From 5d6a0f38d175a21cc50a0f8c695343f6dada02a7 Mon Sep 17 00:00:00 2001
From: Eric Biggers <ebiggers@google.com>
Date: Sun, 19 Mar 2023 12:38:47 -0700
Subject: [PATCH] fscrypt-crypt-util: fix XTS self-test with latest OpenSSL

In OpenSSL 3.0, XTS encryption fails if the message is zero-length.
Therefore, update test_aes_256_xts() to not test this case.

This only affects the algorithm self-tests within fscrypt-crypt-util,
which are not compiled by default.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Zorro Lang <zlang@redhat.com>
Signed-off-by: Zorro Lang <zlang@kernel.org>
---
 src/fscrypt-crypt-util.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/fscrypt-crypt-util.c b/src/fscrypt-crypt-util.c
index aab775b3..96f04799 100644
--- a/src/fscrypt-crypt-util.c
+++ b/src/fscrypt-crypt-util.c
@@ -1109,12 +1109,18 @@ static void test_aes_256_xts(void)
 	while (num_tests--) {
 		u8 key[2 * AES_256_KEY_SIZE];
 		u8 iv[AES_BLOCK_SIZE];
-		u8 ptext[512];
+		u8 ptext[32 * AES_BLOCK_SIZE];
 		u8 ctext[sizeof(ptext)];
 		u8 ref_ctext[sizeof(ptext)];
 		u8 decrypted[sizeof(ptext)];
-		const size_t datalen = ROUND_DOWN(rand() % (1 + sizeof(ptext)),
-						  AES_BLOCK_SIZE);
+		/*
+		 * Don't test message lengths that aren't a multiple of the AES
+		 * block size, since support for that is not implemented here.
+		 * Also don't test zero-length messages, since OpenSSL 3.0 and
+		 * later returns an error for those.
+		 */
+		const size_t datalen = AES_BLOCK_SIZE *
+			(1 + rand() % (sizeof(ptext) / AES_BLOCK_SIZE));
 		int outl, res;
 
 		rand_bytes(key, sizeof(key));
-- 
2.39.5