1 .\" $OpenBSD: SSL_CIPHER_get_name.3,v 1.8 2018/03/24 00:55:37 schwarze Exp $
2 .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
3 .\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800
5 .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>,
6 .\" Dr. Stephen Henson <steve@openssl.org>, Todd Short <tshort@akamai.com>,
7 .\" and Paul Yang <yang.yang@baishancloud.com>.
8 .\" Copyright (c) 2000, 2005, 2009, 2013, 2014, 2015, 2016, 2017
9 .\" The OpenSSL Project. All rights reserved.
11 .\" Redistribution and use in source and binary forms, with or without
12 .\" modification, are permitted provided that the following conditions
15 .\" 1. Redistributions of source code must retain the above copyright
16 .\" notice, this list of conditions and the following disclaimer.
18 .\" 2. Redistributions in binary form must reproduce the above copyright
19 .\" notice, this list of conditions and the following disclaimer in
20 .\" the documentation and/or other materials provided with the
23 .\" 3. All advertising materials mentioning features or use of this
24 .\" software must display the following acknowledgment:
25 .\" "This product includes software developed by the OpenSSL Project
26 .\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
28 .\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
29 .\" endorse or promote products derived from this software without
30 .\" prior written permission. For written permission, please contact
31 .\" openssl-core@openssl.org.
33 .\" 5. Products derived from this software may not be called "OpenSSL"
34 .\" nor may "OpenSSL" appear in their names without prior written
35 .\" permission of the OpenSSL Project.
37 .\" 6. Redistributions of any form whatsoever must retain the following
39 .\" "This product includes software developed by the OpenSSL Project
40 .\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
42 .\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
43 .\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
44 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
45 .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
46 .\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
47 .\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
48 .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
49 .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
50 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
51 .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
52 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
53 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
55 .Dd $Mdocdate: March 24 2018 $
56 .Dt SSL_CIPHER_GET_NAME 3
59 .Nm SSL_CIPHER_get_name ,
60 .Nm SSL_CIPHER_get_bits ,
61 .Nm SSL_CIPHER_get_version ,
62 .Nm SSL_CIPHER_get_cipher_nid ,
63 .Nm SSL_CIPHER_get_digest_nid ,
64 .Nm SSL_CIPHER_get_kx_nid ,
65 .Nm SSL_CIPHER_get_auth_nid ,
66 .Nm SSL_CIPHER_is_aead ,
67 .Nm SSL_CIPHER_get_id ,
68 .Nm SSL_CIPHER_description
69 .Nd get SSL_CIPHER properties
73 .Fn SSL_CIPHER_get_name "const SSL_CIPHER *cipher"
75 .Fn SSL_CIPHER_get_bits "const SSL_CIPHER *cipher" "int *alg_bits"
77 .Fn SSL_CIPHER_get_version "const SSL_CIPHER *cipher"
79 .Fn SSL_CIPHER_get_cipher_nid "const SSL_CIPHER *cipher"
81 .Fn SSL_CIPHER_get_digest_nid "const SSL_CIPHER *cipher"
83 .Fn SSL_CIPHER_get_kx_nid "const SSL_CIPHER *cipher"
85 .Fn SSL_CIPHER_get_auth_nid "const SSL_CIPHER *cipher"
87 .Fn SSL_CIPHER_is_aead "const SSL_CIPHER *cipher"
89 .Fn SSL_CIPHER_get_id "const SSL_CIPHER *cipher"
91 .Fn SSL_CIPHER_description "const SSL_CIPHER *cipher" "char *buf" "int size"
93 .Fn SSL_CIPHER_get_name
94 returns a pointer to the name of
97 .Fn SSL_CIPHER_get_bits
98 returns the number of secret bits used for
104 the number of bits processed by the chosen algorithm is stored into it.
106 .Fn SSL_CIPHER_get_version
107 returns a string which indicates the SSL/TLS protocol version that first
111 In some cases it should possibly return
113 but the function does not; use
114 .Fn SSL_CIPHER_description
117 .Fn SSL_CIPHER_get_cipher_nid
118 returns the cipher NID corresponding to the
120 If there is no cipher (e.g. for cipher suites with no encryption), then
124 .Fn SSL_CIPHER_get_digest_nid
125 returns the digest NID corresponding to the MAC used by the
127 during record encryption/decryption.
