From fe1adf5abcaddd2ab7c9412d09d6f233cf595581 Mon Sep 17 00:00:00 2001 From: tb Date: Thu, 4 Jan 2024 20:02:10 +0000 Subject: [PATCH] Remove last external call to EVP_PKEY_meth_find() In order to determine whether GOST is properly enabled, libssl has various weird dances. In this specific case, it calls EVP_PKEY_meth_find() to see whether the relevant cipher is around. Check the same thing with an #ifdef instead. ok jsing --- lib/libssl/ssl_ciph.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c index 38ebea1629f..cea4d3e6f46 100644 --- a/lib/libssl/ssl_ciph.c +++ b/lib/libssl/ssl_ciph.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciph.c,v 1.137 2023/11/19 15:51:49 tb Exp $ */ +/* $OpenBSD: ssl_ciph.c,v 1.138 2024/01/04 20:02:10 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -142,6 +142,7 @@ #include +#include #include #include @@ -655,10 +656,10 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, * algorithms. If they are not available disable the associated * authentication and key exchange algorithms. */ - if (EVP_PKEY_meth_find(NID_id_GostR3410_2001) == NULL) { - *auth |= SSL_aGOST01; - *mkey |= SSL_kGOST; - } +#if defined(OPENSSL_NO_GOST) || !defined(EVP_PKEY_GOSTR01) + *auth |= SSL_aGOST01; + *mkey |= SSL_kGOST; +#endif #ifdef SSL_FORBID_ENULL *enc |= SSL_eNULL; -- 2.20.1