Setting the SipHash hash size and setting its key is done with two
independent functions... and yet, the internals depend on both.
Unfortunately, the function to change the size wasn't adapted for the
possibility that the key was set first, with a different hash size.
This changes the hash setting function to fix the internal values
(which is easy, fortunately) according to the hash size.
evpmac.txt value for digestsize:8 is also corrected.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7613)
&& hash_size != SIPHASH_MAX_DIGEST_SIZE)
return 0;
- ctx->hash_size = hash_size;
+ /*
+ * It's possible that the key was set first. If the hash size changes,
+ * we need to adjust v1 (see SipHash_Init().
+ */
+
+ /* Start by adjusting the stored size, to make things easier */
+ ctx->hash_size = siphash_adjust_hash_size(ctx->hash_size);
+
+ /* Now, adjust ctx->v1 if the old and the new size differ */
+ if ((size_t)ctx->hash_size != hash_size) {
+ ctx->v1 ^= 0xee;
+ ctx->hash_size = hash_size;
+ }
return 1;
}
Ctrl = digestsize:8
Key = 000102030405060708090A0B0C0D0E0F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E
-Output = B96AB0B9D449A78A
+Output = 724506EB4C328A95
# SIPHASH - default values: 2,4 rounds, explicit 16-byte mac