[openssl-commits] [openssl] master update

Richard Levitte levitte at openssl.org
Sat Sep 8 23:48:25 UTC 2018


The branch master has been updated
       via  d74f23d2dbf2de0f374bff004c135242cfb65174 (commit)
       via  2725232132207ee30fd16e596885e3b0bd810fc4 (commit)
       via  d0123525cd82be320f6b8b91ca287a2e572341cc (commit)
       via  7e6a3025493bae3018e8a9c71b93350859b1c484 (commit)
      from  f01344cb5c6239af0d406f48d65362d0df9627b5 (commit)


- Log -----------------------------------------------------------------
commit d74f23d2dbf2de0f374bff004c135242cfb65174
Author: Richard Levitte <levitte at openssl.org>
Date:   Thu Sep 6 22:52:38 2018 +0200

    SipHash: add separate setter for the hash size
    
    This was originally part of SipHash_Init.  However, there are cases
    where there isn't any key material to initialize from when setting the
    hash size, and we do allow doing so with a EVP_PKEY control.  The
    solution is to provide a separate hash_size setter and to use it in
    the corresponding EVP_PKEY_METHOD.
    
    Fixes #7143
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/7145)

commit 2725232132207ee30fd16e596885e3b0bd810fc4
Author: Richard Levitte <levitte at openssl.org>
Date:   Sat Sep 8 23:19:39 2018 +0200

    TESTS: add SipHash tests with digestsize controls
    
    Confirms #7143
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/7154)

commit d0123525cd82be320f6b8b91ca287a2e572341cc
Author: Richard Levitte <levitte at openssl.org>
Date:   Sat Sep 8 23:19:06 2018 +0200

    SipHash: make it possible to control the hash size through string controls
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/7154)

commit 7e6a3025493bae3018e8a9c71b93350859b1c484
Author: Richard Levitte <levitte at openssl.org>
Date:   Sat Sep 8 23:16:55 2018 +0200

    test/evp_test.c: make it possible to use controls with MAC tests
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/7154)

-----------------------------------------------------------------------

Summary of changes:
 crypto/include/internal/siphash.h        |  3 ++-
 crypto/siphash/siphash.c                 | 28 +++++++++++++++++++++-------
 crypto/siphash/siphash_pmeth.c           | 23 ++++++++++-------------
 test/evp_test.c                          | 23 ++++++++++++++++++++++-
 test/recipes/30-test_evp_data/evpmac.txt | 32 ++++++++++++++++++++++++++++++++
 test/siphash_internal_test.c             | 23 +++++++++++++++--------
 6 files changed, 102 insertions(+), 30 deletions(-)

diff --git a/crypto/include/internal/siphash.h b/crypto/include/internal/siphash.h
index e086859..d8bcdca 100644
--- a/crypto/include/internal/siphash.h
+++ b/crypto/include/internal/siphash.h
@@ -18,7 +18,8 @@ typedef struct siphash_st SIPHASH;
 
 size_t SipHash_ctx_size(void);
 size_t SipHash_hash_size(SIPHASH *ctx);
-int SipHash_Init(SIPHASH *ctx, const unsigned char *k, int hash_size,
+int SipHash_set_hash_size(SIPHASH *ctx, size_t hash_size);
+int SipHash_Init(SIPHASH *ctx, const unsigned char *k,
                  int crounds, int drounds);
 void SipHash_Update(SIPHASH *ctx, const unsigned char *in, size_t inlen);
 int SipHash_Final(SIPHASH *ctx, unsigned char *out, size_t outlen);
diff --git a/crypto/siphash/siphash.c b/crypto/siphash/siphash.c
index 72fd519..e2352fc 100644
--- a/crypto/siphash/siphash.c
+++ b/crypto/siphash/siphash.c
@@ -80,17 +80,32 @@ size_t SipHash_hash_size(SIPHASH *ctx)
     return ctx->hash_size;
 }
 
+static size_t siphash_adjust_hash_size(size_t hash_size)
+{
+    if (hash_size == 0)
+        hash_size = SIPHASH_MAX_DIGEST_SIZE;
+    return hash_size;
+}
+
+int SipHash_set_hash_size(SIPHASH *ctx, size_t hash_size)
+{
+    hash_size = siphash_adjust_hash_size(hash_size);
+    if (hash_size != SIPHASH_MIN_DIGEST_SIZE
+        && hash_size != SIPHASH_MAX_DIGEST_SIZE)
+        return 0;
+
+    ctx->hash_size = hash_size;
+    return 1;
+}
+
 /* hash_size = crounds = drounds = 0 means SipHash24 with 16-byte output */
-int SipHash_Init(SIPHASH *ctx, const unsigned char *k, int hash_size, int crounds, int drounds)
+int SipHash_Init(SIPHASH *ctx, const unsigned char *k, int crounds, int drounds)
 {
     uint64_t k0 = U8TO64_LE(k);
     uint64_t k1 = U8TO64_LE(k + 8);
 
