Hello OpenSSL experts,
I am encrypting a stream of data using OpenSSL C API and AES/GCM with
16-byte ivs. The stream is split into several chunks that need to be
encrypted with the same key but different ivs. So far I have the
following flow:
###
for data_chunk:
iv = newIv()
EVP_CIPHER_CTX_new
EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL)
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, 16, NULL))
EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
EVP_EncryptUpdate
EVP_EncryptFinal_ex
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG...
EVP_CIPHER_CTX_free
###
I am looking into improving performance by reusing objects, ideally the
following way:
###
EVP_CIPHER_CTX_new
EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL)
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, 16, NULL))
for data_chunk:
iv = newIv()
EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
EVP_EncryptUpdate
EVP_EncryptFinal_ex
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG...
EVP_CIPHER_CTX_free
###
The OpenSSL documentation is not entirely clear if this is recommended,
is there any concern with the approach? Would that also work for decryption?
Many thanks.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
