Fix incorrect error return in ppc_aes_gcm_cipher_update decrypt path

ppc_aes_gcm_cipher_update() returns 1 on success and 0 on failure.
The decrypt pre-alignment path (line 122) incorrectly returned -1
instead of 0 when CRYPTO_gcm128_decrypt() failed.

Since the caller checks `if (!hw->cipherupdate(...))`, and !(-1)
evaluates to 0 (false) in C, the error was silently swallowed and
GCM processing continued with potentially corrupt state.

The encrypt path at line 98 correctly returns 0. This was likely a
copy-paste error when the decrypt path was added.

Fixes #30380

CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Wed Mar 18 07:03:41 2026
(Merged from https://github.com/openssl/openssl/pull/30452)

diff --git a/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc b/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc
index 9383ec0812f896f631c62a6c7561d76e4a320d3b..6279629e50d139c3ad6ef7a13704a63d0c1b9816 100644 (file)
--- a/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc
+++ b/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc
@@ -119,7 +119,7 @@ static int ppc_aes_gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in,
                 size_t res = (16 - ctx->gcm.mres) % 16;
 
                 if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, res))
-                    return -1;
+                    return 0;
 
                 bulk = ppc_aes_gcm_crypt(in + res, out + res, len - res,
                                          ctx->gcm.key,