Excise AES-XTS FIPS check.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9255)

diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index e60d736b9c57fe02a6b885cf368b693841ca261d..e77ad5c6160350a77c202d95d40a15afaa646d5e 100644 (file)
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -59,12 +59,6 @@ typedef struct {
                     const unsigned char iv[16]);
 } EVP_AES_XTS_CTX;
 
-#ifdef FIPS_MODE
-static const int allow_insecure_decrypt = 0;
-#else
-static const int allow_insecure_decrypt = 1;
-#endif
-
 typedef struct {
     union {
         double align;
@@ -396,7 +390,6 @@ static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
     if (key) {
         /* The key is two half length keys in reality */
         const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2;
-        const int bits = bytes * 8;
 
         /*
          * Verify that the two keys are different.
@@ -404,8 +397,7 @@ static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
          * This addresses Rogaway's vulnerability.
          * See comment in aes_xts_init_key() below.
          */
-        if ((!allow_insecure_decrypt || enc)
-                && CRYPTO_memcmp(key, key + bytes, bytes) == 0) {
+        if (enc && CRYPTO_memcmp(key, key + bytes, bytes) == 0) {
             EVPerr(EVP_F_AESNI_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS);
             return 0;
         }
@@ -825,8 +817,7 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
          * This addresses Rogaway's vulnerability.
          * See comment in aes_xts_init_key() below.
          */
-        if ((!allow_insecure_decrypt || enc)
-                && CRYPTO_memcmp(key, key + bytes, bytes) == 0) {
+        if (enc && CRYPTO_memcmp(key, key + bytes, bytes) == 0) {
             EVPerr(EVP_F_AES_T4_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS);
             return 0;
         }
@@ -3360,7 +3351,6 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
         do {
             /* The key is two half length keys in reality */
             const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2;
-            const int bits = bytes * 8;
 
             /*
              * Verify that the two keys are different.
@@ -3378,8 +3368,7 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
              *       BEFORE using the keys in the XTS-AES algorithm to process
              *       data with them."
              */
-            if ((!allow_insecure_decrypt || enc)
-                    && CRYPTO_memcmp(key, key + bytes, bytes) == 0) {
+            if (enc && CRYPTO_memcmp(key, key + bytes, bytes) == 0) {
                 EVPerr(EVP_F_AES_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS);
                 return 0;
             }

diff --git a/test/recipes/30-test_evp_data/evpciph.txt b/test/recipes/30-test_evp_data/evpciph.txt
index 634b63346c11d0f4727073573a5ab1ef368b1526..29c317a1580eb484fb5c75892f2e01d909c92a03 100644 (file)
--- a/test/recipes/30-test_evp_data/evpciph.txt
+++ b/test/recipes/30-test_evp_data/evpciph.txt
@@ -1197,20 +1197,10 @@ Key = 0000000000000000000000000000000000000000000000000000000000000000
 IV = 00000000000000000000000000000000
 Plaintext = 0000000000000000000000000000000000000000000000000000000000000000
 Ciphertext = 917cf69ebd68b2ec9b9fe9a3eadda692cd43d2f59598ed858c02c2652fbf922e
-
-# Using the same key twice for decryption is banned in FIPS mode.
-#Cipher = aes-128-xts
-#FIPS = YES
-#Operation = DECRYPT
-#Key = 0000000000000000000000000000000000000000000000000000000000000000
-#IV = 00000000000000000000000000000000
-#Plaintext = 0000000000000000000000000000000000000000000000000000000000000000
-#Ciphertext = 917cf69ebd68b2ec9b9fe9a3eadda692cd43d2f59598ed858c02c2652fbf922e
-#Result = KEY_SET_ERROR
+Result = KEY_SET_ERROR
 
 # Using the same key twice for decryption is allowed outside of FIPS mode.
 Cipher = aes-128-xts
-#FIPS = NO
 Operation = DECRYPT
 Key = 0000000000000000000000000000000000000000000000000000000000000000
 IV = 00000000000000000000000000000000