[openssl] openssl-3.0 update
kaishen.yy at antfin.com
kaishen.yy at antfin.com
Mon Nov 8 09:41:45 UTC 2021
The branch openssl-3.0 has been updated
via a075c882641782a6ee94a9123c72b47891a8cf28 (commit)
from 65d39565375bb7d0c5df733063ee09f7e8ca292b (commit)
- Log -----------------------------------------------------------------
commit a075c882641782a6ee94a9123c72b47891a8cf28
Author: Tianjia Zhang <tianjia.zhang at linux.alibaba.com>
Date: Thu Nov 4 15:42:46 2021 +0800
KTLS: use EVP_CIPHER_is_a instead of nid
Signed-off-by: Tianjia Zhang <tianjia.zhang at linux.alibaba.com>
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Paul Yang <kaishen.yy at antfin.com>
(Merged from https://github.com/openssl/openssl/pull/16963)
-----------------------------------------------------------------------
Summary of changes:
ssl/ktls.c | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/ssl/ktls.c b/ssl/ktls.c
index 02dbb937ea..79d980959e 100644
--- a/ssl/ktls.c
+++ b/ssl/ktls.c
@@ -129,28 +129,28 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c,
/* check that cipher is AES_GCM_128, AES_GCM_256, AES_CCM_128
* or Chacha20-Poly1305
*/
- switch (EVP_CIPHER_get_nid(c))
- {
# ifdef OPENSSL_KTLS_AES_CCM_128
- case NID_aes_128_ccm:
+ if (EVP_CIPHER_is_a(c, "AES-128-CCM")) {
if (s->version == TLS_1_3_VERSION /* broken on 5.x kernels */
|| EVP_CIPHER_CTX_get_tag_length(dd) != EVP_CCM_TLS_TAG_LEN)
- return 0;
+ return 0;
+ return 1;
+ } else
# endif
+ if (0
# ifdef OPENSSL_KTLS_AES_GCM_128
- /* Fall through */
- case NID_aes_128_gcm:
+ || EVP_CIPHER_is_a(c, "AES-128-GCM")
# endif
# ifdef OPENSSL_KTLS_AES_GCM_256
- case NID_aes_256_gcm:
+ || EVP_CIPHER_is_a(c, "AES-256-GCM")
# endif
# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
- case NID_chacha20_poly1305:
+ || EVP_CIPHER_is_a(c, "ChaCha20-Poly1305")
# endif
+ ) {
return 1;
- default:
- return 0;
}
+ return 0;
}
/* Function to configure kernel TLS structure */
More information about the openssl-commits
mailing list