Commit e9351bcce6 for openssl.org
commit e9351bcce65c642b130cdf875fd0e64e8637d737
Author: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Mon Jun 29 13:04:32 2026 +0200
s390x: Fix AES-XTS hardware acceleration in IBM z17
For the re-init case where only the IV is specified, but no key, the 'nap'
field must also be initialized.
Instead of setting the s390 specific fields in a special case block, call
ctx->hw->init() also in this case. It performs the necessary setup already
(when the KM function code was once set already).
Adjust the cipher_hw_aes_xts_s390x_initkey() function so that it can also
be called with a NULL key. It then only performs the IV setup as well as
setting up the 'nap'.
Closes: https://github.com/openssl/openssl/issues/31766
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Milan Broz <mbroz@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
MergeDate: Wed Jul 1 09:12:26 2026
(Merged from https://github.com/openssl/openssl/pull/31775)
diff --git a/providers/implementations/ciphers/cipher_aes_hw_s390x.c b/providers/implementations/ciphers/cipher_aes_hw_s390x.c
index 9c3b2e91aa..e9e81f4746 100644
--- a/providers/implementations/ciphers/cipher_aes_hw_s390x.c
+++ b/providers/implementations/ciphers/cipher_aes_hw_s390x.c
@@ -856,18 +856,23 @@ static int cipher_hw_aes_xts_s390x_initkey(PROV_CIPHER_CTX *ctx,
unsigned int dec = 0;
int supported = 0;
- switch (keylen) {
- case 128 / 8 * 2:
- fc = S390X_XTS_AES_128_MSA10;
- offs = 32;
- break;
- case 256 / 8 * 2:
- fc = S390X_XTS_AES_256_MSA10;
- offs = 0;
- break;
- default:
- fc = 0;
- break;
+ if (key != NULL) {
+ switch (keylen) {
+ case 128 / 8 * 2:
+ fc = S390X_XTS_AES_128_MSA10;
+ offs = 32;
+ break;
+ case 256 / 8 * 2:
+ fc = S390X_XTS_AES_256_MSA10;
+ offs = 0;
+ break;
+ default:
+ fc = 0;
+ break;
+ }
+ } else {
+ fc = xctx->plat.s390x.fc & ~S390X_DECRYPT;
+ offs = xctx->plat.s390x.offset;
}
if (fc != 0)
diff --git a/providers/implementations/ciphers/cipher_aes_xts.c b/providers/implementations/ciphers/cipher_aes_xts.c
index 10c99c400e..9be87374d1 100644
--- a/providers/implementations/ciphers/cipher_aes_xts.c
+++ b/providers/implementations/ciphers/cipher_aes_xts.c
@@ -81,17 +81,6 @@ static int aes_xts_init(void *vctx, const unsigned char *key, size_t keylen,
if (iv != NULL) {
if (!ossl_cipher_generic_initiv(vctx, iv, ivlen))
return 0;
-#ifdef AES_XTS_S390X
- if (key == NULL) {
- /* special handle iv-only update */
- if (ivlen > sizeof(xctx->plat.s390x.param.km.tweak)) {
- ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
- return 0;
- }
- memcpy(xctx->plat.s390x.param.km.tweak, iv, ivlen);
- xctx->plat.s390x.iv_set = 1;
- }
-#endif
}
if (key != NULL) {
if (keylen != ctx->keylen) {
@@ -103,6 +92,13 @@ static int aes_xts_init(void *vctx, const unsigned char *key, size_t keylen,
if (!ctx->hw->init(ctx, key, keylen))
return 0;
}
+#ifdef AES_XTS_S390X
+ else if (xctx->plat.s390x.fc && ctx->iv_set) {
+ /* special handle iv-only update */
+ if (!ctx->hw->init(ctx, NULL, 0))
+ return 0;
+ }
+#endif
return aes_xts_set_ctx_params(ctx, params);
}