EVP_aes_256_xts() problems with multiple calls to EVP_CipherUpdate

Norm Green norm.green at gemtalksystems.com
Tue Oct 1 03:16:11 UTC 2019


Could be, but that's not how EVP_CipherUpdate is documented to work.  If 
this is an XTS mode limitation and not a bug, shouldn't the limitation 
be documented on a man page somewhere?  And shouldn't my second call to 
EVP_CipherUpdate fail?

Norm Green


On 9/30/2019 8:04 PM, Thulasi Goriparthi wrote:
> As 512 byte blocks are independently encrypted, they should be 
> decrypted similarly. This is how XTS mode is defined.
> i.e Try to decrypt 512 byte blocks separately with two CipherUpdates.
>
> Thanks,
> Thulasi.
>
> On Tue, 1 Oct 2019 at 06:43, Norm Green <norm.green at gemtalksystems.com 
> <mailto:norm.green at gemtalksystems.com>> wrote:
>
>     Hi all,
>
>     I'm using OpenSSL 1.1.1d on Linux with the cipher
>     EVP_aes_256_xts() in
>     order to write database/disk encryption software.
>
>     When encrypting, I have problems if I call EVP_CipherUpdate() and
>     encrypt the data in chunks. Encrypting only works when I encrypt the
>     entire payload with one and only one call to EVP_CipherUpdate.
>
>     If I try to break the data into chunks (and make more than one
>     call to
>     EVP_CipherUpdate), then decrypting the data produces garbage after
>     the
>     first chunk that was encrypted
>     When decrypting, I always decrypt all data in one call to
>     EVP_CipherUpdate .
>
>     For example, when encrypting 1024 bytes, this pseudo-code sequence
>     works:
>
>     char payload[1024];
>     char encrypted[1024];
>     int destSize = sizeof(encrypted);
>     EVP_CipherInit_ex();
>     EVP_CipherUpdate(ctx, encrypted, &destSize, payload, sizeof(payload));
>     EVP_CipherFinal(); (produces no additional data)
>
>     However if I break the 1024 payload into 2 x 512 byte chunks,
>     decrypting
>     the entire 1024 bytes of cipher text produces garbage every time:
>
>     char payload[1024];
>     char encrypted[1024];
>     int destSize = sizeof(encrypted);
>     EVP_CipherInit_ex();
>     EVP_CipherUpdate(ctx, encrypted, &destSize, payload, 512); //
>     first chunk
>     destSize -= 512;
>     EVP_CipherUpdate(ctx, &encrypted[512], &destSize, &payload[512],
>     512);
>     // second chunk
>     EVP_CipherFinal(); (produces no additional data)
>
>     I have a short C program that demonstrates the problem that I can
>     post
>     if necessary.
>
>     Can anyone explain what's going on?
>
>     Norm Green
>     CTO, GemTalk Systems Inc.
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190930/f087911c/attachment.html>


More information about the openssl-users mailing list