On Mon, Aug 26, 2013, Leon Brits wrote: > Hi all, > > I've noticed in my unit tests that, for the same code path, when I encrypt an > decrypt the data read from a file which is 959120 bytes in size, then the > FIPS mode of AES-XTS works every time, while the non-FIPS mode fails some > times. It fails frequently but seemingly random. I've seen another post about > block sizes (4K and 32K) and I've tried smaller sizes but got the same > result. I am using the EVP_Decrypt/Encrypt API calls and have an Openssl > 1.0.1e compiled with FIPS canister v.2.0.2. > > The question is why does FIPS mode work correctly every time and not non-FIPS? >
When you say "non-FIPS mode" have you compiled OpenSSL with the "fips" configuration option but not set FIPS mode or have you not used "fips"? It makes a difference because different code paths are involved. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org