bpo-33164: update blake2 implementation (GH-6286)

Misc/NEWS.d/next/Security/2018-03-30-12-26-47.bpo-33164.aO29Cx.rst

+Updated blake2 implementation which uses secure memset implementation provided by platform.

Modules/_blake2/impl/blake2-config.h

 /*
    BLAKE2 reference source code package - optimized C implementations
 
-   Copyright 2012, Samuel Neves <sneves@dei.uc.pt>.  You may use this under the
-   terms of the CC0, the OpenSSL Licence, or the Apache Public License 2.0, at
-   your option.  The terms of these licenses can be found at:
+   Written in 2012 by Samuel Neves <sneves@dei.uc.pt>
 
-   - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
-   - OpenSSL license   : https://www.openssl.org/source/license.html
-   - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+   To the extent possible under law, the author(s) have dedicated all copyright
+   and related and neighboring rights to this software to the public domain
+   worldwide. This software is distributed without any warranty.
 
-   More information about the BLAKE2 hash function can be found at
-   https://blake2.net.
+   You should have received a copy of the CC0 Public Domain Dedication along with
+   this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
 */
 #pragma once
 #ifndef __BLAKE2_CONFIG_H__
 #define __BLAKE2_CONFIG_H__
 
-/* These don't work everywhere */
-#if defined(__SSE2__) || defined(__x86_64__) || defined(__amd64__)
+#if defined(__SSE2__)
 #define HAVE_SSE2
 #endif
 
@@ -26,7 +23,7 @@
 #endif
 
 #if defined(__SSE4_1__)
-#define HAVE_SSE41
+#define HAVE_SSE4_1
 #endif
 
 #if defined(__AVX__)
@@ -51,8 +48,8 @@
 #endif
 
 #ifdef HAVE_AVX
-#ifndef HAVE_SSE41
-#define HAVE_SSE41
+#ifndef HAVE_SSE4_1
+#define HAVE_SSE4_1
 #endif
 #endif
 

Modules/_blake2/impl/blake2-impl.h

 /*
    BLAKE2 reference source code package - optimized C implementations
-  
-   Copyright 2012, Samuel Neves <sneves@dei.uc.pt>.  You may use this under the
-   terms of the CC0, the OpenSSL Licence, or the Apache Public License 2.0, at
-   your option.  The terms of these licenses can be found at:
-  
-   - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
-   - OpenSSL license   : https://www.openssl.org/source/license.html
-   - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
-  
-   More information about the BLAKE2 hash function can be found at
-   https://blake2.net.
+
+   Written in 2012 by Samuel Neves <sneves@dei.uc.pt>
+
+   To the extent possible under law, the author(s) have dedicated all copyright
+   and related and neighboring rights to this software to the public domain
+   worldwide. This software is distributed without any warranty.
+
+   You should have received a copy of the CC0 Public Domain Dedication along with
+   this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
 */
 #pragma once
 #ifndef __BLAKE2_IMPL_H__
 #define __BLAKE2_IMPL_H__
 
+#if defined(_WIN32) || defined(WIN32)
+#include <windows.h>
+#endif
+
+#include <stddef.h>
 #include <stdint.h>
 #include <string.h>
 
-BLAKE2_LOCAL_INLINE(uint32_t) load32( const void *src )
+#define BLAKE2_IMPL_CAT(x,y) x ## y
+#define BLAKE2_IMPL_EVAL(x,y)  BLAKE2_IMPL_CAT(x,y)
+#define BLAKE2_IMPL_NAME(fun)  BLAKE2_IMPL_EVAL(fun, SUFFIX)
+
+static inline uint32_t load32( const void *src )
 {
 #if defined(NATIVE_LITTLE_ENDIAN)
   uint32_t w;
-  memcpy(&w, src, sizeof w);
+  memcpy( &w, src, sizeof( w ) );
   return w;
 #else
-  const uint8_t *p = ( const uint8_t * )src;
+  const uint8_t *p = ( uint8_t * )src;
   uint32_t w = *p++;
   w |= ( uint32_t )( *p++ ) <<  8;
   w |= ( uint32_t )( *p++ ) << 16;
@@ -35,14 +42,14 @@ BLAKE2_LOCAL_INLINE(uint32_t) load32( const void *src )
 #endif
 }
 
-BLAKE2_LOCAL_INLINE(uint64_t) load64( const void *src )
+static inline uint64_t load64( const void *src )
 {
 #if defined(NATIVE_LITTLE_ENDIAN)
   uint64_t w;
-  memcpy(&w, src, sizeof w);
+  memcpy( &w, src, sizeof( w ) );
   return w;
 #else
-  const uint8_t *p = ( const uint8_t * )src;
+  const uint8_t *p = ( uint8_t * )src;
   uint64_t w = *p++;
   w |= ( uint64_t )( *p++ ) <<  8;
   w |= ( uint64_t )( *p++ ) << 16;
@@ -55,10 +62,10 @@ BLAKE2_LOCAL_INLINE(uint64_t) load64( const void *src )
 #endif
 }
 
-BLAKE2_LOCAL_INLINE(void) store32( void *dst, uint32_t w )
+static inline void store32( void *dst, uint32_t w )
 {
 #if defined(NATIVE_LITTLE_ENDIAN)
-  memcpy(dst, &w, sizeof w);
+  memcpy( dst, &w, sizeof( w ) );
 #else
   uint8_t *p = ( uint8_t * )dst;
   *p++ = ( uint8_t )w; w >>= 8;
@@ -68,10 +75,10 @@ BLAKE2_LOCAL_INLINE(void) store32( void *dst, uint32_t w )
 #endif
 }
 
-BLAKE2_LOCAL_INLINE(void) store64( void *dst, uint64_t w )
+static inline void store64( void *dst, uint64_t w )
 {
 #if defined(NATIVE_LITTLE_ENDIAN)
-  memcpy(dst, &w, sizeof w);
+  memcpy( dst, &w, sizeof( w ) );
 #else
   uint8_t *p = ( uint8_t * )dst;
   *p++ = ( uint8_t )w; w >>= 8;
@@ -85,7 +92,7 @@ BLAKE2_LOCAL_INLINE(void) store64( void *dst, uint64_t w )
 #endif
 }
 
-BLAKE2_LOCAL_INLINE(uint64_t) load48( const void *src )
+static inline uint64_t load48( const void *src )
 {
   const uint8_t *p = ( const uint8_t * )src;
   uint64_t w = *p++;
@@ -97,7 +104,7 @@ BLAKE2_LOCAL_INLINE(uint64_t) load48( const void *src )
   return w;
 }
 
-BLAKE2_LOCAL_INLINE(void) store48( void *dst, uint64_t w )
+static inline void store48( void *dst, uint64_t w )
 {
   uint8_t *p = ( uint8_t * )dst;
   *p++ = ( uint8_t )w; w >>= 8;
@@ -108,31 +115,44 @@ BLAKE2_LOCAL_INLINE(void) store48( void *dst, uint64_t w )
   *p++ = ( uint8_t )w;
 }
 
-BLAKE2_LOCAL_INLINE(uint32_t) rotl32( const uint32_t w, const unsigned c )
+static inline uint32_t rotl32( const uint32_t w, const unsigned c )
 {
   return ( w << c ) | ( w >> ( 32 - c ) );
 }
 
-BLAKE2_LOCAL_INLINE(uint64_t) rotl64( const uint64_t w, const unsigned c )
+static inline uint64_t rotl64( const uint64_t w, const unsigned c )
 {
   return ( w << c ) | ( w >> ( 64 - c ) );
 }
 
-BLAKE2_LOCAL_INLINE(uint32_t) rotr32( const uint32_t w, const unsigned c )
+static inline uint32_t rotr32( const uint32_t w, const unsigned c )
 {
   return ( w >> c ) | ( w << ( 32 - c ) );
 }
 
-BLAKE2_LOCAL_INLINE(uint64_t) rotr64( const uint64_t w, const unsigned c )
+static inline uint64_t rotr64( const uint64_t w, const unsigned c )
 {
   return ( w >> c ) | ( w << ( 64 - c ) );
 }
 
