Switch from EVP_CIPHER_type() to EVP_CIPHER_nid()

EVP_CIPHER_type() will never return NID_gost89_cnt since it has no
associated ASN1_OBJECT. Switching to EVP_CIPHER_nid() has a slight
chance of working. Do that before beck applies the flensing knife.

ok beck

diff --git a/lib/libssl/tls12_record_layer.c b/lib/libssl/tls12_record_layer.c
index 997026b..3f2fe71 100644 (file)
--- a/lib/libssl/tls12_record_layer.c
+++ b/lib/libssl/tls12_record_layer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls12_record_layer.c,v 1.40 2023/07/08 20:38:23 beck Exp $ */
+/* $OpenBSD: tls12_record_layer.c,v 1.41 2024/01/18 16:30:43 tb Exp $ */
 /*
  * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
  *
@@ -525,7 +525,7 @@ tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl,
                goto err;
 
        /* More special handling for GOST... */
-       if (EVP_CIPHER_type(rl->cipher) == NID_gost89_cnt) {
+       if (EVP_CIPHER_nid(rl->cipher) == NID_gost89_cnt) {
                gost_param_nid = NID_id_tc26_gost_28147_param_Z;
                if (EVP_MD_type(rl->handshake_hash) == NID_id_GostR3411_94)
                        gost_param_nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet;