search for: main_evp

...ll > take a little figuring out. > > One comment on the patch itself: it passes do_encrypt though in a > bunch > of places and I'm not sure the usage is correct in all of them. In > fact > I don't think it can even be made consistent for decryption, as the > ctx->main_evp has to be used in encryption mode (not decryption) to > generate the poly1305 key. > > Given this is a stream cipher and there is AFAIK no difference > between > encryption and decryption, I think it would be better just fix > do_encrypt > to 1 to avoid inconsistency. Hi Dami...

On some cpu's optimized chacha implementation in openssl (1.1.0+) is notably faster (and on others it is just faster) than generic C implementation in openssh. Sadly, openssl's chacha20-poly1305 (EVP_chacha20_poly1305) uses different scheme (with padding/etc - see rfc8439) and it looks it is not possible to use in openssh. OpenSSL 1.1.1+ also exports "raw" poly1305 primitive,