I do the entire block of 32 KB in one call (as Steve points out, that seems teh natural way of using XTS)
>-- Original Message -- >Date: Mon, 13 May 2013 18:49:06 +0200 >From: "Dr. Stephen Henson" <[email protected]> >To: [email protected] >Subject: Re: [openssl.org #3045] bug report: AES XTS fails for data unit >size > > 4KB >Reply-To: [email protected] > > >On Mon, May 13, 2013, Greg Bryant (grbryant) wrote: > >> If you encrypt the 32KB block with multiple calls to EVP_CipherUpdate (for >> example 4KB at a time), you'll see this effect. Each call to >> EVP_CipherUpdate restarts the tweak. I posted a question as whether that's >a >> bug or a feature a few weeks ago but didn't get any conclusive responses. >> AES XTS is the only mode with this issue. Other modes preserve the chaining >> across calls to EVP_CipherUpdate. >> > >That's a feature of how XTS mode is implemented. The normal use for XTS is >hard disk encryption in sector size chunks where all the data is available >in >memory at once. > >CCM mode doesn't chain either but for different reasons. > >What you're seeing is that the way the cipher works isn't compatible with >the >cipher BIO which the enc command uses. We should really disable those modes >which don't work properly with enc: that would be GCM, CCM and XTS at present. > >Steve. >-- >Dr Stephen N. Henson. OpenSSL project core developer. >Commercial tech support now available see: http://www.openssl.org >______________________________________________________________________ >OpenSSL Project http://www.openssl.org >Development Mailing List [email protected] >Automated List Manager [email protected] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
