openssl: Fix AES-GCM with BoringSSL
authorTobias Brunner <tobias@strongswan.org>
Tue, 11 Oct 2016 08:54:06 +0000 (10:54 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 11 Oct 2016 13:29:14 +0000 (15:29 +0200)
BoringSSL only supports a limited list of (hard-coded) algorithms via
EVP_get_cipherbyname(), which does not include AES-GCM.  While BoringSSL
deprecated these functions they are also supported by OpenSSL (in BoringSSL
a completely new interface for AEADs was added, which OpenSSL currently does
not support).

src/libstrongswan/plugins/openssl/openssl_gcm.c

index 6bbe4af..5ef885b 100644 (file)
@@ -255,13 +255,13 @@ aead_t *openssl_gcm_create(encryption_algorithm_t algo,
                                        key_size = 16;
                                        /* FALL */
                                case 16:
-                                       this->cipher = EVP_get_cipherbyname("aes-128-gcm");
+                                       this->cipher = EVP_aes_128_gcm();
                                        break;
                                case 24:
-                                       this->cipher = EVP_get_cipherbyname("aes-192-gcm");
+                                       this->cipher = EVP_aes_192_gcm();
                                        break;
                                case 32:
-                                       this->cipher = EVP_get_cipherbyname("aes-256-gcm");
+                                       this->cipher = EVP_aes_256_gcm();
                                        break;
                                default:
                                        free(this);