Is it possible to use AES CTR mode encryption using the EVP API?

Question

I'm new to OpenSSL. I understand that encryption should be performed using the EVP API which acts as a common interface to all the ciphers. AES CTR mode seems to be present in the version of OpenSSL that I have, but the definition for EVP_aes_128_ctr is disabled in evp.h:

#if 0
const EVP_CIPHER *EVP_aes_128_ctr(void);
#endif

Any idea why this is? Can I just remove the #if 0? Any other pointers on getting 128 bit AES CTR mode encryption to work in OpenSSL would be appreciated!

Thanks!

Answer 1

Btw, it looks like the answer to this is no, not yet. But maybe soon. I found this email thread indicating that a patch to address this issue may have been submitted in June 2010:

http://www.mail-archive.com/[email protected]/msg01972.html

But when I downloaded the latest development branch from SVN, AES CTR was still not enabled in EVP. I ended up just implementing it directly, for which I found this link helpful:

AES CTR 256 Encryption Mode of operation on OpenSSL

Answer 2

I'm using AES CTR 128 mode and it works. I'm using libssl1.0.0 (I'm not sure if I'm answering the right question! I hope it would be helpful). Here is a part of my code:

EVP_CipherInit_ex(ctx, EVP_aes_128_ctr(), NULL, key, iv,1);
EVP_CipherUpdate (ctx, ciphertext, &len, plaintext, plaintext_len);
/* Finalise the encryption. */
if(! EVP_CipherFinal_ex(ctx, ciphertext + len, &len)) handleErrors();
/*setting padding option*/
EVP_CIPHER_CTX_set_padding(ctx,0);
/* Clean up */
EVP_CIPHER_CTX_free(ctx);