forked from wolfSSL/wolfssl
Disable XTS-384 as an allowed use in FIPS mode
This commit is contained in:
kaleb-himes
@@ -240,9 +240,9 @@ linuxv5|linuxv5.2.1)
|
|||||||
)
|
)
|
||||||
;;
|
;;
|
||||||
v6.0.0)
|
v6.0.0)
|
||||||
WOLF_REPO_TAG='WCv6.0.0-RC3'
|
WOLF_REPO_TAG='WCv6.0.0-RC4'
|
||||||
FIPS_REPO_TAG='WCv6.0.0-RC4'
|
FIPS_REPO_TAG='WCv6.0.0-RC4'
|
||||||
ASM_PICKUPS_TAG='WCv6.0.0-RC3'
|
ASM_PICKUPS_TAG='WCv6.0.0-RC4'
|
||||||
FIPS_OPTION='v6'
|
FIPS_OPTION='v6'
|
||||||
FIPS_FILES=(
|
FIPS_FILES=(
|
||||||
"wolfcrypt/src/fips.c:${FIPS_REPO_TAG}"
|
"wolfcrypt/src/fips.c:${FIPS_REPO_TAG}"
|
||||||
|
|||||||
@@ -12818,7 +12818,12 @@ int wc_AesXtsSetKeyNoInit(XtsAes* aes, const byte* key, word32 len, int dir)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ((len != (AES_128_KEY_SIZE*2)) &&
|
if ((len != (AES_128_KEY_SIZE*2)) &&
|
||||||
|
#ifndef HAVE_FIPS
|
||||||
|
/* XTS-384 not allowed by FIPS and can not be treated like
|
||||||
|
* RSA-4096 bit keys back in the day, can not vendor affirm
|
||||||
|
* the use of 2 concatenated 192-bit keys (XTS-384) */
|
||||||
(len != (AES_192_KEY_SIZE*2)) &&
|
(len != (AES_192_KEY_SIZE*2)) &&
|
||||||
|
#endif
|
||||||
(len != (AES_256_KEY_SIZE*2)))
|
(len != (AES_256_KEY_SIZE*2)))
|
||||||
{
|
{
|
||||||
WOLFSSL_MSG("Unsupported key size");
|
WOLFSSL_MSG("Unsupported key size");
|
||||||
|
|||||||
Reference in New Issue
Block a user