In ssl.h rev. 1.149 2018/03/17 14:40:45, jsing@ provided

SSL_CIPHER_get_cipher_nid(3), SSL_CIPHER_get_digest_nid(3),
SSL_CIPHER_get_kx_nid(3), SSL_CIPHER_get_auth_nid(3), and
SSL_CIPHER_is_aead(3).  Merge the documentation from OpenSSL.

1 files changed, 79 insertions, 6 deletions

diff --git a/lib/libssl/man/SSL_CIPHER_get_name.3 b/lib/libssl/man/SSL_CIPHER_get_name.3
index 9a1446efbae..719ffdf2229 100644
--- a/lib/libssl/man/SSL_CIPHER_get_name.3
+++ b/lib/libssl/man/SSL_CIPHER_get_name.3
@@ -1,11 +1,12 @@
-.\" $OpenBSD: SSL_CIPHER_get_name.3,v 1.4 2018/02/27 14:13:52 schwarze Exp $
-.\" full merge up to: OpenSSL 45f55f6a Nov 30 15:35:22 2014 +0100
+.\" $OpenBSD: SSL_CIPHER_get_name.3,v 1.5 2018/03/18 08:56:45 schwarze Exp $
+.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800
 .\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>
+.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>,
+.\" Dr. Stephen Henson <steve@openssl.org>, Todd Short <tshort@akamai.com>,
 .\" and Paul Yang <yang.yang@baishancloud.com>.
-.\" Copyright (c) 2000, 2005, 2009, 2013, 2014, 2017 The OpenSSL Project.
-.\" All rights reserved.
+.\" Copyright (c) 2000, 2005, 2009, 2013, 2014, 2015, 2016, 2017
+.\" The OpenSSL Project.  All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -51,13 +52,18 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: February 27 2018 $
+.Dd $Mdocdate: March 18 2018 $
 .Dt SSL_CIPHER_GET_NAME 3
 .Os
 .Sh NAME
 .Nm SSL_CIPHER_get_name ,
 .Nm SSL_CIPHER_get_bits ,
 .Nm SSL_CIPHER_get_version ,
+.Nm SSL_CIPHER_get_cipher_nid ,
+.Nm SSL_CIPHER_get_digest_nid ,
+.Nm SSL_CIPHER_get_kx_nid ,
+.Nm SSL_CIPHER_get_auth_nid ,
+.Nm SSL_CIPHER_is_aead ,
 .Nm SSL_CIPHER_get_id ,
 .Nm SSL_CIPHER_description
 .Nd get SSL_CIPHER properties
@@ -69,6 +75,16 @@
 .Fn SSL_CIPHER_get_bits "const SSL_CIPHER *cipher" "int *alg_bits"
 .Ft char *
 .Fn SSL_CIPHER_get_version "const SSL_CIPHER *cipher"
+.Ft int
+.Fn SSL_CIPHER_get_cipher_nid "const SSL_CIPHER *cipher"
+.Ft int
+.Fn SSL_CIPHER_get_digest_nid "const SSL_CIPHER *cipher"
+.Ft int
+.Fn SSL_CIPHER_get_kx_nid "const SSL_CIPHER *cipher"
+.Ft int
+.Fn SSL_CIPHER_get_auth_nid "const SSL_CIPHER *cipher"
+.Ft int
+.Fn SSL_CIPHER_is_aead "const SSL_CIPHER *cipher"
 .Ft unsigned long
 .Fn SSL_CIPHER_get_id "const SSL_CIPHER *cipher"
 .Ft char *
@@ -98,6 +114,49 @@ but the function does not; use
 .Fn SSL_CIPHER_description
 instead.
 .Pp
+.Fn SSL_CIPHER_get_cipher_nid
+returns the cipher NID corresponding to the
+.Fa cipher .
+If there is no cipher (e.g. for cipher suites with no encryption), then
+.Dv NID_undef
+is returned.
+.Pp
+.Fn SSL_CIPHER_get_digest_nid
+returns the digest NID corresponding to the MAC used by the
+.Fa cipher
+during record encryption/decryption.
+If there is no digest (e.g. for AEAD cipher suites), then
+.Dv NID_undef
+is returned.
+.Pp
+.Fn SSL_CIPHER_get_kx_nid
+returns the key exchange NID corresponding to the method used by the
+.Fa cipher .
+If there is no key exchange, then
+.Dv NID_undef
+is returned.
+Examples of possible return values include
+.Dv NID_kx_rsa ,
+.Dv NID_kx_dhe ,
+and
+.Dv NID_kx_ecdhe .
+.Pp
+.Fn SSL_CIPHER_get_auth_nid
+returns the authentication NID corresponding to the method used by the
+.Fa cipher .
+If there is no authentication,
+.Dv NID_undef
+is returned.
+Examples of possible return values include
+.Dv NID_auth_rsa
+and
+.Dv NID_auth_ecdsa .
+.Pp
+.Fn SSL_CIPHER_is_aead
+returns 1 if the
+.Fa cipher
+is AEAD (e.g. GCM or ChaCha20/Poly1305), or 0 if it is not AEAD.
+.Pp
 .Fn SSL_CIPHER_get_id
 returns the ID of the given
 .Fa cipher ,
@@ -225,6 +284,20 @@ is a
 .Dv NULL
 pointer.
 .Pp
+.Fn SSL_CIPHER_get_cipher_nid ,
+.Fn SSL_CIPHER_get_digest_nid ,
+.Fn SSL_CIPHER_get_kx_nid ,
+and
+.Fn SSL_CIPHER_get_auth_nid
+return an NID constant or
+.Dv NID_undef
+if an error occurred.
+.Pp
+.Fn SSL_CIPHER_is_aead
+returns 1 if the
+.Fa cipher
+is AEAD or 0 otherwise.
+.Pp
 .Fn SSL_CIPHER_get_id
 returns a 32-bit unsigned integer.
 .Pp