providers: add XOF support to blake2b

Signed-off-by: Čestmír Kalina <ckalina@redhat.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12256)

providers/implementations/digests/blake2_prov.c

@@ -22,10 +22,10 @@ int ossl_blake2s256_init(void *ctx)
 
 int ossl_blake2b512_init(void *ctx)
 {
-    BLAKE2B_PARAM P;
+    struct blake2b_md_data_st *mdctx = ctx;
 
-    ossl_blake2b_param_init(&P);
-    return ossl_blake2b_init((BLAKE2B_CTX *)ctx, &P);
+    ossl_blake2b_param_init(&mdctx->params);
+    return ossl_blake2b_init(&mdctx->ctx, &mdctx->params);
 }
 
 /* ossl_blake2s256_functions */
@@ -35,7 +35,78 @@ IMPLEMENT_digest_functions(blake2s256, BLAKE2S_CTX,
                            ossl_blake2s_final)
 
 /* ossl_blake2b512_functions */
-IMPLEMENT_digest_functions(blake2b512, BLAKE2B_CTX,
-                           BLAKE2B_BLOCKBYTES, BLAKE2B_DIGEST_LENGTH, 0,
-                           ossl_blake2b512_init, ossl_blake2b_update,
-                           ossl_blake2b_final)
+
+static OSSL_FUNC_digest_init_fn blake2b512_internal_init;
+static OSSL_FUNC_digest_newctx_fn blake2b512_newctx;
+static OSSL_FUNC_digest_freectx_fn blake2b512_freectx;
+static OSSL_FUNC_digest_dupctx_fn blake2b512_dupctx;
+static OSSL_FUNC_digest_final_fn blake2b512_internal_final;
+static OSSL_FUNC_digest_get_params_fn blake2b512_get_params;
+
+static int blake2b512_internal_init(void *ctx, const OSSL_PARAM params[])
+{
+    return ossl_prov_is_running() && ossl_blake2b_set_ctx_params(ctx, params)
+        && ossl_blake2b512_init(ctx);
+}
+
+static void *blake2b512_newctx(void *prov_ctx)
+{
+    struct blake2b_md_data_st *ctx;
+
+    ctx = ossl_prov_is_running() ? OPENSSL_zalloc(sizeof(*ctx)) : NULL;
+    return ctx;
+}
+
+static void blake2b512_freectx(void *vctx)
+{
+    struct blake2b_md_data_st *ctx;
+
+    ctx = (struct blake2b_md_data_st *)vctx;
+    OPENSSL_clear_free(ctx, sizeof(*ctx));
+}
+
+static void *blake2b512_dupctx(void *ctx)
+{
+    struct blake2b_md_data_st *in, *ret;
+
+    in = (struct blake2b_md_data_st *)ctx;
+    ret = ossl_prov_is_running()? OPENSSL_malloc(sizeof(*ret)) : NULL;
+    if (ret != NULL)
+        *ret = *in;
+    return ret;
+}
+
+static int blake2b512_internal_final(void *ctx, unsigned char *out,
+                                     size_t *outl, size_t outsz)
+{
+    struct blake2b_md_data_st *b_ctx;
+    
+    b_ctx = (struct blake2b_md_data_st *)ctx;
+    *outl = b_ctx->ctx.outlen;
+
+    if (!ossl_prov_is_running())
+        return 0;
+
+    return (outsz > 0) ? ossl_blake2b_final(out, ctx) : 1;
+}
+
+static int blake2b512_get_params(OSSL_PARAM params[])
+{
+    return ossl_digest_default_get_params(params, BLAKE2B_BLOCKBYTES, 64, 0);
+}
+
+const OSSL_DISPATCH ossl_blake2b512_functions[] =
+    { {OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))blake2b512_newctx},
+    {OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))ossl_blake2b_update},
+    {OSSL_FUNC_DIGEST_FINAL, (void (*)(void))blake2b512_internal_final},
+    {OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))blake2b512_freectx},
+    {OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))blake2b512_dupctx},
+    {OSSL_FUNC_DIGEST_GET_PARAMS, (void (*)(void))blake2b512_get_params},
+    {OSSL_FUNC_DIGEST_GETTABLE_PARAMS,
+     (void (*)(void))ossl_digest_default_gettable_params},
+    {OSSL_FUNC_DIGEST_INIT, (void (*)(void))blake2b512_internal_init},
+    {OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS,
+     (void (*)(void))ossl_blake2b_settable_ctx_params},
+    {OSSL_FUNC_DIGEST_SET_CTX_PARAMS,
+     (void (*)(void))ossl_blake2b_set_ctx_params}, {0, NULL} };
+

providers/implementations/digests/blake2b_prov.c

@@ -17,9 +17,48 @@
 #include <assert.h>
 #include <string.h>
 #include <openssl/crypto.h>
+#include <openssl/core_names.h>
+#include <openssl/proverr.h>
+#include <openssl/err.h>
 #include "blake2_impl.h"
 #include "prov/blake2.h"
 
