Review comments

Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
6 years ago · 208527a75d
--- a/+ 3
+++ b/+ 3
@ -4,6 +4,9 @@

 Changes between 1.0.2g and 1.1.0  [xx XXX xxxx]

  *) Add support for blake2b and blake2s
     [Bill Cox]

  *) Added support for "pipelining". Ciphers that have the
     EVP_CIPH_FLAG_PIPELINE flag set have a capability to process multiple
     encryptions/decryptions simultaneously. There are currently no built-in
--- a/apps/progs.h
+++ b/apps/progs.h
@ -225,11 +225,9 @@ static FUNCTION functions[] = {
 #ifndef OPENSSL_NO_RMD160
    { FT_md, "rmd160", dgst_main},
 #endif
 #ifndef OPENSSL_NO_BLAKE2B
    { FT_md, "blake2b", dgst_main},
 #endif
 #ifndef OPENSSL_NO_BLAKE2S
    { FT_md, "blake2s", dgst_main},
 #ifndef OPENSSL_NO_BLAKE2
    { FT_md, "blake2b512", dgst_main},
    { FT_md, "blake2s256", dgst_main},
 #endif
 #ifndef OPENSSL_NO_AES
    { FT_cipher, "aes-128-cbc", enc_main, enc_options },
--- a/crypto/blake2/Makefile.in
+++ b/crypto/blake2/Makefile.in
@ -1,7 +1,3 @@
 #
 # OpenSSL/crypto/blake2/Makefile
 #

 DIR=	blake2
 TOP=	../..
 CC=	cc
@ -17,8 +13,8 @@ AFLAGS= $(ASFLAGS)
 GENERAL=Makefile

 LIB=$(TOP)/libcrypto.a
 LIBSRC=blake2b.c blake2s.c
 LIBOBJ=blake2b.o blake2s.o
 LIBSRC=blake2b.c blake2s.c m_blake2b.c m_blake2s.c
 LIBOBJ=blake2b.o blake2s.o m_blake2b.o m_blake2s.o

 SRC= $(LIBSRC)

--- a/crypto/blake2/blake2_impl.h
+++ b/crypto/blake2/blake2_impl.h
@ -1,101 +1,106 @@
 /*
 * BLAKE2 reference source code package - reference C implementations
 *
 * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>.
 * You may use this under the terms of the CC0, the OpenSSL Licence, or the
 * Apache Public License 2.0, at your option.  The terms of these licenses can
 * be found at:
 *
 * - OpenSSL license   : https://www.openssl.org/source/license.html
 * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
 * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
 *
 * More information about the BLAKE2 hash function can be found at
 * https://blake2.net.
 * Licensed under the OpenSSL licenses, (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * https://www.openssl.org/source/license.html
 * or in the file LICENSE in the source distribution.
 */

 /* crypto/blake2/blake2_impl.h */
 /*
 * Derived from the BLAKE2 reference implementation written by Samuel Neves.
 * More information about the BLAKE2 hash function and its implementations
 * can be found at https://blake2.net.
 */

 #include <stdint.h>
 #include <string.h>
 #include "e_os.h"

 static inline uint32_t load32(const void *src)
 static ossl_inline uint32_t load32(const void *src)
 {
 #if defined(L_ENDIAN)
    uint32_t w;
    memcpy(&w, src, sizeof(w));
    return w;
 #else
    const uint8_t *p = (const uint8_t *)src;
    uint32_t w = *p++;
    w |= (uint32_t)(*p++) <<  8;
    w |= (uint32_t)(*p++) << 16;
    w |= (uint32_t)(*p++) << 24;
    return w;
 #endif
    const union {
        long one;
        char little;
    } is_endian = { 1 };

    if (is_endian.little) {
        uint32_t w;
        memcpy(&w, src, sizeof(w));
        return w;
    } else {
        const uint8_t *p = (const uint8_t *)src;
        uint32_t w = *p++;
        w |= (uint32_t)(*p++) <<  8;
        w |= (uint32_t)(*p++) << 16;
        w |= (uint32_t)(*p++) << 24;
        return w;
    }
 }

 static inline uint64_t load64(const void *src)
 static ossl_inline uint64_t load64(const void *src)
 {
 #if defined(L_ENDIAN)
    uint64_t w;
    memcpy(&w, src, sizeof(w));
    return w;
 #else
    const uint8_t *p = (const uint8_t *)src;
    uint64_t w = *p++;
    w |= (uint64_t)(*p++) <<  8;
    w |= (uint64_t)(*p++) << 16;
    w |= (uint64_t)(*p++) << 24;
    w |= (uint64_t)(*p++) << 32;
    w |= (uint64_t)(*p++) << 40;
    w |= (uint64_t)(*p++) << 48;
    w |= (uint64_t)(*p++) << 56;
    return w;
 #endif
    const union {
        long one;
        char little;
    } is_endian = { 1 };

    if (is_endian.little) {
        uint64_t w;
        memcpy(&w, src, sizeof(w));
        return w;
    } else {
        const uint8_t *p = (const uint8_t *)src;
        uint64_t w = *p++;
        w |= (uint64_t)(*p++) <<  8;
        w |= (uint64_t)(*p++) << 16;
        w |= (uint64_t)(*p++) << 24;
        w |= (uint64_t)(*p++) << 32;
        w |= (uint64_t)(*p++) << 40;
        w |= (uint64_t)(*p++) << 48;
        w |= (uint64_t)(*p++) << 56;
        return w;
    }
 }

 static inline void store32(void *dst, uint32_t w)
 static ossl_inline void store32(void *dst, uint32_t w)
 {
 #if defined(L_ENDIAN)
    memcpy(dst, &w, sizeof(w));
 #else
    uint8_t *p = (uint8_t *)dst;
    *p++ = (uint8_t)w;
    w >>= 8;
    *p++ = (uint8_t)w;
    w >>= 8;
    *p++ = (uint8_t)w;
    w >>= 8;
    *p++ = (uint8_t)w;
 #endif
    const union {
        long one;
        char little;
    } is_endian = { 1 };

    if (is_endian.little) {
        memcpy(dst, &w, sizeof(w));
    } else {
        uint8_t *p = (uint8_t *)dst;
        int i;

        for (i = 0; i < 4; i++)
            p[i] = (uint8_t)(w >> (8 * i));
    }
 }

 static inline void store64(void *dst, uint64_t w)
 static ossl_inline void store64(void *dst, uint64_t w)
 {
 #if defined(L_ENDIAN)
    memcpy(dst, &w, sizeof(w));
 #else
    uint8_t *p = (uint8_t *)dst;
    *p++ = (uint8_t)w;
    w >>= 8;
    *p++ = (uint8_t)w;
    w >>= 8;
    *p++ = (uint8_t)w;
    w >>= 8;
    *p++ = (uint8_t)w;
    w >>= 8;
    *p++ = (uint8_t)w;
    w >>= 8;
    *p++ = (uint8_t)w;
    w >>= 8;
    *p++ = (uint8_t)w;
    w >>= 8;
    *p++ = (uint8_t)w;
 #endif
    const union {
        long one;
        char little;
    } is_endian = { 1 };

    if (is_endian.little) {
        memcpy(dst, &w, sizeof(w));
    } else {
        uint8_t *p = (uint8_t *)dst;
        int i;

        for (i = 0; i < 8; i++)
            p[i] = (uint8_t)(w >> (8 * i));
    }
 }

 static inline uint64_t load48(const void *src)
 static ossl_inline uint64_t load48(const void *src)
 {
    const uint8_t *p = (const uint8_t *)src;
    uint64_t w = *p++;
@ -107,7 +112,7 @@ static inline uint64_t load48(const void *src)
    return w;
 }

 static inline void store48(void *dst, uint64_t w)
 static ossl_inline void store48(void *dst, uint64_t w)
 {
    uint8_t *p = (uint8_t *)dst;
    *p++ = (uint8_t)w;
@ -123,22 +128,12 @@ static inline void store48(void *dst, uint64_t w)
    *p++ = (uint8_t)w;
 }

 static inline uint32_t rotl32(const uint32_t w, const unsigned c)
 {
    return (w << c) | (w >> (32 - c));
 }

 static inline uint64_t rotl64(const uint64_t w, const unsigned c)
 {
    return (w << c) | (w >> (64 - c));
 }

 static inline uint32_t rotr32(const uint32_t w, const unsigned c)
 static ossl_inline uint32_t rotr32(const uint32_t w, const unsigned c)
 {
    return (w >> c) | (w << (32 - c));
 }

 static inline uint64_t rotr64(const uint64_t w, const unsigned c)
 static ossl_inline uint64_t rotr64(const uint64_t w, const unsigned c)
 {
    return (w >> c) | (w << (64 - c));
 }
--- a/crypto/blake2/blake2b.c
+++ b/crypto/blake2/blake2b.c
@ -1,35 +1,33 @@
 /*
 * BLAKE2 reference source code package - reference C implementations
 *
 * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>.
 * You may use this under the terms of the CC0, the OpenSSL Licence, or the
 * Apache Public License 2.0, at your option.  The terms of these licenses can
 * be found at:
 *
 * - OpenSSL license   : https://www.openssl.org/source/license.html
 * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
 * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
 *
 * More information about the BLAKE2 hash function can be found at
 * https://blake2.net.
 * Licensed under the OpenSSL licenses, (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * https://www.openssl.org/source/license.html
 * or in the file LICENSE in the source distribution.
 */

 /* crypto/blake2/blake2b.c */
 /*
 * Derived from the BLAKE2 reference implementation written by Samuel Neves.
 * More information about the BLAKE2 hash function and its implementations
 * can be found at https://blake2.net.
 */

 #include <stdint.h>
 #include <string.h>
 #include <stdio.h>
 #include <openssl/crypto.h>
 #include "e_os.h"

 #include "internal/blake2_locl.h"
 #include "blake2_impl.h"

 static const uint64_t blake2b_IV[8] =
 {
    0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL,
    0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL,
    0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL,
    0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL
    0x6a09e667f3bcc908U, 0xbb67ae8584caa73bU,
    0x3c6ef372fe94f82bU, 0xa54ff53a5f1d36f1U,
    0x510e527fade682d1U, 0x9b05688c2b3e6c1fU,
    0x1f83d9abfb41bd6bU, 0x5be0cd19137e2179U
 };

 static const uint8_t blake2b_sigma[12][16] =
@ -48,26 +46,26 @@ static const uint8_t blake2b_sigma[12][16] =
    { 14, 10,  4,  8,  9, 15, 13,  6,  1, 12,  0,  2, 11,  7,  5,  3 }
 };

 /* Some helper functions, not necessarily useful */
 static inline void blake2b_set_lastblock(BLAKE2B_CTX *S)
 /* Set that it's the last block we'll compress */
 static ossl_inline void blake2b_set_lastblock(BLAKE2B_CTX *S)
 {
    S->f[0] = -1;
 }

 /* Increment the data hashed couter. */
 static inline void blake2b_increment_counter(BLAKE2B_CTX *S,
                                             const uint64_t inc)
 /* Increment the data hashed counter. */
 static ossl_inline void blake2b_increment_counter(BLAKE2B_CTX *S,
                                                  const uint64_t inc)
 {
    S->t[0] += inc;
    S->t[1] += (S->t[0] < inc);
 }

 /* Initialize the hashing state. */
 static inline void blake2b_init0(BLAKE2B_CTX *S)
 static ossl_inline void blake2b_init0(BLAKE2B_CTX *S)
 {
    int i;
    memset(S, 0, sizeof(BLAKE2B_CTX));

    memset(S, 0, sizeof(BLAKE2B_CTX));
    for(i = 0; i < 8; ++i) {
        S->h[i] = blake2b_IV[i];
    }
@ -202,7 +200,7 @@ int BLAKE2b_Update(BLAKE2B_CTX *c, const void *data, size_t datalen)
 }

 /*
 * Finalize the hash state in a way that avoids length extension attacks.
 * Calculate the final hash and save it in md.
 * Always returns 1.
 */
 int BLAKE2b_Final(unsigned char *md, BLAKE2B_CTX *c)
--- a/crypto/blake2/blake2s.c
+++ b/crypto/blake2/blake2s.c
@ -1,33 +1,31 @@
 /*
 * BLAKE2 reference source code package - reference C implementations
 *
 * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>.
 * You may use this under the terms of the CC0, the OpenSSL Licence, or the
 * Apache Public License 2.0, at your option.  The terms of these licenses can
 * be found at:
 *
 * - OpenSSL license   : https://www.openssl.org/source/license.html
 * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
 * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
 *
 * More information about the BLAKE2 hash function can be found at
 * https://blake2.net.
 * Licensed under the OpenSSL licenses, (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * https://www.openssl.org/source/license.html
 * or in the file LICENSE in the source distribution.
 */

 /* crypto/blake2/blake2s.c */
 /*
 * Derived from the BLAKE2 reference implementation written by Samuel Neves.
 * More information about the BLAKE2 hash function and its implementations
 * can be found at https://blake2.net.
 */

 #include <stdint.h>
 #include <string.h>
 #include <stdio.h>
 #include <openssl/crypto.h>
 #include "e_os.h"

 #include "internal/blake2_locl.h"
 #include "blake2_impl.h"

 static const uint32_t blake2s_IV[8] =
 {
    0x6A09E667UL, 0xBB67AE85UL, 0x3C6EF372UL, 0xA54FF53AUL,
    0x510E527FUL, 0x9B05688CUL, 0x1F83D9ABUL, 0x5BE0CD19UL
    0x6A09E667U, 0xBB67AE85U, 0x3C6EF372U, 0xA54FF53AU,
    0x510E527FU, 0x9B05688CU, 0x1F83D9ABU, 0x5BE0CD19U
 };

 static const uint8_t blake2s_sigma[10][16] =
@ -44,22 +42,22 @@ static const uint8_t blake2s_sigma[10][16] =
    { 10,  2,  8,  4,  7,  6,  1,  5, 15, 11,  9, 14,  3, 12, 13 , 0 } ,
 };

 /* Some helper functions, not necessarily useful */
 static inline void blake2s_set_lastblock(BLAKE2S_CTX *S)
 /* Set that it's the last block we'll compress */
 static ossl_inline void blake2s_set_lastblock(BLAKE2S_CTX *S)
 {
  S->f[0] = -1;
    S->f[0] = -1;
 }

 /* Increment the data hashed couter. */
 static inline void blake2s_increment_counter(BLAKE2S_CTX *S,
                                             const uint32_t inc)
 /* Increment the data hashed counter. */
 static ossl_inline void blake2s_increment_counter(BLAKE2S_CTX *S,
                                                  const uint32_t inc)
 {
    S->t[0] += inc;
    S->t[1] += (S->t[0] < inc);
 }

 /* Initialize the hashing state. */
 static inline void blake2s_init0(BLAKE2S_CTX *S)
 static ossl_inline void blake2s_init0(BLAKE2S_CTX *S)
 {
    int i;

@ -98,7 +96,6 @@ int BLAKE2s_Init(BLAKE2S_CTX *c)
    store48(&P->node_offset, 0);
    P->node_depth    = 0;
    P->inner_length  = 0;
    /* memset(P->reserved, 0, sizeof(P->reserved)); */
    memset(P->salt,     0, sizeof(P->salt));
    memset(P->personal, 0, sizeof(P->personal));
    blake2s_init_param(c, P);
@ -197,7 +194,7 @@ int BLAKE2s_Update(BLAKE2S_CTX *c, const void *data, size_t datalen)
 }

 /*
 * Finalize the hash state in a way that avoids length extension attacks.
 * Calculate the final hash and save it in md.
 * Always returns 1.
 */
 int BLAKE2s_Final(unsigned char *md, BLAKE2S_CTX *c)
--- a/crypto/blake2/build.info
+++ b/crypto/blake2/build.info
@ -1,3 +1,3 @@
 LIBS=../../libcrypto
 SOURCE[../../libcrypto]=\
        blake2b.c blake2s.c
        blake2b.c blake2s.c m_blake2b.c m_blake2s.c
--- a/crypto/blake2/m_blake2b.c
+++ b/crypto/blake2/m_blake2b.c
--- a/crypto/blake2/m_blake2s.c
+++ b/crypto/blake2/m_blake2s.c
--- a/crypto/evp/Makefile.in
+++ b/crypto/evp/Makefile.in
@ -20,7 +20,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_cnf.c \
 	e_rc4.c e_aes.c names.c e_seed.c \
 	e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \
 	m_null.c m_md2.c m_md4.c m_md5.c m_sha1.c m_wp.c \
 	m_md5_sha1.c m_mdc2.c m_ripemd.c m_blake2b.c m_blake2s.c \
 	m_md5_sha1.c m_mdc2.c m_ripemd.c \
 	p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
 	bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
 	c_allc.c c_alld.c evp_lib.c bio_ok.c \
@ -34,7 +34,7 @@ LIBOBJ=	encode.o digest.o evp_enc.o evp_key.o evp_cnf.o \
 	e_rc4.o e_aes.o names.o e_seed.o \
 	e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \
 	m_null.o m_md2.o m_md4.o m_md5.o m_sha1.o m_wp.o \
 	m_md5_sha1.o m_mdc2.o m_ripemd.o m_blake2b.o m_blake2s.o \
 	m_md5_sha1.o m_mdc2.o m_ripemd.o \
 	p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \
 	bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
 	c_allc.o c_alld.o evp_lib.o bio_ok.o \
--- a/crypto/evp/build.info
+++ b/crypto/evp/build.info
@ -5,7 +5,7 @@ SOURCE[../../libcrypto]=\
        e_rc4.c e_aes.c names.c e_seed.c \
        e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \
        m_null.c m_md2.c m_md4.c m_md5.c m_sha1.c m_wp.c \
        m_md5_sha1.c m_mdc2.c m_ripemd.c m_blake2b.c m_blake2s.c \
        m_md5_sha1.c m_mdc2.c m_ripemd.c \
        p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
        bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
        c_allc.c c_alld.c evp_lib.c bio_ok.c \
--- a/crypto/evp/c_alld.c
+++ b/crypto/evp/c_alld.c
@ -91,7 +91,7 @@ void openssl_add_all_digests_internal(void)
    EVP_add_digest(EVP_whirlpool());
 #endif
 #ifndef OPENSSL_NO_BLAKE2
    EVP_add_digest(EVP_blake2b());
    EVP_add_digest(EVP_blake2s());
    EVP_add_digest(EVP_blake2b512());
    EVP_add_digest(EVP_blake2s256());
 #endif
 }
--- a/crypto/include/internal/blake2_locl.h
+++ b/crypto/include/internal/blake2_locl.h
@ -1,23 +1,22 @@
 /*
 * BLAKE2 reference source code package - reference C implementations
 *
 * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>.
 * You may use this under the terms of the CC0, the OpenSSL Licence, or the
 * Apache Public License 2.0, at your option.  The terms of these licenses can
 * be found at:
 *
 * - OpenSSL license   : https://www.openssl.org/source/license.html
 * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
 * - CC0 1.0 Universal : http://www.apache.org/licenses/LICENSE-2.0
 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
 *
 * More information about the BLAKE2 hash function can be found at
 * https://blake2.net.
 * Licensed under the OpenSSL licenses, (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * https://www.openssl.org/source/license.html
 * or in the file LICENSE in the source distribution.
 */

