diff options
| author | Tomas Mraz <tomas@openssl.org> | 2023-11-08 10:22:54 +0100 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2023-11-13 12:29:28 +0100 |
| commit | aa95fb14003121d0b6c86e564c31cb95424d4bed (patch) | |
| tree | 6b9b0f6bd19c28d818484f4dab40120781a9ab6f | |
| parent | 26997d66059432e1fa5bf946249a0bf6086dd716 (diff) | |
Properly limit the variable output size for BLAKE2
The upper limit of the output size is the default output size
of the algorithm.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22661)
| -rw-r--r-- | doc/man7/EVP_MD-BLAKE2.pod | 18 | ||||
| -rw-r--r-- | providers/implementations/digests/blake2b_prov.c | 2 | ||||
| -rw-r--r-- | test/recipes/30-test_evp_data/evpmd_blake.txt | 5 |
3 files changed, 20 insertions, 5 deletions
diff --git a/doc/man7/EVP_MD-BLAKE2.pod b/doc/man7/EVP_MD-BLAKE2.pod index ba0658206c..a490ed8ec0 100644 --- a/doc/man7/EVP_MD-BLAKE2.pod +++ b/doc/man7/EVP_MD-BLAKE2.pod @@ -32,16 +32,20 @@ in L<EVP_MD-common(7)>. =head2 Settable Context Parameters -The BLAKE2B-512 implementation supports the following L<OSSL_PARAM(3)> entries, -settable for an B<EVP_MD_CTX> with L<EVP_MD_CTX_set_params(3)>: +The BLAKE2B-512 implementation supports the following L<OSSL_PARAM(3)> entries +which are settable for an B<EVP_MD_CTX> with L<EVP_DigestInit_ex2(3)> or +L<EVP_MD_CTX_set_params(3)>: =over 4 =item "size" (B<OSSL_DIGEST_PARAM_SIZE>) <unsigned integer> Sets a different digest length for the L<EVP_DigestFinal(3)> output. -The value of the "size" parameter should not exceed 255 and it must be set -during the L<EVP_DigestInit_ex2(3)> call. +The value of the "size" parameter must not exceed the default digest length +(64 for BLAKE2B-512). The parameter must be set with the +L<EVP_DigestInit_ex2(3)> call to have an immediate effect. When set with +L<EVP_MD_CTX_set_params(3)> it will have an effect only if the B<EVP_MD_CTX> +context is reinitialized. =back @@ -49,6 +53,12 @@ during the L<EVP_DigestInit_ex2(3)> call. L<provider-digest(7)>, L<OSSL_PROVIDER-default(7)> +=head1 HISTORY + +This functionality was added in OpenSSL 3.0. + +The variable size support was added in OpenSSL 3.2 for BLAKE2B-512. + =head1 COPYRIGHT Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. diff --git a/providers/implementations/digests/blake2b_prov.c b/providers/implementations/digests/blake2b_prov.c index ee61de8a72..1917990c44 100644 --- a/providers/implementations/digests/blake2b_prov.c +++ b/providers/implementations/digests/blake2b_prov.c @@ -82,7 +82,7 @@ int ossl_blake2b_set_ctx_params(void *vctx, const OSSL_PARAM params[]) ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return 0; } - if (size < 1 || size > UINT8_MAX) { + if (size < 1 || size > BLAKE2B_OUTBYTES) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_SIZE); return 0; } diff --git a/test/recipes/30-test_evp_data/evpmd_blake.txt b/test/recipes/30-test_evp_data/evpmd_blake.txt index 474e659142..5fdb574d45 100644 --- a/test/recipes/30-test_evp_data/evpmd_blake.txt +++ b/test/recipes/30-test_evp_data/evpmd_blake.txt @@ -99,3 +99,8 @@ Digest = BLAKE2b512 Input = 61 OutputSize = 32 Output = 8928aae63c84d87ea098564d1e03ad813f107add474e56aedd286349c0c03ea4 + +Digest = BLAKE2b512 +Input = 61 +OutputSize = 65 +Result = DIGESTINIT_ERROR |