Add EVP_PKEY_get0_hmac() function

Before the addition of this function, it was impossible to read the
symmetric key from an EVP_PKEY_HMAC type EVP_PKEY.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1217)

diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index c9c9dc7dcc13ff72b6f8e7854202077fd9fe81d6..50277ffb82fc6d92e29dedc2ccf819367dcbafad 100644 (file)
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -57,6 +57,7 @@ static ERR_STRING_DATA EVP_str_functs[] = {
     {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"},
     {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_INIT), "EVP_PKEY_encrypt_init"},
     {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_OLD), "EVP_PKEY_encrypt_old"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_GET0_HMAC), "EVP_PKEY_get0_hmac"},
     {ERR_FUNC(EVP_F_EVP_PKEY_GET0_DH), "EVP_PKEY_get0_DH"},
     {ERR_FUNC(EVP_F_EVP_PKEY_GET0_DSA), "EVP_PKEY_get0_DSA"},
     {ERR_FUNC(EVP_F_EVP_PKEY_GET0_EC_KEY), "EVP_PKEY_get0_EC_KEY"},
@@ -105,6 +106,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
     {ERR_REASON(EVP_R_DIFFERENT_PARAMETERS), "different parameters"},
     {ERR_REASON(EVP_R_ERROR_LOADING_SECTION), "error loading section"},
     {ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE), "error setting fips mode"},
+    {ERR_REASON(EVP_R_EXPECTING_AN_HMAC_KEY), "expecting an hmac key"},
     {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY), "expecting an rsa key"},
     {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY), "expecting a dh key"},
     {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY), "expecting a dsa key"},

diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 0b50d3210e551dc7d35f4b4f9f0b4249547a1657..802f6ddf099b0727a62e03c547a31b9c31c43049 100644 (file)
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -237,6 +237,18 @@ void *EVP_PKEY_get0(const EVP_PKEY *pkey)
     return pkey->pkey.ptr;
 }
 
+const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len)
+{
+    ASN1_OCTET_STRING *os = NULL;
+    if (pkey->type != EVP_PKEY_HMAC) {
+        EVPerr(EVP_F_EVP_PKEY_GET0_HMAC, EVP_R_EXPECTING_AN_HMAC_KEY);
+        return NULL;
+    }
+    os = EVP_PKEY_get0(pkey);
+    *len = os->length;
+    return os->data;
+}
+
 #ifndef OPENSSL_NO_RSA
 int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
 {

diff --git a/doc/crypto/EVP_PKEY_set1_RSA.pod b/doc/crypto/EVP_PKEY_set1_RSA.pod
index c6cdcf94dbff47274cce280e4f1e89580e6e7785..90595d696e9d9333c79cd44dfed995023b3bd7dc 100644 (file)
--- a/doc/crypto/EVP_PKEY_set1_RSA.pod
+++ b/doc/crypto/EVP_PKEY_set1_RSA.pod
@@ -22,6 +22,7 @@ EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id - EVP_PKEY assignment functions
  DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
  EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
 
+ const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
  RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
  DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey);
  DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey);
@@ -45,11 +46,11 @@ EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
 EVP_PKEY_get1_EC_KEY() return the referenced key in B<pkey> or
 B<NULL> if the key is not of the correct type.
 
-EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH() and
-EVP_PKEY_get0_EC_KEY() also return the referenced key in B<pkey> or
-B<NULL> if the key is not of the correct type but the reference
-count of the returned key is B<not> incremented and so must not
-be freed up after use.
+EVP_PKEY_get0_hmac(), EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(),
+EVP_PKEY_get0_DH() and EVP_PKEY_get0_EC_KEY() also return the
+referenced key in B<pkey> or B<NULL> if the key is not of the
+correct type but the reference count of the returned key is
+B<not> incremented and so must not be freed up after use.
 
 EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
 and EVP_PKEY_assign_EC_KEY() also set the referenced key to B<key>

diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 343cd9fd17cdb28d5789a79380e2bd8b3cd203fb..975862f75cdc735effc02652869f64193c599fdc 100644 (file)
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -901,6 +901,7 @@ int EVP_PKEY_set_type(EVP_PKEY *pkey, int type);
 int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len);
 int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key);
 void *EVP_PKEY_get0(const EVP_PKEY *pkey);
+const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
 
 # ifndef OPENSSL_NO_RSA
 struct rsa_st;
@@ -1484,6 +1485,7 @@ void ERR_load_EVP_strings(void);
 # define EVP_F_EVP_PKEY_GET0_DH                           119
 # define EVP_F_EVP_PKEY_GET0_DSA                          120
 # define EVP_F_EVP_PKEY_GET0_EC_KEY                       131
+# define EVP_F_EVP_PKEY_GET0_HMAC                         182
 # define EVP_F_EVP_PKEY_GET0_RSA                          121
 # define EVP_F_EVP_PKEY_KEYGEN                            146
 # define EVP_F_EVP_PKEY_KEYGEN_INIT                       147
@@ -1523,6 +1525,7 @@ void ERR_load_EVP_strings(void);
 # define EVP_R_DIFFERENT_PARAMETERS                       153
 # define EVP_R_ERROR_LOADING_SECTION                      165
 # define EVP_R_ERROR_SETTING_FIPS_MODE                    166
+# define EVP_R_EXPECTING_AN_HMAC_KEY                      174
 # define EVP_R_EXPECTING_AN_RSA_KEY                       127
 # define EVP_R_EXPECTING_A_DH_KEY                         128
 # define EVP_R_EXPECTING_A_DSA_KEY                        129

diff --git a/util/libcrypto.num b/util/libcrypto.num
index 44e0a655b3d275d98f3ccdf0039a6d979ae700eb..ef5dcde7d411adbf0b68f48419b92e92ea0c30b0 100644 (file)
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4149,3 +4149,4 @@ PEM_write_bio_PrivateKey_traditional    4091      1_1_0   EXIST::FUNCTION:
 X509_get_pathlen                        4092   1_1_0   EXIST::FUNCTION:
 ECDSA_SIG_set0                          4093   1_1_0   EXIST::FUNCTION:EC
 DSA_SIG_set0                            4094   1_1_0   EXIST::FUNCTION:DSA
+EVP_PKEY_get0_hmac                      4095   1_1_0   EXIST::FUNCTION: