[openssl/openssl] 8887ef: Fix partial block encryption in cfb and ofb for s390x

Holger Dengler noreply at github.com
Fri Jan 12 09:36:50 UTC 2024


  Branch: refs/heads/openssl-3.2
  Home:   https://github.com/openssl/openssl
  Commit: 8887efa223a014fe93ee19303abb87eb115b12c9
      https://github.com/openssl/openssl/commit/8887efa223a014fe93ee19303abb87eb115b12c9
  Author: Holger Dengler <dengler at linux.ibm.com>
  Date:   2024-01-12 (Fri, 12 Jan 2024)

  Changed paths:
    M providers/implementations/ciphers/cipher_aes.h
    M providers/implementations/ciphers/cipher_aes_hw_s390x.inc

  Log Message:
  -----------
  Fix partial block encryption in cfb and ofb for s390x

Use the number of processed bytes information (num) from the generic
cipher context for the partial block handling in cfb and ofb, instead
of keep this information in the s390x-specific part of the cipher
context. The information in the generic context is reset properly,
even if the context is re-initialized without resetting the key or iv.

Fixes: #23175

Signed-off-by: Holger Dengler <dengler at linux.ibm.com>

Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23201)

(cherry picked from commit 576a3572bebf6115df1c03527114cbf74d06f861)


  Commit: ecbbca090da5f2219914b851c4995532ee576bfa
      https://github.com/openssl/openssl/commit/ecbbca090da5f2219914b851c4995532ee576bfa
  Author: Holger Dengler <dengler at linux.ibm.com>
  Date:   2024-01-12 (Fri, 12 Jan 2024)

  Changed paths:
    M crypto/evp/e_aes.c

  Log Message:
  -----------
  Fix partial block encryption in cfb and ofb for s390x (legacy)

Use the number of processed bytes information (num) from the generic
cipher context for the partial block handling in cfb and ofb also in
s390x-legacy code. For more details see 4df92c1a14 ("Fix partial block
encryption in cfb and ofb for s390x").

Signed-off-by: Holger Dengler <dengler at linux.ibm.com>

Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23201)

(cherry picked from commit f9ccd209c3d121668c51a992613c698f2a774cb3)


  Commit: ac36def31f2c47133cb0427692796c6562551e99
      https://github.com/openssl/openssl/commit/ac36def31f2c47133cb0427692796c6562551e99
  Author: Holger Dengler <dengler at linux.ibm.com>
  Date:   2024-01-12 (Fri, 12 Jan 2024)

  Changed paths:
    M test/evp_extra_test.c

  Log Message:
  -----------
  Add tests for re-using cipher contexts

Add test case for re-using a cipher context with the same key, iv and
cipher. It detects, if the hardware-specific cipher context is reset
correctly, like reported in issue #23175.

This test has encrypt and decrypt iterations for cfb128 and
ofb128. All iteations use the same key, iv and plaintext.

Signed-off-by: Holger Dengler <dengler at linux.ibm.com>

Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23201)

(cherry picked from commit 3cb1b51dddf4deaf5e3886b827f3245d81670bc7)


Compare: https://github.com/openssl/openssl/compare/679cdfa96cee...ac36def31f2c


More information about the openssl-commits mailing list