[openssl/openssl] 536649: Add EVP_DigestSqueeze() API.

Shane noreply at github.com
Fri Nov 10 12:29:14 UTC 2023 

  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: 536649082212e7c643ab8d7bab89f620fbcd37f0
      https://github.com/openssl/openssl/commit/536649082212e7c643ab8d7bab89f620fbcd37f0
  Author: slontis <shane.lontis at oracle.com>
  Date:   2023-11-10 (Fri, 10 Nov 2023)

  Changed paths:
    M crypto/evp/digest.c
    M crypto/evp/legacy_sha.c
    M crypto/sha/asm/keccak1600-armv4.pl
    M crypto/sha/asm/keccak1600-armv8.pl
    M crypto/sha/asm/keccak1600-ppc64.pl
    M crypto/sha/asm/keccak1600-x86_64.pl
    M crypto/sha/keccak1600.c
    M crypto/sha/sha3.c
    M doc/life-cycles/digest.dot
    M doc/man3/EVP_DigestInit.pod
    M doc/man7/EVP_MD-BLAKE2.pod
    M doc/man7/EVP_MD-SHAKE.pod
    M doc/man7/img/digest.png
    M doc/man7/life_cycle-digest.pod
    M doc/man7/provider-digest.pod
    M include/crypto/evp.h
    M include/internal/sha3.h
    M include/openssl/core_dispatch.h
    M include/openssl/evp.h
    M providers/implementations/digests/sha3_prov.c
    M test/build.info
    A test/evp_xof_test.c
    A test/recipes/30-test_evp_xof.t
    M util/libcrypto.num

  Log Message:
  -----------
  Add EVP_DigestSqueeze() API.

Fixes #7894

This allows SHAKE to squeeze multiple times with different output sizes.

The existing EVP_DigestFinalXOF() API has been left as a one shot
operation. A similar interface is used by another toolkit.

The low level SHA3_Squeeze() function needed to change slightly so
that it can handle multiple squeezes. This involves changing the
assembler code so that it passes a boolean to indicate whether
the Keccak function should be called on entry.
At the provider level, the squeeze is buffered, so that it only requests
a multiple of the blocksize when SHA3_Squeeze() is called. On the first
call the value is zero, on subsequent calls the value passed is 1.

This PR is derived from the excellent work done by @nmathewson in
https://github.com/openssl/openssl/pull/7921

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21511)

More information about the openssl-commits mailing list