[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Fri Mar 11 16:25:26 UTC 2016
The branch master has been updated
via 178da24425dd9b26950dcdabb233d5564116a945 (commit)
via 53a51674585a394726625324c0a1bd08ac80245b (commit)
via a57410899af60eff20dfe932283775edc2603c2a (commit)
via 208527a75dd9584e2715c0eebcfad8c730d0dfae (commit)
via 2d0b44126763f989a4cbffbffe9d0c7518158bb7 (commit)
from 40f43f8a2e7c75f032672d198604e4fbd6a60fd8 (commit)
- Log -----------------------------------------------------------------
commit 178da24425dd9b26950dcdabb233d5564116a945
Author: Rich Salz <rsalz at openssl.org>
Date: Fri Mar 11 10:38:45 2016 -0500
Make update to catch function renames.
Reviewed-by: Emilia Käsper <emilia at openssl.org>
commit 53a51674585a394726625324c0a1bd08ac80245b
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Fri Mar 11 01:19:43 2016 +0100
Use unsigned int instead of just unsigned.
Reviewed-by: Andy Polyakov <appro at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit a57410899af60eff20dfe932283775edc2603c2a
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Fri Mar 11 01:06:51 2016 +0100
Save leaf_node and node_offset as character array
They are not numbers in the machine byte order.
Reviewed-by: Andy Polyakov <appro at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 208527a75dd9584e2715c0eebcfad8c730d0dfae
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Thu Mar 10 00:49:55 2016 +0100
Review comments
Reviewed-by: Andy Polyakov <appro at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 2d0b44126763f989a4cbffbffe9d0c7518158bb7
Author: Bill Cox <waywardgeek at google.com>
Date: Wed Mar 9 23:08:31 2016 +0100
Add blake2 support.
Reviewed-by: Andy Polyakov <appro at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
CHANGES | 3 +
Configure | 4 +-
Makefile.in | 2 +
apps/openssl.c | 3 +
apps/progs.h | 4 +
apps/progs.pl | 2 +-
crypto/{hmac => blake2}/Makefile.in | 22 ++--
crypto/blake2/blake2_impl.h | 136 +++++++++++++++++++++
crypto/blake2/blake2b.c | 223 ++++++++++++++++++++++++++++++++++
crypto/blake2/blake2s.c | 217 +++++++++++++++++++++++++++++++++
crypto/blake2/build.info | 3 +
crypto/blake2/m_blake2b.c | 60 +++++++++
crypto/blake2/m_blake2s.c | 60 +++++++++
crypto/evp/c_alld.c | 4 +
crypto/include/internal/blake2_locl.h | 96 +++++++++++++++
crypto/objects/obj_dat.h | 22 +++-
crypto/objects/obj_mac.num | 2 +
crypto/objects/objects.txt | 3 +
doc/apps/dgst.pod | 2 +-
doc/crypto/EVP_DigestInit.pod | 17 +--
doc/standards.txt | 2 +
include/openssl/evp.h | 4 +
include/openssl/obj_mac.h | 10 ++
test/evptests.txt | 60 +++++++++
util/libcrypto.num | 2 +
util/mkdef.pl | 2 +-
util/mkfiles.pl | 1 +
27 files changed, 938 insertions(+), 28 deletions(-)
copy crypto/{hmac => blake2}/Makefile.in (59%)
create mode 100644 crypto/blake2/blake2_impl.h
create mode 100644 crypto/blake2/blake2b.c
create mode 100644 crypto/blake2/blake2s.c
create mode 100644 crypto/blake2/build.info
create mode 100644 crypto/blake2/m_blake2b.c
create mode 100644 crypto/blake2/m_blake2s.c
create mode 100644 crypto/include/internal/blake2_locl.h
diff --git a/CHANGES b/CHANGES
index e9d3f02..da3cb79 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,9 @@
Changes between 1.0.2g and 1.1.0 [xx XXX xxxx]
+ *) Add support for blake2b and blake2s
+ [Bill Cox]
+
*) Added support for "pipelining". Ciphers that have the
EVP_CIPH_FLAG_PIPELINE flag set have a capability to process multiple
encryptions/decryptions simultaneously. There are currently no built-in
diff --git a/Configure b/Configure
index 413efb0..17bc6c2 100755
--- a/Configure
+++ b/Configure
@@ -220,7 +220,7 @@ $config{dirs} = [ "crypto", "ssl", "engines", "apps", "test", "tools" ];
# crypto/ subdirectories to build
$config{sdirs} = [
"objects",
- "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305",
+ "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2",
"des", "aes", "rc2", "rc4", "rc5", "idea", "bf", "cast", "camellia", "seed", "chacha", "modes",
"bn", "ec", "rsa", "dsa", "dh", "dso", "engine",
"buffer", "bio", "stack", "lhash", "rand", "err",
@@ -243,6 +243,7 @@ my @disablables = (
"autoalginit",
"autoerrinit",
"bf",
+ "blake2",
"camellia",
"capieng",
"cast",
@@ -1787,6 +1788,7 @@ print "MODES_OBJ =$target{modes_obj}\n";
print "PADLOCK_OBJ =$target{padlock_obj}\n";
print "CHACHA_ENC =$target{chacha_obj}\n";
print "POLY1305_OBJ =$target{poly1305_obj}\n";
+print "BLAKE2_OBJ =$target{blake2_obj}\n";
print "PROCESSOR =$config{processor}\n";
print "RANLIB =$target{ranlib}\n";
print "ARFLAGS =$target{arflags}\n";
diff --git a/Makefile.in b/Makefile.in
index e7b3f99..d101df1 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -137,6 +137,7 @@ RC5_ENC= {- $target{rc5_obj} -}
MD5_ASM_OBJ= {- $target{md5_obj} -}
SHA1_ASM_OBJ= {- $target{sha1_obj} -}
RMD160_ASM_OBJ= {- $target{rmd160_obj} -}
+BLAKE2_OBJ= {- $target{blake2_obj} -}
WP_ASM_OBJ= {- $target{wp_obj} -}
CMLL_ENC= {- $target{cmll_obj} -}
MODES_ASM_OBJ= {- $target{modes_obj} -}
@@ -281,6 +282,7 @@ BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)'\
SHA1_ASM_OBJ='$(SHA1_ASM_OBJ)' \
MD5_ASM_OBJ='$(MD5_ASM_OBJ)' \
RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)' \
+ BLAKE2_OBJ='$(BLAKE2_OBJ)' \
WP_ASM_OBJ='$(WP_ASM_OBJ)' \
MODES_ASM_OBJ='$(MODES_ASM_OBJ)' \
PADLOCK_ASM_OBJ='$(PADLOCK_ASM_OBJ)' \
diff --git a/apps/openssl.c b/apps/openssl.c
index e0694fc..d460a6b 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -650,6 +650,9 @@ static void list_disabled(void)
#ifdef OPENSSL_NO_BF
BIO_puts(bio_out, "BF\n");
#endif
+#ifndef OPENSSL_NO_BLAKE2
+ BIO_puts(bio_out, "BLAKE2\n");
+#endif
#ifdef OPENSSL_NO_CAMELLIA
BIO_puts(bio_out, "CAMELLIA\n");
#endif
diff --git a/apps/progs.h b/apps/progs.h
index 266e48d..fff2639 100644
--- a/apps/progs.h
+++ b/apps/progs.h
@@ -225,6 +225,10 @@ static FUNCTION functions[] = {
#ifndef OPENSSL_NO_RMD160
{ FT_md, "rmd160", dgst_main},
#endif
+#ifndef OPENSSL_NO_BLAKE2
+ { FT_md, "blake2b512", dgst_main},
+ { FT_md, "blake2s256", dgst_main},
+#endif
#ifndef OPENSSL_NO_AES
{ FT_cipher, "aes-128-cbc", enc_main, enc_options },
#endif
diff --git a/apps/progs.pl b/apps/progs.pl
index b87aef6..f24b91b 100644
--- a/apps/progs.pl
+++ b/apps/progs.pl
@@ -84,7 +84,7 @@ foreach (
"md2", "md4", "md5",
"md_ghost94",
"sha1", "sha224", "sha256", "sha384", "sha512",
- "mdc2", "rmd160"
+ "mdc2", "rmd160", "blake2b", "blake2s"
) {
printf "#ifndef OPENSSL_NO_".uc($_)."\n" if ! /sha/;
printf " { FT_md, \"".$_."\", dgst_main},\n";
diff --git a/crypto/hmac/Makefile.in b/crypto/blake2/Makefile.in
similarity index 59%
copy from crypto/hmac/Makefile.in
copy to crypto/blake2/Makefile.in
index ab8acab..452d1ea 100644
--- a/crypto/hmac/Makefile.in
+++ b/crypto/blake2/Makefile.in
@@ -1,27 +1,23 @@
-#
-# OpenSSL/crypto/md/Makefile
-#
-
-DIR= hmac
+DIR= blake2
TOP= ../..
CC= cc
+CPP= $(CC) -E
INCLUDES=
CFLAG=-g
-MAKEFILE= Makefile
AR= ar r
CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
GENERAL=Makefile
LIB=$(TOP)/libcrypto.a
-LIBSRC=hmac.c hm_ameth.c hm_pmeth.c
-LIBOBJ=hmac.o hm_ameth.o hm_pmeth.o
+LIBSRC=blake2b.c blake2s.c m_blake2b.c m_blake2s.c
+LIBOBJ=blake2b.o blake2s.o m_blake2b.o m_blake2s.o
SRC= $(LIBSRC)
-HEADER=
-
ALL= $(GENERAL) $(SRC) $(HEADER)
top:
@@ -37,10 +33,12 @@ lib: $(LIBOBJ)
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+update: depend
+
depend:
- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
+ $(TOP)/util/domd $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
clean:
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+ rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/blake2/blake2_impl.h b/crypto/blake2/blake2_impl.h
new file mode 100644
index 0000000..c613abd
--- /dev/null
+++ b/crypto/blake2/blake2_impl.h
@@ -0,0 +1,136 @@
+/*
+ * Copyright 2012, Samuel Neves <sneves at dei.uc.pt>.
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+/*
+ * Derived from the BLAKE2 reference implementation written by Samuel Neves.
+ * More information about the BLAKE2 hash function and its implementations
+ * can be found at https://blake2.net.
+ */
+
+#include <string.h>
+#include "e_os.h"
+
+static ossl_inline uint32_t load32(const uint8_t *src)
+{
+ const union {
+ long one;
+ char little;
+ } is_endian = { 1 };
+
+ if (is_endian.little) {
+ uint32_t w;
+ memcpy(&w, src, sizeof(w));
+ return w;
+ } else {
+ uint32_t w = *src++;
+ w |= (uint32_t)(*src++) << 8;
+ w |= (uint32_t)(*src++) << 16;
+ w |= (uint32_t)(*src++) << 24;
+ return w;
+ }
+}
+
+static ossl_inline uint64_t load64(const uint8_t *src)
+{
+ const union {
+ long one;
+ char little;
+ } is_endian = { 1 };
+
+ if (is_endian.little) {
+ uint64_t w;
+ memcpy(&w, src, sizeof(w));
+ return w;
+ } else {
+ uint64_t w = *src++;
+ w |= (uint64_t)(*src++) << 8;
+ w |= (uint64_t)(*src++) << 16;
+ w |= (uint64_t)(*src++) << 24;
+ w |= (uint64_t)(*src++) << 32;
+ w |= (uint64_t)(*src++) << 40;
+ w |= (uint64_t)(*src++) << 48;
+ w |= (uint64_t)(*src++) << 56;
+ return w;
+ }
+}
+
+static ossl_inline void store32(uint8_t *dst, uint32_t w)
+{
+ const union {
+ long one;
+ char little;
+ } is_endian = { 1 };
+
+ if (is_endian.little) {
+ memcpy(dst, &w, sizeof(w));
+ } else {
+ uint8_t *p = (uint8_t *)dst;
+ int i;
+
+ for (i = 0; i < 4; i++)
+ p[i] = (uint8_t)(w >> (8 * i));
+ }
+}
+
+static ossl_inline void store64(uint8_t *dst, uint64_t w)
+{
+ const union {
+ long one;
+ char little;
+ } is_endian = { 1 };
+
+ if (is_endian.little) {
+ memcpy(dst, &w, sizeof(w));
+ } else {
+ uint8_t *p = (uint8_t *)dst;
+ int i;
+
+ for (i = 0; i < 8; i++)
+ p[i] = (uint8_t)(w >> (8 * i));
+ }
+}
+
+static ossl_inline uint64_t load48(const uint8_t *src)
+{
+ uint64_t w = *src++;
+ w |= (uint64_t)(*src++) << 8;
+ w |= (uint64_t)(*src++) << 16;
+ w |= (uint64_t)(*src++) << 24;
+ w |= (uint64_t)(*src++) << 32;
+ w |= (uint64_t)(*src++) << 40;
+ return w;
+}
+
+static ossl_inline void store48(uint8_t *dst, uint64_t w)
+{
+ uint8_t *p = (uint8_t *)dst;
+ *p++ = (uint8_t)w;
+ w >>= 8;
+ *p++ = (uint8_t)w;
+ w >>= 8;
+ *p++ = (uint8_t)w;
+ w >>= 8;
+ *p++ = (uint8_t)w;
+ w >>= 8;
+ *p++ = (uint8_t)w;
+ w >>= 8;
+ *p++ = (uint8_t)w;
+}
+
+static ossl_inline uint32_t rotr32(const uint32_t w, const unsigned int c)
+{
+ return (w >> c) | (w << (32 - c));
+}
+
+static ossl_inline uint64_t rotr64(const uint64_t w, const unsigned int c)
+{
+ return (w >> c) | (w << (64 - c));
+}
diff --git a/crypto/blake2/blake2b.c b/crypto/blake2/blake2b.c
new file mode 100644
index 0000000..6219490
--- /dev/null
+++ b/crypto/blake2/blake2b.c
@@ -0,0 +1,223 @@
+/*
+ * Copyright 2012, Samuel Neves <sneves at dei.uc.pt>.
