From: Fergus Dall <sidereal@google.com>
Date: Mon, 12 Jun 2023 10:02:14 +0000 (+1000)
Subject: Add support for SHA256/192
X-Git-Tag: openssl-3.2.0-alpha1~593
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=81bafac5cbbd195ff9c53a06aaca7c3eacbb2fc0

Add support for SHA256/192

This is defined in NIST SP 800-208 as the truncation to 192 bits of
SHA256. Unlike other truncated hashes in the SHA2 suite, this variant
doesn't have a different initial state, it is just a pure truncation
of the output.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21180)
---

diff --git a/CHANGES.md b/CHANGES.md
index 62a7c3f7ca..4fffd324ee 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -25,6 +25,10 @@ OpenSSL 3.2
 
 ### Changes between 3.1 and 3.2 [xx XXX xxxx]
 
+ * Added SHA256/192 algorithm support.
+
+   *Fergus Dall*
+
  * Provide a new configure option `no-http` that can be used to disable HTTP
    support.
 
diff --git a/crypto/sha/sha256.c b/crypto/sha/sha256.c
index 649d25d6c6..2e844f8587 100644
--- a/crypto/sha/sha256.c
+++ b/crypto/sha/sha256.c
@@ -22,6 +22,7 @@
 #include <openssl/sha.h>
 #include <openssl/opensslv.h>
 #include "internal/endian.h"
+#include "crypto/sha.h"
 
 int SHA224_Init(SHA256_CTX *c)
 {
@@ -53,6 +54,13 @@ int SHA256_Init(SHA256_CTX *c)
     return 1;
 }
 
+int ossl_sha256_192_init(SHA256_CTX *c)
+{
+    SHA256_Init(c);
+    c->md_len = SHA256_192_DIGEST_LENGTH;
+    return 1;
+}
+
 int SHA224_Update(SHA256_CTX *c, const void *data, size_t len)
 {
     return SHA256_Update(c, data, len);
@@ -81,7 +89,11 @@ int SHA224_Final(unsigned char *md, SHA256_CTX *c)
         unsigned long ll;               \
         unsigned int  nn;               \
         switch ((c)->md_len)            \
-        {   case SHA224_DIGEST_LENGTH:  \
+        {   case SHA256_192_DIGEST_LENGTH: \
+                for (nn=0;nn<SHA256_192_DIGEST_LENGTH/4;nn++)   \
+                {   ll=(c)->h[nn]; (void)HOST_l2c(ll,(s));   }  \
+                break;                  \
+            case SHA224_DIGEST_LENGTH:  \
                 for (nn=0;nn<SHA224_DIGEST_LENGTH/4;nn++)       \
                 {   ll=(c)->h[nn]; (void)HOST_l2c(ll,(s));   }  \
                 break;                  \
diff --git a/doc/man7/EVP_MD-SHA2.pod b/doc/man7/EVP_MD-SHA2.pod
index 2a2e799d89..ffee7d1231 100644
--- a/doc/man7/EVP_MD-SHA2.pod
+++ b/doc/man7/EVP_MD-SHA2.pod
@@ -44,6 +44,10 @@ Available with the default provider:
 
 =over 4
 
+=item SHA2-256/192
+
+Known names are "SHA2-256/192", "SHA-256/192" and "SHA256-192".
+
 =item SHA2-512/224
 
 Known names are "SHA2-512/224", "SHA-512/224" and "SHA512-224".
diff --git a/include/crypto/sha.h b/include/crypto/sha.h
index 64305d1790..3f32e96086 100644
--- a/include/crypto/sha.h
+++ b/include/crypto/sha.h
@@ -14,6 +14,7 @@
 
 # include <openssl/sha.h>
 
+int ossl_sha256_192_init(SHA256_CTX *c);
 int sha512_224_init(SHA512_CTX *);
 int sha512_256_init(SHA512_CTX *);
 int ossl_sha1_ctrl(SHA_CTX *ctx, int cmd, int mslen, void *ms);
diff --git a/include/openssl/core_names.h.in b/include/openssl/core_names.h.in
index 133f7830ee..da1767d1e9 100644
--- a/include/openssl/core_names.h.in
+++ b/include/openssl/core_names.h.in
@@ -36,6 +36,7 @@ extern "C" {
 # define OSSL_DIGEST_NAME_SHA1           "SHA1"
 # define OSSL_DIGEST_NAME_SHA2_224       "SHA2-224"
 # define OSSL_DIGEST_NAME_SHA2_256       "SHA2-256"
+# define OSSL_DIGEST_NAME_SHA2_256_192   "SHA2-256/192"
 # define OSSL_DIGEST_NAME_SHA2_384       "SHA2-384"
 # define OSSL_DIGEST_NAME_SHA2_512       "SHA2-512"
 # define OSSL_DIGEST_NAME_SHA2_512_224   "SHA2-512/224"
diff --git a/include/openssl/sha.h b/include/openssl/sha.h
index 6e65a04089..67f89da8f0 100644
--- a/include/openssl/sha.h
+++ b/include/openssl/sha.h
@@ -81,6 +81,7 @@ OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c,
 unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
 
+# define SHA256_192_DIGEST_LENGTH 24
 # define SHA224_DIGEST_LENGTH    28
 # define SHA256_DIGEST_LENGTH    32
 # define SHA384_DIGEST_LENGTH    48
diff --git a/providers/defltprov.c b/providers/defltprov.c
index 8b2ae6bfbf..fa4165b365 100644
--- a/providers/defltprov.c
+++ b/providers/defltprov.c
@@ -103,6 +103,7 @@ static const OSSL_ALGORITHM deflt_digests[] = {
     { PROV_NAMES_SHA1, "provider=default", ossl_sha1_functions },
     { PROV_NAMES_SHA2_224, "provider=default", ossl_sha224_functions },
     { PROV_NAMES_SHA2_256, "provider=default", ossl_sha256_functions },
+    { PROV_NAMES_SHA2_256_192, "provider=default", ossl_sha256_192_functions },
     { PROV_NAMES_SHA2_384, "provider=default", ossl_sha384_functions },
     { PROV_NAMES_SHA2_512, "provider=default", ossl_sha512_functions },
     { PROV_NAMES_SHA2_512_224, "provider=default", ossl_sha512_224_functions },
diff --git a/providers/implementations/digests/sha2_prov.c b/providers/implementations/digests/sha2_prov.c
index 6f9c41a3a6..039c616095 100644
--- a/providers/implementations/digests/sha2_prov.c
+++ b/providers/implementations/digests/sha2_prov.c
@@ -71,7 +71,12 @@ IMPLEMENT_digest_functions(sha224, SHA256_CTX,
 IMPLEMENT_digest_functions(sha256, SHA256_CTX,
                            SHA256_CBLOCK, SHA256_DIGEST_LENGTH, SHA2_FLAGS,
                            SHA256_Init, SHA256_Update, SHA256_Final)
-
+#ifndef FIPS_MODULE
+/* ossl_sha256_192_functions */
+IMPLEMENT_digest_functions(sha256_192, SHA256_CTX,
+                           SHA256_CBLOCK, SHA256_192_DIGEST_LENGTH, SHA2_FLAGS,
+                           ossl_sha256_192_init, SHA256_Update, SHA256_Final)
+#endif
 /* ossl_sha384_functions */
 IMPLEMENT_digest_functions(sha384, SHA512_CTX,
                            SHA512_CBLOCK, SHA384_DIGEST_LENGTH, SHA2_FLAGS,
diff --git a/providers/implementations/include/prov/implementations.h b/providers/implementations/include/prov/implementations.h
index 2c3c54155f..1c7bb4ab8d 100644
--- a/providers/implementations/include/prov/implementations.h
+++ b/providers/implementations/include/prov/implementations.h
@@ -14,6 +14,7 @@
 extern const OSSL_DISPATCH ossl_sha1_functions[];
 extern const OSSL_DISPATCH ossl_sha224_functions[];
 extern const OSSL_DISPATCH ossl_sha256_functions[];
+extern const OSSL_DISPATCH ossl_sha256_192_functions[];
 extern const OSSL_DISPATCH ossl_sha384_functions[];
 extern const OSSL_DISPATCH ossl_sha512_functions[];
 extern const OSSL_DISPATCH ossl_sha512_224_functions[];
diff --git a/providers/implementations/include/prov/names.h b/providers/implementations/include/prov/names.h
index dd40a6a8ed..af7e45a3f6 100644
--- a/providers/implementations/include/prov/names.h
+++ b/providers/implementations/include/prov/names.h
@@ -214,6 +214,7 @@
 #define PROV_NAMES_SHA1 "SHA1:SHA-1:SSL3-SHA1:1.3.14.3.2.26"
 #define PROV_NAMES_SHA2_224 "SHA2-224:SHA-224:SHA224:2.16.840.1.101.3.4.2.4"
 #define PROV_NAMES_SHA2_256 "SHA2-256:SHA-256:SHA256:2.16.840.1.101.3.4.2.1"
+#define PROV_NAMES_SHA2_256_192 "SHA2-256/192:SHA-256/192:SHA256-192"
 #define PROV_NAMES_SHA2_384 "SHA2-384:SHA-384:SHA384:2.16.840.1.101.3.4.2.2"
 #define PROV_NAMES_SHA2_512 "SHA2-512:SHA-512:SHA512:2.16.840.1.101.3.4.2.3"
 #define PROV_NAMES_SHA2_512_224 "SHA2-512/224:SHA-512/224:SHA512-224:2.16.840.1.101.3.4.2.5"
diff --git a/test/recipes/30-test_evp_data/evpmac_common.txt b/test/recipes/30-test_evp_data/evpmac_common.txt
index d9c8a15c01..7bcce7d920 100644
--- a/test/recipes/30-test_evp_data/evpmac_common.txt
+++ b/test/recipes/30-test_evp_data/evpmac_common.txt
@@ -67,6 +67,29 @@ BlockSize = 64
 
