AES-XTS OSSL fails when executing with OpenSSL 3.0.2

Question

AES-XTS OSSL fails when executing with OpenSSL 3.0.2

Closed this issue 2 years ago · 3 comments

After we build successfully on a machine with OpenSSL 3.0.2, only the following functions fail:

$ ./aes/xts_128_enc_ossl_perf
$ ./aes/xts_128_dec_ossl_perf
$ ./aes/xts_256_enc_ossl_perf
$ ./aes/xts_256_dec_ossl_perf

We get the following error:

$ ./aes/xts_128_enc_ossl_perf
aes_xts_128_enc_perf:

 ERROR!!
ISA-L and OpenSSL results don't match

Answer 1 · 2022-06-08T23:59:26.000Z

Thanks for reporting @dineshchitlangia.

From experimenting with encode lengths it looks like small buffers are fine but openssl EVP_EncryptUpdate() now has a size limit of 16777216 bytes = 2^24 and only for xts. I don't see this in the openssl documentation but if true, we may have to loop the update() for large sizes.

Answer 2 · 2022-06-10T01:18:10.000Z

Also from the openssl docs they don't support streaming.

The XTS implementation in OpenSSL does not support streaming. That is there must only be one EVP_EncryptUpdate(3) call per EVP_EncryptInit_ex(3) call

So a direct comparison for a very large buffer may be impossible.

Answer 3 · 2022-06-16T16:36:40.000Z

Thanks @gbtucker for looking into this and the pointers. Appreciate it.