[openssl] master update
tomas at openssl.org
tomas at openssl.org
Thu Apr 1 12:40:27 UTC 2021
The branch master has been updated
via 5050fd5b3b7d18eec966469726180efb6c72c594 (commit)
via b064eebb5080178de9641a0520e2f22b5846e0f3 (commit)
via 83abd33cf7b3ed40fb94aa1338b6c40b44fa8ad3 (commit)
via e2e20129a9b9f898d382d199f9debdb549b882ff (commit)
via 0a4a48a8b4eecc16a5c024492de09483370a7d5d (commit)
from 9754665d6b0e7ba602878aa49dabaa6e8ee72632 (commit)
- Log -----------------------------------------------------------------
commit 5050fd5b3b7d18eec966469726180efb6c72c594
Author: Tomas Mraz <tomas at openssl.org>
Date: Fri Mar 26 17:57:16 2021 +0100
Avoid going through NID when unnecessary
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14703)
commit b064eebb5080178de9641a0520e2f22b5846e0f3
Author: Tomas Mraz <tomas at openssl.org>
Date: Fri Mar 26 17:53:59 2021 +0100
EVP_CIPHER_type: fix misleading argument name
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14703)
commit 83abd33cf7b3ed40fb94aa1338b6c40b44fa8ad3
Author: Tomas Mraz <tomas at openssl.org>
Date: Fri Mar 26 17:53:00 2021 +0100
Drop TODO 3.0 as we cannot get rid of legacy nids in 3.0
Fixes #14393
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14703)
commit e2e20129a9b9f898d382d199f9debdb549b882ff
Author: Tomas Mraz <tomas at openssl.org>
Date: Fri Mar 26 17:50:03 2021 +0100
OBJ_nid2sn(NID_sha256) is completely equivalent to OSSL_DIGEST_NAME_SHA2_256
The comment is bogus as that call for NID_sha256 does not do
anything else than looking up the string in an internal table.
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14703)
commit 0a4a48a8b4eecc16a5c024492de09483370a7d5d
Author: Tomas Mraz <tomas at openssl.org>
Date: Fri Mar 26 17:48:31 2021 +0100
EVP_PKEY_CTRL_CIPHER can be used with encrypt/decrypt with GOST
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14703)
-----------------------------------------------------------------------
Summary of changes:
apps/ca.c | 2 +-
apps/crl.c | 3 +--
apps/enc.c | 2 +-
apps/speed.c | 8 ++++----
apps/x509.c | 2 +-
crypto/evp/ctrl_params_translate.c | 2 +-
crypto/evp/evp_enc.c | 3 +--
crypto/evp/evp_lib.c | 4 ++--
crypto/pem/pem_info.c | 4 ++--
crypto/pem/pem_lib.c | 2 +-
doc/man3/EVP_EncryptInit.pod | 2 +-
include/openssl/evp.h | 2 +-
ssl/s3_lib.c | 6 +-----
13 files changed, 18 insertions(+), 24 deletions(-)
diff --git a/apps/ca.c b/apps/ca.c
index dbb4d15eb8..9cec43cf8b 100755
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -821,7 +821,7 @@ end_of_options:
}
if (verbose)
BIO_printf(bio_err, "message digest is %s\n",
- OBJ_nid2ln(EVP_MD_type(dgst)));
+ EVP_MD_name(dgst));
if (policy == NULL
&& (policy = lookup_conf(conf, section, ENV_POLICY)) == NULL)
goto end;
diff --git a/apps/crl.c b/apps/crl.c
index e2ed9588e6..e8b501a8af 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -347,8 +347,7 @@ int crl_main(int argc, char **argv)
BIO_printf(bio_err, "out of memory\n");
goto end;
}
- BIO_printf(bio_out, "%s Fingerprint=",
- OBJ_nid2sn(EVP_MD_type(digest)));
+ BIO_printf(bio_out, "%s Fingerprint=", EVP_MD_name(digest));
for (j = 0; j < (int)n; j++) {
BIO_printf(bio_out, "%02X%c", md[j], (j + 1 == (int)n)
? '\n' : ':');
diff --git a/apps/enc.c b/apps/enc.c
