Optimized way to encrypt data with different ivs using AES/GCM

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Optimized way to encrypt data with different ivs using AES/GCM

OpenSSL - User mailing list
Hello OpenSSL experts,

I am encrypting a stream of data using OpenSSL C API and AES/GCM with
16-byte ivs. The stream is split into several chunks that need to be
encrypted with the same key but different ivs. So far I have the
following flow:

###
for data_chunk:
     iv = newIv()
     EVP_CIPHER_CTX_new
     EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL)
     EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, 16, NULL))
     EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))

     EVP_EncryptUpdate
     EVP_EncryptFinal_ex
     EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG...

     EVP_CIPHER_CTX_free
###

I am looking into improving performance by reusing objects, ideally the
following way:

###
EVP_CIPHER_CTX_new
EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL)
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, 16, NULL))

for data_chunk:
     iv = newIv()
     EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))

     EVP_EncryptUpdate
     EVP_EncryptFinal_ex
     EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG...

EVP_CIPHER_CTX_free
###

The OpenSSL documentation is not entirely clear if this is recommended,
is there any concern with the approach? Would that also work for decryption?

Many thanks.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Loading...