Fix AES_XTS on x86-64 platforms with BSAES and VPAES support.

Fixes #11622
Fixes #12378

Due to a missing else it was setting up the stream for BSAES and then using this incorrect stream with VPAES.
The correct behaviour is not to use VPAES at all in this case.
Also note that the original code in e_aes could set up VPAES and then would overwrite it with the generic implementation.
On a machine that supported both BSAES and VPAES the code was changed locally to force it to run both cases to verify
both paths produce the correct known answers.

Debugged using mageia 7.1, but is also highly likely to fix FreeBSD also.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12887)

1 files changed, 5 insertions, 2 deletions

diff --git a/providers/implementations/ciphers/cipher_aes_xts_hw.c b/providers/implementations/ciphers/cipher_aes_xts_hw.c
index e1c8182556..028d1608d2 100644
--- a/providers/implementations/ciphers/cipher_aes_xts_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_xts_hw.c
@@ -66,16 +66,19 @@ static int cipher_hw_aes_xts_generic_initkey(PROV_CIPHER_CTX *ctx,
     if (BSAES_CAPABLE) {
         stream_enc = bsaes_xts_encrypt;
         stream_dec = bsaes_xts_decrypt;
-    }
+    } else
 #endif /* BSAES_CAPABLE */
-
 #ifdef VPAES_CAPABLE
     if (VPAES_CAPABLE) {
         XTS_SET_KEY_FN(vpaes_set_encrypt_key, vpaes_set_decrypt_key,
                        vpaes_encrypt, vpaes_decrypt, stream_enc, stream_dec);
+        return 1;
     } else
 #endif /* VPAES_CAPABLE */
     {
+        (void)0;
+    }
+    {
         XTS_SET_KEY_FN(AES_set_encrypt_key, AES_set_decrypt_key,
                        AES_encrypt, AES_decrypt, stream_enc, stream_dec);
     }