Add EVP_DigestFinalXOF, interface to extendable-output functions, XOFs.

EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH:122:EVP_CIPHER_CTX_set_key_length

EVP_F_EVP_DECRYPTFINAL_EX:101:EVP_DecryptFinal_ex

EVP_F_EVP_DECRYPTUPDATE:166:EVP_DecryptUpdate

EVP_F_EVP_DIGESTFINALXOF:174:EVP_DigestFinalXOF

EVP_F_EVP_DIGESTINIT_EX:128:EVP_DigestInit_ex

EVP_F_EVP_ENCRYPTFINAL_EX:127:EVP_EncryptFinal_ex

EVP_F_EVP_ENCRYPTUPDATE:167:EVP_EncryptUpdate

EVP_R_MESSAGE_DIGEST_IS_NULL:159:message digest is null

EVP_R_METHOD_NOT_SUPPORTED:144:method not supported

EVP_R_MISSING_PARAMETERS:103:missing parameters

EVP_R_NOT_XOF_OR_INVALID_LENGTH:178:not XOF or invalid length

EVP_R_NO_CIPHER_SET:131:no cipher set

EVP_R_NO_DEFAULT_DIGEST:158:no default digest

EVP_R_NO_DIGEST_SET:139:no digest set

    return ret;

}

int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t size)

{

    int ret = 0;

    if (ctx->digest->flags & EVP_MD_FLAG_XOF

        && size <= INT_MAX

        && ctx->digest->md_ctrl(ctx, EVP_MD_CTRL_XOF_LEN, (int)size, NULL)) {

        ret = ctx->digest->final(ctx, md);

        if (ctx->digest->cleanup != NULL) {

            ctx->digest->cleanup(ctx);

            EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);

        }

        OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);

    } else {

        EVPerr(EVP_F_EVP_DIGESTFINALXOF, EVP_R_NOT_XOF_OR_INVALID_LENGTH);

    }

    return ret;

}

int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)

{

    EVP_MD_CTX_reset(out);

    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTFINAL_EX, 0),

     "EVP_DecryptFinal_ex"},

    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTUPDATE, 0), "EVP_DecryptUpdate"},

    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DIGESTFINALXOF, 0), "EVP_DigestFinalXOF"},

    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DIGESTINIT_EX, 0), "EVP_DigestInit_ex"},

    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTFINAL_EX, 0),

     "EVP_EncryptFinal_ex"},

    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_METHOD_NOT_SUPPORTED),

    "method not supported"},

    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_MISSING_PARAMETERS), "missing parameters"},

    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NOT_XOF_OR_INVALID_LENGTH),

    "not XOF or invalid length"},

    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_CIPHER_SET), "no cipher set"},

    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_DEFAULT_DIGEST), "no default digest"},

    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_DIGEST_SET), "no digest set"},

=head1 NAME

EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy_ex,

EVP_MD_CTX_ctrl, EVP_DigestInit_ex, EVP_DigestUpdate, EVP_DigestFinal_ex,

EVP_DigestInit, EVP_DigestFinal, EVP_MD_CTX_copy, EVP_MD_type,

EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size,

EVP_MD_CTX_ctrl, EVP_DigestInit_ex, EVP_DigestInit, EVP_DigestUpdate,

EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal,

EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,

EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size,

EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha1,

EVP_sha224, EVP_sha256, EVP_sha384, EVP_sha512, EVP_sha3_224, EVP_sha3_256,

EVP_sha3_384, EVP_sha3_512, EVP_mdc2, EVP_ripemd160, EVP_blake2b512,

 int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);

 int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);

 int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s);

 int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t len);

 int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);

can be made, but EVP_DigestInit_ex() can be called to initialize a new

digest operation.

EVP_DigestFinalXOF() interfaces to extendable-output functions, XOFs,

such as SHAKE128 and SHAKE256. It retrieves the digest value from

B<ctx> and places it in B<len>-sized <B>md. After calling this function

no additional calls to EVP_DigestUpdate() can be made, but

EVP_DigestInit_ex() can be called to initialize a new operation.

EVP_MD_CTX_copy_ex() can be used to copy the message digest state from

B<in> to B<out>. This is useful if large amounts of data are to be

hashed which only differ in the last few bytes. B<out> must be initialized

/* digest can only handle a single block */

#  define EVP_MD_FLAG_ONESHOT     0x0001

/* digest is extensible-output function, XOF */

#  define EVP_MD_FLAG_XOF         0x0002

/* DigestAlgorithmIdentifier flags... */

#  define EVP_MD_FLAG_DIGALGID_MASK               0x0018

#  define EVP_MD_CTRL_DIGALGID                    0x1

#  define EVP_MD_CTRL_MICALG                      0x2

#  define EVP_MD_CTRL_XOF_LEN                     0x3

/* Minimum Algorithm specific ctrl value */

__owur int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);

__owur int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md,

                           unsigned int *s);

__owur int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md,

                              size_t len);

int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify);

int EVP_read_pw_string_min(char *buf, int minlen, int maxlen,