From: Shane Lontis Date: Wed, 5 Jun 2019 06:01:18 +0000 (+1000) Subject: rename the digest provider files to avoid any name clashes with other folders X-Git-Tag: openssl-3.0.0-alpha1~1990 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=56e840fe2d7163ba07bf3ef9b8daf1d368c7696c;p=oweals%2Fopenssl.git rename the digest provider files to avoid any name clashes with other folders Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9083) --- diff --git a/providers/common/digests/build.info b/providers/common/digests/build.info index 8ce0b443c1..513da68702 100644 --- a/providers/common/digests/build.info +++ b/providers/common/digests/build.info @@ -1,5 +1,5 @@ SOURCE[../../../libcrypto]=\ - sha2.c sha3.c + sha2_prov.c sha3_prov.c SOURCE[../../fips]=\ - sha2.c sha3.c + sha2_prov.c sha3_prov.c diff --git a/providers/common/digests/sha2.c b/providers/common/digests/sha2.c deleted file mode 100644 index 4b5979e4ab..0000000000 --- a/providers/common/digests/sha2.c +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include "internal/core_mkdigest.h" -#include "internal/provider_algs.h" -#include "internal/sha.h" - -static OSSL_OP_digest_set_params_fn sha1_set_params; - -/* Special set_params method for SSL3 */ -static int sha1_set_params(void *vctx, const OSSL_PARAM params[]) -{ - int cmd = 0; - size_t msg_len = 0; - const void *msg = NULL; - const OSSL_PARAM *p; - SHA_CTX *ctx = (SHA_CTX *)vctx; - - if (ctx != NULL && params != NULL) { - p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_CMD); - if (p != NULL && !OSSL_PARAM_get_int(p, &cmd)) - return 0; - p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_MSG); - if (p != NULL && !OSSL_PARAM_get_octet_ptr(p, &msg, &msg_len)) - return 0; - return sha1_ctrl(ctx, cmd, msg_len, (void *)msg); - } - return 0; -} - -OSSL_FUNC_DIGEST_CONSTRUCT_PARAMS(sha1, SHA_CTX, - SHA_CBLOCK, SHA_DIGEST_LENGTH, - SHA1_Init, SHA1_Update, SHA1_Final, - sha1_set_params) - -OSSL_FUNC_DIGEST_CONSTRUCT(sha224, SHA256_CTX, - SHA256_CBLOCK, SHA224_DIGEST_LENGTH, - SHA224_Init, SHA224_Update, SHA224_Final) - -OSSL_FUNC_DIGEST_CONSTRUCT(sha256, SHA256_CTX, - SHA256_CBLOCK, SHA256_DIGEST_LENGTH, - SHA256_Init, SHA256_Update, SHA256_Final) - -OSSL_FUNC_DIGEST_CONSTRUCT(sha384, SHA512_CTX, - SHA512_CBLOCK, SHA384_DIGEST_LENGTH, - SHA384_Init, SHA384_Update, SHA384_Final) - -OSSL_FUNC_DIGEST_CONSTRUCT(sha512, SHA512_CTX, - SHA512_CBLOCK, SHA512_DIGEST_LENGTH, - SHA512_Init, SHA512_Update, SHA512_Final) - -OSSL_FUNC_DIGEST_CONSTRUCT(sha512_224, SHA512_CTX, - SHA512_CBLOCK, SHA224_DIGEST_LENGTH, - sha512_224_init, SHA512_Update, SHA512_Final) - -OSSL_FUNC_DIGEST_CONSTRUCT(sha512_256, SHA512_CTX, - SHA512_CBLOCK, SHA256_DIGEST_LENGTH, - sha512_256_init, SHA512_Update, SHA512_Final) - diff --git a/providers/common/digests/sha2_prov.c b/providers/common/digests/sha2_prov.c new file mode 100644 index 0000000000..4b5979e4ab --- /dev/null +++ b/providers/common/digests/sha2_prov.c @@ -0,0 +1,70 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include "internal/core_mkdigest.h" +#include "internal/provider_algs.h" +#include "internal/sha.h" + +static OSSL_OP_digest_set_params_fn sha1_set_params; + +/* Special set_params method for SSL3 */ +static int sha1_set_params(void *vctx, const OSSL_PARAM params[]) +{ + int cmd = 0; + size_t msg_len = 0; + const void *msg = NULL; + const OSSL_PARAM *p; + SHA_CTX *ctx = (SHA_CTX *)vctx; + + if (ctx != NULL && params != NULL) { + p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_CMD); + if (p != NULL && !OSSL_PARAM_get_int(p, &cmd)) + return 0; + p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_MSG); + if (p != NULL && !OSSL_PARAM_get_octet_ptr(p, &msg, &msg_len)) + return 0; + return sha1_ctrl(ctx, cmd, msg_len, (void *)msg); + } + return 0; +} + +OSSL_FUNC_DIGEST_CONSTRUCT_PARAMS(sha1, SHA_CTX, + SHA_CBLOCK, SHA_DIGEST_LENGTH, + SHA1_Init, SHA1_Update, SHA1_Final, + sha1_set_params) + +OSSL_FUNC_DIGEST_CONSTRUCT(sha224, SHA256_CTX, + SHA256_CBLOCK, SHA224_DIGEST_LENGTH, + SHA224_Init, SHA224_Update, SHA224_Final) + +OSSL_FUNC_DIGEST_CONSTRUCT(sha256, SHA256_CTX, + SHA256_CBLOCK, SHA256_DIGEST_LENGTH, + SHA256_Init, SHA256_Update, SHA256_Final) + +OSSL_FUNC_DIGEST_CONSTRUCT(sha384, SHA512_CTX, + SHA512_CBLOCK, SHA384_DIGEST_LENGTH, + SHA384_Init, SHA384_Update, SHA384_Final) + +OSSL_FUNC_DIGEST_CONSTRUCT(sha512, SHA512_CTX, + SHA512_CBLOCK, SHA512_DIGEST_LENGTH, + SHA512_Init, SHA512_Update, SHA512_Final) + +OSSL_FUNC_DIGEST_CONSTRUCT(sha512_224, SHA512_CTX, + SHA512_CBLOCK, SHA224_DIGEST_LENGTH, + sha512_224_init, SHA512_Update, SHA512_Final) + +OSSL_FUNC_DIGEST_CONSTRUCT(sha512_256, SHA512_CTX, + SHA512_CBLOCK, SHA256_DIGEST_LENGTH, + sha512_256_init, SHA512_Update, SHA512_Final) + diff --git a/providers/common/digests/sha3.c b/providers/common/digests/sha3.c deleted file mode 100644 index 7b898b6c94..0000000000 --- a/providers/common/digests/sha3.c +++ /dev/null @@ -1,277 +0,0 @@ -/* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include "internal/sha3.h" -#include "internal/core_mkdigest.h" -#include "internal/provider_algs.h" - -/* - * Forward declaration of any unique methods implemented here. This is not strictly - * necessary for the compiler, but provides an assurance that the signatures - * of the functions in the dispatch table are correct. - */ -static OSSL_OP_digest_init_fn keccak_init; -static OSSL_OP_digest_update_fn keccak_update; -static OSSL_OP_digest_final_fn keccak_final; -static OSSL_OP_digest_freectx_fn keccak_freectx; -static OSSL_OP_digest_dupctx_fn keccak_dupctx; -static OSSL_OP_digest_set_params_fn shake_set_params; -static sha3_absorb_fn generic_sha3_absorb; -static sha3_final_fn generic_sha3_final; - -#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__) && defined(KECCAK1600_ASM) -/* - * IBM S390X support - */ -# include "s390x_arch.h" -# define S390_SHA3 1 -# define S390_SHA3_CAPABLE(name) \ - ((OPENSSL_s390xcap_P.kimd[0] & S390X_CAPBIT(S390X_##name)) && \ - (OPENSSL_s390xcap_P.klmd[0] & S390X_CAPBIT(S390X_##name))) - -#endif - -static int keccak_init(void *vctx) -{ - /* The newctx() handles most of the ctx fixed setup. */ - sha3_reset((KECCAK1600_CTX *)vctx); - return 1; -} - -static int keccak_update(void *vctx, const unsigned char *inp, size_t len) -{ - KECCAK1600_CTX *ctx = vctx; - const size_t bsz = ctx->block_size; - size_t num, rem; - - if (len == 0) - return 1; - - /* Is there anything in the buffer already ? */ - if ((num = ctx->bufsz) != 0) { - /* Calculate how much space is left in the buffer */ - rem = bsz - num; - /* If the new input does not fill the buffer then just add it */ - if (len < rem) { - memcpy(ctx->buf + num, inp, len); - ctx->bufsz += len; - return 1; - } - /* otherwise fill up the buffer and absorb the buffer */ - memcpy(ctx->buf + num, inp, rem); - /* Update the input pointer */ - inp += rem; - len -= rem; - ctx->meth.absorb(ctx, ctx->buf, bsz); - ctx->bufsz = 0; - } - /* Absorb the input - rem = leftover part of the input < blocksize) */ - rem = ctx->meth.absorb(ctx, inp, len); - /* Copy the leftover bit of the input into the buffer */ - if (rem) { - memcpy(ctx->buf, inp + len - rem, rem); - ctx->bufsz = rem; - } - return 1; -} - -static int keccak_final(void *vctx, unsigned char *out, size_t *outl, - size_t outsz) -{ - int ret; - KECCAK1600_CTX *ctx = vctx; - - ret = ctx->meth.final(out, ctx); - *outl = ctx->md_size; - return ret; -} - -/*- - * Generic software version of the absorb() and final(). - */ -static size_t generic_sha3_absorb(void *vctx, const void *inp, size_t len) -{ - KECCAK1600_CTX *ctx = vctx; - - return SHA3_absorb(ctx->A, inp, len, ctx->block_size); -} - -static int generic_sha3_final(unsigned char *md, void *vctx) -{ - return sha3_final(md, (KECCAK1600_CTX *)vctx); -} - -static PROV_SHA3_METHOD sha3_generic_md = -{ - generic_sha3_absorb, - generic_sha3_final -}; - -#if defined(S390_SHA3) - -static sha3_absorb_fn s390x_sha3_absorb; -static sha3_final_fn s390x_sha3_final; -static sha3_final_fn s390x_shake_final; - -/*- - * The platform specific parts of the absorb() and final() for S390X. - */ -static size_t s390x_sha3_absorb(void *vctx, const void *inp, size_t len) -{ - KECCAK1600_CTX *ctx = vctx; - size_t rem = len % ctx->block_size; - - s390x_kimd(inp, len - rem, ctx->pad, ctx->A); - return rem; -} - -static int s390x_sha3_final(unsigned char *md, void *vctx) -{ - KECCAK1600_CTX *ctx = vctx; - - s390x_klmd(ctx->buf, ctx->bufsz, NULL, 0, ctx->pad, ctx->A); - memcpy(md, ctx->A, ctx->md_size); -} - -static int s390x_shake_final(unsigned char *md, void *vctx) -{ - KECCAK1600_CTX *ctx = vctx; - - s390x_klmd(ctx->buf, ctx->bufsz, md, ctx->md_size, ctx->pad, ctx->A); - return 1; -} - -static PROV_SHA3_METHOD sha3_s390x_md = -{ - s390x_sha3_absorb, - s390x_sha3_final -}; - -static PROV_SHA3_METHOD shake_s390x_md = -{ - s390x_sha3_absorb, - s390x_shake_final -}; - -# define SHA3_SET_MD(uname, typ) \ - if (S390_SHA3_CAPABLE(uname)) { \ - ctx->pad = S390X_##uname; \ - ctx->meth = typ##_s390x_md; \ - } else { \ - ctx->meth = sha3_generic_md; \ - } -#else -# define SHA3_SET_MD(uname, typ) ctx->meth = sha3_generic_md; -#endif /* S390_SHA3 */ - -#define SHA3_newctx(typ, uname, name, bitlen, pad) \ -static OSSL_OP_digest_newctx_fn name##_newctx; \ -static void *name##_newctx(void *provctx) \ -{ \ - KECCAK1600_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); \ - \ - if (ctx == NULL) \ - return NULL; \ - sha3_init(ctx, pad, bitlen); \ - SHA3_SET_MD(name, typ) \ - return ctx; \ -} - -#define KMAC_newctx(uname, bitlen, pad) \ -static OSSL_OP_digest_newctx_fn uname##_newctx; \ -static void *uname##_newctx(void *provctx) \ -{ \ - KECCAK1600_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); \ - \ - if (ctx == NULL) \ - return NULL; \ - keccak_kmac_init(ctx, pad, bitlen); \ - ctx->meth = sha3_generic_md; \ - return ctx; \ -} - -#define OSSL_FUNC_SHA3_DIGEST(name, bitlen, dgstsize, stparams) \ -static OSSL_OP_digest_size_fn name##_size; \ -static OSSL_OP_digest_block_size_fn name##_block_size; \ -static size_t name##_block_size(void) \ -{ \ - return SHA3_BLOCKSIZE(bitlen); \ -} \ -static size_t name##_size(void) \ -{ \ - return dgstsize; \ -} \ -const OSSL_DISPATCH name##_functions[] = { \ - { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))name##_newctx }, \ - { OSSL_FUNC_DIGEST_INIT, (void (*)(void))keccak_init }, \ - { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))keccak_update }, \ - { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))keccak_final }, \ - { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))keccak_freectx }, \ - { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))keccak_dupctx }, \ - { OSSL_FUNC_DIGEST_SIZE, (void (*)(void))name##_size }, \ - { OSSL_FUNC_DIGEST_BLOCK_SIZE, (void (*)(void))name##_block_size }, \ - { OSSL_FUNC_DIGEST_SET_PARAMS, (void (*)(void))stparams },\ -OSSL_FUNC_DIGEST_CONSTRUCT_END - -static void keccak_freectx(void *vctx) -{ - KECCAK1600_CTX *ctx = (KECCAK1600_CTX *)vctx; - - OPENSSL_clear_free(ctx, sizeof(*ctx)); -} - -static void *keccak_dupctx(void *ctx) -{ - KECCAK1600_CTX *in = (KECCAK1600_CTX *)ctx; - KECCAK1600_CTX *ret = OPENSSL_malloc(sizeof(*ret)); - - *ret = *in; - return ret; -} - -static int shake_set_params(void *vctx, const OSSL_PARAM params[]) -{ - const OSSL_PARAM *p; - KECCAK1600_CTX *ctx = (KECCAK1600_CTX *)vctx; - - if (ctx != NULL && params != NULL) { - p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_XOFLEN); - if (p != NULL && !OSSL_PARAM_get_size_t(p, &ctx->md_size)) - return 0; - return 1; - } - return 0; /* Null Parameter */ -} - -#define SHA3(bitlen) \ - SHA3_newctx(sha3, SHA3_##bitlen, sha3_##bitlen, bitlen, '\x06') \ - OSSL_FUNC_SHA3_DIGEST(sha3_##bitlen, bitlen, SHA3_MDSIZE(bitlen), NULL) - -#define SHAKE(bitlen) \ - SHA3_newctx(shake, SHAKE_##bitlen, shake_##bitlen, bitlen, '\x1f') \ - OSSL_FUNC_SHA3_DIGEST(shake_##bitlen, bitlen, SHA3_MDSIZE(bitlen), \ - shake_set_params) -#define KMAC(bitlen) \ - KMAC_newctx(keccak_kmac_##bitlen, bitlen, '\x04') \ - OSSL_FUNC_SHA3_DIGEST(keccak_kmac_##bitlen, bitlen, KMAC_MDSIZE(bitlen), \ - shake_set_params) - -SHA3(224) -SHA3(256) -SHA3(384) -SHA3(512) -SHAKE(128) -SHAKE(256) -KMAC(128) -KMAC(256) diff --git a/providers/common/digests/sha3_prov.c b/providers/common/digests/sha3_prov.c new file mode 100644 index 0000000000..7b898b6c94 --- /dev/null +++ b/providers/common/digests/sha3_prov.c @@ -0,0 +1,277 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include "internal/sha3.h" +#include "internal/core_mkdigest.h" +#include "internal/provider_algs.h" + +/* + * Forward declaration of any unique methods implemented here. This is not strictly + * necessary for the compiler, but provides an assurance that the signatures + * of the functions in the dispatch table are correct. + */ +static OSSL_OP_digest_init_fn keccak_init; +static OSSL_OP_digest_update_fn keccak_update; +static OSSL_OP_digest_final_fn keccak_final; +static OSSL_OP_digest_freectx_fn keccak_freectx; +static OSSL_OP_digest_dupctx_fn keccak_dupctx; +static OSSL_OP_digest_set_params_fn shake_set_params; +static sha3_absorb_fn generic_sha3_absorb; +static sha3_final_fn generic_sha3_final; + +#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__) && defined(KECCAK1600_ASM) +/* + * IBM S390X support + */ +# include "s390x_arch.h" +# define S390_SHA3 1 +# define S390_SHA3_CAPABLE(name) \ + ((OPENSSL_s390xcap_P.kimd[0] & S390X_CAPBIT(S390X_##name)) && \ + (OPENSSL_s390xcap_P.klmd[0] & S390X_CAPBIT(S390X_##name))) + +#endif + +static int keccak_init(void *vctx) +{ + /* The newctx() handles most of the ctx fixed setup. */ + sha3_reset((KECCAK1600_CTX *)vctx); + return 1; +} + +static int keccak_update(void *vctx, const unsigned char *inp, size_t len) +{ + KECCAK1600_CTX *ctx = vctx; + const size_t bsz = ctx->block_size; + size_t num, rem; + + if (len == 0) + return 1; + + /* Is there anything in the buffer already ? */ + if ((num = ctx->bufsz) != 0) { + /* Calculate how much space is left in the buffer */ + rem = bsz - num; + /* If the new input does not fill the buffer then just add it */ + if (len < rem) { + memcpy(ctx->buf + num, inp, len); + ctx->bufsz += len; + return 1; + } + /* otherwise fill up the buffer and absorb the buffer */ + memcpy(ctx->buf + num, inp, rem); + /* Update the input pointer */ + inp += rem; + len -= rem; + ctx->meth.absorb(ctx, ctx->buf, bsz); + ctx->bufsz = 0; + } + /* Absorb the input - rem = leftover part of the input < blocksize) */ + rem = ctx->meth.absorb(ctx, inp, len); + /* Copy the leftover bit of the input into the buffer */ + if (rem) { + memcpy(ctx->buf, inp + len - rem, rem); + ctx->bufsz = rem; + } + return 1; +} + +static int keccak_final(void *vctx, unsigned char *out, size_t *outl, + size_t outsz) +{ + int ret; + KECCAK1600_CTX *ctx = vctx; + + ret = ctx->meth.final(out, ctx); + *outl = ctx->md_size; + return ret; +} + +/*- + * Generic software version of the absorb() and final(). + */ +static size_t generic_sha3_absorb(void *vctx, const void *inp, size_t len) +{ + KECCAK1600_CTX *ctx = vctx; + + return SHA3_absorb(ctx->A, inp, len, ctx->block_size); +} + +static int generic_sha3_final(unsigned char *md, void *vctx) +{ + return sha3_final(md, (KECCAK1600_CTX *)vctx); +} + +static PROV_SHA3_METHOD sha3_generic_md = +{ + generic_sha3_absorb, + generic_sha3_final +}; + +#if defined(S390_SHA3) + +static sha3_absorb_fn s390x_sha3_absorb; +static sha3_final_fn s390x_sha3_final; +static sha3_final_fn s390x_shake_final; + +/*- + * The platform specific parts of the absorb() and final() for S390X. + */ +static size_t s390x_sha3_absorb(void *vctx, const void *inp, size_t len) +{ + KECCAK1600_CTX *ctx = vctx; + size_t rem = len % ctx->block_size; + + s390x_kimd(inp, len - rem, ctx->pad, ctx->A); + return rem; +} + +static int s390x_sha3_final(unsigned char *md, void *vctx) +{ + KECCAK1600_CTX *ctx = vctx; + + s390x_klmd(ctx->buf, ctx->bufsz, NULL, 0, ctx->pad, ctx->A); + memcpy(md, ctx->A, ctx->md_size); +} + +static int s390x_shake_final(unsigned char *md, void *vctx) +{ + KECCAK1600_CTX *ctx = vctx; + + s390x_klmd(ctx->buf, ctx->bufsz, md, ctx->md_size, ctx->pad, ctx->A); + return 1; +} + +static PROV_SHA3_METHOD sha3_s390x_md = +{ + s390x_sha3_absorb, + s390x_sha3_final +}; + +static PROV_SHA3_METHOD shake_s390x_md = +{ + s390x_sha3_absorb, + s390x_shake_final +}; + +# define SHA3_SET_MD(uname, typ) \ + if (S390_SHA3_CAPABLE(uname)) { \ + ctx->pad = S390X_##uname; \ + ctx->meth = typ##_s390x_md; \ + } else { \ + ctx->meth = sha3_generic_md; \ + } +#else +# define SHA3_SET_MD(uname, typ) ctx->meth = sha3_generic_md; +#endif /* S390_SHA3 */ + +#define SHA3_newctx(typ, uname, name, bitlen, pad) \ +static OSSL_OP_digest_newctx_fn name##_newctx; \ +static void *name##_newctx(void *provctx) \ +{ \ + KECCAK1600_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); \ + \ + if (ctx == NULL) \ + return NULL; \ + sha3_init(ctx, pad, bitlen); \ + SHA3_SET_MD(name, typ) \ + return ctx; \ +} + +#define KMAC_newctx(uname, bitlen, pad) \ +static OSSL_OP_digest_newctx_fn uname##_newctx; \ +static void *uname##_newctx(void *provctx) \ +{ \ + KECCAK1600_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); \ + \ + if (ctx == NULL) \ + return NULL; \ + keccak_kmac_init(ctx, pad, bitlen); \ + ctx->meth = sha3_generic_md; \ + return ctx; \ +} + +#define OSSL_FUNC_SHA3_DIGEST(name, bitlen, dgstsize, stparams) \ +static OSSL_OP_digest_size_fn name##_size; \ +static OSSL_OP_digest_block_size_fn name##_block_size; \ +static size_t name##_block_size(void) \ +{ \ + return SHA3_BLOCKSIZE(bitlen); \ +} \ +static size_t name##_size(void) \ +{ \ + return dgstsize; \ +} \ +const OSSL_DISPATCH name##_functions[] = { \ + { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))name##_newctx }, \ + { OSSL_FUNC_DIGEST_INIT, (void (*)(void))keccak_init }, \ + { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))keccak_update }, \ + { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))keccak_final }, \ + { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))keccak_freectx }, \ + { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))keccak_dupctx }, \ + { OSSL_FUNC_DIGEST_SIZE, (void (*)(void))name##_size }, \ + { OSSL_FUNC_DIGEST_BLOCK_SIZE, (void (*)(void))name##_block_size }, \ + { OSSL_FUNC_DIGEST_SET_PARAMS, (void (*)(void))stparams },\ +OSSL_FUNC_DIGEST_CONSTRUCT_END + +static void keccak_freectx(void *vctx) +{ + KECCAK1600_CTX *ctx = (KECCAK1600_CTX *)vctx; + + OPENSSL_clear_free(ctx, sizeof(*ctx)); +} + +static void *keccak_dupctx(void *ctx) +{ + KECCAK1600_CTX *in = (KECCAK1600_CTX *)ctx; + KECCAK1600_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + + *ret = *in; + return ret; +} + +static int shake_set_params(void *vctx, const OSSL_PARAM params[]) +{ + const OSSL_PARAM *p; + KECCAK1600_CTX *ctx = (KECCAK1600_CTX *)vctx; + + if (ctx != NULL && params != NULL) { + p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_XOFLEN); + if (p != NULL && !OSSL_PARAM_get_size_t(p, &ctx->md_size)) + return 0; + return 1; + } + return 0; /* Null Parameter */ +} + +#define SHA3(bitlen) \ + SHA3_newctx(sha3, SHA3_##bitlen, sha3_##bitlen, bitlen, '\x06') \ + OSSL_FUNC_SHA3_DIGEST(sha3_##bitlen, bitlen, SHA3_MDSIZE(bitlen), NULL) + +#define SHAKE(bitlen) \ + SHA3_newctx(shake, SHAKE_##bitlen, shake_##bitlen, bitlen, '\x1f') \ + OSSL_FUNC_SHA3_DIGEST(shake_##bitlen, bitlen, SHA3_MDSIZE(bitlen), \ + shake_set_params) +#define KMAC(bitlen) \ + KMAC_newctx(keccak_kmac_##bitlen, bitlen, '\x04') \ + OSSL_FUNC_SHA3_DIGEST(keccak_kmac_##bitlen, bitlen, KMAC_MDSIZE(bitlen), \ + shake_set_params) + +SHA3(224) +SHA3(256) +SHA3(384) +SHA3(512) +SHAKE(128) +SHAKE(256) +KMAC(128) +KMAC(256) diff --git a/providers/default/digests/blake2.c b/providers/default/digests/blake2.c deleted file mode 100644 index 18a8d60b0c..0000000000 --- a/providers/default/digests/blake2.c +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/blake2.h" -#include "internal/core_mkdigest.h" -#include "internal/provider_algs.h" - -OSSL_OP_digest_init_fn blake2s256_init; -OSSL_OP_digest_init_fn blake2b512_init; - -int blake2s256_init(void *ctx) -{ - BLAKE2S_PARAM P; - - blake2s_param_init(&P); - return blake2s_init((BLAKE2S_CTX *)ctx, &P); -} - -int blake2b512_init(void *ctx) -{ - BLAKE2B_PARAM P; - - blake2b_param_init(&P); - return blake2b_init((BLAKE2B_CTX *)ctx, &P); -} - -OSSL_FUNC_DIGEST_CONSTRUCT(blake2s256, BLAKE2S_CTX, - BLAKE2S_BLOCKBYTES, BLAKE2S_DIGEST_LENGTH, - blake2s256_init, blake2s_update, blake2s_final) - -OSSL_FUNC_DIGEST_CONSTRUCT(blake2b512, BLAKE2B_CTX, - BLAKE2B_BLOCKBYTES, BLAKE2B_DIGEST_LENGTH, - blake2b512_init, blake2b_update, blake2b_final) diff --git a/providers/default/digests/blake2_prov.c b/providers/default/digests/blake2_prov.c new file mode 100644 index 0000000000..18a8d60b0c --- /dev/null +++ b/providers/default/digests/blake2_prov.c @@ -0,0 +1,40 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/blake2.h" +#include "internal/core_mkdigest.h" +#include "internal/provider_algs.h" + +OSSL_OP_digest_init_fn blake2s256_init; +OSSL_OP_digest_init_fn blake2b512_init; + +int blake2s256_init(void *ctx) +{ + BLAKE2S_PARAM P; + + blake2s_param_init(&P); + return blake2s_init((BLAKE2S_CTX *)ctx, &P); +} + +int blake2b512_init(void *ctx) +{ + BLAKE2B_PARAM P; + + blake2b_param_init(&P); + return blake2b_init((BLAKE2B_CTX *)ctx, &P); +} + +OSSL_FUNC_DIGEST_CONSTRUCT(blake2s256, BLAKE2S_CTX, + BLAKE2S_BLOCKBYTES, BLAKE2S_DIGEST_LENGTH, + blake2s256_init, blake2s_update, blake2s_final) + +OSSL_FUNC_DIGEST_CONSTRUCT(blake2b512, BLAKE2B_CTX, + BLAKE2B_BLOCKBYTES, BLAKE2B_DIGEST_LENGTH, + blake2b512_init, blake2b_update, blake2b_final) diff --git a/providers/default/digests/blake2b.c b/providers/default/digests/blake2b.c deleted file mode 100644 index 8801270417..0000000000 --- a/providers/default/digests/blake2b.c +++ /dev/null @@ -1,329 +0,0 @@ -/* - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Derived from the BLAKE2 reference implementation written by Samuel Neves. - * Copyright 2012, Samuel Neves - * More information about the BLAKE2 hash function and its implementations - * can be found at https://blake2.net. - */ - -#include -#include -#include -#include "blake2_impl.h" - -#include "internal/blake2.h" - -static const uint64_t blake2b_IV[8] = -{ - 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, - 0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL, - 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL, - 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL -}; - -static const uint8_t blake2b_sigma[12][16] = -{ - { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } , - { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } , - { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 } , - { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 } , - { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 } , - { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 } , - { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 } , - { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 } , - { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 } , - { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 } , - { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } , - { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } -}; - -/* Set that it's the last block we'll compress */ -static ossl_inline void blake2b_set_lastblock(BLAKE2B_CTX *S) -{ - S->f[0] = -1; -} - -/* Initialize the hashing state. */ -static ossl_inline void blake2b_init0(BLAKE2B_CTX *S) -{ - int i; - - memset(S, 0, sizeof(BLAKE2B_CTX)); - for (i = 0; i < 8; ++i) { - S->h[i] = blake2b_IV[i]; - } -} - -/* init xors IV with input parameter block and sets the output length */ -static void blake2b_init_param(BLAKE2B_CTX *S, const BLAKE2B_PARAM *P) -{ - size_t i; - const uint8_t *p = (const uint8_t *)(P); - - blake2b_init0(S); - S->outlen = P->digest_length; - - /* The param struct is carefully hand packed, and should be 64 bytes on - * every platform. */ - assert(sizeof(BLAKE2B_PARAM) == 64); - /* IV XOR ParamBlock */ - for (i = 0; i < 8; ++i) { - S->h[i] ^= load64(p + sizeof(S->h[i]) * i); - } -} - -/* Initialize the parameter block with default values */ -void blake2b_param_init(BLAKE2B_PARAM *P) -{ - P->digest_length = BLAKE2B_DIGEST_LENGTH; - P->key_length = 0; - P->fanout = 1; - P->depth = 1; - store32(P->leaf_length, 0); - store64(P->node_offset, 0); - P->node_depth = 0; - P->inner_length = 0; - memset(P->reserved, 0, sizeof(P->reserved)); - memset(P->salt, 0, sizeof(P->salt)); - memset(P->personal, 0, sizeof(P->personal)); -} - -void blake2b_param_set_digest_length(BLAKE2B_PARAM *P, uint8_t outlen) -{ - P->digest_length = outlen; -} - -void blake2b_param_set_key_length(BLAKE2B_PARAM *P, uint8_t keylen) -{ - P->key_length = keylen; -} - -void blake2b_param_set_personal(BLAKE2B_PARAM *P, const uint8_t *personal, size_t len) -{ - memcpy(P->personal, personal, len); - memset(P->personal + len, 0, BLAKE2B_PERSONALBYTES - len); -} - -void blake2b_param_set_salt(BLAKE2B_PARAM *P, const uint8_t *salt, size_t len) -{ - memcpy(P->salt, salt, len); - memset(P->salt + len, 0, BLAKE2B_SALTBYTES - len); -} - -/* - * Initialize the hashing context with the given parameter block. - * Always returns 1. - */ -int blake2b_init(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P) -{ - blake2b_init_param(c, P); - return 1; -} - -/* - * Initialize the hashing context with the given parameter block and key. - * Always returns 1. - */ -int blake2b_init_key(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P, const void *key) -{ - blake2b_init_param(c, P); - - /* Pad the key to form first data block */ - { - uint8_t block[BLAKE2B_BLOCKBYTES] = {0}; - - memcpy(block, key, P->key_length); - blake2b_update(c, block, BLAKE2B_BLOCKBYTES); - OPENSSL_cleanse(block, BLAKE2B_BLOCKBYTES); - } - - return 1; -} - -/* Permute the state while xoring in the block of data. */ -static void blake2b_compress(BLAKE2B_CTX *S, - const uint8_t *blocks, - size_t len) -{ - uint64_t m[16]; - uint64_t v[16]; - int i; - size_t increment; - - /* - * There are two distinct usage vectors for this function: - * - * a) BLAKE2b_Update uses it to process complete blocks, - * possibly more than one at a time; - * - * b) BLAK2b_Final uses it to process last block, always - * single but possibly incomplete, in which case caller - * pads input with zeros. - */ - assert(len < BLAKE2B_BLOCKBYTES || len % BLAKE2B_BLOCKBYTES == 0); - - /* - * Since last block is always processed with separate call, - * |len| not being multiple of complete blocks can be observed - * only with |len| being less than BLAKE2B_BLOCKBYTES ("less" - * including even zero), which is why following assignment doesn't - * have to reside inside the main loop below. - */ - increment = len < BLAKE2B_BLOCKBYTES ? len : BLAKE2B_BLOCKBYTES; - - for (i = 0; i < 8; ++i) { - v[i] = S->h[i]; - } - - do { - for (i = 0; i < 16; ++i) { - m[i] = load64(blocks + i * sizeof(m[i])); - } - - /* blake2b_increment_counter */ - S->t[0] += increment; - S->t[1] += (S->t[0] < increment); - - v[8] = blake2b_IV[0]; - v[9] = blake2b_IV[1]; - v[10] = blake2b_IV[2]; - v[11] = blake2b_IV[3]; - v[12] = S->t[0] ^ blake2b_IV[4]; - v[13] = S->t[1] ^ blake2b_IV[5]; - v[14] = S->f[0] ^ blake2b_IV[6]; - v[15] = S->f[1] ^ blake2b_IV[7]; -#define G(r,i,a,b,c,d) \ - do { \ - a = a + b + m[blake2b_sigma[r][2*i+0]]; \ - d = rotr64(d ^ a, 32); \ - c = c + d; \ - b = rotr64(b ^ c, 24); \ - a = a + b + m[blake2b_sigma[r][2*i+1]]; \ - d = rotr64(d ^ a, 16); \ - c = c + d; \ - b = rotr64(b ^ c, 63); \ - } while (0) -#define ROUND(r) \ - do { \ - G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \ - G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \ - G(r,2,v[ 2],v[ 6],v[10],v[14]); \ - G(r,3,v[ 3],v[ 7],v[11],v[15]); \ - G(r,4,v[ 0],v[ 5],v[10],v[15]); \ - G(r,5,v[ 1],v[ 6],v[11],v[12]); \ - G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \ - G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \ - } while (0) -#if defined(OPENSSL_SMALL_FOOTPRINT) - /* 3x size reduction on x86_64, almost 7x on ARMv8, 9x on ARMv4 */ - for (i = 0; i < 12; i++) { - ROUND(i); - } -#else - ROUND(0); - ROUND(1); - ROUND(2); - ROUND(3); - ROUND(4); - ROUND(5); - ROUND(6); - ROUND(7); - ROUND(8); - ROUND(9); - ROUND(10); - ROUND(11); -#endif - - for (i = 0; i < 8; ++i) { - S->h[i] = v[i] ^= v[i + 8] ^ S->h[i]; - } -#undef G -#undef ROUND - blocks += increment; - len -= increment; - } while (len); -} - -/* Absorb the input data into the hash state. Always returns 1. */ -int blake2b_update(BLAKE2B_CTX *c, const void *data, size_t datalen) -{ - const uint8_t *in = data; - size_t fill; - - /* - * Intuitively one would expect intermediate buffer, c->buf, to - * store incomplete blocks. But in this case we are interested to - * temporarily stash even complete blocks, because last one in the - * stream has to be treated in special way, and at this point we - * don't know if last block in *this* call is last one "ever". This - * is the reason for why |datalen| is compared as >, and not >=. - */ - fill = sizeof(c->buf) - c->buflen; - if (datalen > fill) { - if (c->buflen) { - memcpy(c->buf + c->buflen, in, fill); /* Fill buffer */ - blake2b_compress(c, c->buf, BLAKE2B_BLOCKBYTES); - c->buflen = 0; - in += fill; - datalen -= fill; - } - if (datalen > BLAKE2B_BLOCKBYTES) { - size_t stashlen = datalen % BLAKE2B_BLOCKBYTES; - /* - * If |datalen| is a multiple of the blocksize, stash - * last complete block, it can be final one... - */ - stashlen = stashlen ? stashlen : BLAKE2B_BLOCKBYTES; - datalen -= stashlen; - blake2b_compress(c, in, datalen); - in += datalen; - datalen = stashlen; - } - } - - assert(datalen <= BLAKE2B_BLOCKBYTES); - - memcpy(c->buf + c->buflen, in, datalen); - c->buflen += datalen; /* Be lazy, do not compress */ - - return 1; -} - -/* - * Calculate the final hash and save it in md. - * Always returns 1. - */ -int blake2b_final(unsigned char *md, BLAKE2B_CTX *c) -{ - uint8_t outbuffer[BLAKE2B_OUTBYTES] = {0}; - uint8_t *target = outbuffer; - int iter = (c->outlen + 7) / 8; - int i; - - /* Avoid writing to the temporary buffer if possible */ - if ((c->outlen % sizeof(c->h[0])) == 0) - target = md; - - blake2b_set_lastblock(c); - /* Padding */ - memset(c->buf + c->buflen, 0, sizeof(c->buf) - c->buflen); - blake2b_compress(c, c->buf, c->buflen); - - /* Output full hash to buffer */ - for (i = 0; i < iter; ++i) - store64(target + sizeof(c->h[i]) * i, c->h[i]); - - if (target != md) - memcpy(md, target, c->outlen); - - OPENSSL_cleanse(c, sizeof(BLAKE2B_CTX)); - return 1; -} diff --git a/providers/default/digests/blake2b_prov.c b/providers/default/digests/blake2b_prov.c new file mode 100644 index 0000000000..8801270417 --- /dev/null +++ b/providers/default/digests/blake2b_prov.c @@ -0,0 +1,329 @@ +/* + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Derived from the BLAKE2 reference implementation written by Samuel Neves. + * Copyright 2012, Samuel Neves + * More information about the BLAKE2 hash function and its implementations + * can be found at https://blake2.net. + */ + +#include +#include +#include +#include "blake2_impl.h" + +#include "internal/blake2.h" + +static const uint64_t blake2b_IV[8] = +{ + 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, + 0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL, + 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL, + 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL +}; + +static const uint8_t blake2b_sigma[12][16] = +{ + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } , + { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } , + { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 } , + { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 } , + { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 } , + { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 } , + { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 } , + { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 } , + { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 } , + { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 } , + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } , + { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } +}; + +/* Set that it's the last block we'll compress */ +static ossl_inline void blake2b_set_lastblock(BLAKE2B_CTX *S) +{ + S->f[0] = -1; +} + +/* Initialize the hashing state. */ +static ossl_inline void blake2b_init0(BLAKE2B_CTX *S) +{ + int i; + + memset(S, 0, sizeof(BLAKE2B_CTX)); + for (i = 0; i < 8; ++i) { + S->h[i] = blake2b_IV[i]; + } +} + +/* init xors IV with input parameter block and sets the output length */ +static void blake2b_init_param(BLAKE2B_CTX *S, const BLAKE2B_PARAM *P) +{ + size_t i; + const uint8_t *p = (const uint8_t *)(P); + + blake2b_init0(S); + S->outlen = P->digest_length; + + /* The param struct is carefully hand packed, and should be 64 bytes on + * every platform. */ + assert(sizeof(BLAKE2B_PARAM) == 64); + /* IV XOR ParamBlock */ + for (i = 0; i < 8; ++i) { + S->h[i] ^= load64(p + sizeof(S->h[i]) * i); + } +} + +/* Initialize the parameter block with default values */ +void blake2b_param_init(BLAKE2B_PARAM *P) +{ + P->digest_length = BLAKE2B_DIGEST_LENGTH; + P->key_length = 0; + P->fanout = 1; + P->depth = 1; + store32(P->leaf_length, 0); + store64(P->node_offset, 0); + P->node_depth = 0; + P->inner_length = 0; + memset(P->reserved, 0, sizeof(P->reserved)); + memset(P->salt, 0, sizeof(P->salt)); + memset(P->personal, 0, sizeof(P->personal)); +} + +void blake2b_param_set_digest_length(BLAKE2B_PARAM *P, uint8_t outlen) +{ + P->digest_length = outlen; +} + +void blake2b_param_set_key_length(BLAKE2B_PARAM *P, uint8_t keylen) +{ + P->key_length = keylen; +} + +void blake2b_param_set_personal(BLAKE2B_PARAM *P, const uint8_t *personal, size_t len) +{ + memcpy(P->personal, personal, len); + memset(P->personal + len, 0, BLAKE2B_PERSONALBYTES - len); +} + +void blake2b_param_set_salt(BLAKE2B_PARAM *P, const uint8_t *salt, size_t len) +{ + memcpy(P->salt, salt, len); + memset(P->salt + len, 0, BLAKE2B_SALTBYTES - len); +} + +/* + * Initialize the hashing context with the given parameter block. + * Always returns 1. + */ +int blake2b_init(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P) +{ + blake2b_init_param(c, P); + return 1; +} + +/* + * Initialize the hashing context with the given parameter block and key. + * Always returns 1. + */ +int blake2b_init_key(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P, const void *key) +{ + blake2b_init_param(c, P); + + /* Pad the key to form first data block */ + { + uint8_t block[BLAKE2B_BLOCKBYTES] = {0}; + + memcpy(block, key, P->key_length); + blake2b_update(c, block, BLAKE2B_BLOCKBYTES); + OPENSSL_cleanse(block, BLAKE2B_BLOCKBYTES); + } + + return 1; +} + +/* Permute the state while xoring in the block of data. */ +static void blake2b_compress(BLAKE2B_CTX *S, + const uint8_t *blocks, + size_t len) +{ + uint64_t m[16]; + uint64_t v[16]; + int i; + size_t increment; + + /* + * There are two distinct usage vectors for this function: + * + * a) BLAKE2b_Update uses it to process complete blocks, + * possibly more than one at a time; + * + * b) BLAK2b_Final uses it to process last block, always + * single but possibly incomplete, in which case caller + * pads input with zeros. + */ + assert(len < BLAKE2B_BLOCKBYTES || len % BLAKE2B_BLOCKBYTES == 0); + + /* + * Since last block is always processed with separate call, + * |len| not being multiple of complete blocks can be observed + * only with |len| being less than BLAKE2B_BLOCKBYTES ("less" + * including even zero), which is why following assignment doesn't + * have to reside inside the main loop below. + */ + increment = len < BLAKE2B_BLOCKBYTES ? len : BLAKE2B_BLOCKBYTES; + + for (i = 0; i < 8; ++i) { + v[i] = S->h[i]; + } + + do { + for (i = 0; i < 16; ++i) { + m[i] = load64(blocks + i * sizeof(m[i])); + } + + /* blake2b_increment_counter */ + S->t[0] += increment; + S->t[1] += (S->t[0] < increment); + + v[8] = blake2b_IV[0]; + v[9] = blake2b_IV[1]; + v[10] = blake2b_IV[2]; + v[11] = blake2b_IV[3]; + v[12] = S->t[0] ^ blake2b_IV[4]; + v[13] = S->t[1] ^ blake2b_IV[5]; + v[14] = S->f[0] ^ blake2b_IV[6]; + v[15] = S->f[1] ^ blake2b_IV[7]; +#define G(r,i,a,b,c,d) \ + do { \ + a = a + b + m[blake2b_sigma[r][2*i+0]]; \ + d = rotr64(d ^ a, 32); \ + c = c + d; \ + b = rotr64(b ^ c, 24); \ + a = a + b + m[blake2b_sigma[r][2*i+1]]; \ + d = rotr64(d ^ a, 16); \ + c = c + d; \ + b = rotr64(b ^ c, 63); \ + } while (0) +#define ROUND(r) \ + do { \ + G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \ + G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \ + G(r,2,v[ 2],v[ 6],v[10],v[14]); \ + G(r,3,v[ 3],v[ 7],v[11],v[15]); \ + G(r,4,v[ 0],v[ 5],v[10],v[15]); \ + G(r,5,v[ 1],v[ 6],v[11],v[12]); \ + G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \ + G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \ + } while (0) +#if defined(OPENSSL_SMALL_FOOTPRINT) + /* 3x size reduction on x86_64, almost 7x on ARMv8, 9x on ARMv4 */ + for (i = 0; i < 12; i++) { + ROUND(i); + } +#else + ROUND(0); + ROUND(1); + ROUND(2); + ROUND(3); + ROUND(4); + ROUND(5); + ROUND(6); + ROUND(7); + ROUND(8); + ROUND(9); + ROUND(10); + ROUND(11); +#endif + + for (i = 0; i < 8; ++i) { + S->h[i] = v[i] ^= v[i + 8] ^ S->h[i]; + } +#undef G +#undef ROUND + blocks += increment; + len -= increment; + } while (len); +} + +/* Absorb the input data into the hash state. Always returns 1. */ +int blake2b_update(BLAKE2B_CTX *c, const void *data, size_t datalen) +{ + const uint8_t *in = data; + size_t fill; + + /* + * Intuitively one would expect intermediate buffer, c->buf, to + * store incomplete blocks. But in this case we are interested to + * temporarily stash even complete blocks, because last one in the + * stream has to be treated in special way, and at this point we + * don't know if last block in *this* call is last one "ever". This + * is the reason for why |datalen| is compared as >, and not >=. + */ + fill = sizeof(c->buf) - c->buflen; + if (datalen > fill) { + if (c->buflen) { + memcpy(c->buf + c->buflen, in, fill); /* Fill buffer */ + blake2b_compress(c, c->buf, BLAKE2B_BLOCKBYTES); + c->buflen = 0; + in += fill; + datalen -= fill; + } + if (datalen > BLAKE2B_BLOCKBYTES) { + size_t stashlen = datalen % BLAKE2B_BLOCKBYTES; + /* + * If |datalen| is a multiple of the blocksize, stash + * last complete block, it can be final one... + */ + stashlen = stashlen ? stashlen : BLAKE2B_BLOCKBYTES; + datalen -= stashlen; + blake2b_compress(c, in, datalen); + in += datalen; + datalen = stashlen; + } + } + + assert(datalen <= BLAKE2B_BLOCKBYTES); + + memcpy(c->buf + c->buflen, in, datalen); + c->buflen += datalen; /* Be lazy, do not compress */ + + return 1; +} + +/* + * Calculate the final hash and save it in md. + * Always returns 1. + */ +int blake2b_final(unsigned char *md, BLAKE2B_CTX *c) +{ + uint8_t outbuffer[BLAKE2B_OUTBYTES] = {0}; + uint8_t *target = outbuffer; + int iter = (c->outlen + 7) / 8; + int i; + + /* Avoid writing to the temporary buffer if possible */ + if ((c->outlen % sizeof(c->h[0])) == 0) + target = md; + + blake2b_set_lastblock(c); + /* Padding */ + memset(c->buf + c->buflen, 0, sizeof(c->buf) - c->buflen); + blake2b_compress(c, c->buf, c->buflen); + + /* Output full hash to buffer */ + for (i = 0; i < iter; ++i) + store64(target + sizeof(c->h[i]) * i, c->h[i]); + + if (target != md) + memcpy(md, target, c->outlen); + + OPENSSL_cleanse(c, sizeof(BLAKE2B_CTX)); + return 1; +} diff --git a/providers/default/digests/blake2s.c b/providers/default/digests/blake2s.c deleted file mode 100644 index a9c757ea62..0000000000 --- a/providers/default/digests/blake2s.c +++ /dev/null @@ -1,319 +0,0 @@ -/* - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Derived from the BLAKE2 reference implementation written by Samuel Neves. - * Copyright 2012, Samuel Neves - * More information about the BLAKE2 hash function and its implementations - * can be found at https://blake2.net. - */ - -#include -#include -#include -#include "blake2_impl.h" -#include "internal/blake2.h" - -static const uint32_t blake2s_IV[8] = -{ - 0x6A09E667U, 0xBB67AE85U, 0x3C6EF372U, 0xA54FF53AU, - 0x510E527FU, 0x9B05688CU, 0x1F83D9ABU, 0x5BE0CD19U -}; - -static const uint8_t blake2s_sigma[10][16] = -{ - { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } , - { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } , - { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 } , - { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 } , - { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 } , - { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 } , - { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 } , - { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 } , - { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 } , - { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 } , -}; - -/* Set that it's the last block we'll compress */ -static ossl_inline void blake2s_set_lastblock(BLAKE2S_CTX *S) -{ - S->f[0] = -1; -} - -/* Initialize the hashing state. */ -static ossl_inline void blake2s_init0(BLAKE2S_CTX *S) -{ - int i; - - memset(S, 0, sizeof(BLAKE2S_CTX)); - for (i = 0; i < 8; ++i) { - S->h[i] = blake2s_IV[i]; - } -} - -/* init xors IV with input parameter block and sets the output length */ -static void blake2s_init_param(BLAKE2S_CTX *S, const BLAKE2S_PARAM *P) -{ - size_t i; - const uint8_t *p = (const uint8_t *)(P); - - blake2s_init0(S); - S->outlen = P->digest_length; - - /* The param struct is carefully hand packed, and should be 32 bytes on - * every platform. */ - assert(sizeof(BLAKE2S_PARAM) == 32); - /* IV XOR ParamBlock */ - for (i = 0; i < 8; ++i) { - S->h[i] ^= load32(&p[i*4]); - } -} - -void blake2s_param_init(BLAKE2S_PARAM *P) -{ - P->digest_length = BLAKE2S_DIGEST_LENGTH; - P->key_length = 0; - P->fanout = 1; - P->depth = 1; - store32(P->leaf_length, 0); - store48(P->node_offset, 0); - P->node_depth = 0; - P->inner_length = 0; - memset(P->salt, 0, sizeof(P->salt)); - memset(P->personal, 0, sizeof(P->personal)); -} - -void blake2s_param_set_digest_length(BLAKE2S_PARAM *P, uint8_t outlen) -{ - P->digest_length = outlen; -} - -void blake2s_param_set_key_length(BLAKE2S_PARAM *P, uint8_t keylen) -{ - P->key_length = keylen; -} - -void blake2s_param_set_personal(BLAKE2S_PARAM *P, const uint8_t *personal, size_t len) -{ - memcpy(P->personal, personal, len); - memset(P->personal + len, 0, BLAKE2S_PERSONALBYTES - len); -} - -void blake2s_param_set_salt(BLAKE2S_PARAM *P, const uint8_t *salt, size_t len) -{ - memcpy(P->salt, salt, len); - memset(P->salt + len, 0, BLAKE2S_SALTBYTES - len);} - -/* - * Initialize the hashing context with the given parameter block. - * Always returns 1. - */ -int blake2s_init(BLAKE2S_CTX *c, const BLAKE2S_PARAM *P) -{ - blake2s_init_param(c, P); - return 1; -} - -/* - * Initialize the hashing context with the given parameter block and key. - * Always returns 1. - */ -int blake2s_init_key(BLAKE2S_CTX *c, const BLAKE2S_PARAM *P, const void *key) -{ - blake2s_init_param(c, P); - - /* Pad the key to form first data block */ - { - uint8_t block[BLAKE2S_BLOCKBYTES] = {0}; - - memcpy(block, key, P->key_length); - blake2s_update(c, block, BLAKE2S_BLOCKBYTES); - OPENSSL_cleanse(block, BLAKE2S_BLOCKBYTES); - } - - return 1; -} - -/* Permute the state while xoring in the block of data. */ -static void blake2s_compress(BLAKE2S_CTX *S, - const uint8_t *blocks, - size_t len) -{ - uint32_t m[16]; - uint32_t v[16]; - size_t i; - size_t increment; - - /* - * There are two distinct usage vectors for this function: - * - * a) BLAKE2s_Update uses it to process complete blocks, - * possibly more than one at a time; - * - * b) BLAK2s_Final uses it to process last block, always - * single but possibly incomplete, in which case caller - * pads input with zeros. - */ - assert(len < BLAKE2S_BLOCKBYTES || len % BLAKE2S_BLOCKBYTES == 0); - - /* - * Since last block is always processed with separate call, - * |len| not being multiple of complete blocks can be observed - * only with |len| being less than BLAKE2S_BLOCKBYTES ("less" - * including even zero), which is why following assignment doesn't - * have to reside inside the main loop below. - */ - increment = len < BLAKE2S_BLOCKBYTES ? len : BLAKE2S_BLOCKBYTES; - - for (i = 0; i < 8; ++i) { - v[i] = S->h[i]; - } - - do { - for (i = 0; i < 16; ++i) { - m[i] = load32(blocks + i * sizeof(m[i])); - } - - /* blake2s_increment_counter */ - S->t[0] += increment; - S->t[1] += (S->t[0] < increment); - - v[ 8] = blake2s_IV[0]; - v[ 9] = blake2s_IV[1]; - v[10] = blake2s_IV[2]; - v[11] = blake2s_IV[3]; - v[12] = S->t[0] ^ blake2s_IV[4]; - v[13] = S->t[1] ^ blake2s_IV[5]; - v[14] = S->f[0] ^ blake2s_IV[6]; - v[15] = S->f[1] ^ blake2s_IV[7]; -#define G(r,i,a,b,c,d) \ - do { \ - a = a + b + m[blake2s_sigma[r][2*i+0]]; \ - d = rotr32(d ^ a, 16); \ - c = c + d; \ - b = rotr32(b ^ c, 12); \ - a = a + b + m[blake2s_sigma[r][2*i+1]]; \ - d = rotr32(d ^ a, 8); \ - c = c + d; \ - b = rotr32(b ^ c, 7); \ - } while (0) -#define ROUND(r) \ - do { \ - G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \ - G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \ - G(r,2,v[ 2],v[ 6],v[10],v[14]); \ - G(r,3,v[ 3],v[ 7],v[11],v[15]); \ - G(r,4,v[ 0],v[ 5],v[10],v[15]); \ - G(r,5,v[ 1],v[ 6],v[11],v[12]); \ - G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \ - G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \ - } while (0) -#if defined(OPENSSL_SMALL_FOOTPRINT) - /* almost 3x reduction on x86_64, 4.5x on ARMv8, 4x on ARMv4 */ - for (i = 0; i < 10; i++) { - ROUND(i); - } -#else - ROUND(0); - ROUND(1); - ROUND(2); - ROUND(3); - ROUND(4); - ROUND(5); - ROUND(6); - ROUND(7); - ROUND(8); - ROUND(9); -#endif - - for (i = 0; i < 8; ++i) { - S->h[i] = v[i] ^= v[i + 8] ^ S->h[i]; - } -#undef G -#undef ROUND - blocks += increment; - len -= increment; - } while (len); -} - -/* Absorb the input data into the hash state. Always returns 1. */ -int blake2s_update(BLAKE2S_CTX *c, const void *data, size_t datalen) -{ - const uint8_t *in = data; - size_t fill; - - /* - * Intuitively one would expect intermediate buffer, c->buf, to - * store incomplete blocks. But in this case we are interested to - * temporarily stash even complete blocks, because last one in the - * stream has to be treated in special way, and at this point we - * don't know if last block in *this* call is last one "ever". This - * is the reason for why |datalen| is compared as >, and not >=. - */ - fill = sizeof(c->buf) - c->buflen; - if (datalen > fill) { - if (c->buflen) { - memcpy(c->buf + c->buflen, in, fill); /* Fill buffer */ - blake2s_compress(c, c->buf, BLAKE2S_BLOCKBYTES); - c->buflen = 0; - in += fill; - datalen -= fill; - } - if (datalen > BLAKE2S_BLOCKBYTES) { - size_t stashlen = datalen % BLAKE2S_BLOCKBYTES; - /* - * If |datalen| is a multiple of the blocksize, stash - * last complete block, it can be final one... - */ - stashlen = stashlen ? stashlen : BLAKE2S_BLOCKBYTES; - datalen -= stashlen; - blake2s_compress(c, in, datalen); - in += datalen; - datalen = stashlen; - } - } - - assert(datalen <= BLAKE2S_BLOCKBYTES); - - memcpy(c->buf + c->buflen, in, datalen); - c->buflen += datalen; /* Be lazy, do not compress */ - - return 1; -} - -/* - * Calculate the final hash and save it in md. - * Always returns 1. - */ -int blake2s_final(unsigned char *md, BLAKE2S_CTX *c) -{ - uint8_t outbuffer[BLAKE2S_OUTBYTES] = {0}; - uint8_t *target = outbuffer; - int iter = (c->outlen + 3) / 4; - int i; - - /* Avoid writing to the temporary buffer if possible */ - if ((c->outlen % sizeof(c->h[0])) == 0) - target = md; - - blake2s_set_lastblock(c); - /* Padding */ - memset(c->buf + c->buflen, 0, sizeof(c->buf) - c->buflen); - blake2s_compress(c, c->buf, c->buflen); - - /* Output full hash to buffer */ - for (i = 0; i < iter; ++i) - store32(target + sizeof(c->h[i]) * i, c->h[i]); - - if (target != md) - memcpy(md, target, c->outlen); - - OPENSSL_cleanse(c, sizeof(BLAKE2S_CTX)); - return 1; -} diff --git a/providers/default/digests/blake2s_prov.c b/providers/default/digests/blake2s_prov.c new file mode 100644 index 0000000000..a9c757ea62 --- /dev/null +++ b/providers/default/digests/blake2s_prov.c @@ -0,0 +1,319 @@ +/* + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Derived from the BLAKE2 reference implementation written by Samuel Neves. + * Copyright 2012, Samuel Neves + * More information about the BLAKE2 hash function and its implementations + * can be found at https://blake2.net. + */ + +#include +#include +#include +#include "blake2_impl.h" +#include "internal/blake2.h" + +static const uint32_t blake2s_IV[8] = +{ + 0x6A09E667U, 0xBB67AE85U, 0x3C6EF372U, 0xA54FF53AU, + 0x510E527FU, 0x9B05688CU, 0x1F83D9ABU, 0x5BE0CD19U +}; + +static const uint8_t blake2s_sigma[10][16] = +{ + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } , + { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } , + { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 } , + { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 } , + { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 } , + { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 } , + { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 } , + { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 } , + { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 } , + { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 } , +}; + +/* Set that it's the last block we'll compress */ +static ossl_inline void blake2s_set_lastblock(BLAKE2S_CTX *S) +{ + S->f[0] = -1; +} + +/* Initialize the hashing state. */ +static ossl_inline void blake2s_init0(BLAKE2S_CTX *S) +{ + int i; + + memset(S, 0, sizeof(BLAKE2S_CTX)); + for (i = 0; i < 8; ++i) { + S->h[i] = blake2s_IV[i]; + } +} + +/* init xors IV with input parameter block and sets the output length */ +static void blake2s_init_param(BLAKE2S_CTX *S, const BLAKE2S_PARAM *P) +{ + size_t i; + const uint8_t *p = (const uint8_t *)(P); + + blake2s_init0(S); + S->outlen = P->digest_length; + + /* The param struct is carefully hand packed, and should be 32 bytes on + * every platform. */ + assert(sizeof(BLAKE2S_PARAM) == 32); + /* IV XOR ParamBlock */ + for (i = 0; i < 8; ++i) { + S->h[i] ^= load32(&p[i*4]); + } +} + +void blake2s_param_init(BLAKE2S_PARAM *P) +{ + P->digest_length = BLAKE2S_DIGEST_LENGTH; + P->key_length = 0; + P->fanout = 1; + P->depth = 1; + store32(P->leaf_length, 0); + store48(P->node_offset, 0); + P->node_depth = 0; + P->inner_length = 0; + memset(P->salt, 0, sizeof(P->salt)); + memset(P->personal, 0, sizeof(P->personal)); +} + +void blake2s_param_set_digest_length(BLAKE2S_PARAM *P, uint8_t outlen) +{ + P->digest_length = outlen; +} + +void blake2s_param_set_key_length(BLAKE2S_PARAM *P, uint8_t keylen) +{ + P->key_length = keylen; +} + +void blake2s_param_set_personal(BLAKE2S_PARAM *P, const uint8_t *personal, size_t len) +{ + memcpy(P->personal, personal, len); + memset(P->personal + len, 0, BLAKE2S_PERSONALBYTES - len); +} + +void blake2s_param_set_salt(BLAKE2S_PARAM *P, const uint8_t *salt, size_t len) +{ + memcpy(P->salt, salt, len); + memset(P->salt + len, 0, BLAKE2S_SALTBYTES - len);} + +/* + * Initialize the hashing context with the given parameter block. + * Always returns 1. + */ +int blake2s_init(BLAKE2S_CTX *c, const BLAKE2S_PARAM *P) +{ + blake2s_init_param(c, P); + return 1; +} + +/* + * Initialize the hashing context with the given parameter block and key. + * Always returns 1. + */ +int blake2s_init_key(BLAKE2S_CTX *c, const BLAKE2S_PARAM *P, const void *key) +{ + blake2s_init_param(c, P); + + /* Pad the key to form first data block */ + { + uint8_t block[BLAKE2S_BLOCKBYTES] = {0}; + + memcpy(block, key, P->key_length); + blake2s_update(c, block, BLAKE2S_BLOCKBYTES); + OPENSSL_cleanse(block, BLAKE2S_BLOCKBYTES); + } + + return 1; +} + +/* Permute the state while xoring in the block of data. */ +static void blake2s_compress(BLAKE2S_CTX *S, + const uint8_t *blocks, + size_t len) +{ + uint32_t m[16]; + uint32_t v[16]; + size_t i; + size_t increment; + + /* + * There are two distinct usage vectors for this function: + * + * a) BLAKE2s_Update uses it to process complete blocks, + * possibly more than one at a time; + * + * b) BLAK2s_Final uses it to process last block, always + * single but possibly incomplete, in which case caller + * pads input with zeros. + */ + assert(len < BLAKE2S_BLOCKBYTES || len % BLAKE2S_BLOCKBYTES == 0); + + /* + * Since last block is always processed with separate call, + * |len| not being multiple of complete blocks can be observed + * only with |len| being less than BLAKE2S_BLOCKBYTES ("less" + * including even zero), which is why following assignment doesn't + * have to reside inside the main loop below. + */ + increment = len < BLAKE2S_BLOCKBYTES ? len : BLAKE2S_BLOCKBYTES; + + for (i = 0; i < 8; ++i) { + v[i] = S->h[i]; + } + + do { + for (i = 0; i < 16; ++i) { + m[i] = load32(blocks + i * sizeof(m[i])); + } + + /* blake2s_increment_counter */ + S->t[0] += increment; + S->t[1] += (S->t[0] < increment); + + v[ 8] = blake2s_IV[0]; + v[ 9] = blake2s_IV[1]; + v[10] = blake2s_IV[2]; + v[11] = blake2s_IV[3]; + v[12] = S->t[0] ^ blake2s_IV[4]; + v[13] = S->t[1] ^ blake2s_IV[5]; + v[14] = S->f[0] ^ blake2s_IV[6]; + v[15] = S->f[1] ^ blake2s_IV[7]; +#define G(r,i,a,b,c,d) \ + do { \ + a = a + b + m[blake2s_sigma[r][2*i+0]]; \ + d = rotr32(d ^ a, 16); \ + c = c + d; \ + b = rotr32(b ^ c, 12); \ + a = a + b + m[blake2s_sigma[r][2*i+1]]; \ + d = rotr32(d ^ a, 8); \ + c = c + d; \ + b = rotr32(b ^ c, 7); \ + } while (0) +#define ROUND(r) \ + do { \ + G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \ + G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \ + G(r,2,v[ 2],v[ 6],v[10],v[14]); \ + G(r,3,v[ 3],v[ 7],v[11],v[15]); \ + G(r,4,v[ 0],v[ 5],v[10],v[15]); \ + G(r,5,v[ 1],v[ 6],v[11],v[12]); \ + G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \ + G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \ + } while (0) +#if defined(OPENSSL_SMALL_FOOTPRINT) + /* almost 3x reduction on x86_64, 4.5x on ARMv8, 4x on ARMv4 */ + for (i = 0; i < 10; i++) { + ROUND(i); + } +#else + ROUND(0); + ROUND(1); + ROUND(2); + ROUND(3); + ROUND(4); + ROUND(5); + ROUND(6); + ROUND(7); + ROUND(8); + ROUND(9); +#endif + + for (i = 0; i < 8; ++i) { + S->h[i] = v[i] ^= v[i + 8] ^ S->h[i]; + } +#undef G +#undef ROUND + blocks += increment; + len -= increment; + } while (len); +} + +/* Absorb the input data into the hash state. Always returns 1. */ +int blake2s_update(BLAKE2S_CTX *c, const void *data, size_t datalen) +{ + const uint8_t *in = data; + size_t fill; + + /* + * Intuitively one would expect intermediate buffer, c->buf, to + * store incomplete blocks. But in this case we are interested to + * temporarily stash even complete blocks, because last one in the + * stream has to be treated in special way, and at this point we + * don't know if last block in *this* call is last one "ever". This + * is the reason for why |datalen| is compared as >, and not >=. + */ + fill = sizeof(c->buf) - c->buflen; + if (datalen > fill) { + if (c->buflen) { + memcpy(c->buf + c->buflen, in, fill); /* Fill buffer */ + blake2s_compress(c, c->buf, BLAKE2S_BLOCKBYTES); + c->buflen = 0; + in += fill; + datalen -= fill; + } + if (datalen > BLAKE2S_BLOCKBYTES) { + size_t stashlen = datalen % BLAKE2S_BLOCKBYTES; + /* + * If |datalen| is a multiple of the blocksize, stash + * last complete block, it can be final one... + */ + stashlen = stashlen ? stashlen : BLAKE2S_BLOCKBYTES; + datalen -= stashlen; + blake2s_compress(c, in, datalen); + in += datalen; + datalen = stashlen; + } + } + + assert(datalen <= BLAKE2S_BLOCKBYTES); + + memcpy(c->buf + c->buflen, in, datalen); + c->buflen += datalen; /* Be lazy, do not compress */ + + return 1; +} + +/* + * Calculate the final hash and save it in md. + * Always returns 1. + */ +int blake2s_final(unsigned char *md, BLAKE2S_CTX *c) +{ + uint8_t outbuffer[BLAKE2S_OUTBYTES] = {0}; + uint8_t *target = outbuffer; + int iter = (c->outlen + 3) / 4; + int i; + + /* Avoid writing to the temporary buffer if possible */ + if ((c->outlen % sizeof(c->h[0])) == 0) + target = md; + + blake2s_set_lastblock(c); + /* Padding */ + memset(c->buf + c->buflen, 0, sizeof(c->buf) - c->buflen); + blake2s_compress(c, c->buf, c->buflen); + + /* Output full hash to buffer */ + for (i = 0; i < iter; ++i) + store32(target + sizeof(c->h[i]) * i, c->h[i]); + + if (target != md) + memcpy(md, target, c->outlen); + + OPENSSL_cleanse(c, sizeof(BLAKE2S_CTX)); + return 1; +} diff --git a/providers/default/digests/build.info b/providers/default/digests/build.info index 0f15d12fc7..637436d3d4 100644 --- a/providers/default/digests/build.info +++ b/providers/default/digests/build.info @@ -1,17 +1,17 @@ SOURCE[../../../libcrypto]=\ - null.c + null_prov.c IF[{- !$disabled{blake2} -}] SOURCE[../../../libcrypto]=\ - blake2.c blake2b.c blake2s.c + blake2_prov.c blake2b_prov.c blake2s_prov.c ENDIF IF[{- !$disabled{sm3} -}] SOURCE[../../../libcrypto]=\ - sm3.c + sm3_prov.c ENDIF IF[{- !$disabled{md5} -}] SOURCE[../../../libcrypto]=\ - md5.c md5_sha1.c + md5_prov.c md5_sha1_prov.c ENDIF diff --git a/providers/default/digests/md5.c b/providers/default/digests/md5.c deleted file mode 100644 index 81636f670c..0000000000 --- a/providers/default/digests/md5.c +++ /dev/null @@ -1,17 +0,0 @@ -/* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/core_mkdigest.h" -#include "internal/provider_algs.h" - -OSSL_FUNC_DIGEST_CONSTRUCT(md5, MD5_CTX, - MD5_CBLOCK, MD5_DIGEST_LENGTH, - MD5_Init, MD5_Update, MD5_Final) diff --git a/providers/default/digests/md5_prov.c b/providers/default/digests/md5_prov.c new file mode 100644 index 0000000000..81636f670c --- /dev/null +++ b/providers/default/digests/md5_prov.c @@ -0,0 +1,17 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include "internal/core_mkdigest.h" +#include "internal/provider_algs.h" + +OSSL_FUNC_DIGEST_CONSTRUCT(md5, MD5_CTX, + MD5_CBLOCK, MD5_DIGEST_LENGTH, + MD5_Init, MD5_Update, MD5_Final) diff --git a/providers/default/digests/md5_sha1.c b/providers/default/digests/md5_sha1.c deleted file mode 100644 index 59a7df83ff..0000000000 --- a/providers/default/digests/md5_sha1.c +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - - -#include -#include -#include -#include -#include -#include "internal/core_mkdigest.h" -#include "internal/md5_sha1.h" -#include "internal/provider_algs.h" - -static OSSL_OP_digest_set_params_fn md5_sha1_set_params; - -/* Special set_params method for SSL3 */ -static int md5_sha1_set_params(void *vctx, const OSSL_PARAM params[]) -{ - int cmd = 0; - size_t msg_len = 0; - const void *msg = NULL; - const OSSL_PARAM *p; - MD5_SHA1_CTX *ctx = (MD5_SHA1_CTX *)vctx; - - if (ctx != NULL && params != NULL) { - p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_CMD); - if (p != NULL && !OSSL_PARAM_get_int(p, &cmd)) - return 0; - p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_MSG); - if (p != NULL && !OSSL_PARAM_get_octet_ptr(p, &msg, &msg_len)) - return 0; - return md5_sha1_ctrl(ctx, cmd, msg_len, (void *)msg); - } - return 0; -} - -OSSL_FUNC_DIGEST_CONSTRUCT_PARAMS(md5_sha1, MD5_SHA1_CTX, - MD5_SHA1_CBLOCK, MD5_SHA1_DIGEST_LENGTH, - md5_sha1_init, md5_sha1_update, md5_sha1_final, - md5_sha1_set_params) diff --git a/providers/default/digests/md5_sha1_prov.c b/providers/default/digests/md5_sha1_prov.c new file mode 100644 index 0000000000..59a7df83ff --- /dev/null +++ b/providers/default/digests/md5_sha1_prov.c @@ -0,0 +1,46 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + + +#include +#include +#include +#include +#include +#include "internal/core_mkdigest.h" +#include "internal/md5_sha1.h" +#include "internal/provider_algs.h" + +static OSSL_OP_digest_set_params_fn md5_sha1_set_params; + +/* Special set_params method for SSL3 */ +static int md5_sha1_set_params(void *vctx, const OSSL_PARAM params[]) +{ + int cmd = 0; + size_t msg_len = 0; + const void *msg = NULL; + const OSSL_PARAM *p; + MD5_SHA1_CTX *ctx = (MD5_SHA1_CTX *)vctx; + + if (ctx != NULL && params != NULL) { + p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_CMD); + if (p != NULL && !OSSL_PARAM_get_int(p, &cmd)) + return 0; + p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_MSG); + if (p != NULL && !OSSL_PARAM_get_octet_ptr(p, &msg, &msg_len)) + return 0; + return md5_sha1_ctrl(ctx, cmd, msg_len, (void *)msg); + } + return 0; +} + +OSSL_FUNC_DIGEST_CONSTRUCT_PARAMS(md5_sha1, MD5_SHA1_CTX, + MD5_SHA1_CBLOCK, MD5_SHA1_DIGEST_LENGTH, + md5_sha1_init, md5_sha1_update, md5_sha1_final, + md5_sha1_set_params) diff --git a/providers/default/digests/null.c b/providers/default/digests/null.c deleted file mode 100644 index d7644f4cbf..0000000000 --- a/providers/default/digests/null.c +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/provider_algs.h" - -static int nullmd_dummy = 1; - -static OSSL_OP_digest_init_fn nullmd_init; -static OSSL_OP_digest_update_fn nullmd_update; -static OSSL_OP_digest_final_fn nullmd_final; -static OSSL_OP_digest_newctx_fn nullmd_newctx; -static OSSL_OP_digest_freectx_fn nullmd_freectx; -static OSSL_OP_digest_dupctx_fn nullmd_dupctx; -static OSSL_OP_digest_size_fn nullmd_size; -static OSSL_OP_digest_block_size_fn nullmd_block_size; - -static size_t nullmd_block_size(void) -{ - return 0; -} - -static size_t nullmd_size(void) -{ - return 0; -} - -static int nullmd_init(void *vctx) -{ - return 1; -} - -static int nullmd_update(void *vctx, const unsigned char *inp, size_t bytes) -{ - return 1; -} - -static int nullmd_final(void *ctx, unsigned char *out, size_t *outl, size_t outsz) -{ - *outl = 0; - return 1; -} - -static void *nullmd_newctx(void *prov_ctx) -{ - return &nullmd_dummy; -} - -static void nullmd_freectx(void *vctx) -{ -} - -static void *nullmd_dupctx(void *ctx) -{ - return &nullmd_dummy; -} - -const OSSL_DISPATCH nullmd_functions[] = { - { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))nullmd_newctx }, - { OSSL_FUNC_DIGEST_INIT, (void (*)(void))nullmd_init }, - { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))nullmd_update }, - { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))nullmd_final }, - { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))nullmd_freectx }, - { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))nullmd_dupctx }, - { OSSL_FUNC_DIGEST_SIZE, (void (*)(void))nullmd_size }, - { OSSL_FUNC_DIGEST_BLOCK_SIZE, (void (*)(void))nullmd_block_size }, - { 0, NULL } -}; diff --git a/providers/default/digests/null_prov.c b/providers/default/digests/null_prov.c new file