Add length limitation from SP800-38E.

author Dr. Stephen Henson <steve@openssl.org>

Fri, 15 Apr 2011 12:01:53 +0000 (12:01 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Fri, 15 Apr 2011 12:01:53 +0000 (12:01 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Fri, 15 Apr 2011 12:01:53 +0000 (12:01 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Fri, 15 Apr 2011 12:01:53 +0000 (12:01 +0000)
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c

index c093eb5e59e1ae5e0ea2e786d9f3bd73e255d790..3b21ab9ccf4af8e40428e3e9eeb6b30d470499d8 100644 (file)
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -519,6 +519,14 @@ static int aes_xts(EVP_CIPHER_CTX *ctx, unsigned char *out,
                 return -1;
         if (!out || !in)
                 return -1;
+#ifdef OPENSSL_FIPS
+       /* Requirement of SP800-38E */
+       if (FIPS_mode() && len > (1L<<20)*16)
+               {
+               EVPerr(EVP_F_AES_XTS, EVP_R_TOO_LARGE);
+               return -1;
+               }
+#endif
         if (CRYPTO_xts128_encrypt(&xctx->xts, ctx->iv, in, out, len,
                                                                 ctx->encrypt))
                 return -1;
diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h

index b4c86750438f7094f33f1014cac2a86f4fbef70b..74ca64bc990442605de867f12995d19149ded0a6 100644 (file)
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -1248,6 +1248,7 @@ void ERR_load_EVP_strings(void);
  /* Function codes. */
  #define EVP_F_AESNI_INIT_KEY                            165
  #define EVP_F_AES_INIT_KEY                              133
+#define EVP_F_AES_XTS                                   172
  #define EVP_F_CAMELLIA_INIT_KEY                                 159
  #define EVP_F_D2I_PKEY                                  100
  #define EVP_F_DO_SIGVER_INIT                            161
@@ -1369,6 +1370,7 @@ void ERR_load_EVP_strings(void);
  #define EVP_R_PRIVATE_KEY_DECODE_ERROR                  145
  #define EVP_R_PRIVATE_KEY_ENCODE_ERROR                  146
  #define EVP_R_PUBLIC_KEY_NOT_RSA                        106
+#define EVP_R_TOO_LARGE                                         164
  #define EVP_R_UNKNOWN_CIPHER                            160
  #define EVP_R_UNKNOWN_DIGEST                            161
  #define EVP_R_UNKNOWN_PBE_ALGORITHM                     121
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c

index ae0a45ff30a3c5c16e5cd5a3362afad4cfae7be3..095f7c712bccbcd7b751df63429cd0af4d203fab 100644 (file)
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -72,6 +72,7 @@ static ERR_STRING_DATA EVP_str_functs[]=
         {
  {ERR_FUNC(EVP_F_AESNI_INIT_KEY),       "AESNI_INIT_KEY"},
  {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"},
+{ERR_FUNC(EVP_F_AES_XTS),      "AES_XTS"},
  {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY),    "CAMELLIA_INIT_KEY"},
  {ERR_FUNC(EVP_F_D2I_PKEY),     "D2I_PKEY"},
  {ERR_FUNC(EVP_F_DO_SIGVER_INIT),       "DO_SIGVER_INIT"},
@@ -196,6 +197,7 @@ static ERR_STRING_DATA EVP_str_reasons[]=
  {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR),"private key decode error"},
  {ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR),"private key encode error"},
  {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA)    ,"public key not rsa"},
+{ERR_REASON(EVP_R_TOO_LARGE)             ,"too large"},
  {ERR_REASON(EVP_R_UNKNOWN_CIPHER)        ,"unknown cipher"},
  {ERR_REASON(EVP_R_UNKNOWN_DIGEST)        ,"unknown digest"},
  {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"},
author	Dr. Stephen Henson <steve@openssl.org>
	Fri, 15 Apr 2011 12:01:53 +0000 (12:01 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Fri, 15 Apr 2011 12:01:53 +0000 (12:01 +0000)
crypto/evp/e_aes.c		patch \| blob \| history
crypto/evp/evp.h		patch \| blob \| history
crypto/evp/evp_err.c		patch \| blob \| history