evp_aes_<X>_ctr() vs. EVP_aes_<X>_ctr().

Pawel Jakub Dawidek pjd at FreeBSD.org
Wed Dec 12 01:01:41 EST 2012


OpenSSH currently has its own implementation of AES in counter mode
(cipher-ctr.c). This is probably because it wasn't available in OpenSSL.
From what I see now, recent OpenSSL does implement
EVP_aes_{128,192,256}_ctr() and it would be nice to use it whenever
possible. The gain here is that OpenSSH's version uses software AES
implementation and OpenSSL's version will use AES-NI if available.

Just FYI, unfortunately I cannot prepare nice and clean patch for this
right now, but changing all evp_aes_128_ctr to EVP_aes_128_ctr,
EVP_aes_192_ctr and EVP_aes_256_ctr respectively in ciphers[] array just
works (thanks to the fact that 'c->evptype == evp_aes_128_ctr' is no
longer true and IV is taken from cc->evp.iv)..

Pawel Jakub Dawidek                       http://www.wheelsystems.com
FreeBSD committer                         http://www.FreeBSD.org
Am I Evil? Yes, I Am!                     http://tupytaj.pl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20121211/287ab2f2/attachment.bin>

More information about the openssh-unix-dev mailing list