From e1a22b8c62b92cd313093f7abfeac785adc963e5 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sat, 17 Mar 2018 14:40:45 +0000
Subject: Provide SSL_CIPHER_get_auth_nid(), SSL_CIPHER_get_cipher_nid(),
 SSL_CIPHER_get_digest_nid(), SSL_CIPHER_get_kx_nid() and
 SSL_CIPHER_is_aead().

---
 src/lib/libssl/Symbols.list |   5 +++
 src/lib/libssl/ssl.h        |   7 +++-
 src/lib/libssl/ssl_ciph.c   | 100 +++++++++++++++++++++++++++++++++++++++++++-
 3 files changed, 110 insertions(+), 2 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/Symbols.list b/src/lib/libssl/Symbols.list
index 4947bce162..cf5ff1453d 100644
--- a/src/lib/libssl/Symbols.list
+++ b/src/lib/libssl/Symbols.list
@@ -39,13 +39,18 @@ ERR_load_SSL_strings
 
 /* general API */
 SSL_CIPHER_description
+SSL_CIPHER_get_auth_nid
 SSL_CIPHER_get_bits
 SSL_CIPHER_get_by_id
 SSL_CIPHER_get_by_value
+SSL_CIPHER_get_cipher_nid
+SSL_CIPHER_get_digest_nid
 SSL_CIPHER_get_id
+SSL_CIPHER_get_kx_nid
 SSL_CIPHER_get_name
 SSL_CIPHER_get_value
 SSL_CIPHER_get_version
+SSL_CIPHER_is_aead
 SSL_COMP_add_compression_method
 SSL_COMP_get_compression_methods
 SSL_COMP_get_name
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 3a5e2f5f03..206049887d 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.148 2018/03/17 14:26:13 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.149 2018/03/17 14:40:45 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1255,6 +1255,11 @@ char *	SSL_CIPHER_get_version(const SSL_CIPHER *c);
 const char *	SSL_CIPHER_get_name(const SSL_CIPHER *c);
 unsigned long 	SSL_CIPHER_get_id(const SSL_CIPHER *c);
 uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *c);
+int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c);
+int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c);
+int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c);
+int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c);
+int SSL_CIPHER_is_aead(const SSL_CIPHER *c);
 
 int	SSL_get_fd(const SSL *s);
 int	SSL_get_rfd(const SSL *s);
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index f30ffeaf2c..271d77f38b 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.97 2017/08/28 16:37:04 jsing Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.98 2018/03/17 14:40:45 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1720,6 +1720,104 @@ SSL_CIPHER_get_value(const SSL_CIPHER *c)
 	return ssl3_cipher_get_value(c);
 }
 
+int
+SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c)
+{
+	switch (c->algorithm_enc) {
+	case SSL_eNULL:
+		return NID_undef;
+	case SSL_3DES:
+		return NID_des_ede3_cbc;
+	case SSL_AES128:
+		return NID_aes_128_cbc;
+	case SSL_AES128GCM:
+		return NID_aes_128_gcm;
+	case SSL_AES256:
+		return NID_aes_256_cbc;
+	case SSL_AES256GCM:
+		return NID_aes_256_gcm;
+	case SSL_CAMELLIA128:
+		return NID_camellia_128_cbc;
+	case SSL_CAMELLIA256:
+		return NID_camellia_256_cbc;
+	case SSL_CHACHA20POLY1305:
+		return NID_chacha20_poly1305;
+	case SSL_DES:
+		return NID_des_cbc;
+	case SSL_RC4:
+		return NID_rc4;
+	case SSL_eGOST2814789CNT:
+		return NID_gost89_cnt;
+	default:
+		return NID_undef;
+	}
+}
+
+int
+SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c)
+{
+	switch (c->algorithm_mac) {
+	case SSL_AEAD:
+		return NID_undef;
+	case SSL_GOST89MAC:
+		return NID_id_Gost28147_89_MAC;
+	case SSL_GOST94:
+		return NID_id_GostR3411_94;
+	case SSL_MD5:
+		return NID_md5;
+	case SSL_SHA1:
+		return NID_sha1;
+	case SSL_SHA256:
+		return NID_sha256;
+	case SSL_SHA384:
+		return NID_sha384;
+	case SSL_STREEBOG256:
+		return NID_id_tc26_gost3411_2012_256;
+	default:
+		return NID_undef;
+	}
+}
+
+int
+SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c)
+{
+	switch (c->algorithm_mkey) {
+	case SSL_kDHE:
+		return NID_kx_dhe;
+	case SSL_kECDHE:
+		return NID_kx_ecdhe;
+	case SSL_kGOST:
+		return NID_kx_gost;
+	case SSL_kRSA:
+		return NID_kx_rsa;
+	default:
+		return NID_undef;
+	}
+}
+
+int
+SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c)
+{
+	switch (c->algorithm_auth) {
+	case SSL_aNULL:
+		return NID_auth_null;
+	case SSL_aECDSA:
+		return NID_auth_ecdsa;
+	case SSL_aGOST01:
+		return NID_auth_gost01;
+	case SSL_aRSA:
+		return NID_auth_rsa;
+	default:
+		return NID_undef;
+	}
+}
+
+int
+SSL_CIPHER_is_aead(const SSL_CIPHER *c)
+{
+	return (c->algorithm_mac & SSL_AEAD) == SSL_AEAD;
+}
+
 void *
 SSL_COMP_get_compression_methods(void)
 {
-- 
cgit v1.2.3-55-g6feb