index c5766f05e8..498d0d500b 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -360,7 +360,7 @@ int enc_main(int argc, char **argv)
char prompt[200];
BIO_snprintf(prompt, sizeof(prompt), "enter %s %s password:",
- OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
+ EVP_CIPHER_name(cipher),
(enc) ? "encryption" : "decryption");
strbuf[0] = '\0';
i = EVP_read_pw_string((char *)strbuf, SIZE, prompt, enc);
diff --git a/apps/speed.c b/apps/speed.c
index 727341a1e6..25c384d775 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -1758,7 +1758,7 @@ int speed_main(int argc, char **argv)
} else if (!(EVP_CIPHER_flags(evp_cipher) &
EVP_CIPH_FLAG_AEAD_CIPHER)) {
BIO_printf(bio_err, "%s is not an AEAD cipher\n",
- OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher)));
+ EVP_CIPHER_name(evp_cipher));
goto end;
}
}
@@ -1770,7 +1770,7 @@ int speed_main(int argc, char **argv)
} else if (!(EVP_CIPHER_flags(evp_cipher) &
EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
BIO_printf(bio_err, "%s is not a multi-block capable\n",
- OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher)));
+ EVP_CIPHER_name(evp_cipher));
goto end;
} else if (async_jobs > 0) {
BIO_printf(bio_err, "Async mode is not supported with -mb");
@@ -2219,7 +2219,7 @@ int speed_main(int argc, char **argv)
goto end;
}
- names[D_EVP] = OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher));
+ names[D_EVP] = EVP_CIPHER_name(evp_cipher);
if (EVP_CIPHER_mode(evp_cipher) == EVP_CIPH_CCM_MODE) {
loopfunc = EVP_Update_loop_ccm;
@@ -3633,7 +3633,7 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY,
sizeof(no_key), no_key))
app_bail_out("failed to set AEAD key\n");
- if ((alg_name = OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher))) == NULL)
+ if ((alg_name = EVP_CIPHER_name(evp_cipher)) == NULL)
app_bail_out("failed to get cipher name\n");
for (j = 0; j < num; j++) {
diff --git a/apps/x509.c b/apps/x509.c
index 163c1c8a67..abbffe37ab 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -978,7 +978,7 @@ int x509_main(int argc, char **argv)
BIO_printf(bio_err, "Out of memory\n");
goto end;
}
- BIO_printf(out, "%s Fingerprint=", OBJ_nid2sn(EVP_MD_type(fdig)));
+ BIO_printf(out, "%s Fingerprint=", EVP_MD_name(fdig));
for (j = 0; j < (int)n; j++)
BIO_printf(out, "%02X%c", md[j], (j + 1 == (int)n) ? '\n' : ':');
} else if (i == ocspid) {
diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c
index 995e37a4e8..4863b81db9 100644
--- a/crypto/evp/ctrl_params_translate.c
+++ b/crypto/evp/ctrl_params_translate.c
@@ -2188,7 +2188,7 @@ static const struct translation_st evp_pkey_ctx_translations[] = {
EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES, "maxmem_bytes", NULL,
OSSL_KDF_PARAM_SCRYPT_MAXMEM, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
- { SET, -1, -1, EVP_PKEY_OP_KEYGEN,
+ { SET, -1, -1, EVP_PKEY_OP_KEYGEN | EVP_PKEY_OP_TYPE_CRYPT,
EVP_PKEY_CTRL_CIPHER, NULL, NULL,
OSSL_PKEY_PARAM_CIPHER, OSSL_PARAM_UTF8_STRING, fix_cipher },
{ SET, -1, -1, EVP_PKEY_OP_KEYGEN,
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index c3d2b97594..79ffd2275f 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -1415,7 +1415,7 @@ EVP_CIPHER *evp_cipher_new(void)
* NIDs or any functionality that use them.
