[openssl] master update
shane.lontis at oracle.com
shane.lontis at oracle.com
Mon Nov 16 07:14:32 UTC 2020
The branch master has been updated
via 317b7c57e4eb09b83fc30c9823eff98667057429 (commit)
from fce56f5b690ea00447285fd928963f4d730c830a (commit)
- Log -----------------------------------------------------------------
commit 317b7c57e4eb09b83fc30c9823eff98667057429
Author: Shane Lontis <shane.lontis at oracle.com>
Date: Thu Nov 12 09:04:40 2020 +1000
Fixup EVP-MAC-KMAC documentation
Fixes #13232
Added example that shows setup of XOF.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13385)
-----------------------------------------------------------------------
Summary of changes:
doc/man7/EVP_MAC-KMAC.pod | 73 +++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 70 insertions(+), 3 deletions(-)
diff --git a/doc/man7/EVP_MAC-KMAC.pod b/doc/man7/EVP_MAC-KMAC.pod
index 245d998e4a..9d40288044 100644
--- a/doc/man7/EVP_MAC-KMAC.pod
+++ b/doc/man7/EVP_MAC-KMAC.pod
@@ -42,11 +42,78 @@ The length of the "size" parameter should not exceed that of a B<size_t>.
=item "xof" (B<OSSL_MAC_PARAM_XOF>) <integer>
+The "xof" parameter value is expected to be 1 or 0. Use 1 to enable XOF mode.
+The default value is 0.
+
=back
-The "xof" parameter value is expected to be 1 or 0. Use 1 to enable XOF
-mode. If XOF is enabled then the output length that is encoded as part of
-the input stream is set to zero.
+The "custom" and "key" parameters must be set before EVP_MAC_init().
+The "xof" and "size" parameters can be set at any time before EVP_MAC_final().
+
+=head1 EXAMPLES
+
+ #include <openssl/evp.h>
+ #include <openssl/params.h>
+
+ static int do_kmac(const unsigned char *in, size_t in_len,
+ const unsigned char *key, size_t key_len,
+ const unsigned char *custom, size_t custom_len,
+ int xof_enabled, unsigned char *out, int out_len)
+ {
+ EVP_MAC_CTX *ctx = NULL;
+ EVP_MAC *mac = NULL;
+ OSSL_PARAM params[4], *p;
+ int ret = 0;
+ size_t l = 0;
+
+ mac = EVP_MAC_fetch(NULL, "KMAC-128", NULL);
+ if (mac == NULL)
+ goto err;
+ ctx = EVP_MAC_CTX_new(mac);
+ /* The mac can be freed after it is used by EVP_MAC_CTX_new */
+ EVP_MAC_free(mac);
+ if (ctx == NULL)
+ goto err;
+
+ /*
+ * Setup parameters required before calling EVP_MAC_init()
+ * The parameters OSSL_MAC_PARAM_XOF and OSSL_MAC_PARAM_SIZE may also be
+ * used at this point.
+ */
+ p = params;
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
+ (void *)key, key_len);
+ if (custom != NULL && custom_len != 0)
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_CUSTOM,
+ (void *)custom, custom_len);
+ *p = OSSL_PARAM_construct_end();
+ if (!EVP_MAC_CTX_set_params(ctx, params))
+ goto err;
+
+ if (!EVP_MAC_init(ctx))
+ goto err;
+
+ /*
+ * Note: the following optional parameters can be set any time
+ * before EVP_MAC_final().
+ */
+ p = params;
+ *p++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_XOF, &xof_enabled);
+ *p++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_SIZE, &out_len);
+ *p = OSSL_PARAM_construct_end();
+ if (!EVP_MAC_CTX_set_params(ctx, params))
+ goto err;
+
+ /* The update may be called multiple times here for streamed input */
+ if (!EVP_MAC_update(ctx, in, in_len))
+ goto err;
+ if (!EVP_MAC_final(ctx, out, &l, out_len))
+ goto err;
+ ret = 1;
+ err:
+ EVP_MAC_CTX_free(ctx);
+ return ret;
+ }
=head1 SEE ALSO
More information about the openssl-commits
mailing list