mode 100644 index 0000000000..d7644f4cbf --- /dev/null +++ b/providers/default/digests/null_prov.c @@ -0,0 +1,75 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include "internal/provider_algs.h" + +static int nullmd_dummy = 1; + +static OSSL_OP_digest_init_fn nullmd_init; +static OSSL_OP_digest_update_fn nullmd_update; +static OSSL_OP_digest_final_fn nullmd_final; +static OSSL_OP_digest_newctx_fn nullmd_newctx; +static OSSL_OP_digest_freectx_fn nullmd_freectx; +static OSSL_OP_digest_dupctx_fn nullmd_dupctx; +static OSSL_OP_digest_size_fn nullmd_size; +static OSSL_OP_digest_block_size_fn nullmd_block_size; + +static size_t nullmd_block_size(void) +{ + return 0; +} + +static size_t nullmd_size(void) +{ + return 0; +} + +static int nullmd_init(void *vctx) +{ + return 1; +} + +static int nullmd_update(void *vctx, const unsigned char *inp, size_t bytes) +{ + return 1; +} + +static int nullmd_final(void *ctx, unsigned char *out, size_t *outl, size_t outsz) +{ + *outl = 0; + return 1; +} + +static void *nullmd_newctx(void *prov_ctx) +{ + return &nullmd_dummy; +} + +static void nullmd_freectx(void *vctx) +{ +} + +static void *nullmd_dupctx(void *ctx) +{ + return &nullmd_dummy; +} + +const OSSL_DISPATCH nullmd_functions[] = { + { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))nullmd_newctx }, + { OSSL_FUNC_DIGEST_INIT, (void (*)(void))nullmd_init }, + { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))nullmd_update }, + { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))nullmd_final }, + { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))nullmd_freectx }, + { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))nullmd_dupctx }, + { OSSL_FUNC_DIGEST_SIZE, (void (*)(void))nullmd_size }, + { OSSL_FUNC_DIGEST_BLOCK_SIZE, (void (*)(void))nullmd_block_size }, + { 0, NULL } +}; diff --git a/providers/default/digests/sm3.c b/providers/default/digests/sm3.c deleted file mode 100644 index bd039a8863..0000000000 --- a/providers/default/digests/sm3.c +++ /dev/null @@ -1,17 +0,0 @@ -/* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/sm3.h" -#include "internal/core_mkdigest.h" -#include "internal/provider_algs.h" - -OSSL_FUNC_DIGEST_CONSTRUCT(sm3, SM3_CTX, - SM3_CBLOCK, SM3_DIGEST_LENGTH, - sm3_init, sm3_update, sm3_final) diff --git a/providers/default/digests/sm3_prov.c b/providers/default/digests/sm3_prov.c new file mode 100644 index 0000000000..bd039a8863 --- /dev/null +++ b/providers/default/digests/sm3_prov.c @@ -0,0 +1,17 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/sm3.h" +#include "internal/core_mkdigest.h" +#include "internal/provider_algs.h" + +OSSL_FUNC_DIGEST_CONSTRUCT(sm3, SM3_CTX, + SM3_CBLOCK, SM3_DIGEST_LENGTH, + sm3_init, sm3_update, sm3_final) diff --git a/providers/legacy/digests/build.info b/providers/legacy/digests/build.info index 239efd2114..538afd4c07 100644 --- a/providers/legacy/digests/build.info +++ b/providers/legacy/digests/build.info @@ -1,24 +1,24 @@ IF[{- !$disabled{md2} -}] SOURCE[../../legacy]=\ - md2.c + md2_prov.c ENDIF IF[{- !$disabled{md4} -}] SOURCE[../../legacy]=\ - md4.c + md4_prov.c ENDIF IF[{- !$disabled{mdc2} -}] SOURCE[../../legacy]=\ - mdc2.c + mdc2_prov.c ENDIF IF[{- !$disabled{whirlpool} -}] SOURCE[../../legacy]=\ - wp.c + wp_prov.c ENDIF IF[{- !$disabled{rmd160} -}] SOURCE[../../legacy]=\ - ripemd.c + ripemd_prov.c ENDIF \ No newline at end of file diff --git a/providers/legacy/digests/md2.c b/providers/legacy/digests/md2.c deleted file mode 100644 index edd4b78bbd..0000000000 --- a/providers/legacy/digests/md2.c +++ /dev/null @@ -1,18 +0,0 @@ -/* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include - -#include "internal/core_mkdigest.h" -#include "internal/provider_algs.h" - -OSSL_FUNC_DIGEST_CONSTRUCT(md2, MD2_CTX, - MD2_BLOCK, MD2_DIGEST_LENGTH, - MD2_Init, MD2_Update, MD2_Final) diff --git a/providers/legacy/digests/md2_prov.c b/providers/legacy/digests/md2_prov.c new file mode 100644 index 0000000000..edd4b78bbd --- /dev/null +++ b/providers/legacy/digests/md2_prov.c @@ -0,0 +1,18 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +#include "internal/core_mkdigest.h" +#include "internal/provider_algs.h" + +OSSL_FUNC_DIGEST_CONSTRUCT(md2, MD2_CTX, + MD2_BLOCK, MD2_DIGEST_LENGTH, + MD2_Init, MD2_Update, MD2_Final) diff --git a/providers/legacy/digests/md4.c b/providers/legacy/digests/md4.c deleted file mode 100644 index 86937f7b43..0000000000 --- a/providers/legacy/digests/md4.c +++ /dev/null @@ -1,18 +0,0 @@ -/* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include - -#include "internal/core_mkdigest.h" -#include "internal/provider_algs.h" - -OSSL_FUNC_DIGEST_CONSTRUCT(md4, MD4_CTX, - MD4_CBLOCK, MD4_DIGEST_LENGTH, - MD4_Init, MD4_Update, MD4_Final) diff --git a/providers/legacy/digests/md4_prov.c b/providers/legacy/digests/md4_prov.c new file mode 100644 index 0000000000..86937f7b43 --- /dev/null +++ b/providers/legacy/digests/md4_prov.c @@ -0,0 +1,18 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +#include "internal/core_mkdigest.h" +#include "internal/provider_algs.h" + +OSSL_FUNC_DIGEST_CONSTRUCT(md4, MD4_CTX, + MD4_CBLOCK, MD4_DIGEST_LENGTH, + MD4_Init, MD4_Update, MD4_Final) diff --git a/providers/legacy/digests/mdc2.c b/providers/legacy/digests/mdc2.c deleted file mode 100644 index 75d9398c7d..0000000000 --- a/providers/legacy/digests/mdc2.c +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include - -#include "internal/core_mkdigest.h" -#include "internal/provider_algs.h" - -static OSSL_OP_digest_set_params_fn mdc2_set_params; - -static int mdc2_set_params(void *vctx, const OSSL_PARAM params[]) -{ - const OSSL_PARAM *p; - MDC2_CTX *ctx = (MDC2_CTX *)vctx; - - if (ctx != NULL && params != NULL) { - p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_PAD_TYPE); - if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->pad_type)) - return 0; - return 1; - } - return 0; /* Null Parameter */ -} - -OSSL_FUNC_DIGEST_CONSTRUCT_PARAMS(mdc2, MDC2_CTX, - MDC2_BLOCK, MDC2_DIGEST_LENGTH, - MDC2_Init, MDC2_Update, MDC2_Final, - mdc2_set_params) diff --git a/providers/legacy/digests/mdc2_prov.c b/providers/legacy/digests/mdc2_prov.c new file mode 100644 index 0000000000..75d9398c7d --- /dev/null +++ b/providers/legacy/digests/mdc2_prov.c @@ -0,0 +1,37 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include + +#include "internal/core_mkdigest.h" +#include "internal/provider_algs.h" + +static OSSL_OP_digest_set_params_fn mdc2_set_params; + +static int mdc2_set_params(void *vctx, const OSSL_PARAM params[]) +{ + const OSSL_PARAM *p; + MDC2_CTX *ctx = (MDC2_CTX *)vctx; + + if (ctx != NULL && params != NULL) { + p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_PAD_TYPE); + if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->pad_type)) + return 0; + return 1; + } + return 0; /* Null Parameter */ +} + +OSSL_FUNC_DIGEST_CONSTRUCT_PARAMS(mdc2, MDC2_CTX, + MDC2_BLOCK, MDC2_DIGEST_LENGTH, + MDC2_Init, MDC2_Update, MDC2_Final, + mdc2_set_params) diff --git a/providers/legacy/digests/ripemd.c b/providers/legacy/digests/ripemd.c deleted file mode 100644 index 124351257b..0000000000 --- a/providers/legacy/digests/ripemd.c +++ /dev/null @@ -1,18 +0,0 @@ -/* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include - -#include "internal/core_mkdigest.h" -#include "internal/provider_algs.h" - -OSSL_FUNC_DIGEST_CONSTRUCT(ripemd160, RIPEMD160_CTX, - RIPEMD160_CBLOCK, RIPEMD160_DIGEST_LENGTH, - RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final) diff --git a/providers/legacy/digests/ripemd_prov.c b/providers/legacy/digests/ripemd_prov.c new file mode 100644 index 0000000000..124351257b --- /dev/null +++ b/providers/legacy/digests/ripemd_prov.c @@ -0,0 +1,18 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +#include "internal/core_mkdigest.h" +#include "internal/provider_algs.h" + +OSSL_FUNC_DIGEST_CONSTRUCT(ripemd160, RIPEMD160_CTX, + RIPEMD160_CBLOCK, RIPEMD160_DIGEST_LENGTH, + RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final) diff --git a/providers/legacy/digests/wp.c b/providers/legacy/digests/wp.c deleted file mode 100644 index ece67e0941..0000000000 --- a/providers/legacy/digests/wp.c +++ /dev/null @@ -1,18 +0,0 @@ -/* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include - -#include "internal/core_mkdigest.h" -#include "internal/provider_algs.h" - -OSSL_FUNC_DIGEST_CONSTRUCT(wp, WHIRLPOOL_CTX, - WHIRLPOOL_BBLOCK / 8, WHIRLPOOL_DIGEST_LENGTH, - WHIRLPOOL_Init, WHIRLPOOL_Update, WHIRLPOOL_Final) diff --git a/providers/legacy/digests/wp_prov.c b/providers/legacy/digests/wp_prov.c new file mode 100644 index 0000000000..ece67e0941 --- /dev/null +++ b/providers/legacy/digests/wp_prov.c @@ -0,0 +1,18 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +#include "internal/core_mkdigest.h" +#include "internal/provider_algs.h" + +OSSL_FUNC_DIGEST_CONSTRUCT(wp, WHIRLPOOL_CTX, + WHIRLPOOL_BBLOCK / 8, WHIRLPOOL_DIGEST_LENGTH, + WHIRLPOOL_Init, WHIRLPOOL_Update, WHIRLPOOL_Final)