[openssl-users] How to use EVP_aes_256_cbc_hmac_sha256

Gerhard Gappmeier gerhard.gappmeier at ascolab.com
Tue Nov 8 08:48:54 UTC 2016


Hi,

I'm trying to use EVP_EncryptUpdate() with EVP_aes_256_cbc_hmac_sha256()
to speed up encryption.
This "stiched" version should be faster than first hashing and then
encrypt the data.
See also
https://software.intel.com/sites/default/files/open-ssl-performance-paper.pdf
for some background.

However I don't see a way to configure the offset between the data to be
signed and the data to be encrypted.
In my protocol (not TLS) we have a header of 16 byte that gets signed,
but not encrypted.

Some ASCII art to explain this (use fix size font to view this):
/----signed-------------------\
|header|seqheader|body|padding|signature|
       \--------encrypted---------------/

I debugged already "openssl speed -evp aes-256-cbc-hmac-sha256" but this
looks for me like the same data is signed and encrypted,
and no offset is used.

Is it possible somehow to define such a offset? I was expecting that the
same is necessary for TLS, but I'm not a TLS expert :-)

regards,
Gerhard.




More information about the openssl-users mailing list