[openssl] openssl-3.0 update

Mon Nov 8 09:41:45 UTC 2021

The branch openssl-3.0 has been updated
       via  a075c882641782a6ee94a9123c72b47891a8cf28 (commit)
      from  65d39565375bb7d0c5df733063ee09f7e8ca292b (commit)


- Log -----------------------------------------------------------------
commit a075c882641782a6ee94a9123c72b47891a8cf28
Author: Tianjia Zhang <tianjia.zhang at linux.alibaba.com>
Date:   Thu Nov 4 15:42:46 2021 +0800

    KTLS: use EVP_CIPHER_is_a instead of nid
    
    Signed-off-by: Tianjia Zhang <tianjia.zhang at linux.alibaba.com>
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Yang <kaishen.yy at antfin.com>
    (Merged from https://github.com/openssl/openssl/pull/16963)

-----------------------------------------------------------------------

Summary of changes:
 ssl/ktls.c | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/ssl/ktls.c b/ssl/ktls.c
index 02dbb937ea..79d980959e 100644
--- a/ssl/ktls.c
+++ b/ssl/ktls.c
@@ -129,28 +129,28 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c,
     /* check that cipher is AES_GCM_128, AES_GCM_256, AES_CCM_128 
      * or Chacha20-Poly1305
      */
-    switch (EVP_CIPHER_get_nid(c))
-    {
 # ifdef OPENSSL_KTLS_AES_CCM_128
-    case NID_aes_128_ccm:
+    if (EVP_CIPHER_is_a(c, "AES-128-CCM")) {
         if (s->version == TLS_1_3_VERSION /* broken on 5.x kernels */
             || EVP_CIPHER_CTX_get_tag_length(dd) != EVP_CCM_TLS_TAG_LEN)
-          return 0;
+            return 0;
+        return 1;
+    } else
 # endif
+    if (0
 # ifdef OPENSSL_KTLS_AES_GCM_128
-        /* Fall through */
-    case NID_aes_128_gcm:
+        || EVP_CIPHER_is_a(c, "AES-128-GCM")
 # endif
 # ifdef OPENSSL_KTLS_AES_GCM_256
-    case NID_aes_256_gcm:
+        || EVP_CIPHER_is_a(c, "AES-256-GCM")
 # endif
 # ifdef OPENSSL_KTLS_CHACHA20_POLY1305
-    case NID_chacha20_poly1305:
+        || EVP_CIPHER_is_a(c, "ChaCha20-Poly1305")
 # endif
+        ) {
         return 1;
-    default:
-        return 0;
     }
+    return 0;
 }
 
 /* Function to configure kernel TLS structure */
