On Tue, Apr 29, 2008, Jan Pechanec wrote: > > hi, > > I can see that EVP API doesn't support AES counter mode. My guess is > that it might be because of the fact that current EVP API doesn't have a > parameter for counter length. Is that the reason or is it something else? >
Nobody having time to develop it is the main reason. The lack of a parameter isn't a problem for EVP many cipher specific parameters can be set using the ctrl mechanism. > the problem is that now one can't offload AES counter modes to the > engine unless the application itself specifies its own EVP functions and > structures. However, even then, counter mode IDs and names are missing from > obj*.h files so functions like OBJ_nid2sn() crash. That happens with > "openssl engine -c", for example. It is enough to add following 3 lines to > objects.txt so that AES counter mode can be offloaded to the engine using > the workaround mentioned: > > : AES-128-CTR : aes-128-ctr > : AES-192-CTR : aes-192-ctr > : AES-256-CTR : aes-256-ctr > It would be better is standard OIDs existed for these modes and those were added instead. You can create OIDs dynamically with OBJ_create() too, that should work without the need to modify OpenSSL at all. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]