 Title = SHA2
 
+Availablein = default
+MAC = HMAC
+Algorithm = SHA256-192
+Input = "Sample message for keylen=blocklen"
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F
+Output = 48C07F4015447032622F0F1F368EBB02EE1424F3529739D6
+OutputSize = 24
+BlockSize = 64
+
+Availablein = default
+MAC = HMAC
+Algorithm = SHA256-192
+Input = "Sample message for keylen<blocklen"
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B
+Output = 6ECCAB0BE3F7657CAF65CAD9784C8177C9F83A685AB52F4C
+
+Availablein = default
+MAC = HMAC
+Algorithm = SHA256-192
+Input = "Sample message for keylen=blocklen"
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F60616263
+Output = 4FC15185394271A626627835B912A9CF641C9CD84F7909A4
+
 MAC = HMAC
 Algorithm = SHA224
 Input = "Sample message for keylen=blocklen"
diff --git a/test/recipes/30-test_evp_data/evpmd_sha.txt b/test/recipes/30-test_evp_data/evpmd_sha.txt
index 1b417bfca7..149137b712 100644
--- a/test/recipes/30-test_evp_data/evpmd_sha.txt
+++ b/test/recipes/30-test_evp_data/evpmd_sha.txt
@@ -58,6 +58,25 @@ Input = "a"
 Ncopy = 64
 Output = cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e046d39ccc7112cd0
 
+Availablein = default
+Digest = SHA256-192
+Input = "abc"
+Output = ba7816bf8f01cfea414140de5dae2223b00361a396177a9c
+
+Availablein = default
+Digest = SHA256-192
+Input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+Output = 248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167
+
+Availablein = default
+Digest = SHA256-192
+Input = "a"
+Ncopy = 288
+Count = 3472
+Input = "a"
+Ncopy = 64
+Output = cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e
+
 Digest = SHA384
 Input = "abc"
 Output = cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7