Merge b4e7fe645e into 933f57dfe2

Record the errno when we get a syscall failure in
tls_retry_write_records

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23723)

crypto/conf/conf_mod.c

@@ -368,7 +368,6 @@ static CONF_MODULE *module_add(DSO *dso, const char *name,
 
  err:
     ossl_rcu_write_unlock(module_list_lock);
-    sk_CONF_MODULE_free(new_modules);
     if (tmod != NULL) {
         OPENSSL_free(tmod->name);
         OPENSSL_free(tmod);

crypto/hashtable/hashtable.c

@@ -230,7 +230,8 @@ HT *ossl_ht_new(HT_CONFIG *conf)
 err:
     CRYPTO_THREAD_lock_free(new->atomic_lock);
     ossl_rcu_lock_free(new->lock);
-    OPENSSL_free(new->md->neighborhood_ptr_to_free);
+    if (new->md != NULL)
+        OPENSSL_free(new->md->neighborhood_ptr_to_free);
     OPENSSL_free(new->md);
     OPENSSL_free(new);
     return NULL;

crypto/info.c

@@ -21,6 +21,9 @@
 #elif defined(__s390__) || defined(__s390x__)
 # include "s390x_arch.h"
 # define CPU_INFO_STR_LEN 2048
+#elif defined(__riscv)
+# include "crypto/riscv_arch.h"
+# define CPU_INFO_STR_LEN 2048
 #else
 # define CPU_INFO_STR_LEN 128
 #endif
@@ -98,6 +101,33 @@ DEFINE_RUN_ONCE_STATIC(init_info_strings)
         BIO_snprintf(ossl_cpu_info_str + strlen(ossl_cpu_info_str),
                      sizeof(ossl_cpu_info_str) - strlen(ossl_cpu_info_str),
                      " env:%s", env);
+# elif defined(__riscv)
+    const char *env;
+    char sep = '=';
+
+    BIO_snprintf(ossl_cpu_info_str, sizeof(ossl_cpu_info_str),
+                 CPUINFO_PREFIX "OPENSSL_riscvcap");
+    for (size_t i = 0; i < kRISCVNumCaps; ++i) {
+        if (OPENSSL_riscvcap_P[RISCV_capabilities[i].index] &
+            (1 << RISCV_capabilities[i].bit_offset)) {
+            /* Match, display the name */
+            BIO_snprintf(ossl_cpu_info_str + strlen(ossl_cpu_info_str),
+                         sizeof(ossl_cpu_info_str) - strlen(ossl_cpu_info_str),
+                         "%c%s", sep, RISCV_capabilities[i].name);
+            /* Only the first sep is '=' */
+            sep = '_';
+        }
+    }
+    /* If no capability is found, add back the = */
+    if (sep == '=') {
+        BIO_snprintf(ossl_cpu_info_str + strlen(ossl_cpu_info_str),
+                     sizeof(ossl_cpu_info_str) - strlen(ossl_cpu_info_str),
+                     "%c", sep);
+    }
+    if ((env = getenv("OPENSSL_riscvcap")) != NULL)
+        BIO_snprintf(ossl_cpu_info_str + strlen(ossl_cpu_info_str),
+                     sizeof(ossl_cpu_info_str) - strlen(ossl_cpu_info_str),
+                     " env:%s", env);
 # endif
 #endif
 

crypto/riscvcap.c

@@ -17,6 +17,12 @@
 #define OPENSSL_RISCVCAP_IMPL
 #include "crypto/riscv_arch.h"
 
+#ifdef OSSL_RISCV_HWPROBE
+# include <unistd.h>
+# include <sys/syscall.h>
+# include <asm/hwprobe.h>
+#endif
+
 extern size_t riscv_vlen_asm(void);
 
 static void parse_env(const char *envstr);
@@ -71,6 +77,38 @@ static void parse_env(const char *envstr)
     }
 }
 
