OpenSSL: Add tls_connection_get_cipher_suite()

This can be used to fetch the 16-bit TLS cipher suite identifier.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/crypto/tls.h b/src/crypto/tls.h
index e199187e82a513eb62f3a09dca8e245303f62ee7..3e7e9c750c0a5ef9674e2d3b2f9447b6b2e0d0b8 100644 (file)
--- a/src/crypto/tls.h
+++ b/src/crypto/tls.h
@@ -659,4 +659,11 @@ void tls_connection_remove_session(struct tls_connection *conn);
  */
 int tls_get_tls_unique(struct tls_connection *conn, u8 *buf, size_t max_len);
 
+/**
+ * tls_connection_get_cipher_suite - Get current TLS cipher suite
+ * @conn: Connection context data from tls_connection_init()
+ * Returns: TLS cipher suite of the current connection or 0 on error
+ */
+u16 tls_connection_get_cipher_suite(struct tls_connection *conn);
+
 #endif /* TLS_H */

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index cc96a582ce5cf329ab504c26ba2d4ecf23e38fe3..19271d3d6b2541b2f1fbbb44ac27294fd8a0085b 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -5354,3 +5354,14 @@ int tls_get_tls_unique(struct tls_connection *conn, u8 *buf, size_t max_len)
 
        return len;
 }
+
+
+u16 tls_connection_get_cipher_suite(struct tls_connection *conn)
+{
+       const SSL_CIPHER *cipher;
+
+       cipher = SSL_get_current_cipher(conn->ssl);
+       if (!cipher)
+               return 0;
+       return SSL_CIPHER_get_protocol_id(cipher);
+}