 /* crypto/blake2/blake2_locl.h */
 /*
 * Derived from the BLAKE2 reference implementation written by Samuel Neves.
 * More information about the BLAKE2 hash function and its implementations
 * can be found at https://blake2.net.
 */

 #include <stddef.h>
 #include <stdint.h>
 #include "e_os.h"

 # ifdef OPENSSL_NO_BLAKE2
 #  error BLAKE2 is disabled.
@ -44,7 +43,6 @@ struct blake2s_param_st {
    uint8_t  node_offset[6];/* 14 */
    uint8_t  node_depth;    /* 15 */
    uint8_t  inner_length;  /* 16 */
    /* uint8_t  reserved[0]; */
    uint8_t  salt[BLAKE2S_SALTBYTES]; /* 24 */
    uint8_t  personal[BLAKE2S_PERSONALBYTES];  /* 32 */
 };
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@ -1011,8 +1011,8 @@ static const unsigned char lvalues[6744]={
 0x2B,0x06,0x01,0x05,0x02,0x03,0x05,          /* [6696] OBJ_pkInitKDC */
 0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x0F,0x01,/* [6703] OBJ_X25519 */
 0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x0F,0x02,/* [6712] OBJ_X448 */
 0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x01,0x10,/* [6721] OBJ_blake2b */
 0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x02,0x08,/* [6732] OBJ_blake2s */
 0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x01,0x10,/* [6721] OBJ_blake2b512 */
 0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x02,0x08,/* [6732] OBJ_blake2s256 */
 };

 static const ASN1_OBJECT nid_objs[NUM_NID]={
@ -2726,8 +2726,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
 {"AuthNULL","auth-null",NID_auth_null,0,NULL,0},
 {NULL,NULL,NID_undef,0,NULL,0},
 {NULL,NULL,NID_undef,0,NULL,0},
 {"BLAKE2b","blake2b",NID_blake2b,11,&(lvalues[6721]),0},
 {"BLAKE2s","blake2s",NID_blake2s,11,&(lvalues[6732]),0},
 {"BLAKE2b512","blake2b512",NID_blake2b512,11,&(lvalues[6721]),0},
 {"BLAKE2s256","blake2s256",NID_blake2s256,11,&(lvalues[6732]),0},
 };

 static const unsigned int sn_objs[NUM_SN]={
@ -2776,8 +2776,8 @@ static const unsigned int sn_objs[NUM_SN]={
 93,	/* "BF-CFB" */
 92,	/* "BF-ECB" */
 94,	/* "BF-OFB" */
 1056,	/* "BLAKE2b" */
 1057,	/* "BLAKE2s" */
 1056,	/* "BLAKE2b512" */
 1057,	/* "BLAKE2s256" */
 14,	/* "C" */
 751,	/* "CAMELLIA-128-CBC" */
 962,	/* "CAMELLIA-128-CCM" */
@ -4016,8 +4016,8 @@ static const unsigned int ln_objs[NUM_LN]={
 93,	/* "bf-cfb" */
 92,	/* "bf-ecb" */
 94,	/* "bf-ofb" */
 1056,	/* "blake2b" */
 1057,	/* "blake2s" */
 1056,	/* "blake2b512" */
 1057,	/* "blake2s256" */
 921,	/* "brainpoolP160r1" */
 922,	/* "brainpoolP160t1" */
 923,	/* "brainpoolP192r1" */
@ -5786,7 +5786,7 @@ static const unsigned int obj_objs[NUM_OBJ]={
 955,	/* OBJ_jurisdictionLocalityName     1 3 6 1 4 1 311 60 2 1 1 */
 956,	/* OBJ_jurisdictionStateOrProvinceName 1 3 6 1 4 1 311 60 2 1 2 */
 957,	/* OBJ_jurisdictionCountryName      1 3 6 1 4 1 311 60 2 1 3 */
 1056,	/* OBJ_blake2b                      1 3 6 1 4 1 1722 12 2 1 16 */
 1057,	/* OBJ_blake2s                      1 3 6 1 4 1 1722 12 2 2 8 */
 1056,	/* OBJ_blake2b512                   1 3 6 1 4 1 1722 12 2 1 16 */
 1057,	/* OBJ_blake2s256                   1 3 6 1 4 1 1722 12 2 2 8 */
 };

--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
@ -1053,5 +1053,5 @@ auth_srp		1052
 auth_null		1053
 fips_none		1054
 fips_140_2		1055
 blake2b		1056
 blake2s		1057
 blake2b512		1056
 blake2s256		1057
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@ -671,8 +671,8 @@ algorithm 29		: RSA-SHA1-2		: sha1WithRSA
 1 3 36 3 2 1		: RIPEMD160		: ripemd160
 1 3 36 3 3 1 2		: RSA-RIPEMD160		: ripemd160WithRSA

 1 3 6 1 4 1 1722 12 2 1 16 : BLAKE2b            : blake2b
 1 3 6 1 4 1 1722 12 2 2 8  : BLAKE2s            : blake2s
 1 3 6 1 4 1 1722 12 2 1 16 : BLAKE2b512        : blake2b512
 1 3 6 1 4 1 1722 12 2 2 8  : BLAKE2s256        : blake2s256

 !Cname sxnet
 1 3 101 1 4 1		: SXNetID		: Strong Extranet ID
--- a/doc/crypto/EVP_DigestInit.pod
+++ b/doc/crypto/EVP_DigestInit.pod
@ -8,7 +8,7 @@ EVP_DigestInit, EVP_DigestFinal, EVP_MD_CTX_copy, EVP_MD_type,
 EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size,
 EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha1,
 EVP_sha224, EVP_sha256, EVP_sha384, EVP_sha512, EVP_mdc2,
 EVP_ripemd160, EVP_blake2b, EVP_blake2s, EVP_get_digestbyname,
 EVP_ripemd160, EVP_blake2b_512, EVP_blake2s_256, EVP_get_digestbyname,
 EVP_get_digestbynid, EVP_get_digestbyobj - EVP digest routines

 =head1 SYNOPSIS
@ -57,8 +57,8 @@ EVP_get_digestbynid, EVP_get_digestbyobj - EVP digest routines
 const EVP_MD *EVP_sha1(void);
 const EVP_MD *EVP_mdc2(void);
 const EVP_MD *EVP_ripemd160(void);
 const EVP_MD *EVP_blake2b(void);
 const EVP_MD *EVP_blake2s(void);
 const EVP_MD *EVP_blake2b_512(void);
 const EVP_MD *EVP_blake2s_256(void);

 const EVP_MD *EVP_sha224(void);
 const EVP_MD *EVP_sha256(void);
@ -136,10 +136,10 @@ are no longer linked this function is only retained for compatibility
 reasons.

 EVP_md2(), EVP_md5(), EVP_sha1(), EVP_sha224(), EVP_sha256(),
 EVP_sha384(), EVP_sha512(), EVP_mdc2(), EVP_ripemd160(), EVP_blake2b, and
 EVP_blake2s return B<EVP_MD> structures for the MD2, MD5, SHA1, SHA224, SHA256,
 SHA384, SHA512, MDC2, RIPEMD160, BLAKE2b, and BLAKE2s digest algorithms
 respectively.
 EVP_sha384(), EVP_sha512(), EVP_mdc2(), EVP_ripemd160(), EVP_blake2b_512(), and
 EVP_blake2s_256() return B<EVP_MD> structures for the MD2, MD5, SHA1, SHA224,
 SHA256, SHA384, SHA512, MDC2, RIPEMD160, BLAKE2b-512, and BLAKE2s-256 digest
 algorithms respectively.

 EVP_md_null() is a "null" message digest that does nothing: i.e. the hash it
 returns is of zero length.
@ -162,8 +162,8 @@ EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and
 EVP_MD_CTX_block_size() return the digest or block size in bytes.

 EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha1(),
 EVP_mdc2(), EVP_ripemd160(), EVP_blake2b(), and EVP_blake2s() return pointers
 to the corresponding EVP_MD structures.
 EVP_mdc2(), EVP_ripemd160(), EVP_blake2b_512(), and EVP_blake2s_256() return
 pointers to the corresponding EVP_MD structures.

 EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj()
 return either an B<EVP_MD> structure or NULL if an error occurs.
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@ -701,8 +701,8 @@ const EVP_MD *EVP_md5(void);
 const EVP_MD *EVP_md5_sha1(void);
 # endif
 # ifndef OPENSSL_NO_BLAKE2
 const EVP_MD *EVP_blake2b(void);
 const EVP_MD *EVP_blake2s(void);
 const EVP_MD *EVP_blake2b512(void);
 const EVP_MD *EVP_blake2s256(void);
 # endif
 const EVP_MD *EVP_sha1(void);
 const EVP_MD *EVP_sha224(void);
--- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h
@ -2078,15 +2078,15 @@
 #define NID_ripemd160WithRSA            119
 #define OBJ_ripemd160WithRSA            1L,3L,36L,3L,3L,1L,2L

 #define SN_blake2b              "BLAKE2b"
 #define LN_blake2b              "blake2b"
 #define NID_blake2b             1056
 #define OBJ_blake2b             1L,3L,6L,1L,4L,1L,1722L,12L,2L,1L,16L

 #define SN_blake2s              "BLAKE2s"
 #define LN_blake2s              "blake2s"
 #define NID_blake2s             1057
 #define OBJ_blake2s             1L,3L,6L,1L,4L,1L,1722L,12L,2L,2L,8L
 #define SN_blake2b512           "BLAKE2b512"
 #define LN_blake2b512           "blake2b512"
 #define NID_blake2b512          1056
 #define OBJ_blake2b512          1L,3L,6L,1L,4L,1L,1722L,12L,2L,1L,16L

 #define SN_blake2s256           "BLAKE2s256"
 #define LN_blake2s256           "blake2s256"
 #define NID_blake2s256          1057
 #define OBJ_blake2s256          1L,3L,6L,1L,4L,1L,1722L,12L,2L,2L,8L

 #define SN_sxnet                "SXNetID"
 #define LN_sxnet                "Strong Extranet ID"
--- a/include/openssl/objects.h
+++ b/include/openssl/objects.h
@ -642,16 +642,6 @@
 #  define NID_ripemd160WithRSA            119
 #  define OBJ_ripemd160WithRSA            1L,3L,36L,3L,3L,1L,2L

 #  define SN_blake2b                      "BLAKE2b"
 #  define LN_blake2b                      "blake2b"
 #  define NID_blake2b                     1022
 #  define OBJ_blake2b                     1,3,6,1,4,1,1722,12,2,1,16

 #  define SN_blake2s                      "BLAKE2s"
 #  define LN_blake2s                      "blake2"
 #  define NID_blake2s                     1023
 #  define OBJ_blake2s                     1,3,6,1,4,1,1722,12,2,2,8

 /*-
 * Taken from rfc2040
 *  RC5_CBC_Parameters ::= SEQUENCE {
--- a/test/evptests.txt
+++ b/test/evptests.txt
@ -3,59 +3,62 @@
 #digest:::input:output

 # BLAKE2 tests, using same inputs as MD5
 Digest = BLAKE2s
 # There are no official BLAKE2 test vectors we can use since they all use a key
 # Which is currently unsupported by OpenSSL.  They were generated using the
 # reference implementation.  RFC7693 also mentions the 616263 / "abc" values.
 Digest = BLAKE2s256
 Input = 
 Output = 69217a3079908094e11121d042354a7c1f55b6482ca1a51e1b250dfd1ed0eef9

