[openssl-users] Low level AES alternative in FIPS-140 OpenSSL
Matt Caswell
matt at openssl.org
Mon Feb 5 11:03:25 UTC 2018
On 03/02/18 08:13, Alex Dankow via openssl-users wrote:
> Greetings!
>
> You probably know that low level AES function AES_set_encrypt_key is
> disabled in FIPS 140-2 module. Instead it is offered to use EVP_
> set of functions.
>
> We develop transparent database encryption for SQL Server and
> performance is very important issue. AES CTR requires very frequent
> changes of IV and I can't find a way to set it other than
> EVP_CipherInit. Initialization, however, relatively high time-consuming operation.
You can call EVP_CipherInit again but with a NULL key parameter to only
update the IV and not the key. Hopefully this should be less
time-consuming.
Matt
More information about the openssl-users
mailing list