Add evp_test fixes.

Changed many tests so they also test fips (and removed 'availablein = default' from some tests).
Seperated the monolithic evppkey.txt file into smaller maintainable groups.
Changed the availablein option so it must be first - this then skips the entire test before any fetching happens.
Changed the code so that all the OPENSSL_NO_XXXX tests are done in code via methods such as is_cipher_disabled(alg),
before the fetch happens.
Added missing libctx's found by adding a libctx to test_evp.
Broke up large data files for cipher, kdf's and mac's into smaller pieces so they no longer need 'AvailableIn = default'
Added missing algorithm aliases for cipher/digests to the providers.
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12236)

crypto/ec/ec_pmeth.c

@@ -216,7 +216,8 @@ static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx,
         goto err;
     /* Do KDF stuff */
     if (!ecdh_KDF_X9_63(key, *keylen, ktmp, ktmplen,
-                        dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md))
+                        dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md,
+                        ctx->libctx, ctx->propquery))
         goto err;
     rv = 1;
 

crypto/ec/ecdh_kdf.c

@@ -24,13 +24,14 @@
 int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
                    const unsigned char *Z, size_t Zlen,
                    const unsigned char *sinfo, size_t sinfolen,
-                   const EVP_MD *md)
+                   const EVP_MD *md,
+                   OPENSSL_CTX *libctx, const char *propq)
 {
     int ret = 0;
     EVP_KDF_CTX *kctx = NULL;
     OSSL_PARAM params[4], *p = params;
     const char *mdname = EVP_MD_name(md);
-    EVP_KDF *kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_X963KDF, NULL);
+    EVP_KDF *kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_X963KDF, propq);
 
     if ((kctx = EVP_KDF_CTX_new(kdf)) != NULL) {
         *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
@@ -59,6 +60,6 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
                    const unsigned char *sinfo, size_t sinfolen,
                    const EVP_MD *md)
 {
-    return ecdh_KDF_X9_63(out, outlen, Z, Zlen, sinfo, sinfolen, md);
+    return ecdh_KDF_X9_63(out, outlen, Z, Zlen, sinfo, sinfolen, md, NULL, NULL);
 }
 #endif

crypto/evp/p5_crpt2.c

@@ -19,9 +19,11 @@
 #include "crypto/evp.h"
 #include "evp_local.h"
 
-int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
-                      const unsigned char *salt, int saltlen, int iter,
-                      const EVP_MD *digest, int keylen, unsigned char *out)
+int pkcs5_pbkdf2_hmac_with_libctx(const char *pass, int passlen,
+                                  const unsigned char *salt, int saltlen,
+                                  int iter, const EVP_MD *digest, int keylen,
+                                  unsigned char *out,
+                                  OPENSSL_CTX *libctx, const char *propq)
 {
     const char *empty = "";
     int rv = 1, mode = 1;
@@ -40,7 +42,7 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
     if (salt == NULL && saltlen == 0)
         salt = (unsigned char *)empty;
 
-    kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_PBKDF2, NULL);
+    kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_PBKDF2, propq);
     kctx = EVP_KDF_CTX_new(kdf);
     EVP_KDF_free(kdf);
     if (kctx == NULL)
@@ -78,6 +80,15 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
     return rv;
 }
 
+int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, const unsigned char *salt,
+                      int saltlen, int iter, const EVP_MD *digest, int keylen,
+                      unsigned char *out)
+{
+    return pkcs5_pbkdf2_hmac_with_libctx(pass, passlen, salt, saltlen, iter,
+                                         digest, keylen, out, NULL, NULL);
+}
+
+
 int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
                            const unsigned char *salt, int saltlen, int iter,
                            int keylen, unsigned char *out)

crypto/evp/pbe_scrypt.c

@@ -46,7 +46,7 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
     OSSL_PARAM params[7], *z = params;
 
     if (r > UINT32_MAX || p > UINT32_MAX) {
-        EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PARAMETER_TOO_LARGE);
+        EVPerr(0, EVP_R_PARAMETER_TOO_LARGE);
         return 0;
     }
 
@@ -62,6 +62,7 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
     if (maxmem == 0)
         maxmem = SCRYPT_MAX_MEM;
 
+    /* Use OPENSSL_CTX_set0_default() if you need a library context */
     kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_SCRYPT, NULL);
     kctx = EVP_KDF_CTX_new(kdf);
     EVP_KDF_free(kdf);

crypto/evp/pkey_kdf.c

@@ -49,7 +49,7 @@ static int pkey_kdf_init(EVP_PKEY_CTX *ctx)
     if (pkctx == NULL)
         return 0;
 
-    kdf = EVP_KDF_fetch(NULL, kdf_name, NULL);
+    kdf = EVP_KDF_fetch(ctx->libctx, kdf_name, ctx->propquery);
     kctx = EVP_KDF_CTX_new(kdf);
     EVP_KDF_free(kdf);
     if (kctx == NULL) {

crypto/sm2/sm2_crypt.c

@@ -138,6 +138,9 @@ int sm2_encrypt(const EC_KEY *key,
     uint8_t *C3 = NULL;
     size_t field_size;
     const int C3_size = EVP_MD_size(digest);
+    EVP_MD *fetched_digest = NULL;
+    OPENSSL_CTX *libctx = ec_key_get_libctx(key);
+    const char *propq = ec_key_get0_propq(key);
 
     /* NULL these before any "goto done" */
     ctext_struct.C2 = NULL;
@@ -156,7 +159,7 @@ int sm2_encrypt(const EC_KEY *key,
 
     kG = EC_POINT_new(group);
     kP = EC_POINT_new(group);
-    ctx = BN_CTX_new();
+    ctx = BN_CTX_new_ex(libctx);
     if (kG == NULL || kP == NULL || ctx == NULL) {
         SM2err(SM2_F_SM2_ENCRYPT, ERR_R_MALLOC_FAILURE);
         goto done;
@@ -211,7 +214,7 @@ int sm2_encrypt(const EC_KEY *key,
 
     /* X9.63 with no salt happens to match the KDF used in SM2 */
     if (!ecdh_KDF_X9_63(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0,
-                        digest)) {
+                        digest, libctx, propq)) {
         SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EVP_LIB);
         goto done;
     }
@@ -219,7 +222,12 @@ int sm2_encrypt(const EC_KEY *key,
     for (i = 0; i != msg_len; ++i)
         msg_mask[i] ^= msg[i];
 
-    if (EVP_DigestInit(hash, digest) == 0
+    fetched_digest = EVP_MD_fetch(libctx, EVP_MD_name(digest), propq);
+    if (fetched_digest == NULL) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
+    if (EVP_DigestInit(hash, fetched_digest) == 0
             || EVP_DigestUpdate(hash, x2y2, field_size) == 0
             || EVP_DigestUpdate(hash, msg, msg_len) == 0
             || EVP_DigestUpdate(hash, x2y2 + field_size, field_size) == 0
@@ -254,6 +262,7 @@ int sm2_encrypt(const EC_KEY *key,
     rc = 1;
 
  done:
+    EVP_MD_free(fetched_digest);
     ASN1_OCTET_STRING_free(ctext_struct.C2);
     ASN1_OCTET_STRING_free(ctext_struct.C3);
     OPENSSL_free(msg_mask);
@@ -288,6 +297,8 @@ int sm2_decrypt(const EC_KEY *key,
     const uint8_t *C3 = NULL;
     int msg_len = 0;
     EVP_MD_CTX *hash = NULL;
+    OPENSSL_CTX *libctx = ec_key_get_libctx(key);
+    const char *propq = ec_key_get0_propq(key);
 
     if (field_size == 0 || hash_size <= 0)
        goto done;
@@ -310,7 +321,7 @@ int sm2_decrypt(const EC_KEY *key,
     C3 = sm2_ctext->C3->data;
     msg_len = sm2_ctext->C2->length;
 
-    ctx = BN_CTX_new();
+    ctx = BN_CTX_new_ex(libctx);
     if (ctx == NULL) {
         SM2err(SM2_F_SM2_DECRYPT, ERR_R_MALLOC_FAILURE);
         goto done;
@@ -352,7 +363,7 @@ int sm2_decrypt(const EC_KEY *key,
     if (BN_bn2binpad(x2, x2y2, field_size) < 0
             || BN_bn2binpad(y2, x2y2 + field_size, field_size) < 0
             || !ecdh_KDF_X9_63(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0,
-                               digest)) {
+                               digest, libctx, propq)) {
         SM2err(SM2_F_SM2_DECRYPT, ERR_R_INTERNAL_ERROR);
         goto done;
     }

crypto/sm2/sm2_pmeth.c

@@ -20,6 +20,7 @@
 #include "crypto/evp.h"
 #include "crypto/sm2.h"
 #include "crypto/sm2err.h"
+#include "crypto/ec.h"
 
 /* EC pkey context structure */
 
@@ -124,9 +125,12 @@ static int pkey_sm2_encrypt(EVP_PKEY_CTX *ctx,
                             unsigned char *out, size_t *outlen,
                             const unsigned char *in, size_t inlen)
 {
+    int ret;
     EC_KEY *ec = ctx->pkey->pkey.ec;
     SM2_PKEY_CTX *dctx = ctx->data;
     const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md;
+    OPENSSL_CTX *libctx = ec_key_get_libctx(ec);
+    EVP_MD *fetched_md = NULL;
 
     if (out == NULL) {
         if (!sm2_ciphertext_size(ec, md, inlen, outlen))
@@ -135,16 +139,24 @@ static int pkey_sm2_encrypt(EVP_PKEY_CTX *ctx,
             return 1;
     }
 
-    return sm2_encrypt(ec, md, in, inlen, out, outlen);
+    fetched_md = EVP_MD_fetch(libctx, EVP_MD_name(md), 0);
+    if (fetched_md == NULL)
+        return 0;
+    ret = sm2_encrypt(ec, fetched_md, in, inlen, out, outlen);
+    EVP_MD_free(fetched_md);
+    return ret;
 }
 
 static int pkey_sm2_decrypt(EVP_PKEY_CTX *ctx,
                             unsigned char *out, size_t *outlen,
                             const unsigned char *in, size_t inlen)
 {
+    int ret;
     EC_KEY *ec = ctx->pkey->pkey.ec;
     SM2_PKEY_CTX *dctx = ctx->data;
     const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md;
+    OPENSSL_CTX *libctx = ec_key_get_libctx(ec);
+    EVP_MD *fetched_md = NULL;
 
     if (out == NULL) {
         if (!sm2_plaintext_size(ec, md, inlen, outlen))
@@ -153,7 +165,12 @@ static int pkey_sm2_decrypt(EVP_PKEY_CTX *ctx,
             return 1;
     }
 
-    return sm2_decrypt(ec, md, in, inlen, out, outlen);
+    fetched_md = EVP_MD_fetch(libctx, EVP_MD_name(md), 0);
+    if (fetched_md == NULL)
+        return 0;
+    ret = sm2_decrypt(ec, fetched_md, in, inlen, out, outlen);
+    EVP_MD_free(fetched_md);
+    return ret;
 }
 
 static int pkey_sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)

crypto/sm2/sm2_sign.c

@@ -42,7 +42,7 @@ int sm2_compute_z_digest(uint8_t *out,
     uint8_t e_byte = 0;
 
     hash = EVP_MD_CTX_new();
-    ctx = BN_CTX_new();
+    ctx = BN_CTX_new_ex(ec_key_get_libctx(key));
     if (hash == NULL || ctx == NULL) {
         SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_MALLOC_FAILURE);
         goto done;
@@ -146,6 +146,9 @@ static BIGNUM *sm2_compute_msg_hash(const EVP_MD *digest,
     const int md_size = EVP_MD_size(digest);
     uint8_t *z = NULL;
     BIGNUM *e = NULL;
+    EVP_MD *fetched_digest = NULL;
+    OPENSSL_CTX *libctx = ec_key_get_libctx(key);
+    const char *propq = ec_key_get0_propq(key);
 
     if (md_size < 0) {
         SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, SM2_R_INVALID_DIGEST);
@@ -158,12 +161,18 @@ static BIGNUM *sm2_compute_msg_hash(const EVP_MD *digest,
         goto done;
     }
 
-    if (!sm2_compute_z_digest(z, digest, id, id_len, key)) {
+    fetched_digest = EVP_MD_fetch(libctx, EVP_MD_name(digest), propq);
+    if (fetched_digest == NULL) {
+        SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
+
+    if (!sm2_compute_z_digest(z, fetched_digest, id, id_len, key)) {
         /* SM2err already called */
         goto done;
     }
 
-    if (!EVP_DigestInit(hash, digest)
+    if (!EVP_DigestInit(hash, fetched_digest)
             || !EVP_DigestUpdate(hash, z, md_size)
             || !EVP_DigestUpdate(hash, msg, msg_len)
                /* reuse z buffer to hold H(Z || M) */
@@ -177,6 +186,7 @@ static BIGNUM *sm2_compute_msg_hash(const EVP_MD *digest,
         SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, ERR_R_INTERNAL_ERROR);
 
  done:
+    EVP_MD_free(fetched_digest);
     OPENSSL_free(z);
     EVP_MD_CTX_free(hash);
     return e;
@@ -196,9 +206,10 @@ static ECDSA_SIG *sm2_sig_gen(const EC_KEY *key, const BIGNUM *e)
     BIGNUM *s = NULL;
     BIGNUM *x1 = NULL;
     BIGNUM *tmp = NULL;
+    OPENSSL_CTX *libctx = ec_key_get_libctx(key);
 
     kG = EC_POINT_new(group);
-    ctx = BN_CTX_new();
+    ctx = BN_CTX_new_ex(libctx);
     if (kG == NULL || ctx == NULL) {
         SM2err(SM2_F_SM2_SIG_GEN, ERR_R_MALLOC_FAILURE);
         goto done;
@@ -227,7 +238,7 @@ static ECDSA_SIG *sm2_sig_gen(const EC_KEY *key, const BIGNUM *e)
     }
 
     for (;;) {
-        if (!BN_priv_rand_range(k, order)) {
+        if (!BN_priv_rand_range_ex(k, order, ctx)) {
             SM2err(SM2_F_SM2_SIG_GEN, ERR_R_INTERNAL_ERROR);
             goto done;
         }
@@ -295,8 +306,9 @@ static int sm2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig,
     BIGNUM *x1 = NULL;
     const BIGNUM *r = NULL;
     const BIGNUM *s = NULL;
+    OPENSSL_CTX *libctx = ec_key_get_libctx(key);
 
-    ctx = BN_CTX_new();
+    ctx = BN_CTX_new_ex(libctx);
     pt = EC_POINT_new(group);
     if (ctx == NULL || pt == NULL) {
         SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_MALLOC_FAILURE);
@@ -421,6 +433,10 @@ int sm2_sign(const unsigned char *dgst, int dgstlen,
     }
 
     s = sm2_sig_gen(eckey, e);
+    if (s == NULL) {
+        SM2err(SM2_F_SM2_SIGN, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
 
     sigleni = i2d_ECDSA_SIG(s, &sig);
     if (sigleni < 0) {

include/crypto/ec.h

@@ -47,7 +47,7 @@ __owur int ec_group_do_inverse_ord(const EC_GROUP *group, BIGNUM *res,
 int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
                    const unsigned char *Z, size_t Zlen,
                    const unsigned char *sinfo, size_t sinfolen,
-                   const EVP_MD *md);
+                   const EVP_MD *md, OPENSSL_CTX *libctx, const char *propq);
 
 int ec_generate_key(OPENSSL_CTX *libctx, EC_KEY *eckey, int pairwise_test);
 int ec_key_public_check(const EC_KEY *eckey, BN_CTX *ctx);

include/crypto/evp.h

@@ -753,6 +753,12 @@ void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags);
 const EVP_CIPHER *evp_get_cipherbyname_ex(OPENSSL_CTX *libctx, const char *name);
 const EVP_MD *evp_get_digestbyname_ex(OPENSSL_CTX *libctx, const char *name);
 
+int pkcs5_pbkdf2_hmac_with_libctx(const char *pass, int passlen,
+                                  const unsigned char *salt, int saltlen,
+                                  int iter, const EVP_MD *digest, int keylen,
+                                  unsigned char *out,
+                                  OPENSSL_CTX *libctx, const char *propq);
+
 #ifndef FIPS_MODULE
 /*
  * Internal helpers for stricter EVP_PKEY_CTX_{set,get}_params().

providers/defltprov.c

@@ -95,7 +95,7 @@ static int deflt_get_params(void *provctx, OSSL_PARAM params[])
  */
 static const OSSL_ALGORITHM deflt_digests[] = {
     /* Our primary name:NIST name[:our older names] */
-    { "SHA1:SHA-1", "provider=default", sha1_functions },
+    { "SHA1:SHA-1:SSL3-SHA1", "provider=default", sha1_functions },
     { "SHA2-224:SHA-224:SHA224", "provider=default", sha224_functions },
     { "SHA2-256:SHA-256:SHA256", "provider=default", sha256_functions },
     { "SHA2-384:SHA-384:SHA384", "provider=default", sha384_functions },
@@ -139,7 +139,7 @@ static const OSSL_ALGORITHM deflt_digests[] = {
 #endif /* OPENSSL_NO_SM3 */
 
 #ifndef OPENSSL_NO_MD5
-    { "MD5", "provider=default", md5_functions },
+    { "MD5:SSL3-MD5", "provider=default", md5_functions },
     { "MD5-SHA1", "provider=default", md5_sha1_functions },
 #endif /* OPENSSL_NO_MD5 */
 
