From ebad0b0beb1bb6913524549514111cbb91e6d494 Mon Sep 17 00:00:00 2001 From: Nathaniel McCallum Date: Wed, 15 Jun 2016 14:02:04 -0400 Subject: [PATCH] Add EVP_PKEY_get0_hmac() function MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Before the addition of this function, it was impossible to read the symmetric key from an EVP_PKEY_HMAC type EVP_PKEY. Reviewed-by: Emilia Käsper Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1217) --- crypto/evp/evp_err.c | 2 ++ crypto/evp/p_lib.c | 12 ++++++++++++ doc/crypto/EVP_PKEY_set1_RSA.pod | 11 ++++++----- include/openssl/evp.h | 3 +++ util/libcrypto.num | 1 + 5 files changed, 24 insertions(+), 5 deletions(-) diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index c9c9dc7dcc..50277ffb82 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -57,6 +57,7 @@ static ERR_STRING_DATA EVP_str_functs[] = { {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"}, {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_INIT), "EVP_PKEY_encrypt_init"}, {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_OLD), "EVP_PKEY_encrypt_old"}, + {ERR_FUNC(EVP_F_EVP_PKEY_GET0_HMAC), "EVP_PKEY_get0_hmac"}, {ERR_FUNC(EVP_F_EVP_PKEY_GET0_DH), "EVP_PKEY_get0_DH"}, {ERR_FUNC(EVP_F_EVP_PKEY_GET0_DSA), "EVP_PKEY_get0_DSA"}, {ERR_FUNC(EVP_F_EVP_PKEY_GET0_EC_KEY), "EVP_PKEY_get0_EC_KEY"}, @@ -105,6 +106,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = { {ERR_REASON(EVP_R_DIFFERENT_PARAMETERS), "different parameters"}, {ERR_REASON(EVP_R_ERROR_LOADING_SECTION), "error loading section"}, {ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE), "error setting fips mode"}, + {ERR_REASON(EVP_R_EXPECTING_AN_HMAC_KEY), "expecting an hmac key"}, {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY), "expecting an rsa key"}, {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY), "expecting a dh key"}, {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY), "expecting a dsa key"}, diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 0b50d3210e..802f6ddf09 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -237,6 +237,18 @@ void *EVP_PKEY_get0(const EVP_PKEY *pkey) return pkey->pkey.ptr; } +const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len) +{ + ASN1_OCTET_STRING *os = NULL; + if (pkey->type != EVP_PKEY_HMAC) { + EVPerr(EVP_F_EVP_PKEY_GET0_HMAC, EVP_R_EXPECTING_AN_HMAC_KEY); + return NULL; + } + os = EVP_PKEY_get0(pkey); + *len = os->length; + return os->data; +} + #ifndef OPENSSL_NO_RSA int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) { diff --git a/doc/crypto/EVP_PKEY_set1_RSA.pod b/doc/crypto/EVP_PKEY_set1_RSA.pod index c6cdcf94db..90595d696e 100644 --- a/doc/crypto/EVP_PKEY_set1_RSA.pod +++ b/doc/crypto/EVP_PKEY_set1_RSA.pod @@ -22,6 +22,7 @@ EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id - EVP_PKEY assignment functions DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey); EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); + const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey); DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey); @@ -45,11 +46,11 @@ EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and EVP_PKEY_get1_EC_KEY() return the referenced key in B or B if the key is not of the correct type. -EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH() and -EVP_PKEY_get0_EC_KEY() also return the referenced key in B or -B if the key is not of the correct type but the reference -count of the returned key is B incremented and so must not -be freed up after use. +EVP_PKEY_get0_hmac(), EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), +EVP_PKEY_get0_DH() and EVP_PKEY_get0_EC_KEY() also return the +referenced key in B or B if the key is not of the +correct type but the reference count of the returned key is +B incremented and so must not be freed up after use. EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH() and EVP_PKEY_assign_EC_KEY() also set the referenced key to B diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 343cd9fd17..975862f75c 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -901,6 +901,7 @@ int EVP_PKEY_set_type(EVP_PKEY *pkey, int type); int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key); void *EVP_PKEY_get0(const EVP_PKEY *pkey); +const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); # ifndef OPENSSL_NO_RSA struct rsa_st; @@ -1484,6 +1485,7 @@ void ERR_load_EVP_strings(void); # define EVP_F_EVP_PKEY_GET0_DH 119 # define EVP_F_EVP_PKEY_GET0_DSA 120 # define EVP_F_EVP_PKEY_GET0_EC_KEY 131 +# define EVP_F_EVP_PKEY_GET0_HMAC 182 # define EVP_F_EVP_PKEY_GET0_RSA 121 # define EVP_F_EVP_PKEY_KEYGEN 146 # define EVP_F_EVP_PKEY_KEYGEN_INIT 147 @@ -1523,6 +1525,7 @@ void ERR_load_EVP_strings(void); # define EVP_R_DIFFERENT_PARAMETERS 153 # define EVP_R_ERROR_LOADING_SECTION 165 # define EVP_R_ERROR_SETTING_FIPS_MODE 166 +# define EVP_R_EXPECTING_AN_HMAC_KEY 174 # define EVP_R_EXPECTING_AN_RSA_KEY 127 # define EVP_R_EXPECTING_A_DH_KEY 128 # define EVP_R_EXPECTING_A_DSA_KEY 129 diff --git a/util/libcrypto.num b/util/libcrypto.num index 44e0a655b3..ef5dcde7d4 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4149,3 +4149,4 @@ PEM_write_bio_PrivateKey_traditional 4091 1_1_0 EXIST::FUNCTION: X509_get_pathlen 4092 1_1_0 EXIST::FUNCTION: ECDSA_SIG_set0 4093 1_1_0 EXIST::FUNCTION:EC DSA_SIG_set0 4094 1_1_0 EXIST::FUNCTION:DSA +EVP_PKEY_get0_hmac 4095 1_1_0 EXIST::FUNCTION: -- 2.25.1