diff options
author | Pauli <paul.dale@oracle.com> | 2018-09-05 12:18:22 +1000 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2018-09-12 08:40:47 +1000 |
commit | 95eda4f09a37382393cfec7933bac4deb613cdec (patch) | |
tree | 283cd1052842397e9ac6bfaa2c498cccbbb9d53e /CHANGES | |
parent | a4a90a8a3bdcb9336b5c9c15da419e99a87bc6ed (diff) |
FIPS 140-2 IG A.9 XTS key check.
Add a check that the two keys used for AES-XTS are different.
One test case uses the same key for both of the AES-XTS keys. This causes
a failure under FIP 140-2 IG A.9. Mark the test as returning a failure.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7120)
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 7 |
1 files changed, 7 insertions, 0 deletions
@@ -24,6 +24,13 @@ *) Add SM2 base algorithm support. [Jack Lloyd] + *) AES-XTS mode now enforces that its two keys are different to mitigate + the attacked described in "Efficient Instantiations of Tweakable + Blockciphers and Refinements to Modes OCB and PMAC" by Phillip Rogaway. + Details of this attack can be obtained from: + http://web.cs.ucdavis.edu/%7Erogaway/papers/offsets.pdf + [Paul Dale] + *) s390x assembly pack: add (improved) hardware-support for the following cryptographic primitives: sha3, shake, aes-gcm, aes-ccm, aes-ctr, aes-ofb, aes-cfb/cfb8, aes-ecb. |