SOURCE[../../../libcrypto]=\
- sha2.c sha3.c
+ sha2_prov.c sha3_prov.c
SOURCE[../../fips]=\
- sha2.c sha3.c
+ sha2_prov.c sha3_prov.c
+++ /dev/null
-/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <openssl/crypto.h>
-#include <openssl/core_numbers.h>
-#include <openssl/sha.h>
-#include <openssl/params.h>
-#include <openssl/core_names.h>
-#include "internal/core_mkdigest.h"
-#include "internal/provider_algs.h"
-#include "internal/sha.h"
-
-static OSSL_OP_digest_set_params_fn sha1_set_params;
-
-/* Special set_params method for SSL3 */
-static int sha1_set_params(void *vctx, const OSSL_PARAM params[])
-{
- int cmd = 0;
- size_t msg_len = 0;
- const void *msg = NULL;
- const OSSL_PARAM *p;
- SHA_CTX *ctx = (SHA_CTX *)vctx;
-
- if (ctx != NULL && params != NULL) {
- p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_CMD);
- if (p != NULL && !OSSL_PARAM_get_int(p, &cmd))
- return 0;
- p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_MSG);
- if (p != NULL && !OSSL_PARAM_get_octet_ptr(p, &msg, &msg_len))
- return 0;
- return sha1_ctrl(ctx, cmd, msg_len, (void *)msg);
- }
- return 0;
-}
-
-OSSL_FUNC_DIGEST_CONSTRUCT_PARAMS(sha1, SHA_CTX,
- SHA_CBLOCK, SHA_DIGEST_LENGTH,
- SHA1_Init, SHA1_Update, SHA1_Final,
- sha1_set_params)
-
-OSSL_FUNC_DIGEST_CONSTRUCT(sha224, SHA256_CTX,
- SHA256_CBLOCK, SHA224_DIGEST_LENGTH,
- SHA224_Init, SHA224_Update, SHA224_Final)
-
-OSSL_FUNC_DIGEST_CONSTRUCT(sha256, SHA256_CTX,
- SHA256_CBLOCK, SHA256_DIGEST_LENGTH,
- SHA256_Init, SHA256_Update, SHA256_Final)
-
-OSSL_FUNC_DIGEST_CONSTRUCT(sha384, SHA512_CTX,
- SHA512_CBLOCK, SHA384_DIGEST_LENGTH,
- SHA384_Init, SHA384_Update, SHA384_Final)
-
-OSSL_FUNC_DIGEST_CONSTRUCT(sha512, SHA512_CTX,
- SHA512_CBLOCK, SHA512_DIGEST_LENGTH,
- SHA512_Init, SHA512_Update, SHA512_Final)
-
-OSSL_FUNC_DIGEST_CONSTRUCT(sha512_224, SHA512_CTX,
- SHA512_CBLOCK, SHA224_DIGEST_LENGTH,
- sha512_224_init, SHA512_Update, SHA512_Final)
-
-OSSL_FUNC_DIGEST_CONSTRUCT(sha512_256, SHA512_CTX,
- SHA512_CBLOCK, SHA256_DIGEST_LENGTH,
- sha512_256_init, SHA512_Update, SHA512_Final)
-
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/core_numbers.h>
+#include <openssl/sha.h>
+#include <openssl/params.h>
+#include <openssl/core_names.h>
+#include "internal/core_mkdigest.h"
+#include "internal/provider_algs.h"
+#include "internal/sha.h"
+
+static OSSL_OP_digest_set_params_fn sha1_set_params;
+
+/* Special set_params method for SSL3 */
+static int sha1_set_params(void *vctx, const OSSL_PARAM params[])
+{
+ int cmd = 0;
+ size_t msg_len = 0;
+ const void *msg = NULL;
+ const OSSL_PARAM *p;
+ SHA_CTX *ctx = (SHA_CTX *)vctx;
+
+ if (ctx != NULL && params != NULL) {
+ p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_CMD);
+ if (p != NULL && !OSSL_PARAM_get_int(p, &cmd))
+ return 0;
+ p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_MSG);
+ if (p != NULL && !OSSL_PARAM_get_octet_ptr(p, &msg, &msg_len))
+ return 0;
+ return sha1_ctrl(ctx, cmd, msg_len, (void *)msg);
+ }
+ return 0;
+}
+
+OSSL_FUNC_DIGEST_CONSTRUCT_PARAMS(sha1, SHA_CTX,
+ SHA_CBLOCK, SHA_DIGEST_LENGTH,
+ SHA1_Init, SHA1_Update, SHA1_Final,
+ sha1_set_params)
+
+OSSL_FUNC_DIGEST_CONSTRUCT(sha224, SHA256_CTX,
+ SHA256_CBLOCK, SHA224_DIGEST_LENGTH,
+ SHA224_Init, SHA224_Update, SHA224_Final)
+
+OSSL_FUNC_DIGEST_CONSTRUCT(sha256, SHA256_CTX,
+ SHA256_CBLOCK, SHA256_DIGEST_LENGTH,
+ SHA256_Init, SHA256_Update, SHA256_Final)
+
+OSSL_FUNC_DIGEST_CONSTRUCT(sha384, SHA512_CTX,
+ SHA512_CBLOCK, SHA384_DIGEST_LENGTH,
+ SHA384_Init, SHA384_Update, SHA384_Final)
+
+OSSL_FUNC_DIGEST_CONSTRUCT(sha512, SHA512_CTX,
+ SHA512_CBLOCK, SHA512_DIGEST_LENGTH,
+ SHA512_Init, SHA512_Update, SHA512_Final)
+
+OSSL_FUNC_DIGEST_CONSTRUCT(sha512_224, SHA512_CTX,
+ SHA512_CBLOCK, SHA224_DIGEST_LENGTH,
+ sha512_224_init, SHA512_Update, SHA512_Final)
+
+OSSL_FUNC_DIGEST_CONSTRUCT(sha512_256, SHA512_CTX,
+ SHA512_CBLOCK, SHA256_DIGEST_LENGTH,
+ sha512_256_init, SHA512_Update, SHA512_Final)
+
+++ /dev/null
-/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <openssl/core_names.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/evp.h>
-#include <openssl/params.h>
-#include "internal/sha3.h"
-#include "internal/core_mkdigest.h"
-#include "internal/provider_algs.h"
-
-/*
- * Forward declaration of any unique methods implemented here. This is not strictly
- * necessary for the compiler, but provides an assurance that the signatures
- * of the functions in the dispatch table are correct.
- */
-static OSSL_OP_digest_init_fn keccak_init;
-static OSSL_OP_digest_update_fn keccak_update;
-static OSSL_OP_digest_final_fn keccak_final;
-static OSSL_OP_digest_freectx_fn keccak_freectx;
-static OSSL_OP_digest_dupctx_fn keccak_dupctx;
-static OSSL_OP_digest_set_params_fn shake_set_params;
-static sha3_absorb_fn generic_sha3_absorb;
-static sha3_final_fn generic_sha3_final;
-
-#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__) && defined(KECCAK1600_ASM)
-/*
- * IBM S390X support
- */
-# include "s390x_arch.h"
-# define S390_SHA3 1
-# define S390_SHA3_CAPABLE(name) \
- ((OPENSSL_s390xcap_P.kimd[0] & S390X_CAPBIT(S390X_##name)) && \
- (OPENSSL_s390xcap_P.klmd[0] & S390X_CAPBIT(S390X_##name)))
-
-#endif
-
-static int keccak_init(void *vctx)
-{
- /* The newctx() handles most of the ctx fixed setup. */
- sha3_reset((KECCAK1600_CTX *)vctx);
- return 1;
-}
-
-static int keccak_update(void *vctx, const unsigned char *inp, size_t len)
-{
- KECCAK1600_CTX *ctx = vctx;
- const size_t bsz = ctx->block_size;
- size_t num, rem;
-
- if (len == 0)
- return 1;
-
- /* Is there anything in the buffer already ? */
- if ((num = ctx->bufsz) != 0) {
- /* Calculate how much space is left in the buffer */
- rem = bsz - num;
- /* If the new input does not fill the buffer then just add it */
- if (len < rem) {
- memcpy(ctx->buf + num, inp, len);
- ctx->bufsz += len;
- return 1;
- }
- /* otherwise fill up the buffer and absorb the buffer */
- memcpy(ctx->buf + num, inp, rem);
- /* Update the input pointer */
- inp += rem;
- len -= rem;
- ctx->meth.absorb(ctx, ctx->buf, bsz);
- ctx->bufsz = 0;
- }
- /* Absorb the input - rem = leftover part of the input < blocksize) */
- rem = ctx->meth.absorb(ctx, inp, len);
- /* Copy the leftover bit of the input into the buffer */
- if (rem) {
- memcpy(ctx->buf, inp + len - rem, rem);
- ctx->bufsz = rem;
- }
- return 1;
-}
-
-static int keccak_final(void *vctx, unsigned char *out, size_t *outl,
- size_t outsz)
-{
- int ret;
- KECCAK1600_CTX *ctx = vctx;
-
- ret = ctx->meth.final(out, ctx);
- *outl = ctx->md_size;
- return ret;
-}
-
-/*-
- * Generic software version of the absorb() and final().
- */
-static size_t generic_sha3_absorb(void *vctx, const void *inp, size_t len)
-{
- KECCAK1600_CTX *ctx = vctx;
-
- return SHA3_absorb(ctx->A, inp, len, ctx->block_size);
-}
-
-static int generic_sha3_final(unsigned char *md, void *vctx)
-{
- return sha3_final(md, (KECCAK1600_CTX *)vctx);
-}
-
-static PROV_SHA3_METHOD sha3_generic_md =
-{
- generic_sha3_absorb,
- generic_sha3_final
-};
-
-#if defined(S390_SHA3)
-
-static sha3_absorb_fn s390x_sha3_absorb;
-static sha3_final_fn s390x_sha3_final;
-static sha3_final_fn s390x_shake_final;
-
-/*-
- * The platform specific parts of the absorb() and final() for S390X.
- */
-static size_t s390x_sha3_absorb(void *vctx, const void *inp, size_t len)
-{
- KECCAK1600_CTX *ctx = vctx;
- size_t rem = len % ctx->block_size;
-
- s390x_kimd(inp, len - rem, ctx->pad, ctx->A);
- return rem;
-}
-
-static int s390x_sha3_final(unsigned char *md, void *vctx)
-{
- KECCAK1600_CTX *ctx = vctx;
-
- s390x_klmd(ctx->buf, ctx->bufsz, NULL, 0, ctx->pad, ctx->A);
- memcpy(md, ctx->A, ctx->md_size);
-}
-
-static int s390x_shake_final(unsigned char *md, void *vctx)
-{
- KECCAK1600_CTX *ctx = vctx;
-
- s390x_klmd(ctx->buf, ctx->bufsz, md, ctx->md_size, ctx->pad, ctx->A);
- return 1;
-}
-
-static PROV_SHA3_METHOD sha3_s390x_md =
-{
- s390x_sha3_absorb,
- s390x_sha3_final
-};
-
-static PROV_SHA3_METHOD shake_s390x_md =
-{
- s390x_sha3_absorb,
- s390x_shake_final
-};
-
-# define SHA3_SET_MD(uname, typ) \
- if (S390_SHA3_CAPABLE(uname)) { \
- ctx->pad = S390X_##uname; \
- ctx->meth = typ##_s390x_md; \
- } else { \
- ctx->meth = sha3_generic_md; \
- }
-#else
-# define SHA3_SET_MD(uname, typ) ctx->meth = sha3_generic_md;
-#endif /* S390_SHA3 */
-
-#define SHA3_newctx(typ, uname, name, bitlen, pad) \
-static OSSL_OP_digest_newctx_fn name##_newctx; \
-static void *name##_newctx(void *provctx) \
-{ \
- KECCAK1600_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); \
- \
- if (ctx == NULL) \
- return NULL; \
- sha3_init(ctx, pad, bitlen); \
- SHA3_SET_MD(name, typ) \
- return ctx; \
-}
-
-#define KMAC_newctx(uname, bitlen, pad) \
-static OSSL_OP_digest_newctx_fn uname##_newctx; \
-static void *uname##_newctx(void *provctx) \
-{ \
- KECCAK1600_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); \
- \
- if (ctx == NULL) \
- return NULL; \
- keccak_kmac_init(ctx, pad, bitlen); \
- ctx->meth = sha3_generic_md; \
- return ctx; \
-}
-
-#define OSSL_FUNC_SHA3_DIGEST(name, bitlen, dgstsize, stparams) \
-static OSSL_OP_digest_size_fn name##_size; \
-static OSSL_OP_digest_block_size_fn name##_block_size; \
-static size_t name##_block_size(void) \
-{ \
- return SHA3_BLOCKSIZE(bitlen); \
-} \
-static size_t name##_size(void) \
-{ \
- return dgstsize; \
-} \
-const OSSL_DISPATCH name##_functions[] = { \
- { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))name##_newctx }, \
- { OSSL_FUNC_DIGEST_INIT, (void (*)(void))keccak_init }, \
- { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))keccak_update }, \
- { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))keccak_final }, \
- { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))keccak_freectx }, \
- { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))keccak_dupctx }, \
- { OSSL_FUNC_DIGEST_SIZE, (void (*)(void))name##_size }, \
- { OSSL_FUNC_DIGEST_BLOCK_SIZE, (void (*)(void))name##_block_size }, \
- { OSSL_FUNC_DIGEST_SET_PARAMS, (void (*)(void))stparams },\
-OSSL_FUNC_DIGEST_CONSTRUCT_END
-
-static void keccak_freectx(void *vctx)
-{
- KECCAK1600_CTX *ctx = (KECCAK1600_CTX *)vctx;
-
- OPENSSL_clear_free(ctx, sizeof(*ctx));
-}
-
-static void *keccak_dupctx(void *ctx)
-{
- KECCAK1600_CTX *in = (KECCAK1600_CTX *)ctx;
- KECCAK1600_CTX *ret = OPENSSL_malloc(sizeof(*ret));
-
- *ret = *in;
- return ret;
-}
-
-static int shake_set_params(void *vctx, const OSSL_PARAM params[])
-{
- const OSSL_PARAM *p;
- KECCAK1600_CTX *ctx = (KECCAK1600_CTX *)vctx;
-
- if (ctx != NULL && params != NULL) {
- p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_XOFLEN);
- if (p != NULL && !OSSL_PARAM_get_size_t(p, &ctx->md_size))
- return 0;
- return 1;
- }
- return 0; /* Null Parameter */
-}
-
-#define SHA3(bitlen) \
- SHA3_newctx(sha3, SHA3_##bitlen, sha3_##bitlen, bitlen, '\x06') \
- OSSL_FUNC_SHA3_DIGEST(sha3_##bitlen, bitlen, SHA3_MDSIZE(bitlen), NULL)
-
-#define SHAKE(bitlen) \
- SHA3_newctx(shake, SHAKE_##bitlen, shake_##bitlen, bitlen, '\x1f') \
- OSSL_FUNC_SHA3_DIGEST(shake_##bitlen, bitlen, SHA3_MDSIZE(bitlen), \
- shake_set_params)
-#define KMAC(bitlen) \
- KMAC_newctx(keccak_kmac_##bitlen, bitlen, '\x04') \
- OSSL_FUNC_SHA3_DIGEST(keccak_kmac_##bitlen, bitlen, KMAC_MDSIZE(bitlen), \
- shake_set_params)
-
-SHA3(224)
-SHA3(256)
-SHA3(384)
-SHA3(512)
-SHAKE(128)
-SHAKE(256)
-KMAC(128)
-KMAC(256)
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/core_names.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/evp.h>
+#include <openssl/params.h>
+#include "internal/sha3.h"
+#include "internal/core_mkdigest.h"
+#include "internal/provider_algs.h"
+
+/*
+ * Forward declaration of any unique methods implemented here. This is not strictly
+ * necessary for the compiler, but provides an assurance that the signatures
+ * of the functions in the dispatch table are correct.
+ */
+static OSSL_OP_digest_init_fn keccak_init;
+static OSSL_OP_digest_update_fn keccak_update;
+static OSSL_OP_digest_final_fn keccak_final;
+static OSSL_OP_digest_freectx_fn keccak_freectx;
+static OSSL_OP_digest_dupctx_fn keccak_dupctx;
+static OSSL_OP_digest_set_params_fn shake_set_params;
+static sha3_absorb_fn generic_sha3_absorb;
+static sha3_final_fn generic_sha3_final;
+
+#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__) && defined(KECCAK1600_ASM)
+/*
+ * IBM S390X support
+ */
+# include "s390x_arch.h"
+# define S390_SHA3 1
+# define S390_SHA3_CAPABLE(name) \
+ ((OPENSSL_s390xcap_P.kimd[0] & S390X_CAPBIT(S390X_##name)) && \
+ (OPENSSL_s390xcap_P.klmd[0] & S390X_CAPBIT(S390X_##name)))
+
+#endif
+
+static int keccak_init(void *vctx)
+{
+ /* The newctx() handles most of the ctx fixed setup. */
+ sha3_reset((KECCAK1600_CTX *)vctx);
+ return 1;
+}
+
+static int keccak_update(void *vctx, const unsigned char *inp, size_t len)
+{
+ KECCAK1600_CTX *ctx = vctx;
+ const size_t bsz = ctx->block_size;
+ size_t num, rem;
+
+ if (len == 0)
+ return 1;
+
+ /* Is there anything in the buffer already ? */
+ if ((num = ctx->bufsz) != 0) {
+ /* Calculate how much space is left in the buffer */
+ rem = bsz - num;
+ /* If the new input does not fill the buffer then just add it */
+ if (len < rem) {
+ memcpy(ctx->buf + num, inp, len);
+ ctx->bufsz += len;
+ return 1;
+ }
+ /* otherwise fill up the buffer and absorb the buffer */
+ memcpy(ctx->buf + num, inp, rem);
+ /* Update the input pointer */
+ inp += rem;
+ len -= rem;
+ ctx->meth.absorb(ctx, ctx->buf, bsz);
+ ctx->bufsz = 0;
+ }
+ /* Absorb the input - rem = leftover part of the input < blocksize) */
+ rem = ctx->meth.absorb(ctx, inp, len);
+ /* Copy the leftover bit of the input into the buffer */
+ if (rem) {
+ memcpy(ctx->buf, inp + len - rem, rem);
+ ctx->bufsz = rem;
+ }
+ return 1;
+}
+
+static int keccak_final(void *vctx, unsigned char *out, size_t *outl,
+ size_t outsz)
+{
+ int ret;
+ KECCAK1600_CTX *ctx = vctx;
+
+ ret = ctx->meth.final(out, ctx);
+ *outl = ctx->md_size;
+ return ret;
+}
+
+/*-
+ * Generic software version of the absorb() and final().
+ */
+static size_t generic_sha3_absorb(void *vctx, const void *inp, size_t len)
+{
+ KECCAK1600_CTX *ctx = vctx;
+
+ return SHA3_absorb(ctx->A, inp, len, ctx->block_size);
+}
+
+static int generic_sha3_final(unsigned char *md, void *vctx)
+{
+ return sha3_final(md, (KECCAK1600_CTX *)vctx);
+}
+
+static PROV_SHA3_METHOD sha3_generic_md =
+{
+ generic_sha3_absorb,
+ generic_sha3_final
+};
+
+#if defined(S390_SHA3)
+
+static sha3_absorb_fn s390x_sha3_absorb;
+static sha3_final_fn s390x_sha3_final;
+static sha3_final_fn s390x_shake_final;
+
+/*-
+ * The platform specific parts of the absorb() and final() for S390X.
+ */
+static size_t s390x_sha3_absorb(void *vctx, const void *inp, size_t len)
+{
+ KECCAK1600_CTX *ctx = vctx;
+ size_t rem = len % ctx->block_size;
+
+ s390x_kimd(inp, len - rem, ctx->pad, ctx->A);
+ return rem;
+}
+
+static int s390x_sha3_final(unsigned char *md, void *vctx)
+{
+ KECCAK1600_CTX *ctx = vctx;
+
+ s390x_klmd(ctx->buf, ctx->bufsz, NULL, 0, ctx->pad, ctx->A);
+ memcpy(md, ctx->A, ctx->md_size);
+}
+
+static int s390x_shake_final(unsigned char *md, void *vctx)
+{
+ KECCAK1600_CTX *ctx = vctx;
+
+ s390x_klmd(ctx->buf, ctx->bufsz, md, ctx->md_size, ctx->pad, ctx->A);
+ return 1;
+}
+
+static PROV_SHA3_METHOD sha3_s390x_md =
+{
+ s390x_sha3_absorb,
+ s390x_sha3_final
+};
+
+static PROV_SHA3_METHOD shake_s390x_md =
+{
+ s390x_sha3_absorb,
+ s390x_shake_final
+};
+
+# define SHA3_SET_MD(uname, typ) \
+ if (S390_SHA3_CAPABLE(uname)) { \
+ ctx->pad = S390X_##uname; \
+ ctx->meth = typ##_s390x_md; \
+ } else { \
+ ctx->meth = sha3_generic_md; \
+ }
+#else
+# define SHA3_SET_MD(uname, typ) ctx->meth = sha3_generic_md;
+#endif /* S390_SHA3 */
+
+#define SHA3_newctx(typ, uname, name, bitlen, pad) \
+static OSSL_OP_digest_newctx_fn name##_newctx; \
+static void *name##_newctx(void *provctx) \
+{ \
+ KECCAK1600_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); \
+ \
+ if (ctx == NULL) \
+ return NULL; \
+ sha3_init(ctx, pad, bitlen); \
+ SHA3_SET_MD(name, typ) \
+ return ctx; \
+}
+
+#define KMAC_newctx(uname, bitlen, pad) \
+static OSSL_OP_digest_newctx_fn uname##_newctx; \
+static void *uname##_newctx(void *provctx) \
+{ \
+ KECCAK1600_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); \
+ \
+ if (ctx == NULL) \
+ return NULL; \
+ keccak_kmac_init(ctx, pad, bitlen); \
+ ctx->meth = sha3_generic_md; \
+ return ctx; \
+}
+
+#define OSSL_FUNC_SHA3_DIGEST(name, bitlen, dgstsize, stparams) \
+static OSSL_OP_digest_size_fn name##_size; \
+static OSSL_OP_digest_block_size_fn name##_block_size; \
+static size_t name##_block_size(void) \
+{ \
+ return SHA3_BLOCKSIZE(bitlen); \
+} \
+static size_t name##_size(void) \
+{ \
+ return dgstsize; \
+} \
+const OSSL_DISPATCH name##_functions[] = { \
+ { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))name##_newctx }, \
+ { OSSL_FUNC_DIGEST_INIT, (void (*)(void))keccak_init }, \
+ { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))keccak_update }, \
+ { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))keccak_final }, \
+ { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))keccak_freectx }, \
+ { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))keccak_dupctx }, \
+ { OSSL_FUNC_DIGEST_SIZE, (void (*)(void))name##_size }, \
+ { OSSL_FUNC_DIGEST_BLOCK_SIZE, (void (*)(void))name##_block_size }, \
+ { OSSL_FUNC_DIGEST_SET_PARAMS, (void (*)(void))stparams },\
+OSSL_FUNC_DIGEST_CONSTRUCT_END
+
+static void keccak_freectx(void *vctx)
+{
+ KECCAK1600_CTX *ctx = (KECCAK1600_CTX *)vctx;
+
+ OPENSSL_clear_free(ctx, sizeof(*ctx));
+}
+
+static void *keccak_dupctx(void *ctx)
+{
+ KECCAK1600_CTX *in = (KECCAK1600_CTX *)ctx;
+ KECCAK1600_CTX *ret = OPENSSL_malloc(sizeof(*ret));
+
+ *ret = *in;
+ return ret;
+}
+
+static int shake_set_params(void *vctx, const OSSL_PARAM params[])
+{
+ const OSSL_PARAM *p;
+ KECCAK1600_CTX *ctx = (KECCAK1600_CTX *)vctx;
+
+ if (ctx != NULL && params != NULL) {
+ p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_XOFLEN);
+ if (p != NULL && !OSSL_PARAM_get_size_t(p, &ctx->md_size))
+ return 0;
+ return 1;
+ }
+ return 0; /* Null Parameter */
+}
+
+#define SHA3(bitlen) \
+ SHA3_newctx(sha3, SHA3_##bitlen, sha3_##bitlen, bitlen, '\x06') \
+ OSSL_FUNC_SHA3_DIGEST(sha3_##bitlen, bitlen, SHA3_MDSIZE(bitlen), NULL)
+
+#define SHAKE(bitlen) \
+ SHA3_newctx(shake, SHAKE_##bitlen, shake_##bitlen, bitlen, '\x1f') \
+ OSSL_FUNC_SHA3_DIGEST(shake_##bitlen, bitlen, SHA3_MDSIZE(bitlen), \
+ shake_set_params)
+#define KMAC(bitlen) \
+ KMAC_newctx(keccak_kmac_##bitlen, bitlen, '\x04') \
+ OSSL_FUNC_SHA3_DIGEST(keccak_kmac_##bitlen, bitlen, KMAC_MDSIZE(bitlen), \
+ shake_set_params)
+
+SHA3(224)
+SHA3(256)
+SHA3(384)
+SHA3(512)
+SHAKE(128)
+SHAKE(256)
+KMAC(128)
+KMAC(256)
+++ /dev/null
-/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <openssl/crypto.h>
-#include "internal/blake2.h"
-#include "internal/core_mkdigest.h"
-#include "internal/provider_algs.h"
-
-OSSL_OP_digest_init_fn blake2s256_init;
-OSSL_OP_digest_init_fn blake2b512_init;
-
-int blake2s256_init(void *ctx)
-{
- BLAKE2S_PARAM P;
-
- blake2s_param_init(&P);
- return blake2s_init((BLAKE2S_CTX *)ctx, &P);
-}
-
-int blake2b512_init(void *ctx)
-{
- BLAKE2B_PARAM P;
-
- blake2b_param_init(&P);
- return blake2b_init((BLAKE2B_CTX *)ctx, &P);
-}
-
-OSSL_FUNC_DIGEST_CONSTRUCT(blake2s256, BLAKE2S_CTX,
- BLAKE2S_BLOCKBYTES, BLAKE2S_DIGEST_LENGTH,
- blake2s256_init, blake2s_update, blake2s_final)
-
-OSSL_FUNC_DIGEST_CONSTRUCT(blake2b512, BLAKE2B_CTX,
- BLAKE2B_BLOCKBYTES, BLAKE2B_DIGEST_LENGTH,
- blake2b512_init, blake2b_update, blake2b_final)
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "internal/blake2.h"
+#include "internal/core_mkdigest.h"
+#include "internal/provider_algs.h"
+
+OSSL_OP_digest_init_fn blake2s256_init;
+OSSL_OP_digest_init_fn blake2b512_init;
+
+int blake2s256_init(void *ctx)
+{
+ BLAKE2S_PARAM P;
+
+ blake2s_param_init(&P);
+ return blake2s_init((BLAKE2S_CTX *)ctx, &P);
+}
+
+int blake2b512_init(void *ctx)
+{
+ BLAKE2B_PARAM P;
+
+ blake2b_param_init(&P);
+ return blake2b_init((BLAKE2B_CTX *)ctx, &P);
+}
+
+OSSL_FUNC_DIGEST_CONSTRUCT(blake2s256, BLAKE2S_CTX,
+ BLAKE2S_BLOCKBYTES, BLAKE2S_DIGEST_LENGTH,
+ blake2s256_init, blake2s_update, blake2s_final)
+
+OSSL_FUNC_DIGEST_CONSTRUCT(blake2b512, BLAKE2B_CTX,
+ BLAKE2B_BLOCKBYTES, BLAKE2B_DIGEST_LENGTH,
+ blake2b512_init, blake2b_update, blake2b_final)
+++ /dev/null
-/*
- * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/*
- * Derived from the BLAKE2 reference implementation written by Samuel Neves.
- * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
- * More information about the BLAKE2 hash function and its implementations
- * can be found at https://blake2.net.
- */
-
-#include <assert.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include "blake2_impl.h"
-
-#include "internal/blake2.h"
-
-static const uint64_t blake2b_IV[8] =
-{
- 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL,
- 0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL,
- 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL,
- 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL
-};
-
-static const uint8_t blake2b_sigma[12][16] =
-{
- { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } ,
- { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } ,
- { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 } ,
- { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 } ,
- { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 } ,
- { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 } ,
- { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 } ,
- { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 } ,
- { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 } ,
- { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 } ,
- { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } ,
- { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 }
-};
-
-/* Set that it's the last block we'll compress */
-static ossl_inline void blake2b_set_lastblock(BLAKE2B_CTX *S)
-{
- S->f[0] = -1;
-}
-
-/* Initialize the hashing state. */
-static ossl_inline void blake2b_init0(BLAKE2B_CTX *S)
-{
- int i;
-
- memset(S, 0, sizeof(BLAKE2B_CTX));
- for (i = 0; i < 8; ++i) {
- S->h[i] = blake2b_IV[i];
- }
-}
-
-/* init xors IV with input parameter block and sets the output length */
-static void blake2b_init_param(BLAKE2B_CTX *S, const BLAKE2B_PARAM *P)
-{
- size_t i;
- const uint8_t *p = (const uint8_t *)(P);
-
- blake2b_init0(S);
- S->outlen = P->digest_length;
-
- /* The param struct is carefully hand packed, and should be 64 bytes on
- * every platform. */
- assert(sizeof(BLAKE2B_PARAM) == 64);
- /* IV XOR ParamBlock */
- for (i = 0; i < 8; ++i) {
- S->h[i] ^= load64(p + sizeof(S->h[i]) * i);
- }
-}
-
-/* Initialize the parameter block with default values */
-void blake2b_param_init(BLAKE2B_PARAM *P)
-{
- P->digest_length = BLAKE2B_DIGEST_LENGTH;
- P->key_length = 0;
- P->fanout = 1;
- P->depth = 1;
- store32(P->leaf_length, 0);
- store64(P->node_offset, 0);
- P->node_depth = 0;
- P->inner_length = 0;
- memset(P->reserved, 0, sizeof(P->reserved));
- memset(P->salt, 0, sizeof(P->salt));
- memset(P->personal, 0, sizeof(P->personal));
-}
-
-void blake2b_param_set_digest_length(BLAKE2B_PARAM *P, uint8_t outlen)
-{
- P->digest_length = outlen;
-}
-
-void blake2b_param_set_key_length(BLAKE2B_PARAM *P, uint8_t keylen)
-{
- P->key_length = keylen;
-}
-
-void blake2b_param_set_personal(BLAKE2B_PARAM *P, const uint8_t *personal, size_t len)
-{
- memcpy(P->personal, personal, len);
- memset(P->personal + len, 0, BLAKE2B_PERSONALBYTES - len);
-}
-
-void blake2b_param_set_salt(BLAKE2B_PARAM *P, const uint8_t *salt, size_t len)
-{
- memcpy(P->salt, salt, len);
- memset(P->salt + len, 0, BLAKE2B_SALTBYTES - len);
-}
-
-/*
- * Initialize the hashing context with the given parameter block.
- * Always returns 1.
- */
-int blake2b_init(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P)
-{
- blake2b_init_param(c, P);
- return 1;
-}
-
-/*
- * Initialize the hashing context with the given parameter block and key.
- * Always returns 1.
- */
-int blake2b_init_key(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P, const void *key)
-{
- blake2b_init_param(c, P);
-
- /* Pad the key to form first data block */
- {
- uint8_t block[BLAKE2B_BLOCKBYTES] = {0};
-
- memcpy(block, key, P->key_length);
- blake2b_update(c, block, BLAKE2B_BLOCKBYTES);
- OPENSSL_cleanse(block, BLAKE2B_BLOCKBYTES);
- }
-
- return 1;
-}
-
-/* Permute the state while xoring in the block of data. */
-static void blake2b_compress(BLAKE2B_CTX *S,
- const uint8_t *blocks,
- size_t len)
-{
- uint64_t m[16];
- uint64_t v[16];
- int i;
- size_t increment;
-
- /*
- * There are two distinct usage vectors for this function:
- *
- * a) BLAKE2b_Update uses it to process complete blocks,
- * possibly more than one at a time;
- *
- * b) BLAK2b_Final uses it to process last block, always
- * single but possibly incomplete, in which case caller
- * pads input with zeros.
- */
- assert(len < BLAKE2B_BLOCKBYTES || len % BLAKE2B_BLOCKBYTES == 0);
-
- /*
- * Since last block is always processed with separate call,
- * |len| not being multiple of complete blocks can be observed
- * only with |len| being less than BLAKE2B_BLOCKBYTES ("less"
- * including even zero), which is why following assignment doesn't
- * have to reside inside the main loop below.
- */
- increment = len < BLAKE2B_BLOCKBYTES ? len : BLAKE2B_BLOCKBYTES;
-
- for (i = 0; i < 8; ++i) {
- v[i] = S->h[i];
- }
-
- do {
- for (i = 0; i < 16; ++i) {
- m[i] = load64(blocks + i * sizeof(m[i]));
- }
-
- /* blake2b_increment_counter */
- S->t[0] += increment;
- S->t[1] += (S->t[0] < increment);
-
- v[8] = blake2b_IV[0];
- v[9] = blake2b_IV[1];
- v[10] = blake2b_IV[2];
- v[11] = blake2b_IV[3];
- v[12] = S->t[0] ^ blake2b_IV[4];
- v[13] = S->t[1] ^ blake2b_IV[5];
- v[14] = S->f[0] ^ blake2b_IV[6];
- v[15] = S->f[1] ^ blake2b_IV[7];
-#define G(r,i,a,b,c,d) \
- do { \
- a = a + b + m[blake2b_sigma[r][2*i+0]]; \
- d = rotr64(d ^ a, 32); \
- c = c + d; \
- b = rotr64(b ^ c, 24); \
- a = a + b + m[blake2b_sigma[r][2*i+1]]; \
- d = rotr64(d ^ a, 16); \
- c = c + d; \
- b = rotr64(b ^ c, 63); \
- } while (0)
-#define ROUND(r) \
- do { \
- G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \
- G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \
- G(r,2,v[ 2],v[ 6],v[10],v[14]); \
- G(r,3,v[ 3],v[ 7],v[11],v[15]); \
- G(r,4,v[ 0],v[ 5],v[10],v[15]); \
- G(r,5,v[ 1],v[ 6],v[11],v[12]); \
- G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \
- G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \
- } while (0)
-#if defined(OPENSSL_SMALL_FOOTPRINT)
- /* 3x size reduction on x86_64, almost 7x on ARMv8, 9x on ARMv4 */
- for (i = 0; i < 12; i++) {
- ROUND(i);
- }
-#else
- ROUND(0);
- ROUND(1);
- ROUND(2);
- ROUND(3);
- ROUND(4);
- ROUND(5);
- ROUND(6);
- ROUND(7);
- ROUND(8);
- ROUND(9);
- ROUND(10);
- ROUND(11);
-#endif
-
- for (i = 0; i < 8; ++i) {
- S->h[i] = v[i] ^= v[i + 8] ^ S->h[i];
- }
-#undef G
-#undef ROUND
- blocks += increment;
- len -= increment;
- } while (len);
-}
-
-/* Absorb the input data into the hash state. Always returns 1. */
-int blake2b_update(BLAKE2B_CTX *c, const void *data, size_t datalen)
-{
- const uint8_t *in = data;
- size_t fill;
-
- /*
- * Intuitively one would expect intermediate buffer, c->buf, to
- * store incomplete blocks. But in this case we are interested to
- * temporarily stash even complete blocks, because last one in the
- * stream has to be treated in special way, and at this point we
- * don't know if last block in *this* call is last one "ever". This
- * is the reason for why |datalen| is compared as >, and not >=.
- */
- fill = sizeof(c->buf) - c->buflen;
- if (datalen > fill) {
- if (c->buflen) {
- memcpy(c->buf + c->buflen, in, fill); /* Fill buffer */
- blake2b_compress(c, c->buf, BLAKE2B_BLOCKBYTES);
- c->buflen = 0;
- in += fill;
- datalen -= fill;
- }
- if (datalen > BLAKE2B_BLOCKBYTES) {
- size_t stashlen = datalen % BLAKE2B_BLOCKBYTES;
- /*
- * If |datalen| is a multiple of the blocksize, stash
- * last complete block, it can be final one...
- */
- stashlen = stashlen ? stashlen : BLAKE2B_BLOCKBYTES;
- datalen -= stashlen;
- blake2b_compress(c, in, datalen);
- in += datalen;
- datalen = stashlen;
- }
- }
-
- assert(datalen <= BLAKE2B_BLOCKBYTES);
-
- memcpy(c->buf + c->buflen, in, datalen);
- c->buflen += datalen; /* Be lazy, do not compress */
-
- return 1;
-}
-
-/*
- * Calculate the final hash and save it in md.
- * Always returns 1.
- */
-int blake2b_final(unsigned char *md, BLAKE2B_CTX *c)
-{
- uint8_t outbuffer[BLAKE2B_OUTBYTES] = {0};
- uint8_t *target = outbuffer;
- int iter = (c->outlen + 7) / 8;
- int i;
-
- /* Avoid writing to the temporary buffer if possible */
- if ((c->outlen % sizeof(c->h[0])) == 0)
- target = md;
-
- blake2b_set_lastblock(c);
- /* Padding */
- memset(c->buf + c->buflen, 0, sizeof(c->buf) - c->buflen);
- blake2b_compress(c, c->buf, c->buflen);
-
- /* Output full hash to buffer */
- for (i = 0; i < iter; ++i)
- store64(target + sizeof(c->h[i]) * i, c->h[i]);
-
- if (target != md)
- memcpy(md, target, c->outlen);
-
- OPENSSL_cleanse(c, sizeof(BLAKE2B_CTX));
- return 1;
-}
--- /dev/null
+/*
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Derived from the BLAKE2 reference implementation written by Samuel Neves.
+ * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
+ * More information about the BLAKE2 hash function and its implementations
+ * can be found at https://blake2.net.
+ */
+
+#include <assert.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include "blake2_impl.h"
+
+#include "internal/blake2.h"
+
+static const uint64_t blake2b_IV[8] =
+{
+ 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL,
+ 0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL,
+ 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL,
+ 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL
+};
+
+static const uint8_t blake2b_sigma[12][16] =
+{
+ { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } ,
+ { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } ,
+ { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 } ,
+ { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 } ,
+ { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 } ,
+ { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 } ,
+ { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 } ,
+ { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 } ,
+ { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 } ,
+ { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 } ,
+ { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } ,
+ { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 }
+};
+
+/* Set that it's the last block we'll compress */
+static ossl_inline void blake2b_set_lastblock(BLAKE2B_CTX *S)
+{
+ S->f[0] = -1;
+}
+
+/* Initialize the hashing state. */
+static ossl_inline void blake2b_init0(BLAKE2B_CTX *S)
+{
+ int i;
+
+ memset(S, 0, sizeof(BLAKE2B_CTX));
+ for (i = 0; i < 8; ++i) {
+ S->h[i] = blake2b_IV[i];
+ }
+}
+
+/* init xors IV with input parameter block and sets the output length */
+static void blake2b_init_param(BLAKE2B_CTX *S, const BLAKE2B_PARAM *P)
+{
+ size_t i;
+ const uint8_t *p = (const uint8_t *)(P);
+
+ blake2b_init0(S);
+ S->outlen = P->digest_length;
+
+ /* The param struct is carefully hand packed, and should be 64 bytes on
+ * every platform. */
+ assert(sizeof(BLAKE2B_PARAM) == 64);
+ /* IV XOR ParamBlock */
+ for (i = 0; i < 8; ++i) {
+ S->h[i] ^= load64(p + sizeof(S->h[i]) * i);
+ }
+}
+
+/* Initialize the parameter block with default values */
+void blake2b_param_init(BLAKE2B_PARAM *P)
+{
+ P->digest_length = BLAKE2B_DIGEST_LENGTH;
+ P->key_length = 0;
+ P->fanout = 1;
+ P->depth = 1;
+ store32(P->leaf_length, 0);
+ store64(P->node_offset, 0);
+ P->node_depth = 0;
+ P->inner_length = 0;
+ memset(P->reserved, 0, sizeof(P->reserved));
+ memset(P->salt, 0, sizeof(P->salt));
+ memset(P->personal, 0, sizeof(P->personal));
+}
+
+void blake2b_param_set_digest_length(BLAKE2B_PARAM *P, uint8_t outlen)
+{
+ P->digest_length = outlen;
+}
+
+void blake2b_param_set_key_length(BLAKE2B_PARAM *P, uint8_t keylen)
+{
+ P->key_length = keylen;
+}
+
+void blake2b_param_set_personal(BLAKE2B_PARAM *P, const uint8_t *personal, size_t len)
+{
+ memcpy(P->personal, personal, len);
+ memset(P->personal + len, 0, BLAKE2B_PERSONALBYTES - len);
+}
+
+void blake2b_param_set_salt(BLAKE2B_PARAM *P, const uint8_t *salt, size_t len)
+{
+ memcpy(P->salt, salt, len);
+ memset(P->salt + len, 0, BLAKE2B_SALTBYTES - len);
+}
+
+/*
+ * Initialize the hashing context with the given parameter block.
+ * Always returns 1.
+ */
+int blake2b_init(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P)
+{
+ blake2b_init_param(c, P);
+ return 1;
+}
+
+/*
+ * Initialize the hashing context with the given parameter block and key.
+ * Always returns 1.
+ */
+int blake2b_init_key(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P, const void *key)
+{
+ blake2b_init_param(c, P);
+
+ /* Pad the key to form first data block */
+ {
+ uint8_t block[BLAKE2B_BLOCKBYTES] = {0};
+
+ memcpy(block, key, P->key_length);
+ blake2b_update(c, block, BLAKE2B_BLOCKBYTES);
+ OPENSSL_cleanse(block, BLAKE2B_BLOCKBYTES);
+ }
+
+ return 1;
+}
+
+/* Permute the state while xoring in the block of data. */
+static void blake2b_compress(BLAKE2B_CTX *S,
+ const uint8_t *blocks,
+ size_t len)
+{
+ uint64_t m[16];
+ uint64_t v[16];
+ int i;
+ size_t increment;
+
+ /*
+ * There are two distinct usage vectors for this function:
+ *
+ * a) BLAKE2b_Update uses it to process complete blocks,
+ * possibly more than one at a time;
+ *
+ * b) BLAK2b_Final uses it to process last block, always
+ * single but possibly incomplete, in which case caller
+ * pads input with zeros.
+ */
+ assert(len < BLAKE2B_BLOCKBYTES || len % BLAKE2B_BLOCKBYTES == 0);
+
+ /*
+ * Since last block is always processed with separate call,
+ * |len| not being multiple of complete blocks can be observed
+ * only with |len| being less than BLAKE2B_BLOCKBYTES ("less"
+ * including even zero), which is why following assignment doesn't
+ * have to reside inside the main loop below.
+ */
+ increment = len < BLAKE2B_BLOCKBYTES ? len : BLAKE2B_BLOCKBYTES;
+
+ for (i = 0; i < 8; ++i) {
+ v[i] = S->h[i];
+ }
+
+ do {
+ for (i = 0; i < 16; ++i) {
+ m[i] = load64(blocks + i * sizeof(m[i]));
+ }
+
+ /* blake2b_increment_counter */
+ S->t[0] += increment;
+ S->t[1] += (S->t[0] < increment);
+
+ v[8] = blake2b_IV[0];
+ v[9] = blake2b_IV[1];
+ v[10] = blake2b_IV[2];
+ v[11] = blake2b_IV[3];
+ v[12] = S->t[0] ^ blake2b_IV[4];
+ v[13] = S->t[1] ^ blake2b_IV[5];
+ v[14] = S->f[0] ^ blake2b_IV[6];
+ v[15] = S->f[1] ^ blake2b_IV[7];
+#define G(r,i,a,b,c,d) \
+ do { \
+ a = a + b + m[blake2b_sigma[r][2*i+0]]; \
+ d = rotr64(d ^ a, 32); \
+ c = c + d; \
+ b = rotr64(b ^ c, 24); \
+ a = a + b + m[blake2b_sigma[r][2*i+1]]; \
+ d = rotr64(d ^ a, 16); \
+ c = c + d; \
+ b = rotr64(b ^ c, 63); \
+ } while (0)
+#define ROUND(r) \
+ do { \
+ G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \
+ G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \
+ G(r,2,v[ 2],v[ 6],v[10],v[14]); \
+ G(r,3,v[ 3],v[ 7],v[11],v[15]); \
+ G(r,4,v[ 0],v[ 5],v[10],v[15]); \
+ G(r,5,v[ 1],v[ 6],v[11],v[12]); \
+ G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \
+ G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \
+ } while (0)
+#if defined(OPENSSL_SMALL_FOOTPRINT)
+ /* 3x size reduction on x86_64, almost 7x on ARMv8, 9x on ARMv4 */
+ for (i = 0; i < 12; i++) {
+ ROUND(i);
+ }
+#else
+ ROUND(0);
+ ROUND(1);
+ ROUND(2);
+ ROUND(3);
+ ROUND(4);
+ ROUND(5);
+ ROUND(6);
+ ROUND(7);
+ ROUND(8);
+ ROUND(9);
+ ROUND(10);
+ ROUND(11);
+#endif
+
+ for (i = 0; i < 8; ++i) {
+ S->h[i] = v[i] ^= v[i + 8] ^ S->h[i];
+ }
+#undef G
+#undef ROUND
+ blocks += increment;
+ len -= increment;
+ } while (len);
+}
+
+/* Absorb the input data into the hash state. Always returns 1. */
+int blake2b_update(BLAKE2B_CTX *c, const void *data, size_t datalen)
+{
+ const uint8_t *in = data;
+ size_t fill;
+
+ /*
+ * Intuitively one would expect intermediate buffer, c->buf, to
+ * store incomplete blocks. But in this case we are interested to
+ * temporarily stash even complete blocks, because last one in the
+ * stream has to be treated in special way, and at this point we
+ * don't know if last block in *this* call is last one "ever". This
+ * is the reason for why |datalen| is compared as >, and not >=.
+ */
+ fill = sizeof(c->buf) - c->buflen;
+ if (datalen > fill) {
+ if (c->buflen) {
+ memcpy(c->buf + c->buflen, in, fill); /* Fill buffer */
+ blake2b_compress(c, c->buf, BLAKE2B_BLOCKBYTES);
+ c->buflen = 0;
+ in += fill;
+ datalen -= fill;
+ }
+ if (datalen > BLAKE2B_BLOCKBYTES) {
+ size_t stashlen = datalen % BLAKE2B_BLOCKBYTES;
+ /*
+ * If |datalen| is a multiple of the blocksize, stash
+ * last complete block, it can be final one...
+ */
+ stashlen = stashlen ? stashlen : BLAKE2B_BLOCKBYTES;
+ datalen -= stashlen;
+ blake2b_compress(c, in, datalen);
+ in += datalen;
+ datalen = stashlen;
+ }
+ }
+
+ assert(datalen <= BLAKE2B_BLOCKBYTES);
+
+ memcpy(c->buf + c->buflen, in, datalen);
+ c->buflen += datalen; /* Be lazy, do not compress */
+
+ return 1;
+}
+
+/*
+ * Calculate the final hash and save it in md.
+ * Always returns 1.
+ */
+int blake2b_final(unsigned char *md, BLAKE2B_CTX *c)
+{
+ uint8_t outbuffer[BLAKE2B_OUTBYTES] = {0};
+ uint8_t *target = outbuffer;
+ int iter = (c->outlen + 7) / 8;
+ int i;
+
+ /* Avoid writing to the temporary buffer if possible */
+ if ((c->outlen % sizeof(c->h[0])) == 0)
+ target = md;
+
+ blake2b_set_lastblock(c);
+ /* Padding */
+ memset(c->buf + c->buflen, 0, sizeof(c->buf) - c->buflen);
+ blake2b_compress(c, c->buf, c->buflen);
+
+ /* Output full hash to buffer */
+ for (i = 0; i < iter; ++i)
+ store64(target + sizeof(c->h[i]) * i, c->h[i]);
+
+ if (target != md)
+ memcpy(md, target, c->outlen);
+
+ OPENSSL_cleanse(c, sizeof(BLAKE2B_CTX));
+ return 1;
+}
+++ /dev/null
-/*
- * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/*
- * Derived from the BLAKE2 reference implementation written by Samuel Neves.
- * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
- * More information about the BLAKE2 hash function and its implementations
- * can be found at https://blake2.net.
- */
-
-#include <assert.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include "blake2_impl.h"
-#include "internal/blake2.h"
-
-static const uint32_t blake2s_IV[8] =
-{
- 0x6A09E667U, 0xBB67AE85U, 0x3C6EF372U, 0xA54FF53AU,
- 0x510E527FU, 0x9B05688CU, 0x1F83D9ABU, 0x5BE0CD19U
-};
-
-static const uint8_t blake2s_sigma[10][16] =
-{
- { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } ,
- { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } ,
- { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 } ,
- { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 } ,
- { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 } ,
- { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 } ,
- { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 } ,
- { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 } ,
- { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 } ,
- { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 } ,
-};
-
-/* Set that it's the last block we'll compress */
-static ossl_inline void blake2s_set_lastblock(BLAKE2S_CTX *S)
-{
- S->f[0] = -1;
-}
-
-/* Initialize the hashing state. */
-static ossl_inline void blake2s_init0(BLAKE2S_CTX *S)
-{
- int i;
-
- memset(S, 0, sizeof(BLAKE2S_CTX));
- for (i = 0; i < 8; ++i) {
- S->h[i] = blake2s_IV[i];
- }
-}
-
-/* init xors IV with input parameter block and sets the output length */
-static void blake2s_init_param(BLAKE2S_CTX *S, const BLAKE2S_PARAM *P)
-{
- size_t i;
- const uint8_t *p = (const uint8_t *)(P);
-
- blake2s_init0(S);
- S->outlen = P->digest_length;
-
- /* The param struct is carefully hand packed, and should be 32 bytes on
- * every platform. */
- assert(sizeof(BLAKE2S_PARAM) == 32);
- /* IV XOR ParamBlock */
- for (i = 0; i < 8; ++i) {
- S->h[i] ^= load32(&p[i*4]);
- }
-}
-
-void blake2s_param_init(BLAKE2S_PARAM *P)
-{
- P->digest_length = BLAKE2S_DIGEST_LENGTH;
- P->key_length = 0;
- P->fanout = 1;
- P->depth = 1;
- store32(P->leaf_length, 0);
- store48(P->node_offset, 0);
- P->node_depth = 0;
- P->inner_length = 0;
- memset(P->salt, 0, sizeof(P->salt));
- memset(P->personal, 0, sizeof(P->personal));
-}
-
-void blake2s_param_set_digest_length(BLAKE2S_PARAM *P, uint8_t outlen)
-{
- P->digest_length = outlen;
-}
-
-void blake2s_param_set_key_length(BLAKE2S_PARAM *P, uint8_t keylen)
-{
- P->key_length = keylen;
-}
-
-void blake2s_param_set_personal(BLAKE2S_PARAM *P, const uint8_t *personal, size_t len)
-{
- memcpy(P->personal, personal, len);
- memset(P->personal + len, 0, BLAKE2S_PERSONALBYTES - len);
-}
-
-void blake2s_param_set_salt(BLAKE2S_PARAM *P, const uint8_t *salt, size_t len)
-{
- memcpy(P->salt, salt, len);
- memset(P->salt + len, 0, BLAKE2S_SALTBYTES - len);}
-
-/*
- * Initialize the hashing context with the given parameter block.
- * Always returns 1.
- */
-int blake2s_init(BLAKE2S_CTX *c, const BLAKE2S_PARAM *P)
-{
- blake2s_init_param(c, P);
- return 1;
-}
-
-/*
- * Initialize the hashing context with the given parameter block and key.
- * Always returns 1.
- */
-int blake2s_init_key(BLAKE2S_CTX *c, const BLAKE2S_PARAM *P, const void *key)
-{
- blake2s_init_param(c, P);
-
- /* Pad the key to form first data block */
- {
- uint8_t block[BLAKE2S_BLOCKBYTES] = {0};
-
- memcpy(block, key, P->key_length);
- blake2s_update(c, block, BLAKE2S_BLOCKBYTES);
- OPENSSL_cleanse(block, BLAKE2S_BLOCKBYTES);
- }
-
- return 1;
-}
-
-/* Permute the state while xoring in the block of data. */
-static void blake2s_compress(BLAKE2S_CTX *S,
- const uint8_t *blocks,
- size_t len)
-{
- uint32_t m[16];
- uint32_t v[16];
- size_t i;
- size_t increment;
-
- /*
- * There are two distinct usage vectors for this function:
- *
- * a) BLAKE2s_Update uses it to process complete blocks,
- * possibly more than one at a time;
- *
- * b) BLAK2s_Final uses it to process last block, always
- * single but possibly incomplete, in which case caller
- * pads input with zeros.
- */
- assert(len < BLAKE2S_BLOCKBYTES || len % BLAKE2S_BLOCKBYTES == 0);
-
- /*
- * Since last block is always processed with separate call,
- * |len| not being multiple of complete blocks can be observed
- * only with |len| being less than BLAKE2S_BLOCKBYTES ("less"
- * including even zero), which is why following assignment doesn't
- * have to reside inside the main loop below.
- */
- increment = len < BLAKE2S_BLOCKBYTES ? len : BLAKE2S_BLOCKBYTES;
-
- for (i = 0; i < 8; ++i) {
- v[i] = S->h[i];
- }
-
- do {
- for (i = 0; i < 16; ++i) {
- m[i] = load32(blocks + i * sizeof(m[i]));
- }
-
- /* blake2s_increment_counter */
- S->t[0] += increment;
- S->t[1] += (S->t[0] < increment);
-
- v[ 8] = blake2s_IV[0];
- v[ 9] = blake2s_IV[1];
- v[10] = blake2s_IV[2];
- v[11] = blake2s_IV[3];
- v[12] = S->t[0] ^ blake2s_IV[4];
- v[13] = S->t[1] ^ blake2s_IV[5];
- v[14] = S->f[0] ^ blake2s_IV[6];
- v[15] = S->f[1] ^ blake2s_IV[7];
-#define G(r,i,a,b,c,d) \
- do { \
- a = a + b + m[blake2s_sigma[r][2*i+0]]; \
- d = rotr32(d ^ a, 16); \
- c = c + d; \
- b = rotr32(b ^ c, 12); \
- a = a + b + m[blake2s_sigma[r][2*i+1]]; \
- d = rotr32(d ^ a, 8); \
- c = c + d; \
- b = rotr32(b ^ c, 7); \
- } while (0)
-#define ROUND(r) \
- do { \
- G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \
- G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \
- G(r,2,v[ 2],v[ 6],v[10],v[14]); \
- G(r,3,v[ 3],v[ 7],v[11],v[15]); \
- G(r,4,v[ 0],v[ 5],v[10],v[15]); \
- G(r,5,v[ 1],v[ 6],v[11],v[12]); \
- G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \
- G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \
- } while (0)
-#if defined(OPENSSL_SMALL_FOOTPRINT)
- /* almost 3x reduction on x86_64, 4.5x on ARMv8, 4x on ARMv4 */
- for (i = 0; i < 10; i++) {
- ROUND(i);
- }
-#else
- ROUND(0);
- ROUND(1);
- ROUND(2);
- ROUND(3);
- ROUND(4);
- ROUND(5);
- ROUND(6);
- ROUND(7);
- ROUND(8);
- ROUND(9);
-#endif
-
- for (i = 0; i < 8; ++i) {
- S->h[i] = v[i] ^= v[i + 8] ^ S->h[i];
- }
-#undef G
-#undef ROUND
- blocks += increment;
- len -= increment;
- } while (len);
-}
-
-/* Absorb the input data into the hash state. Always returns 1. */
-int blake2s_update(BLAKE2S_CTX *c, const void *data, size_t datalen)
-{
- const uint8_t *in = data;
- size_t fill;
-
- /*
- * Intuitively one would expect intermediate buffer, c->buf, to
- * store incomplete blocks. But in this case we are interested to
- * temporarily stash even complete blocks, because last one in the
- * stream has to be treated in special way, and at this point we
- * don't know if last block in *this* call is last one "ever". This
- * is the reason for why |datalen| is compared as >, and not >=.
- */
- fill = sizeof(c->buf) - c->buflen;
- if (datalen > fill) {
- if (c->buflen) {
- memcpy(c->buf + c->buflen, in, fill); /* Fill buffer */
- blake2s_compress(c, c->buf, BLAKE2S_BLOCKBYTES);
- c->buflen = 0;
- in += fill;
- datalen -= fill;
- }
- if (datalen > BLAKE2S_BLOCKBYTES) {
- size_t stashlen = datalen % BLAKE2S_BLOCKBYTES;
- /*
- * If |datalen| is a multiple of the blocksize, stash
- * last complete block, it can be final one...
- */
- stashlen = stashlen ? stashlen : BLAKE2S_BLOCKBYTES;
- datalen -= stashlen;
- blake2s_compress(c, in, datalen);
- in += datalen;
- datalen = stashlen;
- }
- }
-
- assert(datalen <= BLAKE2S_BLOCKBYTES);
-
- memcpy(c->buf + c->buflen, in, datalen);
- c->buflen += datalen; /* Be lazy, do not compress */
-
- return 1;
-}
-
-/*
- * Calculate the final hash and save it in md.
- * Always returns 1.
- */
-int blake2s_final(unsigned char *md, BLAKE2S_CTX *c)
-{
- uint8_t outbuffer[BLAKE2S_OUTBYTES] = {0};
- uint8_t *target = outbuffer;
- int iter = (c->outlen + 3) / 4;
- int i;
-
- /* Avoid writing to the temporary buffer if possible */
- if ((c->outlen % sizeof(c->h[0])) == 0)
- target = md;
-
- blake2s_set_lastblock(c);
- /* Padding */
- memset(c->buf + c->buflen, 0, sizeof(c->buf) - c->buflen);
- blake2s_compress(c, c->buf, c->buflen);
-
- /* Output full hash to buffer */
- for (i = 0; i < iter; ++i)
- store32(target + sizeof(c->h[i]) * i, c->h[i]);
-
- if (target != md)
- memcpy(md, target, c->outlen);
-
- OPENSSL_cleanse(c, sizeof(BLAKE2S_CTX));
- return 1;
-}
--- /dev/null
+/*
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Derived from the BLAKE2 reference implementation written by Samuel Neves.
+ * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
+ * More information about the BLAKE2 hash function and its implementations
+ * can be found at https://blake2.net.
+ */
+
+#include <assert.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include "blake2_impl.h"
+#include "internal/blake2.h"
+
+static const uint32_t blake2s_IV[8] =
+{
+ 0x6A09E667U, 0xBB67AE85U, 0x3C6EF372U, 0xA54FF53AU,
+ 0x510E527FU, 0x9B05688CU, 0x1F83D9ABU, 0x5BE0CD19U
+};
+
+static const uint8_t blake2s_sigma[10][16] =
+{
+ { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } ,
+ { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } ,
+ { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 } ,
+ { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 } ,
+ { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 } ,
+ { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 } ,
+ { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 } ,
+ { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 } ,
+ { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 } ,
+ { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 } ,
+};
+
+/* Set that it's the last block we'll compress */
+static ossl_inline void blake2s_set_lastblock(BLAKE2S_CTX *S)
+{
+ S->f[0] = -1;
+}
+
+/* Initialize the hashing state. */
+static ossl_inline void blake2s_init0(BLAKE2S_CTX *S)
+{
+ int i;
+
+ memset(S, 0, sizeof(BLAKE2S_CTX));
+ for (i = 0; i < 8; ++i) {
+ S->h[i] = blake2s_IV[i];
+ }
+}
+
+/* init xors IV with input parameter block and sets the output length */
+static void blake2s_init_param(BLAKE2S_CTX *S, const BLAKE2S_PARAM *P)
+{
+ size_t i;
+ const uint8_t *p = (const uint8_t *)(P);
+
+ blake2s_init0(S);
+ S->outlen = P->digest_length;
+
+ /* The param struct is carefully hand packed, and should be 32 bytes on
+ * every platform. */
+ assert(sizeof(BLAKE2S_PARAM) == 32);
+ /* IV XOR ParamBlock */
+ for (i = 0; i < 8; ++i) {
+ S->h[i] ^= load32(&p[i*4]);
+ }
+}
+
+void blake2s_param_init(BLAKE2S_PARAM *P)
+{
+ P->digest_length = BLAKE2S_DIGEST_LENGTH;
+ P->key_length = 0;
+ P->fanout = 1;
+ P->depth = 1;
+ store32(P->leaf_length, 0);
+ store48(P->node_offset, 0);
+ P->node_depth = 0;
+ P->inner_length = 0;
+ memset(P->salt, 0, sizeof(P->salt));
+ memset(P->personal, 0, sizeof(P->personal));
+}
+
+void blake2s_param_set_digest_length(BLAKE2S_PARAM *P, uint8_t outlen)
+{
+ P->digest_length = outlen;
+}
+
+void blake2s_param_set_key_length(BLAKE2S_PARAM *P, uint8_t keylen)
+{
+ P->key_length = keylen;
+}
+
+void blake2s_param_set_personal(BLAKE2S_PARAM *P, const uint8_t *personal, size_t len)
+{
+ memcpy(P->personal, personal, len);
+ memset(P->personal + len, 0, BLAKE2S_PERSONALBYTES - len);
+}
+
+void blake2s_param_set_salt(BLAKE2S_PARAM *P, const uint8_t *salt, size_t len)
+{
+ memcpy(P->salt, salt, len);
+ memset(P->salt + len, 0, BLAKE2S_SALTBYTES - len);}
+
+/*
+ * Initialize the hashing context with the given parameter block.
+ * Always returns 1.
+ */
+int blake2s_init(BLAKE2S_CTX *c, const BLAKE2S_PARAM *P)
+{
+ blake2s_init_param(c, P);
+ return 1;
+}
+
+/*
+ * Initialize the hashing context with the given parameter block and key.
+ * Always returns 1.
+ */
+int blake2s_init_key(BLAKE2S_CTX *c, const BLAKE2S_PARAM *P, const void *key)
+{
+ blake2s_init_param(c, P);
+
+ /* Pad the key to form first data block */
+ {
+ uint8_t block[BLAKE2S_BLOCKBYTES] = {0};
+
+ memcpy(block, key, P->key_length);
+ blake2s_update(c, block, BLAKE2S_BLOCKBYTES);
+ OPENSSL_cleanse(block, BLAKE2S_BLOCKBYTES);
+ }
+
+ return 1;
+}
+
+/* Permute the state while xoring in the block of data. */
+static void blake2s_compress(BLAKE2S_CTX *S,
+ const uint8_t *blocks,
+ size_t len)
+{
+ uint32_t m[16];
+ uint32_t v[16];
+ size_t i;
+ size_t increment;
+
+ /*
+ * There are two distinct usage vectors for this function:
+ *
+ * a) BLAKE2s_Update uses it to process complete blocks,
+ * possibly more than one at a time;
+ *
+ * b) BLAK2s_Final uses it to process last block, always
+ * single but possibly incomplete, in which case caller
+ * pads input with zeros.
+ */
+ assert(len < BLAKE2S_BLOCKBYTES || len % BLAKE2S_BLOCKBYTES == 0);
+
+ /*
+ * Since last block is always processed with separate call,
+ * |len| not being multiple of complete blocks can be observed
+ * only with |len| being less than BLAKE2S_BLOCKBYTES ("less"
+ * including even zero), which is why following assignment doesn't
+ * have to reside inside the main loop below.
+ */
+ increment = len < BLAKE2S_BLOCKBYTES ? len : BLAKE2S_BLOCKBYTES;
+
+ for (i = 0; i < 8; ++i) {
+ v[i] = S->h[i];
+ }
+
+ do {
+ for (i = 0; i < 16; ++i) {
+ m[i] = load32(blocks + i * sizeof(m[i]));
+ }
+
+ /* blake2s_increment_counter */
+ S->t[0] += increment;
+ S->t[1] += (S->t[0] < increment);
+
+ v[ 8] = blake2s_IV[0];
+ v[ 9] = blake2s_IV[1];
+ v[10] = blake2s_IV[2];
+ v[11] = blake2s_IV[3];
+ v[12] = S->t[0] ^ blake2s_IV[4];
+ v[13] = S->t[1] ^ blake2s_IV[5];
+ v[14] = S->f[0] ^ blake2s_IV[6];
+ v[15] = S->f[1] ^ blake2s_IV[7];
+#define G(r,i,a,b,c,d) \
+ do { \
+ a = a + b + m[blake2s_sigma[r][2*i+0]]; \
+ d = rotr32(d ^ a, 16); \
+ c = c + d; \
+ b = rotr32(b ^ c, 12); \
+ a = a + b + m[blake2s_sigma[r][2*i+1]]; \
+ d = rotr32(d ^ a, 8); \
+ c = c + d; \
+ b = rotr32(b ^ c, 7); \
+ } while (0)
+#define ROUND(r) \
+ do { \
+ G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \
+ G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \
+ G(r,2,v[ 2],v[ 6],v[10],v[14]); \
+ G(r,3,v[ 3],v[ 7],v[11],v[15]); \
+ G(r,4,v[ 0],v[ 5],v[10],v[15]); \
+ G(r,5,v[ 1],v[ 6],v[11],v[12]); \
+ G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \
+ G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \
+ } while (0)
+#if defined(OPENSSL_SMALL_FOOTPRINT)
+ /* almost 3x reduction on x86_64, 4.5x on ARMv8, 4x on ARMv4 */
+ for (i = 0; i < 10; i++) {
+ ROUND(i);
+ }
+#else
+ ROUND(0);
+ ROUND(1);
+ ROUND(2);
+ ROUND(3);
+ ROUND(4);
+ ROUND(5);
+ ROUND(6);
+ ROUND(7);
+ ROUND(8);
+ ROUND(9);
+#endif
+
+ for (i = 0; i < 8; ++i) {
+ S->h[i] = v[i] ^= v[i + 8] ^ S->h[i];
+ }
+#undef G
+#undef ROUND
+ blocks += increment;
+ len -= increment;
+ } while (len);
+}
+
+/* Absorb the input data into the hash state. Always returns 1. */
+int blake2s_update(BLAKE2S_CTX *c, const void *data, size_t datalen)
+{
+ const uint8_t *in = data;
+ size_t fill;
+
+ /*
+ * Intuitively one would expect intermediate buffer, c->buf, to
+ * store incomplete blocks. But in this case we are interested to
+ * temporarily stash even complete blocks, because last one in the
+ * stream has to be treated in special way, and at this point we
+ * don't know if last block in *this* call is last one "ever". This
+ * is the reason for why |datalen| is compared as >, and not >=.
+ */
+ fill = sizeof(c->buf) - c->buflen;
+ if (datalen > fill) {
+ if (c->buflen) {
+ memcpy(c->buf + c->buflen, in, fill); /* Fill buffer */
+ blake2s_compress(c, c->buf, BLAKE2S_BLOCKBYTES);
+ c->buflen = 0;
+ in += fill;
+ datalen -= fill;
+ }
+ if (datalen > BLAKE2S_BLOCKBYTES) {
+ size_t stashlen = datalen % BLAKE2S_BLOCKBYTES;
+ /*
+ * If |datalen| is a multiple of the blocksize, stash
+ * last complete block, it can be final one...
+ */
+ stashlen = stashlen ? stashlen : BLAKE2S_BLOCKBYTES;
+ datalen -= stashlen;
+ blake2s_compress(c, in, datalen);
+ in += datalen;
+ datalen = stashlen;
+ }
+ }
+
+ assert(datalen <= BLAKE2S_BLOCKBYTES);
+
+ memcpy(c->buf + c->buflen, in, datalen);
+ c->buflen += datalen; /* Be lazy, do not compress */
+
+ return 1;
+}
+
+/*
+ * Calculate the final hash and save it in md.
+ * Always returns 1.
+ */
+int blake2s_final(unsigned char *md, BLAKE2S_CTX *c)
+{
+ uint8_t outbuffer[BLAKE2S_OUTBYTES] = {0};
+ uint8_t *target = outbuffer;
+ int iter = (c->outlen + 3) / 4;
+ int i;
+
+ /* Avoid writing to the temporary buffer if possible */
+ if ((c->outlen % sizeof(c->h[0])) == 0)
+ target = md;
+
+ blake2s_set_lastblock(c);
+ /* Padding */
+ memset(c->buf + c->buflen, 0, sizeof(c->buf) - c->buflen);
+ blake2s_compress(c, c->buf, c->buflen);
+
+ /* Output full hash to buffer */
+ for (i = 0; i < iter; ++i)
+ store32(target + sizeof(c->h[i]) * i, c->h[i]);
+
+ if (target != md)
+ memcpy(md, target, c->outlen);
+
+ OPENSSL_cleanse(c, sizeof(BLAKE2S_CTX));
+ return 1;
+}
SOURCE[../../../libcrypto]=\
- null.c
+ null_prov.c
IF[{- !$disabled{blake2} -}]
SOURCE[../../../libcrypto]=\
- blake2.c blake2b.c blake2s.c
+ blake2_prov.c blake2b_prov.c blake2s_prov.c
ENDIF
IF[{- !$disabled{sm3} -}]
SOURCE[../../../libcrypto]=\
- sm3.c
+ sm3_prov.c
ENDIF
IF[{- !$disabled{md5} -}]
SOURCE[../../../libcrypto]=\
- md5.c md5_sha1.c
+ md5_prov.c md5_sha1_prov.c
ENDIF
+++ /dev/null
-/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <openssl/crypto.h>
-#include <openssl/md5.h>
-#include "internal/core_mkdigest.h"
-#include "internal/provider_algs.h"
-
-OSSL_FUNC_DIGEST_CONSTRUCT(md5, MD5_CTX,
- MD5_CBLOCK, MD5_DIGEST_LENGTH,
- MD5_Init, MD5_Update, MD5_Final)
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/md5.h>
+#include "internal/core_mkdigest.h"
+#include "internal/provider_algs.h"
+
+OSSL_FUNC_DIGEST_CONSTRUCT(md5, MD5_CTX,
+ MD5_CBLOCK, MD5_DIGEST_LENGTH,
+ MD5_Init, MD5_Update, MD5_Final)
+++ /dev/null
-/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/evp.h>
-#include <openssl/params.h>
-#include <openssl/core_names.h>
-#include "internal/core_mkdigest.h"
-#include "internal/md5_sha1.h"
-#include "internal/provider_algs.h"
-
-static OSSL_OP_digest_set_params_fn md5_sha1_set_params;
-
-/* Special set_params method for SSL3 */
-static int md5_sha1_set_params(void *vctx, const OSSL_PARAM params[])
-{
- int cmd = 0;
- size_t msg_len = 0;
- const void *msg = NULL;
- const OSSL_PARAM *p;
- MD5_SHA1_CTX *ctx = (MD5_SHA1_CTX *)vctx;
-
- if (ctx != NULL && params != NULL) {
- p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_CMD);
- if (p != NULL && !OSSL_PARAM_get_int(p, &cmd))
- return 0;
- p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_MSG);
- if (p != NULL && !OSSL_PARAM_get_octet_ptr(p, &msg, &msg_len))
- return 0;
- return md5_sha1_ctrl(ctx, cmd, msg_len, (void *)msg);
- }
- return 0;
-}
-
-OSSL_FUNC_DIGEST_CONSTRUCT_PARAMS(md5_sha1, MD5_SHA1_CTX,
- MD5_SHA1_CBLOCK, MD5_SHA1_DIGEST_LENGTH,
- md5_sha1_init, md5_sha1_update, md5_sha1_final,
- md5_sha1_set_params)
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/evp.h>
+#include <openssl/params.h>
+#include <openssl/core_names.h>
+#include "internal/core_mkdigest.h"
+#include "internal/md5_sha1.h"
+#include "internal/provider_algs.h"
+
+static OSSL_OP_digest_set_params_fn md5_sha1_set_params;
+
+/* Special set_params method for SSL3 */
+static int md5_sha1_set_params(void *vctx, const OSSL_PARAM params[])
+{
+ int cmd = 0;
+ size_t msg_len = 0;
+ const void *msg = NULL;
+ const OSSL_PARAM *p;
+ MD5_SHA1_CTX *ctx = (MD5_SHA1_CTX *)vctx;
+
+ if (ctx != NULL && params != NULL) {
+ p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_CMD);
+ if (p != NULL && !OSSL_PARAM_get_int(p, &cmd))
+ return 0;
+ p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_MSG);
+ if (p != NULL && !OSSL_PARAM_get_octet_ptr(p, &msg, &msg_len))
+ return 0;
+ return md5_sha1_ctrl(ctx, cmd, msg_len, (void *)msg);
+ }
+ return 0;
+}
+
+OSSL_FUNC_DIGEST_CONSTRUCT_PARAMS(md5_sha1, MD5_SHA1_CTX,
+ MD5_SHA1_CBLOCK, MD5_SHA1_DIGEST_LENGTH,
+ md5_sha1_init, md5_sha1_update, md5_sha1_final,
+ md5_sha1_set_params)
+++ /dev/null
-/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <openssl/core_numbers.h>
-#include <openssl/whrlpool.h>
-#include "internal/provider_algs.h"
-
-static int nullmd_dummy = 1;
-
-static OSSL_OP_digest_init_fn nullmd_init;
-static OSSL_OP_digest_update_fn nullmd_update;
-static OSSL_OP_digest_final_fn nullmd_final;
-static OSSL_OP_digest_newctx_fn nullmd_newctx;
-static OSSL_OP_digest_freectx_fn nullmd_freectx;
-static OSSL_OP_digest_dupctx_fn nullmd_dupctx;
-static OSSL_OP_digest_size_fn nullmd_size;
-static OSSL_OP_digest_block_size_fn nullmd_block_size;
-
-static size_t nullmd_block_size(void)
-{
- return 0;
-}
-
-static size_t nullmd_size(void)
-{
- return 0;
-}
-
-static int nullmd_init(void *vctx)
-{
- return 1;
-}
-
-static int nullmd_update(void *vctx, const unsigned char *inp, size_t bytes)
-{
- return 1;
-}
-
-static int nullmd_final(void *ctx, unsigned char *out, size_t *outl, size_t outsz)
-{
- *outl = 0;
- return 1;
-}
-
-static void *nullmd_newctx(void *prov_ctx)
-{
- return &nullmd_dummy;
-}
-
-static void nullmd_freectx(void *vctx)
-{
-}
-
-static void *nullmd_dupctx(void *ctx)
-{
- return &nullmd_dummy;
-}
-
-const OSSL_DISPATCH nullmd_functions[] = {
- { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))nullmd_newctx },
- { OSSL_FUNC_DIGEST_INIT, (void (*)(void))nullmd_init },
- { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))nullmd_update },
- { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))nullmd_final },
- { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))nullmd_freectx },
- { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))nullmd_dupctx },
- { OSSL_FUNC_DIGEST_SIZE, (void (*)(void))nullmd_size },
- { OSSL_FUNC_DIGEST_BLOCK_SIZE, (void (*)(void))nullmd_block_size },
- { 0, NULL }
-};
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/core_numbers.h>
+#include <openssl/whrlpool.h>
+#include "internal/provider_algs.h"
+
+static int nullmd_dummy = 1;
+
+static OSSL_OP_digest_init_fn nullmd_init;
+static OSSL_OP_digest_update_fn nullmd_update;
+static OSSL_OP_digest_final_fn nullmd_final;
+static OSSL_OP_digest_newctx_fn nullmd_newctx;
+static OSSL_OP_digest_freectx_fn nullmd_freectx;
+static OSSL_OP_digest_dupctx_fn nullmd_dupctx;
+static OSSL_OP_digest_size_fn nullmd_size;
+static OSSL_OP_digest_block_size_fn nullmd_block_size;
+
+static size_t nullmd_block_size(void)
+{
+ return 0;
+}
+
+static size_t nullmd_size(void)
+{
+ return 0;
+}
+
+static int nullmd_init(void *vctx)
+{
+ return 1;
+}
+
+static int nullmd_update(void *vctx, const unsigned char *inp, size_t bytes)
+{
+ return 1;
+}
+
+static int nullmd_final(void *ctx, unsigned char *out, size_t *outl, size_t outsz)
+{
+ *outl = 0;
+ return 1;
+}
+
+static void *nullmd_newctx(void *prov_ctx)
+{
+ return &nullmd_dummy;
+}
+
+static void nullmd_freectx(void *vctx)
+{
+}
+
+static void *nullmd_dupctx(void *ctx)
+{
+ return &nullmd_dummy;
+}
+
+const OSSL_DISPATCH nullmd_functions[] = {
+ { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))nullmd_newctx },
+ { OSSL_FUNC_DIGEST_INIT, (void (*)(void))nullmd_init },
+ { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))nullmd_update },
+ { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))nullmd_final },
+ { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))nullmd_freectx },
+ { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))nullmd_dupctx },
+ { OSSL_FUNC_DIGEST_SIZE, (void (*)(void))nullmd_size },
+ { OSSL_FUNC_DIGEST_BLOCK_SIZE, (void (*)(void))nullmd_block_size },
+ { 0, NULL }
+};
+++ /dev/null
-/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <openssl/crypto.h>
-#include "internal/sm3.h"
-#include "internal/core_mkdigest.h"
-#include "internal/provider_algs.h"
-
-OSSL_FUNC_DIGEST_CONSTRUCT(sm3, SM3_CTX,
- SM3_CBLOCK, SM3_DIGEST_LENGTH,
- sm3_init, sm3_update, sm3_final)
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "internal/sm3.h"
+#include "internal/core_mkdigest.h"
+#include "internal/provider_algs.h"
+
+OSSL_FUNC_DIGEST_CONSTRUCT(sm3, SM3_CTX,
+ SM3_CBLOCK, SM3_DIGEST_LENGTH,
+ sm3_init, sm3_update, sm3_final)
IF[{- !$disabled{md2} -}]
SOURCE[../../legacy]=\
- md2.c
+ md2_prov.c
ENDIF
IF[{- !$disabled{md4} -}]
SOURCE[../../legacy]=\
- md4.c
+ md4_prov.c
ENDIF
IF[{- !$disabled{mdc2} -}]
SOURCE[../../legacy]=\
- mdc2.c
+ mdc2_prov.c
ENDIF
IF[{- !$disabled{whirlpool} -}]
SOURCE[../../legacy]=\
- wp.c
+ wp_prov.c
ENDIF
IF[{- !$disabled{rmd160} -}]
SOURCE[../../legacy]=\
- ripemd.c
+ ripemd_prov.c
ENDIF
\ No newline at end of file
+++ /dev/null
-/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <openssl/crypto.h>
-#include <openssl/md2.h>
-
-#include "internal/core_mkdigest.h"
-#include "internal/provider_algs.h"
-
-OSSL_FUNC_DIGEST_CONSTRUCT(md2, MD2_CTX,
- MD2_BLOCK, MD2_DIGEST_LENGTH,
- MD2_Init, MD2_Update, MD2_Final)
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/md2.h>
+
+#include "internal/core_mkdigest.h"
+#include "internal/provider_algs.h"
+
+OSSL_FUNC_DIGEST_CONSTRUCT(md2, MD2_CTX,
+ MD2_BLOCK, MD2_DIGEST_LENGTH,
+ MD2_Init, MD2_Update, MD2_Final)
+++ /dev/null
-/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <openssl/crypto.h>
-#include <openssl/md4.h>
-
-#include "internal/core_mkdigest.h"
-#include "internal/provider_algs.h"
-
-OSSL_FUNC_DIGEST_CONSTRUCT(md4, MD4_CTX,
- MD4_CBLOCK, MD4_DIGEST_LENGTH,
- MD4_Init, MD4_Update, MD4_Final)
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/md4.h>
+
+#include "internal/core_mkdigest.h"
+#include "internal/provider_algs.h"
+
+OSSL_FUNC_DIGEST_CONSTRUCT(md4, MD4_CTX,
+ MD4_CBLOCK, MD4_DIGEST_LENGTH,
+ MD4_Init, MD4_Update, MD4_Final)
+++ /dev/null
-/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <openssl/crypto.h>
-#include <openssl/params.h>
-#include <openssl/mdc2.h>
-#include <openssl/core_names.h>
-
-#include "internal/core_mkdigest.h"
-#include "internal/provider_algs.h"
-
-static OSSL_OP_digest_set_params_fn mdc2_set_params;
-
-static int mdc2_set_params(void *vctx, const OSSL_PARAM params[])
-{
- const OSSL_PARAM *p;
- MDC2_CTX *ctx = (MDC2_CTX *)vctx;
-
- if (ctx != NULL && params != NULL) {
- p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_PAD_TYPE);
- if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->pad_type))
- return 0;
- return 1;
- }
- return 0; /* Null Parameter */
-}
-
-OSSL_FUNC_DIGEST_CONSTRUCT_PARAMS(mdc2, MDC2_CTX,
- MDC2_BLOCK, MDC2_DIGEST_LENGTH,
- MDC2_Init, MDC2_Update, MDC2_Final,
- mdc2_set_params)
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/params.h>
+#include <openssl/mdc2.h>
+#include <openssl/core_names.h>
+
+#include "internal/core_mkdigest.h"
+#include "internal/provider_algs.h"
+
+static OSSL_OP_digest_set_params_fn mdc2_set_params;
+
+static int mdc2_set_params(void *vctx, const OSSL_PARAM params[])
+{
+ const OSSL_PARAM *p;
+ MDC2_CTX *ctx = (MDC2_CTX *)vctx;
+
+ if (ctx != NULL && params != NULL) {
+ p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_PAD_TYPE);
+ if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->pad_type))
+ return 0;
+ return 1;
+ }
+ return 0; /* Null Parameter */
+}
+
+OSSL_FUNC_DIGEST_CONSTRUCT_PARAMS(mdc2, MDC2_CTX,
+ MDC2_BLOCK, MDC2_DIGEST_LENGTH,
+ MDC2_Init, MDC2_Update, MDC2_Final,
+ mdc2_set_params)
+++ /dev/null
-/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <openssl/crypto.h>
-#include <openssl/ripemd.h>
-
-#include "internal/core_mkdigest.h"
-#include "internal/provider_algs.h"
-
-OSSL_FUNC_DIGEST_CONSTRUCT(ripemd160, RIPEMD160_CTX,
- RIPEMD160_CBLOCK, RIPEMD160_DIGEST_LENGTH,
- RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final)
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/ripemd.h>
+
+#include "internal/core_mkdigest.h"
+#include "internal/provider_algs.h"
+
+OSSL_FUNC_DIGEST_CONSTRUCT(ripemd160, RIPEMD160_CTX,
+ RIPEMD160_CBLOCK, RIPEMD160_DIGEST_LENGTH,
+ RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final)
+++ /dev/null
-/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <openssl/crypto.h>
-#include <openssl/whrlpool.h>
-
-#include "internal/core_mkdigest.h"
-#include "internal/provider_algs.h"
-
-OSSL_FUNC_DIGEST_CONSTRUCT(wp, WHIRLPOOL_CTX,
- WHIRLPOOL_BBLOCK / 8, WHIRLPOOL_DIGEST_LENGTH,
- WHIRLPOOL_Init, WHIRLPOOL_Update, WHIRLPOOL_Final)
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/whrlpool.h>
+
+#include "internal/core_mkdigest.h"
+#include "internal/provider_algs.h"
+
+OSSL_FUNC_DIGEST_CONSTRUCT(wp, WHIRLPOOL_CTX,
+ WHIRLPOOL_BBLOCK / 8, WHIRLPOOL_DIGEST_LENGTH,
+ WHIRLPOOL_Init, WHIRLPOOL_Update, WHIRLPOOL_Final)
projects / oweals / openssl.git / commitdiff