Fix partial block encryption in cfb and ofb for s390x

Use the number of processed bytes information (num) from the generic
cipher context for the partial block handling in cfb and ofb, instead
of keep this information in the s390x-specific part of the cipher
context. The information in the generic context is reset properly,
even if the context is re-initialized without resetting the key or iv.

Fixes: #23175
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23201)

(cherry picked from commit 576a3572bebf6115df1c03527114cbf74d06f861)

diff --git a/providers/implementations/ciphers/cipher_aes.h b/providers/implementations/ciphers/cipher_aes.h
index 7eaf76c8c47db5cf1131d9d2de211d0e5a16ddca..86a30ab145fc324f5c57c75444d4e0b1623c7e73 100644 (file)
--- a/providers/implementations/ciphers/cipher_aes.h
+++ b/providers/implementations/ciphers/cipher_aes.h
@@ -44,7 +44,6 @@ typedef struct prov_aes_ctx_st {
                 /* KMO-AES/KMF-AES parameter block - end */
             } param;
             unsigned int fc;
-            int res;
         } s390x;
 #endif /* defined(OPENSSL_CPUID_OBJ) && defined(__s390__) */
     } plat;

diff --git a/providers/implementations/ciphers/cipher_aes_hw_s390x.inc b/providers/implementations/ciphers/cipher_aes_hw_s390x.inc
index c8282dbd08a9cdd0d18495c2c7ed3df295490768..0939b147e64cb420a7b6e3866dfff9a67e28f4b3 100644 (file)
--- a/providers/implementations/ciphers/cipher_aes_hw_s390x.inc
+++ b/providers/implementations/ciphers/cipher_aes_hw_s390x.inc
@@ -58,7 +58,6 @@ static int s390x_aes_ofb128_initkey(PROV_CIPHER_CTX *dat,
 
     memcpy(adat->plat.s390x.param.kmo_kmf.k, key, keylen);
     adat->plat.s390x.fc = S390X_AES_FC(keylen);
-    adat->plat.s390x.res = 0;
     return 1;
 }
 
@@ -66,7 +65,7 @@ static int s390x_aes_ofb128_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out,
                                       const unsigned char *in, size_t len)
 {
     PROV_AES_CTX *adat = (PROV_AES_CTX *)dat;
-    int n = adat->plat.s390x.res;
+    int n = dat->num;
     int rem;
 
     memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->ivlen);
@@ -102,7 +101,7 @@ static int s390x_aes_ofb128_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out,
     }
 
     memcpy(dat->iv, adat->plat.s390x.param.kmo_kmf.cv, dat->ivlen);
-    adat->plat.s390x.res = n;
+    dat->num = n;
     return 1;
 }
 
@@ -113,7 +112,6 @@ static int s390x_aes_cfb128_initkey(PROV_CIPHER_CTX *dat,
 
     adat->plat.s390x.fc = S390X_AES_FC(keylen);
     adat->plat.s390x.fc |= 16 << 24;   /* 16 bytes cipher feedback */
-    adat->plat.s390x.res = 0;
     memcpy(adat->plat.s390x.param.kmo_kmf.k, key, keylen);
     return 1;
 }
@@ -123,7 +121,7 @@ static int s390x_aes_cfb128_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out,
 {
     PROV_AES_CTX *adat = (PROV_AES_CTX *)dat;
     unsigned int modifier = adat->base.enc ? 0 : S390X_DECRYPT;
-    int n = adat->plat.s390x.res;
+    int n = dat->num;
     int rem;
     unsigned char tmp;
 
@@ -164,7 +162,7 @@ static int s390x_aes_cfb128_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out,
     }
 
     memcpy(dat->iv, adat->plat.s390x.param.kmo_kmf.cv, dat->ivlen);
-    adat->plat.s390x.res = n;
+    dat->num = n;
     return 1;
 }