Fix IV length of DES EDE ECB implementations

Fixes #17587

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17591)

diff --git a/providers/implementations/ciphers/cipher_tdes.c b/providers/implementations/ciphers/cipher_tdes.c
index e63c143755536e8fbcabdf7c95ca08d96249d641..409e2b8306af0d015b2a41fb57cf1036f9a2fff7 100644 (file)
--- a/providers/implementations/ciphers/cipher_tdes.c
+++ b/providers/implementations/ciphers/cipher_tdes.c
@@ -19,11 +19,7 @@
 #include "cipher_tdes.h"
 #include "prov/implementations.h"
 
-/*
- * NOTE: ECB mode does not use an IV - but existing test code is setting
- * an IV. Fixing this could potentially make applications break.
- */
 /* ossl_tdes_ede3_ecb_functions */
-IMPLEMENT_tdes_cipher(ede3, EDE3, ecb, ECB, TDES_FLAGS, 64*3, 64, 64, block);
+IMPLEMENT_tdes_cipher(ede3, EDE3, ecb, ECB, TDES_FLAGS, 64*3, 64, 0, block);
 /* ossl_tdes_ede3_cbc_functions */
 IMPLEMENT_tdes_cipher(ede3, EDE3, cbc, CBC, TDES_FLAGS, 64*3, 64, 64, block);

diff --git a/providers/implementations/ciphers/cipher_tdes_default.c b/providers/implementations/ciphers/cipher_tdes_default.c
index 0e75d0ff1144aea2c680913ff5f58f5e92541909..4d1fe5c3f9649f1f9c72ef1242b0479753c2ff7e 100644 (file)
--- a/providers/implementations/ciphers/cipher_tdes_default.c
+++ b/providers/implementations/ciphers/cipher_tdes_default.c
@@ -26,7 +26,7 @@ IMPLEMENT_tdes_cipher(ede3, EDE3, cfb1, CFB, TDES_FLAGS, 64*3,  8, 64, stream);
 IMPLEMENT_tdes_cipher(ede3, EDE3, cfb8, CFB, TDES_FLAGS, 64*3,  8, 64, stream);
 
 /* ossl_tdes_ede2_ecb_functions */
-IMPLEMENT_tdes_cipher(ede2, EDE2, ecb, ECB, TDES_FLAGS, 64*2, 64, 64, block);
+IMPLEMENT_tdes_cipher(ede2, EDE2, ecb, ECB, TDES_FLAGS, 64*2, 64, 0, block);
 /* ossl_tdes_ede2_cbc_functions */
 IMPLEMENT_tdes_cipher(ede2, EDE2, cbc, CBC, TDES_FLAGS, 64*2, 64, 64, block);
 /* ossl_tdes_ede2_ofb_functions */

diff --git a/test/recipes/30-test_evp_data/evpciph_des3_common.txt b/test/recipes/30-test_evp_data/evpciph_des3_common.txt
index 30be60e842072b93b1bad30b074cff25ad665dec..d5e8f9728aeedae95e70f63c2eb293e44097da7d 100644 (file)
--- a/test/recipes/30-test_evp_data/evpciph_des3_common.txt
+++ b/test/recipes/30-test_evp_data/evpciph_des3_common.txt
@@ -11,7 +11,7 @@
 #       PrivPubKeyPair Sign Verify VerifyRecover
 # and continue until a blank line. Lines starting with a pound sign are ignored.
 
-Title = DES3 Test
+Title = DES3 Tests
 
 # DES EDE3 CBC tests (from destest)
 Cipher = DES-EDE3-CBC
@@ -20,3 +20,16 @@ IV = fedcba9876543210
 Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000
 Ciphertext = 3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675
 NextIV = 1c673812cfde9675
+
+# DES EDE3 ECB test
+Cipher = DES-EDE3-ECB
+Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210
+Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000
+Ciphertext = 62c10cc9efbf15aaa5ae2e487b690e56d8b1dfb8f5c5b293855e77dd9024b1b1
+
+# DES EDE ECB test
+Availablein = default
+Cipher = DES-EDE-ECB
+Key = 0123456789abcdeffedcba9876543210
+Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000
+Ciphertext = 4d1332e49f380e23d80a0d8b2bae5e4e6a0094171abcfc27df2bfd40da9f4e4d