128 If there is no digest (e.g. for AEAD cipher suites), then
132 .Fn SSL_CIPHER_get_kx_nid
133 returns the key exchange NID corresponding to the method used by the
135 If there is no key exchange, then
138 Examples of possible return values include
144 .Fn SSL_CIPHER_get_auth_nid
145 returns the authentication NID corresponding to the method used by the
147 If there is no authentication,
150 Examples of possible return values include
155 .Fn SSL_CIPHER_is_aead
158 is AEAD (e.g. GCM or ChaCha20/Poly1305), or 0 if it is not AEAD.
160 .Fn SSL_CIPHER_get_id
161 returns the ID of the given
165 The ID here is an OpenSSL-specific concept, which stores a prefix
166 of 0x0300 in the higher two bytes and the IANA-specified chipher
167 suite ID in the lower two bytes.
168 For instance, TLS_RSA_WITH_NULL_MD5 has IANA ID "0x00, 0x01", so
169 .Fn SSL_CIPHER_get_id
172 .Fn SSL_CIPHER_description
173 copies a textual description of
177 which must be at least
182 argument must not be a
189 a buffer is allocated using
191 that buffer should be freed using the
196 is too small to hold the description, a pointer to the static string
199 If memory allocation fails, which can happen even if a
201 of sufficient size is provided, a pointer to the static string
202 .Qq OPENSSL_malloc Error
203 is returned and the content of
207 The string returned by
208 .Fn SSL_CIPHER_description
209 consists of several fields separated by whitespace:
212 Textual representation of the cipher name.
213 .It Aq Ar protocol version
218 The TLSv1.0 ciphers are flagged with SSLv3.
219 No new ciphers were added by TLSv1.1.
220 .It Kx= Ns Aq Ar key exchange
227 .It Au= Ns Aq Ar authentication
228 Authentication method:
236 is the representation of anonymous ciphers.
237 .It Enc= Ns Aq Ar symmetric encryption method
238 Encryption method with number of secret bits:
250 .Sy ChaCha20-Poly1305 ,
251 .Sy ChaCha20-Poly1305-Old ,
252 .Sy GOST-28178-89-CNT ,
255 .It Mac= Ns Aq Ar message authentication code
268 .Fn SSL_CIPHER_get_name
269 returns an internal pointer to a NUL-terminated string.
270 .Fn SSL_CIPHER_get_version
271 returns a pointer to a static NUL-terminated string.
276 pointer, both functions return a pointer to the static string
279 .Fn SSL_CIPHER_get_bits
280 returns a positive integer representing the number of secret bits
287 .Fn SSL_CIPHER_get_cipher_nid ,
288 .Fn SSL_CIPHER_get_digest_nid ,
289 .Fn SSL_CIPHER_get_kx_nid ,
291 .Fn SSL_CIPHER_get_auth_nid
292 return an NID constant or
294 if an error occurred.
296 .Fn SSL_CIPHER_is_aead
299 is AEAD or 0 otherwise.
301 .Fn SSL_CIPHER_get_id
302 returns a 32-bit unsigned integer.
304 .Fn SSL_CIPHER_description
307 or a newly allocated string on success or a pointer to a static
310 An example for the output of
311 .Fn SSL_CIPHER_description :
313 ECDHE-RSA-AES256-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
316 A complete list can be retrieved by invoking the following command:
318 .Dl $ openssl ciphers -v ALL
322 .Xr SSL_get_ciphers 3 ,
323 .Xr SSL_get_current_cipher 3
325 .Fn SSL_CIPHER_get_name ,
326 .Fn SSL_CIPHER_get_bits ,
327 .Fn SSL_CIPHER_get_version ,
329 .Fn SSL_CIPHER_description
330 appeared before SSLeay 0.8 and have been available since
333 .Fn SSL_CIPHER_get_id
334 first appeared in OpenSSL 1.0.1 and has been available since
337 .Fn SSL_CIPHER_get_cipher_nid ,
338 .Fn SSL_CIPHER_get_digest_nid ,
339 .Fn SSL_CIPHER_get_kx_nid ,
340 .Fn SSL_CIPHER_get_auth_nid ,
342 .Fn SSL_CIPHER_is_aead
343 first appeared in OpenSSL 1.1.0 and have been available since
347 .Fn SSL_CIPHER_description
348 cannot handle a built-in cipher,
349 the according description of the cipher property is
351 This case should not occur.