From f8edb0a765f94a97418247a5e4dd0f289637838b Mon Sep 17 00:00:00 2001
From: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date: Fri, 17 Apr 2020 23:07:07 +0300
Subject: [PATCH 35/87] kuznyechik: fix IV handling for CTR mode

kuznyechik-ctr uses half length IV per the specification, which is
handled correctly.  However we still have to zero the second half of IV.
Do so in ctr_init_key() callback.

Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
---
 src/lib/libcrypto/evp/e_kuznyechik.c | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/src/lib/libcrypto/evp/e_kuznyechik.c b/src/lib/libcrypto/evp/e_kuznyechik.c
index 7ac5ed7a6..ebb857c62 100644
--- a/src/lib/libcrypto/evp/e_kuznyechik.c
+++ b/src/lib/libcrypto/evp/e_kuznyechik.c
@@ -102,6 +102,19 @@ Kuznyechik_ofb128_encrypt(const unsigned char *in, unsigned char *out, size_t le
 			(block128_f)Kuznyechik_encrypt);
 }
 
+static int
+kuznyechik_ctr_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+    const unsigned char *iv, int enc)
+{
+	if (iv)
+		memset(ctx->iv + 8, 0, 8);
+
+	if (!key)
+		return 1;
+
+	return kuznyechik_init_key(ctx, key, iv, enc);
+}
+
 static int
 kuznyechik_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
 		size_t len)
@@ -120,8 +133,8 @@ IMPLEMENT_BLOCK_CIPHER(kuznyechik, ks, Kuznyechik, EVP_KUZNYECHIK_CTX,
 		kuznyechik_ctl)
 
 BLOCK_CIPHER_def1(kuznyechik, ctr, ctr, CTR, EVP_KUZNYECHIK_CTX,
-		NID_kuznyechik, 1, 32, 8, 0,
-		kuznyechik_init_key, NULL,
+		NID_kuznyechik, 1, 32, 8, EVP_CIPH_ALWAYS_CALL_INIT,
+		kuznyechik_ctr_init_key, NULL,
 		EVP_CIPHER_set_asn1_iv,
 		EVP_CIPHER_get_asn1_iv,
 		kuznyechik_ctl)
-- 
2.17.1