OpenSSL also allows ARIA-GCM and that works well with our implementation While the handpicked list was needed for earlier OpenSSL versions (and is still needed for Chacha20-Poly1305), the API nowadays with OpenSSL 1.0.2 and 1.1.x works as expected.
Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- src/openvpn/crypto_openssl.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index f8b36bf85..235d0c321 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -728,6 +728,11 @@ cipher_kt_mode_aead(const cipher_kt_t *cipher) { if (cipher) { + if (EVP_CIPHER_mode(cipher) == OPENVPN_MODE_GCM) + { + return true; + } + switch (EVP_CIPHER_nid(cipher)) { case NID_aes_128_gcm: -- 2.31.1 _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel