From ae7d90a1594dabf72123f395f9f2436452ab5d9a Mon Sep 17 00:00:00 2001
From: Pauli <ppzgs1@gmail.com>
Date: Thu, 25 Feb 2021 09:52:26 +1000
Subject: [PATCH] siphash: Add the C and D round parameters for SipHash.

This represents a gap in functionality from the low level APIs.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
---
 crypto/siphash/siphash.c                      |  8 ++------
 crypto/siphash/siphash_local.h                | 11 ++++++++---
 doc/man7/EVP_MAC-Siphash.pod                  |  8 ++++++++
 include/openssl/core_names.h                  |  2 ++
 providers/implementations/macs/siphash_prov.c | 19 ++++++++++++++++---
 5 files changed, 36 insertions(+), 12 deletions(-)

diff --git a/crypto/siphash/siphash.c b/crypto/siphash/siphash.c
index 03f9b4982d..eaad0a8e4a 100644
--- a/crypto/siphash/siphash.c
+++ b/crypto/siphash/siphash.c
@@ -30,10 +30,6 @@
 #include "crypto/siphash.h"
 #include "siphash_local.h"
 
-/* default: SipHash-2-4 */
-#define SIPHASH_C_ROUNDS 2
-#define SIPHASH_D_ROUNDS 4
-
 #define ROTL(x, b) (uint64_t)(((x) << (b)) | ((x) >> (64 - (b))))
 
 #define U32TO8_LE(p, v)                                                        \
@@ -146,7 +142,7 @@ void SipHash_Update(SIPHASH *ctx, const unsigned char *in, size_t inlen)
     uint64_t m;
     const uint8_t *end;
     int left;
-    int i;
+    unsigned int i;
     uint64_t v0 = ctx->v0;
     uint64_t v1 = ctx->v1;
     uint64_t v2 = ctx->v2;
@@ -202,7 +198,7 @@ void SipHash_Update(SIPHASH *ctx, const unsigned char *in, size_t inlen)
 int SipHash_Final(SIPHASH *ctx, unsigned char *out, size_t outlen)
 {
     /* finalize hash */
-    int i;
+    unsigned int i;
     uint64_t b = ctx->total_inlen << 56;
     uint64_t v0 = ctx->v0;
     uint64_t v1 = ctx->v1;
diff --git a/crypto/siphash/siphash_local.h b/crypto/siphash/siphash_local.h
index 4841284c04..8cd7c208cc 100644
--- a/crypto/siphash/siphash_local.h
+++ b/crypto/siphash/siphash_local.h
@@ -16,8 +16,13 @@ struct siphash_st {
     uint64_t v2;
     uint64_t v3;
     unsigned int len;
-    int hash_size;
-    int crounds;
-    int drounds;
+    unsigned int hash_size;
+    unsigned int crounds;
+    unsigned int drounds;
     unsigned char leavings[SIPHASH_BLOCK_SIZE];
 };
+
+/* default: SipHash-2-4 */
+#define SIPHASH_C_ROUNDS 2
+#define SIPHASH_D_ROUNDS 4
+
diff --git a/doc/man7/EVP_MAC-Siphash.pod b/doc/man7/EVP_MAC-Siphash.pod
index d0a4226ae5..2b6f2ae4e4 100644
--- a/doc/man7/EVP_MAC-Siphash.pod
+++ b/doc/man7/EVP_MAC-Siphash.pod
@@ -36,6 +36,14 @@ The length of the "size" parameter should not exceed that of a B<size_t>.
 
 =item "size" (B<OSSL_MAC_PARAM_SIZE>) <unsigned integer>
 
+=item "c-rounds" (B<OSSL_MAC_PARAM_C_ROUNDS>) <unsigned integer>
+
+Specifies the number of rounds per message block.  By default this is I<2>.
+
+=item "d-rounds" (B<OSSL_MAC_PARAM_D_ROUNDS>) <unsigned integer>
+
+Specifies the number of finalisation rounds.  By default this is I<4>.
+
 =back
 
 =head1 SEE ALSO
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index cb8d83ba88..0f242e3605 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -158,6 +158,8 @@ extern "C" {
 #define OSSL_MAC_PARAM_XOF            "xof"            /* int, 0 or 1 */
 #define OSSL_MAC_PARAM_DIGEST_NOINIT  "digest-noinit"  /* int, 0 or 1 */
 #define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" /* int, 0 or 1 */
+#define OSSL_MAC_PARAM_C_ROUNDS       "c-rounds"       /* unsigned int */
+#define OSSL_MAC_PARAM_D_ROUNDS       "d-rounds"       /* unsigned int */
 
 /*
  * If "engine" or "properties" are specified, they should always be paired
diff --git a/providers/implementations/macs/siphash_prov.c b/providers/implementations/macs/siphash_prov.c
index 95a345495e..bc7cb0e3ed 100644
--- a/providers/implementations/macs/siphash_prov.c
+++ b/providers/implementations/macs/siphash_prov.c
@@ -88,7 +88,6 @@ static size_t siphash_size(void *vmacctx)
 
 static int siphash_init(void *vmacctx)
 {
-    /* Not much to do here, actual initialization happens through controls */
     return ossl_prov_is_running();
 }
 
@@ -140,6 +139,8 @@ static int siphash_get_ctx_params(void *vmacctx, OSSL_PARAM params[])
 static const OSSL_PARAM known_settable_ctx_params[] = {
     OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL),
     OSSL_PARAM_octet_string(OSSL_MAC_PARAM_KEY, NULL, 0),
+    OSSL_PARAM_uint(OSSL_MAC_PARAM_C_ROUNDS, NULL),
+    OSSL_PARAM_uint(OSSL_MAC_PARAM_D_ROUNDS, NULL),
     OSSL_PARAM_END
 };
 
@@ -153,10 +154,10 @@ static int siphash_set_params(void *vmacctx, const OSSL_PARAM *params)
 {
     struct siphash_data_st *ctx = vmacctx;
     const OSSL_PARAM *p = NULL;
+    unsigned int u;
+    size_t size;
 
     if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_SIZE)) != NULL) {
-        size_t size;
-
         if (!OSSL_PARAM_get_size_t(p, &size)
             || !SipHash_set_hash_size(&ctx->siphash, size))
             return 0;
@@ -166,6 +167,18 @@ static int siphash_set_params(void *vmacctx, const OSSL_PARAM *params)
             || p->data_size != SIPHASH_KEY_SIZE
             || !SipHash_Init(&ctx->siphash, p->data, 0, 0))
             return 0;
+    if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_C_ROUNDS)) != NULL) {
+        if (!OSSL_PARAM_get_uint(p, &ctx->siphash.crounds))
+            return 0;
+        if (ctx->siphash.crounds == 0)
+            ctx->siphash.crounds = SIPHASH_C_ROUNDS;
+    }
+    if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_D_ROUNDS)) != NULL) {
+        if (!OSSL_PARAM_get_uint(p, &ctx->siphash.drounds))
+            return 0;
+        if (ctx->siphash.drounds == 0)
+            ctx->siphash.drounds = SIPHASH_D_ROUNDS;
+    }
     return 1;
 }
 
-- 
2.39.2