Hi,
On 08/04/2021 14:00, Arne Schwabe wrote:
> OpenSSL also allows ARIA-GCM and that works well with our implementation
> While the handpicked list was needed for earlier OpenSSL versions (and
> is still needed for Chacha20-Poly1305), the API nowadays with OpenSSL
> 1.0.2 and 1.1.x works as expected.
>
> Signed-off-by: Arne Schwabe <a...@rfc2549.org>
> ---
> src/openvpn/crypto_openssl.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
> index f8b36bf85..235d0c321 100644
> --- a/src/openvpn/crypto_openssl.c
> +++ b/src/openvpn/crypto_openssl.c
> @@ -728,6 +728,11 @@ cipher_kt_mode_aead(const cipher_kt_t *cipher)
> {
> if (cipher)
> {
> + if (EVP_CIPHER_mode(cipher) == OPENVPN_MODE_GCM)
> + {
> + return true;
> + }
> +
> switch (EVP_CIPHER_nid(cipher))
> {
> case NID_aes_128_gcm:
If the hand-picked list is required only for chacha-poly1305, why not
removing all the AES variants from this list?
I tested ossl 1.0.2 and indeed EVP_CIPHER_mode(*aes-gcm*) returns GCM,
so this list should not be required.
Regards,
--
Antonio Quartulli
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