+#ifdef OSSL_RISCV_HWPROBE
+static long __riscv_hwprobe(struct riscv_hwprobe *pairs, size_t pair_count,
+                            size_t cpu_count, unsigned long *cpus,
+                            unsigned int flags)
+{
+    return syscall(__NR_riscv_hwprobe, pairs, pair_count, cpu_count, cpus, flags);
+}
+
+static void hwprobe_to_cap()
+{
+    long ret;
+    struct riscv_hwprobe pairs[OSSL_RISCV_HWPROBE_PAIR_COUNT] = {
+        OSSL_RISCV_HWPROBE_PAIR_CONTENT
+    };
+
+    ret = __riscv_hwprobe(pairs, OSSL_RISCV_HWPROBE_PAIR_COUNT, 0, NULL, 0);
+    /* if hwprobe syscall does not exist, ret would be -ENOSYS */
+    if (!ret) {
+        for (size_t i = 0; i < kRISCVNumCaps; ++i) {
+            for (size_t j = 0; j != OSSL_RISCV_HWPROBE_PAIR_COUNT; ++j) {
+                if (pairs[j].key == RISCV_capabilities[i].hwprobe_key
+                        && (pairs[j].value & RISCV_capabilities[i].hwprobe_value)
+                           != 0)
+                    /* Match, set relevant bit in OPENSSL_riscvcap_P[] */
+                    OPENSSL_riscvcap_P[RISCV_capabilities[i].index] |=
+                        (1 << RISCV_capabilities[i].bit_offset);
+            }
+        }
+    }
+}
+#endif /* OSSL_RISCV_HWPROBE */
+
 size_t riscv_vlen(void)
 {
     return vlen;
@@ -91,6 +129,11 @@ void OPENSSL_cpuid_setup(void)
     if ((e = getenv("OPENSSL_riscvcap"))) {
         parse_env(e);
     }
+#ifdef OSSL_RISCV_HWPROBE
+    else {
+        hwprobe_to_cap();
+    }
+#endif
 
     if (RISCV_HAS_V()) {
         vlen = riscv_vlen_asm();

crypto/x509/by_store.c

@@ -111,14 +111,7 @@ static int by_store_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argp,
 {
     switch (cmd) {
     case X509_L_ADD_STORE:
-        /* If no URI is given, use the default cert dir as default URI */
-        if (argp == NULL)
-            argp = ossl_safe_getenv(X509_get_default_cert_dir_env());
-
-        if (argp == NULL)
-            argp = X509_get_default_cert_dir();
-
-        {
+        if (argp != NULL) {
             STACK_OF(OPENSSL_STRING) *uris = X509_LOOKUP_get_method_data(ctx);
             char *data = OPENSSL_strdup(argp);
 
@@ -131,12 +124,15 @@ static int by_store_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argp,
             }
             return sk_OPENSSL_STRING_push(uris, data) > 0;
         }
+        /* NOP if no URI is given. */
+        return 1;
     case X509_L_LOAD_STORE:
         /* This is a shortcut for quick loading of specific containers */
         return cache_objects(ctx, argp, NULL, 0, libctx, propq);
+    default:
+        /* Unsupported command */
+        return 0;
     }
-
-    return 0;
 }
 
 static int by_store_ctrl(X509_LOOKUP *ctx, int cmd,

crypto/x509/x509_d2.c

@@ -30,6 +30,11 @@ int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
     lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_store());
     if (lookup == NULL)
         return 0;
+    /*
+     * The NULL URI argument will activate any default URIs (presently none),
+     * DO NOT pass the default CApath or CAfile, they're already handled above,
+     * likely much more efficiently.
+     */
     X509_LOOKUP_add_store_ex(lookup, NULL, libctx, propq);
 
