wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

FIPS 140-3 disable XTS-384 in FIPS mode

Browse Source
This commit is contained in:
kaleb-himes
2025-02-26 07:34:39 -07:00
parent 9a411ca710
commit 81beda3f40
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
wolfcrypt/src/aes.c
View File

@ -12753,7 +12753,12 @@ int wc_AesXtsSetKeyNoInit(XtsAes* aes, const byte* key, word32 len, int dir)
} }
if ((len != (AES_128_KEY_SIZE*2)) && if ((len != (AES_128_KEY_SIZE*2)) &&
#ifndef HAVE_FIPS
/* XTS-384 not allowed by FIPS and can not be treated like
* RSA-4096 bit keys back in the day, can not vendor affirm
* the use of 2 concatenated 192-bit keys (XTS-384) */
(len != (AES_192_KEY_SIZE*2)) && (len != (AES_192_KEY_SIZE*2)) &&
#endif
(len != (AES_256_KEY_SIZE*2))) (len != (AES_256_KEY_SIZE*2)))
{ {
WOLFSSL_MSG("Unsupported key size"); WOLFSSL_MSG("Unsupported key size");