 Digest = BLAKE2s
 Digest = BLAKE2s256
 Input = 61
 Output = 4a0d129873403037c2cd9b9048203687f6233fb6738956e0349bd4320fec3e90

 Digest = BLAKE2s
 Digest = BLAKE2s256
 Input = 616263
 Output = 508c5e8c327c14e2e1a72ba34eeb452f37458b209ed63a294d999b4c86675982

 Digest = BLAKE2s
 Digest = BLAKE2s256
 Input = 6d65737361676520646967657374
 Output = fa10ab775acf89b7d3c8a6e823d586f6b67bdbac4ce207fe145b7d3ac25cd28c

 Digest = BLAKE2s
 Digest = BLAKE2s256
 Input = 6162636465666768696a6b6c6d6e6f707172737475767778797a
 Output = bdf88eb1f86a0cdf0e840ba88fa118508369df186c7355b4b16cf79fa2710a12

 Digest = BLAKE2s
 Digest = BLAKE2s256
 Input = 4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839
 Output = c75439ea17e1de6fa4510c335dc3d3f343e6f9e1ce2773e25b4174f1df8b119b

 Digest = BLAKE2s
 Digest = BLAKE2s256
 Input = 3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930
 Output = fdaedb290a0d5af9870864fec2e090200989dc9cd53a3c092129e8535e8b4f66

 Digest = BLAKE2b
 Digest = BLAKE2b512
 Input = 
 Output = 786a02f742015903c6c6fd852552d272912f4740e15847618a86e217f71f5419d25e1031afee585313896444934eb04b903a685b1448b755d56f701afe9be2ce

 Digest = BLAKE2b
 Digest = BLAKE2b512
 Input = 61
 Output = 333fcb4ee1aa7c115355ec66ceac917c8bfd815bf7587d325aec1864edd24e34d5abe2c6b1b5ee3face62fed78dbef802f2a85cb91d455a8f5249d330853cb3c

 Digest = BLAKE2b
 Digest = BLAKE2b512
 Input = 616263
 Output = ba80a53f981c4d0d6a2797b69f12f6e94c212f14685ac4b74b12bb6fdbffa2d17d87c5392aab792dc252d5de4533cc9518d38aa8dbf1925ab92386edd4009923

 Digest = BLAKE2b
 Digest = BLAKE2b512
 Input = 6d65737361676520646967657374
 Output = 3c26ce487b1c0f062363afa3c675ebdbf5f4ef9bdc022cfbef91e3111cdc283840d8331fc30a8a0906cff4bcdbcd230c61aaec60fdfad457ed96b709a382359a

 Digest = BLAKE2b
 Digest = BLAKE2b512
 Input = 6162636465666768696a6b6c6d6e6f707172737475767778797a
 Output = c68ede143e416eb7b4aaae0d8e48e55dd529eafed10b1df1a61416953a2b0a5666c761e7d412e6709e31ffe221b7a7a73908cb95a4d120b8b090a87d1fbedb4c

 Digest = BLAKE2b
 Digest = BLAKE2b512
 Input = 4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839
 Output = 99964802e5c25e703722905d3fb80046b6bca698ca9e2cc7e49b4fe1fa087c2edf0312dfbb275cf250a1e542fd5dc2edd313f9c491127c2e8c0c9b24168e2d50

 Digest = BLAKE2b
 Digest = BLAKE2b512
 Input = 3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930
 Output = 686f41ec5afff6e87e1f076f542aa466466ff5fbde162c48481ba48a748d842799f5b30f5b67fc684771b33b994206d05cc310f31914edd7b97e41860d77d282

--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@ -4057,5 +4057,5 @@ ECPKPARAMETERS_it                       3923	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:
 EC_GROUP_get_ecparameters               3924	1_1_0	EXIST::FUNCTION:EC
 DHparams_it                             3925	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DH
 DHparams_it                             3925	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DH
 EVP_blake2b                             3926	1_1_0	EXIST::FUNCTION:BLAKE2
 EVP_blake2s                             3927	1_1_0	EXIST::FUNCTION:BLAKE2
 EVP_blake2b_512                         3926	1_1_0	EXIST::FUNCTION:BLAKE2
 EVP_blake2s_256                         3927	1_1_0	EXIST::FUNCTION:BLAKE2