[openssl-users] Optimized way to encrypt data with different ivs using AES/GCM
me
babedoudi at yahoo.fr
Sat Jul 29 17:30:36 UTC 2017
Hello OpenSSL experts,
I am encrypting a stream of data using OpenSSL C API and AES/GCM with
16-byte ivs. The stream is split into several chunks that need to be
encrypted with the same key but different ivs. So far I have the
following flow:
###
for data_chunk:
iv = newIv()
EVP_CIPHER_CTX_new
EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL)
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, 16, NULL))
EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
EVP_EncryptUpdate
EVP_EncryptFinal_ex
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG...
EVP_CIPHER_CTX_free
###
I am looking into improving performance by reusing objects, ideally the
following way:
###
EVP_CIPHER_CTX_new
EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL)
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, 16, NULL))
for data_chunk:
iv = newIv()
EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
EVP_EncryptUpdate
EVP_EncryptFinal_ex
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG...
EVP_CIPHER_CTX_free
###
The OpenSSL documentation is not entirely clear if this is recommended,
is there any concern with the approach? Would that also work for decryption?
Many thanks.
More information about the openssl-users
mailing list