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+/*
+ * Derived from the BLAKE2 reference implementation written by Samuel Neves.
+ * More information about the BLAKE2 hash function and its implementations
+ * can be found at https://blake2.net.
+ */
+
+#include <string.h>
+#include <openssl/crypto.h>
+#include "e_os.h"
+
+#include "internal/blake2_locl.h"
+#include "blake2_impl.h"
+
+static const uint64_t blake2b_IV[8] =
+{
+ 0x6a09e667f3bcc908U, 0xbb67ae8584caa73bU,
+ 0x3c6ef372fe94f82bU, 0xa54ff53a5f1d36f1U,
+ 0x510e527fade682d1U, 0x9b05688c2b3e6c1fU,
+ 0x1f83d9abfb41bd6bU, 0x5be0cd19137e2179U
+};
+
+static const uint8_t blake2b_sigma[12][16] =
+{
+ { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } ,
+ { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } ,
+ { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 } ,
+ { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 } ,
+ { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 } ,
+ { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 } ,
+ { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 } ,
+ { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 } ,
+ { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 } ,
+ { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 } ,
+ { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } ,
+ { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 }
+};
+
+/* Set that it's the last block we'll compress */
+static ossl_inline void blake2b_set_lastblock(BLAKE2B_CTX *S)
+{
+ S->f[0] = -1;
+}
+
+/* Increment the data hashed counter. */
+static ossl_inline void blake2b_increment_counter(BLAKE2B_CTX *S,
+ const uint64_t inc)
+{
+ S->t[0] += inc;
+ S->t[1] += (S->t[0] < inc);
+}
+
+/* Initialize the hashing state. */
+static ossl_inline void blake2b_init0(BLAKE2B_CTX *S)
+{
+ int i;
+
+ memset(S, 0, sizeof(BLAKE2B_CTX));
+ for(i = 0; i < 8; ++i) {
+ S->h[i] = blake2b_IV[i];
+ }
+}
+
+/* init xors IV with input parameter block */
+static void blake2b_init_param(BLAKE2B_CTX *S, const BLAKE2B_PARAM *P)
+{
+ size_t i;
+ const uint8_t *p = (const uint8_t *)(P);
+ blake2b_init0(S);
+
+ /* The param struct is carefully hand packed, and should be 64 bytes on
+ * every platform. */
+ OPENSSL_assert(sizeof(BLAKE2B_PARAM) == 64);
+ /* IV XOR ParamBlock */
+ for(i = 0; i < 8; ++i) {
+ S->h[i] ^= load64(p + sizeof(S->h[i]) * i);
+ }
+}
+
+/* Initialize the hashing context. Always returns 1. */
+int BLAKE2b_Init(BLAKE2B_CTX *c)
+{
+ BLAKE2B_PARAM P[1];
+ P->digest_length = BLAKE2B_DIGEST_LENGTH;
+ P->key_length = 0;
+ P->fanout = 1;
+ P->depth = 1;
+ store32(P->leaf_length, 0);
+ store64(P->node_offset, 0);
+ P->node_depth = 0;
+ P->inner_length = 0;
+ memset(P->reserved, 0, sizeof(P->reserved));
+ memset(P->salt, 0, sizeof(P->salt));
+ memset(P->personal, 0, sizeof(P->personal));
+ blake2b_init_param(c, P);
+ return 1;
+}
+
+/* Permute the state while xoring in the block of data. */
+static void blake2b_compress(BLAKE2B_CTX *S,
+ const uint8_t block[BLAKE2B_BLOCKBYTES])
+{
+ uint64_t m[16];
+ uint64_t v[16];
+ int i;
+
+ for(i = 0; i < 16; ++i) {
+ m[i] = load64(block + i * sizeof(m[i]));
+ }
+
+ for(i = 0; i < 8; ++i) {
+ v[i] = S->h[i];
+ }
+
+ v[8] = blake2b_IV[0];
+ v[9] = blake2b_IV[1];
+ v[10] = blake2b_IV[2];
+ v[11] = blake2b_IV[3];
+ v[12] = S->t[0] ^ blake2b_IV[4];
+ v[13] = S->t[1] ^ blake2b_IV[5];
+ v[14] = S->f[0] ^ blake2b_IV[6];
+ v[15] = S->f[1] ^ blake2b_IV[7];
+#define G(r,i,a,b,c,d) \
+ do { \
+ a = a + b + m[blake2b_sigma[r][2*i+0]]; \
+ d = rotr64(d ^ a, 32); \
+ c = c + d; \
+ b = rotr64(b ^ c, 24); \
+ a = a + b + m[blake2b_sigma[r][2*i+1]]; \
+ d = rotr64(d ^ a, 16); \
+ c = c + d; \
+ b = rotr64(b ^ c, 63); \
+ } while(0)
+#define ROUND(r) \
+ do { \
+ G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \
+ G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \
+ G(r,2,v[ 2],v[ 6],v[10],v[14]); \
+ G(r,3,v[ 3],v[ 7],v[11],v[15]); \
+ G(r,4,v[ 0],v[ 5],v[10],v[15]); \
+ G(r,5,v[ 1],v[ 6],v[11],v[12]); \
+ G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \
+ G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \
+ } while(0)
+ ROUND(0);
+ ROUND(1);
+ ROUND(2);
+ ROUND(3);
+ ROUND(4);
+ ROUND(5);
+ ROUND(6);
+ ROUND(7);
+ ROUND(8);
+ ROUND(9);
+ ROUND(10);
+ ROUND(11);
+
+ for(i = 0; i < 8; ++i) {
+ S->h[i] = S->h[i] ^ v[i] ^ v[i + 8];
+ }
+
+#undef G
+#undef ROUND
