From: Juergen Christ <jchrist@linux.ibm.com>
Date: Mon, 2 Jan 2023 16:52:25 +0000 (+0100)
Subject: s390x: Fix keccak xofs via CPACF
X-Git-Tag: openssl-3.2.0-alpha1~1450
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=76aa4f3ac0d76e58f2111cbf87ae7f25c8766190;p=thirdparty%2Fopenssl.git

s390x: Fix keccak xofs via CPACF

CPACF does not directly support xofs.  Emulate this by using single block
operations on an empty input block.

Fixes: affc070aabc9 ("s390x: Optimize kmac")

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19983)
---

diff --git a/providers/implementations/digests/sha3_prov.c b/providers/implementations/digests/sha3_prov.c
index 25f630a4c35..33dc6660bf6 100644
--- a/providers/implementations/digests/sha3_prov.c
+++ b/providers/implementations/digests/sha3_prov.c
@@ -182,6 +182,8 @@ static int s390x_keccakc_final(unsigned char *md, void *vctx, int padding)
     KECCAK1600_CTX *ctx = vctx;
     size_t bsz = ctx->block_size;
     size_t num = ctx->bufsz;
+    size_t needed = ctx->md_size;
+    static const unsigned char empty[KECCAK1600_WIDTH / 8] = {0};
 
     if (!ossl_prov_is_running())
         return 0;
@@ -191,7 +193,14 @@ static int s390x_keccakc_final(unsigned char *md, void *vctx, int padding)
     ctx->buf[num] = padding;
     ctx->buf[bsz - 1] |= 0x80;
     s390x_kimd(ctx->buf, bsz, ctx->pad, ctx->A);
-    memcpy(md, ctx->A, ctx->md_size);
+    while (needed > bsz) {
+        memcpy(md, ctx->A, bsz);
+        needed -= bsz;
+        md += bsz;
+        s390x_kimd(empty, bsz, ctx->pad, ctx->A);
+    }
+    memcpy(md, ctx->A, needed);
+
     return 1;
 }