[openssl-commits] [openssl] master update
Richard Levitte
levitte at openssl.org
Sat Sep 8 23:48:25 UTC 2018
The branch master has been updated
via d74f23d2dbf2de0f374bff004c135242cfb65174 (commit)
via 2725232132207ee30fd16e596885e3b0bd810fc4 (commit)
via d0123525cd82be320f6b8b91ca287a2e572341cc (commit)
via 7e6a3025493bae3018e8a9c71b93350859b1c484 (commit)
from f01344cb5c6239af0d406f48d65362d0df9627b5 (commit)
- Log -----------------------------------------------------------------
commit d74f23d2dbf2de0f374bff004c135242cfb65174
Author: Richard Levitte <levitte at openssl.org>
Date: Thu Sep 6 22:52:38 2018 +0200
SipHash: add separate setter for the hash size
This was originally part of SipHash_Init. However, there are cases
where there isn't any key material to initialize from when setting the
hash size, and we do allow doing so with a EVP_PKEY control. The
solution is to provide a separate hash_size setter and to use it in
the corresponding EVP_PKEY_METHOD.
Fixes #7143
Reviewed-by: Tim Hudson <tjh at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7145)
commit 2725232132207ee30fd16e596885e3b0bd810fc4
Author: Richard Levitte <levitte at openssl.org>
Date: Sat Sep 8 23:19:39 2018 +0200
TESTS: add SipHash tests with digestsize controls
Confirms #7143
Reviewed-by: Tim Hudson <tjh at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7154)
commit d0123525cd82be320f6b8b91ca287a2e572341cc
Author: Richard Levitte <levitte at openssl.org>
Date: Sat Sep 8 23:19:06 2018 +0200
SipHash: make it possible to control the hash size through string controls
Reviewed-by: Tim Hudson <tjh at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7154)
commit 7e6a3025493bae3018e8a9c71b93350859b1c484
Author: Richard Levitte <levitte at openssl.org>
Date: Sat Sep 8 23:16:55 2018 +0200
test/evp_test.c: make it possible to use controls with MAC tests
Reviewed-by: Tim Hudson <tjh at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7154)
-----------------------------------------------------------------------
Summary of changes:
crypto/include/internal/siphash.h | 3 ++-
crypto/siphash/siphash.c | 28 +++++++++++++++++++++-------
crypto/siphash/siphash_pmeth.c | 23 ++++++++++-------------
test/evp_test.c | 23 ++++++++++++++++++++++-
test/recipes/30-test_evp_data/evpmac.txt | 32 ++++++++++++++++++++++++++++++++
test/siphash_internal_test.c | 23 +++++++++++++++--------
6 files changed, 102 insertions(+), 30 deletions(-)
diff --git a/crypto/include/internal/siphash.h b/crypto/include/internal/siphash.h
index e086859..d8bcdca 100644
--- a/crypto/include/internal/siphash.h
+++ b/crypto/include/internal/siphash.h
@@ -18,7 +18,8 @@ typedef struct siphash_st SIPHASH;
size_t SipHash_ctx_size(void);
size_t SipHash_hash_size(SIPHASH *ctx);
-int SipHash_Init(SIPHASH *ctx, const unsigned char *k, int hash_size,
+int SipHash_set_hash_size(SIPHASH *ctx, size_t hash_size);
+int SipHash_Init(SIPHASH *ctx, const unsigned char *k,
int crounds, int drounds);
void SipHash_Update(SIPHASH *ctx, const unsigned char *in, size_t inlen);
int SipHash_Final(SIPHASH *ctx, unsigned char *out, size_t outlen);
diff --git a/crypto/siphash/siphash.c b/crypto/siphash/siphash.c
index 72fd519..e2352fc 100644
--- a/crypto/siphash/siphash.c
+++ b/crypto/siphash/siphash.c
@@ -80,17 +80,32 @@ size_t SipHash_hash_size(SIPHASH *ctx)
return ctx->hash_size;
}
+static size_t siphash_adjust_hash_size(size_t hash_size)
+{
+ if (hash_size == 0)
+ hash_size = SIPHASH_MAX_DIGEST_SIZE;
+ return hash_size;
+}
+
+int SipHash_set_hash_size(SIPHASH *ctx, size_t hash_size)
+{
+ hash_size = siphash_adjust_hash_size(hash_size);
+ if (hash_size != SIPHASH_MIN_DIGEST_SIZE
