Always reset IV for CBC, OFB, and CFB mode on cipher context reinit

This is necessary to keep compatibility with 1.1.1 implementation of the CBC, OFB, and CFB mode ciphers. Fixes #14704 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14811)
author: Tomas Mraz <tomas@openssl.org> 2021-04-09 12:01:16 +0200
committer: Tomas Mraz <tomas@openssl.org> 2021-04-12 09:49:09 +0200
commit: 4ec4b063e0d4cc3d58c709e309b1ec5a9aea3379 (patch)
tree: 80aa9d500d29c32e783600a54c5b8273dfd68ffb /providers/implementations/ciphers
parent: 3f883c7c835ff577a6df37e238956c5b9016dc93 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c
index 53ecbc9012..2019699cc2 100644
--- a/providers/implementations/ciphers/ciphercommon.c
+++ b/providers/implementations/ciphers/ciphercommon.c
@@ -191,6 +191,13 @@ static int cipher_generic_init_internal(PROV_CIPHER_CTX *ctx,
         if (!ossl_cipher_generic_initiv(ctx, iv, ivlen))
             return 0;
     }
+    if (iv == NULL && ctx->iv_set
+        && (ctx->mode == EVP_CIPH_CBC_MODE
+            || ctx->mode == EVP_CIPH_CFB_MODE
+            || ctx->mode == EVP_CIPH_OFB_MODE))
+        /* reset IV for these modes to keep compatibility with 1.1.1 */
+        memcpy(ctx->iv, ctx->oiv, ctx->ivlen);
+
     if (key != NULL) {
         if (ctx->variable_keylength == 0) {
             if (keylen != ctx->keylen) {
author	Tomas Mraz <tomas@openssl.org>	2021-04-09 12:01:16 +0200
committer	Tomas Mraz <tomas@openssl.org>	2021-04-12 09:49:09 +0200
commit	4ec4b063e0d4cc3d58c709e309b1ec5a9aea3379 (patch)
tree	80aa9d500d29c32e783600a54c5b8273dfd68ffb /providers/implementations/ciphers
parent	3f883c7c835ff577a6df37e238956c5b9016dc93 (diff)