From: Juergen Christ <jchrist@linux.ibm.com>
Date: Wed, 27 Jan 2021 10:04:52 +0000 (+0100)
Subject: Fix cipher reinit on s390x if no key is specified
X-Git-Tag: openssl-3.0.0-alpha12~180
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=732a4d15b0da7c04437ea828b2915a691b6e38db;p=thirdparty%2Fopenssl.git

Fix cipher reinit on s390x if no key is specified

If key==null on EVP_CipherInit_ex, the init functions for the hardware
implementation is not called.  The s390x implementation of OFB and CFB mode
used the init function to copy the IV into the hardware causing test failures
on cipher reinit.  Fix this by moving the copy operation into the cipher
operation.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/13984)
---

diff --git a/providers/implementations/ciphers/cipher_aes_hw_s390x.inc b/providers/implementations/ciphers/cipher_aes_hw_s390x.inc
index ff88673f140..e0cc6a604ca 100644
--- a/providers/implementations/ciphers/cipher_aes_hw_s390x.inc
+++ b/providers/implementations/ciphers/cipher_aes_hw_s390x.inc
@@ -55,7 +55,6 @@ static int s390x_aes_ofb128_initkey(PROV_CIPHER_CTX *dat,
 {
     PROV_AES_CTX *adat = (PROV_AES_CTX *)dat;
 
-    memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->ivlen);
     memcpy(adat->plat.s390x.param.kmo_kmf.k, key, keylen);
     adat->plat.s390x.fc = S390X_AES_FC(keylen);
     adat->plat.s390x.res = 0;
@@ -69,6 +68,7 @@ static int s390x_aes_ofb128_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out,
     int n = adat->plat.s390x.res;
     int rem;
 
+    memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->ivlen);
     while (n && len) {
         *out = *in ^ adat->plat.s390x.param.kmo_kmf.cv[n];
         n = (n + 1) & 0xf;
@@ -115,7 +115,6 @@ static int s390x_aes_cfb128_initkey(PROV_CIPHER_CTX *dat,
         adat->plat.s390x.fc |= S390X_DECRYPT;
 
     adat->plat.s390x.res = 0;
-    memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->ivlen);
     memcpy(adat->plat.s390x.param.kmo_kmf.k, key, keylen);
     return 1;
 }
@@ -128,6 +127,7 @@ static int s390x_aes_cfb128_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out,
     int rem;
     unsigned char tmp;
 
+    memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->ivlen);
     while (n && len) {
         tmp = *in;
         *out = adat->plat.s390x.param.kmo_kmf.cv[n] ^ tmp;
@@ -177,7 +177,6 @@ static int s390x_aes_cfb8_initkey(PROV_CIPHER_CTX *dat,
     if (!dat->enc)
         adat->plat.s390x.fc |= S390X_DECRYPT;
 
-    memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->ivlen);
     memcpy(adat->plat.s390x.param.kmo_kmf.k, key, keylen);
     return 1;
 }
@@ -187,6 +186,7 @@ static int s390x_aes_cfb8_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out,
 {
     PROV_AES_CTX *adat = (PROV_AES_CTX *)dat;
 
+    memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->ivlen);
     s390x_kmf(in, len, out, adat->plat.s390x.fc,
               &adat->plat.s390x.param.kmo_kmf);
     memcpy(dat->iv, adat->plat.s390x.param.kmo_kmf.cv, dat->ivlen);