Hi, On 21/04/2021 14:34, Arne Schwabe wrote: > OpenSSL also allows ARIA-GCM and that works well with our implementation > While the handpicked list was needed for earlier OpenSSL versions (and > is still needed for Chacha20-Poly1305), the API nowadays with OpenSSL > 1.0.2 and 1.1.x works as expected. > > Patch V2: Remove special cases for AES-GCM ciphers. > > Signed-off-by: Arne Schwabe <a...@rfc2549.org>
Testing AES-GCM on various OpenSSL versions just works as usual. ARIA-GCM works as expected on 1.1.0 and 1.1.1 (1.0.2 does not seem to support it). CHACHA20-POLY1305 is also confirmed to still be working on OpenSSL 1.1.0 and 1.1.1. LibreSSL compiles and works as expected (basic tests performed). wolfSSL compiles but does not work anymore. I presume it does not properly implement EVP_CIPHER_mode() as it returns 0 for AES-256-GCM. IMHO this is one of those cases where we should merge this patch and then wait for wolfSSL to fix the library. So this patch gets my ACK, but I am not sure how we want to proceed. Acked-by: Antonio Quartulli <anto...@openvpn.net> -- Antonio Quartulli _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
