providers: add XOF support to blake2b

Signed-off-by: Čestmír Kalina <ckalina@redhat.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12256)

3 files changed, 128 insertions, 8 deletions

diff --git a/providers/implementations/digests/blake2_prov.c b/providers/implementations/digests/blake2_prov.c
index 25342eedb8..aa6ddace39 100644
--- a/providers/implementations/digests/blake2_prov.c
+++ b/providers/implementations/digests/blake2_prov.c
@@ -22,10 +22,10 @@ int ossl_blake2s256_init(void *ctx)
 
 int ossl_blake2b512_init(void *ctx)
 {
-    BLAKE2B_PARAM P;
+    struct blake2b_md_data_st *mdctx = ctx;
 
-    ossl_blake2b_param_init(&P);
-    return ossl_blake2b_init((BLAKE2B_CTX *)ctx, &P);
+    ossl_blake2b_param_init(&mdctx->params);
+    return ossl_blake2b_init(&mdctx->ctx, &mdctx->params);
 }
 
 /* ossl_blake2s256_functions */
@@ -35,7 +35,78 @@ IMPLEMENT_digest_functions(blake2s256, BLAKE2S_CTX,
                            ossl_blake2s_final)
 
 /* ossl_blake2b512_functions */
-IMPLEMENT_digest_functions(blake2b512, BLAKE2B_CTX,
-                           BLAKE2B_BLOCKBYTES, BLAKE2B_DIGEST_LENGTH, 0,
-                           ossl_blake2b512_init, ossl_blake2b_update,
-                           ossl_blake2b_final)
+
+static OSSL_FUNC_digest_init_fn blake2b512_internal_init;
+static OSSL_FUNC_digest_newctx_fn blake2b512_newctx;
+static OSSL_FUNC_digest_freectx_fn blake2b512_freectx;
+static OSSL_FUNC_digest_dupctx_fn blake2b512_dupctx;
+static OSSL_FUNC_digest_final_fn blake2b512_internal_final;
+static OSSL_FUNC_digest_get_params_fn blake2b512_get_params;
+
+static int blake2b512_internal_init(void *ctx, const OSSL_PARAM params[])
+{
+    return ossl_prov_is_running() && ossl_blake2b_set_ctx_params(ctx, params)
+        && ossl_blake2b512_init(ctx);
+}
+
+static void *blake2b512_newctx(void *prov_ctx)
+{
+    struct blake2b_md_data_st *ctx;
+
+    ctx = ossl_prov_is_running() ? OPENSSL_zalloc(sizeof(*ctx)) : NULL;
+    return ctx;
+}
+
+static void blake2b512_freectx(void *vctx)
+{
+    struct blake2b_md_data_st *ctx;
+
+    ctx = (struct blake2b_md_data_st *)vctx;
+    OPENSSL_clear_free(ctx, sizeof(*ctx));
+}
+
+static void *blake2b512_dupctx(void *ctx)
+{
+    struct blake2b_md_data_st *in, *ret;
+
+    in = (struct blake2b_md_data_st *)ctx;
+    ret = ossl_prov_is_running()? OPENSSL_malloc(sizeof(*ret)) : NULL;
+    if (ret != NULL)
+        *ret = *in;
+    return ret;
+}
+
+static int blake2b512_internal_final(void *ctx, unsigned char *out,
+                                     size_t *outl, size_t outsz)
+{
+    struct blake2b_md_data_st *b_ctx;
+    
+    b_ctx = (struct blake2b_md_data_st *)ctx;
+    *outl = b_ctx->ctx.outlen;
+
+    if (!ossl_prov_is_running())
+        return 0;
+
+    return (outsz > 0) ? ossl_blake2b_final(out, ctx) : 1;
+}
+
+static int blake2b512_get_params(OSSL_PARAM params[])
+{
+    return ossl_digest_default_get_params(params, BLAKE2B_BLOCKBYTES, 64, 0);
+}
+
+const OSSL_DISPATCH ossl_blake2b512_functions[] =
+    { {OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))blake2b512_newctx},
+    {OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))ossl_blake2b_update},
+    {OSSL_FUNC_DIGEST_FINAL, (void (*)(void))blake2b512_internal_final},
+    {OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))blake2b512_freectx},
+    {OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))blake2b512_dupctx},
+    {OSSL_FUNC_DIGEST_GET_PARAMS, (void (*)(void))blake2b512_get_params},
+    {OSSL_FUNC_DIGEST_GETTABLE_PARAMS,
+     (void (*)(void))ossl_digest_default_gettable_params},
+    {OSSL_FUNC_DIGEST_INIT, (void (*)(void))blake2b512_internal_init},
+    {OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS,
+     (void (*)(void))ossl_blake2b_settable_ctx_params},
+    {OSSL_FUNC_DIGEST_SET_CTX_PARAMS,
+     (void (*)(void))ossl_blake2b_set_ctx_params}, {0, NULL} };
+
diff --git a/providers/implementations/digests/blake2b_prov.c b/providers/implementations/digests/blake2b_prov.c
index 11271e1b59..109a6ce1c8 100644
--- a/providers/implementations/digests/blake2b_prov.c
+++ b/providers/implementations/digests/blake2b_prov.c
@@ -17,9 +17,48 @@
 #include <assert.h>
 #include <string.h>
 #include <openssl/crypto.h>
+#include <openssl/core_names.h>
+#include <openssl/proverr.h>
+#include <openssl/err.h>
 #include "blake2_impl.h"
 #include "prov/blake2.h"
 
