From 848effe2644b0b734c5096a34021be1a3963302f Mon Sep 17 00:00:00 2001
From: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat, 29 Oct 2016 22:14:45 +0200
Subject: [PATCH] Use AES in CTR mode instead of OFB mode for meta-connections.

This gives a very nice speedup while preserving the stream characteristics.
---
 m4/openssl.m4   | 2 +-
 src/net_setup.c | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/m4/openssl.m4 b/m4/openssl.m4
index bb1f1465..4cf26f47 100644
--- a/m4/openssl.m4
+++ b/m4/openssl.m4
@@ -45,7 +45,7 @@ AC_DEFUN([tinc_OPENSSL],
     [AC_MSG_ERROR([LibreSSL/OpenSSL libraries not found.])]
   )
 
-  AC_CHECK_FUNCS([RAND_bytes EVP_EncryptInit_ex EVP_CIPHER_CTX_new], ,
+  AC_CHECK_FUNCS([RAND_bytes EVP_EncryptInit_ex EVP_CIPHER_CTX_new EVP_aes_256_ctr], ,
     [AC_MSG_ERROR([Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version.]); break],
   )
 
diff --git a/src/net_setup.c b/src/net_setup.c
index 5b985c34..eeeefdf6 100644
--- a/src/net_setup.c
+++ b/src/net_setup.c
@@ -664,11 +664,11 @@ static bool setup_myself(void) {
 
 	int keylen = EVP_CIPHER_key_length(myself->incipher);
 	if(keylen <= 16)
-		myself->connection->outcipher = EVP_aes_128_ofb();
+		myself->connection->outcipher = EVP_aes_128_ctr();
 	else if(keylen <= 24)
-		myself->connection->outcipher = EVP_aes_192_ofb();
+		myself->connection->outcipher = EVP_aes_192_ctr();
 	else
-		myself->connection->outcipher = EVP_aes_256_ofb();
+		myself->connection->outcipher = EVP_aes_256_ctr();
 
 	if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime))
 		keylifetime = 3600;
-- 
2.20.1