extend the fallback to setkey in addition to init

2 files changed, 12 insertions, 8 deletions

diff --git a/lib/crypto-backend.c b/lib/crypto-backend.c
index 4f8249caa1..3c427601d2 100644
--- a/lib/crypto-backend.c
+++ b/lib/crypto-backend.c
@@ -151,7 +151,7 @@ void _gnutls_crypto_deregister(void)
  * priority of 90 and CPU-assisted of 80.  The algorithm with the lowest priority will be
  * used by gnutls.
  *
- * In the case the registered init function returns %GNUTLS_E_NEED_FALLBACK,
+ * In the case the registered init or setkey functions return %GNUTLS_E_NEED_FALLBACK,
  * GnuTLS will attempt to use the next in priority registered cipher.
  *
  * This function should be called before gnutls_global_init().
@@ -196,7 +196,7 @@ const gnutls_crypto_cipher_st
  * priority of 90 and CPU-assisted of 80.  The algorithm with the lowest priority will be
  * used by gnutls.
  *
- * In the case the registered init function returns %GNUTLS_E_NEED_FALLBACK,
+ * In the case the registered init or setkey functions return %GNUTLS_E_NEED_FALLBACK,
  * GnuTLS will attempt to use the next in priority registered cipher.
  *
  * The functions which are marked as non-AEAD they are not required when
@@ -247,8 +247,8 @@ gnutls_crypto_register_cipher(gnutls_cipher_algorithm_t algorithm,
  * priority of 90 and CPU-assisted of 80.  The algorithm with the lowest priority will be
  * used by gnutls.
  *
- * In the case the registered init function return %GNUTLS_E_NEED_FALLBACK
- * then GnuTLS will attempt to use the next in priority registered cipher.
+ * In the case the registered init or setkey functions return %GNUTLS_E_NEED_FALLBACK,
+ * GnuTLS will attempt to use the next in priority registered cipher.
  *
  * The functions registered will be used with the new AEAD API introduced in
  * GnuTLS 3.4.0. Internally GnuTLS uses the new AEAD API.
diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c
index 6670023c8c..bfc3d27f44 100644
--- a/lib/gnutls_cipher_int.c
+++ b/lib/gnutls_cipher_int.c
@@ -31,8 +31,11 @@
 #include <algorithms.h>
 
 #define SR_FB(x, cleanup) ret=(x); if ( ret<0 ) { \
-  if (ret == GNUTLS_E_NEED_FALLBACK) \
+  if (ret == GNUTLS_E_NEED_FALLBACK) { \
+    if (handle->handle) \
+	handle->deinit(handle->handle); \
     goto fallback; \
+  } \
   gnutls_assert(); \
   ret = GNUTLS_E_INTERNAL_ERROR; \
   goto cleanup; \
@@ -61,8 +64,8 @@ int _gnutls_cipher_exists(gnutls_cipher_algorithm_t cipher)
 }
 
 int
-_gnutls_cipher_init(cipher_hd_st * handle, const cipher_entry_st * e,
-		    const gnutls_datum_t * key, const gnutls_datum_t * iv,
+_gnutls_cipher_init(cipher_hd_st *handle, const cipher_entry_st *e,
+		    const gnutls_datum_t *key, const gnutls_datum_t *iv,
 		    int enc)
 {
 	int ret = GNUTLS_E_INTERNAL_ERROR;
@@ -74,6 +77,7 @@ _gnutls_cipher_init(cipher_hd_st * handle, const cipher_entry_st * e,
         FAIL_IF_LIB_ERROR;
 
 	handle->e = e;
+	handle->handle = NULL;
 
 	/* check if a cipher has been registered
 	 */
@@ -91,7 +95,7 @@ _gnutls_cipher_init(cipher_hd_st * handle, const cipher_entry_st * e,
 		/* if cc->init() returns GNUTLS_E_NEED_FALLBACK we
 		 * use the default ciphers */
 		SR_FB(cc->init(e->id, &handle->handle, enc), cc_cleanup);
-		SR(cc->setkey(handle->handle, key->data, key->size),
+		SR_FB(cc->setkey(handle->handle, key->data, key->size),
 		   cc_cleanup);
 		if (iv) {
 			SR(cc->setiv(handle->handle, iv->data, iv->size),