xref: /freebsd/secure/lib/libcrypto/man/man3/SSL_CIPHER_get_name.3 (revision 13ec1e3155c7e9bf037b12af186351b7fa9b9450)
Automatically generated by Pod::Man 4.14 (Pod::Simple 3.43)

Standard preamble:
========================================================================
..
..
.. Set up some character translations and predefined strings. \*(-- will
give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
double quote, and \*(R" will give a right double quote. \*(C+ will
give a nicer C++. Capital omega is used to do unbreakable dashes and
therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
nothing in troff, for use with C<>.
.tr \(*W- . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\}
Escape single quotes in literal strings from groff's Unicode transform.

If the F register is >0, we'll generate index entries on stderr for
titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
entries marked with X<> in POD. Of course, you'll have to process the
output yourself in some meaningful fashion.

Avoid warning from groff about undefined register 'F'.
.. .nr rF 0 . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF
Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] .\} . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents . \" corrections for vroff . \" for low resolution devices (crt and lpr) \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} ========================================================================

Title "SSL_CIPHER_GET_NAME 3"
SSL_CIPHER_GET_NAME 3 "2021-12-14" "1.1.1m" "OpenSSL"
For nroff, turn off justification. Always turn off hyphenation; it makes
way too many mistakes in technical documents.
"NAME"
SSL_CIPHER_get_name, SSL_CIPHER_standard_name, OPENSSL_cipher_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description, SSL_CIPHER_get_cipher_nid, SSL_CIPHER_get_digest_nid, SSL_CIPHER_get_handshake_digest, SSL_CIPHER_get_kx_nid, SSL_CIPHER_get_auth_nid, SSL_CIPHER_is_aead, SSL_CIPHER_find, SSL_CIPHER_get_id, SSL_CIPHER_get_protocol_id \- get SSL_CIPHER properties
"SYNOPSIS"
Header "SYNOPSIS" .Vb 1 #include <openssl/ssl.h> \& const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher); const char *SSL_CIPHER_standard_name(const SSL_CIPHER *cipher); const char *OPENSSL_cipher_name(const char *stdname); int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits); char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher); char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size); int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c); int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c); const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c); int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c); int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c); int SSL_CIPHER_is_aead(const SSL_CIPHER *c); const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); uint32_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c); .Ve
"DESCRIPTION"
Header "DESCRIPTION" \fBSSL_CIPHER_get_name() returns a pointer to the name of cipher. If the \fBcipher is \s-1NULL,\s0 it returns \*(L"(\s-1NONE\s0)\*(R".

\fBSSL_CIPHER_standard_name() returns a pointer to the standard \s-1RFC\s0 name of \fBcipher. If the cipher is \s-1NULL,\s0 it returns \*(L"(\s-1NONE\s0)\*(R". If the cipher has no standard name, it returns \s-1NULL\s0. If cipher was defined in both SSLv3 and \s-1TLS,\s0 it returns the \s-1TLS\s0 name.

\fBOPENSSL_cipher_name() returns a pointer to the OpenSSL name of stdname. If the stdname is \s-1NULL,\s0 or stdname has no corresponding OpenSSL name, it returns \*(L"(\s-1NONE\s0)\*(R". Where both exist, stdname should be the \s-1TLS\s0 name rather than the SSLv3 name.

\fBSSL_CIPHER_get_bits() returns the number of secret bits used for cipher. If cipher is \s-1NULL, 0\s0 is returned.

\fBSSL_CIPHER_get_version() returns string which indicates the \s-1SSL/TLS\s0 protocol version that first defined the cipher. It returns \*(L"(\s-1NONE\s0)\*(R" if cipher is \s-1NULL.\s0

\fBSSL_CIPHER_get_cipher_nid() returns the cipher \s-1NID\s0 corresponding to c. If there is no cipher (e.g. for cipher suites with no encryption) then \fBNID_undef is returned.

\fBSSL_CIPHER_get_digest_nid() returns the digest \s-1NID\s0 corresponding to the \s-1MAC\s0 used by c during record encryption/decryption. If there is no digest (e.g. for \s-1AEAD\s0 cipher suites) then NID_undef is returned.

\fBSSL_CIPHER_get_handshake_digest() returns an \s-1EVP_MD\s0 for the digest used during the \s-1SSL/TLS\s0 handshake when using the \s-1SSL_CIPHER\s0 c. Note that this may be different to the digest used to calculate the \s-1MAC\s0 for encrypted records.

\fBSSL_CIPHER_get_kx_nid() returns the key exchange \s-1NID\s0 corresponding to the method used by c. If there is no key exchange, then NID_undef is returned. If any appropriate key exchange algorithm can be used (as in the case of \s-1TLS 1.3\s0 cipher suites) NID_kx_any is returned. Examples (not comprehensive):

.Vb 4 NID_kx_rsa NID_kx_ecdhe NID_kx_dhe NID_kx_psk .Ve

\fBSSL_CIPHER_get_auth_nid() returns the authentication \s-1NID\s0 corresponding to the method used by c. If there is no authentication, then NID_undef is returned. If any appropriate authentication algorithm can be used (as in the case of \s-1TLS 1.3\s0 cipher suites) NID_auth_any is returned. Examples (not comprehensive):

