From: Benjamin Kaduk Date: Tue, 21 Jul 2020 23:23:19 +0000 (-0700) Subject: Expose S390x HW ciphers' IV state to provider layer X-Git-Tag: openssl-3.0.0-alpha7~582 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=520150151bc5993194ba34464220454d8135099d;p=thirdparty%2Fopenssl.git Expose S390x HW ciphers' IV state to provider layer The S390x hardware-accelerated cipher implementations keep their IV state in an internal structure tied to the underlying implementation. However, the provider itself needs to be able to expose the IV state to libcrypto when processing the "iv-state" parameter. In the absence of a S390x hardware-specific get_ctx_params() implementation, be sure to copy the IV state from the hw-specific structure back to the generic PROV_CIPHER_CTX object after each cipher operation in order to synchronize the internal and fetchable state. [extended tests] Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12233) --- diff --git a/providers/implementations/ciphers/cipher_aes_hw_s390x.inc b/providers/implementations/ciphers/cipher_aes_hw_s390x.inc index 56e2dc9e388..523e869c79e 100644 --- a/providers/implementations/ciphers/cipher_aes_hw_s390x.inc +++ b/providers/implementations/ciphers/cipher_aes_hw_s390x.inc @@ -99,6 +99,7 @@ static int s390x_aes_ofb128_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out, } } + memcpy(dat->iv, adat->plat.s390x.param.kmo_kmf.cv, dat->ivlen); adat->plat.s390x.res = n; return 1; } @@ -161,6 +162,7 @@ static int s390x_aes_cfb128_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out, } } + memcpy(dat->iv, adat->plat.s390x.param.kmo_kmf.cv, dat->ivlen); adat->plat.s390x.res = n; return 1; } @@ -187,6 +189,7 @@ static int s390x_aes_cfb8_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out, s390x_kmf(in, len, out, adat->plat.s390x.fc, &adat->plat.s390x.param.kmo_kmf); + memcpy(dat->iv, adat->plat.s390x.param.kmo_kmf.cv, dat->ivlen); return 1; }