Am 16.04.21 um 00:22 schrieb Antonio Quartulli:
> Hi,
>
> On 08/04/2021 14:00, Arne Schwabe wrote:
>> OpenSSL also allows ARIA-GCM and that works well with our implementation
>> While the handpicked list was needed for earlier OpenSSL versions (and
>> is still needed for Chacha20-Poly1305), the API nowadays with OpenSSL
>> 1.0.2 and 1.1.x works as expected.
>>
>> Signed-off-by: Arne Schwabe <a...@rfc2549.org>
>> ---
>> src/openvpn/crypto_openssl.c | 5 +++++
>> 1 file changed, 5 insertions(+)
>>
>> diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
>> index f8b36bf85..235d0c321 100644
>> --- a/src/openvpn/crypto_openssl.c
>> +++ b/src/openvpn/crypto_openssl.c
>> @@ -728,6 +728,11 @@ cipher_kt_mode_aead(const cipher_kt_t *cipher)
>> {
>> if (cipher)
>> {
>> + if (EVP_CIPHER_mode(cipher) == OPENVPN_MODE_GCM)
>> + {
>> + return true;
>> + }
>> +
>> switch (EVP_CIPHER_nid(cipher))
>> {
>> case NID_aes_128_gcm:
>
> If the hand-picked list is required only for chacha-poly1305, why not
> removing all the AES variants from this list?
>
> I tested ossl 1.0.2 and indeed EVP_CIPHER_mode(*aes-gcm*) returns GCM,
> so this list should not be required.
I was a chicken and did not test libreSSL but I can test it and then
send an updated patch. %)
Arne
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