     /* clear any errors */

doc/build.info

@@ -1571,6 +1571,10 @@ DEPEND[html/man3/OPENSSL_malloc.html]=man3/OPENSSL_malloc.pod
 GENERATE[html/man3/OPENSSL_malloc.html]=man3/OPENSSL_malloc.pod
 DEPEND[man/man3/OPENSSL_malloc.3]=man3/OPENSSL_malloc.pod
 GENERATE[man/man3/OPENSSL_malloc.3]=man3/OPENSSL_malloc.pod
+DEPEND[html/man3/OPENSSL_riscvcap.html]=man3/OPENSSL_riscvcap.pod
+GENERATE[html/man3/OPENSSL_riscvcap.html]=man3/OPENSSL_riscvcap.pod
+DEPEND[man/man3/OPENSSL_riscvcap.3]=man3/OPENSSL_riscvcap.pod
+GENERATE[man/man3/OPENSSL_riscvcap.3]=man3/OPENSSL_riscvcap.pod
 DEPEND[html/man3/OPENSSL_s390xcap.html]=man3/OPENSSL_s390xcap.pod
 GENERATE[html/man3/OPENSSL_s390xcap.html]=man3/OPENSSL_s390xcap.pod
 DEPEND[man/man3/OPENSSL_s390xcap.3]=man3/OPENSSL_s390xcap.pod
@@ -3352,6 +3356,7 @@ html/man3/OPENSSL_init_ssl.html \
 html/man3/OPENSSL_instrument_bus.html \
 html/man3/OPENSSL_load_builtin_modules.html \
 html/man3/OPENSSL_malloc.html \
+html/man3/OPENSSL_riscvcap.html \
 html/man3/OPENSSL_s390xcap.html \
 html/man3/OPENSSL_secure_malloc.html \
 html/man3/OPENSSL_strcasecmp.html \
@@ -4004,6 +4009,7 @@ man/man3/OPENSSL_init_ssl.3 \
 man/man3/OPENSSL_instrument_bus.3 \
 man/man3/OPENSSL_load_builtin_modules.3 \
 man/man3/OPENSSL_malloc.3 \
+man/man3/OPENSSL_riscvcap.3 \
 man/man3/OPENSSL_s390xcap.3 \
 man/man3/OPENSSL_secure_malloc.3 \
 man/man3/OPENSSL_strcasecmp.3 \

doc/man1/openssl.pod

@@ -700,7 +700,7 @@ For information about the use of environment variables in configuration,
 see L<config(5)/ENVIRONMENT>.
 
 For information about querying or specifying CPU architecture flags, see
-L<OPENSSL_ia32cap(3)>, and L<OPENSSL_s390xcap(3)>.
+L<OPENSSL_ia32cap(3)>, L<OPENSSL_s390xcap(3)> and L<OPENSSL_riscvcap(3)>.
 
 For information about all environment variables used by the OpenSSL libraries,
 see L<openssl-env(7)>.

doc/man3/OPENSSL_riscvcap.pod

@@ -0,0 +1,211 @@
+=pod
+
+=head1 NAME
+
+OPENSSL_riscvcap - the RISC-V processor capabilities vector
+
+=head1 SYNOPSIS
+
+ env OPENSSL_riscvcap=... <application>
+
+=head1 DESCRIPTION
+
+libcrypto supports RISC-V instruction set extensions. These
+extensions are denoted by individual extension names in the capabilities
+vector. For Linux platform, when libcrypto is initialized, the results
+returned by the RISC-V Hardware Probing syscall (hwprobe) are stored
+in the vector. Otherwise all capabilities are disabled.
+
+To override the set of instructions available to an application, you can
+set the B<OPENSSL_riscvcap> environment variable before you start the
+application.
+
+The environment variable is similar to the RISC-V ISA string defined in the
+RISC-V Instruction Set Manual. It is case insensitive. Though due to the limit
+of the environment variable parser inside libcrypto, an extension must be
+prefixed with an underscore to make it recognizable. This also applies to the
+Vector extension.
+
+ OPENSSL_riscvcap="rv64gc_v_zba_zbb_zbs..."
+
+Note that extension implication is currently not implemented.
+For example, when "rv64gc_b" is provided as the environment variable,
+zba/zbb/zbs would not be implied in the capability vector.
+
+Currently only these extensions are recognized:
+
+=over 4
+
+=item ZBA
+
+Address Generation
+
+Could be detected using hwprobe for Linux kernel >= 6.5
+
+=item ZBB
+
+Basic bit-manipulation
+
+Could be detected using hwprobe for Linux kernel >= 6.5
+
+=item ZBC
+
+Carry-less multiplication
+
+Could be detected using hwprobe for Linux kernel >= 6.8
+
+=item ZBS
+
+Single-bit instructions
+
+Could be detected using hwprobe for Linux kernel >= 6.5
+
+=item ZBKB
+
+Bit-manipulation for Cryptography
+
+Could be detected using hwprobe for Linux kernel >= 6.8
+
+=item ZBKC
+
+Carry-less multiplication for Cryptography
+
+Could be detected using hwprobe for Linux kernel >= 6.8
+
+=item ZBKX
+
+Crossbar permutations
+
+Could be detected using hwprobe for Linux kernel >= 6.8
+
+=item ZKND
+
+NIST Suite: AES Decryption
+
+Could be detected using hwprobe for Linux kernel >= 6.8
+
+=item ZKNE
+
+NIST Suite: AES Encryption
+
+Could be detected using hwprobe for Linux kernel >= 6.8
+
+=item ZKNH
+
+NIST Suite: Hash Function Instructions
+
+Could be detected using hwprobe for Linux kernel >= 6.8
+
+=item ZKSED
+
+ShangMi Suite: SM4 Block Cipher Instructions
+
+Could be detected using hwprobe for Linux kernel >= 6.8
+
+=item ZKSH
+
+ShangMi Suite: SM3 Hash Function Instructions
+
+Could be detected using hwprobe for Linux kernel >= 6.8
+
+=item ZKR
+
+Entropy Source Extension
+
+=item ZKT
+
+Data Independent Execution Latency
+
+Could be detected using hwprobe for Linux kernel >= 6.8
+
+=item V
+
+Vector Extention for Application Processors
+
+Could be detected using hwprobe for Linux kernel >= 6.5
+
+=item ZVBB
+
+Vector Basic Bit-manipulation
+
+Could be detected using hwprobe for Linux kernel >= 6.8
+
+=item ZVBC
+
+Vector Carryless Multiplication
+
+Could be detected using hwprobe for Linux kernel >= 6.8
+
+=item ZVKB
+
+Vector Cryptography Bit-manipulation
+
+Could be detected using hwprobe for Linux kernel >= 6.8
+
+=item ZVKG
+
+Vector GCM/GMAC
+
+Could be detected using hwprobe for Linux kernel >= 6.8
+
+=item ZVKNED
+
+NIST Suite: Vector AES Block Cipher
+
+Could be detected using hwprobe for Linux kernel >= 6.8
+
+=item ZVKNHA
+
+NIST Suite: Vector SHA-2 Secure Hash
+
+Could be detected using hwprobe for Linux kernel >= 6.8
+
+=item ZVKNHB
+
+NIST Suite: Vector SHA-2 Secure Hash
+
+Could be detected using hwprobe for Linux kernel >= 6.8
+
+=item ZVKSED
+
+ShangMi Suite: SM4 Block Cipher
+
+Could be detected using hwprobe for Linux kernel >= 6.8
+
+=item ZVKSH
+
+ShangMi Suite: SM3 Secure Hash
+
+Could be detected using hwprobe for Linux kernel >= 6.8
+
+=back
+
+=head1 RETURN VALUES
+
+Not available.
+
+=head1 EXAMPLES
+
+Check currently detected capabilities
+
+ $ openssl info -cpusettings
+ OPENSSL_riscvcap=ZBA_ZBB_ZBC_ZBS_V
+
+Disables all instruction set extensions:
+
+ OPENSSL_riscvcap="rv64gc"
+
+Only enable the vector extension:
+
+ OPENSSL_riscvcap="rv64gc_v"
+
+=head1 COPYRIGHT
+
+Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut

doc/man7/openssl-env.pod

@@ -80,7 +80,7 @@ OpenSSL supports a number of different algorithm implementations for
 various machines and, by default, it determines which to use based on the
 processor capabilities and run time feature enquiry.  These environment
 variables can be used to exert more control over this selection process.
-See L<OPENSSL_ia32cap(3)>, L<OPENSSL_s390xcap(3)>.
+See L<OPENSSL_ia32cap(3)>, L<OPENSSL_s390xcap(3)> and L<OPENSSL_riscvcap(3)>.
 
 =item B<NO_PROXY>, B<HTTPS_PROXY>, B<HTTP_PROXY>
 

include/crypto/riscv_arch.def

@@ -16,37 +16,45 @@
  * second argument as the index in the array where the capability will be stored
  * and third argument as the index of the bit to be used to encode the
  * capability.
- * RISCV_DEFINE_CAP(EXTENSION NAME, array index, bit index) */
+ *
+ * The fourth and the fifth arguments are copied from linux header asm/hwprobe.h.
+ * Directly coping values instead of macro names comes from the fact
+ * that an old version may lack definition of some macro.
+ * When there is no hwprobe key/value pair for a capability, the key is set to -1
+ * and the value is set to 0, as when the hwprobe syscall returns a key of -1,
+ * the value is set to 0 and the corresponding capability would not be enabled.
+ *
+ * RISCV_DEFINE_CAP(EXTENSION NAME, array index, bit index, hwprobe key, hwprobe value) */
 
-RISCV_DEFINE_CAP(ZBA, 0, 0)
-RISCV_DEFINE_CAP(ZBB, 0, 1)
-RISCV_DEFINE_CAP(ZBC, 0, 2)
-RISCV_DEFINE_CAP(ZBS, 0, 3)
-RISCV_DEFINE_CAP(ZBKB, 0, 4)
-RISCV_DEFINE_CAP(ZBKC, 0, 5)
-RISCV_DEFINE_CAP(ZBKX, 0, 6)
-RISCV_DEFINE_CAP(ZKND, 0, 7)
-RISCV_DEFINE_CAP(ZKNE, 0, 8)
-RISCV_DEFINE_CAP(ZKNH, 0, 9)
-RISCV_DEFINE_CAP(ZKSED, 0, 10)
-RISCV_DEFINE_CAP(ZKSH, 0, 11)
-RISCV_DEFINE_CAP(ZKR, 0, 12)
-RISCV_DEFINE_CAP(ZKT, 0, 13)
-RISCV_DEFINE_CAP(V, 0, 14)
-RISCV_DEFINE_CAP(ZVBB, 0, 15)
-RISCV_DEFINE_CAP(ZVBC, 0, 16)
-RISCV_DEFINE_CAP(ZVKB, 0, 17)
-RISCV_DEFINE_CAP(ZVKG, 0, 18)
-RISCV_DEFINE_CAP(ZVKNED, 0, 19)
-RISCV_DEFINE_CAP(ZVKNHA, 0, 20)
-RISCV_DEFINE_CAP(ZVKNHB, 0, 21)
-RISCV_DEFINE_CAP(ZVKSED, 0, 22)
-RISCV_DEFINE_CAP(ZVKSH, 0, 23)
+RISCV_DEFINE_CAP(ZBA, 0, 0, 4, (1 << 3))
+RISCV_DEFINE_CAP(ZBB, 0, 1, 4, (1 << 4))
+RISCV_DEFINE_CAP(ZBC, 0, 2, 4, (1 << 7))
+RISCV_DEFINE_CAP(ZBS, 0, 3, 4, (1 << 5))
+RISCV_DEFINE_CAP(ZBKB, 0, 4, 4, (1 << 8))
+RISCV_DEFINE_CAP(ZBKC, 0, 5, 4, (1 << 9))
+RISCV_DEFINE_CAP(ZBKX, 0, 6, 4, (1 << 10))
+RISCV_DEFINE_CAP(ZKND, 0, 7, 4, (1 << 11))
+RISCV_DEFINE_CAP(ZKNE, 0, 8, 4, (1 << 12))
+RISCV_DEFINE_CAP(ZKNH, 0, 9, 4, (1 << 13))
+RISCV_DEFINE_CAP(ZKSED, 0, 10, 4, (1 << 14))
+RISCV_DEFINE_CAP(ZKSH, 0, 11, 4, (1 << 15))
+RISCV_DEFINE_CAP(ZKR, 0, 12, -1, 0)
+RISCV_DEFINE_CAP(ZKT, 0, 13, 4, (1 << 16))
+RISCV_DEFINE_CAP(V, 0, 14, 4, (1 << 2))
+RISCV_DEFINE_CAP(ZVBB, 0, 15, 4, (1 << 17))
+RISCV_DEFINE_CAP(ZVBC, 0, 16, 4, (1 << 18))
+RISCV_DEFINE_CAP(ZVKB, 0, 17, 4, (1 << 19))
+RISCV_DEFINE_CAP(ZVKG, 0, 18, 4, (1 << 20))
+RISCV_DEFINE_CAP(ZVKNED, 0, 19, 4, (1 << 21))
+RISCV_DEFINE_CAP(ZVKNHA, 0, 20, 4, (1 << 22))
+RISCV_DEFINE_CAP(ZVKNHB, 0, 21, 4, (1 << 23))
+RISCV_DEFINE_CAP(ZVKSED, 0, 22, 4, (1 << 24))
+RISCV_DEFINE_CAP(ZVKSH, 0, 23, 4, (1 << 25))
 
 /*
  * In the future ...
- * RISCV_DEFINE_CAP(ZFOO, 0, 31)
- * RISCV_DEFINE_CAP(ZBAR, 1, 0)
+ * RISCV_DEFINE_CAP(ZFOO, 0, 31, ..., ...)
+ * RISCV_DEFINE_CAP(ZBAR, 1, 0, ..., ...)
  * ... and so on.
  */
 

include/crypto/riscv_arch.h

@@ -13,19 +13,28 @@
 # include <ctype.h>
 # include <stdint.h>
 
-# define RISCV_DEFINE_CAP(NAME, INDEX, BIT_INDEX) +1
+# if defined(OPENSSL_SYS_LINUX) && !defined(FIPS_MODULE)
+#  if __has_include(<asm/hwprobe.h>)
+#   define OSSL_RISCV_HWPROBE
+#  endif
+# endif
+
+# define RISCV_DEFINE_CAP(NAME, INDEX, BIT_INDEX, \
+                          HWPROBE_KEY, HWPROBE_VALUE) +1
 extern uint32_t OPENSSL_riscvcap_P[ ((
 # include "riscv_arch.def"
 ) + sizeof(uint32_t) - 1) / sizeof(uint32_t) ];
 
 # ifdef OPENSSL_RISCVCAP_IMPL
-#  define RISCV_DEFINE_CAP(NAME, INDEX, BIT_INDEX) +1
+#  define RISCV_DEFINE_CAP(NAME, INDEX, BIT_INDEX, \
+                           HWPROBE_KEY, HWPROBE_VALUE) +1
 uint32_t OPENSSL_riscvcap_P[ ((
 #  include "riscv_arch.def"
 ) + sizeof(uint32_t) - 1) / sizeof(uint32_t) ];
 # endif
 
-# define RISCV_DEFINE_CAP(NAME, INDEX, BIT_INDEX)                   \
+# define RISCV_DEFINE_CAP(NAME, INDEX, BIT_INDEX,                   \
+                          HWPROBE_KEY, HWPROBE_VALUE)               \
     static inline int RISCV_HAS_##NAME(void)                        \
     {                                                               \
         return (OPENSSL_riscvcap_P[INDEX] & (1 << BIT_INDEX)) != 0; \
@@ -36,26 +45,50 @@ struct RISCV_capability_s {
     const char *name;
     size_t index;
     size_t bit_offset;
+# ifdef OSSL_RISCV_HWPROBE
+    int32_t hwprobe_key;
+    uint64_t hwprobe_value;
+# endif
 };
 
-# define RISCV_DEFINE_CAP(NAME, INDEX, BIT_INDEX) +1
+# define RISCV_DEFINE_CAP(NAME, INDEX, BIT_INDEX, \
+                          OSSL_RISCV_HWPROBE_KEY, OSSL_RISCV_HWPROBE_VALUE) +1
 extern const struct RISCV_capability_s RISCV_capabilities[
 # include "riscv_arch.def"
 ];
 
 # ifdef OPENSSL_RISCVCAP_IMPL
-#  define RISCV_DEFINE_CAP(NAME, INDEX, BIT_INDEX) \
+#  ifdef OSSL_RISCV_HWPROBE
+#  define RISCV_DEFINE_CAP(NAME, INDEX, BIT_INDEX,     \
+                           HWPROBE_KEY, HWPROBE_VALUE) \
+    { #NAME, INDEX, BIT_INDEX, HWPROBE_KEY, HWPROBE_VALUE },
+#  else
+#  define RISCV_DEFINE_CAP(NAME, INDEX, BIT_INDEX,     \
+                           HWPROBE_KEY, HWPROBE_VALUE) \
     { #NAME, INDEX, BIT_INDEX },
+#  endif
 const struct RISCV_capability_s RISCV_capabilities[] = {
 #  include "riscv_arch.def"
 };
 # endif
 
-# define RISCV_DEFINE_CAP(NAME, INDEX, BIT_INDEX) +1
+# define RISCV_DEFINE_CAP(NAME, INDEX, BIT_INDEX, \
+                          HWPROBE_KEY, HWPROBE_VALUE) +1
 static const size_t kRISCVNumCaps =
 # include "riscv_arch.def"
 ;
 
+# ifdef OSSL_RISCV_HWPROBE
+/*
+ * Content is an array of { hwprobe_key, 0 } where
+ * hwprobe_key is copied from asm/hwprobe.h.
+ * It should be updated along with riscv_arch.def.
+ */
+#  define OSSL_RISCV_HWPROBE_PAIR_COUNT 1
+#  define OSSL_RISCV_HWPROBE_PAIR_CONTENT \
+   { 4, 0 },
+# endif
+
 /* Extension combination tests. */
 #define RISCV_HAS_ZBB_AND_ZBC() (RISCV_HAS_ZBB() && RISCV_HAS_ZBC())
 #define RISCV_HAS_ZBKB_AND_ZKND_AND_ZKNE() (RISCV_HAS_ZBKB() && RISCV_HAS_ZKND() && RISCV_HAS_ZKNE())

os-dep/Apple/PrivacyInfo.xcprivacy

@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>NSPrivacyAccessedAPITypes</key>
+	<array>
+		<dict>
+			<key>NSPrivacyAccessedAPIType</key>
+			<string>NSPrivacyAccessedAPICategoryFileTimestamp</string>
+			<key>NSPrivacyAccessedAPITypeReasons</key>
+			<array>
+				<string>C617.1</string>
+			</array>
+		</dict>
+	</array>
+	<key>NSPrivacyCollectedDataTypes</key>
+	<array/>
+	<key>NSPrivacyTrackingDomains</key>
+	<array/>
+	<key>NSPrivacyTracking</key>
+	<false/>
+</dict>
+</plist>

ssl/record/methods/tls_common.c

@@ -1914,10 +1914,13 @@ int tls_retry_write_records(OSSL_RECORD_LAYER *rl)
                 else
                     ret = OSSL_RECORD_RETURN_SUCCESS;
             } else {
-                if (BIO_should_retry(rl->bio))
+                if (BIO_should_retry(rl->bio)) {
                     ret = OSSL_RECORD_RETURN_RETRY;
-                else
+                } else {
+                    ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
+                                   "tls_retry_write_records failure");
                     ret = OSSL_RECORD_RETURN_FATAL;
+                }
             }
         } else {
             RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_BIO_NOT_SET);

