From: Guus Sliepen Date: Sat, 29 Oct 2016 20:14:45 +0000 (+0200) Subject: Use AES in CTR mode instead of OFB mode for meta-connections. X-Git-Tag: release-1.0.30~2 X-Git-Url: https://tinc-vpn.org/git/browse?a=commitdiff_plain;h=848effe2644b0b734c5096a34021be1a3963302f;p=tinc Use AES in CTR mode instead of OFB mode for meta-connections. This gives a very nice speedup while preserving the stream characteristics. --- diff --git a/m4/openssl.m4 b/m4/openssl.m4 index bb1f1465..4cf26f47 100644 --- a/m4/openssl.m4 +++ b/m4/openssl.m4 @@ -45,7 +45,7 @@ AC_DEFUN([tinc_OPENSSL], [AC_MSG_ERROR([LibreSSL/OpenSSL libraries not found.])] ) - AC_CHECK_FUNCS([RAND_bytes EVP_EncryptInit_ex EVP_CIPHER_CTX_new], , + AC_CHECK_FUNCS([RAND_bytes EVP_EncryptInit_ex EVP_CIPHER_CTX_new EVP_aes_256_ctr], , [AC_MSG_ERROR([Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version.]); break], ) diff --git a/src/net_setup.c b/src/net_setup.c index 5b985c34..eeeefdf6 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -664,11 +664,11 @@ static bool setup_myself(void) { int keylen = EVP_CIPHER_key_length(myself->incipher); if(keylen <= 16) - myself->connection->outcipher = EVP_aes_128_ofb(); + myself->connection->outcipher = EVP_aes_128_ctr(); else if(keylen <= 24) - myself->connection->outcipher = EVP_aes_192_ofb(); + myself->connection->outcipher = EVP_aes_192_ctr(); else - myself->connection->outcipher = EVP_aes_256_ofb(); + myself->connection->outcipher = EVP_aes_256_ctr(); if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime)) keylifetime = 3600;