[openssl] OpenSSL_1_1_1-stable update
Dr. Paul Dale
pauli at openssl.org
Thu Jun 27 03:42:16 UTC 2019
The branch OpenSSL_1_1_1-stable has been updated
via 58ae5a47da1e4843b0cd1846eb297b341d0e7201 (commit)
from 915430a0a9b3602017689cdd65934b3582ea1e01 (commit)
- Log -----------------------------------------------------------------
commit 58ae5a47da1e4843b0cd1846eb297b341d0e7201
Author: Pauli <paul.dale at oracle.com>
Date: Tue Jun 25 03:37:17 2019 +1000
Excise AES-XTS FIPS check.
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9255)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/e_aes.c | 17 +++--------------
test/recipes/30-test_evp_data/evpciph.txt | 12 +-----------
2 files changed, 4 insertions(+), 25 deletions(-)
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index e60d736..e77ad5c 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -59,12 +59,6 @@ typedef struct {
const unsigned char iv[16]);
} EVP_AES_XTS_CTX;
-#ifdef FIPS_MODE
-static const int allow_insecure_decrypt = 0;
-#else
-static const int allow_insecure_decrypt = 1;
-#endif
-
typedef struct {
union {
double align;
@@ -396,7 +390,6 @@ static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
if (key) {
/* The key is two half length keys in reality */
const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2;
- const int bits = bytes * 8;
/*
* Verify that the two keys are different.
@@ -404,8 +397,7 @@ static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
* This addresses Rogaway's vulnerability.
* See comment in aes_xts_init_key() below.
*/
- if ((!allow_insecure_decrypt || enc)
- && CRYPTO_memcmp(key, key + bytes, bytes) == 0) {
+ if (enc && CRYPTO_memcmp(key, key + bytes, bytes) == 0) {
EVPerr(EVP_F_AESNI_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS);
return 0;
}
@@ -825,8 +817,7 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
* This addresses Rogaway's vulnerability.
* See comment in aes_xts_init_key() below.
*/
- if ((!allow_insecure_decrypt || enc)
- && CRYPTO_memcmp(key, key + bytes, bytes) == 0) {
+ if (enc && CRYPTO_memcmp(key, key + bytes, bytes) == 0) {
EVPerr(EVP_F_AES_T4_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS);
return 0;
}
@@ -3360,7 +3351,6 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
do {
/* The key is two half length keys in reality */
const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2;
- const int bits = bytes * 8;
/*
* Verify that the two keys are different.
@@ -3378,8 +3368,7 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
* BEFORE using the keys in the XTS-AES algorithm to process
* data with them."
*/
- if ((!allow_insecure_decrypt || enc)
- && CRYPTO_memcmp(key, key + bytes, bytes) == 0) {
+ if (enc && CRYPTO_memcmp(key, key + bytes, bytes) == 0) {
EVPerr(EVP_F_AES_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS);
return 0;
}
diff --git a/test/recipes/30-test_evp_data/evpciph.txt b/test/recipes/30-test_evp_data/evpciph.txt
index 634b633..29c317a 100644
--- a/test/recipes/30-test_evp_data/evpciph.txt
+++ b/test/recipes/30-test_evp_data/evpciph.txt
@@ -1197,20 +1197,10 @@ Key = 0000000000000000000000000000000000000000000000000000000000000000
IV = 00000000000000000000000000000000
Plaintext = 0000000000000000000000000000000000000000000000000000000000000000
Ciphertext = 917cf69ebd68b2ec9b9fe9a3eadda692cd43d2f59598ed858c02c2652fbf922e
-
-# Using the same key twice for decryption is banned in FIPS mode.
-#Cipher = aes-128-xts
-#FIPS = YES
-#Operation = DECRYPT
-#Key = 0000000000000000000000000000000000000000000000000000000000000000
-#IV = 00000000000000000000000000000000
-#Plaintext = 0000000000000000000000000000000000000000000000000000000000000000
-#Ciphertext = 917cf69ebd68b2ec9b9fe9a3eadda692cd43d2f59598ed858c02c2652fbf922e
-#Result = KEY_SET_ERROR
+Result = KEY_SET_ERROR
# Using the same key twice for decryption is allowed outside of FIPS mode.
Cipher = aes-128-xts
-#FIPS = NO
Operation = DECRYPT
Key = 0000000000000000000000000000000000000000000000000000000000000000
IV = 00000000000000000000000000000000
More information about the openssl-commits
mailing list