@@ -151,9 +151,9 @@ static const OSSL_ALGORITHM_CAPABLE deflt_ciphers[] = {
     ALG("AES-256-ECB", aes256ecb_functions),
     ALG("AES-192-ECB", aes192ecb_functions),
     ALG("AES-128-ECB", aes128ecb_functions),
-    ALG("AES-256-CBC", aes256cbc_functions),
-    ALG("AES-192-CBC", aes192cbc_functions),
-    ALG("AES-128-CBC", aes128cbc_functions),
+    ALG("AES-256-CBC:AES256", aes256cbc_functions),
+    ALG("AES-192-CBC:AES192", aes192cbc_functions),
+    ALG("AES-128-CBC:AES128", aes128cbc_functions),
     ALG("AES-128-CBC-CTS", aes128cbc_cts_functions),
     ALG("AES-192-CBC-CTS", aes192cbc_cts_functions),
     ALG("AES-256-CBC-CTS", aes256cbc_cts_functions),

providers/fips/fipsprov.c

@@ -271,7 +271,7 @@ const char *ossl_prov_util_nid_to_name(int nid)
  */
 static const OSSL_ALGORITHM fips_digests[] = {
     /* Our primary name:NiST name[:our older names] */
-    { "SHA1:SHA-1", FIPS_DEFAULT_PROPERTIES, sha1_functions },
+    { "SHA1:SHA-1:SSL3-SHA1", FIPS_DEFAULT_PROPERTIES, sha1_functions },
     { "SHA2-224:SHA-224:SHA224", FIPS_DEFAULT_PROPERTIES, sha224_functions },
     { "SHA2-256:SHA-256:SHA256", FIPS_DEFAULT_PROPERTIES, sha256_functions },
     { "SHA2-384:SHA-384:SHA384", FIPS_DEFAULT_PROPERTIES, sha384_functions },
@@ -306,9 +306,9 @@ static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = {
     ALG("AES-256-ECB", aes256ecb_functions),
     ALG("AES-192-ECB", aes192ecb_functions),
     ALG("AES-128-ECB", aes128ecb_functions),
-    ALG("AES-256-CBC", aes256cbc_functions),
-    ALG("AES-192-CBC", aes192cbc_functions),
-    ALG("AES-128-CBC", aes128cbc_functions),
+    ALG("AES-256-CBC:AES256", aes256cbc_functions),
+    ALG("AES-192-CBC:AES192", aes192cbc_functions),
+    ALG("AES-128-CBC:AES128", aes128cbc_functions),
     ALG("AES-256-CBC-CTS", aes256cbc_cts_functions),
     ALG("AES-192-CBC-CTS", aes192cbc_cts_functions),
     ALG("AES-128-CBC-CTS", aes128cbc_cts_functions),

providers/implementations/exchange/ecdh_exch.c

@@ -489,7 +489,8 @@ int ecdh_X9_63_kdf_derive(void *vpecdhctx, unsigned char *secret,
                         stmp, stmplen,
                         pecdhctx->kdf_ukm,
                         pecdhctx->kdf_ukmlen,
-                        pecdhctx->kdf_md))
+                        pecdhctx->kdf_md,
+                        pecdhctx->libctx, NULL))
         goto err;
     *psecretlen = pecdhctx->kdf_outlen;
     ret = 1;

providers/implementations/kdfs/scrypt.c

@@ -35,7 +35,8 @@ static OSSL_FUNC_kdf_get_ctx_params_fn kdf_scrypt_get_ctx_params;
 static int scrypt_alg(const char *pass, size_t passlen,
                       const unsigned char *salt, size_t saltlen,
                       uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem,
-                      unsigned char *key, size_t keylen, EVP_MD *sha256);
+                      unsigned char *key, size_t keylen, EVP_MD *sha256,
+                      OPENSSL_CTX *libctx, const char *propq);
 
 typedef struct {
     void *provctx;
@@ -138,7 +139,8 @@ static int kdf_scrypt_derive(void *vctx, unsigned char *key,
 
     return scrypt_alg((char *)ctx->pass, ctx->pass_len, ctx->salt,
                       ctx->salt_len, ctx->N, ctx->r, ctx->p,
-                      ctx->maxmem_bytes, key, keylen, ctx->sha256);
+                      ctx->maxmem_bytes, key, keylen, ctx->sha256,
+                      PROV_LIBRARY_CONTEXT_OF(ctx->provctx), NULL);
 }
 
 static int is_power_of_two(uint64_t value)
@@ -361,7 +363,8 @@ static void scryptROMix(unsigned char *B, uint64_t r, uint64_t N,
 static int scrypt_alg(const char *pass, size_t passlen,
                       const unsigned char *salt, size_t saltlen,
                       uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem,
-                      unsigned char *key, size_t keylen, EVP_MD *sha256)
+                      unsigned char *key, size_t keylen, EVP_MD *sha256,
+                      OPENSSL_CTX *libctx, const char *propq)
 {
     int rv = 0;
     unsigned char *B;
@@ -445,15 +448,15 @@ static int scrypt_alg(const char *pass, size_t passlen,
     X = (uint32_t *)(B + Blen);
     T = X + 32 * r;
     V = T + 32 * r;
-    if (PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, 1, sha256,
-                          (int)Blen, B) == 0)
+    if (pkcs5_pbkdf2_hmac_with_libctx(pass, passlen, salt, saltlen, 1, sha256,
+                                      (int)Blen, B, libctx, propq) == 0)
         goto err;
 
     for (i = 0; i < p; i++)
         scryptROMix(B + 128 * r * i, r, N, X, T, V);
 
-    if (PKCS5_PBKDF2_HMAC(pass, passlen, B, (int)Blen, 1, sha256,
-                          keylen, key) == 0)
+    if (pkcs5_pbkdf2_hmac_with_libctx(pass, passlen, B, (int)Blen, 1, sha256,
+                                      keylen, key, libctx, propq) == 0)
         goto err;
     rv = 1;
  err:

providers/legacyprov.c

@@ -111,9 +111,9 @@ static const OSSL_ALGORITHM legacy_ciphers[] = {
 #endif /* OPENSSL_NO_SEED */
 #ifndef OPENSSL_NO_RC2
     ALG("RC2-ECB", rc2128ecb_functions),
-    ALG("RC2-CBC", rc2128cbc_functions),
-    ALG("RC2-40-CBC", rc240cbc_functions),
-    ALG("RC2-64-CBC", rc264cbc_functions),
+    ALG("RC2-CBC:RC2:RC2-128", rc2128cbc_functions),
+    ALG("RC2-40-CBC:RC2-40", rc240cbc_functions),
+    ALG("RC2-64-CBC:RC2-64", rc264cbc_functions),
     ALG("RC2-CFB", rc2128cfb128_functions),
     ALG("RC2-OFB", rc2128ofb128_functions),
 #endif /* OPENSSL_NO_RC2 */
@@ -126,7 +126,7 @@ static const OSSL_ALGORITHM legacy_ciphers[] = {
 #endif /* OPENSSL_NO_RC4 */
 #ifndef OPENSSL_NO_RC5
     ALG("RC5-ECB", rc5128ecb_functions),
-    ALG("RC5-CBC", rc5128cbc_functions),
+    ALG("RC5-CBC:RC5", rc5128cbc_functions),
     ALG("RC5-OFB", rc5128ofb64_functions),
     ALG("RC5-CFB", rc5128cfb64_functions),
 #endif /* OPENSSL_NO_RC5 */

test/recipes/30-test_evp.t

@@ -14,7 +14,7 @@ use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop
 use OpenSSL::Test::Utils;
 
 BEGIN {
-setup("test_evp");
+    setup("test_evp");
 }
 
 use lib srctop_dir('Configurations');
@@ -31,49 +31,73 @@ my @configs = ( $defaultcnf );
 # Only add the FIPS config if the FIPS module has been built
 push @configs, 'fips.cnf' unless $no_fips;
 
-my @files = qw( evprand.txt evpciph.txt evpdigest.txt evppkey.txt
-    evppkey_ecc.txt evpciph_aes_cts.txt);
-
-my @defltfiles = qw( evpencod.txt evpkdf.txt evppkey_kdf.txt evpmac.txt
-    evppbe.txt evpcase.txt evpccmcavs.txt );
-my @ideafiles = qw( evpciph_idea.txt );
-push @defltfiles, @ideafiles unless disabled("idea");
-
-my @sivfiles = qw( evpaessiv.txt );
-push @defltfiles, @sivfiles unless disabled("siv");
-
-my @castfiles = qw( evpciph_cast5.txt );
-push @defltfiles, @castfiles unless disabled("cast");
-
-my @seedfiles = qw( evpciph_seed.txt );
-push @defltfiles, @seedfiles unless disabled("seed");
-
-my @sm4files = qw( evpciph_sm4.txt );
-push @defltfiles, @sm4files unless disabled("sm4");
-
-my @desfiles = qw( evpciph_des.txt );
-push @defltfiles, @desfiles unless disabled("des");
-
-my @rc4files = qw( evpciph_rc4.txt );
-push @defltfiles, @rc4files unless disabled("rc4");
-
-my @rc5files = qw( evpciph_rc5.txt );
-push @defltfiles, @rc5files unless disabled("rc5");
-
-my @rc2files = qw( evpciph_rc2.txt );
-push @defltfiles, @rc2files unless disabled("rc2");
-
-my @chachafiles = qw( evpciph_chacha.txt );
-push @defltfiles, @chachafiles unless disabled("chacha");
-
-my @bffiles = qw( evpciph_bf.txt );
-push @defltfiles, @bffiles unless disabled("bf");
-
-my @md2files = qw( evpmd_md2.txt );
-push @defltfiles, @md2files unless disabled("md2");
-
-my @mdc2files = qw( evpmd_mdc2.txt );
-push @defltfiles, @mdc2files unless disabled("mdc2");
+# A list of tests that run with both the default and fips provider.
+my @files = qw(
+                evpciph_aes_ccm_cavs.txt
+                evpciph_aes_common.txt
+                evpciph_aes_cts1.txt
+                evpciph_des3_common.txt
+                evpkdf_hkdf.txt
+                evpkdf_pbkdf2.txt
+                evpkdf_ss.txt
+                evpkdf_ssh.txt
+                evpkdf_tls12_prf.txt
+                evpkdf_x963.txt
+                evpmac_common.txt
+                evpmd_sha.txt
+                evppbe_pbkdf2.txt
+                evppbe_pkcs12.txt
+                evppkey_dsa.txt 
+                evppkey_ecc.txt
+                evppkey_ecdh.txt
+                evppkey_ecdsa.txt
+                evppkey_ecx.txt
+                evppkey_ffdhe.txt
+                evppkey_kas.txt
+                evppkey_kdf_hkdf.txt
+                evppkey_mismatch.txt
+                evppkey_rsa.txt
+                evprand.txt
+              );
+
+# A list of tests that only run with the default provider
+# (i.e. The algorithms are not present in the fips provider)
+my @defltfiles = qw(
+                     evpciph_aes_cts23.txt
+                     evpciph_aes_ocb.txt
+                     evpciph_aes_siv.txt
+                     evpciph_aria.txt 
+                     evpciph_bf.txt
+                     evpciph_camellia.txt
+                     evpciph_cast5.txt
+                     evpciph_chacha.txt
+                     evpciph_des.txt
+                     evpciph_idea.txt
+                     evpciph_rc2.txt
+                     evpciph_rc4.txt
+                     evpciph_rc5.txt
+                     evpciph_seed.txt
+                     evpciph_sm4.txt
+                     evpencod.txt
+                     evpkdf_krb5.txt
+                     evpkdf_scrypt.txt
+                     evpkdf_tls11_prf.txt
+                     evpkdf_x942.txt
+                     evpmac_blake.txt
+                     evpmac_poly1305.txt
+                     evpmac_siphash.txt
+                     evpmd_blake.txt
+                     evpmd_md.txt
+                     evpmd_mdc2.txt
+                     evpmd_ripemd.txt
+                     evpmd_sm3.txt
+                     evpmd_whirlpool.txt
+                     evppbe_scrypt.txt
+                     evppkey_brainpool.txt
+                     evppkey_kdf_scrypt.txt
+                     evppkey_kdf_tls1_prf.txt
+                     evppkey_sm2.txt
+                    );
 
