mirror of https://github.com/openssl/openssl
Compare commits
11 Commits
5c5be45dbe
...
139e53b5ea
Author | SHA1 | Date |
---|---|---|
Hongren Zheng | 139e53b5ea | |
Neil Horman | 933f57dfe2 | |
Neil Horman | 3dcd85139f | |
Neil Horman | 3059052992 | |
Neil Horman | badda78325 | |
Takehiko Yokota | bde66e828d | |
Jiasheng Jiang | 48e3cf25a8 | |
Viktor Dukhovni | 6d01857040 | |
Hongren Zheng | b4e7fe645e | |
Hongren Zheng | 61efce1e41 | |
Hongren Zheng | db285eeb41 |
|
@ -368,7 +368,6 @@ static CONF_MODULE *module_add(DSO *dso, const char *name,
|
|||
|
||||
err:
|
||||
ossl_rcu_write_unlock(module_list_lock);
|
||||
sk_CONF_MODULE_free(new_modules);
|
||||
if (tmod != NULL) {
|
||||
OPENSSL_free(tmod->name);
|
||||
OPENSSL_free(tmod);
|
||||
|
|
|
@ -230,7 +230,8 @@ HT *ossl_ht_new(HT_CONFIG *conf)
|
|||
err:
|
||||
CRYPTO_THREAD_lock_free(new->atomic_lock);
|
||||
ossl_rcu_lock_free(new->lock);
|
||||
OPENSSL_free(new->md->neighborhood_ptr_to_free);
|
||||
if (new->md != NULL)
|
||||
OPENSSL_free(new->md->neighborhood_ptr_to_free);
|
||||
OPENSSL_free(new->md);
|
||||
OPENSSL_free(new);
|
||||
return NULL;
|
||||
|
|
|
@ -21,6 +21,9 @@
|
|||
#elif defined(__s390__) || defined(__s390x__)
|
||||
# include "s390x_arch.h"
|
||||
# define CPU_INFO_STR_LEN 2048
|
||||
#elif defined(__riscv)
|
||||
# include "crypto/riscv_arch.h"
|
||||
# define CPU_INFO_STR_LEN 2048
|
||||
#else
|
||||
# define CPU_INFO_STR_LEN 128
|
||||
#endif
|
||||
|
@ -98,6 +101,33 @@ DEFINE_RUN_ONCE_STATIC(init_info_strings)
|
|||
BIO_snprintf(ossl_cpu_info_str + strlen(ossl_cpu_info_str),
|
||||
sizeof(ossl_cpu_info_str) - strlen(ossl_cpu_info_str),
|
||||
" env:%s", env);
|
||||
# elif defined(__riscv)
|
||||
const char *env;
|
||||
char sep = '=';
|
||||
|
||||
BIO_snprintf(ossl_cpu_info_str, sizeof(ossl_cpu_info_str),
|
||||
CPUINFO_PREFIX "OPENSSL_riscvcap");
|
||||
for (size_t i = 0; i < kRISCVNumCaps; ++i) {
|
||||
if (OPENSSL_riscvcap_P[RISCV_capabilities[i].index] &
|
||||
(1 << RISCV_capabilities[i].bit_offset)) {
|
||||
/* Match, display the name */
|
||||
BIO_snprintf(ossl_cpu_info_str + strlen(ossl_cpu_info_str),
|
||||
sizeof(ossl_cpu_info_str) - strlen(ossl_cpu_info_str),
|
||||
"%c%s", sep, RISCV_capabilities[i].name);
|
||||
/* Only the first sep is '=' */
|
||||
sep = '_';
|
||||
}
|
||||
}
|
||||
/* If no capability is found, add back the = */
|
||||
if (sep == '=') {
|
||||
BIO_snprintf(ossl_cpu_info_str + strlen(ossl_cpu_info_str),
|
||||
sizeof(ossl_cpu_info_str) - strlen(ossl_cpu_info_str),
|
||||
"%c", sep);
|
||||
}
|
||||
if ((env = getenv("OPENSSL_riscvcap")) != NULL)
|
||||
BIO_snprintf(ossl_cpu_info_str + strlen(ossl_cpu_info_str),
|
||||
sizeof(ossl_cpu_info_str) - strlen(ossl_cpu_info_str),
|
||||
" env:%s", env);
|
||||
# endif
|
||||
#endif
|
||||
|
||||
|
|
|
@ -17,6 +17,12 @@
|
|||
#define OPENSSL_RISCVCAP_IMPL
|
||||
#include "crypto/riscv_arch.h"
|
||||
|
||||
#ifdef OSSL_RISCV_HWPROBE
|
||||
# include <unistd.h>
|
||||
# include <sys/syscall.h>
|
||||
# include <asm/hwprobe.h>
|
||||
#endif
|
||||
|
||||
extern size_t riscv_vlen_asm(void);
|
||||
|
||||
static void parse_env(const char *envstr);
|
||||
|
@ -71,6 +77,38 @@ static void parse_env(const char *envstr)
|
|||
}
|
||||
}
|
||||
|
||||
#ifdef OSSL_RISCV_HWPROBE
|
||||
static long __riscv_hwprobe(struct riscv_hwprobe *pairs, size_t pair_count,
|
||||
size_t cpu_count, unsigned long *cpus,
|
||||
unsigned int flags)
|
||||
{
|
||||
return syscall(__NR_riscv_hwprobe, pairs, pair_count, cpu_count, cpus, flags);
|
||||
}
|
||||
|
||||
static void hwprobe_to_cap()
|
||||
{
|
||||
long ret;
|
||||
struct riscv_hwprobe pairs[OSSL_RISCV_HWPROBE_PAIR_COUNT] = {
|
||||
OSSL_RISCV_HWPROBE_PAIR_CONTENT
|
||||
};
|
||||
|
||||
ret = __riscv_hwprobe(pairs, OSSL_RISCV_HWPROBE_PAIR_COUNT, 0, NULL, 0);
|
||||
/* if hwprobe syscall does not exist, ret would be -ENOSYS */
|
||||
if (!ret) {
|
||||
for (size_t i = 0; i < kRISCVNumCaps; ++i) {
|
||||
for (size_t j = 0; j != OSSL_RISCV_HWPROBE_PAIR_COUNT; ++j) {
|
||||
if (pairs[j].key == RISCV_capabilities[i].hwprobe_key
|
||||
&& (pairs[j].value & RISCV_capabilities[i].hwprobe_value)
|
||||
!= 0)
|
||||
/* Match, set relevant bit in OPENSSL_riscvcap_P[] */
|
||||
OPENSSL_riscvcap_P[RISCV_capabilities[i].index] |=
|
||||
(1 << RISCV_capabilities[i].bit_offset);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif /* OSSL_RISCV_HWPROBE */
|
||||
|
||||
size_t riscv_vlen(void)
|
||||
{
|
||||
return vlen;
|
||||
|
@ -91,6 +129,11 @@ void OPENSSL_cpuid_setup(void)
|
|||
if ((e = getenv("OPENSSL_riscvcap"))) {
|
||||
parse_env(e);
|
||||
}
|
||||
#ifdef OSSL_RISCV_HWPROBE
|
||||
else {
|
||||
hwprobe_to_cap();
|
||||
}
|
||||
#endif
|
||||
|
||||
if (RISCV_HAS_V()) {
|
||||
vlen = riscv_vlen_asm();
|
||||
|
|
|
@ -111,14 +111,7 @@ static int by_store_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argp,
|
|||
{
|
||||
switch (cmd) {
|
||||
case X509_L_ADD_STORE:
|
||||
/* If no URI is given, use the default cert dir as default URI */
|
||||
if (argp == NULL)
|
||||
argp = ossl_safe_getenv(X509_get_default_cert_dir_env());
|
||||
|
||||
if (argp == NULL)
|
||||
argp = X509_get_default_cert_dir();
|
||||
|
||||
{
|
||||
if (argp != NULL) {
|
||||
STACK_OF(OPENSSL_STRING) *uris = X509_LOOKUP_get_method_data(ctx);
|
||||
char *data = OPENSSL_strdup(argp);
|
||||
|
||||
|
@ -131,12 +124,15 @@ static int by_store_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argp,
|
|||
}
|
||||
return sk_OPENSSL_STRING_push(uris, data) > 0;
|
||||
}
|
||||
/* NOP if no URI is given. */
|
||||
return 1;
|
||||
case X509_L_LOAD_STORE:
|
||||
/* This is a shortcut for quick loading of specific containers */
|
||||
return cache_objects(ctx, argp, NULL, 0, libctx, propq);
|
||||
default:
|
||||
/* Unsupported command */
|
||||
return 0;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int by_store_ctrl(X509_LOOKUP *ctx, int cmd,
|
||||
|
|
|
@ -30,6 +30,11 @@ int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
|
|||
lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_store());
|
||||
if (lookup == NULL)
|
||||
return 0;
|
||||
/*
|
||||
* The NULL URI argument will activate any default URIs (presently none),
|
||||
* DO NOT pass the default CApath or CAfile, they're already handled above,
|
||||
* likely much more efficiently.
|
||||
*/
|
||||
X509_LOOKUP_add_store_ex(lookup, NULL, libctx, propq);
|
||||
|
||||
/* clear any errors */
|
||||
|
|
|
@ -1571,6 +1571,10 @@ DEPEND[html/man3/OPENSSL_malloc.html]=man3/OPENSSL_malloc.pod
|
|||
GENERATE[html/man3/OPENSSL_malloc.html]=man3/OPENSSL_malloc.pod
|
||||
DEPEND[man/man3/OPENSSL_malloc.3]=man3/OPENSSL_malloc.pod
|
||||
GENERATE[man/man3/OPENSSL_malloc.3]=man3/OPENSSL_malloc.pod
|
||||
DEPEND[html/man3/OPENSSL_riscvcap.html]=man3/OPENSSL_riscvcap.pod
|
||||
GENERATE[html/man3/OPENSSL_riscvcap.html]=man3/OPENSSL_riscvcap.pod
|
||||
DEPEND[man/man3/OPENSSL_riscvcap.3]=man3/OPENSSL_riscvcap.pod
|
||||
GENERATE[man/man3/OPENSSL_riscvcap.3]=man3/OPENSSL_riscvcap.pod
|
||||
DEPEND[html/man3/OPENSSL_s390xcap.html]=man3/OPENSSL_s390xcap.pod
|
||||
GENERATE[html/man3/OPENSSL_s390xcap.html]=man3/OPENSSL_s390xcap.pod
|
||||
DEPEND[man/man3/OPENSSL_s390xcap.3]=man3/OPENSSL_s390xcap.pod
|
||||
|
@ -3352,6 +3356,7 @@ html/man3/OPENSSL_init_ssl.html \
|
|||
html/man3/OPENSSL_instrument_bus.html \
|
||||
html/man3/OPENSSL_load_builtin_modules.html \
|
||||
html/man3/OPENSSL_malloc.html \
|
||||
html/man3/OPENSSL_riscvcap.html \
|
||||
html/man3/OPENSSL_s390xcap.html \
|
||||
html/man3/OPENSSL_secure_malloc.html \
|
||||
html/man3/OPENSSL_strcasecmp.html \
|
||||
|
@ -4004,6 +4009,7 @@ man/man3/OPENSSL_init_ssl.3 \
|
|||
man/man3/OPENSSL_instrument_bus.3 \
|
||||
man/man3/OPENSSL_load_builtin_modules.3 \
|
||||
man/man3/OPENSSL_malloc.3 \
|
||||
man/man3/OPENSSL_riscvcap.3 \
|
||||
man/man3/OPENSSL_s390xcap.3 \
|
||||
man/man3/OPENSSL_secure_malloc.3 \
|
||||
man/man3/OPENSSL_strcasecmp.3 \
|
||||
|
|
|
@ -700,7 +700,7 @@ For information about the use of environment variables in configuration,
|
|||
see L<config(5)/ENVIRONMENT>.
|
||||
|
||||
For information about querying or specifying CPU architecture flags, see
|
||||
L<OPENSSL_ia32cap(3)>, and L<OPENSSL_s390xcap(3)>.
|
||||
L<OPENSSL_ia32cap(3)>, L<OPENSSL_s390xcap(3)> and L<OPENSSL_riscvcap(3)>.
|
||||
|
||||
For information about all environment variables used by the OpenSSL libraries,
|
||||
see L<openssl-env(7)>.
|
||||
|
|
|
@ -0,0 +1,211 @@
|
|||
=pod
|
||||
|
||||
=head1 NAME
|
||||
|
||||
OPENSSL_riscvcap - the RISC-V processor capabilities vector
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
env OPENSSL_riscvcap=... <application>
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
libcrypto supports RISC-V instruction set extensions. These
|
||||
extensions are denoted by individual extension names in the capabilities
|
||||
vector. For Linux platform, when libcrypto is initialized, the results
|
||||
returned by the RISC-V Hardware Probing syscall (hwprobe) are stored
|
||||
in the vector. Otherwise all capabilities are disabled.
|
||||
|
||||
To override the set of instructions available to an application, you can
|
||||
set the B<OPENSSL_riscvcap> environment variable before you start the
|
||||
application.
|
||||
|
||||
The environment variable is similar to the RISC-V ISA string defined in the
|
||||
RISC-V Instruction Set Manual. It is case insensitive. Though due to the limit
|
||||
of the environment variable parser inside libcrypto, an extension must be
|
||||
prefixed with an underscore to make it recognizable. This also applies to the
|
||||
Vector extension.
|
||||
|
||||
OPENSSL_riscvcap="rv64gc_v_zba_zbb_zbs..."
|
||||
|
||||
Note that extension implication is currently not implemented.
|
||||
For example, when "rv64gc_b" is provided as the environment variable,
|
||||
zba/zbb/zbs would not be implied in the capability vector.
