Add evp_test fixes.

Changed many tests so they also test fips (and removed 'availablein = default' from some tests).
Seperated the monolithic evppkey.txt file into smaller maintainable groups.
Changed the availablein option so it must be first - this then skips the entire test before any fetching happens.
Changed the code so that all the OPENSSL_NO_XXXX tests are done in code via methods such as is_cipher_disabled(alg),
before the fetch happens.
Added missing libctx's found by adding a libctx to test_evp.
Broke up large data files for cipher, kdf's and mac's into smaller pieces so they no longer need 'AvailableIn = default'
Added missing algorithm aliases for cipher/digests to the providers.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12236)
master
Shane Lontis 3 years ago
parent 64827f407b
commit 5ccada09aa

@ -216,7 +216,8 @@ static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx,
goto err;
/* Do KDF stuff */
if (!ecdh_KDF_X9_63(key, *keylen, ktmp, ktmplen,
dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md))
dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md,
ctx->libctx, ctx->propquery))
goto err;
rv = 1;

@ -24,13 +24,14 @@
int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
const unsigned char *Z, size_t Zlen,
const unsigned char *sinfo, size_t sinfolen,
const EVP_MD *md)
const EVP_MD *md,
OPENSSL_CTX *libctx, const char *propq)
{
int ret = 0;
EVP_KDF_CTX *kctx = NULL;
OSSL_PARAM params[4], *p = params;
const char *mdname = EVP_MD_name(md);
EVP_KDF *kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_X963KDF, NULL);
EVP_KDF *kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_X963KDF, propq);
if ((kctx = EVP_KDF_CTX_new(kdf)) != NULL) {
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
@ -59,6 +60,6 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
const unsigned char *sinfo, size_t sinfolen,
const EVP_MD *md)
{
return ecdh_KDF_X9_63(out, outlen, Z, Zlen, sinfo, sinfolen, md);
return ecdh_KDF_X9_63(out, outlen, Z, Zlen, sinfo, sinfolen, md, NULL, NULL);
}
#endif

@ -19,9 +19,11 @@
#include "crypto/evp.h"
#include "evp_local.h"
int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
const unsigned char *salt, int saltlen, int iter,
const EVP_MD *digest, int keylen, unsigned char *out)
int pkcs5_pbkdf2_hmac_with_libctx(const char *pass, int passlen,
const unsigned char *salt, int saltlen,
int iter, const EVP_MD *digest, int keylen,
unsigned char *out,
OPENSSL_CTX *libctx, const char *propq)
{
const char *empty = "";
int rv = 1, mode = 1;
@ -40,7 +42,7 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
if (salt == NULL && saltlen == 0)
salt = (unsigned char *)empty;
kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_PBKDF2, NULL);
kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_PBKDF2, propq);
kctx = EVP_KDF_CTX_new(kdf);
EVP_KDF_free(kdf);
if (kctx == NULL)
@ -78,6 +80,15 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
return rv;
}
int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, const unsigned char *salt,
int saltlen, int iter, const EVP_MD *digest, int keylen,
unsigned char *out)
{
return pkcs5_pbkdf2_hmac_with_libctx(pass, passlen, salt, saltlen, iter,
digest, keylen, out, NULL, NULL);
}
int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
const unsigned char *salt, int saltlen, int iter,
int keylen, unsigned char *out)

@ -46,7 +46,7 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
OSSL_PARAM params[7], *z = params;
if (r > UINT32_MAX || p > UINT32_MAX) {
EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PARAMETER_TOO_LARGE);
EVPerr(0, EVP_R_PARAMETER_TOO_LARGE);
return 0;
}
@ -62,6 +62,7 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
if (maxmem == 0)
maxmem = SCRYPT_MAX_MEM;
/* Use OPENSSL_CTX_set0_default() if you need a library context */
kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_SCRYPT, NULL);
kctx = EVP_KDF_CTX_new(kdf);
EVP_KDF_free(kdf);

@ -49,7 +49,7 @@ static int pkey_kdf_init(EVP_PKEY_CTX *ctx)
if (pkctx == NULL)
return 0;
kdf = EVP_KDF_fetch(NULL, kdf_name, NULL);
kdf = EVP_KDF_fetch(ctx->libctx, kdf_name, ctx->propquery);
kctx = EVP_KDF_CTX_new(kdf);
EVP_KDF_free(kdf);
if (kctx == NULL) {

@ -138,6 +138,9 @@ int sm2_encrypt(const EC_KEY *key,
uint8_t *C3 = NULL;
size_t field_size;
const int C3_size = EVP_MD_size(digest);
EVP_MD *fetched_digest = NULL;
OPENSSL_CTX *libctx = ec_key_get_libctx(key);
const char *propq = ec_key_get0_propq(key);
/* NULL these before any "goto done" */
ctext_struct.C2 = NULL;
@ -156,7 +159,7 @@ int sm2_encrypt(const EC_KEY *key,
kG = EC_POINT_new(group);
kP = EC_POINT_new(group);
ctx = BN_CTX_new();
ctx = BN_CTX_new_ex(libctx);
if (kG == NULL || kP == NULL || ctx == NULL) {
SM2err(SM2_F_SM2_ENCRYPT, ERR_R_MALLOC_FAILURE);
goto done;
@ -211,7 +214,7 @@ int sm2_encrypt(const EC_KEY *key,
/* X9.63 with no salt happens to match the KDF used in SM2 */
if (!ecdh_KDF_X9_63(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0,
digest)) {
digest, libctx, propq)) {
SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EVP_LIB);
goto done;
}
@ -219,7 +222,12 @@ int sm2_encrypt(const EC_KEY *key,
for (i = 0; i != msg_len; ++i)
msg_mask[i] ^= msg[i];
if (EVP_DigestInit(hash, digest) == 0
fetched_digest = EVP_MD_fetch(libctx, EVP_MD_name(digest), propq);
if (fetched_digest == NULL) {
SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR);
goto done;
}
if (EVP_DigestInit(hash, fetched_digest) == 0
|| EVP_DigestUpdate(hash, x2y2, field_size) == 0
|| EVP_DigestUpdate(hash, msg, msg_len) == 0
|| EVP_DigestUpdate(hash, x2y2 + field_size, field_size) == 0
@ -254,6 +262,7 @@ int sm2_encrypt(const EC_KEY *key,
rc = 1;
done:
EVP_MD_free(fetched_digest);
ASN1_OCTET_STRING_free(ctext_struct.C2);
ASN1_OCTET_STRING_free(ctext_struct.C3);
OPENSSL_free(msg_mask);
@ -288,6 +297,8 @@ int sm2_decrypt(const EC_KEY *key,
const uint8_t *C3 = NULL;
int msg_len = 0;
EVP_MD_CTX *hash = NULL;
OPENSSL_CTX *libctx = ec_key_get_libctx(key);
const char *propq = ec_key_get0_propq(key);
if (field_size == 0 || hash_size <= 0)
goto done;
@ -310,7 +321,7 @@ int sm2_decrypt(const EC_KEY *key,
C3 = sm2_ctext->C3->data;
msg_len = sm2_ctext->C2->length;
ctx = BN_CTX_new();
ctx = BN_CTX_new_ex(libctx);
if (ctx == NULL) {
SM2err(SM2_F_SM2_DECRYPT, ERR_R_MALLOC_FAILURE);
goto done;
@ -352,7 +363,7 @@ int sm2_decrypt(const EC_KEY *key,
if (BN_bn2binpad(x2, x2y2, field_size) < 0
|| BN_bn2binpad(y2, x2y2 + field_size, field_size) < 0
|| !ecdh_KDF_X9_63(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0,
digest)) {
digest, libctx, propq)) {
SM2err(SM2_F_SM2_DECRYPT, ERR_R_INTERNAL_ERROR);
goto done;
}

