s390x: Don't ignore errors from s390x_HMAC_init()

Currently errors from s390x_HMAC_init() are silently ignored and the software
path is used as fallback.

Change this to only take the software path if s390x_HMAC_init() returns -1
to indicate that it does not support the HMAC acceleration. In case of
errors, return them to the caller. Errors could be memory allocation
failures or errors during digest operations. Those should not be ignored,
but reported as failure.

This also fixes failures of the test_rsa_pkcs1_mfail test case that found
the memory allocation failures that got ignored.

References: https://github.com/openssl/openssl/issues/31480
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Sun Jun 21 14:19:53 2026
(Merged from https://github.com/openssl/openssl/pull/31482)

diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c
index 400dde4d40aef75c5bc6e22a0aeec0b24001519c..ab0f2b5ebd214ac49e9e719369764550c7cd9378 100644 (file)
--- a/crypto/hmac/hmac.c
+++ b/crypto/hmac/hmac.c
@@ -54,7 +54,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
 
 #ifdef OPENSSL_HMAC_S390X
     rv = s390x_HMAC_init(ctx, key, len);
-    if (rv >= 1)
+    if (rv != -1)
         return rv;
 #endif