Low level AES alternative in FIPS-140 OpenSSL

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Low level AES alternative in FIPS-140 OpenSSL

OpenSSL - User mailing list
Greetings!

You probably know that low level AES function AES_set_encrypt_key is
disabled in FIPS 140-2 module. Instead it is offered to use EVP_
set of functions.

We develop transparent database encryption for SQL Server and
performance is very important issue. AES CTR requires very frequent
changes of IV and I can't find a way to set it other than
EVP_CipherInit. Initialization, however, relatively high time-consuming operation.

Question: Is there a way to set IV for CTX after its initialization for FIPS
version of OpenSSL?

--
Best regards,
Alex Dankow                          
[hidden email]
ActiveCrypt Software

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Low level AES alternative in FIPS-140 OpenSSL

OpenSSL - User mailing list

➢     Question: Is there a way to set IV for CTX after its initialization for FIPS
    version of OpenSSL?
   
No, sorry.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Low level AES alternative in FIPS-140 OpenSSL

Matt Caswell-2
In reply to this post by OpenSSL - User mailing list


On 03/02/18 08:13, Alex Dankow via openssl-users wrote:

> Greetings!
>
> You probably know that low level AES function AES_set_encrypt_key is
> disabled in FIPS 140-2 module. Instead it is offered to use EVP_
> set of functions.
>
> We develop transparent database encryption for SQL Server and
> performance is very important issue. AES CTR requires very frequent
> changes of IV and I can't find a way to set it other than
> EVP_CipherInit. Initialization, however, relatively high time-consuming operation.

You can call EVP_CipherInit again but with a NULL key parameter to only
update the IV and not the key. Hopefully this should be less
time-consuming.

Matt
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users