Refactor ssl_evp_cipher_fetch()

Signed-off-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29305)

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 6b02c79ab95289ef4a4c827e0899b23085bfa7be..0125c73d1c6e914737479b6e5460327bfb89f3d9 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -308,8 +308,9 @@ int ssl_load_ciphers(SSL_CTX *ctx)
     ctx->disabled_enc_mask = 0;
     for (i = 0, t = ssl_cipher_table_cipher; i < SSL_ENC_NUM_IDX; i++, t++) {
         if (t->nid != NID_undef) {
-            const EVP_CIPHER *cipher
-                = ssl_evp_cipher_fetch(ctx->libctx, t->nid, ctx->propq);
+            const EVP_CIPHER *cipher = ssl_evp_cipher_fetch(ctx->libctx,
+                                                            OBJ_nid2sn(t->nid),
+                                                            ctx->propq);
 
             ctx->ssl_cipher_methods[i] = cipher;
             if (cipher == NULL)
@@ -535,27 +536,28 @@ int ssl_cipher_get_evp(SSL_CTX *ctx, const SSL_SESSION *s,
 
         if (c->algorithm_enc == SSL_RC4
                 && c->algorithm_mac == SSL_MD5)
-            evp = ssl_evp_cipher_fetch(ctx->libctx, NID_rc4_hmac_md5,
+            evp = ssl_evp_cipher_fetch(ctx->libctx,
+                                       "RC4-HMAC-MD5",
                                        ctx->propq);
         else if (c->algorithm_enc == SSL_AES128
                     && c->algorithm_mac == SSL_SHA1)
             evp = ssl_evp_cipher_fetch(ctx->libctx,
-                                       NID_aes_128_cbc_hmac_sha1,
+                                       "AES-128-CBC-HMAC-SHA1",
                                        ctx->propq);
         else if (c->algorithm_enc == SSL_AES256
                     && c->algorithm_mac == SSL_SHA1)
              evp = ssl_evp_cipher_fetch(ctx->libctx,
-                                        NID_aes_256_cbc_hmac_sha1,
+                                        "AES-256-CBC-HMAC-SHA1",
                                         ctx->propq);
         else if (c->algorithm_enc == SSL_AES128
                     && c->algorithm_mac == SSL_SHA256)
             evp = ssl_evp_cipher_fetch(ctx->libctx,
-                                       NID_aes_128_cbc_hmac_sha256,
+                                       "AES-128-CBC-HMAC-SHA256",
                                        ctx->propq);
         else if (c->algorithm_enc == SSL_AES256
                     && c->algorithm_mac == SSL_SHA256)
             evp = ssl_evp_cipher_fetch(ctx->libctx,
-                                       NID_aes_256_cbc_hmac_sha256,
+                                       "AES-256-CBC-HMAC-SHA256",
                                        ctx->propq);
 
         if (evp != NULL) {

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 14c29442d9108496836a3a3792c4995fb25a307e..589a210a147aa6e392e25d95d282168c4af5f9fb 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -7469,13 +7469,13 @@ void SSL_set_allow_early_data_cb(SSL *s,
 }
 
 const EVP_CIPHER *ssl_evp_cipher_fetch(OSSL_LIB_CTX *libctx,
-                                       int nid,
+                                       const char *name,
                                        const char *properties)
 {
     const EVP_CIPHER *ciph;
 
     ERR_set_mark();
-    ciph = EVP_CIPHER_fetch(libctx, OBJ_nid2sn(nid), properties);
+    ciph = EVP_CIPHER_fetch(libctx, name, properties);
     if (ciph != NULL) {
         OSSL_PARAM params[2];
         int decrypt_only = 0;

diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index 22522bdaebf579af2db167af7d684c1876661300..d6d8484dc1955d8eeb6bdaf6405712e0079484a2 100644 (file)
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -3010,7 +3010,7 @@ void custom_exts_free(custom_ext_methods *exts);
 int ssl_ctx_system_config(SSL_CTX *ctx);
 
 const EVP_CIPHER *ssl_evp_cipher_fetch(OSSL_LIB_CTX *libctx,
-                                       int nid,
+                                       const char *name,
                                        const char *properties);
 int ssl_evp_cipher_up_ref(const EVP_CIPHER *cipher);
 void ssl_evp_cipher_free(const EVP_CIPHER *cipher);