From 732a4d15b0da7c04437ea828b2915a691b6e38db Mon Sep 17 00:00:00 2001
From: Juergen Christ <jchrist@linux.ibm.com>
Date: Wed, 27 Jan 2021 11:04:52 +0100
Subject: Fix cipher reinit on s390x if no key is specified

If key==null on EVP_CipherInit_ex, the init functions for the hardware
implementation is not called.  The s390x implementation of OFB and CFB mode
used the init function to copy the IV into the hardware causing test failures
on cipher reinit.  Fix this by moving the copy operation into the cipher
operation.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/13984)
---
 providers/implementations/ciphers/cipher_aes_hw_s390x.inc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'providers/implementations/ciphers')

diff --git a/providers/implementations/ciphers/cipher_aes_hw_s390x.inc b/providers/implementations/ciphers/cipher_aes_hw_s390x.inc
index ff88673f14..e0cc6a604c 100644
--- a/providers/implementations/ciphers/cipher_aes_hw_s390x.inc
+++ b/providers/implementations/ciphers/cipher_aes_hw_s390x.inc
@@ -55,7 +55,6 @@ static int s390x_aes_ofb128_initkey(PROV_CIPHER_CTX *dat,
 {
     PROV_AES_CTX *adat = (PROV_AES_CTX *)dat;
 
-    memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->ivlen);
     memcpy(adat->plat.s390x.param.kmo_kmf.k, key, keylen);
     adat->plat.s390x.fc = S390X_AES_FC(keylen);
     adat->plat.s390x.res = 0;
@@ -69,6 +68,7 @@ static int s390x_aes_ofb128_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out,
     int n = adat->plat.s390x.res;
     int rem;
 
+    memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->ivlen);
     while (n && len) {
         *out = *in ^ adat->plat.s390x.param.kmo_kmf.cv[n];
         n = (n + 1) & 0xf;
@@ -115,7 +115,6 @@ static int s390x_aes_cfb128_initkey(PROV_CIPHER_CTX *dat,
         adat->plat.s390x.fc |= S390X_DECRYPT;
 
     adat->plat.s390x.res = 0;
-    memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->ivlen);
     memcpy(adat->plat.s390x.param.kmo_kmf.k, key, keylen);
     return 1;
 }
@@ -128,6 +127,7 @@ static int s390x_aes_cfb128_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out,
     int rem;
     unsigned char tmp;
 
+    memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->ivlen);
     while (n && len) {
         tmp = *in;
         *out = adat->plat.s390x.param.kmo_kmf.cv[n] ^ tmp;
@@ -177,7 +177,6 @@ static int s390x_aes_cfb8_initkey(PROV_CIPHER_CTX *dat,
     if (!dat->enc)
         adat->plat.s390x.fc |= S390X_DECRYPT;
 
-    memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->ivlen);
     memcpy(adat->plat.s390x.param.kmo_kmf.k, key, keylen);
     return 1;
 }
@@ -187,6 +186,7 @@ static int s390x_aes_cfb8_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out,
 {
     PROV_AES_CTX *adat = (PROV_AES_CTX *)dat;
 
+    memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->ivlen);
     s390x_kmf(in, len, out, adat->plat.s390x.fc,
               &adat->plat.s390x.param.kmo_kmf);
     memcpy(dat->iv, adat->plat.s390x.param.kmo_kmf.cv, dat->ivlen);
-- 
cgit v1.2.3