+ && hash_size != SIPHASH_MAX_DIGEST_SIZE)
+ return 0;
+
+ ctx->hash_size = hash_size;
+ return 1;
+}
+
/* hash_size = crounds = drounds = 0 means SipHash24 with 16-byte output */
-int SipHash_Init(SIPHASH *ctx, const unsigned char *k, int hash_size, int crounds, int drounds)
+int SipHash_Init(SIPHASH *ctx, const unsigned char *k, int crounds, int drounds)
{
uint64_t k0 = U8TO64_LE(k);
uint64_t k1 = U8TO64_LE(k + 8);
- if (hash_size == 0)
- hash_size = SIPHASH_MAX_DIGEST_SIZE;
- else if (hash_size != SIPHASH_MIN_DIGEST_SIZE &&
- hash_size != SIPHASH_MAX_DIGEST_SIZE)
- return 0;
+ /* If the hash size wasn't set, i.e. is zero */
+ ctx->hash_size = siphash_adjust_hash_size(ctx->hash_size);
if (drounds == 0)
drounds = SIPHASH_D_ROUNDS;
@@ -99,7 +114,6 @@ int SipHash_Init(SIPHASH *ctx, const unsigned char *k, int hash_size, int cround
ctx->crounds = crounds;
ctx->drounds = drounds;
- ctx->hash_size = hash_size;
ctx->len = 0;
ctx->total_inlen = 0;
diff --git a/crypto/siphash/siphash_pmeth.c b/crypto/siphash/siphash_pmeth.c
index a635260..66e552f 100644
--- a/crypto/siphash/siphash_pmeth.c
+++ b/crypto/siphash/siphash_pmeth.c
@@ -95,16 +95,13 @@ static int siphash_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
const unsigned char* key;
size_t len;
- int hash_size;
key = EVP_PKEY_get0_siphash(EVP_PKEY_CTX_get0_pkey(ctx), &len);
if (key == NULL || len != SIPHASH_KEY_SIZE)
return 0;
EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
EVP_MD_CTX_set_update_fn(mctx, int_update);
- /* use default rounds (2,4) */
- hash_size = SipHash_hash_size(&pctx->ctx);
- return SipHash_Init(&pctx->ctx, key, hash_size, 0, 0);
+ return SipHash_Init(&pctx->ctx, key, 0, 0);
}
static int siphash_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
EVP_MD_CTX *mctx)
@@ -122,7 +119,6 @@ static int pkey_siphash_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
const unsigned char *key;
size_t len;
- int hash_size;
switch (type) {
@@ -131,12 +127,7 @@ static int pkey_siphash_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
break;
case EVP_PKEY_CTRL_SET_DIGEST_SIZE:
- if (p1 != SIPHASH_MIN_DIGEST_SIZE &&
- p1 != SIPHASH_MAX_DIGEST_SIZE) {
- return 0;
- }
- /* use default rounds (2,4) */
- return SipHash_Init(&pctx->ctx, ASN1_STRING_get0_data(&pctx->ktmp), p1, 0, 0);
+ return SipHash_set_hash_size(&pctx->ctx, p1);
case EVP_PKEY_CTRL_SET_MAC_KEY:
case EVP_PKEY_CTRL_DIGESTINIT:
@@ -152,8 +143,8 @@ static int pkey_siphash_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
!ASN1_OCTET_STRING_set(&pctx->ktmp, key, len))
return 0;
/* use default rounds (2,4) */
- hash_size = SipHash_hash_size(&pctx->ctx);
- return SipHash_Init(&pctx->ctx, ASN1_STRING_get0_data(&pctx->ktmp), hash_size, 0, 0);
+ return SipHash_Init(&pctx->ctx, ASN1_STRING_get0_data(&pctx->ktmp),
+ 0, 0);
default:
return -2;
@@ -167,6 +158,12 @@ static int pkey_siphash_ctrl_str(EVP_PKEY_CTX *ctx,
{
if (value == NULL)
return 0;
+ if (strcmp(type, "digestsize") == 0) {
+ size_t hash_size = atoi(value);
+
+ return pkey_siphash_ctrl(ctx, EVP_PKEY_CTRL_SET_DIGEST_SIZE, hash_size,
+ NULL);
+ }
if (strcmp(type, "key") == 0)
return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
if (strcmp(type, "hexkey") == 0)
diff --git a/test/evp_test.c b/test/evp_test.c
index 5391563..98301e6 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -73,6 +73,8 @@ static KEY_LIST *public_keys;
static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst);
static int parse_bin(const char *value, unsigned char **buf, size_t *buflen);
+static int pkey_test_ctrl(EVP_TEST *t, EVP_PKEY_CTX *pctx,
+ const char *value);
/*
* Compare two memory regions for equality, returning zero if they differ.
