Update comments

crypto/fipsmodule/digest/digest.c

@@ -135,10 +135,9 @@ void EVP_MD_CTX_free(EVP_MD_CTX *ctx) {
 
 void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) { EVP_MD_CTX_free(ctx); }
 
-// EVP_DigestFinalXOF is a single-shot XOF output generation function
-// It can be called once. On sequential calls, it returns 0.
-// The |ctx->digest| check prevents calling EVP_DigestFinalXOF consecutively.
-// To catch single-shot XOF EVP_DigestFinalXOF calls after |EVP_DigestSqueeze|,
+// EVP_DigestFinalXOF is a single-call XOF output generation function.
+// The |ctx->digest| check prevents calling EVP_DigestFinalXOF consecutively. 
+// To catch single-call XOF EVP_DigestFinalXOF calls after |EVP_DigestSqueeze|,
 // the return |SHAKE_Final| value is used (the check is internally performed via 
 // the |KECCAK1600_CTX *ctx| state flag).
 int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, uint8_t *out, size_t len) {
@@ -154,7 +153,7 @@ int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, uint8_t *out, size_t len) {
   return ok;
 }
 
-// EVP_DigestSqueeze is a streaming XOF output generation function
+// EVP_DigestSqueeze is a streaming XOF output squeeze function
 // It can be called multiple times to generate an output of length 
 // |len| bytes. 
 int EVP_DigestSqueeze(EVP_MD_CTX *ctx, uint8_t *out, size_t len) {
@@ -294,7 +293,7 @@ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t len) {
   if (ctx->update == NULL) {
     return 0;
   }
-  return ctx->update(ctx, data, len);;
+  return ctx->update(ctx, data, len);
 }
 
 int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, uint8_t *md_out, unsigned int *size) {

crypto/fipsmodule/digest/digests.c

@@ -456,14 +456,14 @@ static void shake128_init(EVP_MD_CTX *ctx) {
   CHECK(SHAKE_Init(ctx->md_data, SHAKE128_BLOCKSIZE));
 }
 
-// Digest XOF functions return 1 on seccess and 0 on failure, returned 
+// shake128_update returns 1 on success and 0 on failure, returned 
 // from |SHAKE_Absorb|, to restrict update calls after |squeezeXOF|.
 static int shake128_update(EVP_MD_CTX *ctx, const void *data, size_t count) {
   return SHAKE_Absorb(ctx->md_data, data, count);
 }
 
-// Digest XOF functions return 1 on seccess and 0 on failure, 
-// returned from |SHAKE_Final|, to restrict Signle-Shot SHAKE_Final 
+// shake128_final returns 1 on success and 0 on failure, 
+// returned from |SHAKE_Final|, to restrict single-call SHAKE_Final 
 // calls after |squeezeXOF|.
 static int shake128_final(EVP_MD_CTX *ctx, uint8_t *md, size_t len) {
   return SHAKE_Final(md, ctx->md_data, len);
@@ -490,14 +490,14 @@ static void shake256_init(EVP_MD_CTX *ctx) {
   CHECK(SHAKE_Init(ctx->md_data, SHAKE256_BLOCKSIZE));
 }
 
-// Digest XOF functions return 1 on seccess and 0 on failure, returned 
+// shake256_update returns 1 on success and 0 on failure, returned 
 // from |SHAKE_Absorb|, to restrict update calls after |squeezeXOF|.
 static int shake256_update(EVP_MD_CTX *ctx, const void *data, size_t count) {
   return SHAKE_Absorb(ctx->md_data, data, count);
 }
 
-// Digest XOF functions return 1 on seccess and 0 on failure, 
-// returned from |SHAKE_Final|, to restrict Signle-Shot SHAKE_Final 
+// shake256_final returns 1 on success and 0 on failure, 
+// returned from |SHAKE_Final|, to restrict single-call SHAKE_Final 
 // calls after |squeezeXOF|.
 static int shake256_final(EVP_MD_CTX *ctx, uint8_t *md, size_t len) {
   return SHAKE_Final(md, ctx->md_data, len);

crypto/fipsmodule/digest/internal.h

@@ -79,9 +79,9 @@ struct env_md_st {
   void (*init)(EVP_MD_CTX *ctx);
 
   // update hashes |len| bytes of |data| into the state in |ctx->md_data|.
-  // Digest functions always return 1. update calls after |final| are 
-  // via checking the |ctx| (|final| cleanses the |ctx|).
-  // Digest XOF functions return 1 on seccess and 0 on failure, 
+  // Digest update functions always return 1. update calls after |final| are 
+  // restricted via |ctx| check (|final| cleanses the |ctx|).
+  // Digest XOF update functions return 1 on success and 0 on failure, 
   // returned from |SHAKE_Absorb|, to restrict update calls after |squeezeXOF|.
   int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count);
 
