From f225fbf9521395aff86e85883db9bcb083eab154 Mon Sep 17 00:00:00 2001
From: Juergen Christ <jchrist@linux.ibm.com>
Date: Tue, 17 Jan 2023 19:16:43 +0100
Subject: S390X: Fix Ed448ph

CPACF does not support pre-hashing.  This was considered correctly for
Ed25519ph, but not for Ed448ph which lead to errors in the test_evp suite
(test vector 20 - pre-hashing without context string).  Fix this by using the
non-accelerated version of Ed448 also if no context string is provided, but
pre-hashing is performed.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20067)
---
 providers/implementations/signature/eddsa_sig.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

(limited to 'providers')

diff --git a/providers/implementations/signature/eddsa_sig.c b/providers/implementations/signature/eddsa_sig.c
index e3d5c5a7c8..3321f1a9c2 100644
--- a/providers/implementations/signature/eddsa_sig.c
+++ b/providers/implementations/signature/eddsa_sig.c
@@ -343,10 +343,11 @@ int ed448_digest_sign(void *vpeddsactx, unsigned char *sigret,
         return 0;
     }
 #ifdef S390X_EC_ASM
-    /* s390x_ed448_digestsign() does not yet support context-strings.
-       fall back to non-accelerated sign if a context-string is provided. */
+    /* s390x_ed448_digestsign() does not yet support context-strings or pre-hashing.
+       fall back to non-accelerated sign if a context-string or pre-hasing is provided. */
     if (S390X_CAN_SIGN(ED448)
-            && peddsactx->context_string_len == 0) {
+            && peddsactx->context_string_len == 0
+            && peddsactx->prehash_flag == 0) {
         if (s390x_ed448_digestsign(edkey, sigret, tbs, tbslen) == 0) {
             ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SIGN);
             return 0;
@@ -424,10 +425,11 @@ int ed448_digest_verify(void *vpeddsactx, const unsigned char *sig,
         return 0;
 
 #ifdef S390X_EC_ASM
-    /* s390x_ed448_digestverify() does not yet support context-strings.
-       fall back to non-accelerated verify if a context-string is provided. */
+    /* s390x_ed448_digestverify() does not yet support context-strings or pre-hashing.
+       fall back to non-accelerated verify if a context-string or pre-hasing is provided. */
     if (S390X_CAN_SIGN(ED448)
-            && peddsactx->context_string_len == 0) {
+            && peddsactx->context_string_len == 0
+            && peddsactx->prehash_flag == 0) {
         return s390x_ed448_digestverify(edkey, sig, tbs, tbslen);
     }
 #endif /* S390X_EC_ASM */
-- 
cgit v1.2.1