fscrypt-crypt-util: fix XTS self-test with latest OpenSSL

In OpenSSL 3.0, XTS encryption fails if the message is zero-length. Therefore, update test_aes_256_xts() to not test this case. This only affects the algorithm self-tests within fscrypt-crypt-util, which are not compiled by default. Signed-off-by: Eric Biggers <ebiggers@google.com> Reviewed-by: Zorro Lang <zlang@redhat.com> Signed-off-by: Zorro Lang <zlang@kernel.org>
author: Eric Biggers <ebiggers@google.com> 2023-03-19 12:38:47 -0700
committer: Zorro Lang <zlang@kernel.org> 2023-03-25 12:44:13 +0800
commit: 5d6a0f38d175a21cc50a0f8c695343f6dada02a7 (patch)
tree: 6d51718dbab92cc9201f2388a4cb362cd90815ed /src
parent: 8727e8cb78107bac174f51bb2edc45793f8cb08d (diff)
1 files changed, 9 insertions, 3 deletions
diff --git a/src/fscrypt-crypt-util.c b/src/fscrypt-crypt-util.c
index aab775b3..96f04799 100644
--- a/src/fscrypt-crypt-util.c
+++ b/src/fscrypt-crypt-util.c
@@ -1109,12 +1109,18 @@ static void test_aes_256_xts(void)
 	while (num_tests--) {
 		u8 key[2 * AES_256_KEY_SIZE];
 		u8 iv[AES_BLOCK_SIZE];
-		u8 ptext[512];
+		u8 ptext[32 * AES_BLOCK_SIZE];
 		u8 ctext[sizeof(ptext)];
 		u8 ref_ctext[sizeof(ptext)];
 		u8 decrypted[sizeof(ptext)];
-		const size_t datalen = ROUND_DOWN(rand() % (1 + sizeof(ptext)),
-						  AES_BLOCK_SIZE);
+		/*
+		 * Don't test message lengths that aren't a multiple of the AES
+		 * block size, since support for that is not implemented here.
+		 * Also don't test zero-length messages, since OpenSSL 3.0 and
+		 * later returns an error for those.
+		 */
+		const size_t datalen = AES_BLOCK_SIZE *
+			(1 + rand() % (sizeof(ptext) / AES_BLOCK_SIZE));
 		int outl, res;
 
 		rand_bytes(key, sizeof(key));
author	Eric Biggers <ebiggers@google.com>	2023-03-19 12:38:47 -0700
committer	Zorro Lang <zlang@kernel.org>	2023-03-25 12:44:13 +0800
commit	5d6a0f38d175a21cc50a0f8c695343f6dada02a7 (patch)
tree	6d51718dbab92cc9201f2388a4cb362cd90815ed /src
parent	8727e8cb78107bac174f51bb2edc45793f8cb08d (diff)