File openssl-fips-xts_nonidentical_key_parts.patch of Package openssl-1_0_0.16376

Index: openssl-1.0.2j/crypto/evp/e_aes.c
===================================================================
--- openssl-1.0.2j.orig/crypto/evp/e_aes.c	2017-02-16 17:20:41.647972394 +0100
+++ openssl-1.0.2j/crypto/evp/e_aes.c	2017-02-17 17:05:29.251130889 +0100
@@ -177,6 +177,26 @@ void AES_xts_decrypt(const char *inp, ch
 #  define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks
 # endif
 
+static int xts_check_key(const unsigned char *key, unsigned int key_len)
+{
+    /*
+     * key consists of two keys of equal size concatenated,
+     * therefore the length must be even
+     */
+    if (key_len % 2)
+        return 0;
+
+#  ifdef OPENSSL_FIPS
+    /* FIPS 140-2 IG A.9 mandates that the key parts mustn't match */
+    if (FIPS_module_mode() &&
+        CRYPTO_memcmp(key, key + (key_len / 2), key_len / 2) == 0) {
+        return 0;
+    }
+#  endif
+
+    return 1;
+}
+
 # if     defined(AES_ASM) && !defined(I386_ONLY) &&      (  \
         ((defined(__i386)       || defined(__i386__)    || \
           defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \
@@ -387,6 +407,9 @@ static int aesni_xts_init_key(EVP_CIPHER
         return 1;
 
     if (key) {
+        if (xts_check_key(key, ctx->key_len) == 0)
+            return 0;
+
         /* key_len is two AES keys */
         if (enc) {
             aesni_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
@@ -707,6 +730,9 @@ static int aes_t4_xts_init_key(EVP_CIPHE
         return 1;
 
     if (key) {
+        if (xts_check_key(key, ctx->key_len) == 0)
+            return 0;
+
         int bits = ctx->key_len * 4;
         xctx->stream = NULL;
         /* key_len is two AES keys */
@@ -1650,7 +1676,10 @@ static int aes_xts_init_key(EVP_CIPHER_C
     if (!iv && !key)
         return 1;
 
-    if (key)
+    if (key) {
+        if (xts_check_key(key, ctx->key_len) == 0)
+            return 0;
+
         do {
 # ifdef AES_XTS_ASM
             xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt;
@@ -1719,6 +1748,7 @@ static int aes_xts_init_key(EVP_CIPHER_C
 
             xctx->xts.key1 = &xctx->ks1;
         } while (0);
+    }
 
     if (iv) {
         xctx->xts.key2 = &xctx->ks2;
openSUSE Build Service is sponsored by