ssl/ssl_lib.c

@@ -2603,7 +2603,8 @@ ossl_ssize_t SSL_sendfile(SSL *s, int fd, off_t offset, size_t size, int flags)
             BIO_set_retry_write(sc->wbio);
         else
 #endif
-            ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
+            ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
+                           "ktls_sendfile failure");
         return ret;
     }
     sc->rwstate = SSL_NOTHING;

ssl/statem/extensions_clnt.c

@@ -979,8 +979,12 @@ EXT_RETURN tls_construct_ctos_padding(SSL_CONNECTION *s, WPACKET *pkt,
              * Add the fixed PSK overhead, the identity length and the binder
              * length.
              */
+            int md_size = EVP_MD_get_size(md);
+
+            if (md_size <= 0)
+                return EXT_RETURN_FAIL;
             hlen +=  PSK_PRE_BINDER_OVERHEAD + s->session->ext.ticklen
-                     + EVP_MD_get_size(md);
+                     + md_size;
         }
     }
 
@@ -1019,7 +1023,8 @@ EXT_RETURN tls_construct_ctos_psk(SSL_CONNECTION *s, WPACKET *pkt,
 {
 #ifndef OPENSSL_NO_TLS1_3
     uint32_t agesec, agems = 0;
-    size_t reshashsize = 0, pskhashsize = 0, binderoffset, msglen;
+    size_t binderoffset, msglen;
+    int reshashsize = 0, pskhashsize = 0;
     unsigned char *resbinder = NULL, *pskbinder = NULL, *msgstart = NULL;
     const EVP_MD *handmd = NULL, *mdres = NULL, *mdpsk = NULL;
     int dores = 0;
@@ -1115,6 +1120,8 @@ EXT_RETURN tls_construct_ctos_psk(SSL_CONNECTION *s, WPACKET *pkt,
         agems += s->session->ext.tick_age_add;
 
         reshashsize = EVP_MD_get_size(mdres);
+        if (reshashsize <= 0)
+            goto dopsksess;
         s->ext.tick_identity++;
         dores = 1;
     }
@@ -1144,6 +1151,10 @@ EXT_RETURN tls_construct_ctos_psk(SSL_CONNECTION *s, WPACKET *pkt,
         }
 
         pskhashsize = EVP_MD_get_size(mdpsk);
+        if (pskhashsize <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_PSK);
+            return EXT_RETURN_FAIL;
+        }
     }
 
     /* Create the extension, but skip over the binder for now */

ssl/statem/extensions_srvr.c

@@ -1020,7 +1020,8 @@ int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
                        X509 *x, size_t chainidx)
 {
     PACKET identities, binders, binder;
-    size_t binderoffset, hashsize;
+    size_t binderoffset;
+    int hashsize;
     SSL_SESSION *sess = NULL;
     unsigned int id, i, ext = 0;
     const EVP_MD *md = NULL;
@@ -1221,6 +1222,8 @@ int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
 
     binderoffset = PACKET_data(pkt) - (const unsigned char *)s->init_buf->data;
     hashsize = EVP_MD_get_size(md);
+    if (hashsize <= 0)
+        goto err;
 
     if (!PACKET_get_length_prefixed_2(pkt, &binders)) {
         SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);
@@ -1234,7 +1237,7 @@ int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
         }
     }
 
-    if (PACKET_remaining(&binder) != hashsize) {
+    if (PACKET_remaining(&binder) != (size_t)hashsize) {
         SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);
         goto err;
     }

util/other.syms

@@ -4,6 +4,7 @@
 #
 OPENSSL_ia32cap                         environment
 OPENSSL_s390xcap                        environment
+OPENSSL_riscvcap                        environment
 OPENSSL_MALLOC_FD                       environment
 OPENSSL_MALLOC_FAILURES                 environment
 OPENSSL_instrument_bus                  assembler