+}
+
+/* Absorb the input data into the hash state. Always returns 1. */
+int BLAKE2b_Update(BLAKE2B_CTX *c, const void *data, size_t datalen)
+{
+ const uint8_t *in = data;
+ size_t fill;
+
+ while(datalen > 0) {
+ fill = sizeof(c->buf) - c->buflen;
+ /* Must be >, not >=, so that last block can be hashed differently */
+ if(datalen > fill) {
+ memcpy(c->buf + c->buflen, in, fill); /* Fill buffer */
+ blake2b_increment_counter(c, BLAKE2B_BLOCKBYTES);
+ blake2b_compress(c, c->buf); /* Compress */
+ c->buflen = 0;
+ in += fill;
+ datalen -= fill;
+ } else { /* datalen <= fill */
+ memcpy(c->buf + c->buflen, in, datalen);
+ c->buflen += datalen; /* Be lazy, do not compress */
+ return 1;
+ }
+ }
+
+ return 1;
+}
+
+/*
+ * Calculate the final hash and save it in md.
+ * Always returns 1.
+ */
+int BLAKE2b_Final(unsigned char *md, BLAKE2B_CTX *c)
+{
+ int i;
+
+ blake2b_increment_counter(c, c->buflen);
+ blake2b_set_lastblock(c);
+ /* Padding */
+ memset(c->buf + c->buflen, 0, sizeof(c->buf) - c->buflen);
+ blake2b_compress(c, c->buf);
+
+ /* Output full hash to message digest */
+ for(i = 0; i < 8; ++i) {
+ store64(md + sizeof(c->h[i]) * i, c->h[i]);
+ }
+
+ OPENSSL_cleanse(c, sizeof(BLAKE2B_CTX));
+ return 1;
+}
diff --git a/crypto/blake2/blake2s.c b/crypto/blake2/blake2s.c
new file mode 100644
index 0000000..75be06a
--- /dev/null
+++ b/crypto/blake2/blake2s.c
@@ -0,0 +1,217 @@
+/*
+ * Copyright 2012, Samuel Neves <sneves at dei.uc.pt>.
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+/*
+ * Derived from the BLAKE2 reference implementation written by Samuel Neves.
+ * More information about the BLAKE2 hash function and its implementations
+ * can be found at https://blake2.net.
+ */
+
+#include <string.h>
+#include <openssl/crypto.h>
+#include "e_os.h"
+
+#include "internal/blake2_locl.h"
+#include "blake2_impl.h"
+
+static const uint32_t blake2s_IV[8] =
+{
+ 0x6A09E667U, 0xBB67AE85U, 0x3C6EF372U, 0xA54FF53AU,
+ 0x510E527FU, 0x9B05688CU, 0x1F83D9ABU, 0x5BE0CD19U
+};
+
+static const uint8_t blake2s_sigma[10][16] =
+{
+ { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } ,
+ { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } ,
+ { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 } ,
+ { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 } ,
+ { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 } ,
+ { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 } ,
+ { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 } ,
+ { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 } ,
+ { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 } ,
+ { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 } ,
+};
+
+/* Set that it's the last block we'll compress */
+static ossl_inline void blake2s_set_lastblock(BLAKE2S_CTX *S)
+{
+ S->f[0] = -1;
+}
+
+/* Increment the data hashed counter. */
+static ossl_inline void blake2s_increment_counter(BLAKE2S_CTX *S,
+ const uint32_t inc)
+{
+ S->t[0] += inc;
+ S->t[1] += (S->t[0] < inc);
+}
+
+/* Initialize the hashing state. */
+static ossl_inline void blake2s_init0(BLAKE2S_CTX *S)
+{
+ int i;
+
+ memset(S, 0, sizeof(BLAKE2S_CTX));
+ for(i = 0; i < 8; ++i) {
+ S->h[i] = blake2s_IV[i];
+ }
+}
+
+/* init2 xors IV with input parameter block */
+static void blake2s_init_param(BLAKE2S_CTX *S, const BLAKE2S_PARAM *P)
+{
+ const uint8_t *p = (const uint8_t *)(P);
+ size_t i;
+
+ /* The param struct is carefully hand packed, and should be 32 bytes on
+ * every platform. */
+ OPENSSL_assert(sizeof(BLAKE2S_PARAM) == 32);
+ blake2s_init0(S);
+ /* IV XOR ParamBlock */
+ for(i = 0; i < 8; ++i) {
+ S->h[i] ^= load32(&p[i*4]);
+ }
+}
+
+/* Initialize the hashing context. Always returns 1. */
+int BLAKE2s_Init(BLAKE2S_CTX *c)
+{
+ BLAKE2S_PARAM P[1];
+
+ P->digest_length = BLAKE2S_DIGEST_LENGTH;
+ P->key_length = 0;
+ P->fanout = 1;
+ P->depth = 1;
+ store32(P->leaf_length, 0);
+ store48(P->node_offset, 0);
+ P->node_depth = 0;
+ P->inner_length = 0;
+ memset(P->salt, 0, sizeof(P->salt));
+ memset(P->personal, 0, sizeof(P->personal));
+ blake2s_init_param(c, P);
+ return 1;
+}
+
+/* Permute the state while xoring in the block of data. */
+static void blake2s_compress(BLAKE2S_CTX *S,
+ const uint8_t block[BLAKE2S_BLOCKBYTES])
+{
+ uint32_t m[16];
+ uint32_t v[16];
+ size_t i;
+
+ for(i = 0; i < 16; ++i) {
+ m[i] = load32(block + i * sizeof(m[i]));
+ }
+
