[openssl] openssl-3.0 update

Dr. Paul Dale pauli at openssl.org
Thu Jan 27 01:02:27 UTC 2022


The branch openssl-3.0 has been updated
       via  4ac8e51e3272c7d7f2e7d62da699f52e0112ac05 (commit)
      from  17a27b8979d8dab8e57f2dad68d85dc2033cfeda (commit)


- Log -----------------------------------------------------------------
commit 4ac8e51e3272c7d7f2e7d62da699f52e0112ac05
Author: Tomas Mraz <tomas at openssl.org>
Date:   Tue Jan 25 18:10:26 2022 +0100

    Fix IV length of DES EDE ECB implementations
    
    Fixes #17587
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17591)
    
    (cherry picked from commit d450eb84c802b2f78971f905b251a0fb89ebb7d1)

-----------------------------------------------------------------------

Summary of changes:
 providers/implementations/ciphers/cipher_tdes.c         |  6 +-----
 providers/implementations/ciphers/cipher_tdes_default.c |  2 +-
 test/recipes/30-test_evp_data/evpciph_des3_common.txt   | 15 ++++++++++++++-
 3 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/providers/implementations/ciphers/cipher_tdes.c b/providers/implementations/ciphers/cipher_tdes.c
index e63c143755..409e2b8306 100644
--- a/providers/implementations/ciphers/cipher_tdes.c
+++ b/providers/implementations/ciphers/cipher_tdes.c
@@ -19,11 +19,7 @@
 #include "cipher_tdes.h"
 #include "prov/implementations.h"
 
-/*
- * NOTE: ECB mode does not use an IV - but existing test code is setting
- * an IV. Fixing this could potentially make applications break.
- */
 /* ossl_tdes_ede3_ecb_functions */
-IMPLEMENT_tdes_cipher(ede3, EDE3, ecb, ECB, TDES_FLAGS, 64*3, 64, 64, block);
+IMPLEMENT_tdes_cipher(ede3, EDE3, ecb, ECB, TDES_FLAGS, 64*3, 64, 0, block);
 /* ossl_tdes_ede3_cbc_functions */
 IMPLEMENT_tdes_cipher(ede3, EDE3, cbc, CBC, TDES_FLAGS, 64*3, 64, 64, block);
diff --git a/providers/implementations/ciphers/cipher_tdes_default.c b/providers/implementations/ciphers/cipher_tdes_default.c
index 0e75d0ff11..4d1fe5c3f9 100644
--- a/providers/implementations/ciphers/cipher_tdes_default.c
+++ b/providers/implementations/ciphers/cipher_tdes_default.c
@@ -26,7 +26,7 @@ IMPLEMENT_tdes_cipher(ede3, EDE3, cfb1, CFB, TDES_FLAGS, 64*3,  8, 64, stream);
 IMPLEMENT_tdes_cipher(ede3, EDE3, cfb8, CFB, TDES_FLAGS, 64*3,  8, 64, stream);
 
 /* ossl_tdes_ede2_ecb_functions */
-IMPLEMENT_tdes_cipher(ede2, EDE2, ecb, ECB, TDES_FLAGS, 64*2, 64, 64, block);
+IMPLEMENT_tdes_cipher(ede2, EDE2, ecb, ECB, TDES_FLAGS, 64*2, 64, 0, block);
 /* ossl_tdes_ede2_cbc_functions */
 IMPLEMENT_tdes_cipher(ede2, EDE2, cbc, CBC, TDES_FLAGS, 64*2, 64, 64, block);
 /* ossl_tdes_ede2_ofb_functions */
diff --git a/test/recipes/30-test_evp_data/evpciph_des3_common.txt b/test/recipes/30-test_evp_data/evpciph_des3_common.txt
index 30be60e842..d5e8f9728a 100644
--- a/test/recipes/30-test_evp_data/evpciph_des3_common.txt
+++ b/test/recipes/30-test_evp_data/evpciph_des3_common.txt
@@ -11,7 +11,7 @@
 #       PrivPubKeyPair Sign Verify VerifyRecover
 # and continue until a blank line. Lines starting with a pound sign are ignored.
 
-Title = DES3 Test
+Title = DES3 Tests
 
 # DES EDE3 CBC tests (from destest)
 Cipher = DES-EDE3-CBC
@@ -20,3 +20,16 @@ IV = fedcba9876543210
 Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000
 Ciphertext = 3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675
 NextIV = 1c673812cfde9675
+
+# DES EDE3 ECB test
+Cipher = DES-EDE3-ECB
+Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210
+Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000
+Ciphertext = 62c10cc9efbf15aaa5ae2e487b690e56d8b1dfb8f5c5b293855e77dd9024b1b1
+
+# DES EDE ECB test
+Availablein = default
+Cipher = DES-EDE-ECB
+Key = 0123456789abcdeffedcba9876543210
+Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000
+Ciphertext = 4d1332e49f380e23d80a0d8b2bae5e4e6a0094171abcfc27df2bfd40da9f4e4d


More information about the openssl-commits mailing list