@@ -843,6 +845,8 @@ typedef struct mac_data_st {
/* Expected output */
unsigned char *output;
size_t output_len;
+ /* Collection of controls */
+ STACK_OF(OPENSSL_STRING) *controls;
} MAC_DATA;
static int mac_test_init(EVP_TEST *t, const char *alg)
@@ -878,14 +882,22 @@ static int mac_test_init(EVP_TEST *t, const char *alg)
mdat = OPENSSL_zalloc(sizeof(*mdat));
mdat->type = type;
+ mdat->controls = sk_OPENSSL_STRING_new_null();
t->data = mdat;
return 1;
}
+/* Because OPENSSL_free is a macro, it can't be passed as a function pointer */
+static void openssl_free(char *m)
+{
+ OPENSSL_free(m);
+}
+
static void mac_test_cleanup(EVP_TEST *t)
{
MAC_DATA *mdat = t->data;
+ sk_OPENSSL_STRING_pop_free(mdat->controls, openssl_free);
OPENSSL_free(mdat->alg);
OPENSSL_free(mdat->key);
OPENSSL_free(mdat->input);
@@ -909,6 +921,9 @@ static int mac_test_parse(EVP_TEST *t,
return parse_bin(value, &mdata->input, &mdata->input_len);
if (strcmp(keyword, "Output") == 0)
return parse_bin(value, &mdata->output, &mdata->output_len);
+ if (strcmp(keyword, "Ctrl") == 0)
+ return sk_OPENSSL_STRING_push(mdata->controls,
+ OPENSSL_strdup(value)) != 0;
return 0;
}
@@ -921,6 +936,7 @@ static int mac_test_run(EVP_TEST *t)
const EVP_MD *md = NULL;
unsigned char *got = NULL;
size_t got_len;
+ int i;
#ifdef OPENSSL_NO_DES
if (expected->alg != NULL && strstr(expected->alg, "DES") != NULL) {
@@ -955,7 +971,12 @@ static int mac_test_run(EVP_TEST *t)
t->err = "DIGESTSIGNINIT_ERROR";
goto err;
}
-
+ for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++)
+ if (!pkey_test_ctrl(t, pctx,
+ sk_OPENSSL_STRING_value(expected->controls, i))) {
+ t->err = "EVPPKEYCTXCTRL_ERROR";
+ goto err;
+ }
if (!EVP_DigestSignUpdate(mctx, expected->input, expected->input_len)) {
t->err = "DIGESTSIGNUPDATE_ERROR";
goto err;
diff --git a/test/recipes/30-test_evp_data/evpmac.txt b/test/recipes/30-test_evp_data/evpmac.txt
index 9de8be1..e941a46 100644
--- a/test/recipes/30-test_evp_data/evpmac.txt
+++ b/test/recipes/30-test_evp_data/evpmac.txt
@@ -128,6 +128,38 @@ Key = 000102030405060708090A0B0C0D0E0F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E
Output = 5150d1772f50834a503e069a973fbd7c
+# SIPHASH - default values: 2,4 rounds, explicit 8-byte mac
+
+MAC = SipHash
+Ctrl = digestsize:8
+Key = 000102030405060708090A0B0C0D0E0F
+Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E
+Output = B96AB0B9D449A78A
+
+# SIPHASH - default values: 2,4 rounds, explicit 16-byte mac
+
+MAC = SipHash
+Ctrl = digestsize:16
+Key = 000102030405060708090A0B0C0D0E0F
+Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E
+Output = 5150d1772f50834a503e069a973fbd7c
+
+# SIPHASH - default values: 2,4 rounds, explicit 16-byte mac (set as 0)
+
+MAC = SipHash
+Ctrl = digestsize:0
+Key = 000102030405060708090A0B0C0D0E0F
+Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E
+Output = 5150d1772f50834a503e069a973fbd7c
+
+# SIPHASH - default values: 2,4 rounds, explicit 13-byte mac (invalid size)
+
+MAC = SipHash
+Ctrl = digestsize:13
