This is a discussion on Re: AES counter mode support missing from EVP - Openssl ; On Tue, Apr 29, 2008, Jan Pechanec wrote: > > hi, > > I can see that EVP API doesn't support AES counter mode. My guess is > that it might be because of the fact that current EVP API ...
On Tue, Apr 29, 2008, Jan Pechanec wrote:
> I can see that EVP API doesn't support AES counter mode. My guess is
> that it might be because of the fact that current EVP API doesn't have a
> parameter for counter length. Is that the reason or is it something else?
Nobody having time to develop it is the main reason. The lack of a parameter
isn't a problem for EVP many cipher specific parameters can be set using the
> the problem is that now one can't offload AES counter modes to the
> engine unless the application itself specifies its own EVP functions and
> structures. However, even then, counter mode IDs and names are missing from
> obj*.h files so functions like OBJ_nid2sn() crash. That happens with
> "openssl engine -c", for example. It is enough to add following 3 lines to
> objects.txt so that AES counter mode can be offloaded to the engine using
> the workaround mentioned:
> : AES-128-CTR : aes-128-ctr
> : AES-192-CTR : aes-192-ctr
> : AES-256-CTR : aes-256-ctr
It would be better is standard OIDs existed for these modes and those were
You can create OIDs dynamically with OBJ_create() too, that should work
without the need to modify OpenSSL at all.
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
OpenSSL Project http://www.openssl.org
Development Mailing List email@example.com
Automated List Manager firstname.lastname@example.org