git.ipfire.org Git - thirdparty/openssl.git/commit

author	Ingo Franzki <ifranzki@linux.ibm.com>
	Wed, 4 Sep 2024 11:42:09 +0000 (13:42 +0200)
committer	Tomas Mraz <tomas@openssl.org>
	Fri, 6 Sep 2024 09:26:06 +0000 (11:26 +0200)
commit	dc5afb7e87ee448f4fecad0dc624c643505ba7f1
tree	152eae0abd3387140cf9c30c887c97a169f81ab7	tree
parent	979dc530010e3c0f045edf6e38c7ab894ffba7f2	commit \| diff

s390x: Fix s390x_shake_squeeze() when MSA 12 is available

On the first squeeze call, when finishing the absorb process, also set
the NIP flag, if we are still in XOF_STATE_INIT state. When MSA 12 is
available, the state buffer A has not been zeroed during initialization,
thus we must also pass the NIP flag here. This situation can happen
when a squeeze is performed without a preceding absorb (i.e. a SHAKE
of the empty message).

Add a test that performs a squeeze without a preceding absorb and check
if the result is correct.

Fixes: https://github.com/openssl/openssl/commit/25f5d7b85f6657cd2f9f1ab7ae87f319d9bafe54
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25388)

providers/implementations/digests/sha3_prov.c		diff \| blob \| blame \| history
test/evp_xof_test.c		diff \| blob \| blame \| history