crypto/cipher: block non-AES CTR and CBC in fips140=only mode

FiloSottile · gopherbot · commit b47ce8b0e997 · 2024-12-17T08:02:43.000-08:00
Somehow I had missed these. For #69536 Change-Id: I5e60b6f052bbfb707742ad15f663517c6c5f68d3 Reviewed-on: https://go-review.googlesource.com/c/go/+/636795 Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: David Chase <drchase@google.com>
diff --git a/src/crypto/cipher/cbc.go b/src/crypto/cipher/cbc.go
@@ -15,6 +15,7 @@ import (
 	"bytes"
 	"crypto/internal/fips140/aes"
 	"crypto/internal/fips140/alias"
+	"crypto/internal/fips140only"
 	"crypto/subtle"
 )
 
@@ -53,6 +54,9 @@ func NewCBCEncrypter(b Block, iv []byte) BlockMode {
 	if b, ok := b.(*aes.Block); ok {
 		return aes.NewCBCEncrypter(b, [16]byte(iv))
 	}
+	if fips140only.Enabled {
+		panic("crypto/cipher: use of CBC with non-AES ciphers is not allowed in FIPS 140-only mode")
+	}
 	if cbc, ok := b.(cbcEncAble); ok {
 		return cbc.NewCBCEncrypter(iv)
 	}
@@ -129,6 +133,9 @@ func NewCBCDecrypter(b Block, iv []byte) BlockMode {
 	if b, ok := b.(*aes.Block); ok {
 		return aes.NewCBCDecrypter(b, [16]byte(iv))
 	}
+	if fips140only.Enabled {
+		panic("crypto/cipher: use of CBC with non-AES ciphers is not allowed in FIPS 140-only mode")
+	}
 	if cbc, ok := b.(cbcDecAble); ok {
 		return cbc.NewCBCDecrypter(iv)
 	}
diff --git a/src/crypto/cipher/ctr.go b/src/crypto/cipher/ctr.go
@@ -16,6 +16,7 @@ import (
 	"bytes"
 	"crypto/internal/fips140/aes"
 	"crypto/internal/fips140/alias"
+	"crypto/internal/fips140only"
 	"crypto/subtle"
 )
 
@@ -41,6 +42,9 @@ func NewCTR(block Block, iv []byte) Stream {
 	if block, ok := block.(*aes.Block); ok {
 		return aesCtrWrapper{aes.NewCTR(block, iv)}
 	}
+	if fips140only.Enabled {
+		panic("crypto/cipher: use of CTR with non-AES ciphers is not allowed in FIPS 140-only mode")
+	}
 	if ctr, ok := block.(ctrAble); ok {
 		return ctr.NewCTR(iv)
 	}

Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,7 @@ import (`
`15`	`15`	`"bytes"`
`16`	`16`	`"crypto/internal/fips140/aes"`
`17`	`17`	`"crypto/internal/fips140/alias"`
	`18`	`+ "crypto/internal/fips140only"`
`18`	`19`	`"crypto/subtle"`
`19`	`20`	`)`
`20`	`21`
`@@ -53,6 +54,9 @@ func NewCBCEncrypter(b Block, iv []byte) BlockMode {`
`53`	`54`	`if b, ok := b.(*aes.Block); ok {`
`54`	`55`	`return aes.NewCBCEncrypter(b, [16]byte(iv))`
`55`	`56`	`}`
	`57`	`+ if fips140only.Enabled {`
	`58`	`+ panic("crypto/cipher: use of CBC with non-AES ciphers is not allowed in FIPS 140-only mode")`
	`59`	`+ }`
`56`	`60`	`if cbc, ok := b.(cbcEncAble); ok {`
`57`	`61`	`return cbc.NewCBCEncrypter(iv)`
`58`	`62`	`}`
`@@ -129,6 +133,9 @@ func NewCBCDecrypter(b Block, iv []byte) BlockMode {`
`129`	`133`	`if b, ok := b.(*aes.Block); ok {`
`130`	`134`	`return aes.NewCBCDecrypter(b, [16]byte(iv))`
`131`	`135`	`}`
	`136`	`+ if fips140only.Enabled {`
	`137`	`+ panic("crypto/cipher: use of CBC with non-AES ciphers is not allowed in FIPS 140-only mode")`
	`138`	`+ }`
`132`	`139`	`if cbc, ok := b.(cbcDecAble); ok {`
`133`	`140`	`return cbc.NewCBCDecrypter(iv)`
`134`	`141`	`}`
Original file line number	Diff line number	Diff line change
`@@ -16,6 +16,7 @@ import (`
`16`	`16`	`"bytes"`
`17`	`17`	`"crypto/internal/fips140/aes"`
`18`	`18`	`"crypto/internal/fips140/alias"`
	`19`	`+ "crypto/internal/fips140only"`
`19`	`20`	`"crypto/subtle"`
`20`	`21`	`)`
`21`	`22`
`@@ -41,6 +42,9 @@ func NewCTR(block Block, iv []byte) Stream {`
`41`	`42`	`if block, ok := block.(*aes.Block); ok {`
`42`	`43`	`return aesCtrWrapper{aes.NewCTR(block, iv)}`
`43`	`44`	`}`
	`45`	`+ if fips140only.Enabled {`
	`46`	`+ panic("crypto/cipher: use of CTR with non-AES ciphers is not allowed in FIPS 140-only mode")`
	`47`	`+ }`
`44`	`48`	`if ctr, ok := block.(ctrAble); ok {`
`45`	`49`	`return ctr.NewCTR(iv)`
`46`	`50`	`}`