[3/3] fscrypt-crypt-util: fix XTS self-test with latest OpenSSL

Commit Message

Eric Biggers March 19, 2023, 7:38 p.m. UTC

From: Eric Biggers <ebiggers@google.com>

In OpenSSL 3.0, XTS encryption fails if the message is zero-length.
Therefore, update test_aes_256_xts() to not test this case.

This only affects the algorithm self-tests within fscrypt-crypt-util,
which are not compiled by default.

Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 src/fscrypt-crypt-util.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

Patch

diff --git a/src/fscrypt-crypt-util.c b/src/fscrypt-crypt-util.c
index 040b80c0..6edf0047 100644
--- a/src/fscrypt-crypt-util.c
+++ b/src/fscrypt-crypt-util.c
@@ -1107,12 +1107,16 @@  static void test_aes_256_xts(void)
 	while (num_tests--) {
 		u8 key[2 * AES_256_KEY_SIZE];
 		u8 iv[AES_BLOCK_SIZE];
-		u8 ptext[512];
+		u8 ptext[32 * AES_BLOCK_SIZE];
 		u8 ctext[sizeof(ptext)];
 		u8 ref_ctext[sizeof(ptext)];
 		u8 decrypted[sizeof(ptext)];
-		const size_t datalen = ROUND_DOWN(rand() % (1 + sizeof(ptext)),
-						  AES_BLOCK_SIZE);
+		// Don't test message lengths that aren't a multiple of the AES
+		// block size, since support for that is not implemented here.
+		// Also don't test zero-length messages, since OpenSSL 3.0 and
+		// later returns an error for those.
+		const size_t datalen = AES_BLOCK_SIZE *
+			(1 + rand() % (sizeof(ptext) / AES_BLOCK_SIZE));
 		int outl, res;
 
 		rand_bytes(key, sizeof(key));