Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Blake2b: Use OSSL_DIGEST_PARAM_SIZE as settable instead of XOFLEN #22491

Closed
wants to merge 2 commits into from
Closed

Blake2b: Use OSSL_DIGEST_PARAM_SIZE as settable instead of XOFLEN #22491

wants to merge 2 commits into from

Conversation

t8m
Copy link
Member

@t8m t8m commented Oct 24, 2023

BLAKE2 is not really an extensible output function unlike SHAKE as the digest size must be set during the context initialization. Thus it makes no sense to use OSSL_DIGEST_PARAM_XOFLEN.

We also need to adjust EVP_DigestFinal_ex() to query the OSSL_DIGEST_PARAM_SIZE as gettable ctx param for the size.

Fixes #22488

Checklist
  • documentation is added or updated
  • tests are added or updated

@t8m
Blake2b: Use OSSL_DIGEST_PARAM_SIZE as settable instead of XOFLEN
17a40f6 
BLAKE2 is not really an extensible output function unlike SHAKE
as the digest size must be set during the context initialization.
Thus it makes no sense to use OSSL_DIGEST_PARAM_XOFLEN.

We also need to adjust EVP_DigestFinal_ex() to query the
OSSL_DIGEST_PARAM_SIZE as gettable ctx param for the size.

Fixes openssl#22488
@t8m t8m added branch: master Merge to master branch approval: review pending This pull request needs review by a committer approval: otc review pending This pull request needs review by an OTC member triaged: bug The issue/pr is/fixes a bug severity: important Important bugs affecting a released version tests: present The PR has suitable tests present labels Oct 24, 2023
@t8m
Copy link
Member Author

t8m commented Oct 24, 2023

This is an alternative to #22489

@t8m
Copy link
Member Author

t8m commented Oct 24, 2023

In the end I like this more. Although it breaks the invariant that EVP_DigestFinal_ex() does not write more than EVP_MAX_MD_SIZE, it does so only on explicit param setting so IMO not a big deal.

@github-actions github-actions bot added the severity: fips change The pull request changes FIPS provider sources label Oct 24, 2023
@t8m t8m added this to the 3.2.0 beta1 milestone Oct 24, 2023
@t-j-h
Copy link
Member

t-j-h commented Oct 24, 2023

I like it. Someone else needs to indicate being comfortable with this change.

@t8m t8m removed the approval: otc review pending This pull request needs review by an OTC member label Oct 24, 2023
mattcaswell
mattcaswell requested changes Oct 24, 2023
View reviewed changes
Copy link
Member

@mattcaswell mattcaswell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This option is clearly preferably to #22489 IMO. One minor comment below.

providers/implementations/digests/blake2_prov.c Outdated Show resolved Hide resolved
@mattcaswell mattcaswell mentioned this pull request Oct 24, 2023
Closed
2 tasks
@t8m
Copy link
Member Author

t8m commented Oct 24, 2023

@t-j-h please reconfirm

mattcaswell
mattcaswell approved these changes Oct 24, 2023
View reviewed changes
Copy link
Member

@mattcaswell mattcaswell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved assuming CIs pass

@mattcaswell
Copy link
Member

Needs a second approval asap to get this in the beta

@levitte levitte added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels Oct 24, 2023
@levitte
Copy link
Member

levitte commented Oct 24, 2023

I'm glad it was this easy after all

paulidale
paulidale approved these changes Oct 24, 2023
View reviewed changes
Copy link
Contributor

@paulidale paulidale left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work

@t-j-h
Copy link
Member

t-j-h commented Oct 24, 2023

Approved again.

slontis
slontis reviewed Oct 25, 2023
View reviewed changes
Copy link
Member

@slontis slontis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me..