 plan tests =>
     ($no_fips ? 0 : 1)          # FIPS install test
@@ -90,20 +114,20 @@ unless ($no_fips) {
 }
 
 foreach (@configs) {
-    $ENV{OPENSSL_CONF} = srctop_file("test", $_);
+    my $conf = srctop_file("test", $_);
 
     foreach my $f ( @files ) {
-        ok(run(test(["evp_test", data_file("$f")])),
-           "running evp_test $f");
+        ok(run(test(["evp_test",
+                     "-config", $conf,
+                     data_file("$f")])),
+           "running evp_test -config $conf $f");
     }
 }
 
-#TODO(3.0): As more operations are converted to providers we can move more of
-#           these tests to the loop above
-
-$ENV{OPENSSL_CONF} = srctop_file("test", $defaultcnf);
-
+my $conf = srctop_file("test", $defaultcnf);
 foreach my $f ( @defltfiles ) {
-    ok(run(test(["evp_test", data_file("$f")])),
-       "running evp_test $f");
+    ok(run(test(["evp_test",
+                 "-config", $conf,
+                 data_file("$f")])),
+       "running evp_test -config $conf $f");
 }

test/recipes/30-test_evp_data/evpcase.txt

-#
-# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-# Tests start with one of these keywords
-#       Cipher Decrypt Derive Digest Encoding KDF MAC PBE
-#       PrivPubKeyPair Sign Verify VerifyRecover
-# and continue until a blank line.  Lines starting with a pound sign,
-# like this prolog, are ignored.
-
-# These tests exercise the case insensitive handling of object names.
-# They are contrived
-
-Title = Case insensitive AES tests
-
-Cipher = Aes-128-eCb
-Key = 2B7E151628AED2A6ABF7158809CF4F3C
-Plaintext = 6BC1BEE22E409F96E93D7E117393172A
-Ciphertext = 3AD77BB40D7A3660A89ECAF32466EF97
-
-Cipher = AeS-128-cbC
-Key = 2B7E151628AED2A6ABF7158809CF4F3C
-IV = 73BED6B8E3C1743B7116E69E22229516
-Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
-Ciphertext = 3FF1CAA1681FAC09120ECA307586E1A7
-
-Cipher = aES-128-CTR
-Key = AE6852F8121067CC4BF7A5765577F39E
-IV = 00000030000000000000000000000001
-Operation = ENCRYPT
-Plaintext = 53696E676C6520626C6F636B206D7367
-Ciphertext = E4095D4FB7A7B3792D6175A3261311B8
-
-Cipher = AES-128-GcM
-Key = 00000000000000000000000000000000
-IV = 000000000000000000000000
-AAD =
-Tag = ab6e47d42cec13bdf53a67b21257bddf
-Plaintext = 00000000000000000000000000000000
-Ciphertext = 0388dace60b6a392f328c2b971b2fe78
-
-Title = Case insensitive digest tests
-
-Digest = Sha3-256
-Input = ""
-Output = A7FFC6F8BF1ED76651C14756A061D662F580FF4DE43B49FA82D80A4B80F8434A
-
-Digest = shA512
-Input = "abc"
-Output = ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f

test/recipes/30-test_evp_data/evpccmcavs.txt → test/recipes/30-test_evp_data/evpciph_aes_ccm_cavs.txt

 #
-# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy

test/recipes/30-test_evp_data/evpciph_aes_cts1.txt

+#
+# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# Original test vectors were taken from https://www.ietf.org/rfc/rfc3962.txt for CS3
+# These have an IV of all zeros, for a 128 bit AES key.
+
+Title = AES CBC Test vectors
+
+#------------------------------------------------------
+# AES_CBC results for aligned block lengths. (Result should be the same as 32 byte CTS1 & CTS2)
+
+# 32 bytes input
+Cipher = AES-128-CBC
+Key = 636869636b656e207465726979616b69
+IV = 00000000000000000000000000000000
+Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043
+Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a8
+
+# 48 bytes input
+Cipher = AES-128-CBC
+Key = 636869636b656e207465726979616b69
+IV = 00000000000000000000000000000000
+Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20
+Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd8
+
+# 64 bytes input
+Cipher = AES-128-CBC
+Key = 636869636b656e207465726979616b69
+IV = 00000000000000000000000000000000
+Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e
+Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd84807efe836ee89a526730dbc2f7bc840
+
+Title = AES CBC CTS1 Test vectors
+
+#------------------------------------------------------
+# Manually edited using the same inputs to also produce CS1 ciphertext
+# where aligned blocks are the same as CBC mode, and partial lengths
+# have the last 2 blocks swapped compared to CS3.
+
+# 17 bytes Input((Default is CS1 if CTSMode is not specified)
+Cipher = AES-128-CBC-CTS
+Key = 636869636b656e207465726979616b69
+IV = 00000000000000000000000000000000
+Plaintext = 4920776f756c64206c696b652074686520
+Ciphertext = 97c6353568f2bf8cb4d8a580362da7ff7f
+
+# 31 bytes input
+Cipher = AES-128-CBC-CTS
+CTSMode = CS1
+Key = 636869636b656e207465726979616b69
+IV = 00000000000000000000000000000000
+Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320
+Ciphertext = 97687268d6ecccc0c07b25e25ecfe5fc00783e0efdb2c1d445d4c8eff7ed22
+
+# 32 bytes input
+Cipher = AES-128-CBC-CTS
+CTSMode = CS1
+Key = 636869636b656e207465726979616b69
+IV = 00000000000000000000000000000000
+Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043
+Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a8
+
+# 47 bytes input
+Cipher = AES-128-CBC-CTS
+Key = 636869636b656e207465726979616b69
+IV = 00000000000000000000000000000000
+Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c
+Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5b3fffd940c16a18c1b5549d2f838029e
+
+# 64 bytes input (CS1 is equivalent to CBC when the last block in full)
+Cipher = AES-128-CBC-CTS
+CTSMode = CS1
+Key = 636869636b656e207465726979616b69
+IV = 00000000000000000000000000000000
+Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e
+Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd84807efe836ee89a526730dbc2f7bc840
+
+#-------------------------------------------------------------------------------
+# Generated test values using an IV.
+
+# 47 bytes input
+Cipher = AES-128-CBC-CTS
+CTSMode = CS1
+Key = 636869636b656e207465726979616b69
+IV =000102030405060708090A0B0C0D0E0F
+Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c
+Ciphertext = 5432a630742dee7beb70f9f1400ee6a0b557cfb581949a4bdf3bb67dedd472426da5c54a9990f5ae0b7825f51f0060
+
+# 127 bytes
+Cipher = AES-128-CBC-CTS
+CTSMode = CS1
+Key = 636869636b656e207465726979616b69
+IV = 000102030405060708090A0B0C0D0E0F
+Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f7570
+Ciphertext = 5432a630742dee7beb70f9f1400ee6a0b557cfb581949a4bdf3bb67dedd472b9fc50e4e7dacf9e3d94b6cc031f9997a22d2fea7e6ef4aba2b717b0fa3f150e5e86e46b9e51c6ea5091a92aa791ce826b2e4fbaaf0e0314939625434b9530ce56f299891a48d26bdc287f54b230340d652a4721bf0f082ede80b6399800a92f
+
+# 129 bytes
+Cipher = AES-128-CBC-CTS
+CTSMode = CS1
+Key = 636869636b656e207465726979616b69
+IV = 000102030405060708090A0B0C0D0E0F
+Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e49
+Ciphertext = 5432a630742dee7beb70f9f1400ee6a0b557cfb581949a4bdf3bb67dedd472b9fc50e4e7dacf9e3d94b6cc031f9997a22d2fea7e6ef4aba2b717b0fa3f150e5e86e46b9e51c6ea5091a92aa791ce826b2e4fbaaf0e0314939625434b9530ce56f299891a48d26bdc287f54b230340d14fde9fd1098b9b1db788b5868a8d009eeef
+
+# 17 Bytes
+Cipher = AES-192-CBC-CTS
+CTSMode = CS1
+Key = 636869636b656e207465726979616b69636869636b656e20
+IV = 000102030405060708090A0B0C0D0E0F
+Plaintext = 4920776f756c64206c696b652074686520
+Ciphertext = e9de1b402de8f79f947cc6b5880588d9b6
+
+# 31 Bytes
+Cipher = AES-192-CBC-CTS
+CTSMode = CS1
+Key = 636869636b656e207465726979616b69636869636b656e20
+IV = 000102030405060708090A0B0C0D0E0F
+Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320
+Ciphertext = e9de17d6248fb492bdea1fb2e09c8edea2b610546f3b1e1d231821e283e153
+
+# 32 Bytes
+Cipher = AES-192-CBC-CTS
+CTSMode = CS1
+Key = 636869636b656e207465726979616b69636869636b656e20
+IV = 000102030405060708090A0B0C0D0E0F
+Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043
+Ciphertext = e9de17d6248fb492bdea1fb2e09c8e8e31d005cc9fea948fed1ba6308dad9dd1
+
+#------------------------------------------------------------------------------
+# Failure test
+
+# 15 bytes should fail for CS1
+Cipher = AES-128-CBC-CTS
+CTSMode = CS1
+Key = 636869636b656e207465726979616b69
+IV = 00000000000000000000000000000000
+Plaintext = 0102030405060708090A0B0C0D0E0F
+Result = CIPHERUPDATE_ERROR

