Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP4:Update
gnutls.33311
gnutls-Make-XTS-key-check-failure-not-fatal.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File gnutls-Make-XTS-key-check-failure-not-fatal.patch of Package gnutls.33311
From 00fff0aad2b606801704046042aa3b2b24f07d63 Mon Sep 17 00:00:00 2001 From: Zoltan Fridrich <zfridric@redhat.com> Date: Thu, 29 Sep 2022 15:31:28 +0200 Subject: [PATCH] Make XTS key check failure not fatal Signed-off-by: Zoltan Fridrich <zfridric@redhat.com> --- lib/accelerated/x86/aes-xts-x86-aesni.c | 1 lib/nettle/cipher.c | 73 +++++++++-------------------- tests/Makefile.am | 2 tests/xts-key-check.c | 78 ++++++++++++++++++++++++++++++++ 4 files changed, 102 insertions(+), 52 deletions(-) create mode 100644 tests/xts-key-check.c --- a/lib/accelerated/x86/aes-xts-x86-aesni.c +++ b/lib/accelerated/x86/aes-xts-x86-aesni.c @@ -73,7 +73,6 @@ x86_aes_xts_cipher_setkey(void *_ctx, co /* Check key block according to FIPS-140-2 IG A.9 */ if (_gnutls_fips_mode_enabled()){ if (gnutls_memcmp(key, key + (keysize / 2), keysize / 2) == 0) { - _gnutls_switch_lib_state(LIB_STATE_ERROR); return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); } } --- a/lib/nettle/cipher.c +++ b/lib/nettle/cipher.c @@ -432,12 +432,14 @@ _gcm_decrypt(struct nettle_cipher_ctx *c length, dst, src); } -static void _des_set_key(struct des_ctx *ctx, const uint8_t *key) +static void +_des_set_key(struct des_ctx *ctx, const uint8_t *key) { des_set_key(ctx, key); } -static void _des3_set_key(struct des3_ctx *ctx, const uint8_t *key) +static void +_des3_set_key(struct des3_ctx *ctx, const uint8_t *key) { des3_set_key(ctx, key); } @@ -461,50 +463,6 @@ _cfb8_decrypt(struct nettle_cipher_ctx * } static void -_xts_aes128_set_encrypt_key(struct xts_aes128_key *xts_key, - const uint8_t *key) -{ - if (_gnutls_fips_mode_enabled() && - gnutls_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0) - _gnutls_switch_lib_state(LIB_STATE_ERROR); - - xts_aes128_set_encrypt_key(xts_key, key); -} - -static void -_xts_aes128_set_decrypt_key(struct xts_aes128_key *xts_key, - const uint8_t *key) -{ - if (_gnutls_fips_mode_enabled() && - gnutls_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0) - _gnutls_switch_lib_state(LIB_STATE_ERROR); - - xts_aes128_set_decrypt_key(xts_key, key); -} - -static void -_xts_aes256_set_encrypt_key(struct xts_aes256_key *xts_key, - const uint8_t *key) -{ - if (_gnutls_fips_mode_enabled() && - gnutls_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0) - _gnutls_switch_lib_state(LIB_STATE_ERROR); - - xts_aes256_set_encrypt_key(xts_key, key); -} - -static void -_xts_aes256_set_decrypt_key(struct xts_aes256_key *xts_key, - const uint8_t *key) -{ - if (_gnutls_fips_mode_enabled() && - gnutls_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0) - _gnutls_switch_lib_state(LIB_STATE_ERROR); - - xts_aes256_set_decrypt_key(xts_key, key); -} - -static void _xts_aes128_encrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst, const uint8_t * src) { @@ -1025,8 +983,8 @@ static const struct nettle_cipher_st bui .ctx_size = sizeof(struct xts_aes128_key), .encrypt = _xts_aes128_encrypt, .decrypt = _xts_aes128_decrypt, - .set_encrypt_key = (nettle_set_key_func*)_xts_aes128_set_encrypt_key, - .set_decrypt_key = (nettle_set_key_func*)_xts_aes128_set_decrypt_key, + .set_encrypt_key = (nettle_set_key_func*)xts_aes128_set_encrypt_key, + .set_decrypt_key = (nettle_set_key_func*)xts_aes128_set_decrypt_key, .max_iv_size = AES_BLOCK_SIZE, }, { .algo = GNUTLS_CIPHER_AES_256_XTS, @@ -1036,8 +994,8 @@ static const struct nettle_cipher_st bui .ctx_size = sizeof(struct xts_aes256_key), .encrypt = _xts_aes256_encrypt, .decrypt = _xts_aes256_decrypt, - .set_encrypt_key = (nettle_set_key_func*)_xts_aes256_set_encrypt_key, - .set_decrypt_key = (nettle_set_key_func*)_xts_aes256_set_decrypt_key, + .set_encrypt_key = (nettle_set_key_func*)xts_aes256_set_encrypt_key, + .set_decrypt_key = (nettle_set_key_func*)xts_aes256_set_decrypt_key, .max_iv_size = AES_BLOCK_SIZE, }, { .algo = GNUTLS_CIPHER_AES_128_SIV, @@ -1128,6 +1086,21 @@ wrap_nettle_cipher_setkey(void *_ctx, co return 0; } + switch (ctx->cipher->algo) { + case GNUTLS_CIPHER_AES_128_XTS: + if (_gnutls_fips_mode_enabled() && + gnutls_memcmp(key, (char *)key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + break; + case GNUTLS_CIPHER_AES_256_XTS: + if (_gnutls_fips_mode_enabled() && + gnutls_memcmp(key, (char *)key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + break; + default: + break; + } + if (ctx->enc) ctx->cipher->set_encrypt_key(ctx->ctx_ptr, key); else --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -229,7 +229,7 @@ ctests += mini-record-2 simple gnutls_hm sign-verify-newapi sign-verify-deterministic iov aead-cipher-vec \ tls13-without-timeout-func buffer status-request-revoked \ set_x509_ocsp_multi_cli kdf-api keylog-func handshake-write \ - x509cert-dntypes id-on-xmppAddr tls13-compat-mode \ + x509cert-dntypes id-on-xmppAddr tls13-compat-mode xts-key-check \ pkcs7-verify-double-free --- /dev/null +++ b/tests/xts-key-check.c @@ -0,0 +1,78 @@ +/* + * Copyright (C) 2022 Red Hat, Inc. + * + * Author: Zoltan Fridrich + * + * This file is part of GnuTLS. + * + * GnuTLS is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS. If not, see <https://www.gnu.org/licenses/>. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <gnutls/crypto.h> + +#include "utils.h" + +static void test_xts_check(gnutls_cipher_algorithm_t alg) +{ + int ret; + gnutls_cipher_hd_t ctx; + gnutls_datum_t key, iv; + + iv.size = gnutls_cipher_get_iv_size(alg); + iv.data = gnutls_malloc(iv.size); + if (iv.data == NULL) + fail("Error: %s\n", gnutls_strerror(GNUTLS_E_MEMORY_ERROR)); + gnutls_memset(iv.data, 0xf0, iv.size); + + key.size = gnutls_cipher_get_key_size(alg); + key.data = gnutls_malloc(key.size); + if (key.data == NULL) { + gnutls_free(iv.data); + fail("Error: %s\n", gnutls_strerror(GNUTLS_E_MEMORY_ERROR)); + } + gnutls_memset(key.data, 0xf0, key.size); + + ret = gnutls_cipher_init(&ctx, alg, &key, &iv); + if (ret == GNUTLS_E_SUCCESS) { + gnutls_cipher_deinit(ctx); + gnutls_free(iv.data); + gnutls_free(key.data); + fail("cipher initialization should fail for key1 == key2\n"); + } + + key.data[0] = 0xff; + + ret = gnutls_cipher_init(&ctx, alg, &key, &iv); + gnutls_free(iv.data); + gnutls_free(key.data); + + if (ret == GNUTLS_E_SUCCESS) + gnutls_cipher_deinit(ctx); + else + fail("cipher initialization should succeed with key1 != key2" + "\n%s\n", gnutls_strerror(ret)); +} + +void doit(void) +{ + if (!gnutls_fips140_mode_enabled()) + exit(77); + + test_xts_check(GNUTLS_CIPHER_AES_128_XTS); + test_xts_check(GNUTLS_CIPHER_AES_256_XTS); +}
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor