I am using a FIPS compiled OpenSSL and I switch between FIPS and non-FIPS mode with the FIPS_mode_set() API call. The selection is made by the application linked to my library based on its configuration.
Thanks LJB > -----Original Message----- > From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] > On Behalf Of Dr. Stephen Henson > Sent: 26 August 2013 01:26 PM > To: openssl-dev@openssl.org > Subject: Re: AES-XTS problem in non-FIPS mode > > On Mon, Aug 26, 2013, Leon Brits wrote: > > > Hi all, > > > > I've noticed in my unit tests that, for the same code path, when I > encrypt an decrypt the data read from a file which is 959120 bytes in > size, then the FIPS mode of AES-XTS works every time, while the non-FIPS > mode fails some times. It fails frequently but seemingly random. I've seen > another post about block sizes (4K and 32K) and I've tried smaller sizes > but got the same result. I am using the EVP_Decrypt/Encrypt API calls and > have an Openssl 1.0.1e compiled with FIPS canister v.2.0.2. > > > > The question is why does FIPS mode work correctly every time and not > non-FIPS? > > > > When you say "non-FIPS mode" have you compiled OpenSSL with the "fips" > configuration option but not set FIPS mode or have you not used "fips"? > > It makes a difference because different code paths are involved. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org