git.ipfire.org Git - thirdparty/openssl.git/commit

author	Ingo Franzki <ifranzki@linux.ibm.com>
	Thu, 5 Sep 2024 06:45:29 +0000 (08:45 +0200)
committer	Tomas Mraz <tomas@openssl.org>
	Fri, 6 Sep 2024 09:26:05 +0000 (11:26 +0200)
commit	979dc530010e3c0f045edf6e38c7ab894ffba7f2
tree	4d358af326c16322da063a4a5ae75648e7bebdd7	tree
parent	8af4c02ea952ca387691c4a077c260ba045fe285	commit \| diff

s390x: Fix s390x_sha3_absorb() when no data is processed by KIMD

If the data to absorb is less than a block, then the KIMD instruction is
called with zero bytes. This is superfluous, and causes incorrect hash
output later on if this is the very first absorb call, i.e. when the
xof_state is still XOF_STATE_INIT and MSA 12 is available. In this case
the NIP flag is set in the function code for KIMD, but KIMD ignores the
NIP flag when it is called with zero bytes to process.

Skip any KIMD calls for zero length data. Also do not set the xof_state
to XOF_STATE_ABSORB until the first call to KIMD with data. That way,
the next KIMD (with non-zero length data) or KLMD call will get the NIP
flag set and will then honor it to produce correct output.

Fixes: https://github.com/openssl/openssl/commit/25f5d7b85f6657cd2f9f1ab7ae87f319d9bafe54
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25388)