Provide a SSL_CIPHER_get_by_value() function that allows a cipher to be

retrieved via its cipher suite value. A corresponding SSL_CIPHER_by_value()
function returns the cipher suite value for a given SSL_CIPHER. These
functions should mean that software does not need to resort to
put_cipher_by_char()/get_cipher_by_char() in order to locate a cipher.

Begrudgingly also provide a SSL_CIPHER_get_by_id() function that locates a
cipher via the internal cipher identifier. Unfortunately these have already
been leaked outside the library via SSL_CIPHER_by_id() and the various
SSL3_CK_* and TLS1_CK_* defines in the ssl3.h/tls1.h headers.

ok beck@ miod@

1 files changed, 4 insertions, 1 deletions

diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 571786dcf6..75103426f3 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.80 2015/02/06 08:30:23 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.81 2015/02/07 04:17:11 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1545,10 +1545,13 @@ int	SSL_clear(SSL *s);
 void    SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
 
 const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
+const SSL_CIPHER *SSL_CIPHER_get_by_id(unsigned int id);
+const SSL_CIPHER *SSL_CIPHER_get_by_value(uint16_t value);
 int     SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
 char *  SSL_CIPHER_get_version(const SSL_CIPHER *c);
 const char *    SSL_CIPHER_get_name(const SSL_CIPHER *c);
 unsigned long   SSL_CIPHER_get_id(const SSL_CIPHER *c);
+uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *c);
 
 int     SSL_get_fd(const SSL *s);
 int     SSL_get_rfd(const SSL *s);