On Sun, Apr 14, 2024 at 01:06:58PM +0200, Mark Kettenis wrote:
> This backports
>
> https://github.com/openssl/openssl/commit/143ca66cf00c88950d689a8aa0c89888052669f4
>
> such that the tests pass again on avx512 hardware.
>
> ok?
ok. Please land the same diff for quictls
>
>
> Index: security/openssl/3.1/Makefile
> ===================================================================
> RCS file: /cvs/ports/security/openssl/3.1/Makefile,v
> retrieving revision 1.22
> diff -u -p -r1.22 Makefile
> --- security/openssl/3.1/Makefile 25 Feb 2024 10:12:23 -0000 1.22
> +++ security/openssl/3.1/Makefile 14 Apr 2024 11:02:40 -0000
> @@ -10,7 +10,7 @@ V= 3.1.5
> PKGNAME= openssl-${V}
> PKGSPEC= openssl->=3.1v0,<3.2v0
> EPOCH= 0
> -REVISION= 2
> +REVISION= 3
>
> SHLIBVER= 15.1
> SHARED_LIBS= crypto ${SHLIBVER} \
> Index:
> security/openssl/3.1/patches/patch-providers_implementations_ciphers_cipher_aes_gcm_hw_vaes_avx512_inc
> ===================================================================
> RCS file:
> security/openssl/3.1/patches/patch-providers_implementations_ciphers_cipher_aes_gcm_hw_vaes_avx512_inc
> diff -N
> security/openssl/3.1/patches/patch-providers_implementations_ciphers_cipher_aes_gcm_hw_vaes_avx512_inc
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++
> security/openssl/3.1/patches/patch-providers_implementations_ciphers_cipher_aes_gcm_hw_vaes_avx512_inc
> 14 Apr 2024 11:02:40 -0000
> @@ -0,0 +1,32 @@
> +Index: providers/implementations/ciphers/cipher_aes_gcm_hw_vaes_avx512.inc
> +--- providers/implementations/ciphers/cipher_aes_gcm_hw_vaes_avx512.inc.orig
> ++++ providers/implementations/ciphers/cipher_aes_gcm_hw_vaes_avx512.inc
> +@@ -48,7 +48,6 @@ static int vaes_gcm_setkey(PROV_GCM_CTX *ctx, const un
> + PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx;
> + AES_KEY *ks = &actx->ks.ks;
> +
> +- ctx->ks = ks;
> + aesni_set_encrypt_key(key, keylen * 8, ks);
> + memset(gcmctx, 0, sizeof(*gcmctx));
> + gcmctx->key = ks;
> +@@ -77,7 +76,7 @@ static int vaes_gcm_setiv(PROV_GCM_CTX *ctx, const uns
> + if (ivlen > (U64(1) << 61))
> + return 0;
> +
> +- ossl_aes_gcm_setiv_avx512(ctx->ks, gcmctx, iv, ivlen);
> ++ ossl_aes_gcm_setiv_avx512(gcmctx->key, gcmctx, iv, ivlen);
> +
> + return 1;
> + }
> +@@ -162,9 +161,9 @@ static int vaes_gcm_cipherupdate(PROV_GCM_CTX *ctx, co
> + }
> +
> + if (ctx->enc)
> +- ossl_aes_gcm_encrypt_avx512(ctx->ks, gcmctx, &gcmctx->mres, in,
> len, out);
> ++ ossl_aes_gcm_encrypt_avx512(gcmctx->key, gcmctx, &gcmctx->mres, in,
> len, out);
> + else
> +- ossl_aes_gcm_decrypt_avx512(ctx->ks, gcmctx, &gcmctx->mres, in,
> len, out);
> ++ ossl_aes_gcm_decrypt_avx512(gcmctx->key, gcmctx, &gcmctx->mres, in,
> len, out);
> +
> + return 1;
> + }
> Index:
> security/openssl/3.1/patches/patch-providers_implementations_ciphers_cipher_sm4_gcm_hw_c
> ===================================================================
> RCS file:
> security/openssl/3.1/patches/patch-providers_implementations_ciphers_cipher_sm4_gcm_hw_c
> diff -N
> security/openssl/3.1/patches/patch-providers_implementations_ciphers_cipher_sm4_gcm_hw_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++
> security/openssl/3.1/patches/patch-providers_implementations_ciphers_cipher_sm4_gcm_hw_c
> 14 Apr 2024 11:02:40 -0000
> @@ -0,0 +1,11 @@
> +Index: providers/implementations/ciphers/cipher_sm4_gcm_hw.c
> +--- providers/implementations/ciphers/cipher_sm4_gcm_hw.c.orig
> ++++ providers/implementations/ciphers/cipher_sm4_gcm_hw.c
> +@@ -20,7 +20,6 @@ static int sm4_gcm_initkey(PROV_GCM_CTX *ctx, const un
> + PROV_SM4_GCM_CTX *actx = (PROV_SM4_GCM_CTX *)ctx;
> + SM4_KEY *ks = &actx->ks.ks;
> +
> +- ctx->ks = ks;
> + # ifdef HWSM4_CAPABLE
> + if (HWSM4_CAPABLE) {
> + HWSM4_set_encrypt_key(key, ks);
> Index:
> security/openssl/3.1/patches/patch-providers_implementations_include_prov_ciphercommon_gcm_h
> ===================================================================
> RCS file:
> security/openssl/3.1/patches/patch-providers_implementations_include_prov_ciphercommon_gcm_h
> diff -N
> security/openssl/3.1/patches/patch-providers_implementations_include_prov_ciphercommon_gcm_h
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++
> security/openssl/3.1/patches/patch-providers_implementations_include_prov_ciphercommon_gcm_h
> 14 Apr 2024 11:02:40 -0000
> @@ -0,0 +1,19 @@
> +Index: providers/implementations/include/prov/ciphercommon_gcm.h
> +--- providers/implementations/include/prov/ciphercommon_gcm.h.orig
> ++++ providers/implementations/include/prov/ciphercommon_gcm.h
> +@@ -75,7 +75,6 @@ typedef struct prov_gcm_ctx_st {
> + const PROV_GCM_HW *hw; /* hardware specific methods */
> + GCM128_CONTEXT gcm;
> + ctr128_f ctr;
> +- const void *ks;
> + } PROV_GCM_CTX;
> +
> + PROV_CIPHER_FUNC(int, GCM_setkey, (PROV_GCM_CTX *ctx, const unsigned char
> *key,
> +@@ -122,7 +121,6 @@ int ossl_gcm_cipher_update(PROV_GCM_CTX *ctx, const un
> + size_t len, unsigned char *out);
> +
> + #define GCM_HW_SET_KEY_CTR_FN(ks, fn_set_enc_key, fn_block, fn_ctr)
> \
> +- ctx->ks = ks;
> \
> + fn_set_enc_key(key, keylen * 8, ks);
> \
> + CRYPTO_gcm128_init(&ctx->gcm, ks, (block128_f)fn_block);
> \
> + ctx->ctr = (ctr128_f)fn_ctr;
> \