 /* prevents compiler optimizing out memset() */
-BLAKE2_LOCAL_INLINE(void) secure_zero_memory(void *v, size_t n)
+static inline void secure_zero_memory(void *v, size_t n)
 {
-  static void *(*const volatile memset_v)(void *, int, size_t) = &memset;
-  memset_v(v, 0, n);
+#if defined(_WIN32) || defined(WIN32)
+  SecureZeroMemory(v, n);
+#else
+// prioritize first the general C11 call
+#if defined(HAVE_MEMSET_S)
+  memset_s(v, n, 0, n);
+#elif defined(HAVE_EXPLICIT_BZERO)
+  explicit_bzero(v, n);
+#elif defined(HAVE_EXPLICIT_MEMSET)
+  explicit_memset(v, 0, n);
+#else
+  memset(v, 0, n);
+  __asm__ __volatile__("" :: "r"(v) : "memory");
+#endif
+#endif
 }
 
 #endif

Modules/_blake2/impl/blake2.h

 /*
-   BLAKE2 reference source code package - reference C implementations
-  
-   Copyright 2012, Samuel Neves <sneves@dei.uc.pt>.  You may use this under the
-   terms of the CC0, the OpenSSL Licence, or the Apache Public License 2.0, at
-   your option.  The terms of these licenses can be found at:
-  
-   - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
-   - OpenSSL license   : https://www.openssl.org/source/license.html
-   - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
-  
-   More information about the BLAKE2 hash function can be found at
-   https://blake2.net.
+   BLAKE2 reference source code package - optimized C implementations
+
+   Written in 2012 by Samuel Neves <sneves@dei.uc.pt>
+
+   To the extent possible under law, the author(s) have dedicated all copyright
+   and related and neighboring rights to this software to the public domain
+   worldwide. This software is distributed without any warranty.
+
+   You should have received a copy of the CC0 Public Domain Dedication along with
+   this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
 */
 #pragma once
 #ifndef __BLAKE2_H__
@@ -19,16 +17,36 @@
 #include <stddef.h>
 #include <stdint.h>
 
-#ifdef BLAKE2_NO_INLINE
-#define BLAKE2_LOCAL_INLINE(type) static type
+#if defined(_WIN32) || defined(__CYGWIN__)
+    #define BLAKE2_DLL_IMPORT __declspec(dllimport)
+    #define BLAKE2_DLL_EXPORT __declspec(dllexport)
+    #define BLAKE2_DLL_PRIVATE
+#elif __GNUC__ >= 4
+  #define BLAKE2_DLL_IMPORT   __attribute__ ((visibility ("default")))
+  #define BLAKE2_DLL_EXPORT   __attribute__ ((visibility ("default")))
+  #define BLAKE2_DLL_PRIVATE  __attribute__ ((visibility ("hidden")))
+#else
+  #define BLAKE2_DLL_IMPORT
+  #define BLAKE2_DLL_EXPORT
+  #define BLAKE2_DLL_PRIVATE
 #endif
 
-#ifndef BLAKE2_LOCAL_INLINE
-#define BLAKE2_LOCAL_INLINE(type) static inline type
+#if defined(BLAKE2_DLL)
+  #if defined(BLAKE2_DLL_EXPORTS) // defined if we are building the DLL
+    #define BLAKE2_API BLAKE2_DLL_EXPORT
+  #else
+    #define BLAKE2_API BLAKE2_DLL_IMPORT
+  #endif
+  #define BLAKE2_PRIVATE BLAKE2_DLL_PRIVATE // must only be used by hidden logic
+#else
+  #define BLAKE2_API
+  #define BLAKE2_PRIVATE
 #endif
 
 #if defined(__cplusplus)
 extern "C" {
+#elif defined(_MSC_VER) && !defined(inline)
+#define inline __inline
 #endif
 
   enum blake2s_constant
@@ -49,23 +67,56 @@ extern "C" {
     BLAKE2B_PERSONALBYTES = 16
   };
 
+#pragma pack(push, 1)
+  typedef struct __blake2s_param
+  {
+    uint8_t  digest_length; // 1
+    uint8_t  key_length;    // 2
+    uint8_t  fanout;        // 3
+    uint8_t  depth;         // 4
+    uint32_t leaf_length;   // 8
+    uint8_t  node_offset[6];// 14
+    uint8_t  node_depth;    // 15
+    uint8_t  inner_length;  // 16
+    // uint8_t  reserved[0];
+    uint8_t  salt[BLAKE2S_SALTBYTES]; // 24
+    uint8_t  personal[BLAKE2S_PERSONALBYTES];  // 32
+  } blake2s_param;
+
   typedef struct __blake2s_state
   {
     uint32_t h[8];
     uint32_t t[2];
     uint32_t f[2];
     uint8_t  buf[2 * BLAKE2S_BLOCKBYTES];
-    size_t   buflen;
+    uint32_t buflen;
+    uint8_t  outlen;
     uint8_t  last_node;
   } blake2s_state;
 
+  typedef struct __blake2b_param
+  {
+    uint8_t  digest_length; // 1
+    uint8_t  key_length;    // 2
+    uint8_t  fanout;        // 3
+    uint8_t  depth;         // 4
+    uint32_t leaf_length;   // 8
+    uint64_t node_offset;   // 16
+    uint8_t  node_depth;    // 17
+    uint8_t  inner_length;  // 18
+    uint8_t  reserved[14];  // 32
+    uint8_t  salt[BLAKE2B_SALTBYTES]; // 48
+    uint8_t  personal[BLAKE2B_PERSONALBYTES];  // 64
+  } blake2b_param;
+
   typedef struct __blake2b_state
   {
     uint64_t h[8];
     uint64_t t[2];
     uint64_t f[2];
     uint8_t  buf[2 * BLAKE2B_BLOCKBYTES];
-    size_t   buflen;
+    uint32_t buflen;
+    uint8_t  outlen;
     uint8_t  last_node;
   } blake2b_state;
 
@@ -73,82 +124,52 @@ extern "C" {
   {
     blake2s_state S[8][1];
     blake2s_state R[1];
-    uint8_t buf[8 * BLAKE2S_BLOCKBYTES];
-    size_t  buflen;
+    uint8_t  buf[8 * BLAKE2S_BLOCKBYTES];
+    uint32_t buflen;
+    uint8_t  outlen;
   } blake2sp_state;
 
   typedef struct __blake2bp_state
   {
     blake2b_state S[4][1];
     blake2b_state R[1];
-    uint8_t buf[4 * BLAKE2B_BLOCKBYTES];
-    size_t  buflen;
+    uint8_t  buf[4 * BLAKE2B_BLOCKBYTES];
+    uint32_t buflen;
+    uint8_t  outlen;
   } blake2bp_state;
-
-
-#pragma pack(push, 1)
-  typedef struct __blake2s_param
-  {
-    uint8_t  digest_length; /* 1 */
-    uint8_t  key_length;    /* 2 */
-    uint8_t  fanout;        /* 3 */
-    uint8_t  depth;         /* 4 */
-    uint32_t leaf_length;   /* 8 */
-    uint8_t  node_offset[6];// 14
-    uint8_t  node_depth;    /* 15 */
-    uint8_t  inner_length;  /* 16 */
-    /* uint8_t  reserved[0]; */
-    uint8_t  salt[BLAKE2S_SALTBYTES]; /* 24 */
-    uint8_t  personal[BLAKE2S_PERSONALBYTES];  /* 32 */
-  } blake2s_param;
-
-  typedef struct __blake2b_param
-  {
-    uint8_t  digest_length; /* 1 */
-    uint8_t  key_length;    /* 2 */
-    uint8_t  fanout;        /* 3 */
-    uint8_t  depth;         /* 4 */
-    uint32_t leaf_length;   /* 8 */
-    uint64_t node_offset;   /* 16 */
-    uint8_t  node_depth;    /* 17 */
-    uint8_t  inner_length;  /* 18 */
-    uint8_t  reserved[14];  /* 32 */
-    uint8_t  salt[BLAKE2B_SALTBYTES]; /* 48 */
-    uint8_t  personal[BLAKE2B_PERSONALBYTES];  /* 64 */
-  } blake2b_param;
 #pragma pack(pop)
 
-  /* Streaming API */
-  int blake2s_init( blake2s_state *S, const uint8_t outlen );
-  int blake2s_init_key( blake2s_state *S, const uint8_t outlen, const void *key, const uint8_t keylen );
-  int blake2s_init_param( blake2s_state *S, const blake2s_param *P );
-  int blake2s_update( blake2s_state *S, const uint8_t *in, uint64_t inlen );
-  int blake2s_final( blake2s_state *S, uint8_t *out, uint8_t outlen );
-
-  int blake2b_init( blake2b_state *S, const uint8_t outlen );
-  int blake2b_init_key( blake2b_state *S, const uint8_t outlen, const void *key, const uint8_t keylen );
-  int blake2b_init_param( blake2b_state *S, const blake2b_param *P );
-  int blake2b_update( blake2b_state *S, const uint8_t *in, uint64_t inlen );
-  int blake2b_final( blake2b_state *S, uint8_t *out, uint8_t outlen );
-
-  int blake2sp_init( blake2sp_state *S, const uint8_t outlen );
-  int blake2sp_init_key( blake2sp_state *S, const uint8_t outlen, const void *key, const uint8_t keylen );
-  int blake2sp_update( blake2sp_state *S, const uint8_t *in, uint64_t inlen );
-  int blake2sp_final( blake2sp_state *S, uint8_t *out, uint8_t outlen );
-
-  int blake2bp_init( blake2bp_state *S, const uint8_t outlen );
-  int blake2bp_init_key( blake2bp_state *S, const uint8_t outlen, const void *key, const uint8_t keylen );
-  int blake2bp_update( blake2bp_state *S, const uint8_t *in, uint64_t inlen );
-  int blake2bp_final( blake2bp_state *S, uint8_t *out, uint8_t outlen );
-
-  /* Simple API */
-  int blake2s( uint8_t *out, const void *in, const void *key, const uint8_t outlen, const uint64_t inlen, uint8_t keylen );
-  int blake2b( uint8_t *out, const void *in, const void *key, const uint8_t outlen, const uint64_t inlen, uint8_t keylen );
-
-  int blake2sp( uint8_t *out, const void *in, const void *key, const uint8_t outlen, const uint64_t inlen, uint8_t keylen );
-  int blake2bp( uint8_t *out, const void *in, const void *key, const uint8_t outlen, const uint64_t inlen, uint8_t keylen );
-
-  static inline int blake2( uint8_t *out, const void *in, const void *key, const uint8_t outlen, const uint64_t inlen, uint8_t keylen )
+  // Streaming API
+  BLAKE2_API int blake2s_init( blake2s_state *S, size_t outlen );
+  BLAKE2_API int blake2s_init_key( blake2s_state *S, size_t outlen, const void *key, size_t keylen );
+  BLAKE2_API int blake2s_init_param( blake2s_state *S, const blake2s_param *P );
+  BLAKE2_API int blake2s_update( blake2s_state *S, const uint8_t *in, size_t inlen );
+  BLAKE2_API int blake2s_final( blake2s_state *S, uint8_t *out, size_t outlen );
+
+  BLAKE2_API int blake2b_init( blake2b_state *S, size_t outlen );
+  BLAKE2_API int blake2b_init_key( blake2b_state *S, size_t outlen, const void *key, size_t keylen );
+  BLAKE2_API int blake2b_init_param( blake2b_state *S, const blake2b_param *P );
+  BLAKE2_API int blake2b_update( blake2b_state *S, const uint8_t *in, size_t inlen );
+  BLAKE2_API int blake2b_final( blake2b_state *S, uint8_t *out, size_t outlen );
+
+  BLAKE2_API int blake2sp_init( blake2sp_state *S, size_t outlen );
+  BLAKE2_API int blake2sp_init_key( blake2sp_state *S, size_t outlen, const void *key, size_t keylen );
+  BLAKE2_API int blake2sp_update( blake2sp_state *S, const uint8_t *in, size_t inlen );
+  BLAKE2_API int blake2sp_final( blake2sp_state *S, uint8_t *out, size_t outlen );
+
+  BLAKE2_API int blake2bp_init( blake2bp_state *S, size_t outlen );
+  BLAKE2_API int blake2bp_init_key( blake2bp_state *S, size_t outlen, const void *key, size_t keylen );
+  BLAKE2_API int blake2bp_update( blake2bp_state *S, const uint8_t *in, size_t inlen );
+  BLAKE2_API int blake2bp_final( blake2bp_state *S, uint8_t *out, size_t outlen );
+
+  // Simple API
+  BLAKE2_API int blake2s( uint8_t *out, const void *in, const void *key, size_t outlen, size_t inlen, size_t keylen );
+  BLAKE2_API int blake2b( uint8_t *out, const void *in, const void *key, size_t outlen, size_t inlen, size_t keylen );
+
+  BLAKE2_API int blake2sp( uint8_t *out, const void *in, const void *key, size_t outlen, size_t inlen, size_t keylen );
+  BLAKE2_API int blake2bp( uint8_t *out, const void *in, const void *key, size_t outlen, size_t inlen, size_t keylen );
+
+  static inline int blake2( uint8_t *out, const void *in, const void *key, size_t outlen, size_t inlen, size_t keylen )
   {
     return blake2b( out, in, key, outlen, inlen, keylen );
   }

Modules/_blake2/impl/blake2b-load-sse2.h

 /*
    BLAKE2 reference source code package - optimized C implementations
-  
-   Copyright 2012, Samuel Neves <sneves@dei.uc.pt>.  You may use this under the
-   terms of the CC0, the OpenSSL Licence, or the Apache Public License 2.0, at
-   your option.  The terms of these licenses can be found at:
-  
-   - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
-   - OpenSSL license   : https://www.openssl.org/source/license.html
-   - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
-  
-   More information about the BLAKE2 hash function can be found at
-   https://blake2.net.
+
+   Written in 2012 by Samuel Neves <sneves@dei.uc.pt>
+
+   To the extent possible under law, the author(s) have dedicated all copyright
+   and related and neighboring rights to this software to the public domain
+   worldwide. This software is distributed without any warranty.
+
+   You should have received a copy of the CC0 Public Domain Dedication along with
+   this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
 */
 #pragma once
 #ifndef __BLAKE2B_LOAD_SSE2_H__

Modules/_blake2/impl/blake2b-load-sse41.h

 /*
    BLAKE2 reference source code package - optimized C implementations
-  
-   Copyright 2012, Samuel Neves <sneves@dei.uc.pt>.  You may use this under the
-   terms of the CC0, the OpenSSL Licence, or the Apache Public License 2.0, at
-   your option.  The terms of these licenses can be found at:
-  
-   - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
-   - OpenSSL license   : https://www.openssl.org/source/license.html
-   - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
-  
-   More information about the BLAKE2 hash function can be found at
-   https://blake2.net.
+
+   Written in 2012 by Samuel Neves <sneves@dei.uc.pt>
+
+   To the extent possible under law, the author(s) have dedicated all copyright
+   and related and neighboring rights to this software to the public domain
+   worldwide. This software is distributed without any warranty.
+
+   You should have received a copy of the CC0 Public Domain Dedication along with
+   this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
 */
 #pragma once
 #ifndef __BLAKE2B_LOAD_SSE41_H__

Modules/_blake2/impl/blake2b-round.h

 /*
    BLAKE2 reference source code package - optimized C implementations
-  
-   Copyright 2012, Samuel Neves <sneves@dei.uc.pt>.  You may use this under the
-   terms of the CC0, the OpenSSL Licence, or the Apache Public License 2.0, at
-   your option.  The terms of these licenses can be found at:
-  
-   - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
-   - OpenSSL license   : https://www.openssl.org/source/license.html
-   - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
-  
-   More information about the BLAKE2 hash function can be found at
-   https://blake2.net.
+
+   Written in 2012 by Samuel Neves <sneves@dei.uc.pt>
+
+   To the extent possible under law, the author(s) have dedicated all copyright
+   and related and neighboring rights to this software to the public domain
+   worldwide. This software is distributed without any warranty.
+
+   You should have received a copy of the CC0 Public Domain Dedication along with
+   this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
 */
 #pragma once
 #ifndef __BLAKE2B_ROUND_H__
 #define __BLAKE2B_ROUND_H__
 
