Hi all, I've noticed in my unit tests that, for the same code path, when I encrypt an decrypt the data read from a file which is 959120 bytes in size, then the FIPS mode of AES-XTS works every time, while the non-FIPS mode fails some times. It fails frequently but seemingly random. I've seen another post about block sizes (4K and 32K) and I've tried smaller sizes but got the same result. I am using the EVP_Decrypt/Encrypt API calls and have an Openssl 1.0.1e compiled with FIPS canister v.2.0.2.
The question is why does FIPS mode work correctly every time and not non-FIPS? Hope you can help. Leon Brits Senior Design Engineer [cid:image001.jpg@01CEA24B.21A82E40] Work +27 12 678 9740 Fax +27 12 678 9741 Cell +27 (84) 250 2855 Email le...@parsec.co.za <mailto:le...@parsec.co.za>Building 10, Manhattan Office Park, 16 Pieter Street, Centurion Disclaimer <http://www.parsec.co.za/disclaimer.php>
<<inline: image001.jpg>>