Use AES in CTR mode instead of OFB mode for meta-connections.

This gives a very nice speedup while preserving the stream characteristics.

diff --git a/m4/openssl.m4 b/m4/openssl.m4
index bb1f146..4cf26f4 100644 (file)
--- a/m4/openssl.m4
+++ b/m4/openssl.m4
@@ -45,7 +45,7 @@ AC_DEFUN([tinc_OPENSSL],
     [AC_MSG_ERROR([LibreSSL/OpenSSL libraries not found.])]
   )
 
-  AC_CHECK_FUNCS([RAND_bytes EVP_EncryptInit_ex EVP_CIPHER_CTX_new], ,
+  AC_CHECK_FUNCS([RAND_bytes EVP_EncryptInit_ex EVP_CIPHER_CTX_new EVP_aes_256_ctr], ,
     [AC_MSG_ERROR([Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version.]); break],
   )
 

diff --git a/src/net_setup.c b/src/net_setup.c
index 5b985c3..eeeefdf 100644 (file)
--- a/src/net_setup.c
+++ b/src/net_setup.c
@@ -664,11 +664,11 @@ static bool setup_myself(void) {
 
        int keylen = EVP_CIPHER_key_length(myself->incipher);
        if(keylen <= 16)
-               myself->connection->outcipher = EVP_aes_128_ofb();
+               myself->connection->outcipher = EVP_aes_128_ctr();
        else if(keylen <= 24)
-               myself->connection->outcipher = EVP_aes_192_ofb();
+               myself->connection->outcipher = EVP_aes_192_ctr();
        else
-               myself->connection->outcipher = EVP_aes_256_ofb();
+               myself->connection->outcipher = EVP_aes_256_ctr();
 
        if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime))
                keylifetime = 3600;