Index | Thread | Search

From:
Mark Kettenis <mark.kettenis@xs4all.nl>
Subject:
security/openssl/3.1 avx512 fix
To:
tb@openbsd.org
Cc:
ports@openbsd.org
Date:
Sun, 14 Apr 2024 13:06:58 +0200

Download raw body.

Thread 
This backports

https://github.com/openssl/openssl/commit/143ca66cf00c88950d689a8aa0c89888052669f4

such that the tests pass again on avx512 hardware.

ok?


Index: security/openssl/3.1/Makefile
===================================================================
RCS file: /cvs/ports/security/openssl/3.1/Makefile,v
retrieving revision 1.22
diff -u -p -r1.22 Makefile
--- security/openssl/3.1/Makefile	25 Feb 2024 10:12:23 -0000	1.22
+++ security/openssl/3.1/Makefile	14 Apr 2024 11:02:40 -0000
@@ -10,7 +10,7 @@ V=		3.1.5
 PKGNAME=	openssl-${V}
 PKGSPEC=	openssl->=3.1v0,<3.2v0
 EPOCH=		0
-REVISION=	2
+REVISION=	3
 
 SHLIBVER=	15.1
 SHARED_LIBS=	crypto ${SHLIBVER} \
Index: security/openssl/3.1/patches/patch-providers_implementations_ciphers_cipher_aes_gcm_hw_vaes_avx512_inc
===================================================================
RCS file: security/openssl/3.1/patches/patch-providers_implementations_ciphers_cipher_aes_gcm_hw_vaes_avx512_inc
diff -N security/openssl/3.1/patches/patch-providers_implementations_ciphers_cipher_aes_gcm_hw_vaes_avx512_inc
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ security/openssl/3.1/patches/patch-providers_implementations_ciphers_cipher_aes_gcm_hw_vaes_avx512_inc	14 Apr 2024 11:02:40 -0000
@@ -0,0 +1,32 @@
+Index: providers/implementations/ciphers/cipher_aes_gcm_hw_vaes_avx512.inc
+--- providers/implementations/ciphers/cipher_aes_gcm_hw_vaes_avx512.inc.orig
++++ providers/implementations/ciphers/cipher_aes_gcm_hw_vaes_avx512.inc
+@@ -48,7 +48,6 @@ static int vaes_gcm_setkey(PROV_GCM_CTX *ctx, const un
+     PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx;
+     AES_KEY *ks = &actx->ks.ks;
+ 
+-    ctx->ks = ks;
+     aesni_set_encrypt_key(key, keylen * 8, ks);
+     memset(gcmctx, 0, sizeof(*gcmctx));
+     gcmctx->key = ks;
+@@ -77,7 +76,7 @@ static int vaes_gcm_setiv(PROV_GCM_CTX *ctx, const uns
+     if (ivlen > (U64(1) << 61))
+         return 0;
+ 
+-    ossl_aes_gcm_setiv_avx512(ctx->ks, gcmctx, iv, ivlen);
++    ossl_aes_gcm_setiv_avx512(gcmctx->key, gcmctx, iv, ivlen);
+ 
+     return 1;
+ }
+@@ -162,9 +161,9 @@ static int vaes_gcm_cipherupdate(PROV_GCM_CTX *ctx, co
+     }
+ 
+     if (ctx->enc)
+-        ossl_aes_gcm_encrypt_avx512(ctx->ks, gcmctx, &gcmctx->mres, in, len, out);
++        ossl_aes_gcm_encrypt_avx512(gcmctx->key, gcmctx, &gcmctx->mres, in, len, out);
+     else
+-        ossl_aes_gcm_decrypt_avx512(ctx->ks, gcmctx, &gcmctx->mres, in, len, out);
++        ossl_aes_gcm_decrypt_avx512(gcmctx->key, gcmctx, &gcmctx->mres, in, len, out);
+ 
+     return 1;
+ }
Index: security/openssl/3.1/patches/patch-providers_implementations_ciphers_cipher_sm4_gcm_hw_c
===================================================================
RCS file: security/openssl/3.1/patches/patch-providers_implementations_ciphers_cipher_sm4_gcm_hw_c
diff -N security/openssl/3.1/patches/patch-providers_implementations_ciphers_cipher_sm4_gcm_hw_c
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ security/openssl/3.1/patches/patch-providers_implementations_ciphers_cipher_sm4_gcm_hw_c	14 Apr 2024 11:02:40 -0000
@@ -0,0 +1,11 @@
+Index: providers/implementations/ciphers/cipher_sm4_gcm_hw.c
+--- providers/implementations/ciphers/cipher_sm4_gcm_hw.c.orig
++++ providers/implementations/ciphers/cipher_sm4_gcm_hw.c
+@@ -20,7 +20,6 @@ static int sm4_gcm_initkey(PROV_GCM_CTX *ctx, const un
+     PROV_SM4_GCM_CTX *actx = (PROV_SM4_GCM_CTX *)ctx;
+     SM4_KEY *ks = &actx->ks.ks;
+ 
+-    ctx->ks = ks;
+ # ifdef HWSM4_CAPABLE
+     if (HWSM4_CAPABLE) {
+         HWSM4_set_encrypt_key(key, ks);
Index: security/openssl/3.1/patches/patch-providers_implementations_include_prov_ciphercommon_gcm_h
===================================================================
RCS file: security/openssl/3.1/patches/patch-providers_implementations_include_prov_ciphercommon_gcm_h
diff -N security/openssl/3.1/patches/patch-providers_implementations_include_prov_ciphercommon_gcm_h
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ security/openssl/3.1/patches/patch-providers_implementations_include_prov_ciphercommon_gcm_h	14 Apr 2024 11:02:40 -0000
@@ -0,0 +1,19 @@
+Index: providers/implementations/include/prov/ciphercommon_gcm.h
+--- providers/implementations/include/prov/ciphercommon_gcm.h.orig
++++ providers/implementations/include/prov/ciphercommon_gcm.h
+@@ -75,7 +75,6 @@ typedef struct prov_gcm_ctx_st {
+     const PROV_GCM_HW *hw;  /* hardware specific methods */
+     GCM128_CONTEXT gcm;
+     ctr128_f ctr;
+-    const void *ks;
+ } PROV_GCM_CTX;
+ 
+ PROV_CIPHER_FUNC(int, GCM_setkey, (PROV_GCM_CTX *ctx, const unsigned char *key,
+@@ -122,7 +121,6 @@ int ossl_gcm_cipher_update(PROV_GCM_CTX *ctx, const un
+                            size_t len, unsigned char *out);
+ 
+ #define GCM_HW_SET_KEY_CTR_FN(ks, fn_set_enc_key, fn_block, fn_ctr)            \
+-    ctx->ks = ks;                                                              \
+     fn_set_enc_key(key, keylen * 8, ks);                                       \
+     CRYPTO_gcm128_init(&ctx->gcm, ks, (block128_f)fn_block);                   \
+     ctx->ctr = (ctr128_f)fn_ctr;                                               \