|
||||
|
||||
Currently only these extensions are recognized:
|
||||
|
||||
=over 4
|
||||
|
||||
=item ZBA
|
||||
|
||||
Address Generation
|
||||
|
||||
Could be detected using hwprobe for Linux kernel >= 6.5
|
||||
|
||||
=item ZBB
|
||||
|
||||
Basic bit-manipulation
|
||||
|
||||
Could be detected using hwprobe for Linux kernel >= 6.5
|
||||
|
||||
=item ZBC
|
||||
|
||||
Carry-less multiplication
|
||||
|
||||
Could be detected using hwprobe for Linux kernel >= 6.8
|
||||
|
||||
=item ZBS
|
||||
|
||||
Single-bit instructions
|
||||
|
||||
Could be detected using hwprobe for Linux kernel >= 6.5
|
||||
|
||||
=item ZBKB
|
||||
|
||||
Bit-manipulation for Cryptography
|
||||
|
||||
Could be detected using hwprobe for Linux kernel >= 6.8
|
||||
|
||||
=item ZBKC
|
||||
|
||||
Carry-less multiplication for Cryptography
|
||||
|
||||
Could be detected using hwprobe for Linux kernel >= 6.8
|
||||
|
||||
=item ZBKX
|
||||
|
||||
Crossbar permutations
|
||||
|
||||
Could be detected using hwprobe for Linux kernel >= 6.8
|
||||
|
||||
=item ZKND
|
||||
|
||||
NIST Suite: AES Decryption
|
||||
|
||||
Could be detected using hwprobe for Linux kernel >= 6.8
|
||||
|
||||
=item ZKNE
|
||||
|
||||
NIST Suite: AES Encryption
|
||||
|
||||
Could be detected using hwprobe for Linux kernel >= 6.8
|
||||
|
||||
=item ZKNH
|
||||
|
||||
NIST Suite: Hash Function Instructions
|
||||
|
||||
Could be detected using hwprobe for Linux kernel >= 6.8
|
||||
|
||||
=item ZKSED
|
||||
|
||||
ShangMi Suite: SM4 Block Cipher Instructions
|
||||
|
||||
Could be detected using hwprobe for Linux kernel >= 6.8
|
||||
|
||||
=item ZKSH
|
||||
|
||||
ShangMi Suite: SM3 Hash Function Instructions
|
||||
|
||||
Could be detected using hwprobe for Linux kernel >= 6.8
|
||||
|
||||
=item ZKR
|
||||
|
||||
Entropy Source Extension
|
||||
|
||||
=item ZKT
|
||||
|
||||
Data Independent Execution Latency
|
||||
|
||||
Could be detected using hwprobe for Linux kernel >= 6.8
|
||||
|
||||
=item V
|
||||
|
||||
Vector Extention for Application Processors
|
||||
|
||||
Could be detected using hwprobe for Linux kernel >= 6.5
|
||||
|
||||
=item ZVBB
|
||||
|
||||
Vector Basic Bit-manipulation
|
||||
|
||||
Could be detected using hwprobe for Linux kernel >= 6.8
|
||||
|
||||
=item ZVBC
|
||||
|
||||
Vector Carryless Multiplication
|
||||
|
||||
Could be detected using hwprobe for Linux kernel >= 6.8
|
||||
|
||||
=item ZVKB
|
||||
|
||||
Vector Cryptography Bit-manipulation
|
||||
|
||||
Could be detected using hwprobe for Linux kernel >= 6.8
|
||||
|
||||
=item ZVKG
|
||||
|
||||
Vector GCM/GMAC
|
||||
|
||||
Could be detected using hwprobe for Linux kernel >= 6.8
|
||||
|
||||
=item ZVKNED
|
||||
|
||||
NIST Suite: Vector AES Block Cipher
|
||||
|
||||
Could be detected using hwprobe for Linux kernel >= 6.8
|
||||
|
||||
=item ZVKNHA
|
||||
|
||||
NIST Suite: Vector SHA-2 Secure Hash
|
||||
|
||||
Could be detected using hwprobe for Linux kernel >= 6.8
|
||||
|
||||
=item ZVKNHB
|
||||
|
||||
NIST Suite: Vector SHA-2 Secure Hash
|
||||
|
||||
Could be detected using hwprobe for Linux kernel >= 6.8
|
||||
|
||||
=item ZVKSED
|
||||
|
||||
ShangMi Suite: SM4 Block Cipher
|
||||
|
||||
Could be detected using hwprobe for Linux kernel >= 6.8
|
||||
|
||||
=item ZVKSH
|
||||
|
||||
ShangMi Suite: SM3 Secure Hash
|
||||
|
||||
Could be detected using hwprobe for Linux kernel >= 6.8
|
||||
|
||||
=back
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
Not available.
|
||||
|
||||
=head1 EXAMPLES
|
||||
|
||||
Check currently detected capabilities
|
||||
|
||||
$ openssl info -cpusettings
|
||||
OPENSSL_riscvcap=ZBA_ZBB_ZBC_ZBS_V
|
||||
|
||||
Disables all instruction set extensions:
|
||||
|
||||
OPENSSL_riscvcap="rv64gc"
|
||||
|
||||
Only enable the vector extension:
|
||||
|
||||
OPENSSL_riscvcap="rv64gc_v"
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
in the file LICENSE in the source distribution or at
|
||||
L<https://www.openssl.org/source/license.html>.
|
||||
|
||||
=cut
|
|
@ -80,7 +80,7 @@ OpenSSL supports a number of different algorithm implementations for
|
|||
various machines and, by default, it determines which to use based on the
|
||||
processor capabilities and run time feature enquiry. These environment
|
||||
variables can be used to exert more control over this selection process.
|
||||
See L<OPENSSL_ia32cap(3)>, L<OPENSSL_s390xcap(3)>.
|
||||
See L<OPENSSL_ia32cap(3)>, L<OPENSSL_s390xcap(3)> and L<OPENSSL_riscvcap(3)>.
|
||||
|
||||
=item B<NO_PROXY>, B<HTTPS_PROXY>, B<HTTP_PROXY>
|
||||
|
||||
|
|
|
@ -16,37 +16,45 @@
|
|||
* second argument as the index in the array where the capability will be stored
|
||||
* and third argument as the index of the bit to be used to encode the
|
||||
* capability.
|
||||
* RISCV_DEFINE_CAP(EXTENSION NAME, array index, bit index) */
|
||||
*
|
||||
* The fourth and the fifth arguments are copied from linux header asm/hwprobe.h.
|
||||
* Directly coping values instead of macro names comes from the fact
|
||||
* that an old version may lack definition of some macro.
|
||||
* When there is no hwprobe key/value pair for a capability, the key is set to -1
|
||||
* and the value is set to 0, as when the hwprobe syscall returns a key of -1,
|
||||
* the value is set to 0 and the corresponding capability would not be enabled.
|
||||
*
|
||||
* RISCV_DEFINE_CAP(EXTENSION NAME, array index, bit index, hwprobe key, hwprobe value) */
|
||||
|
||||
RISCV_DEFINE_CAP(ZBA, 0, 0)
|
||||
RISCV_DEFINE_CAP(ZBB, 0, 1)
|
||||
RISCV_DEFINE_CAP(ZBC, 0, 2)
|
||||
RISCV_DEFINE_CAP(ZBS, 0, 3)
|
||||
RISCV_DEFINE_CAP(ZBKB, 0, 4)
|
||||
RISCV_DEFINE_CAP(ZBKC, 0, 5)
|
||||
RISCV_DEFINE_CAP(ZBKX, 0, 6)
|
||||
RISCV_DEFINE_CAP(ZKND, 0, 7)
|
||||
RISCV_DEFINE_CAP(ZKNE, 0, 8)
|
||||
RISCV_DEFINE_CAP(ZKNH, 0, 9)
|
||||
RISCV_DEFINE_CAP(ZKSED, 0, 10)
|
||||
RISCV_DEFINE_CAP(ZKSH, 0, 11)
|
||||
RISCV_DEFINE_CAP(ZKR, 0, 12)
|
||||
RISCV_DEFINE_CAP(ZKT, 0, 13)
|
||||
RISCV_DEFINE_CAP(V, 0, 14)
|
||||
RISCV_DEFINE_CAP(ZVBB, 0, 15)
|
||||
RISCV_DEFINE_CAP(ZVBC, 0, 16)
|
||||
RISCV_DEFINE_CAP(ZVKB, 0, 17)
|
||||
RISCV_DEFINE_CAP(ZVKG, 0, 18)
|
||||
RISCV_DEFINE_CAP(ZVKNED, 0, 19)
|
||||
RISCV_DEFINE_CAP(ZVKNHA, 0, 20)
|
||||
RISCV_DEFINE_CAP(ZVKNHB, 0, 21)
|
||||
RISCV_DEFINE_CAP(ZVKSED, 0, 22)
|
||||
RISCV_DEFINE_CAP(ZVKSH, 0, 23)
|
||||
RISCV_DEFINE_CAP(ZBA, 0, 0, 4, (1 << 3))
|
||||
RISCV_DEFINE_CAP(ZBB, 0, 1, 4, (1 << 4))
|
||||
RISCV_DEFINE_CAP(ZBC, 0, 2, 4, (1 << 7))
|
||||
RISCV_DEFINE_CAP(ZBS, 0, 3, 4, (1 << 5))
|
||||
RISCV_DEFINE_CAP(ZBKB, 0, 4, 4, (1 << 8))
|
||||
RISCV_DEFINE_CAP(ZBKC, 0, 5, 4, (1 << 9))
|
||||
RISCV_DEFINE_CAP(ZBKX, 0, 6, 4, (1 << 10))
|
||||
RISCV_DEFINE_CAP(ZKND, 0, 7, 4, (1 << 11))
|
||||
RISCV_DEFINE_CAP(ZKNE, 0, 8, 4, (1 << 12))
|
||||
RISCV_DEFINE_CAP(ZKNH, 0, 9, 4, (1 << 13))
|
||||
RISCV_DEFINE_CAP(ZKSED, 0, 10, 4, (1 << 14))
|
||||
RISCV_DEFINE_CAP(ZKSH, 0, 11, 4, (1 << 15))
|
||||
RISCV_DEFINE_CAP(ZKR, 0, 12, -1, 0)
|
||||
RISCV_DEFINE_CAP(ZKT, 0, 13, 4, (1 << 16))
|
||||
RISCV_DEFINE_CAP(V, 0, 14, 4, (1 << 2))
|
||||
RISCV_DEFINE_CAP(ZVBB, 0, 15, 4, (1 << 17))
|
||||
RISCV_DEFINE_CAP(ZVBC, 0, 16, 4, (1 << 18))
|
||||
RISCV_DEFINE_CAP(ZVKB, 0, 17, 4, (1 << 19))
|
||||
RISCV_DEFINE_CAP(ZVKG, 0, 18, 4, (1 << 20))
|
||||
RISCV_DEFINE_CAP(ZVKNED, 0, 19, 4, (1 << 21))
|
||||
RISCV_DEFINE_CAP(ZVKNHA, 0, 20, 4, (1 << 22))
|
||||
RISCV_DEFINE_CAP(ZVKNHB, 0, 21, 4, (1 << 23))
|
||||
RISCV_DEFINE_CAP(ZVKSED, 0, 22, 4, (1 << 24))
|
||||
RISCV_DEFINE_CAP(ZVKSH, 0, 23, 4, (1 << 25))
|
||||
|
||||
/*
|
||||
* In the future ...
|
||||
* RISCV_DEFINE_CAP(ZFOO, 0, 31)
|
||||
* RISCV_DEFINE_CAP(ZBAR, 1, 0)
|
||||
* RISCV_DEFINE_CAP(ZFOO, 0, 31, ..., ...)
|
||||
* RISCV_DEFINE_CAP(ZBAR, 1, 0, ..., ...)
|
||||
* ... and so on.
|
||||
*/
|
||||
|
||||
|
|
|
@ -13,19 +13,28 @@
|
|||
# include <ctype.h>
|
||||
# include <stdint.h>
|
||||
|
||||
# define RISCV_DEFINE_CAP(NAME, INDEX, BIT_INDEX) +1
|
||||
# if defined(OPENSSL_SYS_LINUX) && !defined(FIPS_MODULE)
|
||||
# if __has_include(<asm/hwprobe.h>)
|
||||
# define OSSL_RISCV_HWPROBE
|
||||
# endif
|
||||
# endif
|
||||
|
||||
# define RISCV_DEFINE_CAP(NAME, INDEX, BIT_INDEX, \
|
||||
HWPROBE_KEY, HWPROBE_VALUE) +1
|
||||
extern uint32_t OPENSSL_riscvcap_P[ ((
|
||||
# include "riscv_arch.def"
|
||||
) + sizeof(uint32_t) - 1) / sizeof(uint32_t) ];
|
||||
|
||||
# ifdef OPENSSL_RISCVCAP_IMPL
|
||||
# define RISCV_DEFINE_CAP(NAME, INDEX, BIT_INDEX) +1
|
||||
# define RISCV_DEFINE_CAP(NAME, INDEX, BIT_INDEX, \
|
||||
HWPROBE_KEY, HWPROBE_VALUE) +1
|
||||
uint32_t OPENSSL_riscvcap_P[ ((
|
||||
# include "riscv_arch.def"
|
||||
) + sizeof(uint32_t) - 1) / sizeof(uint32_t) ];
|
||||
# endif
|
||||
|
||||
# define RISCV_DEFINE_CAP(NAME, INDEX, BIT_INDEX) \
|
||||
# define RISCV_DEFINE_CAP(NAME, INDEX, BIT_INDEX, \
|
||||
HWPROBE_KEY, HWPROBE_VALUE) \
|
||||
static inline int RISCV_HAS_##NAME(void) \
|
||||
{ \
|
||||
return (OPENSSL_riscvcap_P[INDEX] & (1 << BIT_INDEX)) != 0; \
|
||||
|
@ -36,26 +45,50 @@ struct RISCV_capability_s {
|
|||
const char *name;
|
||||
size_t index;
|
||||
size_t bit_offset;
|
||||
# ifdef OSSL_RISCV_HWPROBE
|
||||
int32_t hwprobe_key;
|
||||
uint64_t hwprobe_value;
|
||||
# endif
|
||||
};
|
||||
|
||||
# define RISCV_DEFINE_CAP(NAME, INDEX, BIT_INDEX) +1
|
||||
# define RISCV_DEFINE_CAP(NAME, INDEX, BIT_INDEX, \
|
||||
OSSL_RISCV_HWPROBE_KEY, OSSL_RISCV_HWPROBE_VALUE) +1
|
||||
extern const struct RISCV_capability_s RISCV_capabilities[
|
||||
# include "riscv_arch.def"
|
||||
];
|
||||
|
||||
# ifdef OPENSSL_RISCVCAP_IMPL
|
||||
# define RISCV_DEFINE_CAP(NAME, INDEX, BIT_INDEX) \
|
