diff options
author | Pauli <pauli@openssl.org> | 2021-04-28 12:58:35 +1000 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2021-05-05 22:12:20 +1000 |
commit | b039c87a4ca3dd4e4ebbea4a5d1fd3821497f900 (patch) | |
tree | 4fbdcd2fd9d4d8d541d015eca553874e43ed69e0 | |
parent | 6a38b09a7fa6eaac6bcbe567382fbe7d3d719503 (diff) |
mac: add EVP_MAC_finalXOF() function
Fixes #14140
Fixes #13232
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15061)
-rw-r--r-- | crypto/err/openssl.txt | 1 | ||||
-rw-r--r-- | crypto/evp/evp_err.c | 5 | ||||
-rw-r--r-- | crypto/evp/mac_lib.c | 49 | ||||
-rw-r--r-- | include/openssl/evp.h | 1 | ||||
-rw-r--r-- | include/openssl/evperr.h | 3 | ||||
-rw-r--r-- | util/libcrypto.num | 1 |
6 files changed, 50 insertions, 10 deletions
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 1e51d23219..728356148f 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -727,6 +727,7 @@ EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\ EVP_R_PRIVATE_KEY_DECODE_ERROR:145:private key decode error EVP_R_PRIVATE_KEY_ENCODE_ERROR:146:private key encode error EVP_R_PUBLIC_KEY_NOT_RSA:106:public key not rsa +EVP_R_SETTING_XOF_FAILED:227:setting xof failed EVP_R_SET_DEFAULT_PROPERTY_FAILURE:209:set default property failure EVP_R_TOO_MANY_RECORDS:183:too many records EVP_R_UNABLE_TO_ENABLE_LOCKING:212:unable to enable locking diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 7fa3fbf400..ad95f5ef02 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -133,10 +133,10 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NULL_MAC_PKEY_CTX), "null mac pkey ctx"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ONLY_ONESHOT_SUPPORTED), "only oneshot supported"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), - "operation not supported for this keytype"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATION_NOT_INITIALIZED), "operation not initialized"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), + "operation not supported for this keytype"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OUTPUT_WOULD_OVERFLOW), "output would overflow"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARAMETER_TOO_LARGE), @@ -151,6 +151,7 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_SETTING_XOF_FAILED), "setting xof failed"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_SET_DEFAULT_PROPERTY_FAILURE), "set default property failure"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_TOO_MANY_RECORDS), "too many records"}, diff --git a/crypto/evp/mac_lib.c b/crypto/evp/mac_lib.c index 3d60905a9e..6f97de94de 100644 --- a/crypto/evp/mac_lib.c +++ b/crypto/evp/mac_lib.c @@ -116,21 +116,56 @@ int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen) return ctx->meth->update(ctx->data, data, datalen); } -int EVP_MAC_final(EVP_MAC_CTX *ctx, - unsigned char *out, size_t *outl, size_t outsize) +static int evp_mac_final(EVP_MAC_CTX *ctx, int xof, + unsigned char *out, size_t *outl, size_t outsize) { size_t l; - int res = 1; + int res; + OSSL_PARAM params[2]; + + if (ctx == NULL || ctx->meth == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_NULL_ALGORITHM); + return 0; + } + if (ctx->meth->final == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR); + return 0; + } - if (out != NULL) - res = ctx->meth->final(ctx->data, out, &l, outsize); - else - l = EVP_MAC_CTX_get_mac_size(ctx); + if (out == NULL) { + if (outl == NULL) { + ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + *outl = EVP_MAC_CTX_get_mac_size(ctx); + return 1; + } + if (xof) { + params[0] = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_XOF, &xof); + params[1] = OSSL_PARAM_construct_end(); + + if (EVP_MAC_CTX_set_params(ctx, params) <= 0) { + ERR_raise(ERR_LIB_EVP, EVP_R_SETTING_XOF_FAILED); + return 0; + } + } + res = ctx->meth->final(ctx->data, out, &l, outsize); if (outl != NULL) *outl = l; return res; } +int EVP_MAC_final(EVP_MAC_CTX *ctx, + unsigned char *out, size_t *outl, size_t outsize) +{ + return evp_mac_final(ctx, 0, out, outl, outsize); +} + +int EVP_MAC_finalXOF(EVP_MAC_CTX *ctx, unsigned char *out, size_t outsize) +{ + return evp_mac_final(ctx, 1, out, NULL, outsize); +} + /* * The {get,set}_params functions return 1 if there is no corresponding * function in the implementation. This is the same as if there was one, diff --git a/include/openssl/evp.h b/include/openssl/evp.h index f527de4d4c..91b84ebf6f 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1181,6 +1181,7 @@ int EVP_MAC_init(EVP_MAC_CTX *ctx, const unsigned char *key, size_t keylen, int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen); int EVP_MAC_final(EVP_MAC_CTX *ctx, unsigned char *out, size_t *outl, size_t outsize); +int EVP_MAC_finalXOF(EVP_MAC_CTX *ctx, unsigned char *out, size_t outsize); const OSSL_PARAM *EVP_MAC_gettable_params(const EVP_MAC *mac); const OSSL_PARAM *EVP_MAC_gettable_ctx_params(const EVP_MAC *mac); const OSSL_PARAM *EVP_MAC_settable_ctx_params(const EVP_MAC *mac); diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h index b2e08b14b6..ffa8bacd5b 100644 --- a/include/openssl/evperr.h +++ b/include/openssl/evperr.h @@ -95,8 +95,8 @@ # define EVP_R_NO_OPERATION_SET 149 # define EVP_R_NULL_MAC_PKEY_CTX 208 # define EVP_R_ONLY_ONESHOT_SUPPORTED 177 -# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 # define EVP_R_OPERATION_NOT_INITIALIZED 151 +# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 # define EVP_R_OUTPUT_WOULD_OVERFLOW 202 # define EVP_R_PARAMETER_TOO_LARGE 187 # define EVP_R_PARTIALLY_OVERLAPPING 162 @@ -105,6 +105,7 @@ # define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 # define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 # define EVP_R_PUBLIC_KEY_NOT_RSA 106 +# define EVP_R_SETTING_XOF_FAILED 227 # define EVP_R_SET_DEFAULT_PROPERTY_FAILURE 209 # define EVP_R_TOO_MANY_RECORDS 183 # define EVP_R_UNABLE_TO_ENABLE_LOCKING 212 diff --git a/util/libcrypto.num b/util/libcrypto.num index 835b06b20b..da5936f1ab 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4413,6 +4413,7 @@ EVP_MAC_CTX_get_mac_size ? 3_0_0 EXIST::FUNCTION: EVP_MAC_init ? 3_0_0 EXIST::FUNCTION: EVP_MAC_update ? 3_0_0 EXIST::FUNCTION: EVP_MAC_final ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_finalXOF ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_supports_digest_nid ? 3_0_0 EXIST::FUNCTION: SRP_VBASE_add0_user ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP SRP_user_pwd_new ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP |