mac: add EVP_MAC_finalXOF() function

Fixes #14140 Fixes #13232 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15061)
author: Pauli <pauli@openssl.org> 2021-04-28 12:58:35 +1000
committer: Pauli <pauli@openssl.org> 2021-05-05 22:12:20 +1000
commit: b039c87a4ca3dd4e4ebbea4a5d1fd3821497f900 (patch)
tree: 4fbdcd2fd9d4d8d541d015eca553874e43ed69e0
parent: 6a38b09a7fa6eaac6bcbe567382fbe7d3d719503 (diff)
6 files changed, 50 insertions, 10 deletions
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 1e51d23219..728356148f 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -727,6 +727,7 @@ EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\
 EVP_R_PRIVATE_KEY_DECODE_ERROR:145:private key decode error
 EVP_R_PRIVATE_KEY_ENCODE_ERROR:146:private key encode error
 EVP_R_PUBLIC_KEY_NOT_RSA:106:public key not rsa
+EVP_R_SETTING_XOF_FAILED:227:setting xof failed
 EVP_R_SET_DEFAULT_PROPERTY_FAILURE:209:set default property failure
 EVP_R_TOO_MANY_RECORDS:183:too many records
 EVP_R_UNABLE_TO_ENABLE_LOCKING:212:unable to enable locking
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index 7fa3fbf400..ad95f5ef02 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -133,10 +133,10 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NULL_MAC_PKEY_CTX), "null mac pkey ctx"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ONLY_ONESHOT_SUPPORTED),
     "only oneshot supported"},
-    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
-    "operation not supported for this keytype"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATION_NOT_INITIALIZED),
     "operation not initialized"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
+    "operation not supported for this keytype"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OUTPUT_WOULD_OVERFLOW),
     "output would overflow"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARAMETER_TOO_LARGE),
@@ -151,6 +151,7 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_ENCODE_ERROR),
     "private key encode error"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_SETTING_XOF_FAILED), "setting xof failed"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_SET_DEFAULT_PROPERTY_FAILURE),
     "set default property failure"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_TOO_MANY_RECORDS), "too many records"},
diff --git a/crypto/evp/mac_lib.c b/crypto/evp/mac_lib.c
index 3d60905a9e..6f97de94de 100644
--- a/crypto/evp/mac_lib.c
+++ b/crypto/evp/mac_lib.c
@@ -116,21 +116,56 @@ int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen)
     return ctx->meth->update(ctx->data, data, datalen);
 }
 
-int EVP_MAC_final(EVP_MAC_CTX *ctx,
-                  unsigned char *out, size_t *outl, size_t outsize)
+static int evp_mac_final(EVP_MAC_CTX *ctx, int xof,
+                         unsigned char *out, size_t *outl, size_t outsize)
 {
     size_t l;
-    int res = 1;
+    int res;
+    OSSL_PARAM params[2];
+
+    if (ctx == NULL || ctx->meth == NULL) {
+        ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_NULL_ALGORITHM);
+        return 0;
+    }
+    if (ctx->meth->final == NULL) {
+        ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
+        return 0;
+    }
 
-    if (out != NULL)
-        res = ctx->meth->final(ctx->data, out, &l, outsize);
-    else
-        l = EVP_MAC_CTX_get_mac_size(ctx);
+    if (out == NULL) {
+        if (outl == NULL) {
+            ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
+            return 0;
+        }
+        *outl = EVP_MAC_CTX_get_mac_size(ctx);
+        return 1;
+    }
+    if (xof) {
+        params[0] = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_XOF, &xof);
+        params[1] = OSSL_PARAM_construct_end();
+
+        if (EVP_MAC_CTX_set_params(ctx, params) <= 0) {
+            ERR_raise(ERR_LIB_EVP, EVP_R_SETTING_XOF_FAILED);
+            return 0;
+        }
+    }
+    res = ctx->meth->final(ctx->data, out, &l, outsize);
     if (outl != NULL)
         *outl = l;
     return res;
 }
 