||||
# ifdef OSSL_RISCV_HWPROBE
|
||||
# define RISCV_DEFINE_CAP(NAME, INDEX, BIT_INDEX, \
|
||||
HWPROBE_KEY, HWPROBE_VALUE) \
|
||||
{ #NAME, INDEX, BIT_INDEX, HWPROBE_KEY, HWPROBE_VALUE },
|
||||
# else
|
||||
# define RISCV_DEFINE_CAP(NAME, INDEX, BIT_INDEX, \
|
||||
HWPROBE_KEY, HWPROBE_VALUE) \
|
||||
{ #NAME, INDEX, BIT_INDEX },
|
||||
# endif
|
||||
const struct RISCV_capability_s RISCV_capabilities[] = {
|
||||
# include "riscv_arch.def"
|
||||
};
|
||||
# endif
|
||||
|
||||
# define RISCV_DEFINE_CAP(NAME, INDEX, BIT_INDEX) +1
|
||||
# define RISCV_DEFINE_CAP(NAME, INDEX, BIT_INDEX, \
|
||||
HWPROBE_KEY, HWPROBE_VALUE) +1
|
||||
static const size_t kRISCVNumCaps =
|
||||
# include "riscv_arch.def"
|
||||
;
|
||||
|
||||
# ifdef OSSL_RISCV_HWPROBE
|
||||
/*
|
||||
* Content is an array of { hwprobe_key, 0 } where
|
||||
* hwprobe_key is copied from asm/hwprobe.h.
|
||||
* It should be updated along with riscv_arch.def.
|
||||
*/
|
||||
# define OSSL_RISCV_HWPROBE_PAIR_COUNT 1
|
||||
# define OSSL_RISCV_HWPROBE_PAIR_CONTENT \
|
||||
{ 4, 0 },
|
||||
# endif
|
||||
|
||||
/* Extension combination tests. */
|
||||
#define RISCV_HAS_ZBB_AND_ZBC() (RISCV_HAS_ZBB() && RISCV_HAS_ZBC())
|
||||
#define RISCV_HAS_ZBKB_AND_ZKND_AND_ZKNE() (RISCV_HAS_ZBKB() && RISCV_HAS_ZKND() && RISCV_HAS_ZKNE())
|
||||
|
|
|
@ -0,0 +1,23 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||
<plist version="1.0">
|
||||
<dict>
|
||||
<key>NSPrivacyAccessedAPITypes</key>
|
||||
<array>
|
||||
<dict>
|
||||
<key>NSPrivacyAccessedAPIType</key>
|
||||
<string>NSPrivacyAccessedAPICategoryFileTimestamp</string>
|
||||
<key>NSPrivacyAccessedAPITypeReasons</key>
|
||||
<array>
|
||||
<string>C617.1</string>
|
||||
</array>
|
||||
</dict>
|
||||
</array>
|
||||
<key>NSPrivacyCollectedDataTypes</key>
|
||||
<array/>
|
||||
<key>NSPrivacyTrackingDomains</key>
|
||||
<array/>
|
||||
<key>NSPrivacyTracking</key>
|
||||
<false/>
|
||||
</dict>
|
||||
</plist>
|
|
@ -1914,10 +1914,13 @@ int tls_retry_write_records(OSSL_RECORD_LAYER *rl)
|
|||
else
|
||||
ret = OSSL_RECORD_RETURN_SUCCESS;
|
||||
} else {
|
||||
if (BIO_should_retry(rl->bio))
|
||||
if (BIO_should_retry(rl->bio)) {
|
||||
ret = OSSL_RECORD_RETURN_RETRY;
|
||||
else
|
||||
} else {
|
||||
ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
|
||||
"tls_retry_write_records failure");
|
||||
ret = OSSL_RECORD_RETURN_FATAL;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_BIO_NOT_SET);
|
||||
|
|
|
@ -2603,7 +2603,8 @@ ossl_ssize_t SSL_sendfile(SSL *s, int fd, off_t offset, size_t size, int flags)
|
|||
BIO_set_retry_write(sc->wbio);
|
||||
else
|
||||
#endif
|
||||
ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
|
||||
ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
|
||||
"ktls_sendfile failure");
|
||||
return ret;
|
||||
}
|
||||
sc->rwstate = SSL_NOTHING;
|
||||
|
|
|
@ -979,8 +979,12 @@ EXT_RETURN tls_construct_ctos_padding(SSL_CONNECTION *s, WPACKET *pkt,
|
|||
* Add the fixed PSK overhead, the identity length and the binder
|
||||
* length.
|
||||
*/
|
||||
int md_size = EVP_MD_get_size(md);
|
||||
|
||||
if (md_size <= 0)
|
||||
return EXT_RETURN_FAIL;
|
||||
hlen += PSK_PRE_BINDER_OVERHEAD + s->session->ext.ticklen
|
||||
+ EVP_MD_get_size(md);
|
||||
+ md_size;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1019,7 +1023,8 @@ EXT_RETURN tls_construct_ctos_psk(SSL_CONNECTION *s, WPACKET *pkt,
|
|||
{
|
||||
#ifndef OPENSSL_NO_TLS1_3
|
||||
uint32_t agesec, agems = 0;
|
||||
size_t reshashsize = 0, pskhashsize = 0, binderoffset, msglen;
|
||||
size_t binderoffset, msglen;
|
||||
int reshashsize = 0, pskhashsize = 0;
|
||||
unsigned char *resbinder = NULL, *pskbinder = NULL, *msgstart = NULL;
|
||||
const EVP_MD *handmd = NULL, *mdres = NULL, *mdpsk = NULL;
|
||||
int dores = 0;
|
||||
|
@ -1115,6 +1120,8 @@ EXT_RETURN tls_construct_ctos_psk(SSL_CONNECTION *s, WPACKET *pkt,
|
|||
agems += s->session->ext.tick_age_add;
|
||||
|
||||
reshashsize = EVP_MD_get_size(mdres);
|
||||
if (reshashsize <= 0)
|
||||
goto dopsksess;
|
||||
s->ext.tick_identity++;
|
||||
dores = 1;
|
||||
}
|
||||
|
@ -1144,6 +1151,10 @@ EXT_RETURN tls_construct_ctos_psk(SSL_CONNECTION *s, WPACKET *pkt,
|
|||
}
|
||||
|
||||
pskhashsize = EVP_MD_get_size(mdpsk);
|
||||
if (pskhashsize <= 0) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_PSK);
|
||||
return EXT_RETURN_FAIL;
|
||||
}
|
||||
}
|
||||
|
||||
/* Create the extension, but skip over the binder for now */
|
||||
|
|
|
@ -1020,7 +1020,8 @@ int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
|
|||
X509 *x, size_t chainidx)
|
||||
{
|
||||
PACKET identities, binders, binder;
|
||||
size_t binderoffset, hashsize;
|
||||
size_t binderoffset;
|
||||
int hashsize;
|
||||
SSL_SESSION *sess = NULL;
|
||||
unsigned int id, i, ext = 0;
|
||||
const EVP_MD *md = NULL;
|
||||
|
@ -1221,6 +1222,8 @@ int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
|
|||
|
||||
binderoffset = PACKET_data(pkt) - (const unsigned char *)s->init_buf->data;
|
||||
hashsize = EVP_MD_get_size(md);
|
||||
if (hashsize <= 0)
|
||||
goto err;
|
||||
|
||||
if (!PACKET_get_length_prefixed_2(pkt, &binders)) {
|
||||
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);
|
||||
|
@ -1234,7 +1237,7 @@ int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
|
|||
}
|
||||
}
|
||||
|
||||
if (PACKET_remaining(&binder) != hashsize) {
|
||||
if (PACKET_remaining(&binder) != (size_t)hashsize) {
|
||||
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);
|
||||
goto err;
|
||||
}
|
||||
|
|
|
@ -4,6 +4,7 @@
|
|||
#
|
||||
OPENSSL_ia32cap environment
|
||||
OPENSSL_s390xcap environment
|
||||
OPENSSL_riscvcap environment
|
||||
OPENSSL_MALLOC_FD environment
|
||||
OPENSSL_MALLOC_FAILURES environment
|
||||
OPENSSL_instrument_bus assembler
|
||||
|
|
Loading…
Reference in New Issue