[openssl-users] Low level AES alternative in FIPS-140 OpenSSL

Matt Caswell matt at openssl.org
Mon Feb 5 11:03:25 UTC 2018



On 03/02/18 08:13, Alex Dankow via openssl-users wrote:
> Greetings!
> 
> You probably know that low level AES function AES_set_encrypt_key is
> disabled in FIPS 140-2 module. Instead it is offered to use EVP_
> set of functions.
> 
> We develop transparent database encryption for SQL Server and
> performance is very important issue. AES CTR requires very frequent
> changes of IV and I can't find a way to set it other than
> EVP_CipherInit. Initialization, however, relatively high time-consuming operation.

You can call EVP_CipherInit again but with a NULL key parameter to only
update the IV and not the key. Hopefully this should be less
time-consuming.

Matt


More information about the openssl-users mailing list