test/recipes/30-test_evp_data/evpciph_aes_cts.txt → test/recipes/30-test_evp_data/evpciph_aes_cts23.txt

@@ -9,83 +9,7 @@
 # Original test vectors were taken from https://www.ietf.org/rfc/rfc3962.txt for CS3
 # These have an IV of all zeros, for a 128 bit AES key.
 
-# 17 bytes Input
-Cipher = AES-128-CBC-CTS
-Availablein = default
-CTSMode = CS3
-Key = 636869636b656e207465726979616b69
-IV = 00000000000000000000000000000000
-Plaintext = 4920776f756c64206c696b652074686520
-Ciphertext = c6353568f2bf8cb4d8a580362da7ff7f97
-
-# 31 bytes input
-Cipher = AES-128-CBC-CTS
-Availablein = default
-CTSMode = CS3
-Key = 636869636b656e207465726979616b69
-IV = 00000000000000000000000000000000
-Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320
-Ciphertext = fc00783e0efdb2c1d445d4c8eff7ed2297687268d6ecccc0c07b25e25ecfe5
-
-# 32 bytes input (CS3 always swaps the last 2 byte blocks - so it is not equivalent to CBC for a full block)
-Cipher = AES-128-CBC-CTS
-Availablein = default
-CTSMode = CS3
-Key = 636869636b656e207465726979616b69
-IV = 00000000000000000000000000000000
-Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043
-Ciphertext = 39312523a78662d5be7fcbcc98ebf5a897687268d6ecccc0c07b25e25ecfe584
-
-# 47 bytes input
-Cipher = AES-128-CBC-CTS
-Availablein = default
-CTSMode = CS3
-Key = 636869636b656e207465726979616b69
-IV = 00000000000000000000000000000000
-Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c
-Ciphertext = 97687268d6ecccc0c07b25e25ecfe584b3fffd940c16a18c1b5549d2f838029e39312523a78662d5be7fcbcc98ebf5
-
-# 48 bytes input
-Cipher = AES-128-CBC-CTS
-Availablein = default
-CTSMode = CS3
-Key = 636869636b656e207465726979616b69
-IV = 00000000000000000000000000000000
-Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20
-Ciphertext = 97687268d6ecccc0c07b25e25ecfe5849dad8bbb96c4cdc03bc103e1a194bbd839312523a78662d5be7fcbcc98ebf5a8
-
-# 64 bytes input (CS3 always swaps the last 2 byte blocks - so it is not equivalent to CBC for a full block)
-Cipher = AES-128-CBC-CTS
-Availablein = default
-CTSMode = CS3
-Key = 636869636b656e207465726979616b69
-IV = 00000000000000000000000000000000
-Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e
-Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a84807efe836ee89a526730dbc2f7bc8409dad8bbb96c4cdc03bc103e1a194bbd8
-
-#------------------------------------------------------
-# AES_CBC results for aligned block lengths. (Result should be the same as 32 byte CTS1 & CTS2)
-
-# 32 bytes input
-Cipher = AES-128-CBC
-Key = 636869636b656e207465726979616b69
-IV = 00000000000000000000000000000000
-Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043
-Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a8
-
-# 48 bytes input
-Cipher = AES-128-CBC
-Key = 636869636b656e207465726979616b69
-IV = 00000000000000000000000000000000
-Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20
-Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd8
-
-# 64 bytes input
-Cipher = AES-128-CBC
-Key = 636869636b656e207465726979616b69
-IV = 00000000000000000000000000000000
-Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e
-Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd84807efe836ee89a526730dbc2f7bc840
+Title = AES CBC CTS2 Test vectors
 
 #------------------------------------------------------
 # Manually edited using the same inputs to also produce CS2 ciphertext
@@ -94,7 +18,6 @@ Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89da
 
 # 17 bytes Input (For partial blocks the output should match CS3)
 Cipher = AES-128-CBC-CTS
-Availablein = default
 CTSMode = CS2
 Key = 636869636b656e207465726979616b69
 IV = 00000000000000000000000000000000
@@ -103,7 +26,6 @@ Ciphertext = c6353568f2bf8cb4d8a580362da7ff7f97
 
 # 31 bytes input (For partial blocks the output should match CS3)
 Cipher = AES-128-CBC-CTS
-Availablein = default
 CTSMode = CS2
 Key = 636869636b656e207465726979616b69
 IV = 00000000000000000000000000000000
@@ -112,7 +34,6 @@ Ciphertext = fc00783e0efdb2c1d445d4c8eff7ed2297687268d6ecccc0c07b25e25ecfe5
 
 # 32 bytes input (Aligned blocks should match normal CBC mode)
 Cipher = AES-128-CBC-CTS
-Availablein = default
 CTSMode = CS2
 Key = 636869636b656e207465726979616b69
 IV = 00000000000000000000000000000000
@@ -121,7 +42,6 @@ Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a8
 
 # 47 bytes input
 Cipher = AES-128-CBC-CTS
-Availablein = default
 CTSMode = CS2
 Key = 636869636b656e207465726979616b69
 IV = 00000000000000000000000000000000
@@ -130,96 +50,110 @@ Ciphertext = 97687268d6ecccc0c07b25e25ecfe584b3fffd940c16a18c1b5549d2f838029e393
 
 # 64 bytes input (CS2 is equivalent to CBC when the last block in full)
 Cipher = AES-128-CBC-CTS
-Availablein = default
 CTSMode = CS2
 Key = 636869636b656e207465726979616b69
 IV = 00000000000000000000000000000000
 Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e
 Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd84807efe836ee89a526730dbc2f7bc840
 
-#------------------------------------------------------
-# Manually edited using the same inputs to also produce CS1 ciphertext
-# where aligned blocks are the same as CBC mode, and partial lengths
-# have the last 2 blocks swapped compared to CS3.
+# Generated test values using an IV.
+
+# 17 Bytes
+Cipher = AES-192-CBC-CTS
+CTSMode = CS2
+Key = 636869636b656e207465726979616b69636869636b656e20
+IV = 000102030405060708090A0B0C0D0E0F
+Plaintext = 4920776f756c64206c696b652074686520
+Ciphertext = de1b402de8f79f947cc6b5880588d9b6e9
 
-# 17 bytes Input((Default is CS1 if CTSMode is not specified)
+# 31 Bytes
+Cipher = AES-192-CBC-CTS
+CTSMode = CS2
+Key = 636869636b656e207465726979616b69636869636b656e20
+IV = 000102030405060708090A0B0C0D0E0F
+Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320
+Ciphertext = dea2b610546f3b1e1d231821e283e153e9de17d6248fb492bdea1fb2e09c8e
+
+# 32 Bytes
+Cipher = AES-192-CBC-CTS
+CTSMode = CS2
+Key = 636869636b656e207465726979616b69636869636b656e20
+IV = 000102030405060708090A0B0C0D0E0F
+Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043
+Ciphertext = e9de17d6248fb492bdea1fb2e09c8e8e31d005cc9fea948fed1ba6308dad9dd1
+
+# Failure test - 15 bytes should fail for CS2
 Cipher = AES-128-CBC-CTS
+CTSMode = CS2
+Key = 636869636b656e207465726979616b69
+IV = 00000000000000000000000000000000
+Plaintext = 0102030405060708090A0B0C0D0E0F
+Result = CIPHERUPDATE_ERROR
+
+
+
+Title = AES CBC CTS3 Test vectors
+
+# 17 bytes Input
+Cipher = AES-128-CBC-CTS
+CTSMode = CS3
 Key = 636869636b656e207465726979616b69
 IV = 00000000000000000000000000000000
 Plaintext = 4920776f756c64206c696b652074686520
-Ciphertext = 97c6353568f2bf8cb4d8a580362da7ff7f
+Ciphertext = c6353568f2bf8cb4d8a580362da7ff7f97
 
 # 31 bytes input
 Cipher = AES-128-CBC-CTS
-CTSMode = CS1
+CTSMode = CS3
 Key = 636869636b656e207465726979616b69
 IV = 00000000000000000000000000000000
 Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320
-Ciphertext = 97687268d6ecccc0c07b25e25ecfe5fc00783e0efdb2c1d445d4c8eff7ed22
+Ciphertext = fc00783e0efdb2c1d445d4c8eff7ed2297687268d6ecccc0c07b25e25ecfe5
 