-    if (hash_size == 0)
-        hash_size = SIPHASH_MAX_DIGEST_SIZE;
-    else if (hash_size != SIPHASH_MIN_DIGEST_SIZE &&
-             hash_size != SIPHASH_MAX_DIGEST_SIZE)
-        return 0;
+    /* If the hash size wasn't set, i.e. is zero */
+    ctx->hash_size = siphash_adjust_hash_size(ctx->hash_size);
 
     if (drounds == 0)
         drounds = SIPHASH_D_ROUNDS;
@@ -99,7 +114,6 @@ int SipHash_Init(SIPHASH *ctx, const unsigned char *k, int hash_size, int cround
 
     ctx->crounds = crounds;
     ctx->drounds = drounds;
-    ctx->hash_size = hash_size;
 
     ctx->len = 0;
     ctx->total_inlen = 0;
diff --git a/crypto/siphash/siphash_pmeth.c b/crypto/siphash/siphash_pmeth.c
index a635260..66e552f 100644
--- a/crypto/siphash/siphash_pmeth.c
+++ b/crypto/siphash/siphash_pmeth.c
@@ -95,16 +95,13 @@ static int siphash_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
     SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
     const unsigned char* key;
     size_t len;
-    int hash_size;
 
     key = EVP_PKEY_get0_siphash(EVP_PKEY_CTX_get0_pkey(ctx), &len);
     if (key == NULL || len != SIPHASH_KEY_SIZE)
         return 0;
     EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
     EVP_MD_CTX_set_update_fn(mctx, int_update);
-    /* use default rounds (2,4) */
-    hash_size = SipHash_hash_size(&pctx->ctx);
-    return SipHash_Init(&pctx->ctx, key, hash_size, 0, 0);
+    return SipHash_Init(&pctx->ctx, key, 0, 0);
 }
 static int siphash_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
                             EVP_MD_CTX *mctx)
@@ -122,7 +119,6 @@ static int pkey_siphash_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
     SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
     const unsigned char *key;
     size_t len;
-    int hash_size;
 
     switch (type) {
 
@@ -131,12 +127,7 @@ static int pkey_siphash_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
         break;
 
     case EVP_PKEY_CTRL_SET_DIGEST_SIZE:
-        if (p1 != SIPHASH_MIN_DIGEST_SIZE &&
-            p1 != SIPHASH_MAX_DIGEST_SIZE) {
-            return 0;
-        }
-        /* use default rounds (2,4) */
-        return SipHash_Init(&pctx->ctx, ASN1_STRING_get0_data(&pctx->ktmp), p1, 0, 0);
+        return SipHash_set_hash_size(&pctx->ctx, p1);
 
     case EVP_PKEY_CTRL_SET_MAC_KEY:
     case EVP_PKEY_CTRL_DIGESTINIT:
@@ -152,8 +143,8 @@ static int pkey_siphash_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
             !ASN1_OCTET_STRING_set(&pctx->ktmp, key, len))
             return 0;
         /* use default rounds (2,4) */
-        hash_size = SipHash_hash_size(&pctx->ctx);
-        return SipHash_Init(&pctx->ctx, ASN1_STRING_get0_data(&pctx->ktmp), hash_size, 0, 0);
+        return SipHash_Init(&pctx->ctx, ASN1_STRING_get0_data(&pctx->ktmp),
+                            0, 0);
 
     default:
         return -2;
@@ -167,6 +158,12 @@ static int pkey_siphash_ctrl_str(EVP_PKEY_CTX *ctx,
 {
     if (value == NULL)
         return 0;
+    if (strcmp(type, "digestsize") == 0) {
+        size_t hash_size = atoi(value);
+
+        return pkey_siphash_ctrl(ctx, EVP_PKEY_CTRL_SET_DIGEST_SIZE, hash_size,
+                                 NULL);
+    }
     if (strcmp(type, "key") == 0)
         return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
     if (strcmp(type, "hexkey") == 0)
diff --git a/test/evp_test.c b/test/evp_test.c
index 5391563..98301e6 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -73,6 +73,8 @@ static KEY_LIST *public_keys;
 static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst);
 
 static int parse_bin(const char *value, unsigned char **buf, size_t *buflen);
+static int pkey_test_ctrl(EVP_TEST *t, EVP_PKEY_CTX *pctx,
+                          const char *value);
 
 /*
  * Compare two memory regions for equality, returning zero if they differ.
@@ -843,6 +845,8 @@ typedef struct mac_data_st {
     /* Expected output */
     unsigned char *output;
     size_t output_len;
+    /* Collection of controls */
+    STACK_OF(OPENSSL_STRING) *controls;
 } MAC_DATA;
 
 static int mac_test_init(EVP_TEST *t, const char *alg)
@@ -878,14 +882,22 @@ static int mac_test_init(EVP_TEST *t, const char *alg)
 
     mdat = OPENSSL_zalloc(sizeof(*mdat));
     mdat->type = type;
+    mdat->controls = sk_OPENSSL_STRING_new_null();
     t->data = mdat;
     return 1;
 }
 
+/* Because OPENSSL_free is a macro, it can't be passed as a function pointer */
+static void openssl_free(char *m)
+{
+    OPENSSL_free(m);
+}
+
 static void mac_test_cleanup(EVP_TEST *t)
 {
     MAC_DATA *mdat = t->data;
 
+    sk_OPENSSL_STRING_pop_free(mdat->controls, openssl_free);
     OPENSSL_free(mdat->alg);
     OPENSSL_free(mdat->key);
     OPENSSL_free(mdat->input);
@@ -909,6 +921,9 @@ static int mac_test_parse(EVP_TEST *t,
         return parse_bin(value, &mdata->input, &mdata->input_len);
     if (strcmp(keyword, "Output") == 0)
         return parse_bin(value, &mdata->output, &mdata->output_len);
+    if (strcmp(keyword, "Ctrl") == 0)
+        return sk_OPENSSL_STRING_push(mdata->controls,
+                                      OPENSSL_strdup(value)) != 0;
     return 0;
 }
 
@@ -921,6 +936,7 @@ static int mac_test_run(EVP_TEST *t)
     const EVP_MD *md = NULL;
     unsigned char *got = NULL;
     size_t got_len;
+    int i;
 
 #ifdef OPENSSL_NO_DES
     if (expected->alg != NULL && strstr(expected->alg, "DES") != NULL) {
@@ -955,7 +971,12 @@ static int mac_test_run(EVP_TEST *t)
         t->err = "DIGESTSIGNINIT_ERROR";
         goto err;
     }
-
+    for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++)
+        if (!pkey_test_ctrl(t, pctx,
+                            sk_OPENSSL_STRING_value(expected->controls, i))) {
+            t->err = "EVPPKEYCTXCTRL_ERROR";
+            goto err;
+        }
     if (!EVP_DigestSignUpdate(mctx, expected->input, expected->input_len)) {
         t->err = "DIGESTSIGNUPDATE_ERROR";
         goto err;
diff --git a/test/recipes/30-test_evp_data/evpmac.txt b/test/recipes/30-test_evp_data/evpmac.txt
index 9de8be1..e941a46 100644
--- a/test/recipes/30-test_evp_data/evpmac.txt
+++ b/test/recipes/30-test_evp_data/evpmac.txt
@@ -128,6 +128,38 @@ Key = 000102030405060708090A0B0C0D0E0F
 Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E
 Output = 5150d1772f50834a503e069a973fbd7c
 
+# SIPHASH - default values: 2,4 rounds, explicit 8-byte mac
+
+MAC = SipHash
+Ctrl = digestsize:8
+Key = 000102030405060708090A0B0C0D0E0F
+Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E
+Output = B96AB0B9D449A78A
+
+# SIPHASH - default values: 2,4 rounds, explicit 16-byte mac
+
+MAC = SipHash
+Ctrl = digestsize:16
+Key = 000102030405060708090A0B0C0D0E0F
+Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E
+Output = 5150d1772f50834a503e069a973fbd7c
+
+# SIPHASH - default values: 2,4 rounds, explicit 16-byte mac (set as 0)
+
+MAC = SipHash
+Ctrl = digestsize:0
+Key = 000102030405060708090A0B0C0D0E0F
+Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E
+Output = 5150d1772f50834a503e069a973fbd7c
+
+# SIPHASH - default values: 2,4 rounds, explicit 13-byte mac (invalid size)
+
+MAC = SipHash
+Ctrl = digestsize:13
+Key = 000102030405060708090A0B0C0D0E0F
+Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E
+Output = 5150d1772f50834a503e069a973fbd7c
+
 Title = HMAC tests (from RFC2104 and others)
 
