[Openvpn-devel] [PATCH 3/3] Allow all GCM ciphers

Arne Schwabe Thu, 08 Apr 2021 05:01:55 -0700

OpenSSL also allows ARIA-GCM and that works well with our implementation
While the handpicked list was needed for earlier OpenSSL versions (and
is still needed for Chacha20-Poly1305), the API nowadays with OpenSSL
1.0.2 and 1.1.x works as expected.


Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
 src/openvpn/crypto_openssl.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index f8b36bf85..235d0c321 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -728,6 +728,11 @@ cipher_kt_mode_aead(const cipher_kt_t *cipher)
 {
     if (cipher)
     {
+        if (EVP_CIPHER_mode(cipher) == OPENVPN_MODE_GCM)
+        {
+            return true;
+        }
+
         switch (EVP_CIPHER_nid(cipher))
         {
             case NID_aes_128_gcm:
-- 
2.31.1



_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 3/3] Allow all GCM ciphers

Reply via email to