Blake2b: Use OSSL_DIGEST_PARAM_SIZE as settable instead of XOFLEN

BLAKE2 is not really an extensible output function unlike SHAKE as the digest size must be set during the context initialization. Thus it makes no sense to use OSSL_DIGEST_PARAM_XOFLEN. We also need to adjust EVP_DigestFinal_ex() to query the OSSL_DIGEST_PARAM_SIZE as gettable ctx param for the size. Fixes #22488 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22491)
author: Tomas Mraz <tomas@openssl.org> 2023-10-24 13:44:26 +0200
committer: Matt Caswell <matt@openssl.org> 2023-10-25 20:13:39 +0100
commit: 6a0ae393dd554eb718e5148696e8f437d4faae5b (patch)
tree: c263d550046a8373339a7b2241df3b1e6ab9c66e /providers
parent: c7ed5e4697a71012e0a2d9dd5eaf997754ae5156 (diff)
4 files changed, 69 insertions, 19 deletions
diff --git a/providers/implementations/digests/blake2_prov.c b/providers/implementations/digests/blake2_prov.c
index 34bbd7ed37..d31627b92e 100644
--- a/providers/implementations/digests/blake2_prov.c
+++ b/providers/implementations/digests/blake2_prov.c
@@ -8,6 +8,7 @@
  */
 
 #include <openssl/crypto.h>
+#include <openssl/proverr.h>
 #include "prov/blake2.h"
 #include "prov/digestcommon.h"
 #include "prov/implementations.h"
@@ -83,14 +84,23 @@ static int blake2b512_internal_final(void *ctx, unsigned char *out,
                                      size_t *outl, size_t outsz)
 {
     struct blake2b_md_data_st *b_ctx;
-    
+
     b_ctx = (struct blake2b_md_data_st *)ctx;
-    *outl = b_ctx->ctx.outlen;
 
     if (!ossl_prov_is_running())
         return 0;
 
-    return (outsz > 0) ? ossl_blake2b_final(out, ctx) : 1;
+    *outl = b_ctx->ctx.outlen;
+
+    if (outsz == 0)
+       return 1;
+
+    if (outsz < *outl) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_SIZE);
+        return 0;
+    }
+
+    return ossl_blake2b_final(out, ctx);
 }
 
 static int blake2b512_get_params(OSSL_PARAM params[])
@@ -98,8 +108,8 @@ static int blake2b512_get_params(OSSL_PARAM params[])
     return ossl_digest_default_get_params(params, BLAKE2B_BLOCKBYTES, 64, 0);
 }
 
-const OSSL_DISPATCH ossl_blake2b512_functions[] =
-    { {OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))blake2b512_newctx},
+const OSSL_DISPATCH ossl_blake2b512_functions[] = {
+    {OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))blake2b512_newctx},
     {OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))ossl_blake2b_update},
     {OSSL_FUNC_DIGEST_FINAL, (void (*)(void))blake2b512_internal_final},
     {OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))blake2b512_freectx},
@@ -108,8 +118,13 @@ const OSSL_DISPATCH ossl_blake2b512_functions[] =
     {OSSL_FUNC_DIGEST_GETTABLE_PARAMS,
      (void (*)(void))ossl_digest_default_gettable_params},
     {OSSL_FUNC_DIGEST_INIT, (void (*)(void))blake2b512_internal_init},
+    {OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS,
+     (void (*)(void))ossl_blake2b_gettable_ctx_params},
     {OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS,
      (void (*)(void))ossl_blake2b_settable_ctx_params},
+    {OSSL_FUNC_DIGEST_GET_CTX_PARAMS,
+     (void (*)(void))ossl_blake2b_get_ctx_params},
     {OSSL_FUNC_DIGEST_SET_CTX_PARAMS,
-     (void (*)(void))ossl_blake2b_set_ctx_params}, {0, NULL} };
-
+     (void (*)(void))ossl_blake2b_set_ctx_params},
+    {0, NULL}
+};
diff --git a/providers/implementations/digests/blake2b_prov.c b/providers/implementations/digests/blake2b_prov.c
index 0e3e894a43..ee61de8a72 100644
--- a/providers/implementations/digests/blake2b_prov.c
+++ b/providers/implementations/digests/blake2b_prov.c
@@ -20,23 +20,52 @@
 #include <openssl/core_names.h>
 #include <openssl/proverr.h>
 #include <openssl/err.h>
+#include "internal/numbers.h"
 #include "blake2_impl.h"
 #include "prov/blake2.h"
 
-static const OSSL_PARAM known_blake2b_settable_ctx_params[] = {
-    {OSSL_DIGEST_PARAM_XOFLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL, 0, 0},
+static const OSSL_PARAM known_blake2b_ctx_params[] = {
+    {OSSL_DIGEST_PARAM_SIZE, OSSL_PARAM_UNSIGNED_INTEGER, NULL, 0, 0},
     OSSL_PARAM_END
 };
 
+const OSSL_PARAM *ossl_blake2b_gettable_ctx_params(ossl_unused void *ctx,
+                                                   ossl_unused void *pctx)
+{
+    return known_blake2b_ctx_params;
+}
+
 const OSSL_PARAM *ossl_blake2b_settable_ctx_params(ossl_unused void *ctx,
                                                    ossl_unused void *pctx)
 {
-    return known_blake2b_settable_ctx_params;
+    return known_blake2b_ctx_params;
+}
+
+int ossl_blake2b_get_ctx_params(void *vctx, OSSL_PARAM params[])
+{
+    struct blake2b_md_data_st *mdctx = vctx;
+    OSSL_PARAM *p;
+
+    BLAKE2B_CTX *ctx = &mdctx->ctx;
+
+    if (ctx == NULL)
+        return 0;
+    if (params == NULL)
+        return 1;
+
+    p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_SIZE);
+    if (p != NULL
+        && !OSSL_PARAM_set_uint(p, (unsigned int)mdctx->params.digest_length)) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+        return 0;
+    }
+
+    return 1;
 }
 
 int ossl_blake2b_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 {
-    size_t xoflen;
+    size_t size;
     struct blake2b_md_data_st *mdctx = vctx;
     const OSSL_PARAM *p;
 
@@ -47,13 +76,17 @@ int ossl_blake2b_set_ctx_params(void *vctx, const OSSL_PARAM params[])
     if (params == NULL)
         return 1;
 
-    p = OSSL_PARAM_locate_const(params, OSSL_DIGEST_PARAM_XOFLEN);
+    p = OSSL_PARAM_locate_const(params, OSSL_DIGEST_PARAM_SIZE);
     if (p != NULL) {
-        if (!OSSL_PARAM_get_size_t(p, &xoflen)) {
+        if (!OSSL_PARAM_get_size_t(p, &size)) {
             ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
             return 0;
         }
-        ossl_blake2b_param_set_digest_length(&mdctx->params, (uint8_t)xoflen);
+        if (size < 1 || size > UINT8_MAX) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_SIZE);
+            return 0;
+        }
+        ossl_blake2b_param_set_digest_length(&mdctx->params, (uint8_t)size);
     }
 
     return 1;
diff --git a/providers/implementations/include/prov/blake2.h b/providers/implementations/include/prov/blake2.h
index bcd0bb9bcd..445fd89aa2 100644
--- a/providers/implementations/include/prov/blake2.h
+++ b/providers/implementations/include/prov/blake2.h
@@ -94,7 +94,9 @@ int ossl_blake2b_init_key(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P,
 int ossl_blake2b_update(BLAKE2B_CTX *c, const void *data, size_t datalen);
 int ossl_blake2b_final(unsigned char *md, BLAKE2B_CTX *c);
 
+OSSL_FUNC_digest_get_ctx_params_fn ossl_blake2b_get_ctx_params;
 OSSL_FUNC_digest_set_ctx_params_fn ossl_blake2b_set_ctx_params;
+OSSL_FUNC_digest_gettable_ctx_params_fn ossl_blake2b_gettable_ctx_params;
 OSSL_FUNC_digest_settable_ctx_params_fn ossl_blake2b_settable_ctx_params;
 
 /*
diff --git a/providers/implementations/kdfs/argon2.c b/providers/implementations/kdfs/argon2.c
index d93381c410..fe84ab54ca 100644
--- a/providers/implementations/kdfs/argon2.c
+++ b/providers/implementations/kdfs/argon2.c
@@ -823,12 +823,12 @@ static int blake2b_md(EVP_MD *md, void *out, size_t outlen, const void *in,
     if ((ctx = EVP_MD_CTX_create()) == NULL)
         return 0;
 
-    par[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN, &outlen);
+    par[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_SIZE, &outlen);
     par[1] = OSSL_PARAM_construct_end();
 
     ret = EVP_DigestInit_ex2(ctx, md, par) == 1
         && EVP_DigestUpdate(ctx, in, inlen) == 1
-        && EVP_DigestFinalXOF(ctx, out, outlen) == 1;
+        && EVP_DigestFinal_ex(ctx, out, NULL) == 1;
 
     EVP_MD_CTX_free(ctx);
     return ret;
@@ -868,14 +868,14 @@ static int blake2b_long(EVP_MD *md, EVP_MAC *mac, unsigned char *out,
         return 0;
 
     outlen_md = (outlen <= BLAKE2B_OUTBYTES) ? outlen : BLAKE2B_OUTBYTES;
-    par[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN, &outlen_md);
+    par[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_SIZE, &outlen_md);
     par[1] = OSSL_PARAM_construct_end();
 
     ret = EVP_DigestInit_ex2(ctx, md, par) == 1
         && EVP_DigestUpdate(ctx, outlen_bytes, sizeof(outlen_bytes)) == 1
         && EVP_DigestUpdate(ctx, in, inlen) == 1
-        && EVP_DigestFinalXOF(ctx, (outlen > BLAKE2B_OUTBYTES) ? outbuf : out,
-                outlen_md) == 1;
+        && EVP_DigestFinal_ex(ctx, (outlen > BLAKE2B_OUTBYTES) ? outbuf : out,
+                              NULL) == 1;
 
     if (ret == 0)
         goto fail;
author	Tomas Mraz <tomas@openssl.org>	2023-10-24 13:44:26 +0200
committer	Matt Caswell <matt@openssl.org>	2023-10-25 20:13:39 +0100
commit	6a0ae393dd554eb718e5148696e8f437d4faae5b (patch)
tree	c263d550046a8373339a7b2241df3b1e6ab9c66e /providers
parent	c7ed5e4697a71012e0a2d9dd5eaf997754ae5156 (diff)