From: Tomas Mraz <tomas@openssl.org>
Date: Thu, 15 Apr 2021 07:55:04 +0000 (+0200)
Subject: Do IV reset also for DES and 3DES implementations
X-Git-Tag: openssl-3.0.0-alpha15~65
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d6c6f6c51d0d9bb02d5b40a8a69471f6a2929617;p=thirdparty%2Fopenssl.git

Do IV reset also for DES and 3DES implementations

Fixes #14704

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14882)
---

diff --git a/providers/implementations/ciphers/cipher_des.c b/providers/implementations/ciphers/cipher_des.c
index 9010ce90992..4563ea2edb0 100644
--- a/providers/implementations/ciphers/cipher_des.c
+++ b/providers/implementations/ciphers/cipher_des.c
@@ -86,6 +86,9 @@ static int des_init(void *vctx, const unsigned char *key, size_t keylen,
     if (iv != NULL) {
         if (!ossl_cipher_generic_initiv(ctx, iv, ivlen))
             return 0;
+    } else if (ctx->iv_set) {
+        /* reset IV to keep compatibility with 1.1.1 */
+        memcpy(ctx->iv, ctx->oiv, ctx->ivlen);
     }
 
     if (key != NULL) {
diff --git a/providers/implementations/ciphers/cipher_tdes_common.c b/providers/implementations/ciphers/cipher_tdes_common.c
index 048b08661d5..88acc16049b 100644
--- a/providers/implementations/ciphers/cipher_tdes_common.c
+++ b/providers/implementations/ciphers/cipher_tdes_common.c
@@ -77,6 +77,12 @@ static int tdes_init(void *vctx, const unsigned char *key, size_t keylen,
     if (iv != NULL) {
         if (!ossl_cipher_generic_initiv(ctx, iv, ivlen))
             return 0;
+    } else if (ctx->iv_set
+               && (ctx->mode == EVP_CIPH_CBC_MODE
+                   || ctx->mode == EVP_CIPH_CFB_MODE
+                   || ctx->mode == EVP_CIPH_OFB_MODE)) {
+        /* reset IV to keep compatibility with 1.1.1 */
+        memcpy(ctx->iv, ctx->oiv, ctx->ivlen);
     }
 
     if (key != NULL) {