Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:GA
gnutls.14679
gnutls-fips_XTS_key_check.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File gnutls-fips_XTS_key_check.patch of Package gnutls.14679
Index: gnutls-3.6.7/lib/nettle/backport/xts.c =================================================================== --- gnutls-3.6.7.orig/lib/nettle/backport/xts.c 2020-04-07 11:11:54.506109418 +0200 +++ gnutls-3.6.7/lib/nettle/backport/xts.c 2020-04-07 16:52:48.543404370 +0200 @@ -203,6 +203,8 @@ xts_decrypt_message(const void *dec_ctx, void xts_aes128_set_encrypt_key(struct xts_aes128_key *xts_key, const uint8_t *key) { + /* FIPS requires that the key and the tweak must not be non-equal */ + assert(memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) != 0); aes128_set_encrypt_key(&xts_key->cipher, key); aes128_set_encrypt_key(&xts_key->tweak_cipher, &key[AES128_KEY_SIZE]); } @@ -210,6 +212,8 @@ xts_aes128_set_encrypt_key(struct xts_ae void xts_aes128_set_decrypt_key(struct xts_aes128_key *xts_key, const uint8_t *key) { + /* FIPS requires that the key and the tweak must not be non-equal */ + assert(memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) != 0); aes128_set_decrypt_key(&xts_key->cipher, key); aes128_set_encrypt_key(&xts_key->tweak_cipher, &key[AES128_KEY_SIZE]); } @@ -238,6 +242,8 @@ xts_aes128_decrypt_message(struct xts_ae void xts_aes256_set_encrypt_key(struct xts_aes256_key *xts_key, const uint8_t *key) { + /* FIPS requires that the key and the tweak must not be non-equal */ + assert(memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) != 0); aes256_set_encrypt_key(&xts_key->cipher, key); aes256_set_encrypt_key(&xts_key->tweak_cipher, &key[AES256_KEY_SIZE]); } @@ -245,6 +251,8 @@ xts_aes256_set_encrypt_key(struct xts_ae void xts_aes256_set_decrypt_key(struct xts_aes256_key *xts_key, const uint8_t *key) { + /* FIPS requires that the key and the tweak must not be non-equal */ + assert(memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) != 0); aes256_set_decrypt_key(&xts_key->cipher, key); aes256_set_encrypt_key(&xts_key->tweak_cipher, &key[AES256_KEY_SIZE]); }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor