The TLSProxy uses the 'ossltest' engine to produce known output for digests
and HMAC calls. However, when running on a s390x system that supports
hardware acceleration of HMAC, the engine is not used for calculating HMACs,
but the s390x specific HMAC implementation is used, which does produce correct
output, but not the known output that the engine would produce. This causes
some tests (i.e. test_key_share, test_sslextension, test_sslrecords,
test_sslvertol, and test_tlsextms) to fail.
Disable the s390x HMAC hardware acceleration if an engine is used for the
digest of the HMAC calculation. This provides compatibility for engines that
provide digest implementations, and assume that these implementations are also
used when calculating an HMAC.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25287)
Use EVP_MD_is_a() instead of EVP_MD_get_type() to detect the digest
type. EVP_MD_get_type() does not always return the expected NID, e.g.
when running in the FIPS provider, EVP_MD_get_type() returns zero,
causing to skip the HMAC acceleration path.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25304)
When s390x_HMAC_CTX_copy() is called, but the destination context already
has a buffer allocated, it is not freed before duplicating the buffer from
the source context.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25238)
The CPACF instruction KMAC provides support for accelerating the HMAC
algorithm on newer machines for HMAC with SHA-224, SHA-256, SHA-384, and
SHA-512.
Preliminary measurements showed performance improvements of up to a factor
of 2, dependent on the message size, whether chunking is used and the size
of the chunks.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25161)