WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Disable XTS-384 as an allowed use in FIPS mode

pull/8509/head
kaleb-himes 2025-02-26 07:38:45 -07:00
parent 3557cc764a
commit 9063093993
2 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
fips-check.sh
View File

@ -240,9 +240,9 @@ linuxv5|linuxv5.2.1)
) )
;; ;;
v6.0.0) v6.0.0)
WOLF_REPO_TAG='WCv6.0.0-RC3' WOLF_REPO_TAG='WCv6.0.0-RC4'
FIPS_REPO_TAG='WCv6.0.0-RC4' FIPS_REPO_TAG='WCv6.0.0-RC4'
ASM_PICKUPS_TAG='WCv6.0.0-RC3' ASM_PICKUPS_TAG='WCv6.0.0-RC4'
FIPS_OPTION='v6' FIPS_OPTION='v6'
FIPS_FILES=( FIPS_FILES=(
"wolfcrypt/src/fips.c:${FIPS_REPO_TAG}" "wolfcrypt/src/fips.c:${FIPS_REPO_TAG}"

5
wolfcrypt/src/aes.c
View File

@ -12818,7 +12818,12 @@ int wc_AesXtsSetKeyNoInit(XtsAes* aes, const byte* key, word32 len, int dir)
} }
if ((len != (AES_128_KEY_SIZE*2)) && if ((len != (AES_128_KEY_SIZE*2)) &&
#ifndef HAVE_FIPS
/* XTS-384 not allowed by FIPS and can not be treated like
* RSA-4096 bit keys back in the day, can not vendor affirm
* the use of 2 concatenated 192-bit keys (XTS-384) */
(len != (AES_192_KEY_SIZE*2)) && (len != (AES_192_KEY_SIZE*2)) &&
#endif
(len != (AES_256_KEY_SIZE*2))) (len != (AES_256_KEY_SIZE*2)))
{ {
WOLFSSL_MSG("Unsupported key size"); WOLFSSL_MSG("Unsupported key size");