On Tue, Apr 29, 2008, Jan Pechanec wrote:

> hi,
> I can see that EVP API doesn't support AES counter mode. My guess is
> that it might be because of the fact that current EVP API doesn't have a
> parameter for counter length. Is that the reason or is it something else?

Nobody having time to develop it is the main reason. The lack of a parameter
isn't a problem for EVP many cipher specific parameters can be set using the
ctrl mechanism.

> the problem is that now one can't offload AES counter modes to the
> engine unless the application itself specifies its own EVP functions and
> structures. However, even then, counter mode IDs and names are missing from
> obj*.h files so functions like OBJ_nid2sn() crash. That happens with
> "openssl engine -c", for example. It is enough to add following 3 lines to
> objects.txt so that AES counter mode can be offloaded to the engine using
> the workaround mentioned:
> : AES-128-CTR : aes-128-ctr
> : AES-192-CTR : aes-192-ctr
> : AES-256-CTR : aes-256-ctr

It would be better is standard OIDs existed for these modes and those were
added instead.

You can create OIDs dynamically with OBJ_create() too, that should work
without the need to modify OpenSSL at all.

Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org