aes-s390x.pl: Initialize reserved and unused memory

The reserved bytes in the parameter block (bytes 0-11) for the KMA
instruction should be set to zero to be compatible in case of future
architecture changes.

While at it, also the following unused parts of the parameter block
(bytes 48-63) are also cleared to avoid false positives with various
memory checkers like valgrind.

As it makes - performance wise - no difference to process 12, 48 or 64
bytes with one XC call, but two XC calls are slower than one call, the
first 64 bytes of the parameter block will be cleared with a single XC
call. This will also initialize the counter in the parameter block
(bytes 12-15), although it is not strictly necessary.

Co-developed-by: Juergen Christ <jchrist@linux.ibm.com>
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28315)

crypto/aes/asm/aes-s390x.pl

@@ -1431,6 +1431,9 @@ $code.=<<___ if (!$softonly);
 	st${g}	$s3,0($sp)			# backchain
 	la	%r1,$stdframe($sp)
 
+	xc	$stdframe+0(64,$sp),$stdframe+0($sp)	# clear reserved/unused
+							# in parameter block
+
 	lmg	$s2,$s3,0($key)			# copy key
 	stg	$s2,$stdframe+80($sp)
 	stg	$s3,$stdframe+88($sp)