+ for(i = 0; i < 8; ++i) {
+ v[i] = S->h[i];
+ }
+
+ v[ 8] = blake2s_IV[0];
+ v[ 9] = blake2s_IV[1];
+ v[10] = blake2s_IV[2];
+ v[11] = blake2s_IV[3];
+ v[12] = S->t[0] ^ blake2s_IV[4];
+ v[13] = S->t[1] ^ blake2s_IV[5];
+ v[14] = S->f[0] ^ blake2s_IV[6];
+ v[15] = S->f[1] ^ blake2s_IV[7];
+#define G(r,i,a,b,c,d) \
+ do { \
+ a = a + b + m[blake2s_sigma[r][2*i+0]]; \
+ d = rotr32(d ^ a, 16); \
+ c = c + d; \
+ b = rotr32(b ^ c, 12); \
+ a = a + b + m[blake2s_sigma[r][2*i+1]]; \
+ d = rotr32(d ^ a, 8); \
+ c = c + d; \
+ b = rotr32(b ^ c, 7); \
+ } while(0)
+#define ROUND(r) \
+ do { \
+ G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \
+ G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \
+ G(r,2,v[ 2],v[ 6],v[10],v[14]); \
+ G(r,3,v[ 3],v[ 7],v[11],v[15]); \
+ G(r,4,v[ 0],v[ 5],v[10],v[15]); \
+ G(r,5,v[ 1],v[ 6],v[11],v[12]); \
+ G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \
+ G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \
+ } while(0)
+ ROUND(0);
+ ROUND(1);
+ ROUND(2);
+ ROUND(3);
+ ROUND(4);
+ ROUND(5);
+ ROUND(6);
+ ROUND(7);
+ ROUND(8);
+ ROUND(9);
+
+ for(i = 0; i < 8; ++i) {
+ S->h[i] = S->h[i] ^ v[i] ^ v[i + 8];
+ }
+
+#undef G
+#undef ROUND
+}
+
+/* Absorb the input data into the hash state. Always returns 1. */
+int BLAKE2s_Update(BLAKE2S_CTX *c, const void *data, size_t datalen)
+{
+ const uint8_t *in = data;
+ size_t fill;
+
+ while(datalen > 0) {
+ fill = sizeof(c->buf) - c->buflen;
+ /* Must be >, not >=, so that last block can be hashed differently */
+ if(datalen > fill) {
+ memcpy(c->buf + c->buflen, in, fill); /* Fill buffer */
+ blake2s_increment_counter(c, BLAKE2S_BLOCKBYTES);
+ blake2s_compress(c, c->buf); /* Compress */
+ c->buflen = 0;
+ in += fill;
+ datalen -= fill;
+ } else { /* datalen <= fill */
+ memcpy(c->buf + c->buflen, in, datalen);
+ c->buflen += datalen; /* Be lazy, do not compress */
+ return 1;
+ }
+ }
+
+ return 1;
+}
+
+/*
+ * Calculate the final hash and save it in md.
+ * Always returns 1.
+ */
+int BLAKE2s_Final(unsigned char *md, BLAKE2S_CTX *c)
+{
+ int i;
+
+ blake2s_increment_counter(c, (uint32_t)c->buflen);
+ blake2s_set_lastblock(c);
+ /* Padding */
+ memset(c->buf + c->buflen, 0, sizeof(c->buf) - c->buflen);
+ blake2s_compress(c, c->buf);
+
+ /* Output full hash to temp buffer */
+ for(i = 0; i < 8; ++i) {
+ store32(md + sizeof(c->h[i]) * i, c->h[i]);
+ }
+
+ OPENSSL_cleanse(c, sizeof(BLAKE2S_CTX));
+ return 1;
+}
diff --git a/crypto/blake2/build.info b/crypto/blake2/build.info
new file mode 100644
index 0000000..0036f08
--- /dev/null
+++ b/crypto/blake2/build.info
@@ -0,0 +1,3 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+ blake2b.c blake2s.c m_blake2b.c m_blake2s.c
diff --git a/crypto/blake2/m_blake2b.c b/crypto/blake2/m_blake2b.c
new file mode 100644
index 0000000..b74bdbd
--- /dev/null
+++ b/crypto/blake2/m_blake2b.c
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2012, Samuel Neves <sneves at dei.uc.pt>.
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+/*
+ * Derived from the BLAKE2 reference implementation written by Samuel Neves.
+ * More information about the BLAKE2 hash function and its implementations
+ * can be found at https://blake2.net.
+ */
+
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_BLAKE2
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "internal/blake2_locl.h"
+# include "internal/evp_int.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+ return BLAKE2b_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ return BLAKE2b_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ return BLAKE2b_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD blake2b_md = {
+ NID_blake2b512,
+ 0,
+ BLAKE2B_DIGEST_LENGTH,
+ 0,
+ init,
+ update,
+ final,
+ NULL,
+ NULL,
+ 0,
+ sizeof(EVP_MD *) + sizeof(BLAKE2B_CTX),
+};
+
+const EVP_MD *EVP_blake2b512(void)
+{
+ return (&blake2b_md);
+}
+#endif
diff --git a/crypto/blake2/m_blake2s.c b/crypto/blake2/m_blake2s.c
new file mode 100644
index 0000000..01974d9
--- /dev/null
+++ b/crypto/blake2/m_blake2s.c
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2012, Samuel Neves <sneves at dei.uc.pt>.
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+/*
+ * Derived from the BLAKE2 reference implementation written by Samuel Neves.
+ * More information about the BLAKE2 hash function and its implementations
+ * can be found at https://blake2.net.
+ */
+
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_BLAKE2
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "internal/blake2_locl.h"
+# include "internal/evp_int.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+ return BLAKE2s_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ return BLAKE2s_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ return BLAKE2s_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD blake2s_md = {
+ NID_blake2s256,
+ 0,
+ BLAKE2S_DIGEST_LENGTH,
+ 0,
+ init,
+ update,
+ final,
+ NULL,
+ NULL,
+ 0,
+ sizeof(EVP_MD *) + sizeof(BLAKE2S_CTX),
+};
+
+const EVP_MD *EVP_blake2s256(void)
+{
+ return (&blake2s_md);
+}
+#endif
diff --git a/crypto/evp/c_alld.c b/crypto/evp/c_alld.c
index e28ba3d..ad261b3 100644
--- a/crypto/evp/c_alld.c
+++ b/crypto/evp/c_alld.c
@@ -90,4 +90,8 @@ void openssl_add_all_digests_internal(void)
#ifndef OPENSSL_NO_WHIRLPOOL
EVP_add_digest(EVP_whirlpool());
#endif
+#ifndef OPENSSL_NO_BLAKE2
+ EVP_add_digest(EVP_blake2b512());
+ EVP_add_digest(EVP_blake2s256());
+#endif
}
diff --git a/crypto/include/internal/blake2_locl.h b/crypto/include/internal/blake2_locl.h
new file mode 100644
index 0000000..ba438f4
--- /dev/null
+++ b/crypto/include/internal/blake2_locl.h
@@ -0,0 +1,96 @@
+/*
+ * Copyright 2012, Samuel Neves <sneves at dei.uc.pt>.
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+/*
+ * Derived from the BLAKE2 reference implementation written by Samuel Neves.
+ * More information about the BLAKE2 hash function and its implementations
+ * can be found at https://blake2.net.
+ */
+
+#include <stddef.h>
+#include "e_os.h"
+
+# ifdef OPENSSL_NO_BLAKE2
+# error BLAKE2 is disabled.
+# endif
+
+#define BLAKE2S_BLOCKBYTES 64
+#define BLAKE2S_OUTBYTES 32
+#define BLAKE2S_KEYBYTES 32
+#define BLAKE2S_SALTBYTES 8
+#define BLAKE2S_PERSONALBYTES 8
+
+#define BLAKE2B_BLOCKBYTES 128
+#define BLAKE2B_OUTBYTES 64
+#define BLAKE2B_KEYBYTES 64
+#define BLAKE2B_SALTBYTES 16
+#define BLAKE2B_PERSONALBYTES 16
+
+struct blake2s_param_st {
+ uint8_t digest_length; /* 1 */
+ uint8_t key_length; /* 2 */
+ uint8_t fanout; /* 3 */
+ uint8_t depth; /* 4 */
+ uint8_t leaf_length[4];/* 8 */
+ uint8_t node_offset[6];/* 14 */
+ uint8_t node_depth; /* 15 */
+ uint8_t inner_length; /* 16 */
+ uint8_t salt[BLAKE2S_SALTBYTES]; /* 24 */
+ uint8_t personal[BLAKE2S_PERSONALBYTES]; /* 32 */
+};
+
+typedef struct blake2s_param_st BLAKE2S_PARAM;
+
+struct blake2s_ctx_st {
+ uint32_t h[8];
+ uint32_t t[2];
+ uint32_t f[2];
+ uint8_t buf[BLAKE2S_BLOCKBYTES];
+ size_t buflen;
+};
+
+struct blake2b_param_st {
+ uint8_t digest_length; /* 1 */
+ uint8_t key_length; /* 2 */
+ uint8_t fanout; /* 3 */
+ uint8_t depth; /* 4 */
+ uint8_t leaf_length[4];/* 8 */
+ uint8_t node_offset[8];/* 16 */
+ uint8_t node_depth; /* 17 */
+ uint8_t inner_length; /* 18 */
+ uint8_t reserved[14]; /* 32 */
+ uint8_t salt[BLAKE2B_SALTBYTES]; /* 48 */
+ uint8_t personal[BLAKE2B_PERSONALBYTES]; /* 64 */
+};
+
+typedef struct blake2b_param_st BLAKE2B_PARAM;
+
+struct blake2b_ctx_st {
+ uint64_t h[8];
+ uint64_t t[2];
+ uint64_t f[2];
+ uint8_t buf[BLAKE2B_BLOCKBYTES];
+ size_t buflen;
+};
+
+#define BLAKE2B_DIGEST_LENGTH 64
+#define BLAKE2S_DIGEST_LENGTH 32
+
+typedef struct blake2s_ctx_st BLAKE2S_CTX;
+typedef struct blake2b_ctx_st BLAKE2B_CTX;
+
+int BLAKE2b_Init(BLAKE2B_CTX *c);
+int BLAKE2b_Update(BLAKE2B_CTX *c, const void *data, size_t datalen);
+int BLAKE2b_Final(unsigned char *md, BLAKE2B_CTX *c);
+
+int BLAKE2s_Init(BLAKE2S_CTX *c);
+int BLAKE2s_Update(BLAKE2S_CTX *c, const void *data, size_t datalen);
+int BLAKE2s_Final(unsigned char *md, BLAKE2S_CTX *c);
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index 8cd3b20..d852a55 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -60,12 +60,12 @@
* [including the GNU Public Licence.]
