SHA256
1
0
forked from pool/openssl-1_1
openssl-1_1/openssl-1_1-ossl-sli-004-allow-aes-xts-256.patch

40 lines
1.5 KiB
Diff

diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 6adff696c..29b23f9f7 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -4366,6 +4366,21 @@ FIPS_STATUS EVP_CIPHER_get_fips_status(const EVP_CIPHER *cipher) {
/* intended fall-through */
case 256:
return FIPS_APPROVED;
+ case 512:
+ if (cipher->do_cipher == aes_xts_cipher
+ #if defined(OPENSSL_CPUID_OBJ) && ( \
+ ((defined(__i386) || defined(__i386__) || defined(_M_IX86))\
+ && defined(OPENSSL_IA32_SSE2)) \
+ || defined(__x86_64) || defined(__x86_64__) \
+ || defined(_M_AMD64) || defined(_M_X64))
+ || cipher->do_cipher == aesni_xts_cipher
+ #elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
+ || cipher->do_cipher == s390x_aes_xts_cipher
+ #endif
+ )
+ return FIPS_APPROVED;
+ else
+ return FIPS_ERROR;
}
}
/* disapproved for enc and dec: all others, including
diff --git a/test/fips_slitest.c b/test/fips_slitest.c
index d32f748a6..9e37cf36b 100644
--- a/test/fips_slitest.c
+++ b/test/fips_slitest.c
@@ -260,6 +260,8 @@ static const SLI_CIPHER_TEST cipher_tests[] = {
{0, NID_des_ede_ecb},
{0, NID_des_ede_ofb64},
{0, NID_idea_cbc},
+ {1, NID_aes_128_xts},
+ {1, NID_aes_256_xts},
};
static const size_t cipher_tests_len = sizeof(cipher_tests) / sizeof(cipher_tests[0]);