+Key = 000102030405060708090A0B0C0D0E0F
+Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E
+Output = 5150d1772f50834a503e069a973fbd7c
+
Title = HMAC tests (from RFC2104 and others)
MAC = HMAC
diff --git a/test/siphash_internal_test.c b/test/siphash_internal_test.c
index 573c15d..dfdce48 100644
--- a/test/siphash_internal_test.c
+++ b/test/siphash_internal_test.c
@@ -196,7 +196,8 @@ static int test_siphash(int idx)
for (i = 0; i < inlen; i++)
in[i] = (unsigned char)i;
- if (!TEST_true(SipHash_Init(&siphash, key, expectedlen, 0, 0)))
+ if (!TEST_true(SipHash_set_hash_size(&siphash, expectedlen))
+ || !TEST_true(SipHash_Init(&siphash, key, 0, 0)))
return 0;
SipHash_Update(&siphash, in, inlen);
if (!TEST_true(SipHash_Final(&siphash, out, expectedlen))
@@ -204,7 +205,8 @@ static int test_siphash(int idx)
return 0;
if (inlen > 16) {
- if (!TEST_true(SipHash_Init(&siphash, key, expectedlen, 0, 0)))
+ if (!TEST_true(SipHash_set_hash_size(&siphash, expectedlen))
+ || !TEST_true(SipHash_Init(&siphash, key, 0, 0)))
return 0;
SipHash_Update(&siphash, in, 1);
SipHash_Update(&siphash, in+1, inlen-1);
@@ -220,7 +222,8 @@ static int test_siphash(int idx)
if (inlen > 32) {
size_t half = inlen / 2;
- if (!TEST_true(SipHash_Init(&siphash, key, expectedlen, 0, 0)))
+ if (!TEST_true(SipHash_set_hash_size(&siphash, expectedlen))
+ || !TEST_true(SipHash_Init(&siphash, key, 0, 0)))
return 0;
SipHash_Update(&siphash, in, half);
SipHash_Update(&siphash, in+half, inlen-half);
@@ -233,7 +236,8 @@ static int test_siphash(int idx)
}
for (half = 16; half < inlen; half += 16) {
- if (!TEST_true(SipHash_Init(&siphash, key, expectedlen, 0, 0)))
+ if (!TEST_true(SipHash_set_hash_size(&siphash, expectedlen))
+ || !TEST_true(SipHash_Init(&siphash, key, 0, 0)))
return 0;
SipHash_Update(&siphash, in, half);
SipHash_Update(&siphash, in+half, inlen-half);
@@ -258,19 +262,22 @@ static int test_siphash_basic(void)
unsigned char output[SIPHASH_MAX_DIGEST_SIZE];
/* Use invalid hash size */
- return TEST_int_eq(SipHash_Init(&siphash, key, 4, 0, 0), 0)
+ return TEST_int_eq(SipHash_set_hash_size(&siphash, 4), 0)
/* Use hash size = 8 */
- && TEST_true(SipHash_Init(&siphash, key, 8, 0, 0))
+ && TEST_true(SipHash_set_hash_size(&siphash, 8))
+ && TEST_true(SipHash_Init(&siphash, key, 0, 0))
&& TEST_true(SipHash_Final(&siphash, output, 8))
&& TEST_int_eq(SipHash_Final(&siphash, output, 16), 0)
/* Use hash size = 16 */
- && TEST_true(SipHash_Init(&siphash, key, 16, 0, 0))
+ && TEST_true(SipHash_set_hash_size(&siphash, 16))
+ && TEST_true(SipHash_Init(&siphash, key, 0, 0))
&& TEST_int_eq(SipHash_Final(&siphash, output, 8), 0)
&& TEST_true(SipHash_Final(&siphash, output, 16))
/* Use hash size = 0 (default = 16) */
- && TEST_true(SipHash_Init(&siphash, key, 0, 0, 0))
+ && TEST_true(SipHash_set_hash_size(&siphash, 0))
+ && TEST_true(SipHash_Init(&siphash, key, 0, 0))
&& TEST_int_eq(SipHash_Final(&siphash, output, 8), 0)
&& TEST_true(SipHash_Final(&siphash, output, 16));
}
More information about the openssl-commits
mailing list