[openssl] master update

Thu, 17 Sep 2020 13:18:14 -0700 

The branch master has been updated
       via  4b51903d8681c7fd429c566548529d5753e24f47 (commit)
      from  f80d0d2fd6d1e05ba59eab78ed950a140d092831 (commit)


- Log -----------------------------------------------------------------
commit 4b51903d8681c7fd429c566548529d5753e24f47
Author: Shane Lontis <shane.lon...@oracle.com>
Date:   Wed Sep 16 11:07:02 2020 +1000

    Fix AES_XTS on x86-64 platforms with BSAES and VPAES support.
    
    Fixes #11622
    Fixes #12378
    
    Due to a missing else it was setting up the stream for BSAES and then using 
this incorrect stream with VPAES.
    The correct behaviour is not to use VPAES at all in this case.
    Also note that the original code in e_aes could set up VPAES and then would 
overwrite it with the generic implementation.
    On a machine that supported both BSAES and VPAES the code was changed 
locally to force it to run both cases to verify
    both paths produce the correct known answers.
    
    Debugged using mageia 7.1, but is also highly likely to fix FreeBSD also.
    
    Reviewed-by: Tomas Mraz <tm...@fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/12887)

-----------------------------------------------------------------------

Summary of changes:
 providers/implementations/ciphers/cipher_aes_xts_hw.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/providers/implementations/ciphers/cipher_aes_xts_hw.c 
b/providers/implementations/ciphers/cipher_aes_xts_hw.c
index e1c8182556..028d1608d2 100644
--- a/providers/implementations/ciphers/cipher_aes_xts_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_xts_hw.c
@@ -66,15 +66,18 @@ static int 
cipher_hw_aes_xts_generic_initkey(PROV_CIPHER_CTX *ctx,
     if (BSAES_CAPABLE) {
         stream_enc = bsaes_xts_encrypt;
         stream_dec = bsaes_xts_decrypt;
-    }
+    } else
 #endif /* BSAES_CAPABLE */
-
 #ifdef VPAES_CAPABLE
     if (VPAES_CAPABLE) {
         XTS_SET_KEY_FN(vpaes_set_encrypt_key, vpaes_set_decrypt_key,
                        vpaes_encrypt, vpaes_decrypt, stream_enc, stream_dec);
+        return 1;
     } else
 #endif /* VPAES_CAPABLE */
+    {
+        (void)0;
+    }
     {
         XTS_SET_KEY_FN(AES_set_encrypt_key, AES_set_decrypt_key,
                        AES_encrypt, AES_decrypt, stream_enc, stream_dec);

Reply via email to