crypto/internal/fips140/aes: handle fallback correctly, take 2

Don't fallthrough to the hardware version if we used the generic version.

Missed one case of this in CL 631315.

(Originally broken on CL 624738.)

Change-Id: I5bf485ac8b0007769e4e935794defe2a3592376e
Reviewed-on: https://go-review.googlesource.com/c/go/+/631136
Reviewed-by: Keith Randall <khr@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>

diff --git a/src/crypto/internal/fips140/aes/ctr_s390x.go b/src/crypto/internal/fips140/aes/ctr_s390x.go
index 2d6e17927e999fd19d154a9cfc84d177ed026384..afa8786a727195d466dd54f0bd32b0af707d6e63 100644 (file)
--- a/src/crypto/internal/fips140/aes/ctr_s390x.go
+++ b/src/crypto/internal/fips140/aes/ctr_s390x.go
@@ -30,6 +30,7 @@ func ctrBlocks8(b *Block, dst, src *[8 * BlockSize]byte, ivlo, ivhi uint64) {
 func ctrBlocksS390x(b *Block, dst, src []byte, ivlo, ivhi uint64) {
        if b.fallback != nil {
                ctrBlocks(b, dst, src, ivlo, ivhi)
+               return
        }
 
        buf := make([]byte, len(src), 8*BlockSize)