diff options
author | Conrad Meyer <cem@FreeBSD.org> | 2018-07-20 01:51:05 +0000 |
---|---|---|
committer | Conrad Meyer <cem@FreeBSD.org> | 2018-07-20 01:51:05 +0000 |
commit | e236f904b2b9eb96406ca63a3fa7ab91c6ed6ee6 (patch) | |
tree | ee9d5df7e7cc3f23dc10585848405876cecb9575 /tools/tools | |
parent | 07b953332615460f4957287951e3e37ef2b64e08 (diff) | |
download | src-e236f904b2b9eb96406ca63a3fa7ab91c6ed6ee6.tar.gz src-e236f904b2b9eb96406ca63a3fa7ab91c6ed6ee6.zip |
cryptocheck: Correct mismatch between OpenSSL use and OCF Blake2
This corrects a mistake introduced to the cryptocheck tool in r331418.
Our CRYPTO_BLAKE2B and CRYPTO_BLAKE2S algorithms refer to either the plain,
unkeyed hashes (specified with cri_klen = 0), or a Blake2-specific keyed MAC
(when a cri_key is provided).
In contrast, OpenSSL's Blake2 algorithms only provide the plain hash.
Cryptocheck's T_HMAC corresponds to OpenSSL's HMAC() routine, which is the
ordinary HMAC construction applied to any plain, unkeyed hash. We don't
have any HMAC-Blake2 cipher modes in OCF, so fix the test to only test
Blake2 as a plain hash.
(Ideally we would test keyed Blake2 as well, but that is left as future
work.)
PR: 229795
Notes
Notes:
svn path=/head/; revision=336527
Diffstat (limited to 'tools/tools')
-rw-r--r-- | tools/tools/crypto/cryptocheck.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/tools/tools/crypto/cryptocheck.c b/tools/tools/crypto/cryptocheck.c index fa3459734c65..c8a1be69a3aa 100644 --- a/tools/tools/crypto/cryptocheck.c +++ b/tools/tools/crypto/cryptocheck.c @@ -155,9 +155,9 @@ struct alg { .evp_md = EVP_sha384 }, { .name = "sha512hmac", .mac = CRYPTO_SHA2_512_HMAC, .type = T_HMAC, .evp_md = EVP_sha512 }, - { .name = "blake2b", .mac = CRYPTO_BLAKE2B, .type = T_HMAC, + { .name = "blake2b", .mac = CRYPTO_BLAKE2B, .type = T_HASH, .evp_md = EVP_blake2b512 }, - { .name = "blake2s", .mac = CRYPTO_BLAKE2S, .type = T_HMAC, + { .name = "blake2s", .mac = CRYPTO_BLAKE2S, .type = T_HASH, .evp_md = EVP_blake2s256 }, { .name = "aes-cbc", .cipher = CRYPTO_AES_CBC, .type = T_BLKCIPHER, .evp_cipher = EVP_aes_128_cbc }, |