.Vb 3 NID_auth_rsa NID_auth_ecdsa NID_auth_psk .Ve

\fBSSL_CIPHER_is_aead() returns 1 if the cipher c is \s-1AEAD\s0 (e.g. \s-1GCM\s0 or ChaCha20/Poly1305), and 0 if it is not \s-1AEAD.\s0

\fBSSL_CIPHER_find() returns a \s-1SSL_CIPHER\s0 structure which has the cipher \s-1ID\s0 stored in ptr. The ptr parameter is a two element array of char, which stores the two-byte \s-1TLS\s0 cipher \s-1ID\s0 (as allocated by \s-1IANA\s0) in network byte order. This parameter is usually retrieved from a \s-1TLS\s0 packet by using functions like \fBSSL_client_hello_get0_ciphers\|(3). SSL_CIPHER_find() returns \s-1NULL\s0 if an error occurs or the indicated cipher is not found.

\fBSSL_CIPHER_get_id() returns the OpenSSL-specific \s-1ID\s0 of the given cipher c. That \s-1ID\s0 is not the same as the IANA-specific \s-1ID.\s0

\fBSSL_CIPHER_get_protocol_id() returns the two-byte \s-1ID\s0 used in the \s-1TLS\s0 protocol of the given cipher c.

\fBSSL_CIPHER_description() returns a textual description of the cipher used into the buffer buf of length len provided. If buf is provided, it must be at least 128 bytes, otherwise a buffer will be allocated using \fBOPENSSL_malloc(). If the provided buffer is too small, or the allocation fails, \fB\s-1NULL\s0 is returned.

The string returned by SSL_CIPHER_description() consists of several fields separated by whitespace:

"<ciphername>" 4
Item "<ciphername>" Textual representation of the cipher name.
"<protocol version>" 4
Item "<protocol version>" The minimum protocol version that the ciphersuite supports, such as TLSv1.2. Note that this is not always the same as the protocol version in which the ciphersuite was first defined because some ciphersuites are backwards compatible with earlier protocol versions.
"Kx=<key exchange>" 4
Item "Kx=<key exchange>" Key exchange method such as \s-1RSA\s0, \s-1ECDHE\s0, etc.
"Au=<authentication>" 4
Item "Au=<authentication>" Authentication method such as \s-1RSA\s0, None, etc.. None is the representation of anonymous ciphers.
"Enc=<symmetric encryption method>" 4
Item "Enc=<symmetric encryption method>" Encryption method, with number of secret bits, such as \s-1AESGCM\s0(128).
"Mac=<message authentication code>" 4
Item "Mac=<message authentication code>" Message digest, such as \s-1SHA256\s0.

Some examples for the output of SSL_CIPHER_description():

.Vb 2 ECDHE-RSA-AES256-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD RSA-PSK-AES256-CBC-SHA384 TLSv1.0 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA384 .Ve

"RETURN VALUES"
Header "RETURN VALUES" \fBSSL_CIPHER_get_name(), SSL_CIPHER_standard_name(), OPENSSL_cipher_name(), \fBSSL_CIPHER_get_version() and SSL_CIPHER_description() return the corresponding value in a null-terminated string for a specific cipher or \*(L"(\s-1NONE\s0)\*(R" if the cipher is not found.

\fBSSL_CIPHER_get_bits() returns a positive integer representing the number of secret bits or 0 if an error occurred.

\fBSSL_CIPHER_get_cipher_nid(), SSL_CIPHER_get_digest_nid(), \fBSSL_CIPHER_get_kx_nid() and SSL_CIPHER_get_auth_nid() return the \s-1NID\s0 value or \fBNID_undef if an error occurred.

\fBSSL_CIPHER_get_handshake_digest() returns a valid \s-1EVP_MD\s0 structure or \s-1NULL\s0 if an error occurred.

\fBSSL_CIPHER_is_aead() returns 1 if the cipher is \s-1AEAD\s0 or 0 otherwise.

\fBSSL_CIPHER_find() returns a valid \s-1SSL_CIPHER\s0 structure or \s-1NULL\s0 if an error occurred.

\fBSSL_CIPHER_get_id() returns a 4-byte integer representing the OpenSSL-specific \s-1ID.\s0

\fBSSL_CIPHER_get_protocol_id() returns a 2-byte integer representing the \s-1TLS\s0 protocol-specific \s-1ID.\s0

"SEE ALSO"
Header "SEE ALSO" \fBssl\|(7), SSL_get_current_cipher\|(3), \fBSSL_get_ciphers\|(3), ciphers\|(1)
"HISTORY"
Header "HISTORY" The SSL_CIPHER_get_version() function was updated to always return the correct protocol string in OpenSSL 1.1.0.

The SSL_CIPHER_description() function was changed to return \s-1NULL\s0 on error, rather than a fixed string, in OpenSSL 1.1.0.

The SSL_CIPHER_get_handshake_digest() function was added in OpenSSL 1.1.1.

The SSL_CIPHER_standard_name() function was globally available in OpenSSL 1.1.1. Before OpenSSL 1.1.1, tracing (enable-ssl-trace argument to Configure) was required to enable this function.

The OPENSSL_cipher_name() function was added in OpenSSL 1.1.1.

"COPYRIGHT"
Header "COPYRIGHT" Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>.