-#define LOADU(p)  _mm_loadu_si128( (const __m128i *)(p) )
+#define LOAD(p)  _mm_load_si128( (__m128i *)(p) )
+#define STORE(p,r) _mm_store_si128((__m128i *)(p), r)
+
+#define LOADU(p)  _mm_loadu_si128( (__m128i *)(p) )
 #define STOREU(p,r) _mm_storeu_si128((__m128i *)(p), r)
 
 #define TOF(reg) _mm_castsi128_ps((reg))
@@ -137,7 +138,7 @@
 
 #endif
 
-#if defined(HAVE_SSE41)
+#if defined(HAVE_SSE4_1)
 #include "blake2b-load-sse41.h"
 #else
 #include "blake2b-load-sse2.h"

Modules/_blake2/impl/blake2b-test.c

+/*
+   BLAKE2 reference source code package - optimized C implementations
+
+   Written in 2012 by Samuel Neves <sneves@dei.uc.pt>
+
+   To the extent possible under law, the author(s) have dedicated all copyright
+   and related and neighboring rights to this software to the public domain
+   worldwide. This software is distributed without any warranty.
+
+   You should have received a copy of the CC0 Public Domain Dedication along with
+   this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
+*/
+#include <stdio.h>
+#include <string.h>
+#include "blake2.h"
+#include "blake2-kat.h"
+int main( int argc, char **argv )
+{
+  uint8_t key[BLAKE2B_KEYBYTES];
+  uint8_t buf[KAT_LENGTH];
+
+  for( size_t i = 0; i < BLAKE2B_KEYBYTES; ++i )
+    key[i] = ( uint8_t )i;
+
+  for( size_t i = 0; i < KAT_LENGTH; ++i )
+    buf[i] = ( uint8_t )i;
+
+  for( size_t i = 0; i < KAT_LENGTH; ++i )
+  {
+    uint8_t hash[BLAKE2B_OUTBYTES];
+
+    if( blake2b( hash, buf, key, BLAKE2B_OUTBYTES, i, BLAKE2B_KEYBYTES ) < 0 || 
+        0 != memcmp( hash, blake2b_keyed_kat[i], BLAKE2B_OUTBYTES ) )
+    {
+      puts( "error" );
+      return -1;
+    }
+  }
+
+  puts( "ok" );
+  return 0;
+}
+

Modules/_blake2/impl/blake2bp-test.c

+/*
+   BLAKE2 reference source code package - optimized C implementations
+
+   Written in 2012 by Samuel Neves <sneves@dei.uc.pt>
+
+   To the extent possible under law, the author(s) have dedicated all copyright
+   and related and neighboring rights to this software to the public domain
+   worldwide. This software is distributed without any warranty.
+
+   You should have received a copy of the CC0 Public Domain Dedication along with
+   this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
+*/
+#include <stdio.h>
+#include <string.h>
+#include "blake2.h"
+#include "blake2-kat.h"
+
+int main( int argc, char **argv )
+{
+  uint8_t key[BLAKE2B_KEYBYTES];
+  uint8_t buf[KAT_LENGTH];
+
+  for( size_t i = 0; i < BLAKE2B_KEYBYTES; ++i )
+    key[i] = ( uint8_t )i;
+
+  for( size_t i = 0; i < KAT_LENGTH; ++i )
+    buf[i] = ( uint8_t )i;
+
+  for( size_t i = 0; i < KAT_LENGTH; ++i )
+  {
+    uint8_t hash[BLAKE2B_OUTBYTES];
+
+    if( blake2bp( hash, buf, key, BLAKE2B_OUTBYTES, i, BLAKE2B_KEYBYTES ) < 0 || 
+        0 != memcmp( hash, blake2bp_keyed_kat[i], BLAKE2B_OUTBYTES ) )
+    {
+      puts( "error" );
+      return -1;
+    }
+  }
+
+  puts( "ok" );
+  return 0;
+}
+

