[openssl] master update

tomas at openssl.org tomas at openssl.org
Mon Apr 19 08:01:28 UTC 2021 

The branch master has been updated
       via  a4afa6c1d00c027a5afc8974a298e0f54607f1b5 (commit)
       via  d6c6f6c51d0d9bb02d5b40a8a69471f6a2929617 (commit)
      from  ae6f65ae08262d4c32575ad94e491d9fb59f00ff (commit)


- Log -----------------------------------------------------------------
commit a4afa6c1d00c027a5afc8974a298e0f54607f1b5
Author: Tomas Mraz <tomas at openssl.org>
Date:   Thu Apr 15 11:53:42 2021 +0200

    Add test for the IV handling of DES based ciphers
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/14882)

commit d6c6f6c51d0d9bb02d5b40a8a69471f6a2929617
Author: Tomas Mraz <tomas at openssl.org>
Date:   Thu Apr 15 09:55:04 2021 +0200

    Do IV reset also for DES and 3DES implementations
    
    Fixes #14704
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/14882)

-----------------------------------------------------------------------

Summary of changes:
 providers/implementations/ciphers/cipher_des.c     |   3 +
 .../implementations/ciphers/cipher_tdes_common.c   |   6 ++
 test/evp_extra_test.c                              | 112 ++++++++++++++++++++-
 3 files changed, 119 insertions(+), 2 deletions(-)

diff --git a/providers/implementations/ciphers/cipher_des.c b/providers/implementations/ciphers/cipher_des.c
index 9010ce9099..4563ea2edb 100644
--- a/providers/implementations/ciphers/cipher_des.c
+++ b/providers/implementations/ciphers/cipher_des.c
@@ -86,6 +86,9 @@ static int des_init(void *vctx, const unsigned char *key, size_t keylen,
     if (iv != NULL) {
         if (!ossl_cipher_generic_initiv(ctx, iv, ivlen))
             return 0;
+    } else if (ctx->iv_set) {
+        /* reset IV to keep compatibility with 1.1.1 */
+        memcpy(ctx->iv, ctx->oiv, ctx->ivlen);
     }
 
     if (key != NULL) {
diff --git a/providers/implementations/ciphers/cipher_tdes_common.c b/providers/implementations/ciphers/cipher_tdes_common.c
index 048b08661d..88acc16049 100644
--- a/providers/implementations/ciphers/cipher_tdes_common.c
+++ b/providers/implementations/ciphers/cipher_tdes_common.c
@@ -77,6 +77,12 @@ static int tdes_init(void *vctx, const unsigned char *key, size_t keylen,
     if (iv != NULL) {
         if (!ossl_cipher_generic_initiv(ctx, iv, ivlen))
             return 0;
+    } else if (ctx->iv_set
+               && (ctx->mode == EVP_CIPH_CBC_MODE
+                   || ctx->mode == EVP_CIPH_CFB_MODE
+                   || ctx->mode == EVP_CIPH_OFB_MODE)) {
+        /* reset IV to keep compatibility with 1.1.1 */
+        memcpy(ctx->iv, ctx->oiv, ctx->ivlen);
     }
 
     if (key != NULL) {
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index a9eec323a0..6140e16e26 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -2447,7 +2447,7 @@ static int test_rand_agglomeration(void)
  * an encryption operation.
  * Run multiple times for some different relevant algorithms/modes.
  */
-static int test_evp_iv(int idx)
+static int test_evp_iv_aes(int idx)
 {
     int ret = 0;
     EVP_CIPHER_CTX *ctx = NULL;
@@ -2584,6 +2584,111 @@ err:
     return ret;
 }
 
+#ifndef OPENSSL_NO_DES
+static int test_evp_iv_des(int idx)
+{
+    int ret = 0;
+    EVP_CIPHER_CTX *ctx = NULL;
+    static const unsigned char key[24] = {
+        0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
+        0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
+        0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
+    };
+    static const unsigned char init_iv[8] = {
+        0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
+    };
+    static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
+                                         9, 10, 11, 12, 13, 14, 15, 16 };
+    unsigned char ciphertext[32], oiv[8], iv[8];
+    unsigned const char *ref_iv;
+    static const unsigned char cbc_state_des[8] = {
+        0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
+    };
+    static const unsigned char cbc_state_3des[8] = {
+        0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
+    };
+    static const unsigned char ofb_state_des[8] = {
+        0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
+    };
+    static const unsigned char ofb_state_3des[8] = {
+        0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
+    };
+    static const unsigned char cfb_state_des[8] = {
+        0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
+    };
+    static const unsigned char cfb_state_3des[8] = {
+        0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
+    };
+    int len = sizeof(ciphertext);
+    size_t ivlen, ref_len;
+    EVP_CIPHER *type = NULL;
+
+    if (lgcyprov == NULL && idx < 3)
+        return TEST_skip("Test requires legacy provider to be loaded");
+
+    switch(idx) {
+    case 0:
+        type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
+        ref_iv = cbc_state_des;
+        ref_len = sizeof(cbc_state_des);
+        break;
+    case 1:
+        type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
+        ref_iv = ofb_state_des;
+        ref_len = sizeof(ofb_state_des);
+        break;
+    case 2:
+        type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
+        ref_iv = cfb_state_des;
+        ref_len = sizeof(cfb_state_des);
+        break;
+    case 3:
+        type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
+        ref_iv = cbc_state_3des;
+        ref_len = sizeof(cbc_state_3des);
+        break;
+    case 4:
+        type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
+        ref_iv = ofb_state_3des;
+        ref_len = sizeof(ofb_state_3des);
+        break;
+    case 5:
+        type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
+        ref_iv = cfb_state_3des;
+        ref_len = sizeof(cfb_state_3des);
+        break;
+    default:
+        return 0;
+    }
+
+    if (!TEST_ptr(type)
+            || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
+            || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
+            || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
+                          (int)sizeof(msg)))
+            || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
+            || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
+            || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
+        goto err;
+    ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+    if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
+            || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
+        goto err;
+
+    if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
+        || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
+        goto err;
+    if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
+        goto err;
+
+    ret = 1;
+err:
+    EVP_CIPHER_CTX_free(ctx);
+    EVP_CIPHER_free(type);
+    return ret;
+}
+#endif
+
 #ifndef OPENSSL_NO_EC
 static int ecpub_nids[] = { NID_brainpoolP256r1, NID_X9_62_prime256v1,
     NID_secp384r1, NID_secp521r1, NID_sect233k1, NID_sect233r1, NID_sect283r1,
@@ -2828,7 +2933,10 @@ int setup_tests(void)
     ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
 
     ADD_TEST(test_rand_agglomeration);
-    ADD_ALL_TESTS(test_evp_iv, 12);
+    ADD_ALL_TESTS(test_evp_iv_aes, 12);
+#ifndef OPENSSL_NO_DES
+    ADD_ALL_TESTS(test_evp_iv_des, 6);
+#endif
     ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
 #ifndef OPENSSL_NO_EC
     ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));

More information about the openssl-commits mailing list