forked from pool/libica
42 lines
1.4 KiB
Diff
42 lines
1.4 KiB
Diff
|
From b687f1514b3d371cdc44b5b3b02d5ddd9ac4eb54 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Joerg Schmidbauer <jschmidb@de.ibm.com>
|
||
|
|
Date: Wed, 25 Mar 2020 10:07:10 +0100
|
||
|
|
Subject: [PATCH] FIPS: provide output iv as required by FIPS tests
|
||
|
|
|
||
|
|
This fix is introduced to satisfy FIPS tests. They require the
|
||
|
|
output iv to be the iv resulting from decrypting the last block
|
||
|
|
with a zero iv as input. But note that this is not described
|
||
|
|
in the NIST standard for CBC-CS. According to the standard,
|
||
|
|
the output iv is simply undefined.
|
||
|
|
|
||
|
|
Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
|
||
|
|
---
|
||
|
|
src/include/s390_cbccs.h | 11 +++++++++++
|
||
|
|
1 file changed, 11 insertions(+)
|
||
|
|
|
||
|
|
diff --git a/src/include/s390_cbccs.h b/src/include/s390_cbccs.h
|
||
|
|
index aa29bff..f6626dc 100644
|
||
|
|
--- a/src/include/s390_cbccs.h
|
||
|
|
+++ b/src/include/s390_cbccs.h
|
||
|
|
@@ -287,6 +287,17 @@ s390_aes_cbccs_dec(unsigned int fc, const unsigned char *in_data,
|
||
|
|
block_xor(out_data + tmp_data_length + AES_BLOCK_SIZE,
|
||
|
|
tmp_in_data, tmp_out_data, rest_data_length);
|
||
|
|
|
||
|
|
+ /*
|
||
|
|
+ * This fix was introduced to satisfy FIPS tests. They require the
|
||
|
|
+ * output iv to be the iv resulting from decrypting the last block
|
||
|
|
+ * with a zero iv as input, which is tmp_iv here. But note that this
|
||
|
|
+ * is not described in the NIST standard for CBC-CS. According to the
|
||
|
|
+ * standard, the output iv is simply undefined.
|
||
|
|
+ */
|
||
|
|
+#ifdef ICA_FIPS
|
||
|
|
+ memcpy(iv, tmp_iv, AES_BLOCK_SIZE);
|
||
|
|
+#endif /* ICA_FIPS */
|
||
|
|
+
|
||
|
|
return 0;
|
||
|
|
}
|
||
|
|
|
||
|
|
--
|
||
|
|
2.16.4
|
||
|
|
|