s390x: Fix HMAC to fail update or final call when already finalized

After commit a5d1eadde1d566b528cfe495953300cd9f9fe1e9 the test step
'test_hmac_final_update_fail' of 'test_hmac' fails.

Return an error when update or final is used after the context has
already been finalized. Flag 'iimp' (intermediate-input-message-part)
must be 1 to allow an update or final call. If iimp is 0, then the
context has already been finalized.

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27781)

(cherry picked from commit 339ced70da1206bf090c3de981093b99cfa0d39a)

diff --git a/crypto/hmac/hmac_s390x.c b/crypto/hmac/hmac_s390x.c
index 02e1cd1dd6503ae8d947be1ffe68ba2ae4ee8365..ac202615630e0343706426710c0ec5ef414a9854 100644 (file)
--- a/crypto/hmac/hmac_s390x.c
+++ b/crypto/hmac/hmac_s390x.c
@@ -14,6 +14,7 @@
 #include "hmac_local.h"
 #include "openssl/obj_mac.h"
 #include "openssl/evp.h"
+#include "openssl/err.h"
 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
 # include <openssl/engine.h>
 #endif
@@ -189,6 +190,11 @@ int s390x_HMAC_update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
 {
     size_t remain, num;
 
+    if (ctx->plat.s390x.iimp != 1) {
+        ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
+        return 0;
+    }
+
     if (len == 0)
         return 1;
 
@@ -250,6 +256,11 @@ int s390x_HMAC_final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
     void *result;
     unsigned int res_len;
 
+    if (ctx->plat.s390x.iimp != 1) {
+        ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
+        return 0;
+    }
+
     ctx->plat.s390x.iimp = 0; /* last block */
     s390x_call_kmac(ctx, ctx->plat.s390x.buf, ctx->plat.s390x.num);