[openssl-users] Low level AES alternative in FIPS-140 OpenSSL

Alex Dankow alex at activecrypt.com
Sat Feb 3 08:13:58 UTC 2018


You probably know that low level AES function AES_set_encrypt_key is
disabled in FIPS 140-2 module. Instead it is offered to use EVP_
set of functions.

We develop transparent database encryption for SQL Server and
performance is very important issue. AES CTR requires very frequent
changes of IV and I can't find a way to set it other than
EVP_CipherInit. Initialization, however, relatively high time-consuming operation.

Question: Is there a way to set IV for CTX after its initialization for FIPS
version of OpenSSL?

Best regards,
Alex Dankow                          
alex at activecrypt.com
ActiveCrypt Software

More information about the openssl-users mailing list