AES-XTS OSSL fails when executing with OpenSSL 3.0.2

intel / isa-l_crypto

Other

275 stars 80 forks source link

AES-XTS OSSL fails when executing with OpenSSL 3.0.2 #96

Closed dineshchitlangia closed 2 years ago

dineshchitlangia commented 2 years ago

After we build successfully on a machine with OpenSSL 3.0.2, only the following functions fail:

$ ./aes/xts_128_enc_ossl_perf
$ ./aes/xts_128_dec_ossl_perf
$ ./aes/xts_256_enc_ossl_perf
$ ./aes/xts_256_dec_ossl_perf

We get the following error:

$ ./aes/xts_128_enc_ossl_perf
aes_xts_128_enc_perf:

 ERROR!!
ISA-L and OpenSSL results don't match

gbtucker commented 2 years ago

Thanks for reporting @dineshchitlangia.

From experimenting with encode lengths it looks like small buffers are fine but openssl EVP_EncryptUpdate() now has a size limit of 16777216 bytes = 2^24 and only for xts. I don't see this in the openssl documentation but if true, we may have to loop the update() for large sizes.

gbtucker commented 2 years ago

Also from the openssl docs they don't support streaming.

The XTS implementation in OpenSSL does not support streaming. That is there must only be one EVP_EncryptUpdate(3) call per EVP_EncryptInit_ex(3) call

So a direct comparison for a very large buffer may be impossible.

dineshchitlangia commented 2 years ago

Thanks @gbtucker for looking into this and the pointers. Appreciate it.