*/
-#define NUM_NID 1054
-#define NUM_SN 1047
-#define NUM_LN 1047
-#define NUM_OBJ 951
+#define NUM_NID 1058
+#define NUM_SN 1049
+#define NUM_LN 1049
+#define NUM_OBJ 953
-static const unsigned char lvalues[6722]={
+static const unsigned char lvalues[6744]={
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */
@@ -1011,6 +1011,8 @@ static const unsigned char lvalues[6722]={
0x2B,0x06,0x01,0x05,0x02,0x03,0x05, /* [6696] OBJ_pkInitKDC */
0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x0F,0x01,/* [6703] OBJ_X25519 */
0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x0F,0x02,/* [6712] OBJ_X448 */
+0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x01,0x10,/* [6721] OBJ_blake2b512 */
+0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x02,0x08,/* [6732] OBJ_blake2s256 */
};
static const ASN1_OBJECT nid_objs[NUM_NID]={
@@ -2722,6 +2724,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
{"AuthGOST12","auth-gost12",NID_auth_gost12,0,NULL,0},
{"AuthSRP","auth-srp",NID_auth_srp,0,NULL,0},
{"AuthNULL","auth-null",NID_auth_null,0,NULL,0},
+{NULL,NULL,NID_undef,0,NULL,0},
+{NULL,NULL,NID_undef,0,NULL,0},
+{"BLAKE2b512","blake2b512",NID_blake2b512,11,&(lvalues[6721]),0},
+{"BLAKE2s256","blake2s256",NID_blake2s256,11,&(lvalues[6732]),0},
};
static const unsigned int sn_objs[NUM_SN]={
@@ -2770,6 +2776,8 @@ static const unsigned int sn_objs[NUM_SN]={
93, /* "BF-CFB" */
92, /* "BF-ECB" */
94, /* "BF-OFB" */
+1056, /* "BLAKE2b512" */
+1057, /* "BLAKE2s256" */
14, /* "C" */
751, /* "CAMELLIA-128-CBC" */
962, /* "CAMELLIA-128-CCM" */
@@ -4008,6 +4016,8 @@ static const unsigned int ln_objs[NUM_LN]={
93, /* "bf-cfb" */
92, /* "bf-ecb" */
94, /* "bf-ofb" */
+1056, /* "blake2b512" */
+1057, /* "blake2s256" */
921, /* "brainpoolP160r1" */
922, /* "brainpoolP160t1" */
923, /* "brainpoolP192r1" */
@@ -5776,5 +5786,7 @@ static const unsigned int obj_objs[NUM_OBJ]={
955, /* OBJ_jurisdictionLocalityName 1 3 6 1 4 1 311 60 2 1 1 */
956, /* OBJ_jurisdictionStateOrProvinceName 1 3 6 1 4 1 311 60 2 1 2 */
957, /* OBJ_jurisdictionCountryName 1 3 6 1 4 1 311 60 2 1 3 */
+1056, /* OBJ_blake2b512 1 3 6 1 4 1 1722 12 2 1 16 */
+1057, /* OBJ_blake2s256 1 3 6 1 4 1 1722 12 2 2 8 */
};
diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
index 2a80d9d..01d53b8 100644
--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
@@ -1053,3 +1053,5 @@ auth_srp 1052
auth_null 1053
fips_none 1054
fips_140_2 1055
+blake2b512 1056
+blake2s256 1057
diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
index a79968b..ba8891d 100644
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@@ -671,6 +671,9 @@ algorithm 29 : RSA-SHA1-2 : sha1WithRSA
1 3 36 3 2 1 : RIPEMD160 : ripemd160
1 3 36 3 3 1 2 : RSA-RIPEMD160 : ripemd160WithRSA
+1 3 6 1 4 1 1722 12 2 1 16 : BLAKE2b512 : blake2b512
+1 3 6 1 4 1 1722 12 2 2 8 : BLAKE2s256 : blake2s256
+
!Cname sxnet
1 3 101 1 4 1 : SXNetID : Strong Extranet ID
diff --git a/doc/apps/dgst.pod b/doc/apps/dgst.pod
index 1c595dc..7b3001e 100644
--- a/doc/apps/dgst.pod
+++ b/doc/apps/dgst.pod
@@ -2,7 +2,7 @@
=head1 NAME
-dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md4, md5 - message digests
+dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md4, md5, blake2b, blake2s - message digests
=head1 SYNOPSIS
diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod
index db9c040..94c4d19 100644
--- a/doc/crypto/EVP_DigestInit.pod
+++ b/doc/crypto/EVP_DigestInit.pod
@@ -8,8 +8,8 @@ EVP_DigestInit, EVP_DigestFinal, EVP_MD_CTX_copy, EVP_MD_type,
EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size,
EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha1,
EVP_sha224, EVP_sha256, EVP_sha384, EVP_sha512, EVP_mdc2,
-EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj -
-EVP digest routines
+EVP_ripemd160, EVP_blake2b_512, EVP_blake2s_256, EVP_get_digestbyname,
+EVP_get_digestbynid, EVP_get_digestbyobj - EVP digest routines
=head1 SYNOPSIS
@@ -57,6 +57,8 @@ EVP digest routines
const EVP_MD *EVP_sha1(void);
const EVP_MD *EVP_mdc2(void);
const EVP_MD *EVP_ripemd160(void);
+ const EVP_MD *EVP_blake2b_512(void);
+ const EVP_MD *EVP_blake2s_256(void);
const EVP_MD *EVP_sha224(void);
const EVP_MD *EVP_sha256(void);
@@ -134,9 +136,10 @@ are no longer linked this function is only retained for compatibility
reasons.
EVP_md2(), EVP_md5(), EVP_sha1(), EVP_sha224(), EVP_sha256(),
-EVP_sha384(), EVP_sha512(), EVP_mdc2() and EVP_ripemd160() return B<EVP_MD>
-structures for the MD2, MD5, SHA1, SHA224, SHA256, SHA384, SHA512, MDC2
-and RIPEMD160 digest algorithms respectively.
+EVP_sha384(), EVP_sha512(), EVP_mdc2(), EVP_ripemd160(), EVP_blake2b_512(), and
+EVP_blake2s_256() return B<EVP_MD> structures for the MD2, MD5, SHA1, SHA224,
+SHA256, SHA384, SHA512, MDC2, RIPEMD160, BLAKE2b-512, and BLAKE2s-256 digest
+algorithms respectively.
EVP_md_null() is a "null" message digest that does nothing: i.e. the hash it
returns is of zero length.
@@ -159,8 +162,8 @@ EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and
EVP_MD_CTX_block_size() return the digest or block size in bytes.
EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha1(),
-EVP_mdc2() and EVP_ripemd160() return pointers to the
-corresponding EVP_MD structures.
+EVP_mdc2(), EVP_ripemd160(), EVP_blake2b_512(), and EVP_blake2s_256() return
+pointers to the corresponding EVP_MD structures.
EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj()
return either an B<EVP_MD> structure or NULL if an error occurs.
diff --git a/doc/standards.txt b/doc/standards.txt
index d28b167..7472864 100644
--- a/doc/standards.txt
+++ b/doc/standards.txt
@@ -163,3 +163,5 @@ STARTTLS documents.
