From c72c6e92258f5bf25b073f2b7c7631258d9b83f8 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 11 Oct 2016 10:54:06 +0200
Subject: [PATCH] openssl: Fix AES-GCM with BoringSSL

BoringSSL only supports a limited list of (hard-coded) algorithms via
EVP_get_cipherbyname(), which does not include AES-GCM.  While BoringSSL
deprecated these functions they are also supported by OpenSSL (in BoringSSL
a completely new interface for AEADs was added, which OpenSSL currently does
not support).
---
 src/libstrongswan/plugins/openssl/openssl_gcm.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/libstrongswan/plugins/openssl/openssl_gcm.c b/src/libstrongswan/plugins/openssl/openssl_gcm.c
index 6bbe4af95..5ef885b16 100644
--- a/src/libstrongswan/plugins/openssl/openssl_gcm.c
+++ b/src/libstrongswan/plugins/openssl/openssl_gcm.c
@@ -255,13 +255,13 @@ aead_t *openssl_gcm_create(encryption_algorithm_t algo,
 					key_size = 16;
 					/* FALL */
 				case 16:
-					this->cipher = EVP_get_cipherbyname("aes-128-gcm");
+					this->cipher = EVP_aes_128_gcm();
 					break;
 				case 24:
-					this->cipher = EVP_get_cipherbyname("aes-192-gcm");
+					this->cipher = EVP_aes_192_gcm();
 					break;
 				case 32:
-					this->cipher = EVP_get_cipherbyname("aes-256-gcm");
+					this->cipher = EVP_aes_256_gcm();
 					break;
 				default:
 					free(this);