Override flag for XTS length limit.

author: Dr. Stephen Henson <steve@openssl.org> 2011-04-18 17:31:28 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-04-18 17:31:28 +0000
commit: 62dc7ed67c00a81801c7a3a7d37e54b2b7b04106 (patch)
tree: 487bf1793cbf3ef11efd978a7b4891f87cb52d3f /crypto/evp
parent: b3a45e7db53a71c17a214c60909a430daeff3ac1 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 9b2f2a7441..2d33837478 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -519,7 +519,8 @@ static int aes_xts(EVP_CIPHER_CTX *ctx, unsigned char *out,
 		return -1;
 #ifdef OPENSSL_FIPS
 	/* Requirement of SP800-38E */
-	if (FIPS_mode() && len > (1L<<20)*16)
+	if (FIPS_mode() && !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) &&
+			(len > (1L<<20)*16))
 		{
 		EVPerr(EVP_F_AES_XTS, EVP_R_TOO_LARGE);
 		return -1;
author	Dr. Stephen Henson <steve@openssl.org>	2011-04-18 17:31:28 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-04-18 17:31:28 +0000
commit	62dc7ed67c00a81801c7a3a7d37e54b2b7b04106 (patch)
tree	487bf1793cbf3ef11efd978a7b4891f87cb52d3f /crypto/evp
parent	b3a45e7db53a71c17a214c60909a430daeff3ac1 (diff)