From: Tomas Mraz Date: Tue, 25 Jan 2022 17:10:26 +0000 (+0100) Subject: Fix IV length of DES EDE ECB implementations X-Git-Tag: openssl-3.2.0-alpha1~3018 X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=d450eb84c802b2f78971f905b251a0fb89ebb7d1 Fix IV length of DES EDE ECB implementations Fixes #17587 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17591) --- diff --git a/providers/implementations/ciphers/cipher_tdes.c b/providers/implementations/ciphers/cipher_tdes.c index e63c143755..409e2b8306 100644 --- a/providers/implementations/ciphers/cipher_tdes.c +++ b/providers/implementations/ciphers/cipher_tdes.c @@ -19,11 +19,7 @@ #include "cipher_tdes.h" #include "prov/implementations.h" -/* - * NOTE: ECB mode does not use an IV - but existing test code is setting - * an IV. Fixing this could potentially make applications break. - */ /* ossl_tdes_ede3_ecb_functions */ -IMPLEMENT_tdes_cipher(ede3, EDE3, ecb, ECB, TDES_FLAGS, 64*3, 64, 64, block); +IMPLEMENT_tdes_cipher(ede3, EDE3, ecb, ECB, TDES_FLAGS, 64*3, 64, 0, block); /* ossl_tdes_ede3_cbc_functions */ IMPLEMENT_tdes_cipher(ede3, EDE3, cbc, CBC, TDES_FLAGS, 64*3, 64, 64, block); diff --git a/providers/implementations/ciphers/cipher_tdes_default.c b/providers/implementations/ciphers/cipher_tdes_default.c index 0e75d0ff11..4d1fe5c3f9 100644 --- a/providers/implementations/ciphers/cipher_tdes_default.c +++ b/providers/implementations/ciphers/cipher_tdes_default.c @@ -26,7 +26,7 @@ IMPLEMENT_tdes_cipher(ede3, EDE3, cfb1, CFB, TDES_FLAGS, 64*3, 8, 64, stream); IMPLEMENT_tdes_cipher(ede3, EDE3, cfb8, CFB, TDES_FLAGS, 64*3, 8, 64, stream); /* ossl_tdes_ede2_ecb_functions */ -IMPLEMENT_tdes_cipher(ede2, EDE2, ecb, ECB, TDES_FLAGS, 64*2, 64, 64, block); +IMPLEMENT_tdes_cipher(ede2, EDE2, ecb, ECB, TDES_FLAGS, 64*2, 64, 0, block); /* ossl_tdes_ede2_cbc_functions */ IMPLEMENT_tdes_cipher(ede2, EDE2, cbc, CBC, TDES_FLAGS, 64*2, 64, 64, block); /* ossl_tdes_ede2_ofb_functions */ diff --git a/test/recipes/30-test_evp_data/evpciph_des3_common.txt b/test/recipes/30-test_evp_data/evpciph_des3_common.txt index 30be60e842..d5e8f9728a 100644 --- a/test/recipes/30-test_evp_data/evpciph_des3_common.txt +++ b/test/recipes/30-test_evp_data/evpciph_des3_common.txt @@ -11,7 +11,7 @@ # PrivPubKeyPair Sign Verify VerifyRecover # and continue until a blank line. Lines starting with a pound sign are ignored. -Title = DES3 Test +Title = DES3 Tests # DES EDE3 CBC tests (from destest) Cipher = DES-EDE3-CBC @@ -20,3 +20,16 @@ IV = fedcba9876543210 Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 Ciphertext = 3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675 NextIV = 1c673812cfde9675 + +# DES EDE3 ECB test +Cipher = DES-EDE3-ECB +Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210 +Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 +Ciphertext = 62c10cc9efbf15aaa5ae2e487b690e56d8b1dfb8f5c5b293855e77dd9024b1b1 + +# DES EDE ECB test +Availablein = default +Cipher = DES-EDE-ECB +Key = 0123456789abcdeffedcba9876543210 +Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 +Ciphertext = 4d1332e49f380e23d80a0d8b2bae5e4e6a0094171abcfc27df2bfd40da9f4e4d