#
a75d6263 |
| 26-Aug-2024 |
Ingo Franzki |
s390x: Disable HMAC hardware acceleration when an engine is used for the digest The TLSProxy uses the 'ossltest' engine to produce known output for digests and HMAC calls. However, when
s390x: Disable HMAC hardware acceleration when an engine is used for the digest The TLSProxy uses the 'ossltest' engine to produce known output for digests and HMAC calls. However, when running on a s390x system that supports hardware acceleration of HMAC, the engine is not used for calculating HMACs, but the s390x specific HMAC implementation is used, which does produce correct output, but not the known output that the engine would produce. This causes some tests (i.e. test_key_share, test_sslextension, test_sslrecords, test_sslvertol, and test_tlsextms) to fail. Disable the s390x HMAC hardware acceleration if an engine is used for the digest of the HMAC calculation. This provides compatibility for engines that provide digest implementations, and assume that these implementations are also used when calculating an HMAC. Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25287)
show more ...
|
#
d5b3c0e2 |
| 28-Aug-2024 |
Ingo Franzki |
s390x: Fix HMAC digest detection Use EVP_MD_is_a() instead of EVP_MD_get_type() to detect the digest type. EVP_MD_get_type() does not always return the expected NID, e.g. when runnin
s390x: Fix HMAC digest detection Use EVP_MD_is_a() instead of EVP_MD_get_type() to detect the digest type. EVP_MD_get_type() does not always return the expected NID, e.g. when running in the FIPS provider, EVP_MD_get_type() returns zero, causing to skip the HMAC acceleration path. Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25304)
show more ...
|
#
19b87d2d |
| 20-Aug-2024 |
Ingo Franzki |
s390x: Fix memory leak in s390x_HMAC_CTX_copy() When s390x_HMAC_CTX_copy() is called, but the destination context already has a buffer allocated, it is not freed before duplicating the b
s390x: Fix memory leak in s390x_HMAC_CTX_copy() When s390x_HMAC_CTX_copy() is called, but the destination context already has a buffer allocated, it is not freed before duplicating the buffer from the source context. Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/25238)
show more ...
|
#
0499de5a |
| 01-Feb-2024 |
Ingo Franzki |
s390x: Add hardware acceleration for HMAC The CPACF instruction KMAC provides support for accelerating the HMAC algorithm on newer machines for HMAC with SHA-224, SHA-256, SHA-384, and
s390x: Add hardware acceleration for HMAC The CPACF instruction KMAC provides support for accelerating the HMAC algorithm on newer machines for HMAC with SHA-224, SHA-256, SHA-384, and SHA-512. Preliminary measurements showed performance improvements of up to a factor of 2, dependent on the message size, whether chunking is used and the size of the chunks. Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25161)
show more ...
|