+int EVP_MAC_final(EVP_MAC_CTX *ctx,
+                  unsigned char *out, size_t *outl, size_t outsize)
+{
+    return evp_mac_final(ctx, 0, out, outl, outsize);
+}
+
+int EVP_MAC_finalXOF(EVP_MAC_CTX *ctx, unsigned char *out, size_t outsize)
+{
+    return evp_mac_final(ctx, 1, out, NULL, outsize);
+}
+
 /*
  * The {get,set}_params functions return 1 if there is no corresponding
  * function in the implementation.  This is the same as if there was one,
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index f527de4d4c..91b84ebf6f 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1181,6 +1181,7 @@ int EVP_MAC_init(EVP_MAC_CTX *ctx, const unsigned char *key, size_t keylen,
 int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen);
 int EVP_MAC_final(EVP_MAC_CTX *ctx,
                   unsigned char *out, size_t *outl, size_t outsize);
+int EVP_MAC_finalXOF(EVP_MAC_CTX *ctx, unsigned char *out, size_t outsize);
 const OSSL_PARAM *EVP_MAC_gettable_params(const EVP_MAC *mac);
 const OSSL_PARAM *EVP_MAC_gettable_ctx_params(const EVP_MAC *mac);
 const OSSL_PARAM *EVP_MAC_settable_ctx_params(const EVP_MAC *mac);
diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h
index b2e08b14b6..ffa8bacd5b 100644
--- a/include/openssl/evperr.h
+++ b/include/openssl/evperr.h
@@ -95,8 +95,8 @@
 # define EVP_R_NO_OPERATION_SET                           149
 # define EVP_R_NULL_MAC_PKEY_CTX                          208
 # define EVP_R_ONLY_ONESHOT_SUPPORTED                     177
-# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE   150
 # define EVP_R_OPERATION_NOT_INITIALIZED                  151
+# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE   150
 # define EVP_R_OUTPUT_WOULD_OVERFLOW                      202
 # define EVP_R_PARAMETER_TOO_LARGE                        187
 # define EVP_R_PARTIALLY_OVERLAPPING                      162
@@ -105,6 +105,7 @@
 # define EVP_R_PRIVATE_KEY_DECODE_ERROR                   145
 # define EVP_R_PRIVATE_KEY_ENCODE_ERROR                   146
 # define EVP_R_PUBLIC_KEY_NOT_RSA                         106
+# define EVP_R_SETTING_XOF_FAILED                         227
 # define EVP_R_SET_DEFAULT_PROPERTY_FAILURE               209
 # define EVP_R_TOO_MANY_RECORDS                           183
 # define EVP_R_UNABLE_TO_ENABLE_LOCKING                   212
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 835b06b20b..da5936f1ab 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4413,6 +4413,7 @@ EVP_MAC_CTX_get_mac_size                ?	3_0_0	EXIST::FUNCTION:
 EVP_MAC_init                            ?	3_0_0	EXIST::FUNCTION:
 EVP_MAC_update                          ?	3_0_0	EXIST::FUNCTION:
 EVP_MAC_final                           ?	3_0_0	EXIST::FUNCTION:
+EVP_MAC_finalXOF                        ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_supports_digest_nid            ?	3_0_0	EXIST::FUNCTION:
 SRP_VBASE_add0_user                     ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
 SRP_user_pwd_new                        ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
author	Pauli <pauli@openssl.org>	2021-04-28 12:58:35 +1000
committer	Pauli <pauli@openssl.org>	2021-05-05 22:12:20 +1000
commit	b039c87a4ca3dd4e4ebbea4a5d1fd3821497f900 (patch)
tree	4fbdcd2fd9d4d8d541d015eca553874e43ed69e0
parent	6a38b09a7fa6eaac6bcbe567382fbe7d3d719503 (diff)