Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

More tweaks for Ruby integration #1852

Merged
merged 1 commit into from
Sep 17, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions crypto/cipher_extra/cipher_extra.c
Original file line number Diff line number Diff line change
Expand Up @@ -73,16 +73,19 @@ static const struct {
const EVP_CIPHER *(*func)(void);
} kCiphers[] = {
{NID_aes_128_cbc, "aes-128-cbc", EVP_aes_128_cbc},
{NID_aes_128_cfb128, "aes-128-cfb", EVP_aes_128_cfb},
{NID_aes_128_ctr, "aes-128-ctr", EVP_aes_128_ctr},
{NID_aes_128_ecb, "aes-128-ecb", EVP_aes_128_ecb},
{NID_aes_128_gcm, "aes-128-gcm", EVP_aes_128_gcm},
{NID_aes_128_ofb128, "aes-128-ofb", EVP_aes_128_ofb},
{NID_aes_192_cbc, "aes-192-cbc", EVP_aes_192_cbc},
{NID_aes_192_cfb128, "aes-192-cfb", EVP_aes_192_cfb},
{NID_aes_192_ctr, "aes-192-ctr", EVP_aes_192_ctr},
{NID_aes_192_ecb, "aes-192-ecb", EVP_aes_192_ecb},
{NID_aes_192_gcm, "aes-192-gcm", EVP_aes_192_gcm},
{NID_aes_192_ofb128, "aes-192-ofb", EVP_aes_192_ofb},
{NID_aes_256_cbc, "aes-256-cbc", EVP_aes_256_cbc},
{NID_aes_256_cfb128, "aes-256-cfb", EVP_aes_256_cfb},
{NID_aes_256_ctr, "aes-256-ctr", EVP_aes_256_ctr},
{NID_aes_256_ecb, "aes-256-ecb", EVP_aes_256_ecb},
{NID_aes_256_gcm, "aes-256-gcm", EVP_aes_256_gcm},
Expand Down
4 changes: 4 additions & 0 deletions crypto/decrepit/evp/evp_do_all.c
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,10 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,
callback(EVP_rc2_cbc(), "rc2-cbc", NULL, arg);
callback(EVP_rc4(), "rc4", NULL, arg);
callback(EVP_chacha20_poly1305(), "chacha20-poly1305", NULL, arg);

// Other possible historical aliases from OpenSSL.
callback(EVP_aes_128_cbc(), "aes128", NULL, arg);
callback(EVP_aes_256_cbc(), "aes256", NULL, arg);
}

void EVP_MD_do_all_sorted(void (*callback)(const EVP_MD *cipher,
Expand Down
1 change: 1 addition & 0 deletions crypto/fipsmodule/evp/evp.c
Original file line number Diff line number Diff line change
Expand Up @@ -576,6 +576,7 @@ void *EVP_PKEY_get0(const EVP_PKEY *pkey) {
case EVP_PKEY_RSA_PSS:
case EVP_PKEY_DSA:
case EVP_PKEY_EC:
case EVP_PKEY_DH:
return pkey->pkey.ptr;
default:
return NULL;
Expand Down
2 changes: 1 addition & 1 deletion include/openssl/evp.h
Original file line number Diff line number Diff line change
Expand Up @@ -1204,7 +1204,7 @@ OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *engine,

// EVP_PKEY_get0 returns the consumed key. The type of value returned will be
// one of the following, depending on the type of the |EVP_PKEY|:
// |RSA|, |DSA| or |EC_KEY|.
// |DH|, |DSA|, |EC_KEY|, or |RSA|.
//
// This function is provided only for compatibility with OpenSSL.
// Prefer the use the typed |EVP_PKEY_get0_*| functions instead.
Expand Down
16 changes: 16 additions & 0 deletions include/openssl/ssl.h
Original file line number Diff line number Diff line change
Expand Up @@ -5731,6 +5731,22 @@ OPENSSL_EXPORT int SSL_set1_curves_list(SSL *ssl, const char *curves);
// is intentionally not supported in AWS-LC.
#define SSL_VERIFY_CLIENT_ONCE 0

// SSL_OP_TLSEXT_PADDING is OFF by default in AWS-LC. Turning this ON in
// OpenSSL adds a padding extension to ensure the ClientHello size is never
// between 256 and 511 bytes in length. This is needed as a workaround for some
// implementations.
#define SSL_OP_TLSEXT_PADDING 0

// SSL_OP_SAFARI_ECDHE_ECDSA_BUG is OFF by default in AWS-LC. Turning this ON in
// OpenSSL defers ECDHE-ECDSA ciphers when the client appears to be Safari on
// OSX. OSX 10.8 ~ 10.8.3 has broken support for ECDHE-ECDSA ciphers.
#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0

// SSL_OP_CRYPTOPRO_TLSEXT_BUG is OFF by default in AWS-LC. Turning this ON in
// OpenSSL adds the server-hello extension from the early version of cryptopro
// draft when GOST ciphersuite is negotiated (which we don't support).
#define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0

// The following have no effect in both AWS-LC and OpenSSL.
#define SSL_OP_EPHEMERAL_RSA 0
#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0
Expand Down
Loading