Add utility function ossl_param_is_empty()

Changed all provider implementations that have a set_ctx_params()
to call this function instead of just testing (params == NULL).This
detec

Add utility function ossl_param_is_empty()

Changed all provider implementations that have a set_ctx_params()
to call this function instead of just testing (params == NULL).This
detects the case wherean OSSL_PARAM array contains just a terminator
entry.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25499)

show more ...

Fix BLAKE2s reporting the same EVP_MD_get_size() as BLAKE2b (64)

Fixes: commit 6d1e730a1ea2c64bdffa88c6b3bee4c3f5bed602 ("Implement
BLAKE2s with the same macro as BLAKE2b")
Closes:

Fix BLAKE2s reporting the same EVP_MD_get_size() as BLAKE2b (64)

Fixes: commit 6d1e730a1ea2c64bdffa88c6b3bee4c3f5bed602 ("Implement
BLAKE2s with the same macro as BLAKE2b")
Closes: #22708

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22710)

show more ...

Properly limit the variable output size for BLAKE2

The upper limit of the output size is the default output size of
the respective algorithm variants.

Reviewed-by: Matt Caswell

Properly limit the variable output size for BLAKE2

The upper limit of the output size is the default output size of
the respective algorithm variants.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/22659)

show more ...

Implement BLAKE2s with the same macro as BLAKE2b

This avoids code duplication and provides variable-size support
for BLAKE2s like 786b9a8

Test data obtained with libb2 with the

Implement BLAKE2s with the same macro as BLAKE2b

This avoids code duplication and provides variable-size support
for BLAKE2s like 786b9a8

Test data obtained with libb2 with the following programs:

==> b2.c <==
#include <blake2.h>
#include <unistd.h>

int main() {
char buf[16] = {};
blake2s(buf, 0, 0, 16, 0, 0);
write(1, buf, 16);
}

==> b3.c <==
#include <blake2.h>
#include <unistd.h>

int main() {
char buf[10] = {};
blake2s(buf, "\x61", 0, 10, 1, 0);
write(1, buf, 10);
}

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22444)

show more ...

Lift BLAKE2B provider definition into a macro

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/p

Lift BLAKE2B provider definition into a macro

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22444)

show more ...

Blake2b: Use OSSL_DIGEST_PARAM_SIZE as settable instead of XOFLEN

BLAKE2 is not really an extensible output function unlike SHAKE
as the digest size must be set during the context initia

Blake2b: Use OSSL_DIGEST_PARAM_SIZE as settable instead of XOFLEN

BLAKE2 is not really an extensible output function unlike SHAKE
as the digest size must be set during the context initialization.
Thus it makes no sense to use OSSL_DIGEST_PARAM_XOFLEN.

We also need to adjust EVP_DigestFinal_ex() to query the
OSSL_DIGEST_PARAM_SIZE as gettable ctx param for the size.

Fixes #22488

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22491)

show more ...

Fix coverity alert on use of uninitialised data

The function `ossl_blake2b_param_init` should initialise only, and not
read the data it is initialising

Reviewed-by: Richard Levi

Fix coverity alert on use of uninitialised data

The function `ossl_blake2b_param_init` should initialise only, and not
read the data it is initialising

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22282)

show more ...

Have legacy blake2 EVP structure use base blake2 implementation

For some reason, the code here was made to got through the provider
specific init functions. This is very very dangerous

Have legacy blake2 EVP structure use base blake2 implementation

For some reason, the code here was made to got through the provider
specific init functions. This is very very dangerous if the provider
specific functions were to change in any way (such as changes to the
implementation context structure).

Instead, use the init functions from the base blake2 implementations
directly.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22079)

show more ...

Copyright year updates


Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes

providers: add XOF support to blake2b

Signed-off-by: Čestmír Kalina <ckalina@redhat.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>

providers: add XOF support to blake2b

Signed-off-by: Čestmír Kalina <ckalina@redhat.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12256)

show more ...

prov: support param argument to digest init calls

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)

Update copyright year

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14512)

Fix external symbols in the provider digest implementations.

Partial fix for #12964

This adds ossl_ names for the following symbols:

blake2b512_init,blake2b_final,blake2b_i

Fix external symbols in the provider digest implementations.

Partial fix for #12964

This adds ossl_ names for the following symbols:

blake2b512_init,blake2b_final,blake2b_init,blake2b_init_key,
blake2b_param_init,blake2b_param_set_digest_length,blake2b_param_set_key_length,
blake2b_param_set_personal,blake2b_param_set_salt,blake2b_update,
blake2s256_init,blake2s_final,blake2s_init,blake2s_init_key,
blake2s_param_init,blake2s_param_set_digest_length,blake2s_param_set_key_length,
blake2s_param_set_personal,blake2s_param_set_salt,blake2s_update,
digest_default_get_params,digest_default_gettable_params

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14211)

show more ...

prov: prefix all OSSL_DISPATCH tables names with ossl_

This stops them leaking into other namespaces in a static build.
They remain internal.

Reviewed-by: Richard Levitte <levit

prov: prefix all OSSL_DISPATCH tables names with ossl_

This stops them leaking into other namespaces in a static build.
They remain internal.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13013)

show more ...

Update copyright year

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12273)

Make the naming scheme for dispatched functions more consistent

The new naming scheme consistently usese the `OSSL_FUNC_` prefix for all
functions which are dispatched between the core a

Make the naming scheme for dispatched functions more consistent

The new naming scheme consistently usese the `OSSL_FUNC_` prefix for all
functions which are dispatched between the core and providers.

This change includes in particular all up- and downcalls, i.e., the
dispatched functions passed from core to provider and vice versa.

- OSSL_core_ -> OSSL_FUNC_core_
- OSSL_provider_ -> OSSL_FUNC_core_

For operations and their function dispatch tables, the following convention
is used:

Type | Name (evp_generic_fetch(3)) |
---------------------|-----------------------------------|
operation | OSSL_OP_FOO |
function id | OSSL_FUNC_FOO_FUNCTION_NAME |
function "name" | OSSL_FUNC_foo_function_name |
function typedef | OSSL_FUNC_foo_function_name_fn |
function ptr getter | OSSL_FUNC_foo_function_name |

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12222)

show more ...

Cleanup: move providers/common/include/internal/provider_args.h

New name is providers/implementations/include/prov/implementations.h
All inclusions are adapted accordingly.

Revi

Cleanup: move providers/common/include/internal/provider_args.h

New name is providers/implementations/include/prov/implementations.h
All inclusions are adapted accordingly.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10088)

show more ...

Providers: move all digests

From providers/{common,default,legacy}/ to providers/implementations/
However, providers/common/digests/digest_common.c stays where it is,
because it's su

Providers: move all digests

From providers/{common,default,legacy}/ to providers/implementations/
However, providers/common/digests/digest_common.c stays where it is,
because it's support code rather than an implementation.

To better support all kinds of implementations with common code, we
add the library providers/libcommon.a. Code that ends up in this
library must be FIPS agnostic.

While we're moving things around, though, we move digestscommon.h
from providers/common/include/internal to providers/common/include/prov,
thereby starting on a provider specific include structure, which
follows the line of thoughts of the recent header file reorganization.
We modify the affected '#include "internal/something.h"' to
'#include "prov/something.h"'.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10088)

show more ...