Expose S390x HW ciphers' IV state to provider layer

The S390x hardware-accelerated cipher implementations keep their IV
state in an internal structure tied to the underlying implementation.
However, the provider itself needs to be able to expose the IV state
to libcrypto when processing the "iv-state" parameter.  In the absence
of a S390x hardware-specific get_ctx_params() implementation,  be sure
to copy the IV state from the hw-specific structure back to the
generic PROV_CIPHER_CTX object after each cipher operation in order to
synchronize the internal and fetchable state.

[extended tests]

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)

diff --git a/providers/implementations/ciphers/cipher_aes_hw_s390x.inc b/providers/implementations/ciphers/cipher_aes_hw_s390x.inc
index 56e2dc9e3880f479471273c4b11d23ff7e8837d3..523e869c79e069c417f6869925edaa38a4aac236 100644 (file)
--- a/providers/implementations/ciphers/cipher_aes_hw_s390x.inc
+++ b/providers/implementations/ciphers/cipher_aes_hw_s390x.inc
@@ -99,6 +99,7 @@ static int s390x_aes_ofb128_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out,
         }
     }
 
+    memcpy(dat->iv, adat->plat.s390x.param.kmo_kmf.cv, dat->ivlen);
     adat->plat.s390x.res = n;
     return 1;
 }
@@ -161,6 +162,7 @@ static int s390x_aes_cfb128_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out,
         }
     }
 
+    memcpy(dat->iv, adat->plat.s390x.param.kmo_kmf.cv, dat->ivlen);
     adat->plat.s390x.res = n;
     return 1;
 }
@@ -187,6 +189,7 @@ static int s390x_aes_cfb8_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out,
 
     s390x_kmf(in, len, out, adat->plat.s390x.fc,
               &adat->plat.s390x.param.kmo_kmf);
+    memcpy(dat->iv, adat->plat.s390x.param.kmo_kmf.cv, dat->ivlen);
     return 1;
 }