 MAC = HMAC
diff --git a/test/siphash_internal_test.c b/test/siphash_internal_test.c
index 573c15d..dfdce48 100644
--- a/test/siphash_internal_test.c
+++ b/test/siphash_internal_test.c
@@ -196,7 +196,8 @@ static int test_siphash(int idx)
     for (i = 0; i < inlen; i++)
         in[i] = (unsigned char)i;
 
-    if (!TEST_true(SipHash_Init(&siphash, key, expectedlen, 0, 0)))
+    if (!TEST_true(SipHash_set_hash_size(&siphash, expectedlen))
+        || !TEST_true(SipHash_Init(&siphash, key, 0, 0)))
         return 0;
     SipHash_Update(&siphash, in, inlen);
     if (!TEST_true(SipHash_Final(&siphash, out, expectedlen))
@@ -204,7 +205,8 @@ static int test_siphash(int idx)
         return 0;
 
     if (inlen > 16) {
-        if (!TEST_true(SipHash_Init(&siphash, key, expectedlen, 0, 0)))
+        if (!TEST_true(SipHash_set_hash_size(&siphash, expectedlen))
+            || !TEST_true(SipHash_Init(&siphash, key, 0, 0)))
             return 0;
         SipHash_Update(&siphash, in, 1);
         SipHash_Update(&siphash, in+1, inlen-1);
@@ -220,7 +222,8 @@ static int test_siphash(int idx)
     if (inlen > 32) {
         size_t half = inlen / 2;
 
-        if (!TEST_true(SipHash_Init(&siphash, key, expectedlen, 0, 0)))
+        if (!TEST_true(SipHash_set_hash_size(&siphash, expectedlen))
+            || !TEST_true(SipHash_Init(&siphash, key, 0, 0)))
             return 0;
         SipHash_Update(&siphash, in, half);
         SipHash_Update(&siphash, in+half, inlen-half);
@@ -233,7 +236,8 @@ static int test_siphash(int idx)
         }
 
         for (half = 16; half < inlen; half += 16) {
-            if (!TEST_true(SipHash_Init(&siphash, key, expectedlen, 0, 0)))
+            if (!TEST_true(SipHash_set_hash_size(&siphash, expectedlen))
+                || !TEST_true(SipHash_Init(&siphash, key, 0, 0)))
                 return 0;
             SipHash_Update(&siphash, in, half);
             SipHash_Update(&siphash, in+half, inlen-half);
@@ -258,19 +262,22 @@ static int test_siphash_basic(void)
     unsigned char output[SIPHASH_MAX_DIGEST_SIZE];
 
     /* Use invalid hash size */
-    return TEST_int_eq(SipHash_Init(&siphash, key, 4, 0, 0), 0)
+    return TEST_int_eq(SipHash_set_hash_size(&siphash, 4), 0)
            /* Use hash size = 8 */
-           && TEST_true(SipHash_Init(&siphash, key, 8, 0, 0))
+           && TEST_true(SipHash_set_hash_size(&siphash, 8))
+           && TEST_true(SipHash_Init(&siphash, key, 0, 0))
            && TEST_true(SipHash_Final(&siphash, output, 8))
            && TEST_int_eq(SipHash_Final(&siphash, output, 16), 0)
 
            /* Use hash size = 16 */
-           && TEST_true(SipHash_Init(&siphash, key, 16, 0, 0))
+           && TEST_true(SipHash_set_hash_size(&siphash, 16))
+           && TEST_true(SipHash_Init(&siphash, key, 0, 0))
            && TEST_int_eq(SipHash_Final(&siphash, output, 8), 0)
            && TEST_true(SipHash_Final(&siphash, output, 16))
 
            /* Use hash size = 0 (default = 16) */
-           && TEST_true(SipHash_Init(&siphash, key, 0, 0, 0))
+           && TEST_true(SipHash_set_hash_size(&siphash, 0))
+           && TEST_true(SipHash_Init(&siphash, key, 0, 0))
            && TEST_int_eq(SipHash_Final(&siphash, output, 8), 0)
            && TEST_true(SipHash_Final(&siphash, output, 16));
 }


More information about the openssl-commits mailing list