Cipher family functions.
This change adds functions to check membership of various cipher
families. Clients and servers need this in order to optimise the size of
records because different families have different amounts of prefix and
postfix overhead.
diff --git a/ssl/ssl.h b/ssl/ssl.h
index bae6a35..d5b4c0e 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -2235,6 +2235,10 @@
int SSL_get_error(const SSL *s,int ret_code);
const char *SSL_get_version(const SSL *s);
+int SSL_CIPHER_is_AES(const SSL_CIPHER *c);
+int SSL_CIPHER_has_MD5_HMAC(const SSL_CIPHER *c);
+int SSL_CIPHER_is_AESGCM(const SSL_CIPHER *c);
+
/* This sets the 'default' SSL version that SSL_new() will create */
int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 03702cb..1dc6b5a 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1626,6 +1626,22 @@
return(buf);
}
+/* Next three functions require non-null cipher */
+int SSL_CIPHER_is_AES(const SSL_CIPHER *c)
+ {
+ return (c->algorithm_enc & SSL_AES) != 0;
+ }
+
+int SSL_CIPHER_has_MD5_HMAC(const SSL_CIPHER *c)
+ {
+ return (c->algorithm_mac & SSL_MD5) != 0;
+ }
+
+int SSL_CIPHER_is_AESGCM(const SSL_CIPHER *c)
+ {
+ return (c->algorithm_mac & (SSL_AES128GCM|SSL_AES256GCM)) != 0;
+ }
+
char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
{
int i;
