
/* SSL_CIPHER_has_MD5_HMAC returns one if |cipher| uses HMAC-MD5. */
|
||||
OPENSSL_EXPORT int SSL_CIPHER_has_MD5_HMAC(const SSL_CIPHER *cipher);
|
||||
|
||||
/* SSL_CIPHER_is_AESGCM returns one if |cipher| uses AES-GCM. */
|
||||
OPENSSL_EXPORT int SSL_CIPHER_is_AESGCM(const SSL_CIPHER *cipher);
|
||||
|
||||
/* SSL_CIPHER_is_CHACHA20POLY1305 returns one if |cipher| uses
|
||||
* CHACHA20_POLY1305. */
|
||||
OPENSSL_EXPORT int SSL_CIPHER_is_CHACHA20POLY1305(const SSL_CIPHER *cipher);
|
||||
|
||||
/* SSL_CIPHER_is_NULL returns one if |cipher| does not encrypt. */
|
||||
OPENSSL_EXPORT int SSL_CIPHER_is_NULL(const SSL_CIPHER *cipher);
|
||||
|
||||
/* SSL_CIPHER_is_RC4 returns one if |cipher| uses RC4. */
|
||||
OPENSSL_EXPORT int SSL_CIPHER_is_RC4(const SSL_CIPHER *cipher);
|
||||
|
||||
/* SSL_CIPHER_is_block_cipher returns one if |cipher| is a block cipher. */
|
||||
OPENSSL_EXPORT int SSL_CIPHER_is_block_cipher(const SSL_CIPHER *cipher);
|
||||
|
||||
/* SSL_CIPHER_get_name returns the OpenSSL name of |cipher|. */
|
||||
OPENSSL_EXPORT const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher);
|
||||
|
||||
/* SSL_CIPHER_get_kx_name returns a string that describes the key-exchange
|
||||
* method used by |cipher|. For example, "ECDHE_ECDSA". */
|
||||
OPENSSL_EXPORT const char *SSL_CIPHER_get_kx_name(const SSL_CIPHER *cipher);
|
||||
|
||||
/* SSL_CIPHER_get_rfc_name returns a newly-allocated string with the standard
|
||||
* name for |cipher| or NULL on error. For example,
|
||||
* "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256". The caller is responsible for
|
||||
* calling |OPENSSL_free| on the result. */
|
||||
OPENSSL_EXPORT char *SSL_CIPHER_get_rfc_name(const SSL_CIPHER *cipher);
|
||||
|
||||
/* SSL_CIPHER_get_bits returns the strength, in bits, of |cipher|. If
|
||||
* |out_alg_bits| is not NULL, it writes the number of bits consumed by the
|
||||
* symmetric algorithm to |*out_alg_bits|. */
|
||||
OPENSSL_EXPORT int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher,
|
||||
int *out_alg_bits);
|
||||
|
||||
|
||||
/* Cipher suite configuration.
|
||||
*
|
||||
* OpenSSL uses a mini-language to configure cipher suites. The language
|
||||
|
||||
Loading…
Reference in New Issue
Block a user