openssl: Fix AES-GCM with BoringSSL

BoringSSL only supports a limited list of (hard-coded) algorithms via
EVP_get_cipherbyname(), which does not include AES-GCM.  While BoringSSL
deprecated these functions they are also supported by OpenSSL (in BoringSSL
a completely new interface for AEADs was added, which OpenSSL currently does
not support).

diff --git a/src/libstrongswan/plugins/openssl/openssl_gcm.c b/src/libstrongswan/plugins/openssl/openssl_gcm.c
index 6bbe4af9560ca9159b9b8307f75944b17c9beb63..5ef885b16ef8488ba16c40452aac25a312b6e8c9 100644 (file)
--- a/src/libstrongswan/plugins/openssl/openssl_gcm.c
+++ b/src/libstrongswan/plugins/openssl/openssl_gcm.c
@@ -255,13 +255,13 @@ aead_t *openssl_gcm_create(encryption_algorithm_t algo,
                                        key_size = 16;
                                        /* FALL */
                                case 16:
-                                       this->cipher = EVP_get_cipherbyname("aes-128-gcm");
+                                       this->cipher = EVP_aes_128_gcm();
                                        break;
                                case 24:
-                                       this->cipher = EVP_get_cipherbyname("aes-192-gcm");
+                                       this->cipher = EVP_aes_192_gcm();
                                        break;
                                case 32:
-                                       this->cipher = EVP_get_cipherbyname("aes-256-gcm");
+                                       this->cipher = EVP_aes_256_gcm();
                                        break;
                                default:
                                        free(this);