Modules/_blake2/impl/blake2bp.c

+/*
+   BLAKE2 reference source code package - optimized C implementations
+
+   Written in 2012 by Samuel Neves <sneves@dei.uc.pt>
+
+   To the extent possible under law, the author(s) have dedicated all copyright
+   and related and neighboring rights to this software to the public domain
+   worldwide. This software is distributed without any warranty.
+
+   You should have received a copy of the CC0 Public Domain Dedication along with
+   this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#if defined(_OPENMP)
+#include <omp.h>
+#endif
+
+#include "blake2.h"
+#include "blake2-impl.h"
+
+#define PARALLELISM_DEGREE 4
+
+static int blake2bp_init_leaf( blake2b_state *S, uint8_t outlen, uint8_t keylen, uint64_t offset )
+{
+  blake2b_param P[1];
+  P->digest_length = outlen;
+  P->key_length = keylen;
+  P->fanout = PARALLELISM_DEGREE;
+  P->depth = 2;
+  store32(&P->leaf_length, 0);
+  store64(&P->node_offset, offset);
+  P->node_depth = 0;
+  P->inner_length = BLAKE2B_OUTBYTES;
+  memset( P->reserved, 0, sizeof( P->reserved ) );
+  memset( P->salt, 0, sizeof( P->salt ) );
+  memset( P->personal, 0, sizeof( P->personal ) );
+  blake2b_init_param( S, P );
+  S->outlen = P->inner_length;
+  return 0;
+}
+
+static int blake2bp_init_root( blake2b_state *S, uint8_t outlen, uint8_t keylen )
+{
+  blake2b_param P[1];
+  P->digest_length = outlen;
+  P->key_length = keylen;
+  P->fanout = PARALLELISM_DEGREE;
+  P->depth = 2;
+  store32(&P->leaf_length, 0);
+  store64(&P->node_offset, 0);
+  P->node_depth = 1;
+  P->inner_length = BLAKE2B_OUTBYTES;
+  memset( P->reserved, 0, sizeof( P->reserved ) );
+  memset( P->salt, 0, sizeof( P->salt ) );
+  memset( P->personal, 0, sizeof( P->personal ) );
+  blake2b_init_param( S, P );
+  S->outlen = P->digest_length;
+  return 0;
+}
+
+
+int blake2bp_init( blake2bp_state *S, size_t outlen )
+{
+  if( !outlen || outlen > BLAKE2B_OUTBYTES ) return -1;
+
+  memset( S->buf, 0, sizeof( S->buf ) );
+  S->buflen = 0;
+
+  if( blake2bp_init_root( S->R, ( uint8_t ) outlen, 0 ) < 0 )
+    return -1;
+
+  for( size_t i = 0; i < PARALLELISM_DEGREE; ++i )
+    if( blake2bp_init_leaf( S->S[i], ( uint8_t ) outlen, 0, i ) < 0 ) return -1;
+
+  S->R->last_node = 1;
+  S->S[PARALLELISM_DEGREE - 1]->last_node = 1;
+  S->outlen = ( uint8_t ) outlen;
+  return 0;
+}
+
+int blake2bp_init_key( blake2bp_state *S, size_t outlen, const void *key, size_t keylen )
+{
+  if( !outlen || outlen > BLAKE2B_OUTBYTES ) return -1;
+
+  if( !key || !keylen || keylen > BLAKE2B_KEYBYTES ) return -1;
+
+  memset( S->buf, 0, sizeof( S->buf ) );
+  S->buflen = 0;
+
+  if( blake2bp_init_root( S->R, ( uint8_t ) outlen, ( uint8_t ) keylen ) < 0 )
+    return -1;
+
+  for( size_t i = 0; i < PARALLELISM_DEGREE; ++i )
+    if( blake2bp_init_leaf( S->S[i], ( uint8_t ) outlen, ( uint8_t ) keylen, i ) < 0 )
+      return -1;
+
+  S->R->last_node = 1;
+  S->S[PARALLELISM_DEGREE - 1]->last_node = 1;
+  S->outlen = ( uint8_t ) outlen;
+  {
+    uint8_t block[BLAKE2B_BLOCKBYTES];
+    memset( block, 0, BLAKE2B_BLOCKBYTES );
+    memcpy( block, key, keylen );
+
+    for( size_t i = 0; i < PARALLELISM_DEGREE; ++i )
+      blake2b_update( S->S[i], block, BLAKE2B_BLOCKBYTES );
+
+    secure_zero_memory( block, BLAKE2B_BLOCKBYTES ); /* Burn the key from stack */
+  }
+  return 0;
+}
+
+
+int blake2bp_update( blake2bp_state *S, const uint8_t *in, size_t inlen )
+{
+  size_t left = S->buflen;
+  size_t fill = sizeof( S->buf ) - left;
+
+  if( left && inlen >= fill )
+  {
+    memcpy( S->buf + left, in, fill );
+
+    for( size_t i = 0; i < PARALLELISM_DEGREE; ++i )
+      blake2b_update( S->S[i], S->buf + i * BLAKE2B_BLOCKBYTES, BLAKE2B_BLOCKBYTES );
+
+    in += fill;
+    inlen -= fill;
+    left = 0;
+  }
+
+#if defined(_OPENMP)
+  omp_set_num_threads(PARALLELISM_DEGREE);
+  #pragma omp parallel shared(S)
+#else
+  for( size_t id__ = 0; id__ < PARALLELISM_DEGREE; ++id__ )
+#endif
+  {
+#if defined(_OPENMP)
+    size_t      id__ = ( size_t ) omp_get_thread_num();
+#endif
+    size_t inlen__ = inlen;
+    const uint8_t *in__ = ( const uint8_t * )in;
+    in__ += id__ * BLAKE2B_BLOCKBYTES;
+
+    while( inlen__ >= PARALLELISM_DEGREE * BLAKE2B_BLOCKBYTES )
+    {
+      blake2b_update( S->S[id__], in__, BLAKE2B_BLOCKBYTES );
+      in__ += PARALLELISM_DEGREE * BLAKE2B_BLOCKBYTES;
+      inlen__ -= PARALLELISM_DEGREE * BLAKE2B_BLOCKBYTES;
+    }
+  }
+
+  in += inlen - inlen % ( PARALLELISM_DEGREE * BLAKE2B_BLOCKBYTES );
+  inlen %= PARALLELISM_DEGREE * BLAKE2B_BLOCKBYTES;
+
+  if( inlen > 0 )
+    memcpy( S->buf + left, in, inlen );
+
+  S->buflen = ( uint32_t ) left + ( uint32_t ) inlen;
+  return 0;
+}
+
+
+
+int blake2bp_final( blake2bp_state *S, uint8_t *out, size_t outlen )
+{
+  uint8_t hash[PARALLELISM_DEGREE][BLAKE2B_OUTBYTES];
+
+  if(S->outlen != outlen) return -1;
+
+  for( size_t i = 0; i < PARALLELISM_DEGREE; ++i )
+  {
+    if( S->buflen > i * BLAKE2B_BLOCKBYTES )
+    {
+      size_t left = S->buflen - i * BLAKE2B_BLOCKBYTES;
+
+      if( left > BLAKE2B_BLOCKBYTES ) left = BLAKE2B_BLOCKBYTES;
+
+      blake2b_update( S->S[i], S->buf + i * BLAKE2B_BLOCKBYTES, left );
+    }
+
+    blake2b_final( S->S[i], hash[i], BLAKE2B_OUTBYTES );
+  }
+
+  for( size_t i = 0; i < PARALLELISM_DEGREE; ++i )
+    blake2b_update( S->R, hash[i], BLAKE2B_OUTBYTES );
+
+  return blake2b_final( S->R, out, outlen );
+}
+
+int blake2bp( uint8_t *out, const void *in, const void *key, size_t outlen, size_t inlen, size_t keylen )
+{
+  uint8_t hash[PARALLELISM_DEGREE][BLAKE2B_OUTBYTES];
+  blake2b_state S[PARALLELISM_DEGREE][1];
+  blake2b_state FS[1];
+
+  /* Verify parameters */
+  if ( NULL == in && inlen > 0 ) return -1;
+
+  if ( NULL == out ) return -1;
+
+  if ( NULL == key && keylen > 0) return -1;
+
+  if( !outlen || outlen > BLAKE2B_OUTBYTES ) return -1;
+
+  if( keylen > BLAKE2B_KEYBYTES ) return -1;
+
+  for( size_t i = 0; i < PARALLELISM_DEGREE; ++i )
+    if( blake2bp_init_leaf( S[i], ( uint8_t ) outlen, ( uint8_t ) keylen, i ) < 0 )
+      return -1;
+
+  S[PARALLELISM_DEGREE - 1]->last_node = 1; // mark last node
+
+  if( keylen > 0 )
+  {
+    uint8_t block[BLAKE2B_BLOCKBYTES];
+    memset( block, 0, BLAKE2B_BLOCKBYTES );
+    memcpy( block, key, keylen );
+
+    for( size_t i = 0; i < PARALLELISM_DEGREE; ++i )
+      blake2b_update( S[i], block, BLAKE2B_BLOCKBYTES );
+
+    secure_zero_memory( block, BLAKE2B_BLOCKBYTES ); /* Burn the key from stack */
+  }
+
+#if defined(_OPENMP)
+  omp_set_num_threads(PARALLELISM_DEGREE);
+  #pragma omp parallel shared(S,hash)
+#else
+  for( size_t id__ = 0; id__ < PARALLELISM_DEGREE; ++id__ )
+#endif
+  {
+#if defined(_OPENMP)
+    size_t      id__ = ( size_t ) omp_get_thread_num();
+#endif
+    size_t inlen__ = inlen;
+    const uint8_t *in__ = ( const uint8_t * )in;
+    in__ += id__ * BLAKE2B_BLOCKBYTES;
+
+    while( inlen__ >= PARALLELISM_DEGREE * BLAKE2B_BLOCKBYTES )
+    {
+      blake2b_update( S[id__], in__, BLAKE2B_BLOCKBYTES );
+      in__ += PARALLELISM_DEGREE * BLAKE2B_BLOCKBYTES;
+      inlen__ -= PARALLELISM_DEGREE * BLAKE2B_BLOCKBYTES;
+    }
+
+    if( inlen__ > id__ * BLAKE2B_BLOCKBYTES )
+    {
+      const size_t left = inlen__ - id__ * BLAKE2B_BLOCKBYTES;
+      const size_t len = left <= BLAKE2B_BLOCKBYTES ? left : BLAKE2B_BLOCKBYTES;
+      blake2b_update( S[id__], in__, len );
+    }
+
+    blake2b_final( S[id__], hash[id__], BLAKE2B_OUTBYTES );
+  }
+
+  if( blake2bp_init_root( FS, ( uint8_t ) outlen, ( uint8_t ) keylen ) < 0 )
+    return -1;
+
+  FS->last_node = 1; // Mark as last node
+
+  for( size_t i = 0; i < PARALLELISM_DEGREE; ++i )
+    blake2b_update( FS, hash[i], BLAKE2B_OUTBYTES );
+
+  return blake2b_final( FS, out, outlen );
+}
+
+
+

Modules/_blake2/impl/blake2s-load-sse2.h

 /*
    BLAKE2 reference source code package - optimized C implementations
-  
-   Copyright 2012, Samuel Neves <sneves@dei.uc.pt>.  You may use this under the
-   terms of the CC0, the OpenSSL Licence, or the Apache Public License 2.0, at
-   your option.  The terms of these licenses can be found at:
-  
-   - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
-   - OpenSSL license   : https://www.openssl.org/source/license.html
-   - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
-  
-   More information about the BLAKE2 hash function can be found at
-   https://blake2.net.
+
+   Written in 2012 by Samuel Neves <sneves@dei.uc.pt>
+
+   To the extent possible under law, the author(s) have dedicated all copyright
+   and related and neighboring rights to this software to the public domain
+   worldwide. This software is distributed without any warranty.
+
+   You should have received a copy of the CC0 Public Domain Dedication along with
+   this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
 */
 #pragma once
 #ifndef __BLAKE2S_LOAD_SSE2_H__