3657 Use of the Camellia Encryption Algorithm in Cryptographic
Message Syntax (CMS)
+
+7693 The BLAKE2 Cryptographic Hash and Message Authentication Code (MAC)
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 4516db1..af05e66 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -700,6 +700,10 @@ const EVP_MD *EVP_md4(void);
const EVP_MD *EVP_md5(void);
const EVP_MD *EVP_md5_sha1(void);
# endif
+# ifndef OPENSSL_NO_BLAKE2
+const EVP_MD *EVP_blake2b512(void);
+const EVP_MD *EVP_blake2s256(void);
+# endif
const EVP_MD *EVP_sha1(void);
const EVP_MD *EVP_sha224(void);
const EVP_MD *EVP_sha256(void);
diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
index 4725a6c..5d7adc7 100644
--- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h
@@ -2078,6 +2078,16 @@
#define NID_ripemd160WithRSA 119
#define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L
+#define SN_blake2b512 "BLAKE2b512"
+#define LN_blake2b512 "blake2b512"
+#define NID_blake2b512 1056
+#define OBJ_blake2b512 1L,3L,6L,1L,4L,1L,1722L,12L,2L,1L,16L
+
+#define SN_blake2s256 "BLAKE2s256"
+#define LN_blake2s256 "blake2s256"
+#define NID_blake2s256 1057
+#define OBJ_blake2s256 1L,3L,6L,1L,4L,1L,1722L,12L,2L,2L,8L
+
#define SN_sxnet "SXNetID"
#define LN_sxnet "Strong Extranet ID"
#define NID_sxnet 143
diff --git a/test/evptests.txt b/test/evptests.txt
index 0a45e2f..d0acbef 100644
--- a/test/evptests.txt
+++ b/test/evptests.txt
@@ -2,6 +2,66 @@
#aadcipher:key:iv:plaintext:ciphertext:aad:tag:0/1(decrypt/encrypt)
#digest:::input:output
+# BLAKE2 tests, using same inputs as MD5
+# There are no official BLAKE2 test vectors we can use since they all use a key
+# Which is currently unsupported by OpenSSL. They were generated using the
+# reference implementation. RFC7693 also mentions the 616263 / "abc" values.
+Digest = BLAKE2s256
+Input =
+Output = 69217a3079908094e11121d042354a7c1f55b6482ca1a51e1b250dfd1ed0eef9
+
+Digest = BLAKE2s256
+Input = 61
+Output = 4a0d129873403037c2cd9b9048203687f6233fb6738956e0349bd4320fec3e90
+
+Digest = BLAKE2s256
+Input = 616263
+Output = 508c5e8c327c14e2e1a72ba34eeb452f37458b209ed63a294d999b4c86675982
+
+Digest = BLAKE2s256
+Input = 6d65737361676520646967657374
+Output = fa10ab775acf89b7d3c8a6e823d586f6b67bdbac4ce207fe145b7d3ac25cd28c
+
+Digest = BLAKE2s256
+Input = 6162636465666768696a6b6c6d6e6f707172737475767778797a
+Output = bdf88eb1f86a0cdf0e840ba88fa118508369df186c7355b4b16cf79fa2710a12
+
+Digest = BLAKE2s256
+Input = 4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839
+Output = c75439ea17e1de6fa4510c335dc3d3f343e6f9e1ce2773e25b4174f1df8b119b
+
+Digest = BLAKE2s256
+Input = 3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930
+Output = fdaedb290a0d5af9870864fec2e090200989dc9cd53a3c092129e8535e8b4f66
+
+Digest = BLAKE2b512
+Input =
+Output = 786a02f742015903c6c6fd852552d272912f4740e15847618a86e217f71f5419d25e1031afee585313896444934eb04b903a685b1448b755d56f701afe9be2ce
+
+Digest = BLAKE2b512
+Input = 61
+Output = 333fcb4ee1aa7c115355ec66ceac917c8bfd815bf7587d325aec1864edd24e34d5abe2c6b1b5ee3face62fed78dbef802f2a85cb91d455a8f5249d330853cb3c
+
+Digest = BLAKE2b512
+Input = 616263
+Output = ba80a53f981c4d0d6a2797b69f12f6e94c212f14685ac4b74b12bb6fdbffa2d17d87c5392aab792dc252d5de4533cc9518d38aa8dbf1925ab92386edd4009923
+
+Digest = BLAKE2b512
+Input = 6d65737361676520646967657374
+Output = 3c26ce487b1c0f062363afa3c675ebdbf5f4ef9bdc022cfbef91e3111cdc283840d8331fc30a8a0906cff4bcdbcd230c61aaec60fdfad457ed96b709a382359a
+
+Digest = BLAKE2b512
+Input = 6162636465666768696a6b6c6d6e6f707172737475767778797a
+Output = c68ede143e416eb7b4aaae0d8e48e55dd529eafed10b1df1a61416953a2b0a5666c761e7d412e6709e31ffe221b7a7a73908cb95a4d120b8b090a87d1fbedb4c
+
+Digest = BLAKE2b512
+Input = 4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839
+Output = 99964802e5c25e703722905d3fb80046b6bca698ca9e2cc7e49b4fe1fa087c2edf0312dfbb275cf250a1e542fd5dc2edd313f9c491127c2e8c0c9b24168e2d50
+
+Digest = BLAKE2b512
+Input = 3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930
+Output = 686f41ec5afff6e87e1f076f542aa466466ff5fbde162c48481ba48a748d842799f5b30f5b67fc684771b33b994206d05cc310f31914edd7b97e41860d77d282
+
# SHA(1) tests (from shatest.c)
Digest = SHA1
Input = 616263
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 7d893a1..7691769 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4057,3 +4057,5 @@ ECPKPARAMETERS_it 3923 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:
EC_GROUP_get_ecparameters 3924 1_1_0 EXIST::FUNCTION:EC
DHparams_it 3925 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DH
DHparams_it 3925 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DH
+EVP_blake2s256 3926 1_1_0 EXIST::FUNCTION:BLAKE2
+EVP_blake2b512 3927 1_1_0 EXIST::FUNCTION:BLAKE2
diff --git a/util/mkdef.pl b/util/mkdef.pl
index a847b0b..4578c9a 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -75,7 +75,7 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
"SHA256", "SHA512", "RMD160",
"MDC2", "WHIRLPOOL", "RSA", "DSA", "DH", "EC", "EC2M",
"HMAC", "AES", "CAMELLIA", "SEED", "GOST",
- "SCRYPT", "CHACHA", "POLY1305",
+ "SCRYPT", "CHACHA", "POLY1305", "BLAKE2",
# EC_NISTP_64_GCC_128
"EC_NISTP_64_GCC_128",
# Envelope "algorithms"
diff --git a/util/mkfiles.pl b/util/mkfiles.pl
index 1e5f84e..0e4f71e 100755
--- a/util/mkfiles.pl
+++ b/util/mkfiles.pl
@@ -63,6 +63,7 @@ my @dirs = (
"crypto/async",
"crypto/chacha",
"crypto/poly1305",
+"crypto/blake2",
"crypto/kdf",
"ssl",
"apps",
More information about the openssl-commits
mailing list