OpenSSL: Add tls_connection_get_cipher_suite()

This can be used to fetch the 16-bit TLS cipher suite identifier.

Signed-off-by: Jouni Malinen <j@w1.fi>

2 files changed, 18 insertions, 0 deletions

diff --git a/src/crypto/tls.h b/src/crypto/tls.h
index e199187..3e7e9c7 100644
--- a/src/crypto/tls.h
+++ b/src/crypto/tls.h
@@ -659,4 +659,11 @@ void tls_connection_remove_session(struct tls_connection *conn);
  */
 int tls_get_tls_unique(struct tls_connection *conn, u8 *buf, size_t max_len);
 
+/**
+ * tls_connection_get_cipher_suite - Get current TLS cipher suite
+ * @conn: Connection context data from tls_connection_init()
+ * Returns: TLS cipher suite of the current connection or 0 on error
+ */
+u16 tls_connection_get_cipher_suite(struct tls_connection *conn);
+
 #endif /* TLS_H */
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index cc96a58..19271d3 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -5354,3 +5354,14 @@ int tls_get_tls_unique(struct tls_connection *conn, u8 *buf, size_t max_len)
 
 	return len;
 }
+
+
+u16 tls_connection_get_cipher_suite(struct tls_connection *conn)
+{
+	const SSL_CIPHER *cipher;
+
+	cipher = SSL_get_current_cipher(conn->ssl);
+	if (!cipher)
+		return 0;
+	return SSL_CIPHER_get_protocol_id(cipher);
+}