OpenSSL also allows ARIA-GCM and that works well with our implementation
While the handpicked list was needed for earlier OpenSSL versions (and
is still needed for Chacha20-Poly1305), the API nowadays with OpenSSL
1.0.2 and 1.1.x works as expected.
Patch V2: Remove special cases for AES-GCM ciphers.
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/crypto_openssl.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index f8b36bf85..57731ed79 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -728,16 +728,17 @@ cipher_kt_mode_aead(const cipher_kt_t *cipher)
{
if (cipher)
{
- switch (EVP_CIPHER_nid(cipher))
+ if (EVP_CIPHER_mode(cipher) == OPENVPN_MODE_GCM)
{
- case NID_aes_128_gcm:
- case NID_aes_192_gcm:
- case NID_aes_256_gcm:
+ return true;
+ }
+
#ifdef NID_chacha20_poly1305
- case NID_chacha20_poly1305:
-#endif
- return true;
+ if (EVP_CIPHER_nid(cipher) == NID_chacha20_poly1305)
+ {
+ return true;
}
+#endif
}
return false;
--
2.31.1
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
