Override flag for XTS length limit.

author Dr. Stephen Henson <steve@openssl.org>

Mon, 18 Apr 2011 17:31:28 +0000 (17:31 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Mon, 18 Apr 2011 17:31:28 +0000 (17:31 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Mon, 18 Apr 2011 17:31:28 +0000 (17:31 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Mon, 18 Apr 2011 17:31:28 +0000 (17:31 +0000)
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c

index 9b2f2a7441907589eb99b3809916efd46c9e0ad6..2d33837478417a2464098fc620e1e6279ecfed6e 100644 (file)
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -519,7 +519,8 @@ static int aes_xts(EVP_CIPHER_CTX *ctx, unsigned char *out,
                 return -1;
  #ifdef OPENSSL_FIPS
         /* Requirement of SP800-38E */
-       if (FIPS_mode() && len > (1L<<20)*16)
+       if (FIPS_mode() && !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) &&
+                       (len > (1L<<20)*16))
                 {
                 EVPerr(EVP_F_AES_XTS, EVP_R_TOO_LARGE);
                 return -1;
author	Dr. Stephen Henson <steve@openssl.org>
	Mon, 18 Apr 2011 17:31:28 +0000 (17:31 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Mon, 18 Apr 2011 17:31:28 +0000 (17:31 +0000)