Modules/_blake2/impl/blake2s-load-sse41.h

 /*
    BLAKE2 reference source code package - optimized C implementations
-  
-   Copyright 2012, Samuel Neves <sneves@dei.uc.pt>.  You may use this under the
-   terms of the CC0, the OpenSSL Licence, or the Apache Public License 2.0, at
-   your option.  The terms of these licenses can be found at:
-  
-   - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
-   - OpenSSL license   : https://www.openssl.org/source/license.html
-   - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
-  
-   More information about the BLAKE2 hash function can be found at
-   https://blake2.net.
+
+   Written in 2012 by Samuel Neves <sneves@dei.uc.pt>
+
+   To the extent possible under law, the author(s) have dedicated all copyright
+   and related and neighboring rights to this software to the public domain
+   worldwide. This software is distributed without any warranty.
+
+   You should have received a copy of the CC0 Public Domain Dedication along with
+   this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
 */
 #pragma once
 #ifndef __BLAKE2S_LOAD_SSE41_H__

Modules/_blake2/impl/blake2s-load-xop.h

 /*
    BLAKE2 reference source code package - optimized C implementations
-  
-   Copyright 2012, Samuel Neves <sneves@dei.uc.pt>.  You may use this under the
-   terms of the CC0, the OpenSSL Licence, or the Apache Public License 2.0, at
-   your option.  The terms of these licenses can be found at:
-  
-   - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
-   - OpenSSL license   : https://www.openssl.org/source/license.html
-   - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
-  
-   More information about the BLAKE2 hash function can be found at
-   https://blake2.net.
+
+   Written in 2012 by Samuel Neves <sneves@dei.uc.pt>
+
+   To the extent possible under law, the author(s) have dedicated all copyright
+   and related and neighboring rights to this software to the public domain
+   worldwide. This software is distributed without any warranty.
+
+   You should have received a copy of the CC0 Public Domain Dedication along with
+   this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
 */
 #pragma once
 #ifndef __BLAKE2S_LOAD_XOP_H__
 #define __BLAKE2S_LOAD_XOP_H__
 
-#define TOB(x) ((x)*4*0x01010101 + 0x03020100) /* ..or not TOB */
+#define TOB(x) ((x)*4*0x01010101 + 0x03020100) // ..or not TOB
 
-#if 0
 /* Basic VPPERM emulation, for testing purposes */
-static __m128i _mm_perm_epi8(const __m128i src1, const __m128i src2, const __m128i sel)
+/*static __m128i _mm_perm_epi8(const __m128i src1, const __m128i src2, const __m128i sel)
 {
    const __m128i sixteen = _mm_set1_epi8(16);
    const __m128i t0 = _mm_shuffle_epi8(src1, sel);
    const __m128i s1 = _mm_shuffle_epi8(src2, _mm_sub_epi8(sel, sixteen));
    const __m128i mask = _mm_or_si128(_mm_cmpeq_epi8(sel, sixteen),
-                                     _mm_cmpgt_epi8(sel, sixteen)); /* (>=16) = 0xff : 00 */
+                                     _mm_cmpgt_epi8(sel, sixteen)); // (>=16) = 0xff : 00
    return _mm_blendv_epi8(t0, s1, mask);
-}
-#endif
+}*/
 
 #define LOAD_MSG_0_1(buf) \
 buf = _mm_perm_epi8(m0, m1, _mm_set_epi32(TOB(6),TOB(4),TOB(2),TOB(0)) );

Modules/_blake2/impl/blake2s-round.h

 /*
    BLAKE2 reference source code package - optimized C implementations
-  
-   Copyright 2012, Samuel Neves <sneves@dei.uc.pt>.  You may use this under the
-   terms of the CC0, the OpenSSL Licence, or the Apache Public License 2.0, at
-   your option.  The terms of these licenses can be found at:
-  
-   - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
-   - OpenSSL license   : https://www.openssl.org/source/license.html
-   - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
-  
-   More information about the BLAKE2 hash function can be found at
-   https://blake2.net.
+
+   Written in 2012 by Samuel Neves <sneves@dei.uc.pt>
+
+   To the extent possible under law, the author(s) have dedicated all copyright
+   and related and neighboring rights to this software to the public domain
+   worldwide. This software is distributed without any warranty.
+
+   You should have received a copy of the CC0 Public Domain Dedication along with
+   this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
 */
 #pragma once
 #ifndef __BLAKE2S_ROUND_H__
 #define __BLAKE2S_ROUND_H__
 
-#define LOADU(p)  _mm_loadu_si128( (const __m128i *)(p) )
+#define LOAD(p)  _mm_load_si128( (__m128i *)(p) )
+#define STORE(p,r) _mm_store_si128((__m128i *)(p), r)
+
+#define LOADU(p)  _mm_loadu_si128( (__m128i *)(p) )
 #define STOREU(p,r) _mm_storeu_si128((__m128i *)(p), r)
 
 #define TOF(reg) _mm_castsi128_ps((reg))
@@ -68,7 +69,7 @@
 
 #if defined(HAVE_XOP)
 #include "blake2s-load-xop.h"
-#elif defined(HAVE_SSE41)
+#elif defined(HAVE_SSE4_1)
 #include "blake2s-load-sse41.h"
 #else
 #include "blake2s-load-sse2.h"

Modules/_blake2/impl/blake2s-test.c

+/*
+   BLAKE2 reference source code package - optimized C implementations
+
+   Written in 2012 by Samuel Neves <sneves@dei.uc.pt>
+
+   To the extent possible under law, the author(s) have dedicated all copyright
+   and related and neighboring rights to this software to the public domain
+   worldwide. This software is distributed without any warranty.
+
+   You should have received a copy of the CC0 Public Domain Dedication along with
+   this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
+*/
+#include <stdio.h>
+#include <string.h>
+#include "blake2.h"
+#include "blake2-kat.h"
+int main( int argc, char **argv )
+{
+  uint8_t key[BLAKE2S_KEYBYTES];
+  uint8_t buf[KAT_LENGTH];
+
+  for( size_t i = 0; i < BLAKE2S_KEYBYTES; ++i )
+    key[i] = ( uint8_t )i;
+
+  for( size_t i = 0; i < KAT_LENGTH; ++i )
+    buf[i] = ( uint8_t )i;
+
+  for( size_t i = 0; i < KAT_LENGTH; ++i )
+  {
+    uint8_t hash[BLAKE2S_OUTBYTES];
+
+    if( blake2s( hash, buf, key, BLAKE2S_OUTBYTES, i, BLAKE2S_KEYBYTES ) < 0 ||
+        0 != memcmp( hash, blake2s_keyed_kat[i], BLAKE2S_OUTBYTES ) )
+    {
+      puts( "error" );
+      return -1;
+    }
+  }
+
+  puts( "ok" );
+  return 0;
+}
+

Modules/_blake2/impl/blake2sp-test.c

+/*
+   BLAKE2 reference source code package - optimized C implementations
+
+   Written in 2012 by Samuel Neves <sneves@dei.uc.pt>
+
+   To the extent possible under law, the author(s) have dedicated all copyright
+   and related and neighboring rights to this software to the public domain
+   worldwide. This software is distributed without any warranty.
+
+   You should have received a copy of the CC0 Public Domain Dedication along with
+   this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
+*/
+#include <stdio.h>
+#include <string.h>
+#include "blake2.h"
+#include "blake2-kat.h"
+
+int main( int argc, char **argv )
+{
+  uint8_t key[BLAKE2S_KEYBYTES];
+  uint8_t buf[KAT_LENGTH];
+
+  for( size_t i = 0; i < BLAKE2S_KEYBYTES; ++i )
+    key[i] = ( uint8_t )i;
+
+  for( size_t i = 0; i < KAT_LENGTH; ++i )
+    buf[i] = ( uint8_t )i;
+
+  for( size_t i = 0; i < KAT_LENGTH; ++i )
+  {
+    uint8_t hash[BLAKE2S_OUTBYTES];
+    if( blake2sp( hash, buf, key, BLAKE2S_OUTBYTES, i, BLAKE2S_KEYBYTES ) < 0 ||
+        0 != memcmp( hash, blake2sp_keyed_kat[i], BLAKE2S_OUTBYTES ) )
+    {
+      puts( "error" );
+      return -1;
+    }
+  }
+
+  puts( "ok" );
+  return 0;
+}
+