*/
#ifndef FIPS_MODULE
-/* TODO(3.x) get rid of the need for legacy NIDs */
+/* After removal of legacy support get rid of the need for legacy NIDs */
static void set_legacy_nid(const char *name, void *vlegacy_nid)
{
int nid;
@@ -1453,7 +1453,6 @@ static void *evp_cipher_from_dispatch(const int name_id,
}
#ifndef FIPS_MODULE
- /* TODO(3.x) get rid of the need for legacy NIDs */
cipher->nid = NID_undef;
if (!evp_names_do_all(prov, name_id, set_legacy_nid, &cipher->nid)
|| cipher->nid == -1) {
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index 48bf99d1f5..31d2a7392b 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -267,10 +267,10 @@ int evp_cipher_set_asn1_aead_params(EVP_CIPHER_CTX *c, ASN1_TYPE *type,
#endif /* !defined(FIPS_MODULE) */
/* Convert the various cipher NIDs and dummies to a proper OID NID */
-int EVP_CIPHER_type(const EVP_CIPHER *ctx)
+int EVP_CIPHER_type(const EVP_CIPHER *cipher)
{
int nid;
- nid = EVP_CIPHER_nid(ctx);
+ nid = EVP_CIPHER_nid(cipher);
switch (nid) {
diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c
index c615d24ed0..54e29ab41f 100644
--- a/crypto/pem/pem_info.c
+++ b/crypto/pem/pem_info.c
@@ -282,7 +282,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, const X509_INFO *xi, EVP_CIPHER *enc,
const unsigned char *iv = NULL;
if (enc != NULL) {
- objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
+ objstr = EVP_CIPHER_name(enc);
if (objstr == NULL
/*
* Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n"
@@ -317,7 +317,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, const X509_INFO *xi, EVP_CIPHER *enc,
* than what the user has passed us ... as we have to match
* exactly for some strange reason
*/
- objstr = OBJ_nid2sn(EVP_CIPHER_nid(xi->enc_cipher.cipher));
+ objstr = EVP_CIPHER_name(xi->enc_cipher.cipher);
if (objstr == NULL) {
ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_CIPHER);
goto err;
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index c8e0b264da..16b65fa945 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -323,7 +323,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
unsigned char iv[EVP_MAX_IV_LENGTH];
if (enc != NULL) {
- objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
+ objstr = EVP_CIPHER_name(enc);
if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0
|| EVP_CIPHER_iv_length(enc) > (int)sizeof(iv)
/*
diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod
index d2880b20f2..9090dc8ad3 100644
--- a/doc/man3/EVP_EncryptInit.pod
+++ b/doc/man3/EVP_EncryptInit.pod
@@ -149,7 +149,7 @@ EVP_CIPHER_do_all_provided
int EVP_CIPHER_iv_length(const EVP_CIPHER *e);
unsigned long EVP_CIPHER_flags(const EVP_CIPHER *e);
unsigned long EVP_CIPHER_mode(const EVP_CIPHER *e);
- int EVP_CIPHER_type(const EVP_CIPHER *ctx);
+ int EVP_CIPHER_type(const EVP_CIPHER *cipher);
const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 4268f1020d..7d1823dbac 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1396,7 +1396,7 @@ int EVP_PKEY_set1_encoded_public_key(EVP_PKEY *pkey,
size_t EVP_PKEY_get1_encoded_public_key(EVP_PKEY *pkey, unsigned char **ppub);
-int EVP_CIPHER_type(const EVP_CIPHER *ctx);
+int EVP_CIPHER_type(const EVP_CIPHER *cipher);
/* calls methods */
int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index f5b063319b..1b491e7f92 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4275,12 +4275,8 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
if (prefer_sha256) {
const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
- /*
- * TODO: When there are no more legacy digests we can just use
- * OSSL_DIGEST_NAME_SHA2_256 instead of calling OBJ_nid2sn
- */
if (EVP_MD_is_a(ssl_md(s->ctx, tmp->algorithm2),
- OBJ_nid2sn(NID_sha256))) {
+ OSSL_DIGEST_NAME_SHA2_256)) {
ret = tmp;
break;
}
More information about the openssl-commits
mailing list