5 files changed, 24 insertions, 5 deletions

diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index c9c9dc7dcc..50277ffb82 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -57,6 +57,7 @@ static ERR_STRING_DATA EVP_str_functs[] = {
     {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"},
     {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_INIT), "EVP_PKEY_encrypt_init"},
     {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_OLD), "EVP_PKEY_encrypt_old"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_GET0_HMAC), "EVP_PKEY_get0_hmac"},
     {ERR_FUNC(EVP_F_EVP_PKEY_GET0_DH), "EVP_PKEY_get0_DH"},
     {ERR_FUNC(EVP_F_EVP_PKEY_GET0_DSA), "EVP_PKEY_get0_DSA"},
     {ERR_FUNC(EVP_F_EVP_PKEY_GET0_EC_KEY), "EVP_PKEY_get0_EC_KEY"},
@@ -105,6 +106,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
     {ERR_REASON(EVP_R_DIFFERENT_PARAMETERS), "different parameters"},
     {ERR_REASON(EVP_R_ERROR_LOADING_SECTION), "error loading section"},
     {ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE), "error setting fips mode"},
+    {ERR_REASON(EVP_R_EXPECTING_AN_HMAC_KEY), "expecting an hmac key"},
     {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY), "expecting an rsa key"},
     {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY), "expecting a dh key"},
     {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY), "expecting a dsa key"},
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 0b50d3210e..802f6ddf09 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -237,6 +237,18 @@ void *EVP_PKEY_get0(const EVP_PKEY *pkey)
     return pkey->pkey.ptr;
 }
 
+const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len)
+{
+    ASN1_OCTET_STRING *os = NULL;
+    if (pkey->type != EVP_PKEY_HMAC) {
+        EVPerr(EVP_F_EVP_PKEY_GET0_HMAC, EVP_R_EXPECTING_AN_HMAC_KEY);
+        return NULL;
+    }
+    os = EVP_PKEY_get0(pkey);
+    *len = os->length;
+    return os->data;
+}
+
 #ifndef OPENSSL_NO_RSA
 int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
 {
diff --git a/doc/crypto/EVP_PKEY_set1_RSA.pod b/doc/crypto/EVP_PKEY_set1_RSA.pod
index c6cdcf94db..90595d696e 100644
--- a/doc/crypto/EVP_PKEY_set1_RSA.pod
+++ b/doc/crypto/EVP_PKEY_set1_RSA.pod
@@ -22,6 +22,7 @@ EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id - EVP_PKEY assignment functions
  DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
  EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
 
+ const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
  RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
  DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey);
  DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey);
@@ -45,11 +46,11 @@ EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
 EVP_PKEY_get1_EC_KEY() return the referenced key in B<pkey> or
 B<NULL> if the key is not of the correct type.
 
-EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH() and
-EVP_PKEY_get0_EC_KEY() also return the referenced key in B<pkey> or
-B<NULL> if the key is not of the correct type but the reference
-count of the returned key is B<not> incremented and so must not
-be freed up after use.
+EVP_PKEY_get0_hmac(), EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(),
+EVP_PKEY_get0_DH() and EVP_PKEY_get0_EC_KEY() also return the
+referenced key in B<pkey> or B<NULL> if the key is not of the
+correct type but the reference count of the returned key is
+B<not> incremented and so must not be freed up after use.
 
 EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
 and EVP_PKEY_assign_EC_KEY() also set the referenced key to B<key>
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 343cd9fd17..975862f75c 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -901,6 +901,7 @@ int EVP_PKEY_set_type(EVP_PKEY *pkey, int type);
 int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len);
 int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key);
 void *EVP_PKEY_get0(const EVP_PKEY *pkey);
+const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
 
 # ifndef OPENSSL_NO_RSA
 struct rsa_st;
@@ -1484,6 +1485,7 @@ void ERR_load_EVP_strings(void);
 # define EVP_F_EVP_PKEY_GET0_DH                           119
 # define EVP_F_EVP_PKEY_GET0_DSA                          120
 # define EVP_F_EVP_PKEY_GET0_EC_KEY                       131
+# define EVP_F_EVP_PKEY_GET0_HMAC                         182
 # define EVP_F_EVP_PKEY_GET0_RSA                          121
 # define EVP_F_EVP_PKEY_KEYGEN                            146
 # define EVP_F_EVP_PKEY_KEYGEN_INIT                       147
@@ -1523,6 +1525,7 @@ void ERR_load_EVP_strings(void);
 # define EVP_R_DIFFERENT_PARAMETERS                       153
 # define EVP_R_ERROR_LOADING_SECTION                      165
 # define EVP_R_ERROR_SETTING_FIPS_MODE                    166
+# define EVP_R_EXPECTING_AN_HMAC_KEY                      174
 # define EVP_R_EXPECTING_AN_RSA_KEY                       127
 # define EVP_R_EXPECTING_A_DH_KEY                         128
 # define EVP_R_EXPECTING_A_DSA_KEY                        129
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 44e0a655b3..ef5dcde7d4 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4149,3 +4149,4 @@ PEM_write_bio_PrivateKey_traditional    4091	1_1_0	EXIST::FUNCTION:
 X509_get_pathlen                        4092	1_1_0	EXIST::FUNCTION:
 ECDSA_SIG_set0                          4093	1_1_0	EXIST::FUNCTION:EC
 DSA_SIG_set0                            4094	1_1_0	EXIST::FUNCTION:DSA
+EVP_PKEY_get0_hmac                      4095	1_1_0	EXIST::FUNCTION: