5 files changed, 54 insertions, 64 deletions

diff --git a/src/libstrongswan/plugins/aes/aes_crypter.c b/src/libstrongswan/plugins/aes/aes_crypter.c
index ee6b53290..5ba92f8d6 100644
--- a/src/libstrongswan/plugins/aes/aes_crypter.c
+++ b/src/libstrongswan/plugins/aes/aes_crypter.c
@@ -1534,6 +1534,9 @@ aes_crypter_t *aes_crypter_create(encryption_algorithm_t algo, size_t key_size)
 	}
 	switch (key_size)
 	{
+		case 0:
+			key_size = 16;
+			break;
 		case 32:
 		case 24:
 		case 16:
diff --git a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c
index e37420ae8..8135faa13 100644
--- a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c
+++ b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c
@@ -166,7 +166,8 @@ METHOD(crypter_t, destroy, void,
 /*
  * Described in header
  */
-blowfish_crypter_t *blowfish_crypter_create(encryption_algorithm_t algo, size_t key_size)
+blowfish_crypter_t *blowfish_crypter_create(encryption_algorithm_t algo,
+											size_t key_size)
 {
 	private_blowfish_crypter_t *this;
 
@@ -185,7 +186,7 @@ blowfish_crypter_t *blowfish_crypter_create(encryption_algorithm_t algo, size_t
 			.set_key = _set_key,
 			.destroy = _destroy,
 		},
-		.key_size = key_size,
+		.key_size = key_size ?: 16,
 	);
 
 	return &this->public;
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c
index 1d849bc09..943f9c2d2 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c
@@ -194,7 +194,7 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo,
 			gcrypt_alg = GCRY_CIPHER_CAST5;
 			break;
 		case ENCR_BLOWFISH:
-			if (key_size != 16)
+			if (key_size != 16 && key_size != 0)
 			{	/* gcrypt currently supports 128 bit blowfish only */
 				return NULL;
 			}
@@ -206,6 +206,7 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo,
 		case ENCR_AES_CBC:
 			switch (key_size)
 			{
+				case 0:
 				case 16:
 					gcrypt_alg = GCRY_CIPHER_AES128;
 					break;
@@ -226,6 +227,7 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo,
 			switch (key_size)
 			{
 #ifdef HAVE_GCRY_CIPHER_CAMELLIA
+				case 0:
 				case 16:
 					gcrypt_alg = GCRY_CIPHER_CAMELLIA128;
 					break;
@@ -243,6 +245,7 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo,
 		case ENCR_SERPENT_CBC:
 			switch (key_size)
 			{
+				case 0:
 				case 16:
 					gcrypt_alg = GCRY_CIPHER_SERPENT128;
 					break;
@@ -259,6 +262,7 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo,
 		case ENCR_TWOFISH_CBC:
 			switch (key_size)
 			{
+				case 0:
 				case 16:
 					gcrypt_alg = GCRY_CIPHER_TWOFISH128;
 					break;
diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.c b/src/libstrongswan/plugins/openssl/openssl_crypter.c
index a410eee2c..1cecec8f2 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crypter.c
+++ b/src/libstrongswan/plugins/openssl/openssl_crypter.c
@@ -41,79 +41,48 @@ struct private_openssl_crypter_t {
 };
 
 /**
- * Mapping from the algorithms defined in IKEv2 to
- * OpenSSL algorithm names and their key length
- */
-typedef struct {
-	/**
-	 * Identifier specified in IKEv2
-	 */
-	int ikev2_id;
-
-	/**
-	 * Name of the algorithm, as used in OpenSSL
-	 */
-	char *name;
-
-	/**
-	 * Minimum valid key length in bytes
-	 */
-	size_t key_size_min;
-
-	/**
-	 * Maximum valid key length in bytes
-	 */
-	size_t key_size_max;
-} openssl_algorithm_t;
-
-#define END_OF_LIST -1
-
-/**
- * Algorithms for encryption
- */
-static openssl_algorithm_t encryption_algs[] = {
-/*	{ENCR_DES_IV64, 	"***", 			0,	0}, */
-	{ENCR_DES, 			"des",			8,	8},		/* 64 bits */
-	{ENCR_3DES, 		"des3",			24,	24},	/* 192 bits */
-	{ENCR_RC5, 			"rc5", 			5,	255},	/* 40 to 2040 bits, RFC 2451 */
-	{ENCR_IDEA, 		"idea",			16,	16},	/* 128 bits, RFC 2451 */
-	{ENCR_CAST, 		"cast",			5,	16},	/* 40 to 128 bits, RFC 2451 */
-	{ENCR_BLOWFISH, 	"blowfish",		5,	56},	/* 40 to 448 bits, RFC 2451 */
-/*	{ENCR_3IDEA, 		"***",			0,	0}, */
-/*	{ENCR_DES_IV32, 	"***",			0,	0}, */
-/*	{ENCR_NULL, 		"***",			0,	0}, */ /* handled separately */
-/*	{ENCR_AES_CBC, 		"***",			0,	0}, */ /* handled separately */
-/*	{ENCR_CAMELLIA_CBC,	"***",			0,	0}, */ /* handled separately */
-/*	{ENCR_AES_CTR, 		"***",			0,	0}, */ /* disabled in evp.h */
-	{END_OF_LIST, 		NULL,			0,	0},
-};
-
-/**
  * Look up an OpenSSL algorithm name and validate its key size
  */
-static char* lookup_algorithm(openssl_algorithm_t *openssl_algo,
-					   u_int16_t ikev2_algo, size_t *key_size)
+static char* lookup_algorithm(u_int16_t ikev2_algo, size_t *key_size)
 {
-	while (openssl_algo->ikev2_id != END_OF_LIST)
+	struct {
+		/* identifier specified in IKEv2 */
+		int ikev2_id;
+		/* name of the algorithm, as used in OpenSSL */
+		char *name;
+		/* default key size in bytes */
+		size_t key_def;
+		/* minimum key size */
+		size_t key_min;
+		/* maximum key size */
+		size_t key_max;
+	} mappings[] = {
+		{ENCR_DES, 			"des",			 8,		 8,		  8},
+		{ENCR_3DES, 		"des3",			24,		24,		 24},
+		{ENCR_RC5, 			"rc5", 			16,		 5,		255},
+		{ENCR_IDEA, 		"idea",			16,		16,		 16},
+		{ENCR_CAST, 		"cast",			16,		 5,		 16},
+		{ENCR_BLOWFISH, 	"blowfish",		16,		 5,		 56},
+	};
+	int i;
+
+	for (i = 0; i < countof(mappings); i++)
 	{
-		if (ikev2_algo == openssl_algo->ikev2_id)
+		if (ikev2_algo == mappings[i].ikev2_id)
 		{
 			/* set the key size if it is not set */
-			if (*key_size == 0 &&
-				(openssl_algo->key_size_min == openssl_algo->key_size_max))
+			if (*key_size == 0)
 			{
-				*key_size = openssl_algo->key_size_min;
+				*key_size = mappings[i].key_def;
 			}
-
 			/* validate key size */
-			if (*key_size < openssl_algo->key_size_min ||
-				*key_size > openssl_algo->key_size_max)
+			if (*key_size < mappings[i].key_min ||
+				*key_size > mappings[i].key_max)
 			{
 				return NULL;
 			}
-			return openssl_algo->name;
+			return mappings[i].name;
 		}
-		openssl_algo++;
 	}
 	return NULL;
 }
@@ -211,10 +180,14 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo,
 	{
 		case ENCR_NULL:
 			this->cipher = EVP_enc_null();
+			key_size = 0;
 			break;
 		case ENCR_AES_CBC:
 			switch (key_size)
 			{
+				case 0:
+					key_size = 16;
+					/* FALL */
 				case 16:        /* AES 128 */
 					this->cipher = EVP_get_cipherbyname("aes128");
 					break;
@@ -232,6 +205,9 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo,
 		case ENCR_CAMELLIA_CBC:
 			switch (key_size)
 			{
+				case 0:
+					key_size = 16;
+					/* FALL */
 				case 16:        /* CAMELLIA 128 */
 					this->cipher = EVP_get_cipherbyname("camellia128");
 					break;
@@ -247,11 +223,14 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo,
 			}
 			break;
 		case ENCR_DES_ECB:
+			key_size = 8;
 			this->cipher = EVP_des_ecb();
 			break;
 		default:
 		{
-			char* name = lookup_algorithm(encryption_algs, algo, &key_size);
+			char* name;
+
+			name = lookup_algorithm(algo, &key_size);
 			if (!name)
 			{
 				/* algo unavailable or key_size invalid */
diff --git a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c
index 11d8ba044..bbeef549d 100644
--- a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c
+++ b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c
@@ -164,6 +164,9 @@ padlock_aes_crypter_t *padlock_aes_crypter_create(encryption_algorithm_t algo,
 	}
 	switch (key_size)
 	{
+		case 0:
+			key_size = 16;
+			/* FALL */
 		case 16:        /* AES 128 */
 			break;
 		case 24:        /* AES-192 */