+static const OSSL_PARAM known_blake2b_settable_ctx_params[] = {
+    {OSSL_DIGEST_PARAM_XOFLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL, 0, 0},
+    OSSL_PARAM_END
+};
+
+const OSSL_PARAM *ossl_blake2b_settable_ctx_params(ossl_unused void *ctx,
+                                                   ossl_unused void *pctx)
+{
+    return known_blake2b_settable_ctx_params;
+}
+
+int ossl_blake2b_set_ctx_params(void *vctx, const OSSL_PARAM params[])
+{
+    size_t xoflen;
+    struct blake2b_md_data_st *mdctx = vctx;
+    const OSSL_PARAM *p;
+
+    BLAKE2B_CTX *ctx = &mdctx->ctx;
+
+    if (ctx == NULL)
+        return 0;
+    if (params == NULL)
+        return 1;
+
+    p = OSSL_PARAM_locate_const(params, OSSL_DIGEST_PARAM_XOFLEN);
+    if (p != NULL) {
+        if (!OSSL_PARAM_get_size_t(p, &xoflen)) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
+            return 0;
+        }
+        ossl_blake2b_param_set_digest_length(&mdctx->params, (uint8_t)xoflen);
+    }
+
+    return 1;
+}
+
 static const uint64_t blake2b_IV[8] =
 {
     0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL,
@@ -82,7 +121,8 @@ static void blake2b_init_param(BLAKE2B_CTX *S, const BLAKE2B_PARAM *P)
 /* Initialize the parameter block with default values */
 void ossl_blake2b_param_init(BLAKE2B_PARAM *P)
 {
-    P->digest_length = BLAKE2B_DIGEST_LENGTH;
+    if (P->digest_length == 0)
+        P->digest_length = BLAKE2B_DIGEST_LENGTH;
     P->key_length    = 0;
     P->fanout        = 1;
     P->depth         = 1;
diff --git a/providers/implementations/include/prov/blake2.h b/providers/implementations/include/prov/blake2.h
index d18cbc708c..379dfedc0b 100644
--- a/providers/implementations/include/prov/blake2.h
+++ b/providers/implementations/include/prov/blake2.h
@@ -14,6 +14,7 @@
 
 # include <openssl/e_os2.h>
 # include <stddef.h>
+# include <crypto/evp.h>
 
 # define BLAKE2S_BLOCKBYTES    64
 # define BLAKE2S_OUTBYTES      32
@@ -82,6 +83,11 @@ struct blake2b_ctx_st {
 typedef struct blake2s_ctx_st BLAKE2S_CTX;
 typedef struct blake2b_ctx_st BLAKE2B_CTX;
 
+struct blake2b_md_data_st {
+    BLAKE2B_CTX ctx;
+    BLAKE2B_PARAM params;
+};
+
 int ossl_blake2s256_init(void *ctx);
 int ossl_blake2b512_init(void *ctx);
 
@@ -91,6 +97,9 @@ int ossl_blake2b_init_key(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P,
 int ossl_blake2b_update(BLAKE2B_CTX *c, const void *data, size_t datalen);
 int ossl_blake2b_final(unsigned char *md, BLAKE2B_CTX *c);
 
+OSSL_FUNC_digest_set_ctx_params_fn ossl_blake2b_set_ctx_params;
+OSSL_FUNC_digest_settable_ctx_params_fn ossl_blake2b_settable_ctx_params;
+
 /*
  * These setters are internal and do not check the validity of their parameters.
  * See blake2b_mac_ctrl for validation logic.