@ -20,6 +20,7 @@
#include "crypto/evp.h"
#include "crypto/sm2.h"
#include "crypto/sm2err.h"
#include "crypto/ec.h"
/* EC pkey context structure */
@ -124,9 +125,12 @@ static int pkey_sm2_encrypt(EVP_PKEY_CTX *ctx,
unsigned char *out, size_t *outlen,
const unsigned char *in, size_t inlen)
{
int ret;
EC_KEY *ec = ctx->pkey->pkey.ec;
SM2_PKEY_CTX *dctx = ctx->data;
const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md;
OPENSSL_CTX *libctx = ec_key_get_libctx(ec);
EVP_MD *fetched_md = NULL;
if (out == NULL) {
if (!sm2_ciphertext_size(ec, md, inlen, outlen))
@ -135,16 +139,24 @@ static int pkey_sm2_encrypt(EVP_PKEY_CTX *ctx,
return 1;
}
return sm2_encrypt(ec, md, in, inlen, out, outlen);
fetched_md = EVP_MD_fetch(libctx, EVP_MD_name(md), 0);
if (fetched_md == NULL)
return 0;
ret = sm2_encrypt(ec, fetched_md, in, inlen, out, outlen);
EVP_MD_free(fetched_md);
return ret;
}
static int pkey_sm2_decrypt(EVP_PKEY_CTX *ctx,
unsigned char *out, size_t *outlen,
const unsigned char *in, size_t inlen)
{
int ret;
EC_KEY *ec = ctx->pkey->pkey.ec;
SM2_PKEY_CTX *dctx = ctx->data;
const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md;
OPENSSL_CTX *libctx = ec_key_get_libctx(ec);
EVP_MD *fetched_md = NULL;
if (out == NULL) {
if (!sm2_plaintext_size(ec, md, inlen, outlen))
@ -153,7 +165,12 @@ static int pkey_sm2_decrypt(EVP_PKEY_CTX *ctx,
return 1;
}
return sm2_decrypt(ec, md, in, inlen, out, outlen);
fetched_md = EVP_MD_fetch(libctx, EVP_MD_name(md), 0);
if (fetched_md == NULL)
return 0;
ret = sm2_decrypt(ec, fetched_md, in, inlen, out, outlen);
EVP_MD_free(fetched_md);
return ret;
}
static int pkey_sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)

@ -42,7 +42,7 @@ int sm2_compute_z_digest(uint8_t *out,
uint8_t e_byte = 0;
hash = EVP_MD_CTX_new();
ctx = BN_CTX_new();
ctx = BN_CTX_new_ex(ec_key_get_libctx(key));
if (hash == NULL || ctx == NULL) {
SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_MALLOC_FAILURE);
goto done;
@ -146,6 +146,9 @@ static BIGNUM *sm2_compute_msg_hash(const EVP_MD *digest,
const int md_size = EVP_MD_size(digest);
uint8_t *z = NULL;
BIGNUM *e = NULL;
EVP_MD *fetched_digest = NULL;
OPENSSL_CTX *libctx = ec_key_get_libctx(key);
const char *propq = ec_key_get0_propq(key);
if (md_size < 0) {
SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, SM2_R_INVALID_DIGEST);
@ -158,12 +161,18 @@ static BIGNUM *sm2_compute_msg_hash(const EVP_MD *digest,
goto done;
}
if (!sm2_compute_z_digest(z, digest, id, id_len, key)) {
fetched_digest = EVP_MD_fetch(libctx, EVP_MD_name(digest), propq);
if (fetched_digest == NULL) {
SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, ERR_R_INTERNAL_ERROR);
goto done;
}
if (!sm2_compute_z_digest(z, fetched_digest, id, id_len, key)) {
/* SM2err already called */
goto done;
}
if (!EVP_DigestInit(hash, digest)
if (!EVP_DigestInit(hash, fetched_digest)
|| !EVP_DigestUpdate(hash, z, md_size)
|| !EVP_DigestUpdate(hash, msg, msg_len)
/* reuse z buffer to hold H(Z || M) */
@ -177,6 +186,7 @@ static BIGNUM *sm2_compute_msg_hash(const EVP_MD *digest,
SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, ERR_R_INTERNAL_ERROR);
done:
EVP_MD_free(fetched_digest);
OPENSSL_free(z);
EVP_MD_CTX_free(hash);
return e;
@ -196,9 +206,10 @@ static ECDSA_SIG *sm2_sig_gen(const EC_KEY *key, const BIGNUM *e)
BIGNUM *s = NULL;
BIGNUM *x1 = NULL;
BIGNUM *tmp = NULL;
OPENSSL_CTX *libctx = ec_key_get_libctx(key);
kG = EC_POINT_new(group);
ctx = BN_CTX_new();
ctx = BN_CTX_new_ex(libctx);
if (kG == NULL || ctx == NULL) {
SM2err(SM2_F_SM2_SIG_GEN, ERR_R_MALLOC_FAILURE);
goto done;
@ -227,7 +238,7 @@ static ECDSA_SIG *sm2_sig_gen(const EC_KEY *key, const BIGNUM *e)
}
for (;;) {
if (!BN_priv_rand_range(k, order)) {
if (!BN_priv_rand_range_ex(k, order, ctx)) {
SM2err(SM2_F_SM2_SIG_GEN, ERR_R_INTERNAL_ERROR);
goto done;
}
@ -295,8 +306,9 @@ static int sm2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig,
BIGNUM *x1 = NULL;
const BIGNUM *r = NULL;
const BIGNUM *s = NULL;
OPENSSL_CTX *libctx = ec_key_get_libctx(key);
ctx = BN_CTX_new();
ctx = BN_CTX_new_ex(libctx);
pt = EC_POINT_new(group);
if (ctx == NULL || pt == NULL) {
SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_MALLOC_FAILURE);
@ -421,6 +433,10 @@ int sm2_sign(const unsigned char *dgst, int dgstlen,
}
s = sm2_sig_gen(eckey, e);
if (s == NULL) {
SM2err(SM2_F_SM2_SIGN, ERR_R_INTERNAL_ERROR);
goto done;
}
sigleni = i2d_ECDSA_SIG(s, &sig);
if (sigleni < 0) {

@ -47,7 +47,7 @@ __owur int ec_group_do_inverse_ord(const EC_GROUP *group, BIGNUM *res,
int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
const unsigned char *Z, size_t Zlen,
const unsigned char *sinfo, size_t sinfolen,
const EVP_MD *md);
const EVP_MD *md, OPENSSL_CTX *libctx, const char *propq);
int ec_generate_key(OPENSSL_CTX *libctx, EC_KEY *eckey, int pairwise_test);
int ec_key_public_check(const EC_KEY *eckey, BN_CTX *ctx);

@ -753,6 +753,12 @@ void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags);
const EVP_CIPHER *evp_get_cipherbyname_ex(OPENSSL_CTX *libctx, const char *name);
const EVP_MD *evp_get_digestbyname_ex(OPENSSL_CTX *libctx, const char *name);
int pkcs5_pbkdf2_hmac_with_libctx(const char *pass, int passlen,
const unsigned char *salt, int saltlen,
int iter, const EVP_MD *digest, int keylen,
unsigned char *out,
OPENSSL_CTX *libctx, const char *propq);
#ifndef FIPS_MODULE
/*
* Internal helpers for stricter EVP_PKEY_CTX_{set,get}_params().

@ -95,7 +95,7 @@ static int deflt_get_params(void *provctx, OSSL_PARAM params[])
*/
static const OSSL_ALGORITHM deflt_digests[] = {
/* Our primary name:NIST name[:our older names] */
{ "SHA1:SHA-1", "provider=default", sha1_functions },
{ "SHA1:SHA-1:SSL3-SHA1", "provider=default", sha1_functions },
{ "SHA2-224:SHA-224:SHA224", "provider=default", sha224_functions },
{ "SHA2-256:SHA-256:SHA256", "provider=default", sha256_functions },
{ "SHA2-384:SHA-384:SHA384", "provider=default", sha384_functions },
@ -139,7 +139,7 @@ static const OSSL_ALGORITHM deflt_digests[] = {
#endif /* OPENSSL_NO_SM3 */
#ifndef OPENSSL_NO_MD5
{ "MD5", "provider=default", md5_functions },
{ "MD5:SSL3-MD5", "provider=default", md5_functions },
{ "MD5-SHA1", "provider=default", md5_sha1_functions },
#endif /* OPENSSL_NO_MD5 */
@ -151,9 +151,9 @@ static const OSSL_ALGORITHM_CAPABLE deflt_ciphers[] = {
ALG("AES-256-ECB", aes256ecb_functions),
ALG("AES-192-ECB", aes192ecb_functions),
ALG("AES-128-ECB", aes128ecb_functions),
ALG("AES-256-CBC", aes256cbc_functions),
ALG("AES-192-CBC", aes192cbc_functions),
ALG("AES-128-CBC", aes128cbc_functions),
ALG("AES-256-CBC:AES256", aes256cbc_functions),
ALG("AES-192-CBC:AES192", aes192cbc_functions),
ALG("AES-128-CBC:AES128", aes128cbc_functions),
ALG("AES-128-CBC-CTS", aes128cbc_cts_functions),
ALG("AES-192-CBC-CTS", aes192cbc_cts_functions),
ALG("AES-256-CBC-CTS", aes256cbc_cts_functions),

@ -271,7 +271,7 @@ const char *ossl_prov_util_nid_to_name(int nid)
*/
static const OSSL_ALGORITHM fips_digests[] = {
/* Our primary name:NiST name[:our older names] */
{ "SHA1:SHA-1", FIPS_DEFAULT_PROPERTIES, sha1_functions },
{ "SHA1:SHA-1:SSL3-SHA1", FIPS_DEFAULT_PROPERTIES, sha1_functions },
{ "SHA2-224:SHA-224:SHA224", FIPS_DEFAULT_PROPERTIES, sha224_functions },
{ "SHA2-256:SHA-256:SHA256", FIPS_DEFAULT_PROPERTIES, sha256_functions },
{ "SHA2-384:SHA-384:SHA384", FIPS_DEFAULT_PROPERTIES, sha384_functions },
@ -306,9 +306,9 @@ static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = {
ALG("AES-256-ECB", aes256ecb_functions),
ALG("AES-192-ECB", aes192ecb_functions),
ALG("AES-128-ECB", aes128ecb_functions),
ALG("AES-256-CBC", aes256cbc_functions),
ALG("AES-192-CBC", aes192cbc_functions),
ALG("AES-128-CBC", aes128cbc_functions),
ALG("AES-256-CBC:AES256", aes256cbc_functions),
ALG("AES-192-CBC:AES192", aes192cbc_functions),
ALG("AES-128-CBC:AES128", aes128cbc_functions),
ALG("AES-256-CBC-CTS", aes256cbc_cts_functions),
ALG("AES-192-CBC-CTS", aes192cbc_cts_functions),
ALG("AES-128-CBC-CTS", aes128cbc_cts_functions),

@ -489,7 +489,8 @@ int ecdh_X9_63_kdf_derive(void *vpecdhctx, unsigned char *secret,
stmp, stmplen,
pecdhctx->kdf_ukm,
pecdhctx->kdf_ukmlen,
pecdhctx->kdf_md))
pecdhctx->kdf_md,
pecdhctx->libctx, NULL))
goto err;
*psecretlen = pecdhctx->kdf_outlen;
ret = 1;