Modules/_blake2/impl/blake2sp.c

+/*
+   BLAKE2 reference source code package - optimized C implementations
+
+   Written in 2012 by Samuel Neves <sneves@dei.uc.pt>
+
+   To the extent possible under law, the author(s) have dedicated all copyright
+   and related and neighboring rights to this software to the public domain
+   worldwide. This software is distributed without any warranty.
+
+   You should have received a copy of the CC0 Public Domain Dedication along with
+   this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
+*/
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+
+#if defined(_OPENMP)
+#include <omp.h>
+#endif
+
+#include "blake2.h"
+#include "blake2-impl.h"
+
+#define PARALLELISM_DEGREE 8
+
+static int blake2sp_init_leaf( blake2s_state *S, uint8_t outlen, uint8_t keylen, uint64_t offset )
+{
+  blake2s_param P[1];
+  P->digest_length = outlen;
+  P->key_length = keylen;
+  P->fanout = PARALLELISM_DEGREE;
+  P->depth = 2;
+  P->leaf_length = 0;
+  store48( P->node_offset, offset );
+  P->node_depth = 0;
+  P->inner_length = BLAKE2S_OUTBYTES;
+  memset( P->salt, 0, sizeof( P->salt ) );
+  memset( P->personal, 0, sizeof( P->personal ) );
+  blake2s_init_param( S, P );
+  S->outlen = P->inner_length;
+  return 0;
+}
+
+static int blake2sp_init_root( blake2s_state *S, uint8_t outlen, uint8_t keylen )
+{
+  blake2s_param P[1];
+  P->digest_length = outlen;
+  P->key_length = keylen;
+  P->fanout = PARALLELISM_DEGREE;
+  P->depth = 2;
+  P->leaf_length = 0;
+  store48( P->node_offset, 0ULL );
+  P->node_depth = 1;
+  P->inner_length = BLAKE2S_OUTBYTES;
+  memset( P->salt, 0, sizeof( P->salt ) );
+  memset( P->personal, 0, sizeof( P->personal ) );
+  blake2s_init_param( S, P );
+  S->outlen = P->digest_length;
+  return 0;
+}
+
+
+int blake2sp_init( blake2sp_state *S, size_t outlen )
+{
+  if( !outlen || outlen > BLAKE2S_OUTBYTES ) return -1;
+
+  memset( S->buf, 0, sizeof( S->buf ) );
+  S->buflen = 0;
+
+  if( blake2sp_init_root( S->R, ( uint8_t ) outlen, 0 ) < 0 )
+    return -1;
+
+  for( size_t i = 0; i < PARALLELISM_DEGREE; ++i )
+    if( blake2sp_init_leaf( S->S[i], ( uint8_t ) outlen, 0, i ) < 0 ) return -1;
+
+  S->R->last_node = 1;
+  S->S[PARALLELISM_DEGREE - 1]->last_node = 1;
+  S->outlen = ( uint8_t ) outlen;
+  return 0;
+}
+
+int blake2sp_init_key( blake2sp_state *S, size_t outlen, const void *key, size_t keylen )
+{
+  if( !outlen || outlen > BLAKE2S_OUTBYTES ) return -1;
+
+  if( !key || !keylen || keylen > BLAKE2S_KEYBYTES ) return -1;
+
+  memset( S->buf, 0, sizeof( S->buf ) );
+  S->buflen = 0;
+
+  if( blake2sp_init_root( S->R, ( uint8_t ) outlen, ( uint8_t ) keylen ) < 0 )
+    return -1;
+
+  for( size_t i = 0; i < PARALLELISM_DEGREE; ++i )
+    if( blake2sp_init_leaf( S->S[i], ( uint8_t ) outlen, ( uint8_t ) keylen, i ) < 0 )
+      return -1;
+
+  S->R->last_node = 1;
+  S->S[PARALLELISM_DEGREE - 1]->last_node = 1;
+  S->outlen = ( uint8_t ) outlen;
+  {
+    uint8_t block[BLAKE2S_BLOCKBYTES];
+    memset( block, 0, BLAKE2S_BLOCKBYTES );
+    memcpy( block, key, keylen );
+
+    for( size_t i = 0; i < PARALLELISM_DEGREE; ++i )
+      blake2s_update( S->S[i], block, BLAKE2S_BLOCKBYTES );
+
+    secure_zero_memory( block, BLAKE2S_BLOCKBYTES ); /* Burn the key from stack */
+  }
+  return 0;
+}
+
+
+int blake2sp_update( blake2sp_state *S, const uint8_t *in, size_t inlen )
+{
+  size_t left = S->buflen;
+  size_t fill = sizeof( S->buf ) - left;
+
+  if( left && inlen >= fill )
+  {
+    memcpy( S->buf + left, in, fill );
+
+    for( size_t i = 0; i < PARALLELISM_DEGREE; ++i )
+      blake2s_update( S->S[i], S->buf + i * BLAKE2S_BLOCKBYTES, BLAKE2S_BLOCKBYTES );
+
+    in += fill;
+    inlen -= fill;
+    left = 0;
+  }
+
+#if defined(_OPENMP)
+  omp_set_num_threads(PARALLELISM_DEGREE);
+  #pragma omp parallel shared(S)
+#else
+  for( size_t id__ = 0; id__ < PARALLELISM_DEGREE; ++id__ )
+#endif
+  {
+#if defined(_OPENMP)
+    size_t      id__ = ( size_t ) omp_get_thread_num();
+#endif
+    size_t inlen__ = inlen;
+    const uint8_t *in__ = ( const uint8_t * )in;
+    in__ += id__ * BLAKE2S_BLOCKBYTES;
+
+    while( inlen__ >= PARALLELISM_DEGREE * BLAKE2S_BLOCKBYTES )
+    {
+      blake2s_update( S->S[id__], in__, BLAKE2S_BLOCKBYTES );
+      in__ += PARALLELISM_DEGREE * BLAKE2S_BLOCKBYTES;
+      inlen__ -= PARALLELISM_DEGREE * BLAKE2S_BLOCKBYTES;
+    }
+  }
+
+  in += inlen - inlen % ( PARALLELISM_DEGREE * BLAKE2S_BLOCKBYTES );
+  inlen %= PARALLELISM_DEGREE * BLAKE2S_BLOCKBYTES;
+
+  if( inlen > 0 )
+    memcpy( S->buf + left, in, inlen );
+
+  S->buflen = ( uint32_t ) left + ( uint32_t ) inlen;
+  return 0;
+}
+
+
+int blake2sp_final( blake2sp_state *S, uint8_t *out, size_t outlen )
+{
+  uint8_t hash[PARALLELISM_DEGREE][BLAKE2S_OUTBYTES];
+
+  if(S->outlen != outlen) return -1;
+
+  for( size_t i = 0; i < PARALLELISM_DEGREE; ++i )
+  {
+    if( S->buflen > i * BLAKE2S_BLOCKBYTES )
+    {
+      size_t left = S->buflen - i * BLAKE2S_BLOCKBYTES;
+
+      if( left > BLAKE2S_BLOCKBYTES ) left = BLAKE2S_BLOCKBYTES;
+
+      blake2s_update( S->S[i], S->buf + i * BLAKE2S_BLOCKBYTES, left );
+    }
+
+    blake2s_final( S->S[i], hash[i], BLAKE2S_OUTBYTES );
+  }
+
+  for( size_t i = 0; i < PARALLELISM_DEGREE; ++i )
+    blake2s_update( S->R, hash[i], BLAKE2S_OUTBYTES );
+
+  blake2s_final( S->R, out, outlen );
+  return 0;
+}
+
+
+int blake2sp( uint8_t *out, const void *in, const void *key, size_t outlen, size_t inlen, size_t keylen )
+{
+  uint8_t hash[PARALLELISM_DEGREE][BLAKE2S_OUTBYTES];
+  blake2s_state S[PARALLELISM_DEGREE][1];
+  blake2s_state FS[1];
+
+  /* Verify parameters */
+  if ( NULL == in && inlen > 0 ) return -1;
+
+  if ( NULL == out ) return -1;
+
+  if ( NULL == key && keylen > 0 ) return -1;
+
+  if( !outlen || outlen > BLAKE2S_OUTBYTES ) return -1;
+
+  if( keylen > BLAKE2S_KEYBYTES ) return -1;
+
+  for( size_t i = 0; i < PARALLELISM_DEGREE; ++i )
+    if( blake2sp_init_leaf( S[i], ( uint8_t ) outlen, ( uint8_t ) keylen, i ) < 0 )
+      return -1;
+
+  S[PARALLELISM_DEGREE - 1]->last_node = 1; // mark last node
+
+  if( keylen > 0 )
+  {
+    uint8_t block[BLAKE2S_BLOCKBYTES];
+    memset( block, 0, BLAKE2S_BLOCKBYTES );
+    memcpy( block, key, keylen );
+
+    for( size_t i = 0; i < PARALLELISM_DEGREE; ++i )
+      blake2s_update( S[i], block, BLAKE2S_BLOCKBYTES );
+
+    secure_zero_memory( block, BLAKE2S_BLOCKBYTES ); /* Burn the key from stack */
+  }
+
+#if defined(_OPENMP)
+  omp_set_num_threads(PARALLELISM_DEGREE);
+  #pragma omp parallel shared(S,hash)
+#else
+
+  for( size_t id__ = 0; id__ < PARALLELISM_DEGREE; ++id__ )
+#endif
+  {
+#if defined(_OPENMP)
+    size_t      id__ = ( size_t ) omp_get_thread_num();
+#endif
+    size_t inlen__ = inlen;
+    const uint8_t *in__ = ( const uint8_t * )in;
+    in__ += id__ * BLAKE2S_BLOCKBYTES;
+
+    while( inlen__ >= PARALLELISM_DEGREE * BLAKE2S_BLOCKBYTES )
+    {
+      blake2s_update( S[id__], in__, BLAKE2S_BLOCKBYTES );
+      in__ += PARALLELISM_DEGREE * BLAKE2S_BLOCKBYTES;
+      inlen__ -= PARALLELISM_DEGREE * BLAKE2S_BLOCKBYTES;
+    }
+
+    if( inlen__ > id__ * BLAKE2S_BLOCKBYTES )
+    {
+      const size_t left = inlen__ - id__ * BLAKE2S_BLOCKBYTES;
+      const size_t len = left <= BLAKE2S_BLOCKBYTES ? left : BLAKE2S_BLOCKBYTES;
+      blake2s_update( S[id__], in__, len );
+    }
+
+    blake2s_final( S[id__], hash[id__], BLAKE2S_OUTBYTES );
+  }
+
+  if( blake2sp_init_root( FS, ( uint8_t ) outlen, ( uint8_t ) keylen ) < 0 )
+    return -1;
+
+  FS->last_node = 1;
+
+  for( size_t i = 0; i < PARALLELISM_DEGREE; ++i )
+    blake2s_update( FS, hash[i], BLAKE2S_OUTBYTES );
+
+  return blake2s_final( FS, out, outlen );
+}
+
+
+
+

