REGTESTS: ssl: Add tests for new aes cbc converters

This test mimics what was already done for the aes_gcm converters. Some
data is encrypted and directly decrypted and we ensure that the output
was not changed.

reg-tests/converter/aes_cbc.vtc

@@ -0,0 +1,85 @@
+varnishtest "aes_cbc converter Test"
+feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL)'"
+feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(3.4-dev2)'"
+
+feature ignore_unknown_macro
+
+server s1 {
+	rxreq
+	txresp -hdr "Connection: close"
+} -repeat 2 -start
+
+
+haproxy h1 -conf {
+    global
+    .if feature(THREAD)
+        thread-groups 1
+    .endif
+
+        # WT: limit false-positives causing "HTTP header incomplete" due to
+        # idle server connections being randomly used and randomly expiring
+        # under us.
+        tune.idle-pool.shared off
+
+    defaults
+        mode http
+        timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
+        timeout client  "${HAPROXY_TEST_TIMEOUT-5s}"
+        timeout server  "${HAPROXY_TEST_TIMEOUT-5s}"
+
+    frontend fe
+        bind "fd@${fe}"
+
+        http-request set-var(txn.plain) str("Hello from HAProxy AES-CBC")
+        http-request set-var(txn.short_nonce) str("MTIzNDU2Nzg5MDEy")
+        http-request set-var(txn.nonce) str("MTIzNDU2Nzg5MDEyMzQ1Ng==")
+        http-request set-var(txn.key) str("Zm9vb2Zvb29mb29vb29vbw==")
+
+        # AES-CBC enc with vars + dec with strings
+        http-request set-var(txn.encrypted1) var(txn.plain),aes_cbc_enc(128,txn.nonce,txn.key),base64
+        http-after-response set-header X-Encrypted1 %[var(txn.encrypted1)]
+        http-request set-var(txn.decrypted1) var(txn.encrypted1),b64dec,aes_cbc_dec(128,"MTIzNDU2Nzg5MDEyMzQ1Ng==","Zm9vb2Zvb29mb29vb29vbw==")
+        http-after-response set-header X-Decrypted1 %[var(txn.decrypted1)]
+
+        # AES-CBC enc with strings + dec with vars
+        http-request set-var(txn.encrypted2) var(txn.plain),aes_cbc_enc(128,"MTIzNDU2Nzg5MDEyMzQ1Ng==","Zm9vb2Zvb29mb29vb29vbw=="),base64
+        http-after-response set-header X-Encrypted2 %[var(txn.encrypted2)]
+        http-request set-var(txn.decrypted2) var(txn.encrypted2),b64dec,aes_cbc_dec(128,txn.nonce,txn.key)
+        http-after-response set-header X-Decrypted2 %[var(txn.decrypted2)]
+
+        # AES-CBC + AAD enc with vars + dec with strings
+        http-request set-var(txn.aad) str("dGVzdAo=")
+        http-request set-var(txn.encrypted3) var(txn.plain),aes_cbc_enc(128,txn.nonce,txn.key,txn.aad),base64
+        http-after-response set-header X-Encrypted3 %[var(txn.encrypted3)]
+        http-request set-var(txn.decrypted3) var(txn.encrypted3),b64dec,aes_cbc_dec(128,"MTIzNDU2Nzg5MDEyMzQ1Ng==","Zm9vb2Zvb29mb29vb29vbw==","dGVzdAo=")
+        http-after-response set-header X-Decrypted3 %[var(txn.decrypted3)]
+
+        # AES-CBC + AAD enc with strings + enc with strings
+        http-request set-var(txn.encrypted4) var(txn.plain),aes_cbc_enc(128,"MTIzNDU2Nzg5MDEyMzQ1Ng==","Zm9vb2Zvb29mb29vb29vbw==","dGVzdAo="),base64
+        http-after-response set-header X-Encrypted4 %[var(txn.encrypted4)]
+        http-request set-var(txn.decrypted4) var(txn.encrypted4),b64dec,aes_cbc_dec(128,txn.nonce,txn.key,txn.aad)
+        http-after-response set-header X-Decrypted4 %[var(txn.decrypted4)]
+
+        # AES-CBC enc with short nonce (var) + dec with short nonce (string)
+        http-request set-var(txn.encrypted5) var(txn.plain),aes_cbc_enc(128,txn.short_nonce,txn.key),base64
+        http-after-response set-header X-Encrypted5 %[var(txn.encrypted5)]
+        http-request set-var(txn.decrypted5) var(txn.encrypted5),b64dec,aes_cbc_dec(128,"MTIzNDU2Nzg5MDEy","Zm9vb2Zvb29mb29vb29vbw==")
+        http-after-response set-header X-Decrypted5 %[var(txn.decrypted5)]
+
+       default_backend be
+
+    backend be
+        server s1 ${s1_addr}:${s1_port}
+
+} -start
+
+client c1 -connect ${h1_fe_sock} {
+    txreq
+    rxresp
+    expect resp.http.x-decrypted1 == "Hello from HAProxy AES-CBC"
+    expect resp.http.x-decrypted2 == "Hello from HAProxy AES-CBC"
+    expect resp.http.x-decrypted3 == "Hello from HAProxy AES-CBC"
+    expect resp.http.x-decrypted4 == "Hello from HAProxy AES-CBC"
+    expect resp.http.x-decrypted5 == "Hello from HAProxy AES-CBC"
+
+} -run