As an aside, I am not sure but I think EVP_MD_get_size() probably doesnt work.. since evp_md_cache_constants() probably happens earlier than when a call to the set_ctx_params

@levitte
Copy link
Member

levitte commented Oct 25, 2023

As an aside, I am not sure but I think EVP_MD_get_size() probably doesnt work.. since evp_md_cache_constants() probably happens earlier than when a call to the set_ctx_params

There's a conceptual difference between EVP_TYPE_get_whatever() (which returns the default whatever) and EVP_TYPE_CTX_get_whatever() (which returns the actual whatever, which may be something other than the default whatever).

@paulidale
Copy link
Contributor

It might need to invalidate the size cache in EVP_MD_CTX_set_params().
Worse, the cached size comes from the MD not the MD_CTX.
We might need to update evp_md_cache_constants() to query the context and if that fails to follow with the digest.
This, in turn, might require updates to crypto/evp/evp_utils.c.

Actually, it's nowhere near that bad because Blake2b already doesn't support any of this and this PR is doing the right thing by attempting to query the context in the final to get the correct size.

All it means is that EVP_MD_get_size() could return the wrong value for Blake2b if the size has been set to a non-default value. Without this change it will still do this because it's using xoflen and not updating the size at all.

Definitely not stopping this going into beta IMO.

@t8m
Copy link
Member Author

t8m commented Oct 25, 2023

EVP_MD_get_size() must return the default size. There is no way around that.

However there is a problem with EVP_MD_CTX_get_size() - that function is actually a macro EVP_MD_get_size(EVP_MD_CTX_get0_md(e)). But changing a macro definition or even changing a macro to a function would be an API break. This is IMO something to resolve later. We will probably need to add a completely new function call. But that can be done in 3.3.

@mattcaswell mattcaswell added approval: ready to merge The 24 hour grace period has passed, ready to merge and removed approval: done This pull request has the required number of approvals labels Oct 25, 2023
@mattcaswell
Copy link
Member

Pushed.

@mattcaswell mattcaswell mentioned this pull request Oct 25, 2023
Closed
openssl-machine pushed a commit that referenced this pull request Oct 25, 2023
@t8m @mattcaswell
Blake2b: Use OSSL_DIGEST_PARAM_SIZE as settable instead of XOFLEN
6a0ae39 
BLAKE2 is not really an extensible output function unlike SHAKE
as the digest size must be set during the context initialization.
Thus it makes no sense to use OSSL_DIGEST_PARAM_XOFLEN.

We also need to adjust EVP_DigestFinal_ex() to query the
OSSL_DIGEST_PARAM_SIZE as gettable ctx param for the size.

Fixes #22488

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from #22491)
wanghao75 pushed a commit to openeuler-mirror/openssl that referenced this pull request Nov 4, 2023
@t8m
Blake2b: Use OSSL_DIGEST_PARAM_SIZE as settable instead of XOFLEN
8d889b0 
BLAKE2 is not really an extensible output function unlike SHAKE
as the digest size must be set during the context initialization.
Thus it makes no sense to use OSSL_DIGEST_PARAM_XOFLEN.

We also need to adjust EVP_DigestFinal_ex() to query the
OSSL_DIGEST_PARAM_SIZE as gettable ctx param for the size.

Fixes #22488

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from openssl/openssl#22491)

Signed-off-by: fly2x <fly2x@hitls.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@slontis slontis slontis left review comments

@levitte levitte levitte approved these changes

@t-j-h t-j-h t-j-h approved these changes

@mattcaswell mattcaswell mattcaswell approved these changes

@paulidale paulidale paulidale approved these changes

Assignees

@t8m t8m

Labels
approval: ready to merge The 24 hour grace period has passed, ready to merge branch: master Merge to master branch severity: fips change The pull request changes FIPS provider sources severity: important Important bugs affecting a released version tests: present The PR has suitable tests present triaged: bug The issue/pr is/fixes a bug
Projects
Project Board
Status: Done
Milestone
3.2.0 beta1
Development

Successfully merging this pull request may close these issues.

Change Blake2b to use OSSL_PARAM_DIGEST_SIZE as settable instead of OSSL_PARAM_DIGEST_XOFLEN
6 participants
@t8m @t-j-h @mattcaswell @levitte @paulidale @slontis