SipHash: add separate setter for the hash size

This was originally part of SipHash_Init. However, there are cases where there isn't any key material to initialize from when setting the hash size, and we do allow doing so with a EVP_PKEY control. The solution is to provide a separate hash_size setter and to use it in the corresponding EVP_PKEY_METHOD. Fixes #7143 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7145)
author: Richard Levitte <levitte@openssl.org> 2018-09-06 22:52:38 +0200
committer: Richard Levitte <levitte@openssl.org> 2018-09-09 01:47:56 +0200
commit: d74f23d2dbf2de0f374bff004c135242cfb65174 (patch)
tree: 766fdbfde67286e37c872b562e4887203399a483 /crypto/siphash
parent: 2725232132207ee30fd16e596885e3b0bd810fc4 (diff)
2 files changed, 25 insertions, 20 deletions
diff --git a/crypto/siphash/siphash.c b/crypto/siphash/siphash.c
index 72fd5198b8..e2352fc730 100644
--- a/crypto/siphash/siphash.c
+++ b/crypto/siphash/siphash.c
@@ -80,17 +80,32 @@ size_t SipHash_hash_size(SIPHASH *ctx)
     return ctx->hash_size;
 }
 
+static size_t siphash_adjust_hash_size(size_t hash_size)
+{
+    if (hash_size == 0)
+        hash_size = SIPHASH_MAX_DIGEST_SIZE;
+    return hash_size;
+}
+
+int SipHash_set_hash_size(SIPHASH *ctx, size_t hash_size)
+{
+    hash_size = siphash_adjust_hash_size(hash_size);
+    if (hash_size != SIPHASH_MIN_DIGEST_SIZE
+        && hash_size != SIPHASH_MAX_DIGEST_SIZE)
+        return 0;
+
+    ctx->hash_size = hash_size;
+    return 1;
+}
+
 /* hash_size = crounds = drounds = 0 means SipHash24 with 16-byte output */
-int SipHash_Init(SIPHASH *ctx, const unsigned char *k, int hash_size, int crounds, int drounds)
+int SipHash_Init(SIPHASH *ctx, const unsigned char *k, int crounds, int drounds)
 {
     uint64_t k0 = U8TO64_LE(k);
     uint64_t k1 = U8TO64_LE(k + 8);
 
-    if (hash_size == 0)
-        hash_size = SIPHASH_MAX_DIGEST_SIZE;
-    else if (hash_size != SIPHASH_MIN_DIGEST_SIZE &&
-             hash_size != SIPHASH_MAX_DIGEST_SIZE)
-        return 0;
+    /* If the hash size wasn't set, i.e. is zero */
+    ctx->hash_size = siphash_adjust_hash_size(ctx->hash_size);
 
     if (drounds == 0)
         drounds = SIPHASH_D_ROUNDS;
@@ -99,7 +114,6 @@ int SipHash_Init(SIPHASH *ctx, const unsigned char *k, int hash_size, int cround
 
     ctx->crounds = crounds;
     ctx->drounds = drounds;
-    ctx->hash_size = hash_size;
 
     ctx->len = 0;
     ctx->total_inlen = 0;
diff --git a/crypto/siphash/siphash_pmeth.c b/crypto/siphash/siphash_pmeth.c
index 5c981bdb0b..66e552fec5 100644
--- a/crypto/siphash/siphash_pmeth.c
+++ b/crypto/siphash/siphash_pmeth.c
@@ -95,16 +95,13 @@ static int siphash_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
     SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
     const unsigned char* key;
     size_t len;
-    int hash_size;
 
     key = EVP_PKEY_get0_siphash(EVP_PKEY_CTX_get0_pkey(ctx), &len);
     if (key == NULL || len != SIPHASH_KEY_SIZE)
         return 0;
     EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
     EVP_MD_CTX_set_update_fn(mctx, int_update);
-    /* use default rounds (2,4) */
-    hash_size = SipHash_hash_size(&pctx->ctx);
-    return SipHash_Init(&pctx->ctx, key, hash_size, 0, 0);
+    return SipHash_Init(&pctx->ctx, key, 0, 0);
 }
 static int siphash_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
                             EVP_MD_CTX *mctx)
@@ -122,7 +119,6 @@ static int pkey_siphash_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
     SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
     const unsigned char *key;
     size_t len;
-    int hash_size;
 
     switch (type) {
 
@@ -131,12 +127,7 @@ static int pkey_siphash_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
         break;
 
     case EVP_PKEY_CTRL_SET_DIGEST_SIZE:
-        if (p1 != SIPHASH_MIN_DIGEST_SIZE &&
-            p1 != SIPHASH_MAX_DIGEST_SIZE) {
-            return 0;
-        }
-        /* use default rounds (2,4) */
-        return SipHash_Init(&pctx->ctx, ASN1_STRING_get0_data(&pctx->ktmp), p1, 0, 0);
+        return SipHash_set_hash_size(&pctx->ctx, p1);
 
     case EVP_PKEY_CTRL_SET_MAC_KEY:
     case EVP_PKEY_CTRL_DIGESTINIT:
@@ -152,8 +143,8 @@ static int pkey_siphash_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
             !ASN1_OCTET_STRING_set(&pctx->ktmp, key, len))
             return 0;
         /* use default rounds (2,4) */
-        hash_size = SipHash_hash_size(&pctx->ctx);
-        return SipHash_Init(&pctx->ctx, ASN1_STRING_get0_data(&pctx->ktmp), hash_size, 0, 0);
+        return SipHash_Init(&pctx->ctx, ASN1_STRING_get0_data(&pctx->ktmp),
+                            0, 0);
 
     default:
         return -2;
author	Richard Levitte <levitte@openssl.org>	2018-09-06 22:52:38 +0200
committer	Richard Levitte <levitte@openssl.org>	2018-09-09 01:47:56 +0200
commit	d74f23d2dbf2de0f374bff004c135242cfb65174 (patch)
tree	766fdbfde67286e37c872b562e4887203399a483 /crypto/siphash
parent	2725232132207ee30fd16e596885e3b0bd810fc4 (diff)