From: Norbert Pocs Date: Fri, 21 Nov 2025 13:52:32 +0000 (+0100) Subject: Refactor ssl_evp_cipher_fetch() X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b2ff25627a365aae637ffe0c08cd3eeb2b7260ff;p=thirdparty%2Fopenssl.git Refactor ssl_evp_cipher_fetch() Signed-off-by: Norbert Pocs Reviewed-by: Paul Yang Reviewed-by: Eugene Syromiatnikov Reviewed-by: Tomas Mraz Reviewed-by: Saša Nedvědický Reviewed-by: Neil Horman Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/29305) --- diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 6b02c79ab95..0125c73d1c6 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -308,8 +308,9 @@ int ssl_load_ciphers(SSL_CTX *ctx) ctx->disabled_enc_mask = 0; for (i = 0, t = ssl_cipher_table_cipher; i < SSL_ENC_NUM_IDX; i++, t++) { if (t->nid != NID_undef) { - const EVP_CIPHER *cipher - = ssl_evp_cipher_fetch(ctx->libctx, t->nid, ctx->propq); + const EVP_CIPHER *cipher = ssl_evp_cipher_fetch(ctx->libctx, + OBJ_nid2sn(t->nid), + ctx->propq); ctx->ssl_cipher_methods[i] = cipher; if (cipher == NULL) @@ -535,27 +536,28 @@ int ssl_cipher_get_evp(SSL_CTX *ctx, const SSL_SESSION *s, if (c->algorithm_enc == SSL_RC4 && c->algorithm_mac == SSL_MD5) - evp = ssl_evp_cipher_fetch(ctx->libctx, NID_rc4_hmac_md5, + evp = ssl_evp_cipher_fetch(ctx->libctx, + "RC4-HMAC-MD5", ctx->propq); else if (c->algorithm_enc == SSL_AES128 && c->algorithm_mac == SSL_SHA1) evp = ssl_evp_cipher_fetch(ctx->libctx, - NID_aes_128_cbc_hmac_sha1, + "AES-128-CBC-HMAC-SHA1", ctx->propq); else if (c->algorithm_enc == SSL_AES256 && c->algorithm_mac == SSL_SHA1) evp = ssl_evp_cipher_fetch(ctx->libctx, - NID_aes_256_cbc_hmac_sha1, + "AES-256-CBC-HMAC-SHA1", ctx->propq); else if (c->algorithm_enc == SSL_AES128 && c->algorithm_mac == SSL_SHA256) evp = ssl_evp_cipher_fetch(ctx->libctx, - NID_aes_128_cbc_hmac_sha256, + "AES-128-CBC-HMAC-SHA256", ctx->propq); else if (c->algorithm_enc == SSL_AES256 && c->algorithm_mac == SSL_SHA256) evp = ssl_evp_cipher_fetch(ctx->libctx, - NID_aes_256_cbc_hmac_sha256, + "AES-256-CBC-HMAC-SHA256", ctx->propq); if (evp != NULL) { diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 14c29442d91..589a210a147 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -7469,13 +7469,13 @@ void SSL_set_allow_early_data_cb(SSL *s, } const EVP_CIPHER *ssl_evp_cipher_fetch(OSSL_LIB_CTX *libctx, - int nid, + const char *name, const char *properties) { const EVP_CIPHER *ciph; ERR_set_mark(); - ciph = EVP_CIPHER_fetch(libctx, OBJ_nid2sn(nid), properties); + ciph = EVP_CIPHER_fetch(libctx, name, properties); if (ciph != NULL) { OSSL_PARAM params[2]; int decrypt_only = 0; diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 22522bdaebf..d6d8484dc19 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -3010,7 +3010,7 @@ void custom_exts_free(custom_ext_methods *exts); int ssl_ctx_system_config(SSL_CTX *ctx); const EVP_CIPHER *ssl_evp_cipher_fetch(OSSL_LIB_CTX *libctx, - int nid, + const char *name, const char *properties); int ssl_evp_cipher_up_ref(const EVP_CIPHER *cipher); void ssl_evp_cipher_free(const EVP_CIPHER *cipher);