-# 32 bytes input
+# 32 bytes input (CS3 always swaps the last 2 byte blocks - so it is not equivalent to CBC for a full block)
 Cipher = AES-128-CBC-CTS
-CTSMode = CS1
+CTSMode = CS3
 Key = 636869636b656e207465726979616b69
 IV = 00000000000000000000000000000000
 Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043
-Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a8
+Ciphertext = 39312523a78662d5be7fcbcc98ebf5a897687268d6ecccc0c07b25e25ecfe584
 
 # 47 bytes input
 Cipher = AES-128-CBC-CTS
+CTSMode = CS3
 Key = 636869636b656e207465726979616b69
 IV = 00000000000000000000000000000000
 Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c
-Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5b3fffd940c16a18c1b5549d2f838029e
+Ciphertext = 97687268d6ecccc0c07b25e25ecfe584b3fffd940c16a18c1b5549d2f838029e39312523a78662d5be7fcbcc98ebf5
 
-# 64 bytes input (CS1 is equivalent to CBC when the last block in full)
+# 48 bytes input
+Cipher = AES-128-CBC-CTS
+CTSMode = CS3
+Key = 636869636b656e207465726979616b69
+IV = 00000000000000000000000000000000
+Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20
+Ciphertext = 97687268d6ecccc0c07b25e25ecfe5849dad8bbb96c4cdc03bc103e1a194bbd839312523a78662d5be7fcbcc98ebf5a8
+
+# 64 bytes input (CS3 always swaps the last 2 byte blocks - so it is not equivalent to CBC for a full block)
 Cipher = AES-128-CBC-CTS
-CTSMode = CS1
+CTSMode = CS3
 Key = 636869636b656e207465726979616b69
 IV = 00000000000000000000000000000000
 Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e
-Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd84807efe836ee89a526730dbc2f7bc840
+Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a84807efe836ee89a526730dbc2f7bc8409dad8bbb96c4cdc03bc103e1a194bbd8
 
-#-------------------------------------------------------------------------------
-# Generated test values using an IV.
 
+# Generated test values using an IV.
 # 47 bytes input
 Cipher = AES-128-CBC-CTS
-Availablein = default
 CTSMode = CS3
 Key = 636869636b656e207465726979616b69
 IV = 000102030405060708090A0B0C0D0E0F
 Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c
 Ciphertext = 5432a630742dee7beb70f9f1400ee6a0426da5c54a9990f5ae0b7825f51f0060b557cfb581949a4bdf3bb67dedd472
 
-# 47 bytes input
-Cipher = AES-128-CBC-CTS
-CTSMode = CS1
-Key = 636869636b656e207465726979616b69
-IV =000102030405060708090A0B0C0D0E0F
-Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c
-Ciphertext = 5432a630742dee7beb70f9f1400ee6a0b557cfb581949a4bdf3bb67dedd472426da5c54a9990f5ae0b7825f51f0060
-
-# 127 bytes
-Cipher = AES-128-CBC-CTS
-CTSMode = CS1
-Key = 636869636b656e207465726979616b69
-IV = 000102030405060708090A0B0C0D0E0F
-Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f7570
-Ciphertext = 5432a630742dee7beb70f9f1400ee6a0b557cfb581949a4bdf3bb67dedd472b9fc50e4e7dacf9e3d94b6cc031f9997a22d2fea7e6ef4aba2b717b0fa3f150e5e86e46b9e51c6ea5091a92aa791ce826b2e4fbaaf0e0314939625434b9530ce56f299891a48d26bdc287f54b230340d652a4721bf0f082ede80b6399800a92f
-
-# 129 bytes
-Cipher = AES-128-CBC-CTS
-CTSMode = CS1
-Key = 636869636b656e207465726979616b69
-IV = 000102030405060708090A0B0C0D0E0F
-Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e49
-Ciphertext = 5432a630742dee7beb70f9f1400ee6a0b557cfb581949a4bdf3bb67dedd472b9fc50e4e7dacf9e3d94b6cc031f9997a22d2fea7e6ef4aba2b717b0fa3f150e5e86e46b9e51c6ea5091a92aa791ce826b2e4fbaaf0e0314939625434b9530ce56f299891a48d26bdc287f54b230340d14fde9fd1098b9b1db788b5868a8d009eeef
-
-#-------------------------------------------------------------------------------
 # 17 Bytes
 Cipher = AES-192-CBC-CTS
-Availablein = default
 CTSMode = CS3
 Key = 636869636b656e207465726979616b69636869636b656e20
 IV =000102030405060708090A0B0C0D0E0F
@@ -228,7 +162,6 @@ Ciphertext = de1b402de8f79f947cc6b5880588d9b6e9
 
 # 31 Bytes
 Cipher = AES-192-CBC-CTS
-Availablein = default
 CTSMode = CS3
 Key = 636869636b656e207465726979616b69636869636b656e20
 IV = 000102030405060708090A0B0C0D0E0F
@@ -237,68 +170,14 @@ Ciphertext = dea2b610546f3b1e1d231821e283e153e9de17d6248fb492bdea1fb2e09c8e
 
 # 32 Bytes
 Cipher = AES-192-CBC-CTS
-Availablein = default
 CTSMode = CS3
 Key = 636869636b656e207465726979616b69636869636b656e20
 IV = 000102030405060708090A0B0C0D0E0F
 Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043
 Ciphertext = 31d005cc9fea948fed1ba6308dad9dd1e9de17d6248fb492bdea1fb2e09c8e8e
 
-# 17 Bytes
-Cipher = AES-192-CBC-CTS
-Availablein = default
-CTSMode = CS2
-Key = 636869636b656e207465726979616b69636869636b656e20
-IV = 000102030405060708090A0B0C0D0E0F
-Plaintext = 4920776f756c64206c696b652074686520
-Ciphertext = de1b402de8f79f947cc6b5880588d9b6e9
-
-# 31 Bytes
-Cipher = AES-192-CBC-CTS
-Availablein = default
-CTSMode = CS2
-Key = 636869636b656e207465726979616b69636869636b656e20
-IV = 000102030405060708090A0B0C0D0E0F
-Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320
-Ciphertext = dea2b610546f3b1e1d231821e283e153e9de17d6248fb492bdea1fb2e09c8e
-
-# 32 Bytes
-Cipher = AES-192-CBC-CTS
-Availablein = default
-CTSMode = CS2
-Key = 636869636b656e207465726979616b69636869636b656e20
-IV = 000102030405060708090A0B0C0D0E0F
-Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043
-Ciphertext = e9de17d6248fb492bdea1fb2e09c8e8e31d005cc9fea948fed1ba6308dad9dd1
-
-# 17 Bytes
-Cipher = AES-192-CBC-CTS
-CTSMode = CS1
-Key = 636869636b656e207465726979616b69636869636b656e20
-IV = 000102030405060708090A0B0C0D0E0F
-Plaintext = 4920776f756c64206c696b652074686520
-Ciphertext = e9de1b402de8f79f947cc6b5880588d9b6
-
-# 31 Bytes
-Cipher = AES-192-CBC-CTS
-CTSMode = CS1
-Key = 636869636b656e207465726979616b69636869636b656e20
-IV = 000102030405060708090A0B0C0D0E0F
-Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320
-Ciphertext = e9de17d6248fb492bdea1fb2e09c8edea2b610546f3b1e1d231821e283e153
-
-# 32 Bytes
-Cipher = AES-192-CBC-CTS
-CTSMode = CS1
-Key = 636869636b656e207465726979616b69636869636b656e20
-IV = 000102030405060708090A0B0C0D0E0F
-Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043
-Ciphertext = e9de17d6248fb492bdea1fb2e09c8e8e31d005cc9fea948fed1ba6308dad9dd1
-
-#-------------------------------------------------------------------------------
 # 17 Bytes
 Cipher = AES-256-CBC-CTS
-Availablein = default
 CTSMode = CS3
 Key = 636869636b656e207465726979616b69636869636b656e207465726979616b69
 IV = 000102030405060708090A0B0C0D0E0F
@@ -307,7 +186,6 @@ Ciphertext = 6b5f5abc21c4d04156c73850da3bba29e9
 
 # 31 Bytes
 Cipher = AES-256-CBC-CTS
-Availablein = default
 CTSMode = CS3
 Key = 636869636b656e207465726979616b69636869636b656e207465726979616b69
 IV = 000102030405060708090A0B0C0D0E0F
@@ -316,36 +194,15 @@ Ciphertext = f22553af78ee4f468f02fbe6f0f2168ee954e79fae9310dc75b6070e1d6253
 
 # 32 Bytes
 Cipher = AES-256-CBC-CTS
-Availablein = default
 CTSMode = CS3
 Key = 636869636b656e207465726979616b69636869636b656e207465726979616b69
 IV = 000102030405060708090A0B0C0D0E0F
 Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043
 Ciphertext = 2c0463982174df10baa9d8f782c5a5b3e954e79fae9310dc75b6070e1d625346
 
-#------------------------------------------------------------------------------
 # Failure tests
-
-# 15 bytes should fail for CS1
-Cipher = AES-128-CBC-CTS
-CTSMode = CS1
-Key = 636869636b656e207465726979616b69
-IV = 00000000000000000000000000000000
-Plaintext = 0102030405060708090A0B0C0D0E0F
-Result = CIPHERUPDATE_ERROR
-
-# 15 bytes should fail for CS2
-Cipher = AES-128-CBC-CTS
-Availablein = default
-CTSMode = CS2
-Key = 636869636b656e207465726979616b69
-IV = 00000000000000000000000000000000
-Plaintext = 0102030405060708090A0B0C0D0E0F
-Result = CIPHERUPDATE_ERROR
-
 # 15 bytes should fail for CS3
 Cipher = AES-128-CBC-CTS
-Availablein = default
 CTSMode = CS3
 Key = 636869636b656e207465726979616b69
 IV = 00000000000000000000000000000000
@@ -354,7 +211,6 @@ Result = CIPHERUPDATE_ERROR
 
