Add length limitation from SP800-38E.
authorDr. Stephen Henson <steve@openssl.org>
Fri, 15 Apr 2011 12:01:53 +0000 (12:01 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 15 Apr 2011 12:01:53 +0000 (12:01 +0000)
crypto/evp/e_aes.c
crypto/evp/evp.h
crypto/evp/evp_err.c

index c093eb5..3b21ab9 100644 (file)
@@ -519,6 +519,14 @@ static int aes_xts(EVP_CIPHER_CTX *ctx, unsigned char *out,
                return -1;
        if (!out || !in)
                return -1;
+#ifdef OPENSSL_FIPS
+       /* Requirement of SP800-38E */
+       if (FIPS_mode() && len > (1L<<20)*16)
+               {
+               EVPerr(EVP_F_AES_XTS, EVP_R_TOO_LARGE);
+               return -1;
+               }
+#endif
        if (CRYPTO_xts128_encrypt(&xctx->xts, ctx->iv, in, out, len,
                                                                ctx->encrypt))
                return -1;
index b4c8675..74ca64b 100644 (file)
@@ -1248,6 +1248,7 @@ void ERR_load_EVP_strings(void);
 /* Function codes. */
 #define EVP_F_AESNI_INIT_KEY                            165
 #define EVP_F_AES_INIT_KEY                              133
+#define EVP_F_AES_XTS                                   172
 #define EVP_F_CAMELLIA_INIT_KEY                                 159
 #define EVP_F_D2I_PKEY                                  100
 #define EVP_F_DO_SIGVER_INIT                            161
@@ -1369,6 +1370,7 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_PRIVATE_KEY_DECODE_ERROR                  145
 #define EVP_R_PRIVATE_KEY_ENCODE_ERROR                  146
 #define EVP_R_PUBLIC_KEY_NOT_RSA                        106
+#define EVP_R_TOO_LARGE                                         164
 #define EVP_R_UNKNOWN_CIPHER                            160
 #define EVP_R_UNKNOWN_DIGEST                            161
 #define EVP_R_UNKNOWN_PBE_ALGORITHM                     121
index ae0a45f..095f7c7 100644 (file)
@@ -72,6 +72,7 @@ static ERR_STRING_DATA EVP_str_functs[]=
        {
 {ERR_FUNC(EVP_F_AESNI_INIT_KEY),       "AESNI_INIT_KEY"},
 {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"},
+{ERR_FUNC(EVP_F_AES_XTS),      "AES_XTS"},
 {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY),    "CAMELLIA_INIT_KEY"},
 {ERR_FUNC(EVP_F_D2I_PKEY),     "D2I_PKEY"},
 {ERR_FUNC(EVP_F_DO_SIGVER_INIT),       "DO_SIGVER_INIT"},
@@ -196,6 +197,7 @@ static ERR_STRING_DATA EVP_str_reasons[]=
 {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR),"private key decode error"},
 {ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR),"private key encode error"},
 {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA)    ,"public key not rsa"},
+{ERR_REASON(EVP_R_TOO_LARGE)             ,"too large"},
 {ERR_REASON(EVP_R_UNKNOWN_CIPHER)        ,"unknown cipher"},
 {ERR_REASON(EVP_R_UNKNOWN_DIGEST)        ,"unknown digest"},
 {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"},