diff options
author | Nathaniel McCallum <npmccallum@redhat.com> | 2016-06-15 14:02:04 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2016-06-16 13:33:47 -0400 |
commit | ebad0b0beb1bb6913524549514111cbb91e6d494 (patch) | |
tree | 6fd3fafba3c61156d903bfd00ac42f9d667a9351 | |
parent | f219a1b0485309b6814f00985f7bbb45e72ee374 (diff) |
Add EVP_PKEY_get0_hmac() function
Before the addition of this function, it was impossible to read the
symmetric key from an EVP_PKEY_HMAC type EVP_PKEY.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1217)
-rw-r--r-- | crypto/evp/evp_err.c | 2 | ||||
-rw-r--r-- | crypto/evp/p_lib.c | 12 | ||||
-rw-r--r-- | doc/crypto/EVP_PKEY_set1_RSA.pod | 11 | ||||
-rw-r--r-- | include/openssl/evp.h | 3 | ||||
-rw-r--r-- | util/libcrypto.num | 1 |
5 files changed, 24 insertions, 5 deletions
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index c9c9dc7dcc..50277ffb82 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -57,6 +57,7 @@ static ERR_STRING_DATA EVP_str_functs[] = { {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"}, {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_INIT), "EVP_PKEY_encrypt_init"}, {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_OLD), "EVP_PKEY_encrypt_old"}, + {ERR_FUNC(EVP_F_EVP_PKEY_GET0_HMAC), "EVP_PKEY_get0_hmac"}, {ERR_FUNC(EVP_F_EVP_PKEY_GET0_DH), "EVP_PKEY_get0_DH"}, {ERR_FUNC(EVP_F_EVP_PKEY_GET0_DSA), "EVP_PKEY_get0_DSA"}, {ERR_FUNC(EVP_F_EVP_PKEY_GET0_EC_KEY), "EVP_PKEY_get0_EC_KEY"}, @@ -105,6 +106,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = { {ERR_REASON(EVP_R_DIFFERENT_PARAMETERS), "different parameters"}, {ERR_REASON(EVP_R_ERROR_LOADING_SECTION), "error loading section"}, {ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE), "error setting fips mode"}, + {ERR_REASON(EVP_R_EXPECTING_AN_HMAC_KEY), "expecting an hmac key"}, {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY), "expecting an rsa key"}, {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY), "expecting a dh key"}, {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY), "expecting a dsa key"}, diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 0b50d3210e..802f6ddf09 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -237,6 +237,18 @@ void *EVP_PKEY_get0(const EVP_PKEY *pkey) return pkey->pkey.ptr; } +const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len) +{ + ASN1_OCTET_STRING *os = NULL; + if (pkey->type != EVP_PKEY_HMAC) { + EVPerr(EVP_F_EVP_PKEY_GET0_HMAC, EVP_R_EXPECTING_AN_HMAC_KEY); + return NULL; + } + os = EVP_PKEY_get0(pkey); + *len = os->length; + return os->data; +} + #ifndef OPENSSL_NO_RSA int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) { diff --git a/doc/crypto/EVP_PKEY_set1_RSA.pod b/doc/crypto/EVP_PKEY_set1_RSA.pod index c6cdcf94db..90595d696e 100644 --- a/doc/crypto/EVP_PKEY_set1_RSA.pod +++ b/doc/crypto/EVP_PKEY_set1_RSA.pod @@ -22,6 +22,7 @@ EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id - EVP_PKEY assignment functions DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey); EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); + const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey); DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey); @@ -45,11 +46,11 @@ EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and EVP_PKEY_get1_EC_KEY() return the referenced key in B<pkey> or B<NULL> if the key is not of the correct type. -EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH() and -EVP_PKEY_get0_EC_KEY() also return the referenced key in B<pkey> or -B<NULL> if the key is not of the correct type but the reference -count of the returned key is B<not> incremented and so must not -be freed up after use. +EVP_PKEY_get0_hmac(), EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), +EVP_PKEY_get0_DH() and EVP_PKEY_get0_EC_KEY() also return the +referenced key in B<pkey> or B<NULL> if the key is not of the +correct type but the reference count of the returned key is +B<not> incremented and so must not be freed up after use. EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH() and EVP_PKEY_assign_EC_KEY() also set the referenced key to B<key> diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 343cd9fd17..975862f75c 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -901,6 +901,7 @@ int EVP_PKEY_set_type(EVP_PKEY *pkey, int type); int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key); void *EVP_PKEY_get0(const EVP_PKEY *pkey); +const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); # ifndef OPENSSL_NO_RSA struct rsa_st; @@ -1484,6 +1485,7 @@ void ERR_load_EVP_strings(void); # define EVP_F_EVP_PKEY_GET0_DH 119 # define EVP_F_EVP_PKEY_GET0_DSA 120 # define EVP_F_EVP_PKEY_GET0_EC_KEY 131 +# define EVP_F_EVP_PKEY_GET0_HMAC 182 # define EVP_F_EVP_PKEY_GET0_RSA 121 # define EVP_F_EVP_PKEY_KEYGEN 146 # define EVP_F_EVP_PKEY_KEYGEN_INIT 147 @@ -1523,6 +1525,7 @@ void ERR_load_EVP_strings(void); # define EVP_R_DIFFERENT_PARAMETERS 153 # define EVP_R_ERROR_LOADING_SECTION 165 # define EVP_R_ERROR_SETTING_FIPS_MODE 166 +# define EVP_R_EXPECTING_AN_HMAC_KEY 174 # define EVP_R_EXPECTING_AN_RSA_KEY 127 # define EVP_R_EXPECTING_A_DH_KEY 128 # define EVP_R_EXPECTING_A_DSA_KEY 129 diff --git a/util/libcrypto.num b/util/libcrypto.num index 44e0a655b3..ef5dcde7d4 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4149,3 +4149,4 @@ PEM_write_bio_PrivateKey_traditional 4091 1_1_0 EXIST::FUNCTION: X509_get_pathlen 4092 1_1_0 EXIST::FUNCTION: ECDSA_SIG_set0 4093 1_1_0 EXIST::FUNCTION:EC DSA_SIG_set0 4094 1_1_0 EXIST::FUNCTION:DSA +EVP_PKEY_get0_hmac 4095 1_1_0 EXIST::FUNCTION: |