svn commit: r336527 - head/tools/tools/crypto
Conrad Meyer
cem at FreeBSD.org
Fri Jul 20 01:51:06 UTC 2018
Author: cem
Date: Fri Jul 20 01:51:05 2018
New Revision: 336527
URL: https://svnweb.freebsd.org/changeset/base/336527
Log:
cryptocheck: Correct mismatch between OpenSSL use and OCF Blake2
This corrects a mistake introduced to the cryptocheck tool in r331418.
Our CRYPTO_BLAKE2B and CRYPTO_BLAKE2S algorithms refer to either the plain,
unkeyed hashes (specified with cri_klen = 0), or a Blake2-specific keyed MAC
(when a cri_key is provided).
In contrast, OpenSSL's Blake2 algorithms only provide the plain hash.
Cryptocheck's T_HMAC corresponds to OpenSSL's HMAC() routine, which is the
ordinary HMAC construction applied to any plain, unkeyed hash. We don't
have any HMAC-Blake2 cipher modes in OCF, so fix the test to only test
Blake2 as a plain hash.
(Ideally we would test keyed Blake2 as well, but that is left as future
work.)
PR: 229795
Modified:
head/tools/tools/crypto/cryptocheck.c
Modified: head/tools/tools/crypto/cryptocheck.c
==============================================================================
--- head/tools/tools/crypto/cryptocheck.c Fri Jul 20 00:44:04 2018 (r336526)
+++ head/tools/tools/crypto/cryptocheck.c Fri Jul 20 01:51:05 2018 (r336527)
@@ -155,9 +155,9 @@ struct alg {
.evp_md = EVP_sha384 },
{ .name = "sha512hmac", .mac = CRYPTO_SHA2_512_HMAC, .type = T_HMAC,
.evp_md = EVP_sha512 },
- { .name = "blake2b", .mac = CRYPTO_BLAKE2B, .type = T_HMAC,
+ { .name = "blake2b", .mac = CRYPTO_BLAKE2B, .type = T_HASH,
.evp_md = EVP_blake2b512 },
- { .name = "blake2s", .mac = CRYPTO_BLAKE2S, .type = T_HMAC,
+ { .name = "blake2s", .mac = CRYPTO_BLAKE2S, .type = T_HASH,
.evp_md = EVP_blake2s256 },
{ .name = "aes-cbc", .cipher = CRYPTO_AES_CBC, .type = T_BLKCIPHER,
.evp_cipher = EVP_aes_128_cbc },
More information about the svn-src-head
mailing list