[openssl] OpenSSL_1_1_1-stable update

Dr. Paul Dale pauli at openssl.org
Thu Jun 27 03:42:16 UTC 2019


The branch OpenSSL_1_1_1-stable has been updated
       via  58ae5a47da1e4843b0cd1846eb297b341d0e7201 (commit)
      from  915430a0a9b3602017689cdd65934b3582ea1e01 (commit)


- Log -----------------------------------------------------------------
commit 58ae5a47da1e4843b0cd1846eb297b341d0e7201
Author: Pauli <paul.dale at oracle.com>
Date:   Tue Jun 25 03:37:17 2019 +1000

    Excise AES-XTS FIPS check.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/9255)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/e_aes.c                        | 17 +++--------------
 test/recipes/30-test_evp_data/evpciph.txt | 12 +-----------
 2 files changed, 4 insertions(+), 25 deletions(-)

diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index e60d736..e77ad5c 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -59,12 +59,6 @@ typedef struct {
                     const unsigned char iv[16]);
 } EVP_AES_XTS_CTX;
 
-#ifdef FIPS_MODE
-static const int allow_insecure_decrypt = 0;
-#else
-static const int allow_insecure_decrypt = 1;
-#endif
-
 typedef struct {
     union {
         double align;
@@ -396,7 +390,6 @@ static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
     if (key) {
         /* The key is two half length keys in reality */
         const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2;
-        const int bits = bytes * 8;
 
         /*
          * Verify that the two keys are different.
@@ -404,8 +397,7 @@ static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
          * This addresses Rogaway's vulnerability.
          * See comment in aes_xts_init_key() below.
          */
-        if ((!allow_insecure_decrypt || enc)
-                && CRYPTO_memcmp(key, key + bytes, bytes) == 0) {
+        if (enc && CRYPTO_memcmp(key, key + bytes, bytes) == 0) {
             EVPerr(EVP_F_AESNI_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS);
             return 0;
         }
@@ -825,8 +817,7 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
          * This addresses Rogaway's vulnerability.
          * See comment in aes_xts_init_key() below.
          */
-        if ((!allow_insecure_decrypt || enc)
-                && CRYPTO_memcmp(key, key + bytes, bytes) == 0) {
+        if (enc && CRYPTO_memcmp(key, key + bytes, bytes) == 0) {
             EVPerr(EVP_F_AES_T4_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS);
             return 0;
         }
@@ -3360,7 +3351,6 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
         do {
             /* The key is two half length keys in reality */
             const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2;
-            const int bits = bytes * 8;
 
             /*
              * Verify that the two keys are different.
@@ -3378,8 +3368,7 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
              *       BEFORE using the keys in the XTS-AES algorithm to process
              *       data with them."
              */
-            if ((!allow_insecure_decrypt || enc)
-                    && CRYPTO_memcmp(key, key + bytes, bytes) == 0) {
+            if (enc && CRYPTO_memcmp(key, key + bytes, bytes) == 0) {
                 EVPerr(EVP_F_AES_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS);
                 return 0;
             }
diff --git a/test/recipes/30-test_evp_data/evpciph.txt b/test/recipes/30-test_evp_data/evpciph.txt
index 634b633..29c317a 100644
--- a/test/recipes/30-test_evp_data/evpciph.txt
+++ b/test/recipes/30-test_evp_data/evpciph.txt
@@ -1197,20 +1197,10 @@ Key = 0000000000000000000000000000000000000000000000000000000000000000
 IV = 00000000000000000000000000000000
 Plaintext = 0000000000000000000000000000000000000000000000000000000000000000
 Ciphertext = 917cf69ebd68b2ec9b9fe9a3eadda692cd43d2f59598ed858c02c2652fbf922e
-
-# Using the same key twice for decryption is banned in FIPS mode.
-#Cipher = aes-128-xts
-#FIPS = YES
-#Operation = DECRYPT
-#Key = 0000000000000000000000000000000000000000000000000000000000000000
-#IV = 00000000000000000000000000000000
-#Plaintext = 0000000000000000000000000000000000000000000000000000000000000000
-#Ciphertext = 917cf69ebd68b2ec9b9fe9a3eadda692cd43d2f59598ed858c02c2652fbf922e
-#Result = KEY_SET_ERROR
+Result = KEY_SET_ERROR
 
 # Using the same key twice for decryption is allowed outside of FIPS mode.
 Cipher = aes-128-xts
-#FIPS = NO
 Operation = DECRYPT
 Key = 0000000000000000000000000000000000000000000000000000000000000000
 IV = 00000000000000000000000000000000


More information about the openssl-commits mailing list