@@ -95,8 +95,8 @@ struct env_md_st {
   unsigned ctx_size;
 
   // finalXOF completes the hash and writes |len| bytes of digest extended output
-  // to |out|. Returns 1 on seccess and 0 on failure, returned from |SHAKE_Final|,
-  // to restrict Signle-Shot finalXOF calls after |squeezeXOF|.
+  // to |out|. Returns 1 on success and 0 on failure, returned from |SHAKE_Final|,
+  // to restrict single-call finalXOF calls after |squeezeXOF|.
   int (*finalXOF)(EVP_MD_CTX *ctx, uint8_t *out, size_t len);
 
   // squeezeXOF incrementally generates |len| bytes of digest extended output

crypto/fipsmodule/sha/sha3.c

@@ -292,8 +292,8 @@ int SHAKE_Absorb(KECCAK1600_CTX *ctx, const void *data, size_t len) {
 }
 
 // SHAKE_Final is to be called once to finalize absorb and squeeze phases
-// |ctx->state| restricts consecutive calls to FIPS202_Finalize
-// Function SHAKE_Squeeze should be used for incremental XOF output
+// |ctx->state| restricts consecutive calls to |FIPS202_Finalize|.
+// Function |SHAKE_Squeeze| should be used for incremental XOF output.
 int SHAKE_Final(uint8_t *md, KECCAK1600_CTX *ctx, size_t len) {
   if (ctx == NULL || md == NULL) {
     return 0;
@@ -315,12 +315,15 @@ int SHAKE_Final(uint8_t *md, KECCAK1600_CTX *ctx, size_t len) {
   return 1;
 }
 
-// SHAKE_Squeeze can be called multiple times
-// SHAKE_Squeeze should be called for incremental XOF output
+// SHAKE_Squeeze can be called multiple time for incremental XOF output
 int SHAKE_Squeeze(uint8_t *md, KECCAK1600_CTX *ctx, size_t len) {
   size_t block_bytes;
   ctx->md_size = len;
 
+  if (ctx == NULL || md == NULL) {
+    return 0;
+  }
+
   if (ctx->md_size == 0) {
     return 1;
   }
@@ -329,6 +332,8 @@ int SHAKE_Squeeze(uint8_t *md, KECCAK1600_CTX *ctx, size_t len) {
     return 0;
   }
 
+
+
   // Skip FIPS202_Finalize if the input has been padded and
   // the last block has been processed
   if (ctx->state == KECCAK1600_STATE_ABSORB) {
@@ -339,24 +344,19 @@ int SHAKE_Squeeze(uint8_t *md, KECCAK1600_CTX *ctx, size_t len) {
   // Process previous data from output buffer if any
   if (ctx->buf_load != 0) {
     if (len <= ctx->buf_load) {
-      memcpy(md, ctx->buf + ctx->block_size - ctx->buf_load, len);
+      OPENSSL_memcpy(md, ctx->buf + ctx->block_size - ctx->buf_load, len);
       md += len;
       ctx->buf_load -= len;
       len = 0;
       return 1;
     } else {
-      memcpy(md, ctx->buf + ctx->block_size - ctx->buf_load, ctx->buf_load);
+      OPENSSL_memcpy(md, ctx->buf + ctx->block_size - ctx->buf_load, ctx->buf_load);
       md += ctx->buf_load;
       len -= ctx->buf_load;
       ctx->buf_load = 0;
     }
   }
 
-  // Use a single function to finalize SHAKE absorb phase and to generate 
-  // incremental SHAKE_Squeeze extendable output. It allows consistency with the current
-  // single XOF function in the Digest EVP_MD |env_md_st->finalXOF| and 
-  // EVP_DigestFinalXOF external APIs
-
   // Process all full size output requested blocks
   block_bytes = ctx->block_size * (len / ctx->block_size);
   if (len > ctx->block_size) {
@@ -372,7 +372,7 @@ int SHAKE_Squeeze(uint8_t *md, KECCAK1600_CTX *ctx, size_t len) {
     // to the output. The 'unused' output data is kept for processing in a sequenctual
     // call to SHAKE_Squeeze (incremental byte-wise SHAKE_Squeeze)
     Keccak1600_Squeeze(ctx->A, ctx->buf, ctx->block_size, ctx->block_size, ctx->state);
-    memcpy(md, ctx->buf, len);
+    OPENSSL_memcpy(md, ctx->buf, len);
     ctx->buf_load = ctx->block_size - len; // how much there is still in buffer to be consumed    
     md += len;
     ctx->state = KECCAK1600_STATE_SQUEEZE;