On 2019-10-08 22:51:02 [+0200], Kurt Roeckx wrote: > On Tue, Oct 08, 2019 at 10:15:33PM +0200, Ondřej Surý wrote: > > The one package particularly hit by this is PHP. > > > > The openssl_get_cipher_methods() function does list the hmac variants with > > 1.1.1c, but it doesn’t with 1.1.1d, so there’s definitely a regression > > somewhere. > > Is this something that's fixed by > https://github.com/openssl/openssl/pull/10074?
| #include <openssl/ssl.h> | | static void show_ciphers(const OBJ_NAME *name, void *arg) | { | printf("%-25s\n", name->name); | } | | int main(void) | { | if (!OPENSSL_init_ssl(OPENSSL_INIT_ENGINE_ALL_BUILTIN | | OPENSSL_INIT_LOAD_CONFIG, NULL)) | return 1; | | printf("Supported:\n"); | OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, show_ciphers, NULL); | return 0; | } shows |$ diff -u c d |--- c 2019-10-08 23:18:02.336236444 +0200 |+++ d 2019-10-08 23:17:48.064177075 +0200 |@@ -1,7 +1,5 @@ | Supported: | aes-128-cbc |-aes-128-cbc-hmac-sha1 |-aes-128-cbc-hmac-sha256 | aes-128-ccm | aes-128-cfb | aes-128-cfb1 |@@ -23,8 +21,6 @@ | aes-192-ocb | aes-192-ofb | aes-256-cbc |-aes-256-cbc-hmac-sha1 |-aes-256-cbc-hmac-sha256 | aes-256-ccm | aes-256-cfb | aes-256-cfb1 > Kurt Sebastian