[openssl-commits] [openssl] OpenSSL_1_1_1-stable update

Richard Levitte levitte at openssl.org
Mon Nov 12 06:17:09 UTC 2018 

The branch OpenSSL_1_1_1-stable has been updated
       via  61e78e7ace6c5d65910379556d7da7d23492291c (commit)
      from  e37b7014f3f52124b787ca1b5b51b0111462a0ac (commit)


- Log -----------------------------------------------------------------
commit 61e78e7ace6c5d65910379556d7da7d23492291c
Author: Richard Levitte <levitte at openssl.org>
Date:   Sun Nov 11 12:23:26 2018 +0100

    Fix SipHash init order.
    
    Setting the SipHash hash size and setting its key is done with two
    independent functions...  and yet, the internals depend on both.
    
    Unfortunately, the function to change the size wasn't adapted for the
    possibility that the key was set first, with a different hash size.
    
    This changes the hash setting function to fix the internal values
    (which is easy, fortunately) according to the hash size.
    
    evpmac.txt value for digestsize:8 is also corrected.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/7613)
    
    (cherry picked from commit 425036130dfb3cfbef5937772f7526ce60133264)

-----------------------------------------------------------------------

Summary of changes:
 crypto/siphash/siphash.c                 | 14 +++++++++++++-
 test/recipes/30-test_evp_data/evpmac.txt |  2 +-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/crypto/siphash/siphash.c b/crypto/siphash/siphash.c
index ff84a29..be74a38 100644
--- a/crypto/siphash/siphash.c
+++ b/crypto/siphash/siphash.c
@@ -94,7 +94,19 @@ int SipHash_set_hash_size(SIPHASH *ctx, size_t hash_size)
         && hash_size != SIPHASH_MAX_DIGEST_SIZE)
         return 0;
 
-    ctx->hash_size = hash_size;
+    /*
+     * It's possible that the key was set first.  If the hash size changes,
+     * we need to adjust v1 (see SipHash_Init().
+     */
+
+    /* Start by adjusting the stored size, to make things easier */
+    ctx->hash_size = siphash_adjust_hash_size(ctx->hash_size);
+
+    /* Now, adjust ctx->v1 if the old and the new size differ */
+    if ((size_t)ctx->hash_size != hash_size) {
+        ctx->v1 ^= 0xee;
+        ctx->hash_size = hash_size;
+    }
     return 1;
 }
 
diff --git a/test/recipes/30-test_evp_data/evpmac.txt b/test/recipes/30-test_evp_data/evpmac.txt
index 4ec5fa4..2bcb3c3 100644
--- a/test/recipes/30-test_evp_data/evpmac.txt
+++ b/test/recipes/30-test_evp_data/evpmac.txt
@@ -134,7 +134,7 @@ MAC = SipHash
 Ctrl = digestsize:8
 Key = 000102030405060708090A0B0C0D0E0F
 Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E
-Output = B96AB0B9D449A78A
+Output = 724506EB4C328A95
 
 # SIPHASH - default values: 2,4 rounds, explicit 16-byte mac

More information about the openssl-commits mailing list