evp_aes_<X>_ctr() vs. EVP_aes_<X>_ctr().

Aris Adamantiadis aris at 0xbadc0de.be
Wed Dec 12 06:07:19 EST 2012


Hi,

FYI OpenSSL used to provide broken AES-CTR in version 0.9.7a, shipped in
RHEL 4.8. You can see more info on http://blog.0xbadc0de.be/archives/15
where I learned it the hard way when I got a bug reported to me in libssh.

You may want to detect that version and fall back to software
implementation.

Kr,

Aris

Le 11/12/12 15:01, Pawel Jakub Dawidek a écrit :
> Hi.
> 
> OpenSSH currently has its own implementation of AES in counter mode
> (cipher-ctr.c). This is probably because it wasn't available in OpenSSL.
> From what I see now, recent OpenSSL does implement
> EVP_aes_{128,192,256}_ctr() and it would be nice to use it whenever
> possible. The gain here is that OpenSSH's version uses software AES
> implementation and OpenSSL's version will use AES-NI if available.
> 
> Just FYI, unfortunately I cannot prepare nice and clean patch for this
> right now, but changing all evp_aes_128_ctr to EVP_aes_128_ctr,
> EVP_aes_192_ctr and EVP_aes_256_ctr respectively in ciphers[] array just
> works (thanks to the fact that 'c->evptype == evp_aes_128_ctr' is no
> longer true and IV is taken from cc->evp.iv)..
> 
> 
> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> 



More information about the openssh-unix-dev mailing list