From 45321c41e2108a14bfe2f185e15f946dc20e9b19 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Fri, 15 Apr 2011 12:01:53 +0000
Subject: [PATCH] Add length limitation from SP800-38E.

---
 crypto/evp/e_aes.c   | 8 ++++++++
 crypto/evp/evp.h     | 2 ++
 crypto/evp/evp_err.c | 2 ++
 3 files changed, 12 insertions(+)

diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index c093eb5e59..3b21ab9ccf 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -519,6 +519,14 @@ static int aes_xts(EVP_CIPHER_CTX *ctx, unsigned char *out,
 		return -1;
 	if (!out || !in)
 		return -1;
+#ifdef OPENSSL_FIPS
+	/* Requirement of SP800-38E */
+	if (FIPS_mode() && len > (1L<<20)*16)
+		{
+		EVPerr(EVP_F_AES_XTS, EVP_R_TOO_LARGE);
+		return -1;
+		}
+#endif
 	if (CRYPTO_xts128_encrypt(&xctx->xts, ctx->iv, in, out, len,
 								ctx->encrypt))
 		return -1;
diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
index b4c8675043..74ca64bc99 100644
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -1248,6 +1248,7 @@ void ERR_load_EVP_strings(void);
 /* Function codes. */
 #define EVP_F_AESNI_INIT_KEY				 165
 #define EVP_F_AES_INIT_KEY				 133
+#define EVP_F_AES_XTS					 172
 #define EVP_F_CAMELLIA_INIT_KEY				 159
 #define EVP_F_D2I_PKEY					 100
 #define EVP_F_DO_SIGVER_INIT				 161
@@ -1369,6 +1370,7 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_PRIVATE_KEY_DECODE_ERROR			 145
 #define EVP_R_PRIVATE_KEY_ENCODE_ERROR			 146
 #define EVP_R_PUBLIC_KEY_NOT_RSA			 106
+#define EVP_R_TOO_LARGE					 164
 #define EVP_R_UNKNOWN_CIPHER				 160
 #define EVP_R_UNKNOWN_DIGEST				 161
 #define EVP_R_UNKNOWN_PBE_ALGORITHM			 121
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index ae0a45ff30..095f7c712b 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -72,6 +72,7 @@ static ERR_STRING_DATA EVP_str_functs[]=
 	{
 {ERR_FUNC(EVP_F_AESNI_INIT_KEY),	"AESNI_INIT_KEY"},
 {ERR_FUNC(EVP_F_AES_INIT_KEY),	"AES_INIT_KEY"},
+{ERR_FUNC(EVP_F_AES_XTS),	"AES_XTS"},
 {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY),	"CAMELLIA_INIT_KEY"},
 {ERR_FUNC(EVP_F_D2I_PKEY),	"D2I_PKEY"},
 {ERR_FUNC(EVP_F_DO_SIGVER_INIT),	"DO_SIGVER_INIT"},
@@ -196,6 +197,7 @@ static ERR_STRING_DATA EVP_str_reasons[]=
 {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR),"private key decode error"},
 {ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR),"private key encode error"},
 {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA)    ,"public key not rsa"},
+{ERR_REASON(EVP_R_TOO_LARGE)             ,"too large"},
 {ERR_REASON(EVP_R_UNKNOWN_CIPHER)        ,"unknown cipher"},
 {ERR_REASON(EVP_R_UNKNOWN_DIGEST)        ,"unknown digest"},
 {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"},
-- 
2.34.1