On Wed Jul 09 16:24:04 2014, [email protected] wrote: > Hi, > > openssl enc command with -aes-xxx-xts doesnt work if an IV is specified
When you say it "doesn't work", what do you mean? Do you get an error? If so what is it? > as below: > openssl enc -engine af_alg -aes-256-xts -in <plaintext_file> -out > <output_encrypted_file> -K > 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef -iv > 00000000000000000000000000000000 I notice you have installed a custom engine. Does it advertise XTS support? What happens if you do not use the engine? Running this command (without the engine parameter) works for me. Which version of openssl are you running? Note: although I don't think it explains your problem, the key you are using here is too short. XTS is unusual in that it requires double length keys, hence aes-256-xts requires a 512 bit key. > > I am proposing a minor enhancement in EVP_CipherInit_ex() to include > case EVP_CIPH_XTS_MODE which currently is not present. > > Please consider the patch [attached as well as pasted below] > --- /root/jlulla/evp_enc.c 2014-07-04 04:23:48.000000000 -0700 > +++ crypto/evp/evp_enc.c 2014-07-04 03:21:29.000000000 -0700 > @@ -242,6 +242,10 @@ skip_to_init: > if(iv) > memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx)); > break; > + case EVP_CIPH_XTS_MODE: > + if(iv) > + memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx)); > + break; > > default: > return 0; This will not work. This section of code only runs if the flag EVP_CIPH_CUSTOM_IV is not set - which it is for XTS. Matt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
