KTLS: use EVP_CIPHER_is_a instead of nid

Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> (Merged from https://github.com/openssl/openssl/pull/16963)
2025-01-18 13:44:20 +08:00 · 2021-11-04 15:42:46 +08:00 · 2021-11-04 15:42:46 +08:00 · ff3e4508bd
commit ff3e4508bd
parent 9bf1061c44
1 changed files with 10 additions and 10 deletions
--- a/ssl/ktls.c
+++ b/ssl/ktls.c
@ -129,28 +129,28 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c,
    /* check that cipher is AES_GCM_128, AES_GCM_256, AES_CCM_128 
     * or Chacha20-Poly1305
     */
-    switch (EVP_CIPHER_get_nid(c))
-    {
 # ifdef OPENSSL_KTLS_AES_CCM_128
-    case NID_aes_128_ccm:
+    if (EVP_CIPHER_is_a(c, "AES-128-CCM")) {
        if (s->version == TLS_1_3_VERSION /* broken on 5.x kernels */
            || EVP_CIPHER_CTX_get_tag_length(dd) != EVP_CCM_TLS_TAG_LEN)
-          return 0;
+            return 0;
+        return 1;
+    } else
 # endif
+    if (0
 # ifdef OPENSSL_KTLS_AES_GCM_128
-        /* Fall through */
-    case NID_aes_128_gcm:
+        || EVP_CIPHER_is_a(c, "AES-128-GCM")
 # endif
 # ifdef OPENSSL_KTLS_AES_GCM_256
-    case NID_aes_256_gcm:
+        || EVP_CIPHER_is_a(c, "AES-256-GCM")
 # endif
 # ifdef OPENSSL_KTLS_CHACHA20_POLY1305
-    case NID_chacha20_poly1305:
+        || EVP_CIPHER_is_a(c, "ChaCha20-Poly1305")
 # endif
+        ) {
        return 1;
-    default:
-        return 0;
    }
+    return 0;
 }

 /* Function to configure kernel TLS structure */