Hi,


We are using openssl to establish secure channel (encryption and HMAC)
between two entities. This channel is used to secure file system
operations.


We first establish a TCP connection. Then, for "every file system
request/data transfer from the client" we do the following function
calls (logically)
--------------------
---------------------
on client on
server
------------------------
------------------------------
EVP_EncryptInit EVP_DecryptInit
EVP_EncryptUpdate EVP_DecryptUpdate
EVP_EncryptFinal EVP_DecryptFinal


We need to call Init and final for each request to make sure that the
server/client gets the last encrypted block. We are using Blowfish in
CBC mode for encryption.


Heres the problem that we are facing:
Doing EVP_EncryptInit and Final for each request is turning out to be
expensive. It is affecting our throughput. If we replace CBC with OFB
(in which case we dont need to do Init and Final) then the throughput
is not affected as much.
We want to use block ciphers. Can we somehow reduce the overhead due to

Init and Final operations?


Thanks in advance.