hi, I can see that EVP API doesn't support AES counter mode. My guess is that it might be because of the fact that current EVP API doesn't have a parameter for counter length. Is that the reason or is it something else?
the problem is that now one can't offload AES counter modes to the engine unless the application itself specifies its own EVP functions and structures. However, even then, counter mode IDs and names are missing from obj*.h files so functions like OBJ_nid2sn() crash. That happens with "openssl engine -c", for example. It is enough to add following 3 lines to objects.txt so that AES counter mode can be offloaded to the engine using the workaround mentioned: : AES-128-CTR : aes-128-ctr : AES-192-CTR : aes-192-ctr : AES-256-CTR : aes-256-ctr I'm happy to file a bug and post a patch but I'd like to know if there is anything I'm missing. I searched through the archives but I didn't see any discussion related to the AES counter mode with regard to EVP API. and to put it to some context - SSH protocol always uses 128 bits long counter for AES counter mode so that's why OpenSSH can work with its own EVP functions for this mode. However, above mentioned changes are needed so that CTR mode can be offloaded to the engine. thanks, Jan. -- Jan Pechanec ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]