Commit de841a4003 for openssl.org

commit de841a400353b47a56df224f7b760a3e64168974
Author: Christoph Müllner <christoph.muellner@vrull.eu>
Date:   Tue Apr 7 23:05:24 2026 +0200

    riscv: fix missing VLEN >= 128 guard in AES-GCM dispatch

    ossl_prov_aes_hw_gcm() returned &rv64i_zvkned_gcm when
    RISCV_HAS_ZVKNED() was true but RISCV_HAS_ZVKB()/RISCV_HAS_ZVKG()
    were false, without checking riscv_vlen() >= 128. All Zvkned
    instructions require VLEN >= 128; on VLEN=64 hardware this would
    cause illegal-instruction traps.

    All other Zvk* dispatch sites already guard on riscv_vlen() >= 128.
    Hoist the check to the outer if (RISCV_HAS_ZVKNED()) condition to
    cover both return paths uniformly.

    Fixes: d056e90ee58a "riscv: Provide vector crypto implementation of AES-GCM mode."
    Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu>

    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    MergeDate: Wed Apr 15 11:24:50 2026
    (Merged from https://github.com/openssl/openssl/pull/30714)

diff --git a/providers/implementations/ciphers/cipher_aes_gcm_hw_rv64i.inc b/providers/implementations/ciphers/cipher_aes_gcm_hw_rv64i.inc
index 105ca58fd3..dae9beae07 100644
--- a/providers/implementations/ciphers/cipher_aes_gcm_hw_rv64i.inc
+++ b/providers/implementations/ciphers/cipher_aes_gcm_hw_rv64i.inc
@@ -103,10 +103,9 @@ static const PROV_GCM_HW rv64i_zvkb_zvkg_zvkned_gcm = {
 };

 const PROV_GCM_HW *ossl_prov_aes_hw_gcm(size_t keybits) {
-    if (RISCV_HAS_ZVKNED()) {
-      if (RISCV_HAS_ZVKB() && RISCV_HAS_ZVKG() && riscv_vlen() >= 128) {
+    if (RISCV_HAS_ZVKNED() && riscv_vlen() >= 128) {
+      if (RISCV_HAS_ZVKB() && RISCV_HAS_ZVKG())
         return &rv64i_zvkb_zvkg_zvkned_gcm;
-      }
       return &rv64i_zvkned_gcm;
     }