 # 16 bytes should fail for CS3 (since it always needs 2 blocks).
 Cipher = AES-128-CBC-CTS
-Availablein = default
 CTSMode = CS3
 Key = 636869636b656e207465726979616b69
 IV = 00000000000000000000000000000000

test/recipes/30-test_evp_data/evpciph_aes_ocb.txt

+#
+# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# Tests start with one of these keywords
+#       Cipher Decrypt Derive Digest Encoding KDF MAC PBE
+#       PrivPubKeyPair Sign Verify VerifyRecover
+# and continue until a blank line. Lines starting with a pound sign are ignored.
+
+Title = AES OCB Test vectors
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD =
+Tag = 197B9C3C441D3C83EAFB2BEF633B9182
+Plaintext =
+Ciphertext =
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 0001020304050607
+Tag = 16DC76A46D47E1EAD537209E8A96D14E
+Plaintext = 0001020304050607
+Ciphertext = 92B657130A74B85A
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 0001020304050607
+Tag = 98B91552C8C009185044E30A6EB2FE21
+Plaintext =
+Ciphertext =
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD =
+Tag = 971EFFCAE19AD4716F88E87B871FBEED
+Plaintext = 0001020304050607
+Ciphertext = 92B657130A74B85A
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F
+Tag = 776C9924D6723A1FC4524532AC3E5BEB
+Plaintext = 000102030405060708090A0B0C0D0E0F
+Ciphertext = BEA5E8798DBE7110031C144DA0B26122
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F
+Tag = 7DDB8E6CEA6814866212509619B19CC6
+Plaintext =
+Ciphertext =
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD =
+Tag = 13CC8B747807121A4CBB3E4BD6B456AF
+Plaintext = 000102030405060708090A0B0C0D0E0F
+Ciphertext = BEA5E8798DBE7110031C144DA0B26122
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F1011121314151617
+Tag = 5FA94FC3F38820F1DC3F3D1FD4E55E1C
+Plaintext = 000102030405060708090A0B0C0D0E0F1011121314151617
+Ciphertext = BEA5E8798DBE7110031C144DA0B26122FCFCEE7A2A8D4D48
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F1011121314151617
+Tag = 282026DA3068BC9FA118681D559F10F6
+Plaintext =
+Ciphertext =
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD =
+Tag = 6EF2F52587FDA0ED97DC7EEDE241DF68
+Plaintext = 000102030405060708090A0B0C0D0E0F1011121314151617
+Ciphertext = BEA5E8798DBE7110031C144DA0B26122FCFCEE7A2A8D4D48
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
+Tag = B2A040DD3BD5164372D76D7BB6824240
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
+Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
+Tag = E1E072633BADE51A60E85951D9C42A1B
+Plaintext =
+Ciphertext =
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD =
+Tag = 4A3BAE824465CFDAF8C41FC50C7DF9D9
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
+Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Tag = 659C623211DEEA0DE30D2C381879F4C8
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB68C65778B058A635
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Tag = 7AEB7A69A1687DD082CA27B0D9A37096
+Plaintext =
+Ciphertext =
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD =
+Tag = 060C8467F4ABAB5E8B3C2067A2E115DC
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB68C65778B058A635
+
+#AES OCB Non standard test vectors - generated from reference implementation
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Tag = 1b6c44f34e3abb3cbf8976e7
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Ciphertext = 09a4fd29de949d9a9aa9924248422097ad4883b4713e6c214ff6567ada08a96766fc4e2ee3e3a5a1
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B0C0D0E
+AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Tag = 1ad62009901f40cba7cd7156f94a7324
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Ciphertext = 5e2fa7367ffbdb3938845cfd415fcc71ec79634eb31451609d27505f5e2978f43c44213d8fa441ee
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Tag = C203F98CE28F7DAD3F31C021
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031
+Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C822D6
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Tag = 8346D7D47C5D893ED472F5AB
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F4041
+Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F714FF
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Tag = 5822A9A70FDF55D29D2984A6
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F5051
+Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F77C528A1DE6406B519BCEE8FCB8294170634D
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Tag = 81772B6741ABB4ECA9D2DEB2
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F6061
+Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F77C528A1DE6406B519BCEE8FCB829417001E54E15A7576C4DF32366E0F439C7050FAA
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Tag = 3E52A01D068DE85456DB03B7
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071
+Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F77C528A1DE6406B519BCEE8FCB829417001E54E15A7576C4DF32366E0F439C7051CB4824B8114E9A720CBC1CE0185B156B486
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Tag = 3E52A01D068DE85456DB03B6
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071
+Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F77C528A1DE6406B519BCEE8FCB829417001E54E15A7576C4DF32366E0F439C7051CB4824B8114E9A720CBC1CE0185B156B486
+Operation = DECRYPT
+Result = CIPHERFINAL_ERROR

test/recipes/30-test_evp_data/evpaessiv.txt → test/recipes/30-test_evp_data/evpciph_aes_siv.txt

@@ -9,10 +9,10 @@
 # Tests start with one of these keywords
 #       Cipher Decrypt Derive Digest Encoding KDF MAC PBE
 #       PrivPubKeyPair Sign Verify VerifyRecover
-# and continue until a blank line.  Lines starting with a pound sign,
-# like this prolog, are ignored.
+# and continue until a blank line. Lines starting with a pound sign are ignored.
 
 Title = RFC5297 AES-SIV
+
 Cipher = aes-128-siv
 Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
 AAD = 101112131415161718191a1b1c1d1e1f2021222324252627

test/recipes/30-test_evp_data/evpciph_bf.txt

@@ -10,20 +10,17 @@
 Title = Self generated BF test vectors
 
 Cipher = BF-ECB
-Availablein = default
 Key = 000102030405060708090a0b0c0d0e0f
 Plaintext = 0f0e0c0d0b0a09080706050403020100
 Ciphertext = 079590e0010626685653b9b6c2a406e0
 
 #Bigger key
 Cipher = BF-ECB
-Availablein = default
 Key = 000102030405060708090a0b0c0d0e0f00000000
 Plaintext = 0f0e0c0d0b0a09080706050403020100
 Ciphertext = 7a0fe3734ad4785b49e59296b7861789
 
 Cipher = BF-CBC
-Availablein = default
 Key = 000102030405060708090a0b0c0d0e0f
 IV = 0101010101010101
 Plaintext = 0f0e0c0d0b0a09080706050403020100
@@ -31,14 +28,12 @@ Ciphertext = 39c65006742b62a49f7a40ff69749c0a
 
 #Bigger key
 Cipher = BF-CBC
-Availablein = default
 Key = 000102030405060708090a0b0c0d0e0f00000000
 IV = 0101010101010101
 Plaintext = 0f0e0c0d0b0a09080706050403020100
 Ciphertext = 3a5cefdb91e56e7aab45e7ea562bd465
 
 Cipher = BF-OFB
-Availablein = default
 Key = 0001020304050607
 IV = 0101010101010101
 Plaintext = 0f0e0c0d0b0a09080706050403020100
@@ -46,14 +41,12 @@ Ciphertext = 27be8331cdc52dc61724029d302b9358
 
 #Bigger key
 Cipher = BF-OFB
-Availablein = default
 Key = 000102030405060700000000
 IV = 0101010101010101
 Plaintext = 0f0e0c0d0b0a09080706050403020100
 Ciphertext = f108f229cc1cbe228aa3b2407979289a
 
 Cipher = BF-CFB
-Availablein = default
 Key = 0001020304050607
 IV = 0101010101010101
 Plaintext = 0f0e0c0d0b0a09080706050403020100
@@ -61,7 +54,6 @@ Ciphertext = 27be8331cdc52dc675a93625f90f5db4
 
 #Bigger key
 Cipher = BF-CFB
-Availablein = default
 Key = 000102030405060700000000
 IV = 0101010101010101
 Plaintext = 0f0e0c0d0b0a09080706050403020100

test/recipes/30-test_evp_data/evpciph_chacha.txt

@@ -9,8 +9,7 @@
 # Tests start with one of these keywords
 #       Cipher Decrypt Derive Digest Encoding KDF MAC PBE
 #       PrivPubKeyPair Sign Verify VerifyRecover
-# and continue until a blank line.  Lines starting with a pound sign,
-# like this prolog, are ignored.
+# and continue until a blank line. Lines starting with a pound sign are ignored.
 
