OK, found the error. I simply did not give a "double size" key to the cipher as required. That would explain why it sometimes worked. Sorry for the trouble
Thanks for your time and support LJB > -----Original Message----- > From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] > On Behalf Of Leon Brits > Sent: 27 August 2013 02:48 PM > To: openssl-dev@openssl.org > Subject: RE: AES-XTS problem in non-FIPS mode > > OK, sorry this stupid error has been resolved. There was some openssl init > code which got disabled when I disabled lines of source for FIPS mode. > > The problem however still persists for me even with this OpenSSL which has > been compiled without fips. I will continue looking at my code. > > Thanks > LJB > > > -----Original Message----- > > From: owner-openssl-...@openssl.org > > [mailto:owner-openssl-...@openssl.org] > > On Behalf Of Leon Brits > > Sent: 27 August 2013 12:08 PM > > To: openssl-dev@openssl.org > > Subject: RE: AES-XTS problem in non-FIPS mode > > > > Ok, some weirdness happening here... > > > > I've selected to test with option 2 and recompiled my openssl 1.0.1e > > withOUT "fips" in "./config fips". > > > > $ openssl version > > OpenSSL 1.0.1e 11 Feb 2013 > > > > I've verified that the AES-XTS cipher is present with: > > $ openssl list-cipher-algorithms > > > > In my app I resolve the NID_aes_256_xts to a name with OBJ_nid2sn() > > and get the same name as in the list above. > > > > However when I call EVP_get_cipherbyname() with this name I get a NULL. > > I've never had an error with this in the FIPS compiled module. This > > just does not seem possible as an error, so any ideas on what may be > > wrong with my system? I've working in VirtualBox VM with a default > > installed Ubuntu 12.04.02. > > > > Thanks > > LJB > > > > > > > -----Original Message----- > > > From: owner-openssl-...@openssl.org > > > [mailto:owner-openssl-...@openssl.org] > > > On Behalf Of Dr. Stephen Henson > > > Sent: 26 August 2013 03:23 PM > > > To: openssl-dev@openssl.org > > > Subject: Re: AES-XTS problem in non-FIPS mode > > > > > > On Mon, Aug 26, 2013, Leon Brits wrote: > > > > > > > I am using a FIPS compiled OpenSSL and I switch between FIPS and > > > > non- > > > FIPS mode with the FIPS_mode_set() API call. The selection is made > > > by the application linked to my library based on its configuration. > > > > > > > > > > That's weird. It should be using exactly the same algorithm > > > implementation then. > > > > > > Assuming there's no problem with your code the only thing I can > > > think of is some inconsistency between FIPS and non-FIPS > > > initialisation of EVP. To test that have a look in > > > crypto/evp/evp_enc.c in OpenSSL 1.0.1 for the lines that check > > > FIPS_mode(). Change them so they're always caled and not just if > > > FIPS_mode() is non-zero. > > > > > > If possible also try OpenSSL 1.0.1 without the "fips" compilation > > option: > > > it will then use its internal implementation and not the one in the > > > FIPS module. > > > > > > Steve. > > > -- > > > Dr Stephen N. Henson. OpenSSL project core developer. > > > Commercial tech support now available see: http://www.openssl.org > > > ______________________________________________________________________ > > > OpenSSL Project http://www.openssl.org > > > Development Mailing List openssl-dev@openssl.org > > > Automated List Manager majord...@openssl.org > > > > > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > Development Mailing List openssl-dev@openssl.org > > Automated List Manager majord...@openssl.org > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