@ -35,7 +35,8 @@ static OSSL_FUNC_kdf_get_ctx_params_fn kdf_scrypt_get_ctx_params;
static int scrypt_alg(const char *pass, size_t passlen,
const unsigned char *salt, size_t saltlen,
uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem,
unsigned char *key, size_t keylen, EVP_MD *sha256);
unsigned char *key, size_t keylen, EVP_MD *sha256,
OPENSSL_CTX *libctx, const char *propq);
typedef struct {
void *provctx;
@ -138,7 +139,8 @@ static int kdf_scrypt_derive(void *vctx, unsigned char *key,
return scrypt_alg((char *)ctx->pass, ctx->pass_len, ctx->salt,
ctx->salt_len, ctx->N, ctx->r, ctx->p,
ctx->maxmem_bytes, key, keylen, ctx->sha256);
ctx->maxmem_bytes, key, keylen, ctx->sha256,
PROV_LIBRARY_CONTEXT_OF(ctx->provctx), NULL);
}
static int is_power_of_two(uint64_t value)
@ -361,7 +363,8 @@ static void scryptROMix(unsigned char *B, uint64_t r, uint64_t N,
static int scrypt_alg(const char *pass, size_t passlen,
const unsigned char *salt, size_t saltlen,
uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem,
unsigned char *key, size_t keylen, EVP_MD *sha256)
unsigned char *key, size_t keylen, EVP_MD *sha256,
OPENSSL_CTX *libctx, const char *propq)
{
int rv = 0;
unsigned char *B;
@ -445,15 +448,15 @@ static int scrypt_alg(const char *pass, size_t passlen,
X = (uint32_t *)(B + Blen);
T = X + 32 * r;
V = T + 32 * r;
if (PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, 1, sha256,
(int)Blen, B) == 0)
if (pkcs5_pbkdf2_hmac_with_libctx(pass, passlen, salt, saltlen, 1, sha256,
(int)Blen, B, libctx, propq) == 0)
goto err;
for (i = 0; i < p; i++)
scryptROMix(B + 128 * r * i, r, N, X, T, V);
if (PKCS5_PBKDF2_HMAC(pass, passlen, B, (int)Blen, 1, sha256,
keylen, key) == 0)
if (pkcs5_pbkdf2_hmac_with_libctx(pass, passlen, B, (int)Blen, 1, sha256,
keylen, key, libctx, propq) == 0)
goto err;
rv = 1;
err:

@ -111,9 +111,9 @@ static const OSSL_ALGORITHM legacy_ciphers[] = {
#endif /* OPENSSL_NO_SEED */
#ifndef OPENSSL_NO_RC2
ALG("RC2-ECB", rc2128ecb_functions),
ALG("RC2-CBC", rc2128cbc_functions),
ALG("RC2-40-CBC", rc240cbc_functions),
ALG("RC2-64-CBC", rc264cbc_functions),
ALG("RC2-CBC:RC2:RC2-128", rc2128cbc_functions),
ALG("RC2-40-CBC:RC2-40", rc240cbc_functions),
ALG("RC2-64-CBC:RC2-64", rc264cbc_functions),
ALG("RC2-CFB", rc2128cfb128_functions),
ALG("RC2-OFB", rc2128ofb128_functions),
#endif /* OPENSSL_NO_RC2 */
@ -126,7 +126,7 @@ static const OSSL_ALGORITHM legacy_ciphers[] = {
#endif /* OPENSSL_NO_RC4 */
#ifndef OPENSSL_NO_RC5
ALG("RC5-ECB", rc5128ecb_functions),
ALG("RC5-CBC", rc5128cbc_functions),
ALG("RC5-CBC:RC5", rc5128cbc_functions),
ALG("RC5-OFB", rc5128ofb64_functions),
ALG("RC5-CFB", rc5128cfb64_functions),
#endif /* OPENSSL_NO_RC5 */

File diff suppressed because it is too large Load Diff

@ -14,7 +14,7 @@ use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop
use OpenSSL::Test::Utils;
BEGIN {
setup("test_evp");
setup("test_evp");
}
use lib srctop_dir('Configurations');
@ -31,49 +31,73 @@ my @configs = ( $defaultcnf );
# Only add the FIPS config if the FIPS module has been built
push @configs, 'fips.cnf' unless $no_fips;
my @files = qw( evprand.txt evpciph.txt evpdigest.txt evppkey.txt
evppkey_ecc.txt evpciph_aes_cts.txt);
my @defltfiles = qw( evpencod.txt evpkdf.txt evppkey_kdf.txt evpmac.txt
evppbe.txt evpcase.txt evpccmcavs.txt );
my @ideafiles = qw( evpciph_idea.txt );
push @defltfiles, @ideafiles unless disabled("idea");
my @sivfiles = qw( evpaessiv.txt );
push @defltfiles, @sivfiles unless disabled("siv");
my @castfiles = qw( evpciph_cast5.txt );
push @defltfiles, @castfiles unless disabled("cast");
my @seedfiles = qw( evpciph_seed.txt );
push @defltfiles, @seedfiles unless disabled("seed");
my @sm4files = qw( evpciph_sm4.txt );
push @defltfiles, @sm4files unless disabled("sm4");
my @desfiles = qw( evpciph_des.txt );
push @defltfiles, @desfiles unless disabled("des");
my @rc4files = qw( evpciph_rc4.txt );
push @defltfiles, @rc4files unless disabled("rc4");
my @rc5files = qw( evpciph_rc5.txt );
push @defltfiles, @rc5files unless disabled("rc5");
my @rc2files = qw( evpciph_rc2.txt );
push @defltfiles, @rc2files unless disabled("rc2");
my @chachafiles = qw( evpciph_chacha.txt );
push @defltfiles, @chachafiles unless disabled("chacha");
my @bffiles = qw( evpciph_bf.txt );
push @defltfiles, @bffiles unless disabled("bf");
my @md2files = qw( evpmd_md2.txt );
push @defltfiles, @md2files unless disabled("md2");
my @mdc2files = qw( evpmd_mdc2.txt );
push @defltfiles, @mdc2files unless disabled("mdc2");
# A list of tests that run with both the default and fips provider.
my @files = qw(
evpciph_aes_ccm_cavs.txt
evpciph_aes_common.txt
evpciph_aes_cts1.txt
evpciph_des3_common.txt
evpkdf_hkdf.txt
evpkdf_pbkdf2.txt
evpkdf_ss.txt
evpkdf_ssh.txt
evpkdf_tls12_prf.txt
evpkdf_x963.txt
evpmac_common.txt
evpmd_sha.txt
evppbe_pbkdf2.txt
evppbe_pkcs12.txt
evppkey_dsa.txt
evppkey_ecc.txt
evppkey_ecdh.txt
evppkey_ecdsa.txt
evppkey_ecx.txt
evppkey_ffdhe.txt
evppkey_kas.txt
evppkey_kdf_hkdf.txt
evppkey_mismatch.txt
evppkey_rsa.txt
evprand.txt
);
# A list of tests that only run with the default provider
# (i.e. The algorithms are not present in the fips provider)
my @defltfiles = qw(
evpciph_aes_cts23.txt
evpciph_aes_ocb.txt
evpciph_aes_siv.txt
evpciph_aria.txt
evpciph_bf.txt
evpciph_camellia.txt
evpciph_cast5.txt
evpciph_chacha.txt
evpciph_des.txt
evpciph_idea.txt
evpciph_rc2.txt
evpciph_rc4.txt
evpciph_rc5.txt
evpciph_seed.txt
evpciph_sm4.txt
evpencod.txt
evpkdf_krb5.txt
evpkdf_scrypt.txt
evpkdf_tls11_prf.txt
evpkdf_x942.txt
evpmac_blake.txt
evpmac_poly1305.txt
evpmac_siphash.txt
evpmd_blake.txt
evpmd_md.txt
evpmd_mdc2.txt
evpmd_ripemd.txt
evpmd_sm3.txt
evpmd_whirlpool.txt
evppbe_scrypt.txt
evppkey_brainpool.txt
evppkey_kdf_scrypt.txt
evppkey_kdf_tls1_prf.txt
evppkey_sm2.txt
);
plan tests =>
($no_fips ? 0 : 1) # FIPS install test
@ -90,20 +114,20 @@ unless ($no_fips) {
}
foreach (@configs) {
$ENV{OPENSSL_CONF} = srctop_file("test", $_);
my $conf = srctop_file("test", $_);
foreach my $f ( @files ) {
ok(run(test(["evp_test", data_file("$f")])),
"running evp_test $f");
ok(run(test(["evp_test",
"-config", $conf,
data_file("$f")])),
"running evp_test -config $conf $f");
}
}
#TODO(3.0): As more operations are converted to providers we can move more of
# these tests to the loop above
$ENV{OPENSSL_CONF} = srctop_file("test", $defaultcnf);
my $conf = srctop_file("test", $defaultcnf);
foreach my $f ( @defltfiles ) {
ok(run(test(["evp_test", data_file("$f")])),
"running evp_test $f");
ok(run(test(["evp_test",
"-config", $conf,
data_file("$f")])),
"running evp_test -config $conf $f");
}

@ -1,54 +0,0 @@
#
# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# Tests start with one of these keywords
# Cipher Decrypt Derive Digest Encoding KDF MAC PBE
# PrivPubKeyPair Sign Verify VerifyRecover
# and continue until a blank line. Lines starting with a pound sign,
# like this prolog, are ignored.
# These tests exercise the case insensitive handling of object names.
# They are contrived
Title = Case insensitive AES tests
Cipher = Aes-128-eCb
Key = 2B7E151628AED2A6ABF7158809CF4F3C
Plaintext = 6BC1BEE22E409F96E93D7E117393172A
Ciphertext = 3AD77BB40D7A3660A89ECAF32466EF97
Cipher = AeS-128-cbC
Key = 2B7E151628AED2A6ABF7158809CF4F3C
IV = 73BED6B8E3C1743B7116E69E22229516
Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
Ciphertext = 3FF1CAA1681FAC09120ECA307586E1A7
Cipher = aES-128-CTR
Key = AE6852F8121067CC4BF7A5765577F39E
IV = 00000030000000000000000000000001
Operation = ENCRYPT
Plaintext = 53696E676C6520626C6F636B206D7367
Ciphertext = E4095D4FB7A7B3792D6175A3261311B8
Cipher = AES-128-GcM
Key = 00000000000000000000000000000000
IV = 000000000000000000000000
AAD =
Tag = ab6e47d42cec13bdf53a67b21257bddf
Plaintext = 00000000000000000000000000000000
Ciphertext = 0388dace60b6a392f328c2b971b2fe78
Title = Case insensitive digest tests
Digest = Sha3-256
Input = ""
Output = A7FFC6F8BF1ED76651C14756A061D662F580FF4DE43B49FA82D80A4B80F8434A
Digest = shA512
Input = "abc"
Output = ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f

@ -1,5 +1,5 @@
#
# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy

@ -0,0 +1,143 @@
#
# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# Original test vectors were taken from https://www.ietf.org/rfc/rfc3962.txt for CS3
# These have an IV of all zeros, for a 128 bit AES key.
Title = AES CBC Test vectors
#------------------------------------------------------
# AES_CBC results for aligned block lengths. (Result should be the same as 32 byte CTS1 & CTS2)
# 32 bytes input
Cipher = AES-128-CBC
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043
Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a8
# 48 bytes input
Cipher = AES-128-CBC
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20
Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd8
# 64 bytes input
Cipher = AES-128-CBC
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e
Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd84807efe836ee89a526730dbc2f7bc840
Title = AES CBC CTS1 Test vectors
#------------------------------------------------------
# Manually edited using the same inputs to also produce CS1 ciphertext
# where aligned blocks are the same as CBC mode, and partial lengths
# have the last 2 blocks swapped compared to CS3.
# 17 bytes Input((Default is CS1 if CTSMode is not specified)
Cipher = AES-128-CBC-CTS
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b652074686520
Ciphertext = 97c6353568f2bf8cb4d8a580362da7ff7f
# 31 bytes input
Cipher = AES-128-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320
Ciphertext = 97687268d6ecccc0c07b25e25ecfe5fc00783e0efdb2c1d445d4c8eff7ed22
# 32 bytes input
Cipher = AES-128-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043
Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a8
# 47 bytes input
Cipher = AES-128-CBC-CTS
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c
Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5b3fffd940c16a18c1b5549d2f838029e
# 64 bytes input (CS1 is equivalent to CBC when the last block in full)
Cipher = AES-128-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e
Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd84807efe836ee89a526730dbc2f7bc840
#-------------------------------------------------------------------------------
# Generated test values using an IV.
# 47 bytes input
Cipher = AES-128-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69
IV =000102030405060708090A0B0C0D0E0F
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c
Ciphertext = 5432a630742dee7beb70f9f1400ee6a0b557cfb581949a4bdf3bb67dedd472426da5c54a9990f5ae0b7825f51f0060
# 127 bytes
Cipher = AES-128-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69
IV = 000102030405060708090A0B0C0D0E0F
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f7570
Ciphertext = 5432a630742dee7beb70f9f1400ee6a0b557cfb581949a4bdf3bb67dedd472b9fc50e4e7dacf9e3d94b6cc031f9997a22d2fea7e6ef4aba2b717b0fa3f150e5e86e46b9e51c6ea5091a92aa791ce826b2e4fbaaf0e0314939625434b9530ce56f299891a48d26bdc287f54b230340d652a4721bf0f082ede80b6399800a92f
# 129 bytes
Cipher = AES-128-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69
IV = 000102030405060708090A0B0C0D0E0F
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e49
Ciphertext = 5432a630742dee7beb70f9f1400ee6a0b557cfb581949a4bdf3bb67dedd472b9fc50e4e7dacf9e3d94b6cc031f9997a22d2fea7e6ef4aba2b717b0fa3f150e5e86e46b9e51c6ea5091a92aa791ce826b2e4fbaaf0e0314939625434b9530ce56f299891a48d26bdc287f54b230340d14fde9fd1098b9b1db788b5868a8d009eeef
# 17 Bytes
Cipher = AES-192-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69636869636b656e20
IV = 000102030405060708090A0B0C0D0E0F
Plaintext = 4920776f756c64206c696b652074686520
Ciphertext = e9de1b402de8f79f947cc6b5880588d9b6
# 31 Bytes
Cipher = AES-192-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69636869636b656e20
IV = 000102030405060708090A0B0C0D0E0F
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320
Ciphertext = e9de17d6248fb492bdea1fb2e09c8edea2b610546f3b1e1d231821e283e153
# 32 Bytes
Cipher = AES-192-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69636869636b656e20
IV = 000102030405060708090A0B0C0D0E0F
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043
Ciphertext = e9de17d6248fb492bdea1fb2e09c8e8e31d005cc9fea948fed1ba6308dad9dd1
#------------------------------------------------------------------------------
# Failure test
# 15 bytes should fail for CS1
Cipher = AES-128-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 0102030405060708090A0B0C0D0E0F
Result = CIPHERUPDATE_ERROR

@ -9,83 +9,7 @@
# Original test vectors were taken from https://www.ietf.org/rfc/rfc3962.txt for CS3
# These have an IV of all zeros, for a 128 bit AES key.
# 17 bytes Input
Cipher = AES-128-CBC-CTS
Availablein = default
CTSMode = CS3
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b652074686520
Ciphertext = c6353568f2bf8cb4d8a580362da7ff7f97
# 31 bytes input
Cipher = AES-128-CBC-CTS
Availablein = default
CTSMode = CS3
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320
Ciphertext = fc00783e0efdb2c1d445d4c8eff7ed2297687268d6ecccc0c07b25e25ecfe5
# 32 bytes input (CS3 always swaps the last 2 byte blocks - so it is not equivalent to CBC for a full block)
Cipher = AES-128-CBC-CTS
Availablein = default
CTSMode = CS3
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043
Ciphertext = 39312523a78662d5be7fcbcc98ebf5a897687268d6ecccc0c07b25e25ecfe584
# 47 bytes input
Cipher = AES-128-CBC-CTS
Availablein = default
CTSMode = CS3
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c
Ciphertext = 97687268d6ecccc0c07b25e25ecfe584b3fffd940c16a18c1b5549d2f838029e39312523a78662d5be7fcbcc98ebf5
# 48 bytes input
Cipher = AES-128-CBC-CTS
Availablein = default
CTSMode = CS3
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20
Ciphertext = 97687268d6ecccc0c07b25e25ecfe5849dad8bbb96c4cdc03bc103e1a194bbd839312523a78662d5be7fcbcc98ebf5a8
# 64 bytes input (CS3 always swaps the last 2 byte blocks - so it is not equivalent to CBC for a full block)
Cipher = AES-128-CBC-CTS
Availablein = default
CTSMode = CS3
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e
Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a84807efe836ee89a526730dbc2f7bc8409dad8bbb96c4cdc03bc103e1a194bbd8
#------------------------------------------------------
# AES_CBC results for aligned block lengths. (Result should be the same as 32 byte CTS1 & CTS2)
# 32 bytes input
Cipher = AES-128-CBC
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043
Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a8
# 48 bytes input
Cipher = AES-128-CBC
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20
Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd8
# 64 bytes input
Cipher = AES-128-CBC
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e
Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd84807efe836ee89a526730dbc2f7bc840
Title = AES CBC CTS2 Test vectors
#------------------------------------------------------
# Manually edited using the same inputs to also produce CS2 ciphertext
@ -94,7 +18,6 @@ Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89da
# 17 bytes Input (For partial blocks the output should match CS3)
Cipher = AES-128-CBC-CTS
Availablein = default
CTSMode = CS2
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
@ -103,7 +26,6 @@ Ciphertext = c6353568f2bf8cb4d8a580362da7ff7f97
# 31 bytes input (For partial blocks the output should match CS3)
Cipher = AES-128-CBC-CTS
Availablein = default
CTSMode = CS2
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
@ -112,7 +34,6 @@ Ciphertext = fc00783e0efdb2c1d445d4c8eff7ed2297687268d6ecccc0c07b25e25ecfe5
# 32 bytes input (Aligned blocks should match normal CBC mode)
Cipher = AES-128-CBC-CTS
Availablein = default
CTSMode = CS2
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
@ -121,7 +42,6 @@ Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a8
# 47 bytes input
Cipher = AES-128-CBC-CTS
Availablein = default
CTSMode = CS2
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
@ -130,96 +50,110 @@ Ciphertext = 97687268d6ecccc0c07b25e25ecfe584b3fffd940c16a18c1b5549d2f838029e393
# 64 bytes input (CS2 is equivalent to CBC when the last block in full)
Cipher = AES-128-CBC-CTS
Availablein = default
CTSMode = CS2
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e
Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd84807efe836ee89a526730dbc2f7bc840
#------------------------------------------------------
# Manually edited using the same inputs to also produce CS1 ciphertext
# where aligned blocks are the same as CBC mode, and partial lengths
# have the last 2 blocks swapped compared to CS3.
# Generated test values using an IV.
# 17 Bytes
Cipher = AES-192-CBC-CTS
CTSMode = CS2
Key = 636869636b656e207465726979616b69636869636b656e20
IV = 000102030405060708090A0B0C0D0E0F
Plaintext = 4920776f756c64206c696b652074686520
Ciphertext = de1b402de8f79f947cc6b5880588d9b6e9
# 17 bytes Input((Default is CS1 if CTSMode is not specified)
# 31 Bytes
Cipher = AES-192-CBC-CTS
CTSMode = CS2
Key = 636869636b656e207465726979616b69636869636b656e20
IV = 000102030405060708090A0B0C0D0E0F
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320
Ciphertext = dea2b610546f3b1e1d231821e283e153e9de17d6248fb492bdea1fb2e09c8e
# 32 Bytes
Cipher = AES-192-CBC-CTS
CTSMode = CS2
Key = 636869636b656e207465726979616b69636869636b656e20
IV = 000102030405060708090A0B0C0D0E0F
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043
Ciphertext = e9de17d6248fb492bdea1fb2e09c8e8e31d005cc9fea948fed1ba6308dad9dd1
# Failure test - 15 bytes should fail for CS2
Cipher = AES-128-CBC-CTS
CTSMode = CS2
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 0102030405060708090A0B0C0D0E0F
Result = CIPHERUPDATE_ERROR
Title = AES CBC CTS3 Test vectors
# 17 bytes Input
Cipher = AES-128-CBC-CTS
CTSMode = CS3
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b652074686520
Ciphertext = 97c6353568f2bf8cb4d8a580362da7ff7f
Ciphertext = c6353568f2bf8cb4d8a580362da7ff7f97
# 31 bytes input
Cipher = AES-128-CBC-CTS
CTSMode = CS1
CTSMode = CS3
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320
Ciphertext = 97687268d6ecccc0c07b25e25ecfe5fc00783e0efdb2c1d445d4c8eff7ed22
Ciphertext = fc00783e0efdb2c1d445d4c8eff7ed2297687268d6ecccc0c07b25e25ecfe5
# 32 bytes input
# 32 bytes input (CS3 always swaps the last 2 byte blocks - so it is not equivalent to CBC for a full block)
Cipher = AES-128-CBC-CTS
CTSMode = CS1
CTSMode = CS3
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043
Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a8
Ciphertext = 39312523a78662d5be7fcbcc98ebf5a897687268d6ecccc0c07b25e25ecfe584
# 47 bytes input
Cipher = AES-128-CBC-CTS
CTSMode = CS3
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c
Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5b3fffd940c16a18c1b5549d2f838029e
Ciphertext = 97687268d6ecccc0c07b25e25ecfe584b3fffd940c16a18c1b5549d2f838029e39312523a78662d5be7fcbcc98ebf5
# 64 bytes input (CS1 is equivalent to CBC when the last block in full)
# 48 bytes input
Cipher = AES-128-CBC-CTS
CTSMode = CS3
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20
Ciphertext = 97687268d6ecccc0c07b25e25ecfe5849dad8bbb96c4cdc03bc103e1a194bbd839312523a78662d5be7fcbcc98ebf5a8
# 64 bytes input (CS3 always swaps the last 2 byte blocks - so it is not equivalent to CBC for a full block)
Cipher = AES-128-CBC-CTS
CTSMode = CS1
CTSMode = CS3
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e
Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd84807efe836ee89a526730dbc2f7bc840
Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a84807efe836ee89a526730dbc2f7bc8409dad8bbb96c4cdc03bc103e1a194bbd8
#-------------------------------------------------------------------------------
# Generated test values using an IV.
# Generated test values using an IV.
# 47 bytes input
Cipher = AES-128-CBC-CTS
Availablein = default
CTSMode = CS3
Key = 636869636b656e207465726979616b69
IV = 000102030405060708090A0B0C0D0E0F
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c
Ciphertext = 5432a630742dee7beb70f9f1400ee6a0426da5c54a9990f5ae0b7825f51f0060b557cfb581949a4bdf3bb67dedd472
# 47 bytes input
Cipher = AES-128-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69
IV =000102030405060708090A0B0C0D0E0F
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c
Ciphertext = 5432a630742dee7beb70f9f1400ee6a0b557cfb581949a4bdf3bb67dedd472426da5c54a9990f5ae0b7825f51f0060
# 127 bytes
Cipher = AES-128-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69
IV = 000102030405060708090A0B0C0D0E0F
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f7570
Ciphertext = 5432a630742dee7beb70f9f1400ee6a0b557cfb581949a4bdf3bb67dedd472b9fc50e4e7dacf9e3d94b6cc031f9997a22d2fea7e6ef4aba2b717b0fa3f150e5e86e46b9e51c6ea5091a92aa791ce826b2e4fbaaf0e0314939625434b9530ce56f299891a48d26bdc287f54b230340d652a4721bf0f082ede80b6399800a92f
# 129 bytes
Cipher = AES-128-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69
IV = 000102030405060708090A0B0C0D0E0F
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e49
Ciphertext = 5432a630742dee7beb70f9f1400ee6a0b557cfb581949a4bdf3bb67dedd472b9fc50e4e7dacf9e3d94b6cc031f9997a22d2fea7e6ef4aba2b717b0fa3f150e5e86e46b9e51c6ea5091a92aa791ce826b2e4fbaaf0e0314939625434b9530ce56f299891a48d26bdc287f54b230340d14fde9fd1098b9b1db788b5868a8d009eeef
#-------------------------------------------------------------------------------
# 17 Bytes
Cipher = AES-192-CBC-CTS
Availablein = default
CTSMode = CS3
Key = 636869636b656e207465726979616b69636869636b656e20
IV =000102030405060708090A0B0C0D0E0F
@ -228,7 +162,6 @@ Ciphertext = de1b402de8f79f947cc6b5880588d9b6e9
# 31 Bytes
Cipher = AES-192-CBC-CTS
Availablein = default
CTSMode = CS3
Key = 636869636b656e207465726979616b69636869636b656e20
IV = 000102030405060708090A0B0C0D0E0F
@ -237,68 +170,14 @@ Ciphertext = dea2b610546f3b1e1d231821e283e153e9de17d6248fb492bdea1fb2e09c8e
# 32 Bytes
Cipher = AES-192-CBC-CTS
Availablein = default
CTSMode = CS3
Key = 636869636b656e207465726979616b69636869636b656e20
IV = 000102030405060708090A0B0C0D0E0F
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043
Ciphertext = 31d005cc9fea948fed1ba6308dad9dd1e9de17d6248fb492bdea1fb2e09c8e8e
# 17 Bytes
Cipher = AES-192-CBC-CTS
Availablein = default
CTSMode = CS2
Key = 636869636b656e207465726979616b69636869636b656e20
IV = 000102030405060708090A0B0C0D0E0F
Plaintext = 4920776f756c64206c696b652074686520
Ciphertext = de1b402de8f79f947cc6b5880588d9b6e9
# 31 Bytes
Cipher = AES-192-CBC-CTS
Availablein = default
CTSMode = CS2
Key = 636869636b656e207465726979616b69636869636b656e20
IV = 000102030405060708090A0B0C0D0E0F
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320
Ciphertext = dea2b610546f3b1e1d231821e283e153e9de17d6248fb492bdea1fb2e09c8e
# 32 Bytes
Cipher = AES-192-CBC-CTS
Availablein = default
CTSMode = CS2
Key = 636869636b656e207465726979616b69636869636b656e20
IV = 000102030405060708090A0B0C0D0E0F
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043
Ciphertext = e9de17d6248fb492bdea1fb2e09c8e8e31d005cc9fea948fed1ba6308dad9dd1
# 17 Bytes
Cipher = AES-192-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69636869636b656e20
IV = 000102030405060708090A0B0C0D0E0F
Plaintext = 4920776f756c64206c696b652074686520
Ciphertext = e9de1b402de8f79f947cc6b5880588d9b6
# 31 Bytes
Cipher = AES-192-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69636869636b656e20
IV = 000102030405060708090A0B0C0D0E0F
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320
Ciphertext = e9de17d6248fb492bdea1fb2e09c8edea2b610546f3b1e1d231821e283e153
# 32 Bytes
Cipher = AES-192-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69636869636b656e20
IV = 000102030405060708090A0B0C0D0E0F
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043
Ciphertext = e9de17d6248fb492bdea1fb2e09c8e8e31d005cc9fea948fed1ba6308dad9dd1
#-------------------------------------------------------------------------------
# 17 Bytes
Cipher = AES-256-CBC-CTS
Availablein = default
CTSMode = CS3
Key = 636869636b656e207465726979616b69636869636b656e207465726979616b69
IV = 000102030405060708090A0B0C0D0E0F
@ -307,7 +186,6 @@ Ciphertext = 6b5f5abc21c4d04156c73850da3bba29e9
# 31 Bytes
Cipher = AES-256-CBC-CTS
Availablein = default
CTSMode = CS3
Key = 636869636b656e207465726979616b69636869636b656e207465726979616b69
IV = 000102030405060708090A0B0C0D0E0F
@ -316,36 +194,15 @@ Ciphertext = f22553af78ee4f468f02fbe6f0f2168ee954e79fae9310dc75b6070e1d6253
# 32 Bytes
Cipher = AES-256-CBC-CTS
Availablein = default
CTSMode = CS3
Key = 636869636b656e207465726979616b69636869636b656e207465726979616b69
IV = 000102030405060708090A0B0C0D0E0F
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043
Ciphertext = 2c0463982174df10baa9d8f782c5a5b3e954e79fae9310dc75b6070e1d625346
#------------------------------------------------------------------------------
# Failure tests
# 15 bytes should fail for CS1
Cipher = AES-128-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 0102030405060708090A0B0C0D0E0F
Result = CIPHERUPDATE_ERROR
# 15 bytes should fail for CS2
Cipher = AES-128-CBC-CTS
Availablein = default
CTSMode = CS2
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 0102030405060708090A0B0C0D0E0F
Result = CIPHERUPDATE_ERROR
# 15 bytes should fail for CS3
Cipher = AES-128-CBC-CTS
Availablein = default
CTSMode = CS3
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
@ -354,7 +211,6 @@ Result = CIPHERUPDATE_ERROR
# 16 bytes should fail for CS3 (since it always needs 2 blocks).
Cipher = AES-128-CBC-CTS
Availablein = default
CTSMode = CS3
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000

@ -0,0 +1,209 @@
#
# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# Tests start with one of these keywords
# Cipher Decrypt Derive Digest Encoding KDF MAC PBE
# PrivPubKeyPair Sign Verify VerifyRecover
# and continue until a blank line. Lines starting with a pound sign are ignored.
Title = AES OCB Test vectors
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD =
Tag = 197B9C3C441D3C83EAFB2BEF633B9182
Plaintext =
Ciphertext =
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD = 0001020304050607
Tag = 16DC76A46D47E1EAD537209E8A96D14E
Plaintext = 0001020304050607
Ciphertext = 92B657130A74B85A
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD = 0001020304050607
Tag = 98B91552C8C009185044E30A6EB2FE21
Plaintext =
Ciphertext =
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD =
Tag = 971EFFCAE19AD4716F88E87B871FBEED
Plaintext = 0001020304050607
Ciphertext = 92B657130A74B85A
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD = 000102030405060708090A0B0C0D0E0F
Tag = 776C9924D6723A1FC4524532AC3E5BEB
Plaintext = 000102030405060708090A0B0C0D0E0F
Ciphertext = BEA5E8798DBE7110031C144DA0B26122
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD = 000102030405060708090A0B0C0D0E0F
Tag = 7DDB8E6CEA6814866212509619B19CC6
Plaintext =
Ciphertext =
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD =
Tag = 13CC8B747807121A4CBB3E4BD6B456AF
Plaintext = 000102030405060708090A0B0C0D0E0F
Ciphertext = BEA5E8798DBE7110031C144DA0B26122
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD = 000102030405060708090A0B0C0D0E0F1011121314151617
Tag = 5FA94FC3F38820F1DC3F3D1FD4E55E1C
Plaintext = 000102030405060708090A0B0C0D0E0F1011121314151617
Ciphertext = BEA5E8798DBE7110031C144DA0B26122FCFCEE7A2A8D4D48
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD = 000102030405060708090A0B0C0D0E0F1011121314151617
Tag = 282026DA3068BC9FA118681D559F10F6
Plaintext =
Ciphertext =
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD =
Tag = 6EF2F52587FDA0ED97DC7EEDE241DF68
Plaintext = 000102030405060708090A0B0C0D0E0F1011121314151617
Ciphertext = BEA5E8798DBE7110031C144DA0B26122FCFCEE7A2A8D4D48
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
Tag = B2A040DD3BD5164372D76D7BB6824240
Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
Tag = E1E072633BADE51A60E85951D9C42A1B
Plaintext =
Ciphertext =
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD =
Tag = 4A3BAE824465CFDAF8C41FC50C7DF9D9
Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
Tag = 659C623211DEEA0DE30D2C381879F4C8
Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB68C65778B058A635
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
Tag = 7AEB7A69A1687DD082CA27B0D9A37096