Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP4
openssl-1_1.26613
openssl-fips-xts_nonidentical_key_parts.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl-fips-xts_nonidentical_key_parts.patch of Package openssl-1_1.26613
Index: openssl-1.1.0i/crypto/evp/e_aes.c =================================================================== --- openssl-1.1.0i.orig/crypto/evp/e_aes.c +++ openssl-1.1.0i/crypto/evp/e_aes.c @@ -160,6 +160,26 @@ static void ctr64_inc(unsigned char *cou } while (n); } +static int xts_check_key(const unsigned char *key, unsigned int key_len) +{ + /* + * key consists of two keys of equal size concatenated, + * therefore the length must be even + */ + if (key_len % 2) + return 0; + +# ifdef OPENSSL_FIPS + /* FIPS 140-2 IG A.9 mandates that the key parts mustn't match */ + if (FIPS_module_mode() && + CRYPTO_memcmp(key, key + (key_len / 2), key_len / 2) == 0) { + return 0; + } +# endif + + return 1; +} + #if defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC)) # include "ppc_arch.h" # ifdef VPAES_ASM @@ -387,6 +407,9 @@ static int aesni_xts_init_key(EVP_CIPHER return 1; if (key) { + if (xts_check_key(key, ctx->key_len) == 0) + return 0; + /* key_len is two AES keys */ if (enc) { aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, @@ -791,6 +814,9 @@ static int aes_t4_xts_init_key(EVP_CIPHE return 1; if (key) { + if (xts_check_key(key, ctx->key_len) == 0) + return 0; + int bits = EVP_CIPHER_CTX_key_length(ctx) * 4; xctx->stream = NULL; /* key_len is two AES keys */ @@ -3302,7 +3328,9 @@ static int aes_xts_init_key(EVP_CIPHER_C if (!iv && !key) return 1; - if (key) + if (key) { + if (xts_check_key(key, ctx->key_len) == 0) + return 0; do { #ifdef AES_XTS_ASM xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt; @@ -3386,6 +3414,7 @@ static int aes_xts_init_key(EVP_CIPHER_C xctx->xts.key1 = &xctx->ks1; } while (0); + } if (iv) { xctx->xts.key2 = &xctx->ks2;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor