Move digest code into the relevant providers (fips, default, legacy).
The headers are temporarily moved to be internal, and will be moved
into providers after all external references are resolved. The deprecated
digest code can not be removed until EVP_PKEY (signing) is supported by
providers. EVP_MD data can also not yet be cleaned up for the same reasons.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8763)
+++ /dev/null
-/*
- * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/*
- * Derived from the BLAKE2 reference implementation written by Samuel Neves.
- * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
- * More information about the BLAKE2 hash function and its implementations
- * can be found at https://blake2.net.
- */
-
-#include <string.h>
-
-static ossl_inline uint32_t load32(const uint8_t *src)
-{
- const union {
- long one;
- char little;
- } is_endian = { 1 };
-
- if (is_endian.little) {
- uint32_t w;
- memcpy(&w, src, sizeof(w));
- return w;
- } else {
- uint32_t w = ((uint32_t)src[0])
- | ((uint32_t)src[1] << 8)
- | ((uint32_t)src[2] << 16)
- | ((uint32_t)src[3] << 24);
- return w;
- }
-}
-
-static ossl_inline uint64_t load64(const uint8_t *src)
-{
- const union {
- long one;
- char little;
- } is_endian = { 1 };
-
- if (is_endian.little) {
- uint64_t w;
- memcpy(&w, src, sizeof(w));
- return w;
- } else {
- uint64_t w = ((uint64_t)src[0])
- | ((uint64_t)src[1] << 8)
- | ((uint64_t)src[2] << 16)
- | ((uint64_t)src[3] << 24)
- | ((uint64_t)src[4] << 32)
- | ((uint64_t)src[5] << 40)
- | ((uint64_t)src[6] << 48)
- | ((uint64_t)src[7] << 56);
- return w;
- }
-}
-
-static ossl_inline void store32(uint8_t *dst, uint32_t w)
-{
- const union {
- long one;
- char little;
- } is_endian = { 1 };
-
- if (is_endian.little) {
- memcpy(dst, &w, sizeof(w));
- } else {
- uint8_t *p = (uint8_t *)dst;
- int i;
-
- for (i = 0; i < 4; i++)
- p[i] = (uint8_t)(w >> (8 * i));
- }
-}
-
-static ossl_inline void store64(uint8_t *dst, uint64_t w)
-{
- const union {
- long one;
- char little;
- } is_endian = { 1 };
-
- if (is_endian.little) {
- memcpy(dst, &w, sizeof(w));
- } else {
- uint8_t *p = (uint8_t *)dst;
- int i;
-
- for (i = 0; i < 8; i++)
- p[i] = (uint8_t)(w >> (8 * i));
- }
-}
-
-static ossl_inline uint64_t load48(const uint8_t *src)
-{
- uint64_t w = ((uint64_t)src[0])
- | ((uint64_t)src[1] << 8)
- | ((uint64_t)src[2] << 16)
- | ((uint64_t)src[3] << 24)
- | ((uint64_t)src[4] << 32)
- | ((uint64_t)src[5] << 40);
- return w;
-}
-
-static ossl_inline void store48(uint8_t *dst, uint64_t w)
-{
- uint8_t *p = (uint8_t *)dst;
- p[0] = (uint8_t)w;
- p[1] = (uint8_t)(w>>8);
- p[2] = (uint8_t)(w>>16);
- p[3] = (uint8_t)(w>>24);
- p[4] = (uint8_t)(w>>32);
- p[5] = (uint8_t)(w>>40);
-}
-
-static ossl_inline uint32_t rotr32(const uint32_t w, const unsigned int c)
-{
- return (w >> c) | (w << (32 - c));
-}
-
-static ossl_inline uint64_t rotr64(const uint64_t w, const unsigned int c)
-{
- return (w >> c) | (w << (64 - c));
-}
+++ /dev/null
-/*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/*
- * Derived from the BLAKE2 reference implementation written by Samuel Neves.
- * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
- * More information about the BLAKE2 hash function and its implementations
- * can be found at https://blake2.net.
- */
-
-#include <stddef.h>
-
-#define BLAKE2S_BLOCKBYTES 64
-#define BLAKE2S_OUTBYTES 32
-#define BLAKE2S_KEYBYTES 32
-#define BLAKE2S_SALTBYTES 8
-#define BLAKE2S_PERSONALBYTES 8
-
-#define BLAKE2B_BLOCKBYTES 128
-#define BLAKE2B_OUTBYTES 64
-#define BLAKE2B_KEYBYTES 64
-#define BLAKE2B_SALTBYTES 16
-#define BLAKE2B_PERSONALBYTES 16
-
-struct blake2s_param_st {
- uint8_t digest_length; /* 1 */
- uint8_t key_length; /* 2 */
- uint8_t fanout; /* 3 */
- uint8_t depth; /* 4 */
- uint8_t leaf_length[4];/* 8 */
- uint8_t node_offset[6];/* 14 */
- uint8_t node_depth; /* 15 */
- uint8_t inner_length; /* 16 */
- uint8_t salt[BLAKE2S_SALTBYTES]; /* 24 */
- uint8_t personal[BLAKE2S_PERSONALBYTES]; /* 32 */
-};
-
-typedef struct blake2s_param_st BLAKE2S_PARAM;
-
-struct blake2s_ctx_st {
- uint32_t h[8];
- uint32_t t[2];
- uint32_t f[2];
- uint8_t buf[BLAKE2S_BLOCKBYTES];
- size_t buflen;
- size_t outlen;
-};
-
-struct blake2b_param_st {
- uint8_t digest_length; /* 1 */
- uint8_t key_length; /* 2 */
- uint8_t fanout; /* 3 */
- uint8_t depth; /* 4 */
- uint8_t leaf_length[4];/* 8 */
- uint8_t node_offset[8];/* 16 */
- uint8_t node_depth; /* 17 */
- uint8_t inner_length; /* 18 */
- uint8_t reserved[14]; /* 32 */
- uint8_t salt[BLAKE2B_SALTBYTES]; /* 48 */
- uint8_t personal[BLAKE2B_PERSONALBYTES]; /* 64 */
-};
-
-typedef struct blake2b_param_st BLAKE2B_PARAM;
-
-struct blake2b_ctx_st {
- uint64_t h[8];
- uint64_t t[2];
- uint64_t f[2];
- uint8_t buf[BLAKE2B_BLOCKBYTES];
- size_t buflen;
- size_t outlen;
-};
-
-#define BLAKE2B_DIGEST_LENGTH 64
-#define BLAKE2S_DIGEST_LENGTH 32
-
-typedef struct blake2s_ctx_st BLAKE2S_CTX;
-typedef struct blake2b_ctx_st BLAKE2B_CTX;
-
-int BLAKE2b_Init(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P);
-int BLAKE2b_Init_key(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P, const void *key);
-int BLAKE2b_Update(BLAKE2B_CTX *c, const void *data, size_t datalen);
-int BLAKE2b_Final(unsigned char *md, BLAKE2B_CTX *c);
-
-/*
- * These setters are internal and do not check the validity of their parameters.
- * See blake2b_mac_ctrl for validation logic.
- */
-
-void blake2b_param_init(BLAKE2B_PARAM *P);
-void blake2b_param_set_digest_length(BLAKE2B_PARAM *P, uint8_t outlen);
-void blake2b_param_set_key_length(BLAKE2B_PARAM *P, uint8_t keylen);
-void blake2b_param_set_personal(BLAKE2B_PARAM *P, const uint8_t *personal, size_t length);
-void blake2b_param_set_salt(BLAKE2B_PARAM *P, const uint8_t *salt, size_t length);
-
-int BLAKE2s_Init(BLAKE2S_CTX *c, const BLAKE2S_PARAM *P);
-int BLAKE2s_Init_key(BLAKE2S_CTX *c, const BLAKE2S_PARAM *P, const void *key);
-int BLAKE2s_Update(BLAKE2S_CTX *c, const void *data, size_t datalen);
-int BLAKE2s_Final(unsigned char *md, BLAKE2S_CTX *c);
-
-void blake2s_param_init(BLAKE2S_PARAM *P);
-void blake2s_param_set_digest_length(BLAKE2S_PARAM *P, uint8_t outlen);
-void blake2s_param_set_key_length(BLAKE2S_PARAM *P, uint8_t keylen);
-void blake2s_param_set_personal(BLAKE2S_PARAM *P, const uint8_t *personal, size_t length);
-void blake2s_param_set_salt(BLAKE2S_PARAM *P, const uint8_t *salt, size_t length);
+++ /dev/null
-/*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/*
- * Derived from the BLAKE2 reference implementation written by Samuel Neves.
- * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
- * More information about the BLAKE2 hash function and its implementations
- * can be found at https://blake2.net.
- */
-
-#include <assert.h>
-#include <string.h>
-#include <openssl/crypto.h>
-
-#include "blake2_locl.h"
-#include "blake2_impl.h"
-
-static const uint64_t blake2b_IV[8] =
-{
- 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL,
- 0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL,
- 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL,
- 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL
-};
-
-static const uint8_t blake2b_sigma[12][16] =
-{
- { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } ,
- { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } ,
- { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 } ,
- { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 } ,
- { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 } ,
- { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 } ,
- { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 } ,
- { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 } ,
- { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 } ,
- { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 } ,
- { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } ,
- { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 }
-};
-
-/* Set that it's the last block we'll compress */
-static ossl_inline void blake2b_set_lastblock(BLAKE2B_CTX *S)
-{
- S->f[0] = -1;
-}
-
-/* Initialize the hashing state. */
-static ossl_inline void blake2b_init0(BLAKE2B_CTX *S)
-{
- int i;
-
- memset(S, 0, sizeof(BLAKE2B_CTX));
- for (i = 0; i < 8; ++i) {
- S->h[i] = blake2b_IV[i];
- }
-}
-
-/* init xors IV with input parameter block and sets the output length */
-static void blake2b_init_param(BLAKE2B_CTX *S, const BLAKE2B_PARAM *P)
-{
- size_t i;
- const uint8_t *p = (const uint8_t *)(P);
-
- blake2b_init0(S);
- S->outlen = P->digest_length;
-
- /* The param struct is carefully hand packed, and should be 64 bytes on
- * every platform. */
- assert(sizeof(BLAKE2B_PARAM) == 64);
- /* IV XOR ParamBlock */
- for (i = 0; i < 8; ++i) {
- S->h[i] ^= load64(p + sizeof(S->h[i]) * i);
- }
-}
-
-/* Initialize the parameter block with default values */
-void blake2b_param_init(BLAKE2B_PARAM *P)
-{
- P->digest_length = BLAKE2B_DIGEST_LENGTH;
- P->key_length = 0;
- P->fanout = 1;
- P->depth = 1;
- store32(P->leaf_length, 0);
- store64(P->node_offset, 0);
- P->node_depth = 0;
- P->inner_length = 0;
- memset(P->reserved, 0, sizeof(P->reserved));
- memset(P->salt, 0, sizeof(P->salt));
- memset(P->personal, 0, sizeof(P->personal));
-}
-
-void blake2b_param_set_digest_length(BLAKE2B_PARAM *P, uint8_t outlen)
-{
- P->digest_length = outlen;
-}
-
-void blake2b_param_set_key_length(BLAKE2B_PARAM *P, uint8_t keylen)
-{
- P->key_length = keylen;
-}
-
-void blake2b_param_set_personal(BLAKE2B_PARAM *P, const uint8_t *personal, size_t len)
-{
- memcpy(P->personal, personal, len);
- memset(P->personal + len, 0, BLAKE2B_PERSONALBYTES - len);
-}
-
-void blake2b_param_set_salt(BLAKE2B_PARAM *P, const uint8_t *salt, size_t len)
-{
- memcpy(P->salt, salt, len);
- memset(P->salt + len, 0, BLAKE2B_SALTBYTES - len);
-}
-
-/*
- * Initialize the hashing context with the given parameter block.
- * Always returns 1.
- */
-int BLAKE2b_Init(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P)
-{
- blake2b_init_param(c, P);
- return 1;
-}
-
-/*
- * Initialize the hashing context with the given parameter block and key.
- * Always returns 1.
- */
-int BLAKE2b_Init_key(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P, const void *key)
-{
- blake2b_init_param(c, P);
-
- /* Pad the key to form first data block */
- {
- uint8_t block[BLAKE2B_BLOCKBYTES] = {0};
-
- memcpy(block, key, P->key_length);
- BLAKE2b_Update(c, block, BLAKE2B_BLOCKBYTES);
- OPENSSL_cleanse(block, BLAKE2B_BLOCKBYTES);
- }
-
- return 1;
-}
-
-/* Permute the state while xoring in the block of data. */
-static void blake2b_compress(BLAKE2B_CTX *S,
- const uint8_t *blocks,
- size_t len)
-{
- uint64_t m[16];
- uint64_t v[16];
- int i;
- size_t increment;
-
- /*
- * There are two distinct usage vectors for this function:
- *
- * a) BLAKE2b_Update uses it to process complete blocks,
- * possibly more than one at a time;
- *
- * b) BLAK2b_Final uses it to process last block, always
- * single but possibly incomplete, in which case caller
- * pads input with zeros.
- */
- assert(len < BLAKE2B_BLOCKBYTES || len % BLAKE2B_BLOCKBYTES == 0);
-
- /*
- * Since last block is always processed with separate call,
- * |len| not being multiple of complete blocks can be observed
- * only with |len| being less than BLAKE2B_BLOCKBYTES ("less"
- * including even zero), which is why following assignment doesn't
- * have to reside inside the main loop below.
- */
- increment = len < BLAKE2B_BLOCKBYTES ? len : BLAKE2B_BLOCKBYTES;
-
- for (i = 0; i < 8; ++i) {
- v[i] = S->h[i];
- }
-
- do {
- for (i = 0; i < 16; ++i) {
- m[i] = load64(blocks + i * sizeof(m[i]));
- }
-
- /* blake2b_increment_counter */
- S->t[0] += increment;
- S->t[1] += (S->t[0] < increment);
-
- v[8] = blake2b_IV[0];
- v[9] = blake2b_IV[1];
- v[10] = blake2b_IV[2];
- v[11] = blake2b_IV[3];
- v[12] = S->t[0] ^ blake2b_IV[4];
- v[13] = S->t[1] ^ blake2b_IV[5];
- v[14] = S->f[0] ^ blake2b_IV[6];
- v[15] = S->f[1] ^ blake2b_IV[7];
-#define G(r,i,a,b,c,d) \
- do { \
- a = a + b + m[blake2b_sigma[r][2*i+0]]; \
- d = rotr64(d ^ a, 32); \
- c = c + d; \
- b = rotr64(b ^ c, 24); \
- a = a + b + m[blake2b_sigma[r][2*i+1]]; \
- d = rotr64(d ^ a, 16); \
- c = c + d; \
- b = rotr64(b ^ c, 63); \
- } while (0)
-#define ROUND(r) \
- do { \
- G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \
- G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \
- G(r,2,v[ 2],v[ 6],v[10],v[14]); \
- G(r,3,v[ 3],v[ 7],v[11],v[15]); \
- G(r,4,v[ 0],v[ 5],v[10],v[15]); \
- G(r,5,v[ 1],v[ 6],v[11],v[12]); \
- G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \
- G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \
- } while (0)
-#if defined(OPENSSL_SMALL_FOOTPRINT)
- /* 3x size reduction on x86_64, almost 7x on ARMv8, 9x on ARMv4 */
- for (i = 0; i < 12; i++) {
- ROUND(i);
- }
-#else
- ROUND(0);
- ROUND(1);
- ROUND(2);
- ROUND(3);
- ROUND(4);
- ROUND(5);
- ROUND(6);
- ROUND(7);
- ROUND(8);
- ROUND(9);
- ROUND(10);
- ROUND(11);
-#endif
-
- for (i = 0; i < 8; ++i) {
- S->h[i] = v[i] ^= v[i + 8] ^ S->h[i];
- }
-#undef G
-#undef ROUND
- blocks += increment;
- len -= increment;
- } while (len);
-}
-
-/* Absorb the input data into the hash state. Always returns 1. */
-int BLAKE2b_Update(BLAKE2B_CTX *c, const void *data, size_t datalen)
-{
- const uint8_t *in = data;
- size_t fill;
-
- /*
- * Intuitively one would expect intermediate buffer, c->buf, to
- * store incomplete blocks. But in this case we are interested to
- * temporarily stash even complete blocks, because last one in the
- * stream has to be treated in special way, and at this point we
- * don't know if last block in *this* call is last one "ever". This
- * is the reason for why |datalen| is compared as >, and not >=.
- */
- fill = sizeof(c->buf) - c->buflen;
- if (datalen > fill) {
- if (c->buflen) {
- memcpy(c->buf + c->buflen, in, fill); /* Fill buffer */
- blake2b_compress(c, c->buf, BLAKE2B_BLOCKBYTES);
- c->buflen = 0;
- in += fill;
- datalen -= fill;
- }
- if (datalen > BLAKE2B_BLOCKBYTES) {
- size_t stashlen = datalen % BLAKE2B_BLOCKBYTES;
- /*
- * If |datalen| is a multiple of the blocksize, stash
- * last complete block, it can be final one...
- */
- stashlen = stashlen ? stashlen : BLAKE2B_BLOCKBYTES;
- datalen -= stashlen;
- blake2b_compress(c, in, datalen);
- in += datalen;
- datalen = stashlen;
- }
- }
-
- assert(datalen <= BLAKE2B_BLOCKBYTES);
-
- memcpy(c->buf + c->buflen, in, datalen);
- c->buflen += datalen; /* Be lazy, do not compress */
-
- return 1;
-}
-
-/*
- * Calculate the final hash and save it in md.
- * Always returns 1.
- */
-int BLAKE2b_Final(unsigned char *md, BLAKE2B_CTX *c)
-{
- uint8_t outbuffer[BLAKE2B_OUTBYTES] = {0};
- uint8_t *target = outbuffer;
- int iter = (c->outlen + 7) / 8;
- int i;
-
- /* Avoid writing to the temporary buffer if possible */
- if ((c->outlen % sizeof(c->h[0])) == 0)
- target = md;
-
- blake2b_set_lastblock(c);
- /* Padding */
- memset(c->buf + c->buflen, 0, sizeof(c->buf) - c->buflen);
- blake2b_compress(c, c->buf, c->buflen);
-
- /* Output full hash to buffer */
- for (i = 0; i < iter; ++i)
- store64(target + sizeof(c->h[i]) * i, c->h[i]);
-
- if (target != md)
- memcpy(md, target, c->outlen);
-
- OPENSSL_cleanse(c, sizeof(BLAKE2B_CTX));
- return 1;
-}
#ifndef OPENSSL_NO_BLAKE2
# include <openssl/evp.h>
-# include "blake2_locl.h"
+# include "internal/blake2.h"
# include "internal/cryptlib.h"
# include "internal/evp_int.h"
EVP_MAC_IMPL *macctx = OPENSSL_zalloc(sizeof(*macctx));
if (macctx != NULL) {
blake2b_param_init(&macctx->params);
- /* ctx initialization is deferred to BLAKE2b_Init() */
+ /* ctx initialization is deferred to blake2b_init() */
}
return macctx;
}
return 0;
}
- return BLAKE2b_Init_key(&macctx->ctx, &macctx->params, macctx->key);
+ return blake2b_init_key(&macctx->ctx, &macctx->params, macctx->key);
}
static int blake2b_mac_update(EVP_MAC_IMPL *macctx, const unsigned char *data,
size_t datalen)
{
- return BLAKE2b_Update(&macctx->ctx, data, datalen);
+ return blake2b_update(&macctx->ctx, data, datalen);
}
static int blake2b_mac_final(EVP_MAC_IMPL *macctx, unsigned char *out)
{
- return BLAKE2b_Final(out, &macctx->ctx);
+ return blake2b_final(out, &macctx->ctx);
}
/*
+++ /dev/null
-/*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/*
- * Derived from the BLAKE2 reference implementation written by Samuel Neves.
- * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
- * More information about the BLAKE2 hash function and its implementations
- * can be found at https://blake2.net.
- */
-
-#include <assert.h>
-#include <string.h>
-#include <openssl/crypto.h>
-
-#include "blake2_locl.h"
-#include "blake2_impl.h"
-
-static const uint32_t blake2s_IV[8] =
-{
- 0x6A09E667U, 0xBB67AE85U, 0x3C6EF372U, 0xA54FF53AU,
- 0x510E527FU, 0x9B05688CU, 0x1F83D9ABU, 0x5BE0CD19U
-};
-
-static const uint8_t blake2s_sigma[10][16] =
-{
- { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } ,
- { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } ,
- { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 } ,
- { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 } ,
- { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 } ,
- { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 } ,
- { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 } ,
- { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 } ,
- { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 } ,
- { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 } ,
-};
-
-/* Set that it's the last block we'll compress */
-static ossl_inline void blake2s_set_lastblock(BLAKE2S_CTX *S)
-{
- S->f[0] = -1;
-}
-
-/* Initialize the hashing state. */
-static ossl_inline void blake2s_init0(BLAKE2S_CTX *S)
-{
- int i;
-
- memset(S, 0, sizeof(BLAKE2S_CTX));
- for (i = 0; i < 8; ++i) {
- S->h[i] = blake2s_IV[i];
- }
-}
-
-/* init xors IV with input parameter block and sets the output length */
-static void blake2s_init_param(BLAKE2S_CTX *S, const BLAKE2S_PARAM *P)
-{
- size_t i;
- const uint8_t *p = (const uint8_t *)(P);
-
- blake2s_init0(S);
- S->outlen = P->digest_length;
-
- /* The param struct is carefully hand packed, and should be 32 bytes on
- * every platform. */
- assert(sizeof(BLAKE2S_PARAM) == 32);
- /* IV XOR ParamBlock */
- for (i = 0; i < 8; ++i) {
- S->h[i] ^= load32(&p[i*4]);
- }
-}
-
-void blake2s_param_init(BLAKE2S_PARAM *P)
-{
- P->digest_length = BLAKE2S_DIGEST_LENGTH;
- P->key_length = 0;
- P->fanout = 1;
- P->depth = 1;
- store32(P->leaf_length, 0);
- store48(P->node_offset, 0);
- P->node_depth = 0;
- P->inner_length = 0;
- memset(P->salt, 0, sizeof(P->salt));
- memset(P->personal, 0, sizeof(P->personal));
-}
-
-void blake2s_param_set_digest_length(BLAKE2S_PARAM *P, uint8_t outlen)
-{
- P->digest_length = outlen;
-}
-
-void blake2s_param_set_key_length(BLAKE2S_PARAM *P, uint8_t keylen)
-{
- P->key_length = keylen;
-}
-
-void blake2s_param_set_personal(BLAKE2S_PARAM *P, const uint8_t *personal, size_t len)
-{
- memcpy(P->personal, personal, len);
- memset(P->personal + len, 0, BLAKE2S_PERSONALBYTES - len);
-}
-
-void blake2s_param_set_salt(BLAKE2S_PARAM *P, const uint8_t *salt, size_t len)
-{
- memcpy(P->salt, salt, len);
- memset(P->salt + len, 0, BLAKE2S_SALTBYTES - len);}
-
-/*
- * Initialize the hashing context with the given parameter block.
- * Always returns 1.
- */
-int BLAKE2s_Init(BLAKE2S_CTX *c, const BLAKE2S_PARAM *P)
-{
- blake2s_init_param(c, P);
- return 1;
-}
-
-/*
- * Initialize the hashing context with the given parameter block and key.
- * Always returns 1.
- */
-int BLAKE2s_Init_key(BLAKE2S_CTX *c, const BLAKE2S_PARAM *P, const void *key)
-{
- blake2s_init_param(c, P);
-
- /* Pad the key to form first data block */
- {
- uint8_t block[BLAKE2S_BLOCKBYTES] = {0};
-
- memcpy(block, key, P->key_length);
- BLAKE2s_Update(c, block, BLAKE2S_BLOCKBYTES);
- OPENSSL_cleanse(block, BLAKE2S_BLOCKBYTES);
- }
-
- return 1;
-}
-
-/* Permute the state while xoring in the block of data. */
-static void blake2s_compress(BLAKE2S_CTX *S,
- const uint8_t *blocks,
- size_t len)
-{
- uint32_t m[16];
- uint32_t v[16];
- size_t i;
- size_t increment;
-
- /*
- * There are two distinct usage vectors for this function:
- *
- * a) BLAKE2s_Update uses it to process complete blocks,
- * possibly more than one at a time;
- *
- * b) BLAK2s_Final uses it to process last block, always
- * single but possibly incomplete, in which case caller
- * pads input with zeros.
- */
- assert(len < BLAKE2S_BLOCKBYTES || len % BLAKE2S_BLOCKBYTES == 0);
-
- /*
- * Since last block is always processed with separate call,
- * |len| not being multiple of complete blocks can be observed
- * only with |len| being less than BLAKE2S_BLOCKBYTES ("less"
- * including even zero), which is why following assignment doesn't
- * have to reside inside the main loop below.
- */
- increment = len < BLAKE2S_BLOCKBYTES ? len : BLAKE2S_BLOCKBYTES;
-
- for (i = 0; i < 8; ++i) {
- v[i] = S->h[i];
- }
-
- do {
- for (i = 0; i < 16; ++i) {
- m[i] = load32(blocks + i * sizeof(m[i]));
- }
-
- /* blake2s_increment_counter */
- S->t[0] += increment;
- S->t[1] += (S->t[0] < increment);
-
- v[ 8] = blake2s_IV[0];
- v[ 9] = blake2s_IV[1];
- v[10] = blake2s_IV[2];
- v[11] = blake2s_IV[3];
- v[12] = S->t[0] ^ blake2s_IV[4];
- v[13] = S->t[1] ^ blake2s_IV[5];
- v[14] = S->f[0] ^ blake2s_IV[6];
- v[15] = S->f[1] ^ blake2s_IV[7];
-#define G(r,i,a,b,c,d) \
- do { \
- a = a + b + m[blake2s_sigma[r][2*i+0]]; \
- d = rotr32(d ^ a, 16); \
- c = c + d; \
- b = rotr32(b ^ c, 12); \
- a = a + b + m[blake2s_sigma[r][2*i+1]]; \
- d = rotr32(d ^ a, 8); \
- c = c + d; \
- b = rotr32(b ^ c, 7); \
- } while (0)
-#define ROUND(r) \
- do { \
- G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \
- G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \
- G(r,2,v[ 2],v[ 6],v[10],v[14]); \
- G(r,3,v[ 3],v[ 7],v[11],v[15]); \
- G(r,4,v[ 0],v[ 5],v[10],v[15]); \
- G(r,5,v[ 1],v[ 6],v[11],v[12]); \
- G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \
- G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \
- } while (0)
-#if defined(OPENSSL_SMALL_FOOTPRINT)
- /* almost 3x reduction on x86_64, 4.5x on ARMv8, 4x on ARMv4 */
- for (i = 0; i < 10; i++) {
- ROUND(i);
- }
-#else
- ROUND(0);
- ROUND(1);
- ROUND(2);
- ROUND(3);
- ROUND(4);
- ROUND(5);
- ROUND(6);
- ROUND(7);
- ROUND(8);
- ROUND(9);
-#endif
-
- for (i = 0; i < 8; ++i) {
- S->h[i] = v[i] ^= v[i + 8] ^ S->h[i];
- }
-#undef G
-#undef ROUND
- blocks += increment;
- len -= increment;
- } while (len);
-}
-
-/* Absorb the input data into the hash state. Always returns 1. */
-int BLAKE2s_Update(BLAKE2S_CTX *c, const void *data, size_t datalen)
-{
- const uint8_t *in = data;
- size_t fill;
-
- /*
- * Intuitively one would expect intermediate buffer, c->buf, to
- * store incomplete blocks. But in this case we are interested to
- * temporarily stash even complete blocks, because last one in the
- * stream has to be treated in special way, and at this point we
- * don't know if last block in *this* call is last one "ever". This
- * is the reason for why |datalen| is compared as >, and not >=.
- */
- fill = sizeof(c->buf) - c->buflen;
- if (datalen > fill) {
- if (c->buflen) {
- memcpy(c->buf + c->buflen, in, fill); /* Fill buffer */
- blake2s_compress(c, c->buf, BLAKE2S_BLOCKBYTES);
- c->buflen = 0;
- in += fill;
- datalen -= fill;
- }
- if (datalen > BLAKE2S_BLOCKBYTES) {
- size_t stashlen = datalen % BLAKE2S_BLOCKBYTES;
- /*
- * If |datalen| is a multiple of the blocksize, stash
- * last complete block, it can be final one...
- */
- stashlen = stashlen ? stashlen : BLAKE2S_BLOCKBYTES;
- datalen -= stashlen;
- blake2s_compress(c, in, datalen);
- in += datalen;
- datalen = stashlen;
- }
- }
-
- assert(datalen <= BLAKE2S_BLOCKBYTES);
-
- memcpy(c->buf + c->buflen, in, datalen);
- c->buflen += datalen; /* Be lazy, do not compress */
-
- return 1;
-}
-
-/*
- * Calculate the final hash and save it in md.
- * Always returns 1.
- */
-int BLAKE2s_Final(unsigned char *md, BLAKE2S_CTX *c)
-{
- uint8_t outbuffer[BLAKE2S_OUTBYTES] = {0};
- uint8_t *target = outbuffer;
- int iter = (c->outlen + 3) / 4;
- int i;
-
- /* Avoid writing to the temporary buffer if possible */
- if ((c->outlen % sizeof(c->h[0])) == 0)
- target = md;
-
- blake2s_set_lastblock(c);
- /* Padding */
- memset(c->buf + c->buflen, 0, sizeof(c->buf) - c->buflen);
- blake2s_compress(c, c->buf, c->buflen);
-
- /* Output full hash to buffer */
- for (i = 0; i < iter; ++i)
- store32(target + sizeof(c->h[i]) * i, c->h[i]);
-
- if (target != md)
- memcpy(md, target, c->outlen);
-
- OPENSSL_cleanse(c, sizeof(BLAKE2S_CTX));
- return 1;
-}
#ifndef OPENSSL_NO_BLAKE2
# include <openssl/evp.h>
-# include "blake2_locl.h"
+# include "internal/blake2.h"
# include "internal/cryptlib.h"
# include "internal/evp_int.h"
return 0;
}
- return BLAKE2s_Init_key(&macctx->ctx, &macctx->params, macctx->key);
+ return blake2s_init_key(&macctx->ctx, &macctx->params, macctx->key);
}
static int blake2s_mac_update(EVP_MAC_IMPL *macctx, const unsigned char *data,
size_t datalen)
{
- return BLAKE2s_Update(&macctx->ctx, data, datalen);
+ return blake2s_update(&macctx->ctx, data, datalen);
}
static int blake2s_mac_final(EVP_MAC_IMPL *macctx, unsigned char *out)
{
- return BLAKE2s_Final(out, &macctx->ctx);
+ return blake2s_final(out, &macctx->ctx);
}
/*
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
- blake2b.c blake2s.c blake2b_mac.c blake2s_mac.c m_blake2b.c m_blake2s.c
+ blake2b_mac.c blake2s_mac.c m_blake2b.c m_blake2s.c
/*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* https://www.openssl.org/source/license.html
*/
-/*
- * Derived from the BLAKE2 reference implementation written by Samuel Neves.
- * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
- * More information about the BLAKE2 hash function and its implementations
- * can be found at https://blake2.net.
- */
-
-#include "internal/cryptlib.h"
-
#ifndef OPENSSL_NO_BLAKE2
-# include <openssl/evp.h>
-# include <openssl/objects.h>
-# include "blake2_locl.h"
+# include <stddef.h>
+# include <openssl/obj_mac.h>
# include "internal/evp_int.h"
+# include "internal/blake2.h"
static int init(EVP_MD_CTX *ctx)
{
- BLAKE2B_PARAM P;
- blake2b_param_init(&P);
- return BLAKE2b_Init(EVP_MD_CTX_md_data(ctx), &P);
+ return blake2b512_init(EVP_MD_CTX_md_data(ctx));
}
static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
{
- return BLAKE2b_Update(EVP_MD_CTX_md_data(ctx), data, count);
+ return blake2b_update(EVP_MD_CTX_md_data(ctx), data, count);
}
static int final(EVP_MD_CTX *ctx, unsigned char *md)
{
- return BLAKE2b_Final(md, EVP_MD_CTX_md_data(ctx));
+ return blake2b_final(md, EVP_MD_CTX_md_data(ctx));
}
static const EVP_MD blake2b_md = {
{
return &blake2b_md;
}
-#endif
+#endif /* OPENSSL_NO_BLAKE2 */
/*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* https://www.openssl.org/source/license.html
*/
-/*
- * Derived from the BLAKE2 reference implementation written by Samuel Neves.
- * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
- * More information about the BLAKE2 hash function and its implementations
- * can be found at https://blake2.net.
- */
-
-#include "internal/cryptlib.h"
-
#ifndef OPENSSL_NO_BLAKE2
-# include <openssl/evp.h>
-# include <openssl/objects.h>
-# include "blake2_locl.h"
+# include <stddef.h>
+# include <openssl/obj_mac.h>
# include "internal/evp_int.h"
+# include "internal/blake2.h"
static int init(EVP_MD_CTX *ctx)
{
- BLAKE2S_PARAM P;
- blake2s_param_init(&P);
- return BLAKE2s_Init(EVP_MD_CTX_md_data(ctx), &P);
+ return blake2s256_init(EVP_MD_CTX_md_data(ctx));
}
static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
{
- return BLAKE2s_Update(EVP_MD_CTX_md_data(ctx), data, count);
+ return blake2s_update(EVP_MD_CTX_md_data(ctx), data, count);
}
static int final(EVP_MD_CTX *ctx, unsigned char *md)
{
- return BLAKE2s_Final(md, EVP_MD_CTX_md_data(ctx));
+ return blake2s_final(md, EVP_MD_CTX_md_data(ctx));
}
static const EVP_MD blake2s_md = {
{
return &blake2s_md;
}
-#endif
+#endif /* OPENSSL_NO_BLAKE2 */
const OSSL_ALGORITHM *map =
ossl_provider_query_operation(provider, data->operation_id, &no_store);
+ if (map == NULL)
+ return 0;
+
while (map->algorithm_name != NULL) {
const OSSL_ALGORITHM *thismap = map++;
void *method = NULL;
/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
*/
#include <stdio.h>
-#include "internal/cryptlib.h"
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/engine.h>
+#include <openssl/params.h>
+#include <openssl/core_names.h>
+#include "internal/cryptlib.h"
#include "internal/evp_int.h"
#include "internal/provider.h"
#include "evp_locl.h"
goto legacy;
}
- if (type->prov == NULL) {
- switch(type->type) {
- case NID_sha256:
- case NID_md2:
- break;
- default:
- goto legacy;
- }
- }
-
if (ctx->digest != NULL && ctx->digest->ctx_size > 0) {
OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
ctx->md_data = NULL;
#endif
}
+ if (ctx->provctx != NULL && ctx->digest != NULL && ctx->digest != type) {
+ if (ctx->digest->freectx != NULL)
+ ctx->digest->freectx(ctx->provctx);
+ ctx->provctx = NULL;
+ }
ctx->digest = type;
if (ctx->provctx == NULL) {
ctx->provctx = ctx->digest->newctx(ossl_provider_ctx(type->prov));
}
EVP_MD_CTX_reset(ctx);
-
return ret;
/* TODO(3.0): Remove legacy code below */
int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t size)
{
int ret = 0;
+ OSSL_PARAM params[2];
+ size_t i = 0;
+
+ if (ctx->digest == NULL || ctx->digest->prov == NULL)
+ goto legacy;
+ if (ctx->digest->dfinal == NULL) {
+ EVPerr(EVP_F_EVP_DIGESTFINALXOF, EVP_R_FINAL_ERROR);
+ return 0;
+ }
+
+ params[i++] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN,
+ &size, NULL);
+ params[i++] = OSSL_PARAM_construct_end();
+
+ if (EVP_MD_CTX_set_params(ctx, params) > 0)
+ ret = ctx->digest->dfinal(ctx->provctx, md, &size, size);
+ EVP_MD_CTX_reset(ctx);
+ return ret;
+
+legacy:
if (ctx->digest->flags & EVP_MD_FLAG_XOF
&& size <= INT_MAX
&& ctx->digest->md_ctrl(ctx, EVP_MD_CTRL_XOF_LEN, (int)size, NULL)) {
ret = ctx->digest->final(ctx, md);
-
if (ctx->digest->cleanup != NULL) {
ctx->digest->cleanup(ctx);
EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
return ret;
}
+int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[])
+{
+ if (ctx->digest != NULL && ctx->digest->set_params != NULL)
+ return ctx->digest->set_params(ctx->provctx, params);
+ return 0;
+}
+
+int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[])
+{
+ if (ctx->digest != NULL && ctx->digest->get_params != NULL)
+ return ctx->digest->get_params(ctx->provctx, params);
+ return 0;
+}
+
+#if !OPENSSL_API_3
int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)
{
- if (ctx->digest && ctx->digest->md_ctrl) {
- int ret = ctx->digest->md_ctrl(ctx, cmd, p1, p2);
- if (ret <= 0)
- return 0;
- return 1;
+ if (ctx->digest != NULL) {
+ OSSL_PARAM params[2];
+ size_t i, sz, n = 0;
+
+ switch (cmd) {
+ case EVP_MD_CTRL_XOF_LEN:
+ if (ctx->digest->set_params == NULL)
+ break;
+ i = (size_t)p1;
+ params[n++] = OSSL_PARAM_construct_size_t(
+ OSSL_DIGEST_PARAM_XOFLEN, &i, &sz);
+ params[n++] = OSSL_PARAM_construct_end();
+ return ctx->digest->set_params(ctx->provctx, params) > 0;
+ case EVP_MD_CTRL_MICALG:
+ if (ctx->digest->get_params == NULL)
+ break;
+ params[n++] = OSSL_PARAM_construct_utf8_string(
+ OSSL_DIGEST_PARAM_MICALG, p2, p1 ? p1 : 9999,
+ &sz);
+ params[n++] = OSSL_PARAM_construct_end();
+ return ctx->digest->get_params(ctx->provctx, params);
+ }
+ /* legacy code */
+ if (ctx->digest->md_ctrl != NULL) {
+ int ret = ctx->digest->md_ctrl(ctx, cmd, p1, p2);
+ if (ret <= 0)
+ return 0;
+ return 1;
+ }
}
return 0;
}
+#endif
static void *evp_md_from_dispatch(const OSSL_DISPATCH *fns,
OSSL_PROVIDER *prov)
for (; fns->function_id != 0; fns++) {
switch (fns->function_id) {
case OSSL_FUNC_DIGEST_NEWCTX:
- if (md->newctx != NULL)
- break;
- md->newctx = OSSL_get_OP_digest_newctx(fns);
- fncnt++;
+ if (md->newctx == NULL) {
+ md->newctx = OSSL_get_OP_digest_newctx(fns);
+ fncnt++;
+ }
break;
case OSSL_FUNC_DIGEST_INIT:
- if (md->dinit != NULL)
- break;
- md->dinit = OSSL_get_OP_digest_init(fns);
- fncnt++;
+ if (md->dinit == NULL) {
+ md->dinit = OSSL_get_OP_digest_init(fns);
+ fncnt++;
+ }
break;
case OSSL_FUNC_DIGEST_UPDATE:
- if (md->dupdate != NULL)
- break;
- md->dupdate = OSSL_get_OP_digest_update(fns);
- fncnt++;
+ if (md->dupdate == NULL) {
+ md->dupdate = OSSL_get_OP_digest_update(fns);
+ fncnt++;
+ }
break;
case OSSL_FUNC_DIGEST_FINAL:
- if (md->dfinal != NULL)
- break;
- md->dfinal = OSSL_get_OP_digest_final(fns);
- fncnt++;
+ if (md->dfinal == NULL) {
+ md->dfinal = OSSL_get_OP_digest_final(fns);
+ fncnt++;
+ }
break;
case OSSL_FUNC_DIGEST_DIGEST:
- if (md->digest != NULL)
- break;
- md->digest = OSSL_get_OP_digest_digest(fns);
+ if (md->digest == NULL)
+ md->digest = OSSL_get_OP_digest_digest(fns);
/* We don't increment fnct for this as it is stand alone */
break;
case OSSL_FUNC_DIGEST_FREECTX:
- if (md->freectx != NULL)
- break;
- md->freectx = OSSL_get_OP_digest_freectx(fns);
- fncnt++;
+ if (md->freectx == NULL) {
+ md->freectx = OSSL_get_OP_digest_freectx(fns);
+ fncnt++;
+ }
break;
case OSSL_FUNC_DIGEST_DUPCTX:
- if (md->dupctx != NULL)
- break;
- md->dupctx = OSSL_get_OP_digest_dupctx(fns);
+ if (md->dupctx == NULL)
+ md->dupctx = OSSL_get_OP_digest_dupctx(fns);
break;
case OSSL_FUNC_DIGEST_SIZE:
- if (md->size != NULL)
- break;
- md->size = OSSL_get_OP_digest_size(fns);
+ if (md->size == NULL)
+ md->size = OSSL_get_OP_digest_size(fns);
break;
case OSSL_FUNC_DIGEST_BLOCK_SIZE:
- if (md->dblock_size != NULL)
- break;
- md->dblock_size = OSSL_get_OP_digest_block_size(fns);
+ if (md->dblock_size == NULL)
+ md->dblock_size = OSSL_get_OP_digest_block_size(fns);
+ break;
+ case OSSL_FUNC_DIGEST_SET_PARAMS:
+ if (md->set_params == NULL)
+ md->set_params = OSSL_get_OP_digest_set_params(fns);
+ break;
+ case OSSL_FUNC_DIGEST_GET_PARAMS:
+ if (md->get_params == NULL)
+ md->get_params = OSSL_get_OP_digest_get_params(fns);
break;
}
}
mcmdata.mcm = &mcm;
mcmdata.libctx = libctx;
+ mcmdata.name = name;
mcmdata.method_from_dispatch = new_method;
mcmdata.destruct_method = free_method;
mcmdata.refcnt_up_method = upref_method;
/*
- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* https://www.openssl.org/source/license.html
*/
-#if !defined(OPENSSL_NO_MD5)
+#ifndef OPENSSL_NO_MD5
+# include <string.h>
# include <openssl/evp.h>
-# include <openssl/objects.h>
-# include <openssl/x509.h>
-# include <openssl/md5.h>
-# include <openssl/sha.h>
-# include "internal/cryptlib.h"
+# include <openssl/obj_mac.h>
# include "internal/evp_int.h"
-# include <openssl/rsa.h>
-
-struct md5_sha1_ctx {
- MD5_CTX md5;
- SHA_CTX sha1;
-};
+# include "internal/md5_sha1.h"
static int init(EVP_MD_CTX *ctx)
{
- struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx);
- if (!MD5_Init(&mctx->md5))
- return 0;
- return SHA1_Init(&mctx->sha1);
+ return md5_sha1_init(EVP_MD_CTX_md_data(ctx));
}
static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
{
- struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx);
- if (!MD5_Update(&mctx->md5, data, count))
- return 0;
- return SHA1_Update(&mctx->sha1, data, count);
+ return md5_sha1_update(EVP_MD_CTX_md_data(ctx), data, count);
}
static int final(EVP_MD_CTX *ctx, unsigned char *md)
{
- struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx);
- if (!MD5_Final(md, &mctx->md5))
- return 0;
- return SHA1_Final(md + MD5_DIGEST_LENGTH, &mctx->sha1);
+ return md5_sha1_final(md, EVP_MD_CTX_md_data(ctx));
}
static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms)
{
- unsigned char padtmp[48];
- unsigned char md5tmp[MD5_DIGEST_LENGTH];
- unsigned char sha1tmp[SHA_DIGEST_LENGTH];
- struct md5_sha1_ctx *mctx;
-
- if (cmd != EVP_CTRL_SSL3_MASTER_SECRET)
- return -2;
-
- if (ctx == NULL)
- return 0;
-
- mctx = EVP_MD_CTX_md_data(ctx);
-
- /* SSLv3 client auth handling: see RFC-6101 5.6.8 */
- if (mslen != 48)
- return 0;
-
- /* At this point hash contains all handshake messages, update
- * with master secret and pad_1.
- */
-
- if (update(ctx, ms, mslen) <= 0)
- return 0;
-
- /* Set padtmp to pad_1 value */
- memset(padtmp, 0x36, sizeof(padtmp));
-
- if (!MD5_Update(&mctx->md5, padtmp, sizeof(padtmp)))
- return 0;
-
- if (!MD5_Final(md5tmp, &mctx->md5))
- return 0;
-
- if (!SHA1_Update(&mctx->sha1, padtmp, 40))
- return 0;
-
- if (!SHA1_Final(sha1tmp, &mctx->sha1))
- return 0;
-
- /* Reinitialise context */
-
- if (!init(ctx))
- return 0;
-
- if (update(ctx, ms, mslen) <= 0)
- return 0;
-
- /* Set padtmp to pad_2 value */
- memset(padtmp, 0x5c, sizeof(padtmp));
-
- if (!MD5_Update(&mctx->md5, padtmp, sizeof(padtmp)))
- return 0;
-
- if (!MD5_Update(&mctx->md5, md5tmp, sizeof(md5tmp)))
- return 0;
-
- if (!SHA1_Update(&mctx->sha1, padtmp, 40))
- return 0;
-
- if (!SHA1_Update(&mctx->sha1, sha1tmp, sizeof(sha1tmp)))
- return 0;
-
- /* Now when ctx is finalised it will return the SSL v3 hash value */
-
- OPENSSL_cleanse(md5tmp, sizeof(md5tmp));
- OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp));
-
- return 1;
-
+ return md5_sha1_ctrl(EVP_MD_CTX_md_data(ctx), cmd, mslen, ms);
}
static const EVP_MD md5_sha1_md = {
NID_md5_sha1,
NID_md5_sha1,
- MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
+ MD5_SHA1_DIGEST_LENGTH,
0,
init,
update,
final,
NULL,
NULL,
- MD5_CBLOCK,
- sizeof(EVP_MD *) + sizeof(struct md5_sha1_ctx),
+ MD5_SHA1_CBLOCK,
+ sizeof(EVP_MD *) + sizeof(MD5_SHA1_CTX),
ctrl
};
{
return &md5_sha1_md;
}
-#endif
+
+#endif /* OPENSSL_NO_MD5 */
return SHA1_Final(md, EVP_MD_CTX_md_data(ctx));
}
-static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms)
+static int ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)
{
- unsigned char padtmp[40];
- unsigned char sha1tmp[SHA_DIGEST_LENGTH];
-
- SHA_CTX *sha1;
-
- if (cmd != EVP_CTRL_SSL3_MASTER_SECRET)
- return -2;
-
- if (ctx == NULL)
- return 0;
-
- sha1 = EVP_MD_CTX_md_data(ctx);
-
- /* SSLv3 client auth handling: see RFC-6101 5.6.8 */
- if (mslen != 48)
- return 0;
-
- /* At this point hash contains all handshake messages, update
- * with master secret and pad_1.
- */
-
- if (SHA1_Update(sha1, ms, mslen) <= 0)
- return 0;
-
- /* Set padtmp to pad_1 value */
- memset(padtmp, 0x36, sizeof(padtmp));
-
- if (!SHA1_Update(sha1, padtmp, sizeof(padtmp)))
- return 0;
-
- if (!SHA1_Final(sha1tmp, sha1))
- return 0;
-
- /* Reinitialise context */
-
- if (!SHA1_Init(sha1))
- return 0;
-
- if (SHA1_Update(sha1, ms, mslen) <= 0)
- return 0;
-
- /* Set padtmp to pad_2 value */
- memset(padtmp, 0x5c, sizeof(padtmp));
-
- if (!SHA1_Update(sha1, padtmp, sizeof(padtmp)))
- return 0;
-
- if (!SHA1_Update(sha1, sha1tmp, sizeof(sha1tmp)))
- return 0;
-
- /* Now when ctx is finalised it will return the SSL v3 hash value */
- OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp));
-
- return 1;
-
+ return sha1_ctrl(ctx != NULL ? EVP_MD_CTX_md_data(ctx) : NULL, cmd, p1, p2);
}
static const EVP_MD sha1_md = {
#include <openssl/evp.h>
#include <openssl/objects.h>
#include "internal/evp_int.h"
+#include "internal/sha3.h"
#include "evp_locl.h"
-size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len,
- size_t r);
-void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r);
-
-#define KECCAK1600_WIDTH 1600
-
-typedef struct {
- uint64_t A[5][5];
- size_t block_size; /* cached ctx->digest->block_size */
- size_t md_size; /* output length, variable in XOF */
- size_t num; /* used bytes in below buffer */
- unsigned char buf[KECCAK1600_WIDTH / 8 - 32];
- unsigned char pad;
-} KECCAK1600_CTX;
-
-static int init(EVP_MD_CTX *evp_ctx, unsigned char pad)
+static int init(EVP_MD_CTX *ctx)
{
- KECCAK1600_CTX *ctx = evp_ctx->md_data;
- size_t bsz = evp_ctx->digest->block_size;
-
- if (bsz <= sizeof(ctx->buf)) {
- memset(ctx->A, 0, sizeof(ctx->A));
-
- ctx->num = 0;
- ctx->block_size = bsz;
- ctx->md_size = evp_ctx->digest->md_size;
- ctx->pad = pad;
-
- return 1;
- }
-
- return 0;
+ return sha3_init(EVP_MD_CTX_md_data(ctx), '\x06', ctx->digest->md_size * 8);
}
-static int sha3_init(EVP_MD_CTX *evp_ctx)
+static int update(EVP_MD_CTX *ctx, const void *_inp, size_t len)
{
- return init(evp_ctx, '\x06');
+ return sha3_update(EVP_MD_CTX_md_data(ctx), _inp, len);
}
-static int shake_init(EVP_MD_CTX *evp_ctx)
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
{
- return init(evp_ctx, '\x1f');
+ return sha3_final(md, EVP_MD_CTX_md_data(ctx));
}
-static int kmac_init(EVP_MD_CTX *evp_ctx)
+static int shake_init(EVP_MD_CTX *ctx)
{
- return init(evp_ctx, '\x04');
-}
-
-static int sha3_update(EVP_MD_CTX *evp_ctx, const void *_inp, size_t len)
-{
- KECCAK1600_CTX *ctx = evp_ctx->md_data;
- const unsigned char *inp = _inp;
- size_t bsz = ctx->block_size;
- size_t num, rem;
-
- if (len == 0)
- return 1;
-
- if ((num = ctx->num) != 0) { /* process intermediate buffer? */
- rem = bsz - num;
-
- if (len < rem) {
- memcpy(ctx->buf + num, inp, len);
- ctx->num += len;
- return 1;
- }
- /*
- * We have enough data to fill or overflow the intermediate
- * buffer. So we append |rem| bytes and process the block,
- * leaving the rest for later processing...
- */
- memcpy(ctx->buf + num, inp, rem);
- inp += rem, len -= rem;
- (void)SHA3_absorb(ctx->A, ctx->buf, bsz, bsz);
- ctx->num = 0;
- /* ctx->buf is processed, ctx->num is guaranteed to be zero */
- }
-
- if (len >= bsz)
- rem = SHA3_absorb(ctx->A, inp, len, bsz);
- else
- rem = len;
-
- if (rem) {
- memcpy(ctx->buf, inp + len - rem, rem);
- ctx->num = rem;
- }
-
- return 1;
+ return sha3_init(EVP_MD_CTX_md_data(ctx), '\x1f', ctx->digest->md_size * 8);
}
-static int sha3_final(EVP_MD_CTX *evp_ctx, unsigned char *md)
+static int kmac_init(EVP_MD_CTX *ctx)
{
- KECCAK1600_CTX *ctx = evp_ctx->md_data;
- size_t bsz = ctx->block_size;
- size_t num = ctx->num;
-
- /*
- * Pad the data with 10*1. Note that |num| can be |bsz - 1|
- * in which case both byte operations below are performed on
- * same byte...
- */
- memset(ctx->buf + num, 0, bsz - num);
- ctx->buf[num] = ctx->pad;
- ctx->buf[bsz - 1] |= 0x80;
-
- (void)SHA3_absorb(ctx->A, ctx->buf, bsz, bsz);
-
- SHA3_squeeze(ctx->A, md, ctx->md_size, bsz);
-
- return 1;
+ return keccak_kmac_init(EVP_MD_CTX_md_data(ctx), '\x04',
+ ctx->digest->md_size * 8 / 2);
}
static int shake_ctrl(EVP_MD_CTX *evp_ctx, int cmd, int p1, void *p2)
NID_RSA_SHA3_##bitlen, \
bitlen / 8, \
EVP_MD_FLAG_DIGALGID_ABSENT, \
- sha3_init, \
- sha3_update, \
- sha3_final, \
+ init, \
+ update, \
+ final, \
NULL, \
NULL, \
(KECCAK1600_WIDTH - bitlen * 2) / 8, \
bitlen / 8, \
EVP_MD_FLAG_XOF, \
shake_init, \
- sha3_update, \
- sha3_final, \
+ update, \
+ final, \
NULL, \
NULL, \
(KECCAK1600_WIDTH - bitlen * 2) / 8, \
NID_RSA_SHA3_##bitlen, \
bitlen / 8, \
EVP_MD_FLAG_DIGALGID_ABSENT, \
- sha3_init, \
- sha3_update, \
- sha3_final, \
+ init, \
+ update, \
+ final, \
NULL, \
NULL, \
(KECCAK1600_WIDTH - bitlen * 2) / 8, \
bitlen / 8, \
EVP_MD_FLAG_XOF, \
shake_init, \
- sha3_update, \
- sha3_final, \
+ update, \
+ final, \
NULL, \
NULL, \
(KECCAK1600_WIDTH - bitlen * 2) / 8, \
const EVP_MD *evp_keccak_kmac##bitlen(void) \
{ \
static const EVP_MD kmac_##bitlen##_md = { \
- -1, \
+ NID_kmac##bitlen, \
0, \
2 * bitlen / 8, \
EVP_MD_FLAG_XOF, \
kmac_init, \
- sha3_update, \
- sha3_final, \
+ update, \
+ final, \
NULL, \
NULL, \
(KECCAK1600_WIDTH - bitlen * 2) / 8, \
OSSL_OP_digest_dupctx_fn *dupctx;
OSSL_OP_digest_size_fn *size;
OSSL_OP_digest_block_size_fn *dblock_size;
+ OSSL_OP_digest_set_params_fn *set_params;
+ OSSL_OP_digest_get_params_fn *get_params;
} /* EVP_MD */ ;
int sha512_224_init(SHA512_CTX *);
int sha512_256_init(SHA512_CTX *);
+int sha1_ctrl(SHA_CTX *ctx, int cmd, int mslen, void *ms);
#endif
+++ /dev/null
-/*
- * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
- * Copyright 2017 Ribose Inc. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#ifndef HEADER_SM3_H
-# define HEADER_SM3_H
-
-# include <openssl/opensslconf.h>
-
-# ifdef OPENSSL_NO_SM3
-# error SM3 is disabled.
-# endif
-
-# define SM3_DIGEST_LENGTH 32
-# define SM3_WORD unsigned int
-
-# define SM3_CBLOCK 64
-# define SM3_LBLOCK (SM3_CBLOCK/4)
-
-typedef struct SM3state_st {
- SM3_WORD A, B, C, D, E, F, G, H;
- SM3_WORD Nl, Nh;
- SM3_WORD data[SM3_LBLOCK];
- unsigned int num;
-} SM3_CTX;
-
-int sm3_init(SM3_CTX *c);
-int sm3_update(SM3_CTX *c, const void *data, size_t len);
-int sm3_final(unsigned char *md, SM3_CTX *c);
-
-void sm3_block_data_order(SM3_CTX *c, const void *p, size_t num);
-
-#endif
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
- md5_dgst.c md5_one.c {- $target{md5_asm_src} -}
+ md5_dgst.c md5_one.c md5_sha1.c {- $target{md5_asm_src} -}
GENERATE[md5-586.s]=asm/md5-586.pl \
$(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS)
--- /dev/null
+/*
+ * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+#include <string.h>
+#include "internal/md5_sha1.h"
+#include <openssl/evp.h>
+
+int md5_sha1_init(MD5_SHA1_CTX *mctx)
+{
+ if (!MD5_Init(&mctx->md5))
+ return 0;
+ return SHA1_Init(&mctx->sha1);
+}
+
+int md5_sha1_update(MD5_SHA1_CTX *mctx, const void *data, size_t count)
+{
+ if (!MD5_Update(&mctx->md5, data, count))
+ return 0;
+ return SHA1_Update(&mctx->sha1, data, count);
+}
+
+int md5_sha1_final(unsigned char *md, MD5_SHA1_CTX *mctx)
+{
+ if (!MD5_Final(md, &mctx->md5))
+ return 0;
+ return SHA1_Final(md + MD5_DIGEST_LENGTH, &mctx->sha1);
+}
+
+int md5_sha1_ctrl(MD5_SHA1_CTX *mctx, int cmd, int mslen, void *ms)
+{
+ unsigned char padtmp[48];
+ unsigned char md5tmp[MD5_DIGEST_LENGTH];
+ unsigned char sha1tmp[SHA_DIGEST_LENGTH];
+
+ if (cmd != EVP_CTRL_SSL3_MASTER_SECRET)
+ return -2;
+
+ if (mctx == NULL)
+ return 0;
+
+ /* SSLv3 client auth handling: see RFC-6101 5.6.8 */
+ if (mslen != 48)
+ return 0;
+
+ /* At this point hash contains all handshake messages, update
+ * with master secret and pad_1.
+ */
+
+ if (md5_sha1_update(mctx, ms, mslen) <= 0)
+ return 0;
+
+ /* Set padtmp to pad_1 value */
+ memset(padtmp, 0x36, sizeof(padtmp));
+
+ if (!MD5_Update(&mctx->md5, padtmp, sizeof(padtmp)))
+ return 0;
+
+ if (!MD5_Final(md5tmp, &mctx->md5))
+ return 0;
+
+ if (!SHA1_Update(&mctx->sha1, padtmp, 40))
+ return 0;
+
+ if (!SHA1_Final(sha1tmp, &mctx->sha1))
+ return 0;
+
+ /* Reinitialise context */
+
+ if (!md5_sha1_init(mctx))
+ return 0;
+
+ if (md5_sha1_update(mctx, ms, mslen) <= 0)
+ return 0;
+
+ /* Set padtmp to pad_2 value */
+ memset(padtmp, 0x5c, sizeof(padtmp));
+
+ if (!MD5_Update(&mctx->md5, padtmp, sizeof(padtmp)))
+ return 0;
+
+ if (!MD5_Update(&mctx->md5, md5tmp, sizeof(md5tmp)))
+ return 0;
+
+ if (!SHA1_Update(&mctx->sha1, padtmp, 40))
+ return 0;
+
+ if (!SHA1_Update(&mctx->sha1, sha1tmp, sizeof(sha1tmp)))
+ return 0;
+
+ /* Now when ctx is finalised it will return the SSL v3 hash value */
+
+ OPENSSL_cleanse(md5tmp, sizeof(md5tmp));
+ OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp));
+
+ return 1;
+}
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
- sha1dgst.c sha1_one.c sha256.c sha512.c {- $target{sha1_asm_src} -} \
- {- $target{keccak1600_asm_src} -}
+ sha1dgst.c sha1_one.c sha256.c sha512.c sha3.c \
+ {- $target{sha1_asm_src} -} {- $target{keccak1600_asm_src} -}
-SOURCE[../../providers/fips]= sha256.c
+SOURCE[../../providers/fips]= sha1dgst.c sha256.c sha512.c sha3.c \
+ {- $target{keccak1600_asm_src} -} {- $target{sha1_asm_src} -}
GENERATE[sha1-586.s]=asm/sha1-586.pl \
$(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
}
/*
- * SHA3_squeeze is called once at the end to generate |out| hash value
+ * sha3_squeeze is called once at the end to generate |out| hash value
* of |len| bytes.
*/
void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r)
#include <openssl/crypto.h>
#include <openssl/opensslconf.h>
-# include <openssl/opensslv.h>
+#include <openssl/opensslv.h>
+#include <openssl/evp.h>
+#include <openssl/sha.h>
/* The implementation is in ../md32_common.h */
-# include "sha_locl.h"
+#include "sha_locl.h"
+#include "internal/sha.h"
+
+int sha1_ctrl(SHA_CTX *sha1, int cmd, int mslen, void *ms)
+{
+ unsigned char padtmp[40];
+ unsigned char sha1tmp[SHA_DIGEST_LENGTH];
+
+ if (cmd != EVP_CTRL_SSL3_MASTER_SECRET)
+ return -2;
+
+ if (sha1 == NULL)
+ return 0;
+
+ /* SSLv3 client auth handling: see RFC-6101 5.6.8 */
+ if (mslen != 48)
+ return 0;
+
+ /* At this point hash contains all handshake messages, update
+ * with master secret and pad_1.
+ */
+
+ if (SHA1_Update(sha1, ms, mslen) <= 0)
+ return 0;
+
+ /* Set padtmp to pad_1 value */
+ memset(padtmp, 0x36, sizeof(padtmp));
+
+ if (!SHA1_Update(sha1, padtmp, sizeof(padtmp)))
+ return 0;
+
+ if (!SHA1_Final(sha1tmp, sha1))
+ return 0;
+
+ /* Reinitialise context */
+
+ if (!SHA1_Init(sha1))
+ return 0;
+
+ if (SHA1_Update(sha1, ms, mslen) <= 0)
+ return 0;
+
+ /* Set padtmp to pad_2 value */
+ memset(padtmp, 0x5c, sizeof(padtmp));
+
+ if (!SHA1_Update(sha1, padtmp, sizeof(padtmp)))
+ return 0;
+
+ if (!SHA1_Update(sha1, sha1tmp, sizeof(sha1tmp)))
+ return 0;
+
+ /* Now when ctx is finalised it will return the SSL v3 hash value */
+ OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp));
+
+ return 1;
+}
--- /dev/null
+/*
+ * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include "internal/sha3.h"
+
+void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r);
+
+void sha3_reset(KECCAK1600_CTX *ctx)
+{
+ memset(ctx->A, 0, sizeof(ctx->A));
+ ctx->bufsz = 0;
+}
+
+int sha3_init(KECCAK1600_CTX *ctx, unsigned char pad, size_t bitlen)
+{
+ size_t bsz = SHA3_BLOCKSIZE(bitlen);
+
+ if (bsz <= sizeof(ctx->buf)) {
+ sha3_reset(ctx);
+ ctx->block_size = bsz;
+ ctx->md_size = bitlen / 8;
+ ctx->pad = pad;
+ return 1;
+ }
+
+ return 0;
+}
+
+int keccak_kmac_init(KECCAK1600_CTX *ctx, unsigned char pad, size_t bitlen)
+{
+ int ret = sha3_init(ctx, pad, bitlen);
+
+ if (ret)
+ ctx->md_size *= 2;
+ return ret;
+}
+
+int sha3_update(KECCAK1600_CTX *ctx, const void *_inp, size_t len)
+{
+ const unsigned char *inp = _inp;
+ size_t bsz = ctx->block_size;
+ size_t num, rem;
+
+ if (len == 0)
+ return 1;
+
+ if ((num = ctx->bufsz) != 0) { /* process intermediate buffer? */
+ rem = bsz - num;
+
+ if (len < rem) {
+ memcpy(ctx->buf + num, inp, len);
+ ctx->bufsz += len;
+ return 1;
+ }
+ /*
+ * We have enough data to fill or overflow the intermediate
+ * buffer. So we append |rem| bytes and process the block,
+ * leaving the rest for later processing...
+ */
+ memcpy(ctx->buf + num, inp, rem);
+ inp += rem, len -= rem;
+ (void)SHA3_absorb(ctx->A, ctx->buf, bsz, bsz);
+ ctx->bufsz = 0;
+ /* ctx->buf is processed, ctx->num is guaranteed to be zero */
+ }
+
+ if (len >= bsz)
+ rem = SHA3_absorb(ctx->A, inp, len, bsz);
+ else
+ rem = len;
+
+ if (rem) {
+ memcpy(ctx->buf, inp + len - rem, rem);
+ ctx->bufsz = rem;
+ }
+
+ return 1;
+}
+
+int sha3_final(unsigned char *md, KECCAK1600_CTX *ctx)
+{
+ size_t bsz = ctx->block_size;
+ size_t num = ctx->bufsz;
+
+ /*
+ * Pad the data with 10*1. Note that |num| can be |bsz - 1|
+ * in which case both byte operations below are performed on
+ * same byte...
+ */
+ memset(ctx->buf + num, 0, bsz - num);
+ ctx->buf[num] = ctx->pad;
+ ctx->buf[bsz - 1] |= 0x80;
+
+ (void)SHA3_absorb(ctx->A, ctx->buf, bsz, bsz);
+
+ SHA3_squeeze(ctx->A, md, ctx->md_size, bsz);
+
+ return 1;
+}
#ifndef OPENSSL_NO_SM3
# include <openssl/evp.h>
-# include "internal/evp_int.h"
# include "internal/sm3.h"
+# include "internal/evp_int.h"
static int init(EVP_MD_CTX *ctx)
{
} while (0)
#define HASH_BLOCK_DATA_ORDER sm3_block_data_order
+void sm3_block_data_order(SM3_CTX *c, const void *p, size_t num);
void sm3_transform(SM3_CTX *c, const unsigned char *data);
#include "internal/md32_common.h"
=head1 NAME
EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy,
-EVP_MD_CTX_copy_ex, EVP_MD_CTX_ctrl, EVP_MD_CTX_set_flags,
-EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags,
+EVP_MD_CTX_copy_ex, EVP_MD_CTX_ctrl, EVP_MD_CTX_set_params, EVP_MD_CTX_get_params,
+EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags,
EVP_Digest, EVP_DigestInit_ex, EVP_DigestInit, EVP_DigestUpdate,
EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal,
EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_flags,
int EVP_MD_CTX_reset(EVP_MD_CTX *ctx);
void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
void EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void* p2);
+ int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]);
+ int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]);
void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags);
=item EVP_MD_CTX_ctrl()
+This is a deprecated function. EVP_MD_CTX_set_params() and EVP_MD_CTX_get_params()
+is the mechanism that should be used to set and get parameters that are used by
+providers.
Performs digest-specific control actions on context B<ctx>. The control command
is indicated in B<cmd> and any additional arguments in B<p1> and B<p2>.
EVP_MD_CTX_ctrl() must be called after EVP_DigestInit_ex(). Other restrictions
may apply depending on the control type and digest implementation.
See L</CONTROLS> below for more information.
+=item EVP_MD_CTX_get_params
+
+Retrieves the requested list of B<params> from a MD context B<ctx>.
+See L</PARAMS> below for more information.
+
+=item EVP_MD_CTX_set_params
+
+Sets the list of <params> into a MD context B<ctx>.
+See L</PARAMS> below for more information.
+
=item EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags(), EVP_MD_CTX_test_flags()
Sets, clears and tests B<ctx> flags. See L</FLAGS> below for more information.
=back
+=head1 PARAMS
+
+See L<OSSL_PARAM(3)> for information about passing parameters.
+
+EVP_MD_CTX_set_params() can be used with the following OSSL_PARAM keys:
+
+=over 4
+
+=item OSSL_PARAM_DIGEST_KEY_XOFLEN <size_t>
+
+Sets the digest length for extendable output functions.
+It is used by the SHAKE algorithm.
+
+=item OSSL_PARAM_DIGEST_KEY_PAD_TYPE <int>
+
+Sets the pad type.
+It is used by the MDC2 algorithm.
+
+=back
+
+EVP_MD_CTX_get_params() can be used with the following OSSL_PARAM keys:
+
+=over 4
+
+=item OSSL_PARAM_DIGEST_KEY_MICALG <utf8string>.
+
+Gets the digest Message Integrity Check algorithm string. This is used when
+creating S/MIME multipart/signed messages, as specified in RFC 3851.
+It may be used by external engines or providers.
+
+=back
+
=head1 CONTROLS
EVP_MD_CTX_ctrl() can be used to send the following standard controls:
Returns 1 if successful or 0 for failure.
+=item EVP_MD_CTX_set_params(),
+EVP_MD_CTX_get_params()
+
+Returns 1 if successful or 0 for failure.
+
=item EVP_MD_CTX_copy_ex()
Returns 1 if successful or 0 for failure.
L<EVP_MD_meth_new(3)>,
L<dgst(1)>,
-L<evp(7)>
+L<evp(7)>,
+L<OSSL_PROVIDER(3)>,
+L<OSSL_PARAM(3)>
The full list of digest algorithms are provided below.
The EVP_MD_CTX_set_pkey_ctx() function was added in 1.1.1.
+The EVP_MD_CTX_set_params() and EVP_MD_CTX_get_params() functions were
+added in 3.0.
+
=head1 COPYRIGHT
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* TODO(3.0) Move this header into provider when dependencies are removed */
+#ifndef HEADER_BLAKE2_H
+# define HEADER_BLAKE2_H
+
+# include <openssl/opensslconf.h>
+
+# include <openssl/e_os2.h>
+# include <stddef.h>
+
+# define BLAKE2S_BLOCKBYTES 64
+# define BLAKE2S_OUTBYTES 32
+# define BLAKE2S_KEYBYTES 32
+# define BLAKE2S_SALTBYTES 8
+# define BLAKE2S_PERSONALBYTES 8
+
+# define BLAKE2B_BLOCKBYTES 128
+# define BLAKE2B_OUTBYTES 64
+# define BLAKE2B_KEYBYTES 64
+# define BLAKE2B_SALTBYTES 16
+# define BLAKE2B_PERSONALBYTES 16
+
+struct blake2s_param_st {
+ uint8_t digest_length; /* 1 */
+ uint8_t key_length; /* 2 */
+ uint8_t fanout; /* 3 */
+ uint8_t depth; /* 4 */
+ uint8_t leaf_length[4];/* 8 */
+ uint8_t node_offset[6];/* 14 */
+ uint8_t node_depth; /* 15 */
+ uint8_t inner_length; /* 16 */
+ uint8_t salt[BLAKE2S_SALTBYTES]; /* 24 */
+ uint8_t personal[BLAKE2S_PERSONALBYTES]; /* 32 */
+};
+
+typedef struct blake2s_param_st BLAKE2S_PARAM;
+
+struct blake2s_ctx_st {
+ uint32_t h[8];
+ uint32_t t[2];
+ uint32_t f[2];
+ uint8_t buf[BLAKE2S_BLOCKBYTES];
+ size_t buflen;
+ size_t outlen;
+};
+
+struct blake2b_param_st {
+ uint8_t digest_length; /* 1 */
+ uint8_t key_length; /* 2 */
+ uint8_t fanout; /* 3 */
+ uint8_t depth; /* 4 */
+ uint8_t leaf_length[4];/* 8 */
+ uint8_t node_offset[8];/* 16 */
+ uint8_t node_depth; /* 17 */
+ uint8_t inner_length; /* 18 */
+ uint8_t reserved[14]; /* 32 */
+ uint8_t salt[BLAKE2B_SALTBYTES]; /* 48 */
+ uint8_t personal[BLAKE2B_PERSONALBYTES]; /* 64 */
+};
+
+typedef struct blake2b_param_st BLAKE2B_PARAM;
+
+struct blake2b_ctx_st {
+ uint64_t h[8];
+ uint64_t t[2];
+ uint64_t f[2];
+ uint8_t buf[BLAKE2B_BLOCKBYTES];
+ size_t buflen;
+ size_t outlen;
+};
+
+#define BLAKE2B_DIGEST_LENGTH 64
+#define BLAKE2S_DIGEST_LENGTH 32
+
+typedef struct blake2s_ctx_st BLAKE2S_CTX;
+typedef struct blake2b_ctx_st BLAKE2B_CTX;
+
+int blake2s256_init(void *ctx);
+int blake2b512_init(void *ctx);
+
+int blake2b_init(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P);
+int blake2b_init_key(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P, const void *key);
+int blake2b_update(BLAKE2B_CTX *c, const void *data, size_t datalen);
+int blake2b_final(unsigned char *md, BLAKE2B_CTX *c);
+
+/*
+ * These setters are internal and do not check the validity of their parameters.
+ * See blake2b_mac_ctrl for validation logic.
+ */
+
+void blake2b_param_init(BLAKE2B_PARAM *P);
+void blake2b_param_set_digest_length(BLAKE2B_PARAM *P, uint8_t outlen);
+void blake2b_param_set_key_length(BLAKE2B_PARAM *P, uint8_t keylen);
+void blake2b_param_set_personal(BLAKE2B_PARAM *P, const uint8_t *personal, size_t length);
+void blake2b_param_set_salt(BLAKE2B_PARAM *P, const uint8_t *salt, size_t length);
+
+int blake2s_init(BLAKE2S_CTX *c, const BLAKE2S_PARAM *P);
+int blake2s_init_key(BLAKE2S_CTX *c, const BLAKE2S_PARAM *P, const void *key);
+int blake2s_update(BLAKE2S_CTX *c, const void *data, size_t datalen);
+int blake2s_final(unsigned char *md, BLAKE2S_CTX *c);
+
+void blake2s_param_init(BLAKE2S_PARAM *P);
+void blake2s_param_set_digest_length(BLAKE2S_PARAM *P, uint8_t outlen);
+void blake2s_param_set_key_length(BLAKE2S_PARAM *P, uint8_t keylen);
+void blake2s_param_set_personal(BLAKE2S_PARAM *P, const uint8_t *personal, size_t length);
+void blake2s_param_set_salt(BLAKE2S_PARAM *P, const uint8_t *salt, size_t length);
+
+#endif /* HEADER_BLAKE2_H */
--- /dev/null
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* TODO(3.0) Move this header into provider when dependencies are removed */
+#ifndef HEADER_MD5_SHA1_H
+# define HEADER_MD5_SHA1_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_MD5
+# include <openssl/e_os2.h>
+# include <stddef.h>
+# include <openssl/md5.h>
+# include <openssl/sha.h>
+
+# define MD5_SHA1_DIGEST_LENGTH (MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH)
+# define MD5_SHA1_CBLOCK MD5_CBLOCK
+
+typedef struct md5_sha1_st {
+ MD5_CTX md5;
+ SHA_CTX sha1;
+} MD5_SHA1_CTX;
+
+int md5_sha1_init(MD5_SHA1_CTX *mctx);
+int md5_sha1_update(MD5_SHA1_CTX *mctx, const void *data, size_t count);
+int md5_sha1_final(unsigned char *md, MD5_SHA1_CTX *mctx);
+int md5_sha1_ctrl(MD5_SHA1_CTX *mctx, int cmd, int mslen, void *ms);
+
+# endif /* OPENSSL_NO_MD5 */
+
+#endif /* HEADER_MD5_SHA1_H */
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* TODO(3.0) Move this header into provider when dependencies are removed */
+#ifndef HEADER_INTERNAL_SHA3_H
+# define HEADER_INTERNAL_SHA3_H
+
+# include <openssl/e_os2.h>
+# include <stddef.h>
+
+# define KECCAK1600_WIDTH 1600
+# define SHA3_MDSIZE(bitlen) (bitlen / 8)
+# define KMAC_MDSIZE(bitlen) 2 * (bitlen / 8)
+# define SHA3_BLOCKSIZE(bitlen) (KECCAK1600_WIDTH - bitlen * 2) / 8
+
+typedef struct keccak_st KECCAK1600_CTX;
+
+typedef size_t (sha3_absorb_fn)(void *vctx, const void *inp, size_t len);
+typedef int (sha3_final_fn)(unsigned char *md, void *vctx);
+
+typedef struct prov_sha3_meth_st
+{
+ sha3_absorb_fn *absorb;
+ sha3_final_fn *final;
+} PROV_SHA3_METHOD;
+
+struct keccak_st {
+ uint64_t A[5][5];
+ size_t block_size; /* cached ctx->digest->block_size */
+ size_t md_size; /* output length, variable in XOF */
+ size_t bufsz; /* used bytes in below buffer */
+ unsigned char buf[KECCAK1600_WIDTH / 8 - 32];
+ unsigned char pad;
+ PROV_SHA3_METHOD meth;
+};
+
+void sha3_reset(KECCAK1600_CTX *ctx);
+int sha3_init(KECCAK1600_CTX *ctx, unsigned char pad, size_t bitlen);
+int keccak_kmac_init(KECCAK1600_CTX *ctx, unsigned char pad, size_t bitlen);
+int sha3_update(KECCAK1600_CTX *ctx, const void *_inp, size_t len);
+int sha3_final(unsigned char *md, KECCAK1600_CTX *ctx);
+
+size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len,
+ size_t r);
+
+#endif /* HEADER_INTERNAL_SHA3_H */
--- /dev/null
+/*
+ * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* TODO(3.0) Move this header into provider when dependencies are removed */
+#ifndef HEADER_SM3_H
+# define HEADER_SM3_H
+
+# include <openssl/opensslconf.h>
+
+# ifdef OPENSSL_NO_SM3
+# error SM3 is disabled.
+# endif
+
+# define SM3_DIGEST_LENGTH 32
+# define SM3_WORD unsigned int
+
+# define SM3_CBLOCK 64
+# define SM3_LBLOCK (SM3_CBLOCK/4)
+
+typedef struct SM3state_st {
+ SM3_WORD A, B, C, D, E, F, G, H;
+ SM3_WORD Nl, Nh;
+ SM3_WORD data[SM3_LBLOCK];
+ unsigned int num;
+} SM3_CTX;
+
+int sm3_init(SM3_CTX *c);
+int sm3_update(SM3_CTX *c, const void *data, size_t len);
+int sm3_final(unsigned char *md, SM3_CTX *c);
+
+#endif /* HEADER_SM3_H */
#define OSSL_CIPHER_PARAM_PADDING "padding"
#define OSSL_CIPHER_PARAM_MODE "mode"
+/* digest parameters */
+#define OSSL_DIGEST_PARAM_XOFLEN "xoflen"
+#define OSSL_DIGEST_PARAM_CMD "cmd"
+#define OSSL_DIGEST_PARAM_MSG "msg"
+#define OSSL_DIGEST_PARAM_PAD_TYPE "pad_type"
+#define OSSL_DIGEST_PARAM_MICALG "micalg"
+
# ifdef __cplusplus
}
# endif
# define OSSL_FUNC_DIGEST_DUPCTX 7
# define OSSL_FUNC_DIGEST_SIZE 8
# define OSSL_FUNC_DIGEST_BLOCK_SIZE 9
-
+# define OSSL_FUNC_DIGEST_SET_PARAMS 10
+# define OSSL_FUNC_DIGEST_GET_PARAMS 11
OSSL_CORE_MAKE_FUNC(void *, OP_digest_newctx, (void *provctx))
OSSL_CORE_MAKE_FUNC(int, OP_digest_init, (void *dctx))
OSSL_CORE_MAKE_FUNC(void, OP_digest_cleanctx, (void *dctx))
OSSL_CORE_MAKE_FUNC(void, OP_digest_freectx, (void *dctx))
OSSL_CORE_MAKE_FUNC(void *, OP_digest_dupctx, (void *dctx))
+
OSSL_CORE_MAKE_FUNC(size_t, OP_digest_size, (void))
OSSL_CORE_MAKE_FUNC(size_t, OP_digest_block_size, (void))
-
+OSSL_CORE_MAKE_FUNC(int, OP_digest_set_params,
+ (void *vctx, const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, OP_digest_get_params,
+ (void *vctx, const OSSL_PARAM params[]))
/* Symmetric Ciphers */
OSSL_CORE_MAKE_FUNC(int, OP_cipher_ctx_set_params, (void *cctx,
const OSSL_PARAM params[]))
-
# ifdef __cplusplus
}
# endif
# include <openssl/symhacks.h>
# include <openssl/bio.h>
# include <openssl/evperr.h>
+# include <openssl/params.h>
# define EVP_MAX_MD_SIZE 64/* longest known is SHA512 */
# define EVP_MAX_KEY_LENGTH 64
# define EVP_delete_digest_alias(alias) \
OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS);
-int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2);
+int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]);
+DEPRECATEDIN_3(int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2))
EVP_MD_CTX *EVP_MD_CTX_new(void);
int EVP_MD_CTX_reset(EVP_MD_CTX *ctx);
void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
SOURCE[legacy]=legacy.ld
GENERATE[legacy.ld]=../util/providers.num
ENDIF
- INCLUDE[legacy]=.. ../include ../crypto/include
+ INCLUDE[legacy]=.. ../include ../crypto/include common/include
DEPEND[legacy]=../libcrypto
ENDIF
SOURCE[../../../libcrypto]=\
- sha2.c
+ sha2.c sha3.c
SOURCE[../../fips]=\
- sha2.c
+ sha2.c sha3.c
* https://www.openssl.org/source/license.html
*/
-#include <openssl/sha.h>
#include <openssl/crypto.h>
#include <openssl/core_numbers.h>
+#include <openssl/sha.h>
+#include <openssl/params.h>
+#include <openssl/core_names.h>
+#include "internal/core_mkdigest.h"
#include "internal/provider_algs.h"
+#include "internal/sha.h"
-/*
- * Forward declaration of everything implemented here. This is not strictly
- * necessary for the compiler, but provides an assurance that the signatures
- * of the functions in the dispatch table are correct.
- */
-static OSSL_OP_digest_newctx_fn sha256_newctx;
-#if 0 /* Not defined here */
-static OSSL_OP_digest_init_fn sha256_init;
-static OSSL_OP_digest_update_fn sha256_update;
-#endif
-static OSSL_OP_digest_final_fn sha256_final;
-static OSSL_OP_digest_freectx_fn sha256_freectx;
-static OSSL_OP_digest_dupctx_fn sha256_dupctx;
-static OSSL_OP_digest_size_fn sha256_size;
-static OSSL_OP_digest_block_size_fn sha256_size;
+static OSSL_OP_digest_set_params_fn sha1_set_params;
-static int sha256_final(void *ctx,
- unsigned char *md, size_t *mdl, size_t mdsz)
+/* Special set_params method for SSL3 */
+static int sha1_set_params(void *vctx, const OSSL_PARAM params[])
{
- if (mdsz >= SHA256_DIGEST_LENGTH
- && SHA256_Final(md, ctx)) {
- *mdl = SHA256_DIGEST_LENGTH;
- return 1;
- }
+ int cmd = 0;
+ size_t msg_len = 0;
+ const void *msg = NULL;
+ const OSSL_PARAM *p;
+ SHA_CTX *ctx = (SHA_CTX *)vctx;
+ if (ctx != NULL && params != NULL) {
+ p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_CMD);
+ if (p != NULL && !OSSL_PARAM_get_int(p, &cmd))
+ return 0;
+ p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_MSG);
+ if (p != NULL && !OSSL_PARAM_get_octet_ptr(p, &msg, &msg_len))
+ return 0;
+ return sha1_ctrl(ctx, cmd, msg_len, (void *)msg);
+ }
return 0;
}
-static void *sha256_newctx(void *provctx)
-{
- SHA256_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
-
- return ctx;
-}
-
-static void sha256_freectx(void *vctx)
-{
- SHA256_CTX *ctx = (SHA256_CTX *)vctx;
+OSSL_FUNC_DIGEST_CONSTRUCT_PARAMS(sha1, SHA_CTX,
+ SHA_CBLOCK, SHA_DIGEST_LENGTH,
+ SHA1_Init, SHA1_Update, SHA1_Final,
+ sha1_set_params)
- OPENSSL_clear_free(ctx, sizeof(*ctx));
-}
+OSSL_FUNC_DIGEST_CONSTRUCT(sha224, SHA256_CTX,
+ SHA256_CBLOCK, SHA224_DIGEST_LENGTH,
+ SHA224_Init, SHA224_Update, SHA224_Final)
-static void *sha256_dupctx(void *ctx)
-{
- SHA256_CTX *in = (SHA256_CTX *)ctx;
- SHA256_CTX *ret = OPENSSL_malloc(sizeof(*ret));
+OSSL_FUNC_DIGEST_CONSTRUCT(sha256, SHA256_CTX,
+ SHA256_CBLOCK, SHA256_DIGEST_LENGTH,
+ SHA256_Init, SHA256_Update, SHA256_Final)
- *ret = *in;
+OSSL_FUNC_DIGEST_CONSTRUCT(sha384, SHA512_CTX,
+ SHA512_CBLOCK, SHA384_DIGEST_LENGTH,
+ SHA384_Init, SHA384_Update, SHA384_Final)
- return ret;
-}
+OSSL_FUNC_DIGEST_CONSTRUCT(sha512, SHA512_CTX,
+ SHA512_CBLOCK, SHA512_DIGEST_LENGTH,
+ SHA512_Init, SHA512_Update, SHA512_Final)
-static size_t sha256_size(void)
-{
- return SHA256_DIGEST_LENGTH;
-}
+OSSL_FUNC_DIGEST_CONSTRUCT(sha512_224, SHA512_CTX,
+ SHA512_CBLOCK, SHA224_DIGEST_LENGTH,
+ sha512_224_init, SHA512_Update, SHA512_Final)
-static size_t sha256_block_size(void)
-{
- return SHA256_CBLOCK;
-}
+OSSL_FUNC_DIGEST_CONSTRUCT(sha512_256, SHA512_CTX,
+ SHA512_CBLOCK, SHA256_DIGEST_LENGTH,
+ sha512_256_init, SHA512_Update, SHA512_Final)
-const OSSL_DISPATCH sha256_functions[] = {
- { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))sha256_newctx },
- { OSSL_FUNC_DIGEST_INIT, (void (*)(void))SHA256_Init },
- { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))SHA256_Update },
- { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))sha256_final },
- { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))sha256_freectx },
- { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))sha256_dupctx },
- { OSSL_FUNC_DIGEST_SIZE, (void (*)(void))sha256_size },
- { OSSL_FUNC_DIGEST_BLOCK_SIZE, (void (*)(void))sha256_block_size },
- { 0, NULL }
-};
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/core_names.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/evp.h>
+#include <openssl/params.h>
+#include "internal/sha3.h"
+#include "internal/core_mkdigest.h"
+#include "internal/provider_algs.h"
+
+/*
+ * Forward declaration of any unique methods implemented here. This is not strictly
+ * necessary for the compiler, but provides an assurance that the signatures
+ * of the functions in the dispatch table are correct.
+ */
+static OSSL_OP_digest_init_fn keccak_init;
+static OSSL_OP_digest_update_fn keccak_update;
+static OSSL_OP_digest_final_fn keccak_final;
+static OSSL_OP_digest_freectx_fn keccak_freectx;
+static OSSL_OP_digest_dupctx_fn keccak_dupctx;
+static OSSL_OP_digest_set_params_fn shake_set_params;
+static sha3_absorb_fn generic_sha3_absorb;
+static sha3_final_fn generic_sha3_final;
+
+#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__) && defined(KECCAK1600_ASM)
+/*
+ * IBM S390X support
+ */
+# include "s390x_arch.h"
+# define S390_SHA3 1
+# define S390_SHA3_CAPABLE(name) \
+ ((OPENSSL_s390xcap_P.kimd[0] & S390X_CAPBIT(S390X_##name)) && \
+ (OPENSSL_s390xcap_P.klmd[0] & S390X_CAPBIT(S390X_##name)))
+
+#endif
+
+static int keccak_init(void *vctx)
+{
+ /* The newctx() handles most of the ctx fixed setup. */
+ sha3_reset((KECCAK1600_CTX *)vctx);
+ return 1;
+}
+
+static int keccak_update(void *vctx, const unsigned char *inp, size_t len)
+{
+ KECCAK1600_CTX *ctx = vctx;
+ const size_t bsz = ctx->block_size;
+ size_t num, rem;
+
+ if (len == 0)
+ return 1;
+
+ /* Is there anything in the buffer already ? */
+ if ((num = ctx->bufsz) != 0) {
+ /* Calculate how much space is left in the buffer */
+ rem = bsz - num;
+ /* If the new input does not fill the buffer then just add it */
+ if (len < rem) {
+ memcpy(ctx->buf + num, inp, len);
+ ctx->bufsz += len;
+ return 1;
+ }
+ /* otherwise fill up the buffer and absorb the buffer */
+ memcpy(ctx->buf + num, inp, rem);
+ /* Update the input pointer */
+ inp += rem;
+ len -= rem;
+ ctx->meth.absorb(ctx, ctx->buf, bsz);
+ ctx->bufsz = 0;
+ }
+ /* Absorb the input - rem = leftover part of the input < blocksize) */
+ rem = ctx->meth.absorb(ctx, inp, len);
+ /* Copy the leftover bit of the input into the buffer */
+ if (rem) {
+ memcpy(ctx->buf, inp + len - rem, rem);
+ ctx->bufsz = rem;
+ }
+ return 1;
+}
+
+static int keccak_final(void *vctx, unsigned char *out, size_t *outl,
+ size_t outsz)
+{
+ int ret;
+ KECCAK1600_CTX *ctx = vctx;
+
+ ret = ctx->meth.final(out, ctx);
+ *outl = ctx->md_size;
+ return ret;
+}
+
+/*-
+ * Generic software version of the absorb() and final().
+ */
+static size_t generic_sha3_absorb(void *vctx, const void *inp, size_t len)
+{
+ KECCAK1600_CTX *ctx = vctx;
+
+ return SHA3_absorb(ctx->A, inp, len, ctx->block_size);
+}
+
+static int generic_sha3_final(unsigned char *md, void *vctx)
+{
+ return sha3_final(md, (KECCAK1600_CTX *)vctx);
+}
+
+static PROV_SHA3_METHOD sha3_generic_md =
+{
+ generic_sha3_absorb,
+ generic_sha3_final
+};
+
+#if defined(S390_SHA3)
+
+static sha3_absorb_fn s390x_sha3_absorb;
+static sha3_final_fn s390x_sha3_final;
+static sha3_final_fn s390x_shake_final;
+
+/*-
+ * The platform specific parts of the absorb() and final() for S390X.
+ */
+static size_t s390x_sha3_absorb(void *vctx, const void *inp, size_t len)
+{
+ KECCAK1600_CTX *ctx = vctx;
+ size_t rem = len % ctx->block_size;
+
+ s390x_kimd(inp, len - rem, ctx->pad, ctx->A);
+ return rem;
+}
+
+static int s390x_sha3_final(unsigned char *md, void *vctx)
+{
+ KECCAK1600_CTX *ctx = vctx;
+
+ s390x_klmd(ctx->buf, ctx->bufsz, NULL, 0, ctx->pad, ctx->A);
+ memcpy(md, ctx->A, ctx->md_size);
+}
+
+static int s390x_shake_final(unsigned char *md, void *vctx)
+{
+ KECCAK1600_CTX *ctx = vctx;
+
+ s390x_klmd(ctx->buf, ctx->bufsz, md, ctx->md_size, ctx->pad, ctx->A);
+ return 1;
+}
+
+static PROV_SHA3_METHOD sha3_s390x_md =
+{
+ s390x_sha3_absorb,
+ s390x_sha3_final
+};
+
+static PROV_SHA3_METHOD shake_s390x_md =
+{
+ s390x_sha3_absorb,
+ s390x_shake_final
+};
+
+# define SHA3_SET_MD(uname, typ) \
+ if (S390_SHA3_CAPABLE(uname)) { \
+ ctx->pad = S390X_##uname; \
+ ctx->meth = typ##_s390x_md; \
+ } else { \
+ ctx->meth = sha3_generic_md; \
+ }
+#else
+# define SHA3_SET_MD(uname, typ) ctx->meth = sha3_generic_md;
+#endif /* S390_SHA3 */
+
+#define SHA3_newctx(typ, uname, name, bitlen, pad) \
+static OSSL_OP_digest_newctx_fn name##_newctx; \
+static void *name##_newctx(void *provctx) \
+{ \
+ KECCAK1600_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); \
+ \
+ if (ctx == NULL) \
+ return NULL; \
+ sha3_init(ctx, pad, bitlen); \
+ SHA3_SET_MD(name, typ) \
+ return ctx; \
+}
+
+#define KMAC_newctx(uname, bitlen, pad) \
+static OSSL_OP_digest_newctx_fn uname##_newctx; \
+static void *uname##_newctx(void *provctx) \
+{ \
+ KECCAK1600_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); \
+ \
+ if (ctx == NULL) \
+ return NULL; \
+ keccak_kmac_init(ctx, pad, bitlen); \
+ ctx->meth = sha3_generic_md; \
+ return ctx; \
+}
+
+#define OSSL_FUNC_SHA3_DIGEST(name, bitlen, dgstsize, stparams) \
+static OSSL_OP_digest_size_fn name##_size; \
+static OSSL_OP_digest_block_size_fn name##_block_size; \
+static size_t name##_block_size(void) \
+{ \
+ return SHA3_BLOCKSIZE(bitlen); \
+} \
+static size_t name##_size(void) \
+{ \
+ return dgstsize; \
+} \
+const OSSL_DISPATCH name##_functions[] = { \
+ { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))name##_newctx }, \
+ { OSSL_FUNC_DIGEST_INIT, (void (*)(void))keccak_init }, \
+ { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))keccak_update }, \
+ { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))keccak_final }, \
+ { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))keccak_freectx }, \
+ { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))keccak_dupctx }, \
+ { OSSL_FUNC_DIGEST_SIZE, (void (*)(void))name##_size }, \
+ { OSSL_FUNC_DIGEST_BLOCK_SIZE, (void (*)(void))name##_block_size }, \
+ { OSSL_FUNC_DIGEST_SET_PARAMS, (void (*)(void))stparams },\
+OSSL_FUNC_DIGEST_CONSTRUCT_END
+
+static void keccak_freectx(void *vctx)
+{
+ KECCAK1600_CTX *ctx = (KECCAK1600_CTX *)vctx;
+
+ OPENSSL_clear_free(ctx, sizeof(*ctx));
+}
+
+static void *keccak_dupctx(void *ctx)
+{
+ KECCAK1600_CTX *in = (KECCAK1600_CTX *)ctx;
+ KECCAK1600_CTX *ret = OPENSSL_malloc(sizeof(*ret));
+
+ *ret = *in;
+ return ret;
+}
+
+static int shake_set_params(void *vctx, const OSSL_PARAM params[])
+{
+ const OSSL_PARAM *p;
+ KECCAK1600_CTX *ctx = (KECCAK1600_CTX *)vctx;
+
+ if (ctx != NULL && params != NULL) {
+ p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_XOFLEN);
+ if (p != NULL && !OSSL_PARAM_get_size_t(p, &ctx->md_size))
+ return 0;
+ return 1;
+ }
+ return 0; /* Null Parameter */
+}
+
+#define SHA3(bitlen) \
+ SHA3_newctx(sha3, SHA3_##bitlen, sha3_##bitlen, bitlen, '\x06') \
+ OSSL_FUNC_SHA3_DIGEST(sha3_##bitlen, bitlen, SHA3_MDSIZE(bitlen), NULL)
+
+#define SHAKE(bitlen) \
+ SHA3_newctx(shake, SHAKE_##bitlen, shake_##bitlen, bitlen, '\x1f') \
+ OSSL_FUNC_SHA3_DIGEST(shake_##bitlen, bitlen, SHA3_MDSIZE(bitlen), \
+ shake_set_params)
+#define KMAC(bitlen) \
+ KMAC_newctx(keccak_kmac_##bitlen, bitlen, '\x04') \
+ OSSL_FUNC_SHA3_DIGEST(keccak_kmac_##bitlen, bitlen, KMAC_MDSIZE(bitlen), \
+ shake_set_params)
+
+SHA3(224)
+SHA3(256)
+SHA3(384)
+SHA3(512)
+SHAKE(128)
+SHAKE(256)
+KMAC(128)
+KMAC(256)
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CORE_MKDIGEST_H
+# define OSSL_CORE_MKDIGEST_H
+
+# include <openssl/core_numbers.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+# define OSSL_FUNC_DIGEST_ALLOC_METHODS(name, CTX_NAME) \
+static OSSL_OP_digest_newctx_fn name##_newctx; \
+static OSSL_OP_digest_freectx_fn name##_freectx; \
+static OSSL_OP_digest_dupctx_fn name##_dupctx; \
+static void *name##_newctx(void *prov_ctx) \
+{ \
+ CTX_NAME *ctx = OPENSSL_zalloc(sizeof(*ctx)); \
+ return ctx; \
+} \
+static void name##_freectx(void *vctx) \
+{ \
+ CTX_NAME *ctx = (CTX_NAME *)vctx; \
+ OPENSSL_clear_free(ctx, sizeof(*ctx)); \
+} \
+static void *name##_dupctx(void *ctx) \
+{ \
+ CTX_NAME *in = (CTX_NAME *)ctx; \
+ CTX_NAME *ret = OPENSSL_malloc(sizeof(*ret)); \
+ *ret = *in; \
+ return ret; \
+}
+
+# define OSSL_FUNC_DIGEST_SET_FINAL(name, dgstsize, fin) \
+static OSSL_OP_digest_final_fn name##_wrapfinal; \
+static int name##_wrapfinal(void *ctx, unsigned char *out, size_t *outl, size_t outsz) \
+{ \
+ if (outsz >= dgstsize && fin(out, ctx)) { \
+ *outl = dgstsize; \
+ return 1; \
+ } \
+ return 0; \
+}
+
+# define OSSL_FUNC_DIGEST_COMMON(name, blksize, dgstsize, init, upd) \
+static OSSL_OP_digest_block_size_fn name##_block_size; \
+static OSSL_OP_digest_size_fn name##_size; \
+static size_t name##_block_size(void) \
+{ \
+ return blksize; \
+} \
+static size_t name##_size(void) \
+{ \
+ return dgstsize; \
+} \
+const OSSL_DISPATCH name##_functions[] = { \
+ { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))name##_newctx }, \
+ { OSSL_FUNC_DIGEST_INIT, (void (*)(void))init }, \
+ { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))upd }, \
+ { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))name##_wrapfinal }, \
+ { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))name##_freectx }, \
+ { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))name##_dupctx }, \
+ { OSSL_FUNC_DIGEST_SIZE, (void (*)(void))name##_size }, \
+ { OSSL_FUNC_DIGEST_BLOCK_SIZE, (void (*)(void))name##_block_size },
+
+# define OSSL_FUNC_DIGEST_CONSTRUCT_START(name, CTX, blksize, dgstsize, init, upd, fin) \
+OSSL_FUNC_DIGEST_ALLOC_METHODS(name, CTX) \
+OSSL_FUNC_DIGEST_SET_FINAL(name, dgstsize, fin) \
+OSSL_FUNC_DIGEST_COMMON(name, blksize, dgstsize, init, upd)
+
+# define OSSL_FUNC_DIGEST_CONSTRUCT_END \
+ { 0, NULL } \
+};
+
+# define OSSL_FUNC_DIGEST_CONSTRUCT(name, CTX, blksize, dgstsize, init, upd, fin) \
+OSSL_FUNC_DIGEST_CONSTRUCT_START(name, CTX, blksize, dgstsize, init, upd, fin) \
+OSSL_FUNC_DIGEST_CONSTRUCT_END
+
+# define OSSL_FUNC_DIGEST_CONSTRUCT_PARAMS(name, CTX, blksize, dgstsize, init, upd, fin, setparams) \
+OSSL_FUNC_DIGEST_CONSTRUCT_START(name, CTX, blksize, dgstsize, init, upd, fin) \
+ { OSSL_FUNC_DIGEST_SET_PARAMS, (void (*)(void))setparams }, \
+OSSL_FUNC_DIGEST_CONSTRUCT_END
+
+# ifdef __cplusplus
+}
+# endif
+
+#endif /* OSSL_CORE_MKDIGEST_H */
*/
/* Digests */
+extern const OSSL_DISPATCH sha1_functions[];
+extern const OSSL_DISPATCH sha224_functions[];
extern const OSSL_DISPATCH sha256_functions[];
+extern const OSSL_DISPATCH sha384_functions[];
+extern const OSSL_DISPATCH sha512_functions[];
+extern const OSSL_DISPATCH sha512_224_functions[];
+extern const OSSL_DISPATCH sha512_256_functions[];
+extern const OSSL_DISPATCH sha3_224_functions[];
+extern const OSSL_DISPATCH sha3_256_functions[];
+extern const OSSL_DISPATCH sha3_384_functions[];
+extern const OSSL_DISPATCH sha3_512_functions[];
+extern const OSSL_DISPATCH keccak_kmac_128_functions[];
+extern const OSSL_DISPATCH keccak_kmac_256_functions[];
+extern const OSSL_DISPATCH shake_128_functions[];
+extern const OSSL_DISPATCH shake_256_functions[];
+extern const OSSL_DISPATCH blake2s256_functions[];
+extern const OSSL_DISPATCH blake2b512_functions[];
+extern const OSSL_DISPATCH md5_functions[];
+extern const OSSL_DISPATCH md5_sha1_functions[];
+extern const OSSL_DISPATCH sm3_functions[];
+extern const OSSL_DISPATCH nullmd_functions[];
+extern const OSSL_DISPATCH md2_functions[];
+extern const OSSL_DISPATCH md4_functions[];
+extern const OSSL_DISPATCH mdc2_functions[];
+extern const OSSL_DISPATCH wp_functions[];
+extern const OSSL_DISPATCH ripemd160_functions[];
/* Ciphers */
extern const OSSL_DISPATCH aes256ecb_functions[];
+SUBDIRS=digests
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
defltprov.c
}
static const OSSL_ALGORITHM deflt_digests[] = {
+ { "SHA1", "default=yes", sha1_functions },
+
+ { "SHA224", "default=yes", sha224_functions },
{ "SHA256", "default=yes", sha256_functions },
+ { "SHA384", "default=yes", sha384_functions },
+ { "SHA512", "default=yes", sha512_functions },
+ { "SHA512-224", "default=yes", sha512_224_functions },
+ { "SHA512-256", "default=yes", sha512_256_functions },
+
+ { "SHA3-224", "default=yes", sha3_224_functions },
+ { "SHA3-256", "default=yes", sha3_256_functions },
+ { "SHA3-384", "default=yes", sha3_384_functions },
+ { "SHA3-512", "default=yes", sha3_512_functions },
+
+ { "KMAC128", "default=yes", keccak_kmac_128_functions },
+ { "KMAC256", "default=yes", keccak_kmac_256_functions },
+
+ { "SHAKE128", "default=yes", shake_128_functions },
+ { "SHAKE256", "default=yes", shake_256_functions },
+
+#ifndef OPENSSL_NO_BLAKE2
+ { "BLAKE2s256", "default=yes", blake2s256_functions },
+ { "BLAKE2b512", "default=yes", blake2b512_functions },
+#endif /* OPENSSL_NO_BLAKE2 */
+
+#ifndef OPENSSL_NO_SM3
+ { "SM3", "default=yes", sm3_functions },
+#endif /* OPENSSL_NO_SM3 */
+
+#ifndef OPENSSL_NO_MD5
+ { "MD5", "default=yes", md5_functions },
+ { "MD5-SHA1", "default=yes", md5_sha1_functions },
+#endif /* OPENSSL_NO_MD5 */
+
+ /*{ "UNDEF", "default=yes", nullmd_functions }, */
+
{ NULL, NULL, NULL }
};
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "internal/blake2.h"
+#include "internal/core_mkdigest.h"
+#include "internal/provider_algs.h"
+
+OSSL_OP_digest_init_fn blake2s256_init;
+OSSL_OP_digest_init_fn blake2b512_init;
+
+int blake2s256_init(void *ctx)
+{
+ BLAKE2S_PARAM P;
+
+ blake2s_param_init(&P);
+ return blake2s_init((BLAKE2S_CTX *)ctx, &P);
+}
+
+int blake2b512_init(void *ctx)
+{
+ BLAKE2B_PARAM P;
+
+ blake2b_param_init(&P);
+ return blake2b_init((BLAKE2B_CTX *)ctx, &P);
+}
+
+OSSL_FUNC_DIGEST_CONSTRUCT(blake2s256, BLAKE2S_CTX,
+ BLAKE2S_BLOCKBYTES, BLAKE2S_DIGEST_LENGTH,
+ blake2s256_init, blake2s_update, blake2s_final)
+
+OSSL_FUNC_DIGEST_CONSTRUCT(blake2b512, BLAKE2B_CTX,
+ BLAKE2B_BLOCKBYTES, BLAKE2B_DIGEST_LENGTH,
+ blake2b512_init, blake2b_update, blake2b_final)
--- /dev/null
+/*
+ * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Derived from the BLAKE2 reference implementation written by Samuel Neves.
+ * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
+ * More information about the BLAKE2 hash function and its implementations
+ * can be found at https://blake2.net.
+ */
+
+#include <string.h>
+
+static ossl_inline uint32_t load32(const uint8_t *src)
+{
+ const union {
+ long one;
+ char little;
+ } is_endian = { 1 };
+
+ if (is_endian.little) {
+ uint32_t w;
+ memcpy(&w, src, sizeof(w));
+ return w;
+ } else {
+ uint32_t w = ((uint32_t)src[0])
+ | ((uint32_t)src[1] << 8)
+ | ((uint32_t)src[2] << 16)
+ | ((uint32_t)src[3] << 24);
+ return w;
+ }
+}
+
+static ossl_inline uint64_t load64(const uint8_t *src)
+{
+ const union {
+ long one;
+ char little;
+ } is_endian = { 1 };
+
+ if (is_endian.little) {
+ uint64_t w;
+ memcpy(&w, src, sizeof(w));
+ return w;
+ } else {
+ uint64_t w = ((uint64_t)src[0])
+ | ((uint64_t)src[1] << 8)
+ | ((uint64_t)src[2] << 16)
+ | ((uint64_t)src[3] << 24)
+ | ((uint64_t)src[4] << 32)
+ | ((uint64_t)src[5] << 40)
+ | ((uint64_t)src[6] << 48)
+ | ((uint64_t)src[7] << 56);
+ return w;
+ }
+}
+
+static ossl_inline void store32(uint8_t *dst, uint32_t w)
+{
+ const union {
+ long one;
+ char little;
+ } is_endian = { 1 };
+
+ if (is_endian.little) {
+ memcpy(dst, &w, sizeof(w));
+ } else {
+ uint8_t *p = (uint8_t *)dst;
+ int i;
+
+ for (i = 0; i < 4; i++)
+ p[i] = (uint8_t)(w >> (8 * i));
+ }
+}
+
+static ossl_inline void store64(uint8_t *dst, uint64_t w)
+{
+ const union {
+ long one;
+ char little;
+ } is_endian = { 1 };
+
+ if (is_endian.little) {
+ memcpy(dst, &w, sizeof(w));
+ } else {
+ uint8_t *p = (uint8_t *)dst;
+ int i;
+
+ for (i = 0; i < 8; i++)
+ p[i] = (uint8_t)(w >> (8 * i));
+ }
+}
+
+static ossl_inline uint64_t load48(const uint8_t *src)
+{
+ uint64_t w = ((uint64_t)src[0])
+ | ((uint64_t)src[1] << 8)
+ | ((uint64_t)src[2] << 16)
+ | ((uint64_t)src[3] << 24)
+ | ((uint64_t)src[4] << 32)
+ | ((uint64_t)src[5] << 40);
+ return w;
+}
+
+static ossl_inline void store48(uint8_t *dst, uint64_t w)
+{
+ uint8_t *p = (uint8_t *)dst;
+ p[0] = (uint8_t)w;
+ p[1] = (uint8_t)(w>>8);
+ p[2] = (uint8_t)(w>>16);
+ p[3] = (uint8_t)(w>>24);
+ p[4] = (uint8_t)(w>>32);
+ p[5] = (uint8_t)(w>>40);
+}
+
+static ossl_inline uint32_t rotr32(const uint32_t w, const unsigned int c)
+{
+ return (w >> c) | (w << (32 - c));
+}
+
+static ossl_inline uint64_t rotr64(const uint64_t w, const unsigned int c)
+{
+ return (w >> c) | (w << (64 - c));
+}
--- /dev/null
+/*
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Derived from the BLAKE2 reference implementation written by Samuel Neves.
+ * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
+ * More information about the BLAKE2 hash function and its implementations
+ * can be found at https://blake2.net.
+ */
+
+#include <assert.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include "blake2_impl.h"
+
+#include "internal/blake2.h"
+
+static const uint64_t blake2b_IV[8] =
+{
+ 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL,
+ 0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL,
+ 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL,
+ 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL
+};
+
+static const uint8_t blake2b_sigma[12][16] =
+{
+ { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } ,
+ { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } ,
+ { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 } ,
+ { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 } ,
+ { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 } ,
+ { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 } ,
+ { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 } ,
+ { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 } ,
+ { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 } ,
+ { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 } ,
+ { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } ,
+ { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 }
+};
+
+/* Set that it's the last block we'll compress */
+static ossl_inline void blake2b_set_lastblock(BLAKE2B_CTX *S)
+{
+ S->f[0] = -1;
+}
+
+/* Initialize the hashing state. */
+static ossl_inline void blake2b_init0(BLAKE2B_CTX *S)
+{
+ int i;
+
+ memset(S, 0, sizeof(BLAKE2B_CTX));
+ for (i = 0; i < 8; ++i) {
+ S->h[i] = blake2b_IV[i];
+ }
+}
+
+/* init xors IV with input parameter block and sets the output length */
+static void blake2b_init_param(BLAKE2B_CTX *S, const BLAKE2B_PARAM *P)
+{
+ size_t i;
+ const uint8_t *p = (const uint8_t *)(P);
+
+ blake2b_init0(S);
+ S->outlen = P->digest_length;
+
+ /* The param struct is carefully hand packed, and should be 64 bytes on
+ * every platform. */
+ assert(sizeof(BLAKE2B_PARAM) == 64);
+ /* IV XOR ParamBlock */
+ for (i = 0; i < 8; ++i) {
+ S->h[i] ^= load64(p + sizeof(S->h[i]) * i);
+ }
+}
+
+/* Initialize the parameter block with default values */
+void blake2b_param_init(BLAKE2B_PARAM *P)
+{
+ P->digest_length = BLAKE2B_DIGEST_LENGTH;
+ P->key_length = 0;
+ P->fanout = 1;
+ P->depth = 1;
+ store32(P->leaf_length, 0);
+ store64(P->node_offset, 0);
+ P->node_depth = 0;
+ P->inner_length = 0;
+ memset(P->reserved, 0, sizeof(P->reserved));
+ memset(P->salt, 0, sizeof(P->salt));
+ memset(P->personal, 0, sizeof(P->personal));
+}
+
+void blake2b_param_set_digest_length(BLAKE2B_PARAM *P, uint8_t outlen)
+{
+ P->digest_length = outlen;
+}
+
+void blake2b_param_set_key_length(BLAKE2B_PARAM *P, uint8_t keylen)
+{
+ P->key_length = keylen;
+}
+
+void blake2b_param_set_personal(BLAKE2B_PARAM *P, const uint8_t *personal, size_t len)
+{
+ memcpy(P->personal, personal, len);
+ memset(P->personal + len, 0, BLAKE2B_PERSONALBYTES - len);
+}
+
+void blake2b_param_set_salt(BLAKE2B_PARAM *P, const uint8_t *salt, size_t len)
+{
+ memcpy(P->salt, salt, len);
+ memset(P->salt + len, 0, BLAKE2B_SALTBYTES - len);
+}
+
+/*
+ * Initialize the hashing context with the given parameter block.
+ * Always returns 1.
+ */
+int blake2b_init(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P)
+{
+ blake2b_init_param(c, P);
+ return 1;
+}
+
+/*
+ * Initialize the hashing context with the given parameter block and key.
+ * Always returns 1.
+ */
+int blake2b_init_key(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P, const void *key)
+{
+ blake2b_init_param(c, P);
+
+ /* Pad the key to form first data block */
+ {
+ uint8_t block[BLAKE2B_BLOCKBYTES] = {0};
+
+ memcpy(block, key, P->key_length);
+ blake2b_update(c, block, BLAKE2B_BLOCKBYTES);
+ OPENSSL_cleanse(block, BLAKE2B_BLOCKBYTES);
+ }
+
+ return 1;
+}
+
+/* Permute the state while xoring in the block of data. */
+static void blake2b_compress(BLAKE2B_CTX *S,
+ const uint8_t *blocks,
+ size_t len)
+{
+ uint64_t m[16];
+ uint64_t v[16];
+ int i;
+ size_t increment;
+
+ /*
+ * There are two distinct usage vectors for this function:
+ *
+ * a) BLAKE2b_Update uses it to process complete blocks,
+ * possibly more than one at a time;
+ *
+ * b) BLAK2b_Final uses it to process last block, always
+ * single but possibly incomplete, in which case caller
+ * pads input with zeros.
+ */
+ assert(len < BLAKE2B_BLOCKBYTES || len % BLAKE2B_BLOCKBYTES == 0);
+
+ /*
+ * Since last block is always processed with separate call,
+ * |len| not being multiple of complete blocks can be observed
+ * only with |len| being less than BLAKE2B_BLOCKBYTES ("less"
+ * including even zero), which is why following assignment doesn't
+ * have to reside inside the main loop below.
+ */
+ increment = len < BLAKE2B_BLOCKBYTES ? len : BLAKE2B_BLOCKBYTES;
+
+ for (i = 0; i < 8; ++i) {
+ v[i] = S->h[i];
+ }
+
+ do {
+ for (i = 0; i < 16; ++i) {
+ m[i] = load64(blocks + i * sizeof(m[i]));
+ }
+
+ /* blake2b_increment_counter */
+ S->t[0] += increment;
+ S->t[1] += (S->t[0] < increment);
+
+ v[8] = blake2b_IV[0];
+ v[9] = blake2b_IV[1];
+ v[10] = blake2b_IV[2];
+ v[11] = blake2b_IV[3];
+ v[12] = S->t[0] ^ blake2b_IV[4];
+ v[13] = S->t[1] ^ blake2b_IV[5];
+ v[14] = S->f[0] ^ blake2b_IV[6];
+ v[15] = S->f[1] ^ blake2b_IV[7];
+#define G(r,i,a,b,c,d) \
+ do { \
+ a = a + b + m[blake2b_sigma[r][2*i+0]]; \
+ d = rotr64(d ^ a, 32); \
+ c = c + d; \
+ b = rotr64(b ^ c, 24); \
+ a = a + b + m[blake2b_sigma[r][2*i+1]]; \
+ d = rotr64(d ^ a, 16); \
+ c = c + d; \
+ b = rotr64(b ^ c, 63); \
+ } while (0)
+#define ROUND(r) \
+ do { \
+ G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \
+ G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \
+ G(r,2,v[ 2],v[ 6],v[10],v[14]); \
+ G(r,3,v[ 3],v[ 7],v[11],v[15]); \
+ G(r,4,v[ 0],v[ 5],v[10],v[15]); \
+ G(r,5,v[ 1],v[ 6],v[11],v[12]); \
+ G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \
+ G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \
+ } while (0)
+#if defined(OPENSSL_SMALL_FOOTPRINT)
+ /* 3x size reduction on x86_64, almost 7x on ARMv8, 9x on ARMv4 */
+ for (i = 0; i < 12; i++) {
+ ROUND(i);
+ }
+#else
+ ROUND(0);
+ ROUND(1);
+ ROUND(2);
+ ROUND(3);
+ ROUND(4);
+ ROUND(5);
+ ROUND(6);
+ ROUND(7);
+ ROUND(8);
+ ROUND(9);
+ ROUND(10);
+ ROUND(11);
+#endif
+
+ for (i = 0; i < 8; ++i) {
+ S->h[i] = v[i] ^= v[i + 8] ^ S->h[i];
+ }
+#undef G
+#undef ROUND
+ blocks += increment;
+ len -= increment;
+ } while (len);
+}
+
+/* Absorb the input data into the hash state. Always returns 1. */
+int blake2b_update(BLAKE2B_CTX *c, const void *data, size_t datalen)
+{
+ const uint8_t *in = data;
+ size_t fill;
+
+ /*
+ * Intuitively one would expect intermediate buffer, c->buf, to
+ * store incomplete blocks. But in this case we are interested to
+ * temporarily stash even complete blocks, because last one in the
+ * stream has to be treated in special way, and at this point we
+ * don't know if last block in *this* call is last one "ever". This
+ * is the reason for why |datalen| is compared as >, and not >=.
+ */
+ fill = sizeof(c->buf) - c->buflen;
+ if (datalen > fill) {
+ if (c->buflen) {
+ memcpy(c->buf + c->buflen, in, fill); /* Fill buffer */
+ blake2b_compress(c, c->buf, BLAKE2B_BLOCKBYTES);
+ c->buflen = 0;
+ in += fill;
+ datalen -= fill;
+ }
+ if (datalen > BLAKE2B_BLOCKBYTES) {
+ size_t stashlen = datalen % BLAKE2B_BLOCKBYTES;
+ /*
+ * If |datalen| is a multiple of the blocksize, stash
+ * last complete block, it can be final one...
+ */
+ stashlen = stashlen ? stashlen : BLAKE2B_BLOCKBYTES;
+ datalen -= stashlen;
+ blake2b_compress(c, in, datalen);
+ in += datalen;
+ datalen = stashlen;
+ }
+ }
+
+ assert(datalen <= BLAKE2B_BLOCKBYTES);
+
+ memcpy(c->buf + c->buflen, in, datalen);
+ c->buflen += datalen; /* Be lazy, do not compress */
+
+ return 1;
+}
+
+/*
+ * Calculate the final hash and save it in md.
+ * Always returns 1.
+ */
+int blake2b_final(unsigned char *md, BLAKE2B_CTX *c)
+{
+ uint8_t outbuffer[BLAKE2B_OUTBYTES] = {0};
+ uint8_t *target = outbuffer;
+ int iter = (c->outlen + 7) / 8;
+ int i;
+
+ /* Avoid writing to the temporary buffer if possible */
+ if ((c->outlen % sizeof(c->h[0])) == 0)
+ target = md;
+
+ blake2b_set_lastblock(c);
+ /* Padding */
+ memset(c->buf + c->buflen, 0, sizeof(c->buf) - c->buflen);
+ blake2b_compress(c, c->buf, c->buflen);
+
+ /* Output full hash to buffer */
+ for (i = 0; i < iter; ++i)
+ store64(target + sizeof(c->h[i]) * i, c->h[i]);
+
+ if (target != md)
+ memcpy(md, target, c->outlen);
+
+ OPENSSL_cleanse(c, sizeof(BLAKE2B_CTX));
+ return 1;
+}
--- /dev/null
+/*
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Derived from the BLAKE2 reference implementation written by Samuel Neves.
+ * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
+ * More information about the BLAKE2 hash function and its implementations
+ * can be found at https://blake2.net.
+ */
+
+#include <assert.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include "blake2_impl.h"
+#include "internal/blake2.h"
+
+static const uint32_t blake2s_IV[8] =
+{
+ 0x6A09E667U, 0xBB67AE85U, 0x3C6EF372U, 0xA54FF53AU,
+ 0x510E527FU, 0x9B05688CU, 0x1F83D9ABU, 0x5BE0CD19U
+};
+
+static const uint8_t blake2s_sigma[10][16] =
+{
+ { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } ,
+ { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } ,
+ { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 } ,
+ { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 } ,
+ { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 } ,
+ { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 } ,
+ { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 } ,
+ { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 } ,
+ { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 } ,
+ { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 } ,
+};
+
+/* Set that it's the last block we'll compress */
+static ossl_inline void blake2s_set_lastblock(BLAKE2S_CTX *S)
+{
+ S->f[0] = -1;
+}
+
+/* Initialize the hashing state. */
+static ossl_inline void blake2s_init0(BLAKE2S_CTX *S)
+{
+ int i;
+
+ memset(S, 0, sizeof(BLAKE2S_CTX));
+ for (i = 0; i < 8; ++i) {
+ S->h[i] = blake2s_IV[i];
+ }
+}
+
+/* init xors IV with input parameter block and sets the output length */
+static void blake2s_init_param(BLAKE2S_CTX *S, const BLAKE2S_PARAM *P)
+{
+ size_t i;
+ const uint8_t *p = (const uint8_t *)(P);
+
+ blake2s_init0(S);
+ S->outlen = P->digest_length;
+
+ /* The param struct is carefully hand packed, and should be 32 bytes on
+ * every platform. */
+ assert(sizeof(BLAKE2S_PARAM) == 32);
+ /* IV XOR ParamBlock */
+ for (i = 0; i < 8; ++i) {
+ S->h[i] ^= load32(&p[i*4]);
+ }
+}
+
+void blake2s_param_init(BLAKE2S_PARAM *P)
+{
+ P->digest_length = BLAKE2S_DIGEST_LENGTH;
+ P->key_length = 0;
+ P->fanout = 1;
+ P->depth = 1;
+ store32(P->leaf_length, 0);
+ store48(P->node_offset, 0);
+ P->node_depth = 0;
+ P->inner_length = 0;
+ memset(P->salt, 0, sizeof(P->salt));
+ memset(P->personal, 0, sizeof(P->personal));
+}
+
+void blake2s_param_set_digest_length(BLAKE2S_PARAM *P, uint8_t outlen)
+{
+ P->digest_length = outlen;
+}
+
+void blake2s_param_set_key_length(BLAKE2S_PARAM *P, uint8_t keylen)
+{
+ P->key_length = keylen;
+}
+
+void blake2s_param_set_personal(BLAKE2S_PARAM *P, const uint8_t *personal, size_t len)
+{
+ memcpy(P->personal, personal, len);
+ memset(P->personal + len, 0, BLAKE2S_PERSONALBYTES - len);
+}
+
+void blake2s_param_set_salt(BLAKE2S_PARAM *P, const uint8_t *salt, size_t len)
+{
+ memcpy(P->salt, salt, len);
+ memset(P->salt + len, 0, BLAKE2S_SALTBYTES - len);}
+
+/*
+ * Initialize the hashing context with the given parameter block.
+ * Always returns 1.
+ */
+int blake2s_init(BLAKE2S_CTX *c, const BLAKE2S_PARAM *P)
+{
+ blake2s_init_param(c, P);
+ return 1;
+}
+
+/*
+ * Initialize the hashing context with the given parameter block and key.
+ * Always returns 1.
+ */
+int blake2s_init_key(BLAKE2S_CTX *c, const BLAKE2S_PARAM *P, const void *key)
+{
+ blake2s_init_param(c, P);
+
+ /* Pad the key to form first data block */
+ {
+ uint8_t block[BLAKE2S_BLOCKBYTES] = {0};
+
+ memcpy(block, key, P->key_length);
+ blake2s_update(c, block, BLAKE2S_BLOCKBYTES);
+ OPENSSL_cleanse(block, BLAKE2S_BLOCKBYTES);
+ }
+
+ return 1;
+}
+
+/* Permute the state while xoring in the block of data. */
+static void blake2s_compress(BLAKE2S_CTX *S,
+ const uint8_t *blocks,
+ size_t len)
+{
+ uint32_t m[16];
+ uint32_t v[16];
+ size_t i;
+ size_t increment;
+
+ /*
+ * There are two distinct usage vectors for this function:
+ *
+ * a) BLAKE2s_Update uses it to process complete blocks,
+ * possibly more than one at a time;
+ *
+ * b) BLAK2s_Final uses it to process last block, always
+ * single but possibly incomplete, in which case caller
+ * pads input with zeros.
+ */
+ assert(len < BLAKE2S_BLOCKBYTES || len % BLAKE2S_BLOCKBYTES == 0);
+
+ /*
+ * Since last block is always processed with separate call,
+ * |len| not being multiple of complete blocks can be observed
+ * only with |len| being less than BLAKE2S_BLOCKBYTES ("less"
+ * including even zero), which is why following assignment doesn't
+ * have to reside inside the main loop below.
+ */
+ increment = len < BLAKE2S_BLOCKBYTES ? len : BLAKE2S_BLOCKBYTES;
+
+ for (i = 0; i < 8; ++i) {
+ v[i] = S->h[i];
+ }
+
+ do {
+ for (i = 0; i < 16; ++i) {
+ m[i] = load32(blocks + i * sizeof(m[i]));
+ }
+
+ /* blake2s_increment_counter */
+ S->t[0] += increment;
+ S->t[1] += (S->t[0] < increment);
+
+ v[ 8] = blake2s_IV[0];
+ v[ 9] = blake2s_IV[1];
+ v[10] = blake2s_IV[2];
+ v[11] = blake2s_IV[3];
+ v[12] = S->t[0] ^ blake2s_IV[4];
+ v[13] = S->t[1] ^ blake2s_IV[5];
+ v[14] = S->f[0] ^ blake2s_IV[6];
+ v[15] = S->f[1] ^ blake2s_IV[7];
+#define G(r,i,a,b,c,d) \
+ do { \
+ a = a + b + m[blake2s_sigma[r][2*i+0]]; \
+ d = rotr32(d ^ a, 16); \
+ c = c + d; \
+ b = rotr32(b ^ c, 12); \
+ a = a + b + m[blake2s_sigma[r][2*i+1]]; \
+ d = rotr32(d ^ a, 8); \
+ c = c + d; \
+ b = rotr32(b ^ c, 7); \
+ } while (0)
+#define ROUND(r) \
+ do { \
+ G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \
+ G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \
+ G(r,2,v[ 2],v[ 6],v[10],v[14]); \
+ G(r,3,v[ 3],v[ 7],v[11],v[15]); \
+ G(r,4,v[ 0],v[ 5],v[10],v[15]); \
+ G(r,5,v[ 1],v[ 6],v[11],v[12]); \
+ G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \
+ G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \
+ } while (0)
+#if defined(OPENSSL_SMALL_FOOTPRINT)
+ /* almost 3x reduction on x86_64, 4.5x on ARMv8, 4x on ARMv4 */
+ for (i = 0; i < 10; i++) {
+ ROUND(i);
+ }
+#else
+ ROUND(0);
+ ROUND(1);
+ ROUND(2);
+ ROUND(3);
+ ROUND(4);
+ ROUND(5);
+ ROUND(6);
+ ROUND(7);
+ ROUND(8);
+ ROUND(9);
+#endif
+
+ for (i = 0; i < 8; ++i) {
+ S->h[i] = v[i] ^= v[i + 8] ^ S->h[i];
+ }
+#undef G
+#undef ROUND
+ blocks += increment;
+ len -= increment;
+ } while (len);
+}
+
+/* Absorb the input data into the hash state. Always returns 1. */
+int blake2s_update(BLAKE2S_CTX *c, const void *data, size_t datalen)
+{
+ const uint8_t *in = data;
+ size_t fill;
+
+ /*
+ * Intuitively one would expect intermediate buffer, c->buf, to
+ * store incomplete blocks. But in this case we are interested to
+ * temporarily stash even complete blocks, because last one in the
+ * stream has to be treated in special way, and at this point we
+ * don't know if last block in *this* call is last one "ever". This
+ * is the reason for why |datalen| is compared as >, and not >=.
+ */
+ fill = sizeof(c->buf) - c->buflen;
+ if (datalen > fill) {
+ if (c->buflen) {
+ memcpy(c->buf + c->buflen, in, fill); /* Fill buffer */
+ blake2s_compress(c, c->buf, BLAKE2S_BLOCKBYTES);
+ c->buflen = 0;
+ in += fill;
+ datalen -= fill;
+ }
+ if (datalen > BLAKE2S_BLOCKBYTES) {
+ size_t stashlen = datalen % BLAKE2S_BLOCKBYTES;
+ /*
+ * If |datalen| is a multiple of the blocksize, stash
+ * last complete block, it can be final one...
+ */
+ stashlen = stashlen ? stashlen : BLAKE2S_BLOCKBYTES;
+ datalen -= stashlen;
+ blake2s_compress(c, in, datalen);
+ in += datalen;
+ datalen = stashlen;
+ }
+ }
+
+ assert(datalen <= BLAKE2S_BLOCKBYTES);
+
+ memcpy(c->buf + c->buflen, in, datalen);
+ c->buflen += datalen; /* Be lazy, do not compress */
+
+ return 1;
+}
+
+/*
+ * Calculate the final hash and save it in md.
+ * Always returns 1.
+ */
+int blake2s_final(unsigned char *md, BLAKE2S_CTX *c)
+{
+ uint8_t outbuffer[BLAKE2S_OUTBYTES] = {0};
+ uint8_t *target = outbuffer;
+ int iter = (c->outlen + 3) / 4;
+ int i;
+
+ /* Avoid writing to the temporary buffer if possible */
+ if ((c->outlen % sizeof(c->h[0])) == 0)
+ target = md;
+
+ blake2s_set_lastblock(c);
+ /* Padding */
+ memset(c->buf + c->buflen, 0, sizeof(c->buf) - c->buflen);
+ blake2s_compress(c, c->buf, c->buflen);
+
+ /* Output full hash to buffer */
+ for (i = 0; i < iter; ++i)
+ store32(target + sizeof(c->h[i]) * i, c->h[i]);
+
+ if (target != md)
+ memcpy(md, target, c->outlen);
+
+ OPENSSL_cleanse(c, sizeof(BLAKE2S_CTX));
+ return 1;
+}
--- /dev/null
+SOURCE[../../../libcrypto]=\
+ null.c
+
+IF[{- !$disabled{blake2} -}]
+ SOURCE[../../../libcrypto]=\
+ blake2.c blake2b.c blake2s.c
+ENDIF
+
+IF[{- !$disabled{sm3} -}]
+ SOURCE[../../../libcrypto]=\
+ sm3.c
+ENDIF
+
+IF[{- !$disabled{md5} -}]
+ SOURCE[../../../libcrypto]=\
+ md5.c md5_sha1.c
+ENDIF
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/md5.h>
+#include "internal/core_mkdigest.h"
+#include "internal/provider_algs.h"
+
+OSSL_FUNC_DIGEST_CONSTRUCT(md5, MD5_CTX,
+ MD5_CBLOCK, MD5_DIGEST_LENGTH,
+ MD5_Init, MD5_Update, MD5_Final)
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/evp.h>
+#include <openssl/params.h>
+#include <openssl/core_names.h>
+#include "internal/core_mkdigest.h"
+#include "internal/md5_sha1.h"
+#include "internal/provider_algs.h"
+
+static OSSL_OP_digest_set_params_fn md5_sha1_set_params;
+
+/* Special set_params method for SSL3 */
+static int md5_sha1_set_params(void *vctx, const OSSL_PARAM params[])
+{
+ int cmd = 0;
+ size_t msg_len = 0;
+ const void *msg = NULL;
+ const OSSL_PARAM *p;
+ MD5_SHA1_CTX *ctx = (MD5_SHA1_CTX *)vctx;
+
+ if (ctx != NULL && params != NULL) {
+ p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_CMD);
+ if (p != NULL && !OSSL_PARAM_get_int(p, &cmd))
+ return 0;
+ p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_MSG);
+ if (p != NULL && !OSSL_PARAM_get_octet_ptr(p, &msg, &msg_len))
+ return 0;
+ return md5_sha1_ctrl(ctx, cmd, msg_len, (void *)msg);
+ }
+ return 0;
+}
+
+OSSL_FUNC_DIGEST_CONSTRUCT_PARAMS(md5_sha1, MD5_SHA1_CTX,
+ MD5_SHA1_CBLOCK, MD5_SHA1_DIGEST_LENGTH,
+ md5_sha1_init, md5_sha1_update, md5_sha1_final,
+ md5_sha1_set_params)
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/core_numbers.h>
+#include <openssl/whrlpool.h>
+#include "internal/provider_algs.h"
+
+static int nullmd_dummy = 1;
+
+static OSSL_OP_digest_init_fn nullmd_init;
+static OSSL_OP_digest_update_fn nullmd_update;
+static OSSL_OP_digest_final_fn nullmd_final;
+static OSSL_OP_digest_newctx_fn nullmd_newctx;
+static OSSL_OP_digest_freectx_fn nullmd_freectx;
+static OSSL_OP_digest_dupctx_fn nullmd_dupctx;
+static OSSL_OP_digest_size_fn nullmd_size;
+static OSSL_OP_digest_block_size_fn nullmd_block_size;
+
+static size_t nullmd_block_size(void)
+{
+ return 0;
+}
+
+static size_t nullmd_size(void)
+{
+ return 0;
+}
+
+static int nullmd_init(void *vctx)
+{
+ return 1;
+}
+
+static int nullmd_update(void *vctx, const unsigned char *inp, size_t bytes)
+{
+ return 1;
+}
+
+static int nullmd_final(void *ctx, unsigned char *out, size_t *outl, size_t outsz)
+{
+ *outl = 0;
+ return 1;
+}
+
+static void *nullmd_newctx(void *prov_ctx)
+{
+ return &nullmd_dummy;
+}
+
+static void nullmd_freectx(void *vctx)
+{
+}
+
+static void *nullmd_dupctx(void *ctx)
+{
+ return &nullmd_dummy;
+}
+
+const OSSL_DISPATCH nullmd_functions[] = {
+ { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))nullmd_newctx },
+ { OSSL_FUNC_DIGEST_INIT, (void (*)(void))nullmd_init },
+ { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))nullmd_update },
+ { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))nullmd_final },
+ { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))nullmd_freectx },
+ { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))nullmd_dupctx },
+ { OSSL_FUNC_DIGEST_SIZE, (void (*)(void))nullmd_size },
+ { OSSL_FUNC_DIGEST_BLOCK_SIZE, (void (*)(void))nullmd_block_size },
+ { 0, NULL }
+};
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "internal/sm3.h"
+#include "internal/core_mkdigest.h"
+#include "internal/provider_algs.h"
+
+OSSL_FUNC_DIGEST_CONSTRUCT(sm3, SM3_CTX,
+ SM3_CBLOCK, SM3_DIGEST_LENGTH,
+ sm3_init, sm3_update, sm3_final)
}
static const OSSL_ALGORITHM fips_digests[] = {
+ { "SHA1", "fips=yes", sha1_functions },
+ { "SHA224", "fips=yes", sha224_functions },
{ "SHA256", "fips=yes", sha256_functions },
+ { "SHA384", "fips=yes", sha384_functions },
+ { "SHA512", "fips=yes", sha512_functions },
+ { "SHA512-224", "fips=yes", sha512_224_functions },
+ { "SHA512-256", "fips=yes", sha512_256_functions },
+ { "SHA3-224", "fips=yes", sha3_224_functions },
+ { "SHA3-256", "fips=yes", sha3_256_functions },
+ { "SHA3-384", "fips=yes", sha3_384_functions },
+ { "SHA3-512", "fips=yes", sha3_512_functions },
+ { "KMAC128", "fips=yes", keccak_kmac_128_functions },
+ { "KMAC256", "fips=yes", keccak_kmac_256_functions },
+
{ NULL, NULL, NULL }
};
SOURCE[../../legacy]=\
md2.c
ENDIF
+
+IF[{- !$disabled{md4} -}]
+ SOURCE[../../legacy]=\
+ md4.c
+ENDIF
+
+IF[{- !$disabled{mdc2} -}]
+ SOURCE[../../legacy]=\
+ mdc2.c
+ENDIF
+
+IF[{- !$disabled{whirlpool} -}]
+ SOURCE[../../legacy]=\
+ wp.c
+ENDIF
+
+IF[{- !$disabled{rmd160} -}]
+ SOURCE[../../legacy]=\
+ ripemd.c
+ENDIF
\ No newline at end of file
* https://www.openssl.org/source/license.html
*/
-#include <openssl/md2.h>
#include <openssl/crypto.h>
-#include <openssl/core_numbers.h>
-
-static int md2_final(void *ctx, unsigned char *md, size_t *size)
-{
- if (MD2_Final(md, ctx)) {
- *size = MD2_DIGEST_LENGTH;
- return 1;
- }
-
- return 0;
-}
-
-static void *md2_newctx(void)
-{
- MD2_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
-
- return ctx;
-}
-
-static void md2_freectx(void *vctx)
-{
- MD2_CTX *ctx = (MD2_CTX *)vctx;
-
- OPENSSL_clear_free(ctx, sizeof(*ctx));
-}
-
-static void *md2_dupctx(void *ctx)
-{
- MD2_CTX *in = (MD2_CTX *)ctx;
- MD2_CTX *ret = OPENSSL_malloc(sizeof(*ret));
-
- *ret = *in;
-
- return ret;
-}
+#include <openssl/md2.h>
-static size_t md2_size(void)
-{
- return MD2_DIGEST_LENGTH;
-}
+#include "internal/core_mkdigest.h"
+#include "internal/provider_algs.h"
-extern const OSSL_DISPATCH md2_functions[];
-const OSSL_DISPATCH md2_functions[] = {
- { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))md2_newctx },
- { OSSL_FUNC_DIGEST_INIT, (void (*)(void))MD2_Init },
- { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))MD2_Update },
- { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))md2_final },
- { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))md2_freectx },
- { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))md2_dupctx },
- { OSSL_FUNC_DIGEST_SIZE, (void (*)(void))md2_size },
- { 0, NULL }
-};
+OSSL_FUNC_DIGEST_CONSTRUCT(md2, MD2_CTX,
+ MD2_BLOCK, MD2_DIGEST_LENGTH,
+ MD2_Init, MD2_Update, MD2_Final)
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/md4.h>
+
+#include "internal/core_mkdigest.h"
+#include "internal/provider_algs.h"
+
+OSSL_FUNC_DIGEST_CONSTRUCT(md4, MD4_CTX,
+ MD4_CBLOCK, MD4_DIGEST_LENGTH,
+ MD4_Init, MD4_Update, MD4_Final)
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/params.h>
+#include <openssl/mdc2.h>
+#include <openssl/core_names.h>
+
+#include "internal/core_mkdigest.h"
+#include "internal/provider_algs.h"
+
+static OSSL_OP_digest_set_params_fn mdc2_set_params;
+
+static int mdc2_set_params(void *vctx, const OSSL_PARAM params[])
+{
+ const OSSL_PARAM *p;
+ MDC2_CTX *ctx = (MDC2_CTX *)vctx;
+
+ if (ctx != NULL && params != NULL) {
+ p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_PAD_TYPE);
+ if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->pad_type))
+ return 0;
+ return 1;
+ }
+ return 0; /* Null Parameter */
+}
+
+OSSL_FUNC_DIGEST_CONSTRUCT_PARAMS(mdc2, MDC2_CTX,
+ MDC2_BLOCK, MDC2_DIGEST_LENGTH,
+ MDC2_Init, MDC2_Update, MDC2_Final,
+ mdc2_set_params)
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/ripemd.h>
+
+#include "internal/core_mkdigest.h"
+#include "internal/provider_algs.h"
+
+OSSL_FUNC_DIGEST_CONSTRUCT(ripemd160, RIPEMD160_CTX,
+ RIPEMD160_CBLOCK, RIPEMD160_DIGEST_LENGTH,
+ RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final)
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/whrlpool.h>
+
+#include "internal/core_mkdigest.h"
+#include "internal/provider_algs.h"
+
+OSSL_FUNC_DIGEST_CONSTRUCT(wp, WHIRLPOOL_CTX,
+ WHIRLPOOL_BBLOCK / 8, WHIRLPOOL_DIGEST_LENGTH,
+ WHIRLPOOL_Init, WHIRLPOOL_Update, WHIRLPOOL_Final)
#include <openssl/core_numbers.h>
#include <openssl/core_names.h>
#include <openssl/params.h>
+#include "internal/provider_algs.h"
/* Functions provided by the core */
static OSSL_core_get_param_types_fn *c_get_param_types = NULL;
return 1;
}
-extern const OSSL_DISPATCH md2_functions[];
-
static const OSSL_ALGORITHM legacy_digests[] = {
#ifndef OPENSSL_NO_MD2
{ "MD2", "legacy=yes", md2_functions },
#endif
+
+#ifndef OPENSSL_NO_MD4
+ { "MD4", "legacy=yes", md4_functions },
+#endif
+
+#ifndef OPENSSL_NO_MDC2
+ { "MDC2", "legacy=yes", mdc2_functions },
+#endif /* OPENSSL_NO_MDC2 */
+
+#ifndef OPENSSL_NO_WHIRLPOOL
+ { "whirlpool", "legacy=yes", wp_functions },
+#endif /* OPENSSL_NO_WHIRLPOOL */
+
+#ifndef OPENSSL_NO_RMD160
+ { "RIPEMD160", "legacy=yes", ripemd160_functions },
+#endif /* OPENSSL_NO_RMD160 */
+
{ NULL, NULL, NULL }
};
#include "ssl_locl.h"
#include <openssl/evp.h>
#include <openssl/md5.h>
+#include <openssl/core_names.h>
#include "internal/cryptlib.h"
static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
return 1;
}
+void ssl3_digest_master_key_set_params(const SSL_SESSION *session,
+ OSSL_PARAM params[])
+{
+ int n = 0;
+ int cmd = EVP_CTRL_SSL3_MASTER_SECRET;
+
+ params[n++] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_CMD, &cmd,
+ NULL);
+ params[n++] = OSSL_PARAM_construct_octet_ptr(OSSL_DIGEST_PARAM_MSG,
+ (void **)&session->master_key,
+ session->master_key_length,
+ NULL);
+ params[n++] = OSSL_PARAM_construct_end();
+}
+
size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len,
unsigned char *p)
{
goto err;
}
- if ((sender != NULL && EVP_DigestUpdate(ctx, sender, len) <= 0)
- || EVP_MD_CTX_ctrl(ctx, EVP_CTRL_SSL3_MASTER_SECRET,
- (int)s->session->master_key_length,
- s->session->master_key) <= 0
- || EVP_DigestFinal_ex(ctx, p, NULL) <= 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
- ERR_R_INTERNAL_ERROR);
- ret = 0;
+ if (sender != NULL) {
+ OSSL_PARAM digest_cmd_params[3];
+
+ ssl3_digest_master_key_set_params(s->session, digest_cmd_params);
+ if (EVP_DigestUpdate(ctx, sender, len) <= 0
+ || EVP_MD_CTX_set_params(ctx, digest_cmd_params) <= 0
+ || EVP_DigestFinal_ex(ctx, p, NULL) <= 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
+ ERR_R_INTERNAL_ERROR);
+ ret = 0;
+ }
}
err:
__owur const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
int ssl3_renegotiate(SSL *ssl);
int ssl3_renegotiate_check(SSL *ssl, int initok);
+void ssl3_digest_master_key_set_params(const SSL_SESSION *session,
+ OSSL_PARAM params[]);
__owur int ssl3_dispatch_alert(SSL *s);
__owur size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t slen,
unsigned char *p);
}
}
if (s->version == SSL3_VERSION) {
+ OSSL_PARAM digest_cmd_params[3];
+
+ ssl3_digest_master_key_set_params(s->session, digest_cmd_params);
if (EVP_DigestSignUpdate(mctx, hdata, hdatalen) <= 0
- || !EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET,
- (int)s->session->master_key_length,
- s->session->master_key)
+ || EVP_MD_CTX_set_params(mctx, digest_cmd_params) <= 0
|| EVP_DigestSignFinal(mctx, sig, &siglen) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
}
}
if (s->version == SSL3_VERSION) {
+ OSSL_PARAM digest_cmd_params[3];
+
+ ssl3_digest_master_key_set_params(s->session, digest_cmd_params);
if (EVP_DigestVerifyUpdate(mctx, hdata, hdatalen) <= 0
- || !EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET,
- (int)s->session->master_key_length,
- s->session->master_key)) {
+ || EVP_MD_CTX_set_params(mctx, digest_cmd_params) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
ERR_R_EVP_LIB);
goto err;
SOURCE[evp_test]=evp_test.c
INCLUDE[evp_test]=../include ../apps/include
DEPEND[evp_test]=../libcrypto libtestutil.a
+ IF[{- $disabled{legacy} || !$target{dso_scheme} -}]
+ DEFINE[evp_test]=NO_LEGACY_MODULE
+ ENDIF
SOURCE[evp_extra_test]=evp_extra_test.c
INCLUDE[evp_extra_test]=../include ../apps/include ../crypto/include
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/err.h>
+#include <openssl/provider.h>
#include <openssl/x509v3.h>
#include <openssl/pkcs12.h>
#include <openssl/kdf.h>
static int parse_bin(const char *value, unsigned char **buf, size_t *buflen);
+static OSSL_PROVIDER *defltprov = NULL;
+static OSSL_PROVIDER *legacyprov = NULL;
+
/*
* Compare two memory regions for equality, returning zero if they differ.
* However, if there is expected to be an error and the actual error
return evp_test_buffer_set_count(value, mdata->input);
if (strcmp(keyword, "Ncopy") == 0)
return evp_test_buffer_ncopy(value, mdata->input);
+ if (strcmp(keyword, "Legacy") == 0) {
+ if (legacyprov == NULL)
+ t->skip = 1;
+ return 1;
+ }
return 0;
}
while (!BIO_eof(t->s.fp)) {
c = parse(t);
- if (t->skip)
+ if (t->skip) {
+ t->s.numskip++;
continue;
+ }
if (c == 0 || !run_test(t)) {
t->s.errors++;
break;
if (n == 0)
return 0;
+ defltprov = OSSL_PROVIDER_load(NULL, "default");
+ if (!TEST_ptr(defltprov))
+ return 0;
+#ifndef NO_LEGACY_MODULE
+ legacyprov = OSSL_PROVIDER_load(NULL, "legacy");
+ if (!TEST_ptr(legacyprov))
+ return 0;
+#endif /* NO_LEGACY_MODULE */
+
ADD_ALL_TESTS(run_file_tests, n);
return 1;
}
+
+void cleanup_tests(void)
+{
+ OSSL_PROVIDER_unload(legacyprov);
+ OSSL_PROVIDER_unload(defltprov);
+}
*/
#include <string.h>
-
+#include <openssl/provider.h>
+#include <openssl/params.h>
+#include <openssl/ossl_typ.h>
+#include <openssl/core_names.h>
#include "internal/nelem.h"
#include "testutil.h"
static int test_mdc2(void)
{
- int testresult = 0;
+ int testresult = 0, pad_type = 2;
unsigned char md[MDC2_DIGEST_LENGTH];
EVP_MD_CTX *c;
static char text[] = "Now is the time for all ";
- size_t tlen = strlen(text);
+ size_t tlen = strlen(text), i = 0;
+ OSSL_PROVIDER *prov = NULL;
+ OSSL_PARAM params[2];
+
+ params[i++] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_PAD_TYPE,
+ &pad_type, NULL),
+ params[i++] = OSSL_PARAM_construct_end();
+ prov = OSSL_PROVIDER_load(NULL, "legacy");
# ifdef CHARSET_EBCDIC
ebcdic2ascii(text, text, tlen);
# endif
|| !TEST_true(EVP_DigestInit_ex(c, EVP_mdc2(), NULL)))
goto end;
- /* FIXME: use a ctl function? */
- ((MDC2_CTX *)EVP_MD_CTX_md_data(c))->pad_type = 2;
- if (!TEST_true(EVP_DigestUpdate(c, (unsigned char *)text, tlen))
+ if (!TEST_int_gt(EVP_MD_CTX_set_params(c, params), 0)
+ || !TEST_true(EVP_DigestUpdate(c, (unsigned char *)text, tlen))
|| !TEST_true(EVP_DigestFinal_ex(c, &(md[0]), NULL))
|| !TEST_mem_eq(md, MDC2_DIGEST_LENGTH, pad2, MDC2_DIGEST_LENGTH))
goto end;
testresult = 1;
end:
EVP_MD_CTX_free(c);
+ OSSL_PROVIDER_unload(prov);
return testresult;
}
#endif
# https://www.openssl.org/source/license.html
-use OpenSSL::Test::Simple;
+use strict;
+use warnings;
-simple_test("test_mdc2", "mdc2test", "mdc2");
+use OpenSSL::Test qw/:DEFAULT bldtop_dir/;
+use OpenSSL::Test::Utils;
+
+setup("test_mdc2");
+
+if (disabled("mdc2") || disabled("legacy")) {
+ plan skip_all => "mdc2 is not supported by this OpenSSL build";
+}
+
+plan tests => 1;
+
+$ENV{OPENSSL_MODULES} = bldtop_dir("providers");
+
+ok(run(test(["mdc2test"])), "running mdc2test");
use strict;
use warnings;
-use OpenSSL::Test qw/:DEFAULT data_file/;
+use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir);
setup("test_evp");
plan tests => scalar(@files);
+$ENV{OPENSSL_MODULES} = bldtop_dir("providers");
+
foreach my $f ( @files ) {
ok(run(test(["evp_test", data_file("$f")])),
"running evp_test $f");
Digest = MD4
Input = ""
Output = 31d6cfe0d16ae931b73c59d7e0c089c0
+Legacy = 1
Digest = MD4
Input = "a"
Output = bde52cb31de33e46245e05fbdbd6fb24
+Legacy = 1
Digest = MD4
Input = "abc"
Output = a448017aaf21d8525fc10ae87aa6729d
+Legacy = 1
Digest = MD4
Input = "message digest"
Output = d9130a8164549fe818874806e1c7014b
+Legacy = 1
Digest = MD4
Input = "abcdefghijklmnopqrstuvwxyz"
Output = d79e1c308aa5bbcdeea8ed63df412da9
+Legacy = 1
Digest = MD4
Input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
Output = 043f8582f241db351ce627e153e7f0e4
+Legacy = 1
Digest = MD4
Input = "12345678901234567890123456789012345678901234567890123456789012345678901234567890"
Output = e33b4ddc9c38f2199c3e7b164fcc0536
+Legacy = 1
Title = RIPEMD160 tests
Digest = RIPEMD160
Input = ""
Output = 9c1185a5c5e9fc54612808977ee8f548b2258d31
+Legacy = 1
Digest = RIPEMD160
Input = "a"
Output = 0bdc9d2d256b3ee9daae347be6f4dc835a467ffe
+Legacy = 1
Digest = RIPEMD160
Input = "abc"
Output = 8eb208f7e05d987a9b044a8e98c6b087f15a0bfc
+Legacy = 1
Digest = RIPEMD160
Input = "message digest"
Output = 5d0689ef49d2fae572b881b123a85ffa21595f36
+Legacy = 1
Digest = RIPEMD160
Input = "abcdefghijklmnopqrstuvwxyz"
Output = f71c27109c692c1b56bbdceb5b9d2865b3708dbc
+Legacy = 1
Digest = RIPEMD160
Input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
Output = 12a053384a9c0c88e405a06c27dcf49ada62eb2b
+Legacy = 1
Digest = RIPEMD160
Input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
Output = b0e20b6e3116640286ed3a87a5713079b21f5189
+Legacy = 1
Digest = RIPEMD160
Input = "12345678901234567890123456789012345678901234567890123456789012345678901234567890"
Output = 9b752e45573d4b39f4dbd3323cab82bf63326bfb
+Legacy = 1
Title = Whirlpool (from ISO/IEC 10118-3 test vector set)
Digest = whirlpool
Input = ""
Output = 19FA61D75522A4669B44E39C1D2E1726C530232130D407F89AFEE0964997F7A73E83BE698B288FEBCF88E3E03C4F0757EA8964E59B63D93708B138CC42A66EB3
+Legacy = 1
Digest = whirlpool
Input = "a"
Output = 8ACA2602792AEC6F11A67206531FB7D7F0DFF59413145E6973C45001D0087B42D11BC645413AEFF63A42391A39145A591A92200D560195E53B478584FDAE231A
+Legacy = 1
Digest = whirlpool
Input = "abc"
Output = 4E2448A4C6F486BB16B6562C73B4020BF3043E3A731BCE721AE1B303D97E6D4C7181EEBDB6C57E277D0E34957114CBD6C797FC9D95D8B582D225292076D4EEF5
+Legacy = 1
Digest = whirlpool
Input = "message digest"
Output = 378C84A4126E2DC6E56DCC7458377AAC838D00032230F53CE1F5700C0FFB4D3B8421557659EF55C106B4B52AC5A4AAA692ED920052838F3362E86DBD37A8903E
+Legacy = 1
Digest = whirlpool
Input = "abcdefghijklmnopqrstuvwxyz"
Output = F1D754662636FFE92C82EBB9212A484A8D38631EAD4238F5442EE13B8054E41B08BF2A9251C30B6A0B8AAE86177AB4A6F68F673E7207865D5D9819A3DBA4EB3B
+Legacy = 1
Digest = whirlpool
Input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
Output = DC37E008CF9EE69BF11F00ED9ABA26901DD7C28CDEC066CC6AF42E40F82F3A1E08EBA26629129D8FB7CB57211B9281A65517CC879D7B962142C65F5A7AF01467
+Legacy = 1
Digest = whirlpool
Input = "12345678901234567890123456789012345678901234567890123456789012345678901234567890"
Output = 466EF18BABB0154D25B9D38A6414F5C08784372BCCB204D6549C4AFADB6014294D5BD8DF2A6C44E538CD047B2681A51A2C60481E88C5A20B2C2A80CF3A9A083B
+Legacy = 1
Digest = whirlpool
Input = "abcdbcdecdefdefgefghfghighijhijk"
Output = 2A987EA40F917061F5D6F0A0E4644F488A7A5A52DEEE656207C562F988E95C6916BDC8031BC5BE1B7B947639FE050B56939BAAA0ADFF9AE6745B7B181C3BE3FD
+Legacy = 1
Digest = whirlpool
Input = "aaaaaaaaaa"
Count = 100000
Output = 0C99005BEB57EFF50A7CF005560DDF5D29057FD86B20BFD62DECA0F1CCEA4AF51FC15490EDDC47AF32BB2B66C34FF9AD8C6008AD677F77126953B226E4ED8B01
-
+Legacy = 1
Title = SHA3
ENGINE_get_first 3516 3_0_0 EXIST::FUNCTION:ENGINE
CERTIFICATEPOLICIES_it 3517 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
CERTIFICATEPOLICIES_it 3517 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EVP_MD_CTX_ctrl 3518 3_0_0 EXIST::FUNCTION:
+EVP_MD_CTX_ctrl 3518 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3
PKCS7_final 3519 3_0_0 EXIST::FUNCTION:
EVP_PKEY_size 3520 3_0_0 EXIST::FUNCTION:
EVP_DecryptFinal_ex 3521 3_0_0 EXIST::FUNCTION:
OSSL_CMP_PKISI_free 4767 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_MSG_dup 4768 3_0_0 EXIST::FUNCTION:CMP
ERR_load_CMP_strings 4769 3_0_0 EXIST::FUNCTION:CMP
+EVP_MD_CTX_set_params 4770 3_0_0 EXIST::FUNCTION:
+EVP_MD_CTX_get_params 4771 3_0_0 EXIST::FUNCTION:
projects / oweals / openssl.git / commitdiff