+static const OSSL_PARAM known_blake2b_settable_ctx_params[] = {
+    {OSSL_DIGEST_PARAM_XOFLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL, 0, 0},
+    OSSL_PARAM_END
+};
+
+const OSSL_PARAM *ossl_blake2b_settable_ctx_params(ossl_unused void *ctx,
+                                                   ossl_unused void *pctx)
+{
+    return known_blake2b_settable_ctx_params;
+}
+
+int ossl_blake2b_set_ctx_params(void *vctx, const OSSL_PARAM params[])
+{
+    size_t xoflen;
+    struct blake2b_md_data_st *mdctx = vctx;
+    const OSSL_PARAM *p;
+
+    BLAKE2B_CTX *ctx = &mdctx->ctx;
+
+    if (ctx == NULL)
+        return 0;
+    if (params == NULL)
+        return 1;
+
+    p = OSSL_PARAM_locate_const(params, OSSL_DIGEST_PARAM_XOFLEN);
+    if (p != NULL) {
+        if (!OSSL_PARAM_get_size_t(p, &xoflen)) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
+            return 0;
+        }
+        ossl_blake2b_param_set_digest_length(&mdctx->params, (uint8_t)xoflen);
+    }
+
+    return 1;
+}
+
 static const uint64_t blake2b_IV[8] =
 {
     0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL,
@@ -82,7 +121,8 @@ static void blake2b_init_param(BLAKE2B_CTX *S, const BLAKE2B_PARAM *P)
 /* Initialize the parameter block with default values */
 void ossl_blake2b_param_init(BLAKE2B_PARAM *P)
 {
-    P->digest_length = BLAKE2B_DIGEST_LENGTH;
+    if (P->digest_length == 0)
+        P->digest_length = BLAKE2B_DIGEST_LENGTH;
     P->key_length    = 0;
     P->fanout        = 1;
     P->depth         = 1;

providers/implementations/include/prov/blake2.h

@@ -14,6 +14,7 @@
 
 # include <openssl/e_os2.h>
 # include <stddef.h>
+# include <crypto/evp.h>
 
 # define BLAKE2S_BLOCKBYTES    64
 # define BLAKE2S_OUTBYTES      32
@@ -82,6 +83,11 @@ struct blake2b_ctx_st {
 typedef struct blake2s_ctx_st BLAKE2S_CTX;
 typedef struct blake2b_ctx_st BLAKE2B_CTX;
 
+struct blake2b_md_data_st {
+    BLAKE2B_CTX ctx;
+    BLAKE2B_PARAM params;
+};
+
 int ossl_blake2s256_init(void *ctx);
 int ossl_blake2b512_init(void *ctx);
 
@@ -91,6 +97,9 @@ int ossl_blake2b_init_key(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P,
 int ossl_blake2b_update(BLAKE2B_CTX *c, const void *data, size_t datalen);
 int ossl_blake2b_final(unsigned char *md, BLAKE2B_CTX *c);
 
+OSSL_FUNC_digest_set_ctx_params_fn ossl_blake2b_set_ctx_params;
+OSSL_FUNC_digest_settable_ctx_params_fn ossl_blake2b_settable_ctx_params;
+
 /*
  * These setters are internal and do not check the validity of their parameters.
  * See blake2b_mac_ctrl for validation logic.

test/recipes/30-test_evp_data/evpmd_blake.txt

@@ -19,7 +19,7 @@
 Title = BLAKE tests
 
 Digest = BLAKE2s256
-Input = 
+Input =
 Output = 69217a3079908094e11121d042354a7c1f55b6482ca1a51e1b250dfd1ed0eef9
 
 Digest = BLAKE2s256
@@ -55,7 +55,7 @@ Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223
 Output = C80ABEEBB669AD5DEEB5F5EC8EA6B7A05DDF7D31EC4C0A2EE20B0B98CAEC6746
 
 Digest = BLAKE2b512
-Input = 
+Input =
 Output = 786a02f742015903c6c6fd852552d272912f4740e15847618a86e217f71f5419d25e1031afee585313896444934eb04b903a685b1448b755d56f701afe9be2ce
 
 Digest = BLAKE2b512
@@ -89,3 +89,13 @@ Output = 2319E3789C47E2DAA5FE807F61BEC2A1A6537FA03F19FF32E87EECBFD64B7E0E8CCFF43
 Digest = BLAKE2b512
 Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
 Output = DF0A9D0C212843A6A934E3902B2DD30D17FBA5F969D2030B12A546D8A6A45E80CF5635F071F0452E9C919275DA99BED51EB1173C1AF0518726B75B0EC3BAE2B5
+
+Digest = BLAKE2b512
+Input =
+XOF = 1
+Output = 0e5751c026e543b2e8ab2eb06099daa1d1e5df47778f7787faab45cdf12fe3a8
+
+Digest = BLAKE2b512
+Input = 61
+XOF = 1
+Output = 8928aae63c84d87ea098564d1e03ad813f107add474e56aedd286349c0c03ea4