backport patch for performance improvements

backport-Avoid-calling-into-provider-with-the-same-iv_len-or-.patch

@@ -0,0 +1,46 @@
+From 6f8002014dda3f45aa864b38b92c2df7611af52e Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Fri, 31 Mar 2023 15:46:15 +0200
+Subject: [PATCH] Avoid calling into provider with the same iv_len or key_len
+
+Fixes #20625
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/20664)
+
+(cherry picked from commit eb52450f5151e8e78743ab05de21a344823316f5)
+---
+ crypto/evp/evp_enc.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
+index e6af8b1c7b..231be1adf4 100644
+--- a/crypto/evp/evp_enc.c
++++ b/crypto/evp/evp_enc.c
+@@ -1078,6 +1078,11 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
+ 
+     switch (type) {
+     case EVP_CTRL_SET_KEY_LENGTH:
++        if (arg < 0)
++            return 0;
++        if (ctx->key_len == arg)
++            /* Skip calling into provider if unchanged. */
++            return 1;
+         params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &sz);
+         ctx->key_len = -1;
+         break;
+@@ -1103,6 +1108,9 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
+     case EVP_CTRL_AEAD_SET_IVLEN:
+         if (arg < 0)
+             return 0;
++        if (ctx->iv_len == arg)
++            /* Skip calling into provider if unchanged. */
++            return 1;
+         params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &sz);
+         ctx->iv_len = -1;
+         break;
+-- 
+2.33.0
+

backport-Don-t-take-a-write-lock-to-retrieve-a-value-from-a-s.patch

@@ -0,0 +1,102 @@
+From d6e07491ab2838c74e7070bd3247073cb1222e36 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Fri, 12 May 2023 16:15:21 +0100
+Subject: [PATCH] Don't take a write lock to retrieve a value from a stack
+
+ossl_x509_store_ctx_get_by_subject() was taking a write lock for the
+store, but was only (usually) retrieving a value from the stack of
+objects. We take a read lock instead.
+
+Partially fixes #20286
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/20952)
+
+(cherry picked from commit 80935bf5ad309bf6c03591acf1d48fe1db57b78f)
+---
+ crypto/x509/x509_lu.c | 34 +++++++++++++++++++++++++---------
+ 1 file changed, 25 insertions(+), 9 deletions(-)
+
+diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
+index d8927bda07..1fb46586f0 100644
+--- a/crypto/x509/x509_lu.c
++++ b/crypto/x509/x509_lu.c
+@@ -41,14 +41,19 @@ void X509_LOOKUP_free(X509_LOOKUP *ctx)
+     OPENSSL_free(ctx);
+ }
+ 
+-int X509_STORE_lock(X509_STORE *s)
++int X509_STORE_lock(X509_STORE *xs)
+ {
+-    return CRYPTO_THREAD_write_lock(s->lock);
++    return CRYPTO_THREAD_write_lock(xs->lock);
+ }
+ 
+-int X509_STORE_unlock(X509_STORE *s)
++static int x509_store_read_lock(X509_STORE *xs)
+ {
+-    return CRYPTO_THREAD_unlock(s->lock);
++    return CRYPTO_THREAD_read_lock(xs->lock);
++}
++
++int X509_STORE_unlock(X509_STORE *xs)
++{
++    return CRYPTO_THREAD_unlock(xs->lock);
+ }
+ 
+ int X509_LOOKUP_init(X509_LOOKUP *ctx)
+@@ -321,9 +326,19 @@ int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
+     stmp.type = X509_LU_NONE;
+     stmp.data.ptr = NULL;
+ 
+-    if (!X509_STORE_lock(store))
++    if (!x509_store_read_lock(store))
+         return 0;
+-
++    /* Should already be sorted...but just in case */
++    if (!sk_X509_OBJECT_is_sorted(store->objs)) {
++        X509_STORE_unlock(store);
++        /* Take a write lock instead of a read lock */
++        X509_STORE_lock(store);
++        /*
++         * Another thread might have sorted it in the meantime. But if so,
++         * sk_X509_OBJECT_sort() exits early.
++         */
++        sk_X509_OBJECT_sort(store->objs);
++    }
+     tmp = X509_OBJECT_retrieve_by_subject(store->objs, type, name);
+     X509_STORE_unlock(store);
+ 
+@@ -505,7 +520,6 @@ static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type,
+     X509_OBJECT stmp;
+     X509 x509_s;
+     X509_CRL crl_s;
+-    int idx;
+ 
+     stmp.type = type;
+     switch (type) {
+@@ -522,16 +536,18 @@ static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type,
+         return -1;
+     }
+ 
+-    idx = sk_X509_OBJECT_find_all(h, &stmp, pnmatch);
+-    return idx;
++    /* Assumes h is locked for read if applicable */
++    return sk_X509_OBJECT_find_all(h, &stmp, pnmatch);
+ }
+ 
++/* Assumes h is locked for read if applicable */
+ int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type,
+                                const X509_NAME *name)
+ {
+     return x509_object_idx_cnt(h, type, name, NULL);
+ }
+ 
++/* Assumes h is locked for read if applicable */
+ X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,
+                                              X509_LOOKUP_TYPE type,
+                                              const X509_NAME *name)
+-- 
+2.33.0
+

backport-Refactor-a-separate-func-for-provider-activation-fro.patch

@@ -0,0 +1,181 @@
+From ee246234bf591cd2a9779a4ad3a2ee3c53848213 Mon Sep 17 00:00:00 2001
+From: Dmitry Belyavskiy <beldmit@gmail.com>
+Date: Mon, 22 Nov 2021 10:14:27 +0100
+Subject: [PATCH] Refactor: a separate func for provider activation from config
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/17099)
+
+(cherry picked from commit 07ba69483a7d8005a53284cbde55b9dac8c5c554)
+---
+ crypto/provider_conf.c | 140 ++++++++++++++++++++++-------------------
+ 1 file changed, 75 insertions(+), 65 deletions(-)
+
+diff --git a/crypto/provider_conf.c b/crypto/provider_conf.c
+index c13c887c3d..6a62f0df60 100644
+--- a/crypto/provider_conf.c
++++ b/crypto/provider_conf.c
+@@ -136,13 +136,86 @@ static int prov_already_activated(const char *name,
+     return 0;
+ }
+ 
++static int provider_conf_activate(OSSL_LIB_CTX *libctx, const char *name,
++                                  const char *value, const char *path,
++                                  int soft, const CONF *cnf)
++{
++    PROVIDER_CONF_GLOBAL *pcgbl
++        = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX,
++                                &provider_conf_ossl_ctx_method);
++    OSSL_PROVIDER *prov = NULL, *actual = NULL;
++    int ok = 0;
++
++    if (pcgbl == NULL || !CRYPTO_THREAD_write_lock(pcgbl->lock)) {
++        ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
++        return 0;
++    }
++    if (!prov_already_activated(name, pcgbl->activated_providers)) {
++        /*
++        * There is an attempt to activate a provider, so we should disable
++        * loading of fallbacks. Otherwise a misconfiguration could mean the
++        * intended provider does not get loaded. Subsequent fetches could
++        * then fallback to the default provider - which may be the wrong
++        * thing.
++        */
++        if (!ossl_provider_disable_fallback_loading(libctx)) {
++            CRYPTO_THREAD_unlock(pcgbl->lock);
++            ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
++            return 0;
++        }
++        prov = ossl_provider_find(libctx, name, 1);
++        if (prov == NULL)
++            prov = ossl_provider_new(libctx, name, NULL, 1);
++        if (prov == NULL) {
++            CRYPTO_THREAD_unlock(pcgbl->lock);
++            if (soft)
++                ERR_clear_error();
++            return 0;
++        }
++
++        if (path != NULL)
++            ossl_provider_set_module_path(prov, path);
++
++        ok = provider_conf_params(prov, NULL, NULL, value, cnf);
++
++        if (ok) {
++            if (!ossl_provider_activate(prov, 1, 0)) {
++                ok = 0;
++            } else if (!ossl_provider_add_to_store(prov, &actual, 0)) {
++                ossl_provider_deactivate(prov, 1);
++                ok = 0;
++            } else if (actual != prov
++                       && !ossl_provider_activate(actual, 1, 0)) {
++                ossl_provider_free(actual);
++                ok = 0;
++            } else {
++                if (pcgbl->activated_providers == NULL)
++                    pcgbl->activated_providers = sk_OSSL_PROVIDER_new_null();
++                if (pcgbl->activated_providers == NULL
++                    || !sk_OSSL_PROVIDER_push(pcgbl->activated_providers,
++                                              actual)) {
++                    ossl_provider_deactivate(actual, 1);
++                    ossl_provider_free(actual);
++                    ok = 0;
++                } else {
++                    ok = 1;
++                }
++            }
++        }
++        if (!ok)
++            ossl_provider_free(prov);
++    }
++    CRYPTO_THREAD_unlock(pcgbl->lock);
++
++    return ok;
++}
++
+ static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name,
+                               const char *value, const CONF *cnf)
+ {
+     int i;
+     STACK_OF(CONF_VALUE) *ecmds;
+     int soft = 0;
+-    OSSL_PROVIDER *prov = NULL, *actual = NULL;
+     const char *path = NULL;
+     long activate = 0;
+     int ok = 0;
+@@ -182,70 +255,7 @@ static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name,
+     }
+ 
+     if (activate) {
+-        PROVIDER_CONF_GLOBAL *pcgbl
+-            = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX,
+-                                    &provider_conf_ossl_ctx_method);
+-
+-        if (pcgbl == NULL || !CRYPTO_THREAD_write_lock(pcgbl->lock)) {
+-            ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
+-            return 0;
+-        }
+-        if (!prov_already_activated(name, pcgbl->activated_providers)) {
+-            /*
+-            * There is an attempt to activate a provider, so we should disable
+-            * loading of fallbacks. Otherwise a misconfiguration could mean the
+-            * intended provider does not get loaded. Subsequent fetches could
+-            * then fallback to the default provider - which may be the wrong
+-            * thing.
+-            */
+-            if (!ossl_provider_disable_fallback_loading(libctx)) {
+-                CRYPTO_THREAD_unlock(pcgbl->lock);
+-                ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
+-                return 0;
+-            }
+-            prov = ossl_provider_find(libctx, name, 1);
+-            if (prov == NULL)
+-                prov = ossl_provider_new(libctx, name, NULL, 1);
+-            if (prov == NULL) {
+-                CRYPTO_THREAD_unlock(pcgbl->lock);
+-                if (soft)
+-                    ERR_clear_error();
+-                return 0;
+-            }
+-
+-            if (path != NULL)
+-                ossl_provider_set_module_path(prov, path);
+-
+-            ok = provider_conf_params(prov, NULL, NULL, value, cnf);
+-
+-            if (ok) {
+-                if (!ossl_provider_activate(prov, 1, 0)) {
+-                    ok = 0;
+-                } else if (!ossl_provider_add_to_store(prov, &actual, 0)) {
+-                    ossl_provider_deactivate(prov, 1);
+-                    ok = 0;
+-                } else if (actual != prov
+-                           && !ossl_provider_activate(actual, 1, 0)) {
+-                    ossl_provider_free(actual);
+-                    ok = 0;
+-                } else {
+-                    if (pcgbl->activated_providers == NULL)
+-                        pcgbl->activated_providers = sk_OSSL_PROVIDER_new_null();
+-                    if (pcgbl->activated_providers == NULL
+-                        || !sk_OSSL_PROVIDER_push(pcgbl->activated_providers,
+-                                                  actual)) {
+-                        ossl_provider_deactivate(actual, 1);
+-                        ossl_provider_free(actual);
+-                        ok = 0;
+-                    } else {
+-                        ok = 1;
+-                    }
+-                }
+-            }
+-            if (!ok)
+-                ossl_provider_free(prov);
+-        }
+-        CRYPTO_THREAD_unlock(pcgbl->lock);
++        ok = provider_conf_activate(libctx, name, value, path, soft, cnf);
+     } else {
+         OSSL_PROVIDER_INFO entry;
+ 
+-- 
+2.33.0
+

backport-Release-the-drbg-in-the-global-default-context-befor.patch

@@ -0,0 +1,63 @@
+From d5c02e2de86a28ab2c06e866f0db858c43d00355 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Tue, 11 Oct 2022 17:26:23 +0200
+Subject: [PATCH] Release the drbg in the global default context before engines
+
+Fixes #17995
+Fixes #18578
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
+(Merged from https://github.com/openssl/openssl/pull/19386)
+
+(cherry picked from commit a88e97fcace01ecf557b207f04328a72df5110df)
+---
+ crypto/context.c         | 9 +++++++++
+ crypto/rand/rand_lib.c   | 1 +
+ include/crypto/context.h | 1 +
+ 3 files changed, 11 insertions(+)
+
+diff --git a/crypto/context.c b/crypto/context.c
+index aec9ecd4ac..c6358afc81 100644
+--- a/crypto/context.c
++++ b/crypto/context.c
+@@ -456,6 +456,15 @@ OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx)
+ 
+     return NULL;
+ }
++
++void ossl_release_default_drbg_ctx(void)
++{
++    /* early release of the DRBG in global default libctx */
++    if (default_context_int.drbg != NULL) {
++        ossl_rand_ctx_free(default_context_int.drbg);
++        default_context_int.drbg = NULL;
++    }
++}
+ #endif
+ 
+ OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx)
+diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
+index 3f04ec171e..b186ec7f27 100644
+--- a/crypto/rand/rand_lib.c
++++ b/crypto/rand/rand_lib.c
+@@ -97,6 +97,7 @@ void ossl_rand_cleanup_int(void)
+     CRYPTO_THREAD_lock_free(rand_meth_lock);
+     rand_meth_lock = NULL;
+ # endif
++    ossl_release_default_drbg_ctx();
+     rand_inited = 0;
+ }
+ 
+diff --git a/include/crypto/context.h b/include/crypto/context.h
+index 143f6d6b6d..cc06c71be8 100644
+--- a/include/crypto/context.h
++++ b/include/crypto/context.h
+@@ -38,3 +38,4 @@ void ossl_self_test_set_callback_free(void *);
+ void ossl_rand_crng_ctx_free(void *);
+ void ossl_thread_event_ctx_free(void *);
+ void ossl_fips_prov_ossl_ctx_free(void *);
++void ossl_release_default_drbg_ctx(void);
+-- 
+2.33.0
+

backport-Revert-Release-the-drbg-in-the-global-default-contex.patch

@@ -0,0 +1,106 @@
+From 9a12f01f6e784c8cf714442014573d010266182d Mon Sep 17 00:00:00 2001
+From: hzero1996 <wangcheng156@huawei.com>
+Date: Fri, 31 May 2024 16:55:10 +0800
+Subject: [PATCH] Revert "Release the drbg in the global default context before
+ engines"
+
+This reverts commit d0f8056c47f7aea40a34815fe459404f14501e81.
+
+
+The fix patch for 3.1 will be merged later: d5c02e2de86a28ab2c06e866f0db858c43d00355
+---
+ crypto/context.c            | 15 ---------------
+ crypto/rand/rand_lib.c      |  5 ++---
+ include/crypto/rand.h       |  1 -
+ include/internal/cryptlib.h |  2 --
+ 4 files changed, 2 insertions(+), 21 deletions(-)
+
+diff --git a/crypto/context.c b/crypto/context.c
+index 548665fba2..bdfc4d02a3 100644
+--- a/crypto/context.c
++++ b/crypto/context.c
+@@ -15,7 +15,6 @@
+ #include "internal/bio.h"
+ #include "internal/provider.h"
+ #include "crypto/ctype.h"
+-#include "crypto/rand.h"
+ 
+ struct ossl_lib_ctx_onfree_list_st {
+     ossl_lib_ctx_onfree_fn *fn;
+@@ -272,20 +271,6 @@ OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx)
+ 
+     return NULL;
+ }
+-
+-void ossl_release_default_drbg_ctx(void)
+-{
+-    int dynidx = default_context_int.dyn_indexes[OSSL_LIB_CTX_DRBG_INDEX];
+-
+-    /* early release of the DRBG in global default libctx, no locking */
+-    if (dynidx != -1) {
+-        void *data;
+-
+-        data = CRYPTO_get_ex_data(&default_context_int.data, dynidx);
+-        ossl_rand_ctx_free(data);
+-        CRYPTO_set_ex_data(&default_context_int.data, dynidx, NULL);
+-    }
+-}
+ #endif
+ 
+ OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx)
+diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
+index 5fde214448..edfae865b6 100644
+--- a/crypto/rand/rand_lib.c
++++ b/crypto/rand/rand_lib.c
+@@ -96,7 +96,6 @@ void ossl_rand_cleanup_int(void)
+     CRYPTO_THREAD_lock_free(rand_meth_lock);
+     rand_meth_lock = NULL;
+ # endif
+-    ossl_release_default_drbg_ctx();
+     rand_inited = 0;
+ }
+ 
+@@ -476,7 +475,7 @@ static void *rand_ossl_ctx_new(OSSL_LIB_CTX *libctx)
+     return NULL;
+ }
+ 
+-void ossl_rand_ctx_free(void *vdgbl)
++static void rand_ossl_ctx_free(void *vdgbl)
+ {
+     RAND_GLOBAL *dgbl = vdgbl;
+ 
+@@ -501,7 +500,7 @@ void ossl_rand_ctx_free(void *vdgbl)
+ static const OSSL_LIB_CTX_METHOD rand_drbg_ossl_ctx_method = {
+     OSSL_LIB_CTX_METHOD_PRIORITY_2,
+     rand_ossl_ctx_new,
+-    ossl_rand_ctx_free,
++    rand_ossl_ctx_free,
+ };
+ 
+ static RAND_GLOBAL *rand_get_global(OSSL_LIB_CTX *libctx)
+diff --git a/include/crypto/rand.h b/include/crypto/rand.h
+index 165deaf95c..6a71a339c8 100644
+--- a/include/crypto/rand.h
++++ b/include/crypto/rand.h
+@@ -125,5 +125,4 @@ void ossl_rand_cleanup_nonce(ossl_unused const OSSL_CORE_HANDLE *handle,
+ size_t ossl_pool_acquire_entropy(RAND_POOL *pool);
+ int ossl_pool_add_nonce_data(RAND_POOL *pool);
+ 
+-void ossl_rand_ctx_free(void *vdgbl);
+ #endif
+diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
+index 934d4b089c..1291299b6e 100644
+--- a/include/internal/cryptlib.h
++++ b/include/internal/cryptlib.h
+@@ -199,8 +199,6 @@ int ossl_lib_ctx_run_once(OSSL_LIB_CTX *ctx, unsigned int idx,
+ int ossl_lib_ctx_onfree(OSSL_LIB_CTX *ctx, ossl_lib_ctx_onfree_fn onfreefn);
+ const char *ossl_lib_ctx_get_descriptor(OSSL_LIB_CTX *libctx);
+ 
+-void ossl_release_default_drbg_ctx(void);
+-
+ OSSL_LIB_CTX *ossl_crypto_ex_data_get_ossl_lib_ctx(const CRYPTO_EX_DATA *ad);
+ int ossl_crypto_new_ex_data_ex(OSSL_LIB_CTX *ctx, int class_index, void *obj,
+                                CRYPTO_EX_DATA *ad);
+-- 
+2.33.0
+

backport-aes-avoid-accessing-key-length-field-directly.patch

@@ -0,0 +1,711 @@
+From 071f5f874bb4cd7f04cf9d75be8b094b0bbc9179 Mon Sep 17 00:00:00 2001
+From: Pauli <pauli@openssl.org>
+Date: Thu, 27 Jan 2022 12:51:13 +1100
+Subject: [PATCH] aes: avoid accessing key length field directly
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/17543)
+
+(cherry picked from commit 80ce874a093087b919e1c722427df30f81f5dad5)
+Reviewed-by: Hugo Landau <hlandau@openssl.org>
+---
+ crypto/evp/e_aes.c               | 305 +++++++++++++++++++++----------
+ crypto/evp/e_aes_cbc_hmac_sha1.c |  23 ++-
+ 2 files changed, 224 insertions(+), 104 deletions(-)
+
+diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
+index 52b9e87c1e..d8aca6e525 100644
+--- a/crypto/evp/e_aes.c
++++ b/crypto/evp/e_aes.c
+@@ -146,20 +146,21 @@ static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ {
+     int ret, mode;
+     EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
++    const int keylen = EVP_CIPHER_CTX_get_key_length(ctx) * 8;
+ 
++    if (keylen <= 0) {
++        ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
++        return 0;
++    }
+     mode = EVP_CIPHER_CTX_get_mode(ctx);
+     if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
+         && !enc) {
+-        ret = aesni_set_decrypt_key(key,
+-                                    EVP_CIPHER_CTX_get_key_length(ctx) * 8,
+-                                    &dat->ks.ks);
++        ret = aesni_set_decrypt_key(key, keylen, &dat->ks.ks);
+         dat->block = (block128_f) aesni_decrypt;
+         dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+             (cbc128_f) aesni_cbc_encrypt : NULL;
+     } else {
+-        ret = aesni_set_encrypt_key(key,
+-                                    EVP_CIPHER_CTX_get_key_length(ctx) * 8,
+-                                    &dat->ks.ks);
++        ret = aesni_set_encrypt_key(key, keylen, &dat->ks.ks);
+         dat->block = (block128_f) aesni_encrypt;
+         if (mode == EVP_CIPH_CBC_MODE)
+             dat->stream.cbc = (cbc128_f) aesni_cbc_encrypt;
+@@ -223,12 +224,19 @@ static int aesni_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ static int aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                               const unsigned char *iv, int enc)
+ {
+-    EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
+-    if (!iv && !key)
++    EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX, ctx);
++
++    if (iv == NULL && key == NULL)
+         return 1;
++
+     if (key) {
+-        aesni_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
+-                              &gctx->ks.ks);
++        const int keylen = EVP_CIPHER_CTX_get_key_length(ctx) * 8;
++
++        if (keylen <= 0) {
++            ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
++            return 0;
++        }
++        aesni_set_encrypt_key(key, keylen, &gctx->ks.ks);
+         CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) aesni_encrypt);
+         gctx->ctr = (ctr128_f) aesni_ctr32_encrypt_blocks;
+         /*
+@@ -262,14 +270,19 @@ static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ {
+     EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx);
+ 
+-    if (!iv && !key)
++    if (iv == NULL && key == NULL)
+         return 1;
+ 
+     if (key) {
+         /* The key is two half length keys in reality */
+-        const int bytes = EVP_CIPHER_CTX_get_key_length(ctx) / 2;
++        const int keylen = EVP_CIPHER_CTX_get_key_length(ctx);
++        const int bytes = keylen / 2;
+         const int bits = bytes * 8;
+ 
++        if (keylen <= 0) {
++            ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
++            return 0;
++        }
+         /*
+          * Verify that the two keys are different.
+          *
+@@ -315,11 +328,18 @@ static int aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                               const unsigned char *iv, int enc)
+ {
+     EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);
+-    if (!iv && !key)
++
++    if (iv == NULL && key == NULL)
+         return 1;
+-    if (key) {
+-        aesni_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
+-                              &cctx->ks.ks);
++
++    if (key != NULL) {
++        const int keylen = EVP_CIPHER_CTX_get_key_length(ctx) * 8;
++
++        if (keylen <= 0) {
++            ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
++            return 0;
++        }
++        aesni_set_encrypt_key(key, keylen, &cctx->ks.ks);
+         CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
+                            &cctx->ks, (block128_f) aesni_encrypt);
+         cctx->str = enc ? (ccm128_f) aesni_ccm64_encrypt_blocks :
+@@ -342,19 +362,25 @@ static int aesni_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                               const unsigned char *iv, int enc)
+ {
+     EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx);
+-    if (!iv && !key)
++
++    if (iv == NULL && key == NULL)
+         return 1;
+-    if (key) {
++
++    if (key != NULL) {
++        const int keylen = EVP_CIPHER_CTX_get_key_length(ctx) * 8;
++
++        if (keylen <= 0) {
++            ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
++            return 0;
++        }
+         do {
+             /*
+              * We set both the encrypt and decrypt key here because decrypt
+              * needs both. We could possibly optimise to remove setting the
+              * decrypt for an encryption operation.
+              */
+-            aesni_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
+-                                  &octx->ksenc.ks);
+-            aesni_set_decrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
+-                                  &octx->ksdec.ks);
++            aesni_set_encrypt_key(key, keylen, &octx->ksenc.ks);
++            aesni_set_decrypt_key(key, keylen, &octx->ksdec.ks);
+             if (!CRYPTO_ocb128_init(&octx->ocb,
+                                     &octx->ksenc.ks, &octx->ksdec.ks,
+                                     (block128_f) aesni_encrypt,
+@@ -452,6 +478,10 @@ static int aes_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ 
+     mode = EVP_CIPHER_CTX_get_mode(ctx);
+     bits = EVP_CIPHER_CTX_get_key_length(ctx) * 8;
++    if (bits <= 0) {
++        ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
++        return 0;
++    }
+     if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
+         && !enc) {
+         ret = 0;
+@@ -547,10 +577,16 @@ static int aes_t4_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                                const unsigned char *iv, int enc)
+ {
+     EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
+-    if (!iv && !key)
++
++    if (iv == NULL && key == NULL)
+         return 1;
+     if (key) {
+-        int bits = EVP_CIPHER_CTX_get_key_length(ctx) * 8;
++        const int bits = EVP_CIPHER_CTX_get_key_length(ctx) * 8;
++
++        if (bits <= 0) {
++            ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
++            return 0;
++        }
+         aes_t4_set_encrypt_key(key, bits, &gctx->ks.ks);
+         CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+                            (block128_f) aes_t4_encrypt);
+@@ -603,9 +639,14 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ 
+     if (key) {
+         /* The key is two half length keys in reality */
+-        const int bytes = EVP_CIPHER_CTX_get_key_length(ctx) / 2;
++        const int keylen = EVP_CIPHER_CTX_get_key_length(ctx);
++        const int bytes = keylen / 2;
+         const int bits = bytes * 8;
+ 
++        if (keylen <= 0) {
++            ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
++            return 0;
++        }
+         /*
+          * Verify that the two keys are different.
+          *
+@@ -670,10 +711,17 @@ static int aes_t4_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                                const unsigned char *iv, int enc)
+ {
+     EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);
+-    if (!iv && !key)
++
++    if (iv == NULL && key == NULL)
+         return 1;
+-    if (key) {
+-        int bits = EVP_CIPHER_CTX_get_key_length(ctx) * 8;
++
++    if (key != NULL) {
++        const int bits = EVP_CIPHER_CTX_get_key_length(ctx) * 8;
++
++        if (bits <= 0) {
++            ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
++            return 0;
++        }
+         aes_t4_set_encrypt_key(key, bits, &cctx->ks.ks);
+         CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
+                            &cctx->ks, (block128_f) aes_t4_encrypt);
+@@ -696,19 +744,25 @@ static int aes_t4_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                                const unsigned char *iv, int enc)
+ {
+     EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx);
+-    if (!iv && !key)
++
++    if (iv == NULL && key == NULL)
+         return 1;
+-    if (key) {
++
++    if (key != NULL) {
++        const int keylen = EVP_CIPHER_CTX_get_key_length(ctx) * 8;
++
++        if (keylen <= 0) {
++            ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
++            return 0;
++        }
+         do {
+             /*
+              * We set both the encrypt and decrypt key here because decrypt
+              * needs both. We could possibly optimise to remove setting the
+              * decrypt for an encryption operation.
+              */
+-            aes_t4_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
+-                                   &octx->ksenc.ks);
+-            aes_t4_set_decrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
+-                                   &octx->ksdec.ks);
++            aes_t4_set_encrypt_key(key, keylen, &octx->ksenc.ks);
++            aes_t4_set_decrypt_key(key, keylen, &octx->ksdec.ks);
+             if (!CRYPTO_ocb128_init(&octx->ocb,
+                                     &octx->ksenc.ks, &octx->ksdec.ks,
+                                     (block128_f) aes_t4_encrypt,
+@@ -973,6 +1027,10 @@ static int s390x_aes_ecb_init_key(EVP_CIPHER_CTX *ctx,
+     S390X_AES_ECB_CTX *cctx = EVP_C_DATA(S390X_AES_ECB_CTX, ctx);
+     const int keylen = EVP_CIPHER_CTX_get_key_length(ctx);
+ 
++    if (keylen <= 0) {
++        ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
++        return 0;
++    }
+     cctx->fc = S390X_AES_FC(keylen);
+     if (!enc)
+         cctx->fc |= S390X_DECRYPT;
+@@ -999,6 +1057,14 @@ static int s390x_aes_ofb_init_key(EVP_CIPHER_CTX *ctx,
+     const int keylen = EVP_CIPHER_CTX_get_key_length(ctx);
+     const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
+ 
++    if (keylen <= 0) {
++        ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
++        return 0;
++    }
++    if (ivlen <= 0) {
++        ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_IV_LENGTH);
++        return 0;
++    }
+     memcpy(cctx->kmo.param.cv, iv, ivlen);
+     memcpy(cctx->kmo.param.k, key, keylen);
+     cctx->fc = S390X_AES_FC(keylen);
+@@ -1058,6 +1124,14 @@ static int s390x_aes_cfb_init_key(EVP_CIPHER_CTX *ctx,
+     const int keylen = EVP_CIPHER_CTX_get_key_length(ctx);
+     const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
+ 
++    if (keylen <= 0) {
++        ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
++        return 0;
++    }
++    if (ivlen <= 0) {
++        ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_IV_LENGTH);
++        return 0;
++    }
+     cctx->fc = S390X_AES_FC(keylen);
+     cctx->fc |= 16 << 24;   /* 16 bytes cipher feedback */
+     if (!enc)
+@@ -1081,6 +1155,14 @@ static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+     int rem;
+     unsigned char tmp;
+ 
++    if (keylen <= 0) {
++        ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
++        return 0;
++    }
++    if (ivlen <= 0) {
++        ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_IV_LENGTH);
++        return 0;
++    }
+     memcpy(cctx->kmf.param.cv, iv, ivlen);
+     while (n && len) {
+         tmp = *in;
+@@ -1128,6 +1210,14 @@ static int s390x_aes_cfb8_init_key(EVP_CIPHER_CTX *ctx,
+     const int keylen = EVP_CIPHER_CTX_get_key_length(ctx);
+     const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
+ 
++    if (keylen <= 0) {
++        ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
++        return 0;
++    }
++    if (ivlen <= 0) {
++        ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_IV_LENGTH);
++        return 0;
++    }
+     cctx->fc = S390X_AES_FC(keylen);
+     cctx->fc |= 1 << 24;   /* 1 byte cipher feedback */
+     if (!enc)
+@@ -1533,6 +1623,11 @@ static int s390x_aes_gcm_init_key(EVP_CIPHER_CTX *ctx,
+ 
+     if (key != NULL) {
+         keylen = EVP_CIPHER_CTX_get_key_length(ctx);
++        if (keylen <= 0) {
++            ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
++            return 0;
++        }
++
+         memcpy(&gctx->kma.param.k, key, keylen);
+ 
+         gctx->fc = S390X_AES_FC(keylen);
+@@ -1939,6 +2034,11 @@ static int s390x_aes_ccm_init_key(EVP_CIPHER_CTX *ctx,
+ 
+     if (key != NULL) {
+         keylen = EVP_CIPHER_CTX_get_key_length(ctx);
++        if (keylen <= 0) {
++            ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
++            return 0;
++        }
++
+         cctx->aes.ccm.fc = S390X_AES_FC(keylen);
+         memcpy(cctx->aes.ccm.kmac_param.k, key, keylen);
+ 
+@@ -2315,15 +2415,19 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ {
+     int ret, mode;
+     EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
++    const int keylen = EVP_CIPHER_CTX_get_key_length(ctx) * 8;
++
++    if (keylen <= 0) {
++        ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
++        return 0;
++    }
+ 
+     mode = EVP_CIPHER_CTX_get_mode(ctx);
+     if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
+         && !enc) {
+ #ifdef HWAES_CAPABLE
+         if (HWAES_CAPABLE) {
+-            ret = HWAES_set_decrypt_key(key,
+-                                        EVP_CIPHER_CTX_get_key_length(ctx) * 8,
+-                                        &dat->ks.ks);
++            ret = HWAES_set_decrypt_key(key, keylen, &dat->ks.ks);
+             dat->block = (block128_f) HWAES_decrypt;
+             dat->stream.cbc = NULL;
+ # ifdef HWAES_cbc_encrypt
+@@ -2334,27 +2438,21 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ #endif
+ #ifdef BSAES_CAPABLE
+         if (BSAES_CAPABLE && mode == EVP_CIPH_CBC_MODE) {
+-            ret = AES_set_decrypt_key(key,
+-                                      EVP_CIPHER_CTX_get_key_length(ctx) * 8,
+-                                      &dat->ks.ks);
++            ret = AES_set_decrypt_key(key, keylen, &dat->ks.ks);
+             dat->block = (block128_f) AES_decrypt;
+             dat->stream.cbc = (cbc128_f) ossl_bsaes_cbc_encrypt;
+         } else
+ #endif
+ #ifdef VPAES_CAPABLE
+         if (VPAES_CAPABLE) {
+-            ret = vpaes_set_decrypt_key(key,
+-                                        EVP_CIPHER_CTX_get_key_length(ctx) * 8,
+-                                        &dat->ks.ks);
++            ret = vpaes_set_decrypt_key(key, keylen, &dat->ks.ks);
+             dat->block = (block128_f) vpaes_decrypt;
+             dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+                 (cbc128_f) vpaes_cbc_encrypt : NULL;
+         } else
+ #endif
+         {
+-            ret = AES_set_decrypt_key(key,
+-                                      EVP_CIPHER_CTX_get_key_length(ctx) * 8,
+-                                      &dat->ks.ks);
++            ret = AES_set_decrypt_key(key, keylen, &dat->ks.ks);
+             dat->block = (block128_f) AES_decrypt;
+             dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+                 (cbc128_f) AES_cbc_encrypt : NULL;
+@@ -2362,9 +2460,7 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+     } else
+ #ifdef HWAES_CAPABLE
+     if (HWAES_CAPABLE) {
+-        ret = HWAES_set_encrypt_key(key,
+-                                    EVP_CIPHER_CTX_get_key_length(ctx) * 8,
+-                                    &dat->ks.ks);
++        ret = HWAES_set_encrypt_key(key, keylen, &dat->ks.ks);
+         dat->block = (block128_f) HWAES_encrypt;
+         dat->stream.cbc = NULL;
+ # ifdef HWAES_cbc_encrypt
+@@ -2382,25 +2478,21 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ #endif
+ #ifdef BSAES_CAPABLE
+     if (BSAES_CAPABLE && mode == EVP_CIPH_CTR_MODE) {
+-        ret = AES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
+-                                  &dat->ks.ks);
++        ret = AES_set_encrypt_key(key, keylen, &dat->ks.ks);
+         dat->block = (block128_f) AES_encrypt;
+         dat->stream.ctr = (ctr128_f) ossl_bsaes_ctr32_encrypt_blocks;
+     } else
+ #endif
+ #ifdef VPAES_CAPABLE
+     if (VPAES_CAPABLE) {
+-        ret = vpaes_set_encrypt_key(key,
+-                                    EVP_CIPHER_CTX_get_key_length(ctx) * 8,
+-                                    &dat->ks.ks);
++        ret = vpaes_set_encrypt_key(key, keylen, &dat->ks.ks);
+         dat->block = (block128_f) vpaes_encrypt;
+         dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+             (cbc128_f) vpaes_cbc_encrypt : NULL;
+     } else
+ #endif
+     {
+-        ret = AES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
+-                                  &dat->ks.ks);
++        ret = AES_set_encrypt_key(key, keylen, &dat->ks.ks);
+         dat->block = (block128_f) AES_encrypt;
+         dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+             (cbc128_f) AES_cbc_encrypt : NULL;
+@@ -2711,13 +2803,21 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
+ {
+     EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
+-    if (!iv && !key)
++
++    if (iv == NULL && key == NULL)
+         return 1;
+-    if (key) {
++
++    if (key != NULL) {
++        const int keylen = EVP_CIPHER_CTX_get_key_length(ctx) * 8;
++
++        if (keylen <= 0) {
++            ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
++            return 0;
++        }
+         do {
+ #ifdef HWAES_CAPABLE
+             if (HWAES_CAPABLE) {
+-                HWAES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
++                HWAES_set_encrypt_key(key, keylen, &gctx->ks.ks);
+                 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+                                    (block128_f) HWAES_encrypt);
+ # ifdef HWAES_ctr32_encrypt_blocks
+@@ -2730,7 +2830,7 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ #endif
+ #ifdef BSAES_CAPABLE
+             if (BSAES_CAPABLE) {
+-                AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
++                AES_set_encrypt_key(key, keylen, &gctx->ks.ks);
+                 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+                                    (block128_f) AES_encrypt);
+                 gctx->ctr = (ctr128_f) ossl_bsaes_ctr32_encrypt_blocks;
+@@ -2739,7 +2839,7 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ #endif
+ #ifdef VPAES_CAPABLE
+             if (VPAES_CAPABLE) {
+-                vpaes_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
++                vpaes_set_encrypt_key(key, keylen, &gctx->ks.ks);
+                 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+                                    (block128_f) vpaes_encrypt);
+                 gctx->ctr = NULL;
+@@ -2748,7 +2848,7 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ #endif
+                 (void)0;        /* terminate potentially open 'else' */
+ 
+-            AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
++            AES_set_encrypt_key(key, keylen, &gctx->ks.ks);
+             CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+                                (block128_f) AES_encrypt);
+ #ifdef AES_CTR_ASM
+@@ -3128,15 +3228,20 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ {
+     EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx);
+ 
+-    if (!iv && !key)
++    if (iv == NULL && key == NULL)
+         return 1;
+ 
+-    if (key) {
++    if (key != NULL) {
+         do {
+             /* The key is two half length keys in reality */
+-            const int bytes = EVP_CIPHER_CTX_get_key_length(ctx) / 2;
++            const int keylen = EVP_CIPHER_CTX_get_key_length(ctx);
++            const int bytes = keylen / 2;
+             const int bits = bytes * 8;
+ 
++            if (keylen <= 0) {
++                ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
++                return 0;
++            }
+             /*
+              * Verify that the two keys are different.
+              *
+@@ -3382,15 +3487,21 @@ static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
+ {
+     EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);
+-    if (!iv && !key)
++
++    if (iv == NULL && key == NULL)
+         return 1;
+-    if (key)
++
++    if (key != NULL) {
++        const int keylen = EVP_CIPHER_CTX_get_key_length(ctx) * 8;
++
++        if (keylen <= 0) {
++            ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
++            return 0;
++        }
+         do {
+ #ifdef HWAES_CAPABLE
+             if (HWAES_CAPABLE) {
+-                HWAES_set_encrypt_key(key,
+-                                      EVP_CIPHER_CTX_get_key_length(ctx) * 8,
+-                                      &cctx->ks.ks);
++                HWAES_set_encrypt_key(key, keylen, &cctx->ks.ks);
+ 
+                 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
+                                    &cctx->ks, (block128_f) HWAES_encrypt);
+@@ -3401,9 +3512,7 @@ static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ #endif
+ #ifdef VPAES_CAPABLE
+             if (VPAES_CAPABLE) {
+-                vpaes_set_encrypt_key(key,
+-                                      EVP_CIPHER_CTX_get_key_length(ctx) * 8,
+-                                      &cctx->ks.ks);
++                vpaes_set_encrypt_key(key, keylen, &cctx->ks.ks);
+                 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
+                                    &cctx->ks, (block128_f) vpaes_encrypt);
+                 cctx->str = NULL;
+@@ -3411,14 +3520,14 @@ static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                 break;
+             }
+ #endif
+-            AES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
+-                                &cctx->ks.ks);
++            AES_set_encrypt_key(key, keylen, &cctx->ks.ks);
+             CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
+                                &cctx->ks, (block128_f) AES_encrypt);
+             cctx->str = NULL;
+             cctx->key_set = 1;
+         } while (0);
+-    if (iv) {
++    }
++    if (iv != NULL) {
+         memcpy(ctx->iv, iv, 15 - cctx->L);
+         cctx->iv_set = 1;
+     }
+@@ -3573,12 +3682,16 @@ static int aes_wrap_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+     if (iv == NULL && key == NULL)
+         return 1;
+     if (key != NULL) {
++        const int keylen = EVP_CIPHER_CTX_get_key_length(ctx) * 8;
++
++        if (keylen <= 0) {
++            ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
++            return 0;
++        }
+         if (EVP_CIPHER_CTX_is_encrypting(ctx))
+-            AES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
+-                                &wctx->ks.ks);
++            AES_set_encrypt_key(key, keylen, &wctx->ks.ks);
+         else
+-            AES_set_decrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
+-                                &wctx->ks.ks);
++            AES_set_decrypt_key(key, keylen, &wctx->ks.ks);
+         if (iv == NULL)
+             wctx->iv = NULL;
+     }
+@@ -3806,9 +3919,17 @@ static int aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
+ {
+     EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx);
+-    if (!iv && !key)
++
++    if (iv == NULL && key == NULL)
+         return 1;
+-    if (key) {
++
++    if (key != NULL) {
++       const int keylen = EVP_CIPHER_CTX_get_key_length(ctx) * 8;
++
++        if (keylen <= 0) {
++            ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
++            return 0;
++        }
+         do {
+             /*
+              * We set both the encrypt and decrypt key here because decrypt
+@@ -3817,10 +3938,8 @@ static int aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+              */
+ # ifdef HWAES_CAPABLE
+             if (HWAES_CAPABLE) {
+-                HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
+-                                      &octx->ksenc.ks);
+-                HWAES_set_decrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
+-                                      &octx->ksdec.ks);
++                HWAES_set_encrypt_key(key, keylen, &octx->ksenc.ks);
++                HWAES_set_decrypt_key(key, keylen, &octx->ksdec.ks);
+                 if (!CRYPTO_ocb128_init(&octx->ocb,
+                                         &octx->ksenc.ks, &octx->ksdec.ks,
+                                         (block128_f) HWAES_encrypt,
+@@ -3833,12 +3952,8 @@ static int aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ # endif
+ # ifdef VPAES_CAPABLE
+             if (VPAES_CAPABLE) {
+-                vpaes_set_encrypt_key(key,
+-                                      EVP_CIPHER_CTX_get_key_length(ctx) * 8,
+-                                      &octx->ksenc.ks);
+-                vpaes_set_decrypt_key(key,
+-                                      EVP_CIPHER_CTX_get_key_length(ctx) * 8,
+-                                      &octx->ksdec.ks);
++                vpaes_set_encrypt_key(key, keylen, &octx->ksenc.ks);
++                vpaes_set_decrypt_key(key, keylen, &octx->ksdec.ks);
+                 if (!CRYPTO_ocb128_init(&octx->ocb,
+                                         &octx->ksenc.ks, &octx->ksdec.ks,
+                                         (block128_f) vpaes_encrypt,
+@@ -3848,10 +3963,8 @@ static int aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                 break;
+             }
+ # endif
+-            AES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
+-                                &octx->ksenc.ks);
+-            AES_set_decrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
+-                                &octx->ksdec.ks);
++            AES_set_encrypt_key(key, keylen, &octx->ksenc.ks);
++            AES_set_decrypt_key(key, keylen, &octx->ksdec.ks);
+             if (!CRYPTO_ocb128_init(&octx->ocb,
+                                     &octx->ksenc.ks, &octx->ksdec.ks,
+                                     (block128_f) AES_encrypt,
+diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
+index 4941f98e64..5f25cda0ec 100644
+--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
++++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
+@@ -72,15 +72,16 @@ static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
+ {
+     EVP_AES_HMAC_SHA1 *key = data(ctx);
+     int ret;
++    const int keylen = EVP_CIPHER_CTX_get_key_length(ctx) * 8;
+ 
++    if (keylen <= 0) {
++        ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
++        return 0;
++    }
+     if (enc)
+-        ret = aesni_set_encrypt_key(inkey,
+-                                    EVP_CIPHER_CTX_get_key_length(ctx) * 8,
+-                                    &key->ks);
++        ret = aesni_set_encrypt_key(inkey, keylen, &key->ks);
+     else
+-        ret = aesni_set_decrypt_key(inkey,
+-                                    EVP_CIPHER_CTX_get_key_length(ctx) * 8,
+-                                    &key->ks);
++        ret = aesni_set_decrypt_key(inkey, keylen, &key->ks);
+ 
+     SHA1_Init(&key->head);      /* handy when benchmarking */
+     key->tail = key->head;
+@@ -496,6 +497,12 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ # if defined(STITCHED_DECRYPT_CALL)
+             unsigned char tail_iv[AES_BLOCK_SIZE];
+             int stitch = 0;
++            const int keylen = EVP_CIPHER_CTX_get_key_length(ctx);
++
++            if (keylen <= 0) {
++                ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
++                return 0;
++            }
+ # endif
+ 
+             if ((key->aux.tls_aad[plen - 4] << 8 | key->aux.tls_aad[plen - 3])
+@@ -513,7 +520,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                 return 0;
+ 
+ # if defined(STITCHED_DECRYPT_CALL)
+-            if (len >= 1024 && ctx->key_len == 32) {
++            if (len >= 1024 && keylen == 32) {
+                 /* decrypt last block */
+                 memcpy(tail_iv, in + len - 2 * AES_BLOCK_SIZE,
+                        AES_BLOCK_SIZE);
+@@ -734,7 +741,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+             return ret;
+         } else {
+ # if defined(STITCHED_DECRYPT_CALL)
+-            if (len >= 1024 && ctx->key_len == 32) {
++            if (len >= 1024 && keylen == 32) {
+                 if (sha_off %= SHA_CBLOCK)
+                     blocks = (len - 3 * SHA_CBLOCK) / SHA_CBLOCK;
+                 else
+-- 
+2.33.0
+

backport-evp-enc-cache-cipher-key-length.patch

@@ -0,0 +1,136 @@
+From bbbccd795940114cb18722fc6fffe2b25ce3c436 Mon Sep 17 00:00:00 2001
+From: Pauli <pauli@openssl.org>
+Date: Thu, 27 Jan 2022 13:33:36 +1100
+Subject: [PATCH] evp enc: cache cipher key length
+
+Instead of doing a heavy params based query every time a context is
+asked for its key length, this value is cached in the context and only
+queried if it could have been modified.
+
+Fixes #17064
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/17543)
+
+(cherry picked from commit 70f39a487d3f7d976a01e0ee7ae98a82ceeea7a0)
+Reviewed-by: Hugo Landau <hlandau@openssl.org>
+---
+ crypto/evp/evp_enc.c | 31 ++++++++++++++++++++++++-------
+ crypto/evp/evp_lib.c | 26 ++++++++++++++++++++------
+ 2 files changed, 44 insertions(+), 13 deletions(-)
+
+diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
+index 921d24dd3d..a6468f6767 100644
+--- a/crypto/evp/evp_enc.c
++++ b/crypto/evp/evp_enc.c
+@@ -62,7 +62,7 @@ int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx)
+     ENGINE_finish(ctx->engine);
+ #endif
+     memset(ctx, 0, sizeof(*ctx));
+-    ctx->iv_len = -1;
++    ctx->iv_len = 0;
+     return 1;
+ }
+ 
+@@ -994,7 +994,7 @@ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
+     if (c->cipher->prov != NULL) {
+         int ok;
+         OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
+-        size_t len = keylen;
++        size_t len;
+ 
+         if (EVP_CIPHER_CTX_get_key_length(c) == keylen)
+             return 1;
+@@ -1007,9 +1007,13 @@ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
+         }
+ 
+         params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &len);
++        if (!OSSL_PARAM_set_int(params, keylen))
++            return 0;
+         ok = evp_do_ciph_ctx_setparams(c->cipher, c->algctx, params);
+-
+-        return ok > 0 ? 1 : 0;
++        if (ok <= 0)
++            return 0;
++        c->key_len = keylen;
++        return 1;
+     }
+ 
+     /* Code below to be removed when legacy support is dropped. */
+@@ -1070,6 +1074,7 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
+     switch (type) {
+     case EVP_CTRL_SET_KEY_LENGTH:
+         params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &sz);
++        ctx->key_len = -1;
+         break;
+     case EVP_CTRL_RAND_KEY:      /* Used by DES */
+         set_params = 0;
+@@ -1265,11 +1270,23 @@ int EVP_CIPHER_get_params(EVP_CIPHER *cipher, OSSL_PARAM params[])
+ 
+ int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[])
+ {
++    int r = 0;
++    const OSSL_PARAM *p;
++
+     if (ctx->cipher != NULL && ctx->cipher->set_ctx_params != NULL) {
+-        ctx->iv_len = -1;
+-        return ctx->cipher->set_ctx_params(ctx->algctx, params);
++        r = ctx->cipher->set_ctx_params(ctx->algctx, params);
++        if (r > 0) {
++            p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
++            if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->key_len))
++                r = 0;
++        }
++        if (r > 0) {
++            p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_IVLEN);
++            if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->iv_len))
++                r = 0;
++        }
+     }
+-    return 0;
++    return r;
+ }
+ 
+ int EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX *ctx, OSSL_PARAM params[])
+diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
+index d88066d0a2..98bb25655d 100644
+--- a/crypto/evp/evp_lib.c
++++ b/crypto/evp/evp_lib.c
+@@ -652,14 +652,28 @@ int EVP_CIPHER_get_key_length(const EVP_CIPHER *cipher)
+ 
+ int EVP_CIPHER_CTX_get_key_length(const EVP_CIPHER_CTX *ctx)
+ {
+-    int ok;
+-    size_t v = ctx->key_len;
+-    OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
++    if (ctx->key_len <= 0 && ctx->cipher->prov != NULL) {
++        int ok;
++        OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
++        size_t len;
+ 
+-    params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &v);
+-    ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
++        params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &len);
++        ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
++        if (ok <= 0)
++            return EVP_CTRL_RET_UNSUPPORTED;
+ 
+-    return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED;
++        /*-
++         * The if branch should never be taken since EVP_MAX_KEY_LENGTH is
++         * less than INT_MAX but best to be safe.
++         *
++         * Casting away the const is annoying but required here.  We need to
++         * cache the result for performance reasons.
++         */
++        if (!OSSL_PARAM_get_int(params, &((EVP_CIPHER_CTX *)ctx)->key_len))
++            return -1;
++        ((EVP_CIPHER_CTX *)ctx)->key_len = (int)len;
++    }
++    return ctx->key_len;
+ }
+ 
+ int EVP_CIPHER_get_nid(const EVP_CIPHER *cipher)
+-- 
+2.33.0
+

backport-property-use-a-stack-to-efficiently-convert-index-to.patch

@@ -0,0 +1,225 @@
+From b1b4806a8caf92f32d18b52985fe4b14a6a694bd Mon Sep 17 00:00:00 2001
+From: Pauli <pauli@openssl.org>
+Date: Tue, 21 Dec 2021 11:44:31 +1100
+Subject: [PATCH] property: use a stack to efficiently convert index to string
+
+The existing code does this conversion by searching the hash table for the
+appropriate index which is slow and expensive.
+
+Fixes #15867
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/17325)
+
+(cherry picked from commit 2e3c59356f847a76a90f9f837d4983428df6eb19)
+Reviewed-by: Hugo Landau <hlandau@openssl.org>
+---
+ crypto/property/property_string.c | 114 ++++++++++++++----------------
+ 1 file changed, 52 insertions(+), 62 deletions(-)
+
+diff --git a/crypto/property/property_string.c b/crypto/property/property_string.c
+index ef87a6a782..3288c6ede8 100644
+--- a/crypto/property/property_string.c
++++ b/crypto/property/property_string.c
+@@ -40,6 +40,8 @@ typedef struct {
+     PROP_TABLE *prop_values;
+     OSSL_PROPERTY_IDX prop_name_idx;
+     OSSL_PROPERTY_IDX prop_value_idx;
++    STACK_OF(OPENSSL_CSTRING) *prop_namelist;
++    STACK_OF(OPENSSL_CSTRING) *prop_valuelist;
+ } PROPERTY_STRING_DATA;
+ 
+ static unsigned long property_hash(const PROPERTY_STRING *a)
+@@ -78,6 +80,9 @@ static void property_string_data_free(void *vpropdata)
+     CRYPTO_THREAD_lock_free(propdata->lock);
+     property_table_free(&propdata->prop_names);
+     property_table_free(&propdata->prop_values);
++    sk_OPENSSL_CSTRING_free(propdata->prop_namelist);
++    sk_OPENSSL_CSTRING_free(propdata->prop_valuelist);
++    propdata->prop_namelist = propdata->prop_valuelist = NULL;
+     propdata->prop_name_idx = propdata->prop_value_idx = 0;
+ 
+     OPENSSL_free(propdata);
+@@ -90,24 +95,21 @@ static void *property_string_data_new(OSSL_LIB_CTX *ctx) {
+         return NULL;
+ 
+     propdata->lock = CRYPTO_THREAD_lock_new();
+-    if (propdata->lock == NULL)
+-        goto err;
+-
+     propdata->prop_names = lh_PROPERTY_STRING_new(&property_hash,
+                                                   &property_cmp);
+-    if (propdata->prop_names == NULL)
+-        goto err;
+-
+     propdata->prop_values = lh_PROPERTY_STRING_new(&property_hash,
+                                                    &property_cmp);
+-    if (propdata->prop_values == NULL)
+-        goto err;
+-
++    propdata->prop_namelist = sk_OPENSSL_CSTRING_new_null();
++    propdata->prop_valuelist = sk_OPENSSL_CSTRING_new_null();
++    if (propdata->lock == NULL
++            || propdata->prop_names == NULL
++            || propdata->prop_values == NULL
++            || propdata->prop_namelist == NULL
++            || propdata->prop_valuelist == NULL) {
++        property_string_data_free(propdata);
++        return NULL;
++    }
+     return propdata;
+-
+-err:
+-    property_string_data_free(propdata);
+-    return NULL;
+ }
+ 
+ static const OSSL_LIB_CTX_METHOD property_string_data_method = {
+@@ -134,57 +136,65 @@ static PROPERTY_STRING *new_property_string(const char *s,
+     return ps;
+ }
+ 
+-static OSSL_PROPERTY_IDX ossl_property_string(CRYPTO_RWLOCK *lock,
+-                                              PROP_TABLE *t,
+-                                              OSSL_PROPERTY_IDX *pidx,
+-                                              const char *s)
++static OSSL_PROPERTY_IDX ossl_property_string(OSSL_LIB_CTX *ctx, int name,
++                                              int create, const char *s)
+ {
+     PROPERTY_STRING p, *ps, *ps_new;
++    PROP_TABLE *t;
++    STACK_OF(OPENSSL_CSTRING) *slist;
++    OSSL_PROPERTY_IDX *pidx;
++    PROPERTY_STRING_DATA *propdata
++        = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_PROPERTY_STRING_INDEX,
++                                &property_string_data_method);
+ 
++    if (propdata == NULL)
++        return 0;
++
++    t = name ? propdata->prop_names : propdata->prop_values;
+     p.s = s;
+-    if (!CRYPTO_THREAD_read_lock(lock)) {
++    if (!CRYPTO_THREAD_read_lock(propdata->lock)) {
+         ERR_raise(ERR_LIB_CRYPTO, ERR_R_UNABLE_TO_GET_READ_LOCK);
+         return 0;
+     }
+     ps = lh_PROPERTY_STRING_retrieve(t, &p);
+-    if (ps == NULL && pidx != NULL) {
+-        CRYPTO_THREAD_unlock(lock);
+-        if (!CRYPTO_THREAD_write_lock(lock)) {
++    if (ps == NULL && create) {
++        CRYPTO_THREAD_unlock(propdata->lock);
++        if (!CRYPTO_THREAD_write_lock(propdata->lock)) {
+             ERR_raise(ERR_LIB_CRYPTO, ERR_R_UNABLE_TO_GET_WRITE_LOCK);
+             return 0;
+         }
++        pidx = name ? &propdata->prop_name_idx : &propdata->prop_value_idx;
+         ps = lh_PROPERTY_STRING_retrieve(t, &p);
+         if (ps == NULL && (ps_new = new_property_string(s, pidx)) != NULL) {
++            slist = name ? propdata->prop_namelist : propdata->prop_valuelist;
++            if (sk_OPENSSL_CSTRING_push(slist, ps_new->s) <= 0) {
++                property_free(ps_new);
++                CRYPTO_THREAD_unlock(propdata->lock);
++                return 0;
++            }
+             lh_PROPERTY_STRING_insert(t, ps_new);
+             if (lh_PROPERTY_STRING_error(t)) {
++                /*-
++                 * Undo the previous push which means also decrementing the
++                 * index and freeing the allocated storage.
++                 */
++                sk_OPENSSL_CSTRING_pop(slist);
+                 property_free(ps_new);
+-                CRYPTO_THREAD_unlock(lock);
++                --*pidx;
++                CRYPTO_THREAD_unlock(propdata->lock);
+                 return 0;
+             }
+             ps = ps_new;
+         }
+     }
+-    CRYPTO_THREAD_unlock(lock);
++    CRYPTO_THREAD_unlock(propdata->lock);
+     return ps != NULL ? ps->idx : 0;
+ }
+ 
+-struct find_str_st {
+-    const char *str;
+-    OSSL_PROPERTY_IDX idx;
+-};
+-
+-static void find_str_fn(PROPERTY_STRING *prop, void *vfindstr)
+-{
+-    struct find_str_st *findstr = vfindstr;
+-
+-    if (prop->idx == findstr->idx)
+-        findstr->str = prop->s;
+-}
+-
+ static const char *ossl_property_str(int name, OSSL_LIB_CTX *ctx,
+                                      OSSL_PROPERTY_IDX idx)
+ {
+-    struct find_str_st findstr;
++    const char *r;
+     PROPERTY_STRING_DATA *propdata
+         = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_PROPERTY_STRING_INDEX,
+                                 &property_string_data_method);
+@@ -192,33 +202,21 @@ static const char *ossl_property_str(int name, OSSL_LIB_CTX *ctx,
+     if (propdata == NULL)
+         return NULL;
+ 
+-    findstr.str = NULL;
+-    findstr.idx = idx;
+-
+     if (!CRYPTO_THREAD_read_lock(propdata->lock)) {
+         ERR_raise(ERR_LIB_CRYPTO, ERR_R_UNABLE_TO_GET_READ_LOCK);
+         return NULL;
+     }
+-    lh_PROPERTY_STRING_doall_arg(name ? propdata->prop_names
+-                                      : propdata->prop_values,
+-                                 find_str_fn, &findstr);
++    r = sk_OPENSSL_CSTRING_value(name ? propdata->prop_namelist
++                                      : propdata->prop_valuelist, idx - 1);
+     CRYPTO_THREAD_unlock(propdata->lock);
+ 
+-    return findstr.str;
++    return r;
+ }
+ 
+ OSSL_PROPERTY_IDX ossl_property_name(OSSL_LIB_CTX *ctx, const char *s,
+                                      int create)
+ {
+-    PROPERTY_STRING_DATA *propdata
+-        = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_PROPERTY_STRING_INDEX,
+-                                &property_string_data_method);
+-
+-    if (propdata == NULL)
+-        return 0;
+-    return ossl_property_string(propdata->lock, propdata->prop_names,
+-                                create ? &propdata->prop_name_idx : NULL,
+-                                s);
++    return ossl_property_string(ctx, 1, create, s);
+ }
+ 
+ const char *ossl_property_name_str(OSSL_LIB_CTX *ctx, OSSL_PROPERTY_IDX idx)
+@@ -229,15 +227,7 @@ const char *ossl_property_name_str(OSSL_LIB_CTX *ctx, OSSL_PROPERTY_IDX idx)
+ OSSL_PROPERTY_IDX ossl_property_value(OSSL_LIB_CTX *ctx, const char *s,
+                                       int create)
+ {
+-    PROPERTY_STRING_DATA *propdata
+-        = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_PROPERTY_STRING_INDEX,
+-                                &property_string_data_method);
+-
+-    if (propdata == NULL)
+-        return 0;
+-    return ossl_property_string(propdata->lock, propdata->prop_values,
+-                                create ? &propdata->prop_value_idx : NULL,
+-                                s);
++    return ossl_property_string(ctx, 0, create, s);
+ }
+ 
+ const char *ossl_property_value_str(OSSL_LIB_CTX *ctx, OSSL_PROPERTY_IDX idx)
+-- 
+2.33.0
+

openssl.spec

@@ -2,7 +2,7 @@
 Name:        openssl
 Epoch:       1
 Version:     3.0.12
-Release:     14
+Release:     15
 Summary:     Cryptography and SSL/TLS Toolkit
 License:     OpenSSL and SSLeay
 URL:         https://www.openssl.org/
@@ -65,6 +65,16 @@ Patch52:     backport-When-we-re-just-reading-EX_CALLBACK-data-just-get-a-.patch
 Patch53:     backport-Avoid-an-unneccessary-lock-if-we-didn-t-add-anything.patch
 Patch54:     backport-use-__builtin_expect-to-improve-EVP_EncryptUpdate-pe.patch
 Patch55:     backport-Drop-ossl_namemap_add_name_n-and-simplify-ossl_namem.patch
+Patch56:     backport-Don-t-take-a-write-lock-to-retrieve-a-value-from-a-s.patch
+Patch57:     backport-aes-avoid-accessing-key-length-field-directly.patch
+Patch58:     backport-evp-enc-cache-cipher-key-length.patch
+Patch59:     backport-Avoid-calling-into-provider-with-the-same-iv_len-or-.patch
+Patch60:     backport-property-use-a-stack-to-efficiently-convert-index-to.patch
+Patch61:     backport-Revert-Release-the-drbg-in-the-global-default-contex.patch
+Patch62:     backport-Refactor-a-separate-func-for-provider-activation-fro.patch
+Patch63:     backport-Refactor-OSSL_LIB_CTX-to-avoid-using-CRYPTO_EX_DATA.patch
+Patch64:     backport-Release-the-drbg-in-the-global-default-context-befor.patch
+Patch65:     backport-params-provide-a-faster-TRIE-based-param-lookup.patch
 
 Patch9000:   add-FIPS_mode_set-support.patch
 Patch9001:   backport-CVE-2024-9143-Harden-BN_GF2m_poly2arr-against-misuse.patch
@@ -269,6 +279,9 @@ make test || :
 %ldconfig_scriptlets libs
 
 %changelog
+* Wed Nov 27 2024 steven <steven_ygui@163.com> - 1:3.0.12-15
+- backport patch for performance improvements
+
 * Wed Nov 27 2024 zhujianwei <zhujianwei7@huawei.com> - 1:3.0.12-14
 - backport patch for performance improvements