From 58ae5a47da1e4843b0cd1846eb297b341d0e7201 Mon Sep 17 00:00:00 2001 From: Pauli Date: Tue, 25 Jun 2019 03:37:17 +1000 Subject: Excise AES-XTS FIPS check. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9255) --- crypto/evp/e_aes.c | 17 +++-------------- test/recipes/30-test_evp_data/evpciph.txt | 12 +----------- 2 files changed, 4 insertions(+), 25 deletions(-) diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index e60d736b9c..e77ad5c616 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -59,12 +59,6 @@ typedef struct { const unsigned char iv[16]); } EVP_AES_XTS_CTX; -#ifdef FIPS_MODE -static const int allow_insecure_decrypt = 0; -#else -static const int allow_insecure_decrypt = 1; -#endif - typedef struct { union { double align; @@ -396,7 +390,6 @@ static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, if (key) { /* The key is two half length keys in reality */ const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2; - const int bits = bytes * 8; /* * Verify that the two keys are different. @@ -404,8 +397,7 @@ static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, * This addresses Rogaway's vulnerability. * See comment in aes_xts_init_key() below. */ - if ((!allow_insecure_decrypt || enc) - && CRYPTO_memcmp(key, key + bytes, bytes) == 0) { + if (enc && CRYPTO_memcmp(key, key + bytes, bytes) == 0) { EVPerr(EVP_F_AESNI_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS); return 0; } @@ -825,8 +817,7 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, * This addresses Rogaway's vulnerability. * See comment in aes_xts_init_key() below. */ - if ((!allow_insecure_decrypt || enc) - && CRYPTO_memcmp(key, key + bytes, bytes) == 0) { + if (enc && CRYPTO_memcmp(key, key + bytes, bytes) == 0) { EVPerr(EVP_F_AES_T4_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS); return 0; } @@ -3360,7 +3351,6 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, do { /* The key is two half length keys in reality */ const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2; - const int bits = bytes * 8; /* * Verify that the two keys are different. @@ -3378,8 +3368,7 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, * BEFORE using the keys in the XTS-AES algorithm to process * data with them." */ - if ((!allow_insecure_decrypt || enc) - && CRYPTO_memcmp(key, key + bytes, bytes) == 0) { + if (enc && CRYPTO_memcmp(key, key + bytes, bytes) == 0) { EVPerr(EVP_F_AES_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS); return 0; } diff --git a/test/recipes/30-test_evp_data/evpciph.txt b/test/recipes/30-test_evp_data/evpciph.txt index 634b63346c..29c317a158 100644 --- a/test/recipes/30-test_evp_data/evpciph.txt +++ b/test/recipes/30-test_evp_data/evpciph.txt @@ -1197,20 +1197,10 @@ Key = 0000000000000000000000000000000000000000000000000000000000000000 IV = 00000000000000000000000000000000 Plaintext = 0000000000000000000000000000000000000000000000000000000000000000 Ciphertext = 917cf69ebd68b2ec9b9fe9a3eadda692cd43d2f59598ed858c02c2652fbf922e - -# Using the same key twice for decryption is banned in FIPS mode. -#Cipher = aes-128-xts -#FIPS = YES -#Operation = DECRYPT -#Key = 0000000000000000000000000000000000000000000000000000000000000000 -#IV = 00000000000000000000000000000000 -#Plaintext = 0000000000000000000000000000000000000000000000000000000000000000 -#Ciphertext = 917cf69ebd68b2ec9b9fe9a3eadda692cd43d2f59598ed858c02c2652fbf922e -#Result = KEY_SET_ERROR +Result = KEY_SET_ERROR # Using the same key twice for decryption is allowed outside of FIPS mode. Cipher = aes-128-xts -#FIPS = NO Operation = DECRYPT Key = 0000000000000000000000000000000000000000000000000000000000000000 IV = 00000000000000000000000000000000 -- cgit v1.2.3