 Title = Chacha20 test vectors from RFC7539
 

test/recipes/30-test_evp_data/evpciph_des.txt

@@ -62,3 +62,25 @@ Key = 0123456789abcdef
 IV = 1234567890abcdef
 Plaintext = 4e6f77206973207468652074696d6520666f7220616c6c20
 Ciphertext = f3096249c7f46e51a69e839b1a92f78403467133898ea622
+
+
+Title = DES Tests (various sources)
+
+Cipher = DES-EDE3-CFB1
+Key = 000102030405060708090A0B0C0D0E0F1011121314151617
+IV = 0001020304050607
+Plaintext = "Hello World"
+Ciphertext = 3CF55D656E9C0664513358
+
+Cipher = DES-EDE3-CFB1
+Key = 000102030405060708090A0B0C0D0E0F1011121314151617
+IV = 0001020304050607
+Operation = DECRYPT
+Plaintext = "Hello World"
+Ciphertext = 3CF55D656E9C0664513358
+
+Cipher = DESX-CBC
+Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210
+IV = fedcba9876543210
+Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000
+Ciphertext = 846B2914851E9A2954732F8AA0A611C115CDC2D7951B1053A63C5E03B21AA3C4

test/recipes/30-test_evp_data/evpciph_des3_common.txt

+#
+# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# Tests start with one of these keywords
+#       Cipher Decrypt Derive Digest Encoding KDF MAC PBE
+#       PrivPubKeyPair Sign Verify VerifyRecover
+# and continue until a blank line. Lines starting with a pound sign are ignored.
+
+Title = DES3 Test
+
+# DES EDE3 CBC tests (from destest)
+Cipher = DES-EDE3-CBC
+Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210
+IV = fedcba9876543210
+Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000
+Ciphertext = 3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675

test/recipes/30-test_evp_data/evpciph_sm4.txt

@@ -6,7 +6,6 @@
 # in the file LICENSE in the source distribution or at
 # https://www.openssl.org/source/license.html
 
-
 Title = SM4 test vectors from IETF draft-ribose-cfrg-sm4
 
 Cipher = SM4-ECB

test/recipes/30-test_evp_data/evpencod.txt

@@ -9,8 +9,7 @@
 # Tests start with one of these keywords
 #       Cipher Decrypt Derive Digest Encoding KDF MAC PBE
 #       PrivPubKeyPair Sign Verify VerifyRecover
-# and continue until a blank line.  Lines starting with a pound sign,
-# like this prolog, are ignored.
+# and continue until a blank line. Lines starting with a pound sign are ignored.
 
 Title = Base64 tests
 
@@ -191,4 +190,3 @@ Encoding = valid
 Input = "OpenSSLOpenSSL\n"
 Output = "T3BlblNTTE9wZW5TU0wK-abcd"
 
-

test/recipes/30-test_evp_data/evpkdf_krb5.txt

+#
+# Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# Tests start with one of these keywords
+#       Cipher Decrypt Derive Digest Encoding KDF MAC PBE
+#       PrivPubKeyPair Sign Verify VerifyRecover
+# and continue until a blank line. Lines starting with a pound sign are ignored.
+
+Title = KRB5KDF tests (from RFC 3961 test vectors and krb5 sources)
+
+#RFC3961
+KDF = KRB5KDF
+Ctrl.cipher = cipher:DES-EDE3-CBC
+Ctrl.hexkey = hexkey:dce06b1f64c857a11c3db57c51899b2cc1791008ce973b92
+Ctrl.hexconstant = hexconstant:0000000155
+Output = 925179d04591a79b5d3192c4a7e9c289b049c71f6ee604cd
+
+KDF = KRB5KDF
+Ctrl.cipher = cipher:DES-EDE3-CBC
+Ctrl.hexkey = hexkey:5e13d31c70ef765746578531cb51c15bf11ca82c97cee9f2
+Ctrl.hexconstant = hexconstant:00000001aa
+Output = 9e58e5a146d9942a101c469845d67a20e3c4259ed913f207
+
+KDF = KRB5KDF
+Ctrl.cipher = cipher:DES-EDE3-CBC
+Ctrl.hexkey = hexkey:98e6fd8a04a4b6859b75a176540b9752bad3ecd610a252bc
+Ctrl.hexconstant = hexconstant:0000000155
+Output = 13fef80d763e94ec6d13fd2ca1d085070249dad39808eabf
+
+KDF = KRB5KDF
+Ctrl.cipher = cipher:DES-EDE3-CBC
+Ctrl.hexkey = hexkey:622aec25a2fe2cad7094680b7c64940280084c1a7cec92b5
+Ctrl.hexconstant = hexconstant:00000001aa
+Output = f8dfbf04b097e6d9dc0702686bcb3489d91fd9a4516b703e
+
+KDF = KRB5KDF
+Ctrl.cipher = cipher:DES-EDE3-CBC
+Ctrl.hexkey = hexkey:d3f8298ccb166438dcb9b93ee5a7629286a491f838f802fb
+Ctrl.hexconstant = hexconstant:6b65726265726f73
+Output = 2370da575d2a3da864cebfdc5204d56df779a7df43d9da43
+
+KDF = KRB5KDF
+Ctrl.cipher = cipher:DES-EDE3-CBC
+Ctrl.hexkey = hexkey:c1081649ada74362e6a1459d01dfd30d67c2234c940704da
+Ctrl.hexconstant = hexconstant:0000000155
+Output = 348057ec98fdc48016161c2a4c7a943e92ae492c989175f7
+
+KDF = KRB5KDF
+Ctrl.cipher = cipher:DES-EDE3-CBC
+Ctrl.hexkey = hexkey:5d154af238f46713155719d55e2f1f790dd661f279a7917c
+Ctrl.hexconstant = hexconstant:00000001aa
+Output = a8808ac267dada3dcbe9a7c84626fbc761c294b01315e5c1
+
+KDF = KRB5KDF
+Ctrl.cipher = cipher:DES-EDE3-CBC
+Ctrl.hexkey = hexkey:798562e049852f57dc8c343ba17f2ca1d97394efc8adc443
+Ctrl.hexconstant = hexconstant:0000000155
+Output = c813f88a3be3b334f75425ce9175fbe3c8493b89c8703b49
+
+KDF = KRB5KDF
+Ctrl.cipher = cipher:DES-EDE3-CBC
+Ctrl.hexkey = hexkey:26dce334b545292f2feab9a8701a89a4b99eb9942cecd016
+Ctrl.hexconstant = hexconstant:00000001aa
+Output = f48ffd6e83f83e7354e694fd252cf83bfe58f7d5ba37ec5d
+
+#Krb5 sources
+KDF = KRB5KDF
+Ctrl.cipher = cipher:DES-EDE3-CBC
+Ctrl.hexkey = hexkey:850BB51358548CD05E86768C313E3BFEF7511937DCF72C3E
+Ctrl.hexconstant = hexconstant:0000000299
+Output = F78C496D16E6C2DAE0E0B6C24057A84C0426AEEF26FD6DCE
+
+KDF = KRB5KDF
+Ctrl.cipher = cipher:DES-EDE3-CBC
+Ctrl.hexkey = hexkey:850BB51358548CD05E86768C313E3BFEF7511937DCF72C3E
+Ctrl.hexconstant = hexconstant:00000002AA
+Output = 5B5723D0B634CB684C3EBA5264E9A70D52E683231AD3C4CE
+
+KDF = KRB5KDF
+Ctrl.cipher = cipher:DES-EDE3-CBC
+Ctrl.hexkey = hexkey:850BB51358548CD05E86768C313E3BFEF7511937DCF72C3E
+Ctrl.hexconstant = hexconstant:0000000255
+Output = A77C94980E9B7345A81525C423A737CE67F4CD91B6B3DA45
+
+KDF = KRB5KDF
+Ctrl.cipher = cipher:AES-128-CBC
+Ctrl.hexkey = hexkey:42263C6E89F4FC28B8DF68EE09799F15
+Ctrl.hexconstant = hexconstant:0000000299
+Output = 34280A382BC92769B2DA2F9EF066854B
+
+KDF = KRB5KDF
+Ctrl.cipher = cipher:AES-128-CBC
+Ctrl.hexkey = hexkey:42263C6E89F4FC28B8DF68EE09799F15
+Ctrl.hexconstant = hexconstant:00000002AA
+Output = 5B14FC4E250E14DDF9DCCF1AF6674F53
+
+KDF = KRB5KDF
+Ctrl.cipher = cipher:AES-128-CBC
+Ctrl.hexkey = hexkey:42263C6E89F4FC28B8DF68EE09799F15
+Ctrl.hexconstant = hexconstant:0000000255
+Output = 4ED31063621684F09AE8D89991AF3E8F
+
+KDF = KRB5KDF
+Ctrl.cipher = cipher:AES-256-CBC
+Ctrl.hexkey = hexkey:FE697B52BC0D3CE14432BA036A92E65BBB52280990A2FA27883998D72AF30161
+Ctrl.hexconstant = hexconstant:0000000299
+Output = BFAB388BDCB238E9F9C98D6A878304F04D30C82556375AC507A7A852790F4674
+
+KDF = KRB5KDF
+Ctrl.cipher = cipher:AES-256-CBC
+Ctrl.hexkey = hexkey:FE697B52BC0D3CE14432BA036A92E65BBB52280990A2FA27883998D72AF30161
+Ctrl.hexconstant = hexconstant:00000002AA
+Output = C7CFD9CD75FE793A586A542D87E0D1396F1134A104BB1A9190B8C90ADA3DDF37
+
+KDF = KRB5KDF
+Ctrl.cipher = cipher:AES-256-CBC
+Ctrl.hexkey = hexkey:FE697B52BC0D3CE14432BA036A92E65BBB52280990A2FA27883998D72AF30161
+Ctrl.hexconstant = hexconstant:0000000255
+Output = 97151B4C76945063E2EB0529DC067D97D7BBA90776D8126D91F34F3101AEA8BA
+
+#Same as the first but with no "fixup"
+KDF = KRB5KDF
+Ctrl.cipher = cipher:DES-EDE3-CBC
+Ctrl.hexkey = hexkey:dce06b1f64c857a11c3db57c51899b2cc1791008ce973b92
+Ctrl.hexconstant = hexconstant:0000000155
+Output = 935079d14490a75c3093c4a6e8c3b049c71e6ee705