aclocal.m4

@@ -55,7 +55,7 @@ dnl
 dnl See the "Since" comment for each macro you use to see what version
 dnl of the macros you require.
 m4_defun([PKG_PREREQ],
-[m4_define([PKG_MACROS_VERSION], [0.29.1])
+[m4_define([PKG_MACROS_VERSION], [0.29.2])
 m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1,
     [m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])])
 ])dnl PKG_PREREQ
@@ -156,7 +156,7 @@ AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
 AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
 
 pkg_failed=no
-AC_MSG_CHECKING([for $1])
+AC_MSG_CHECKING([for $2])
 
 _PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
 _PKG_CONFIG([$1][_LIBS], [libs], [$2])
@@ -166,11 +166,11 @@ and $1[]_LIBS to avoid the need to call pkg-config.
 See the pkg-config man page for more details.])
 
 if test $pkg_failed = yes; then
-   	AC_MSG_RESULT([no])
+        AC_MSG_RESULT([no])
         _PKG_SHORT_ERRORS_SUPPORTED
         if test $_pkg_short_errors_supported = yes; then
 	        $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1`
-        else 
+        else
 	        $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1`
         fi
 	# Put the nasty error message in config.log where it belongs
@@ -187,7 +187,7 @@ installed software in a non-standard prefix.
 _PKG_TEXT])[]dnl
         ])
 elif test $pkg_failed = untried; then
-     	AC_MSG_RESULT([no])
+        AC_MSG_RESULT([no])
 	m4_default([$4], [AC_MSG_FAILURE(
 [The pkg-config script could not be found or is too old.  Make sure it
 is in your PATH or set the PKG_CONFIG environment variable to the full

configure

@@ -11462,14 +11462,14 @@ fi
 
 # checks for library functions
 for ac_func in alarm accept4 setitimer getitimer bind_textdomain_codeset chown \
- clock confstr ctermid dup3 execv faccessat fchmod fchmodat fchown fchownat \
+ clock confstr ctermid dup3 execv explicit_bzero explicit_memset faccessat fchmod fchmodat fchown fchownat \
  fexecve fdopendir fork fpathconf fstatat ftime ftruncate futimesat \
  futimens futimes gai_strerror getentropy \
  getgrgid_r getgrnam_r \
  getgrouplist getgroups getlogin getloadavg getpeername getpgid getpid \
  getpriority getresuid getresgid getpwent getpwnam_r getpwuid_r getspnam getspent getsid getwd \
  if_nameindex \
- initgroups kill killpg lchown lockf linkat lstat lutimes mmap \
+ initgroups kill killpg lchmod lchown lockf linkat lstat lutimes mmap \
  memrchr mbrtowc mkdirat mkfifo \
  mkfifoat mknod mknodat mktime mremap nice openat pathconf pause pipe2 plock poll \
  posix_fallocate posix_fadvise posix_spawn posix_spawnp pread preadv preadv2 \

configure.ac

@@ -3519,15 +3519,13 @@ fi
 
 # checks for library functions
 AC_CHECK_FUNCS(alarm accept4 setitimer getitimer bind_textdomain_codeset chown \
- clock confstr ctermid dup3 execv faccessat fchmod fchmodat fchown fchownat \
+ clock confstr ctermid dup3 execv explicit_bzero explicit_memset faccessat fchmod fchmodat fchown fchownat \
  fexecve fdopendir fork fpathconf fstatat ftime ftruncate futimesat \
  futimens futimes gai_strerror getentropy \
  getgrgid_r getgrnam_r \
  getgrouplist getgroups getlogin getloadavg getpeername getpgid getpid \
  getpriority getresuid getresgid getpwent getpwnam_r getpwuid_r getspnam getspent getsid getwd \
  if_nameindex \
- initgroups kill killpg lchown lockf linkat lstat lutimes mmap \
- memrchr mbrtowc mkdirat mkfifo \
  mkfifoat mknod mknodat mktime mremap nice openat pathconf pause pipe2 plock poll \
  posix_fallocate posix_fadvise posix_spawn posix_spawnp pread preadv preadv2 \
  pthread_condattr_setclock pthread_init pthread_kill putenv pwrite pwritev pwritev2 \

pyconfig.h.in

@@ -302,6 +302,12 @@
 /* Define to 1 if you have the `execv' function. */
 #undef HAVE_EXECV
 
+/* Define to 1 if you have the `explicit_bzero' function. */
+#undef HAVE_EXPLICIT_BZERO
+
+/* Define to 1 if you have the `explicit_memset' function. */
+#undef HAVE_EXPLICIT_MEMSET
+
 /* Define to 1 if you have the `expm1' function. */
 #undef HAVE_EXPM1
 
@@ -664,6 +670,9 @@
 /* Define to 1 if you have the `memrchr' function. */
 #undef HAVE_MEMRCHR
 
+/* Define to 1 if you have the `memset_s' function. */
+#undef HAVE_MEMSET_S
+
 /* Define to 1 if you have the `mkdirat' function. */
 #undef HAVE_MKDIRAT