diff options
| author | Pauli <paul.dale@oracle.com> | 2019-06-25 03:37:17 +1000 |
|---|---|---|
| committer | Pauli <paul.dale@oracle.com> | 2019-06-25 03:37:17 +1000 |
| commit | 58ae5a47da1e4843b0cd1846eb297b341d0e7201 (patch) | |
| tree | 9ac47e70f9319f1ac6ed04f826bc3cf3900c6cfb | |
| parent | 915430a0a9b3602017689cdd65934b3582ea1e01 (diff) | |
Excise AES-XTS FIPS check.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9255)
| -rw-r--r-- | crypto/evp/e_aes.c | 17 | ||||
| -rw-r--r-- | test/recipes/30-test_evp_data/evpciph.txt | 12 |
2 files changed, 4 insertions, 25 deletions
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index e60d736b9c..e77ad5c616 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -59,12 +59,6 @@ typedef struct { const unsigned char iv[16]); } EVP_AES_XTS_CTX; -#ifdef FIPS_MODE -static const int allow_insecure_decrypt = 0; -#else -static const int allow_insecure_decrypt = 1; -#endif - typedef struct { union { double align; @@ -396,7 +390,6 @@ static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, if (key) { /* The key is two half length keys in reality */ const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2; - const int bits = bytes * 8; /* * Verify that the two keys are different. @@ -404,8 +397,7 @@ static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, * This addresses Rogaway's vulnerability. * See comment in aes_xts_init_key() below. */ - if ((!allow_insecure_decrypt || enc) - && CRYPTO_memcmp(key, key + bytes, bytes) == 0) { + if (enc && CRYPTO_memcmp(key, key + bytes, bytes) == 0) { EVPerr(EVP_F_AESNI_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS); return 0; } @@ -825,8 +817,7 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, * This addresses Rogaway's vulnerability. * See comment in aes_xts_init_key() below. */ - if ((!allow_insecure_decrypt || enc) - && CRYPTO_memcmp(key, key + bytes, bytes) == 0) { + if (enc && CRYPTO_memcmp(key, key + bytes, bytes) == 0) { EVPerr(EVP_F_AES_T4_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS); return 0; } @@ -3360,7 +3351,6 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, do { /* The key is two half length keys in reality */ const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2; - const int bits = bytes * 8; /* * Verify that the two keys are different. @@ -3378,8 +3368,7 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, * BEFORE using the keys in the XTS-AES algorithm to process * data with them." */ - if ((!allow_insecure_decrypt || enc) - && CRYPTO_memcmp(key, key + bytes, bytes) == 0) { + if (enc && CRYPTO_memcmp(key, key + bytes, bytes) == 0) { EVPerr(EVP_F_AES_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS); return 0; } diff --git a/test/recipes/30-test_evp_data/evpciph.txt b/test/recipes/30-test_evp_data/evpciph.txt index 634b63346c..29c317a158 100644 --- a/test/recipes/30-test_evp_data/evpciph.txt +++ b/test/recipes/30-test_evp_data/evpciph.txt @@ -1197,20 +1197,10 @@ Key = 0000000000000000000000000000000000000000000000000000000000000000 IV = 00000000000000000000000000000000 Plaintext = 0000000000000000000000000000000000000000000000000000000000000000 Ciphertext = 917cf69ebd68b2ec9b9fe9a3eadda692cd43d2f59598ed858c02c2652fbf922e - -# Using the same key twice for decryption is banned in FIPS mode. -#Cipher = aes-128-xts -#FIPS = YES -#Operation = DECRYPT -#Key = 0000000000000000000000000000000000000000000000000000000000000000 -#IV = 00000000000000000000000000000000 -#Plaintext = 0000000000000000000000000000000000000000000000000000000000000000 -#Ciphertext = 917cf69ebd68b2ec9b9fe9a3eadda692cd43d2f59598ed858c02c2652fbf922e -#Result = KEY_SET_ERROR +Result = KEY_SET_ERROR # Using the same key twice for decryption is allowed outside of FIPS mode. Cipher = aes-128-xts -#FIPS = NO Operation = DECRYPT Key = 0000000000000000000000000000000000000000000000000000000000000000 IV = 00000000000000000000000000000000 |