}
if (hmac_key != NULL) {
- sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, impl,
- (unsigned char *)hmac_key, -1);
+ sigkey = EVP_PKEY_new_private_key(EVP_PKEY_HMAC, impl,
+ (unsigned char *)hmac_key, -1);
if (sigkey == NULL)
goto end;
}
return 1;
}
-EVP_PKEY *EVP_PKEY_new_private_key(int type, ENGINE *e, unsigned char *priv,
+EVP_PKEY *EVP_PKEY_new_private_key(int type, ENGINE *e,
+ const unsigned char *priv,
size_t len)
{
EVP_PKEY *ret = EVP_PKEY_new();
return NULL;
}
-EVP_PKEY *EVP_PKEY_new_public_key(int type, ENGINE *e, unsigned char *pub,
+EVP_PKEY *EVP_PKEY_new_public_key(int type, ENGINE *e,
+ const unsigned char *pub,
size_t len)
{
EVP_PKEY *ret = EVP_PKEY_new();
#include "internal/cryptlib.h"
#include <openssl/evp.h>
#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
/*
* HMAC "ASN1" method. This is just here to indicate the maximum HMAC output
return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b));
}
+static int hmac_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv,
+ size_t len)
+{
+ ASN1_OCTET_STRING *os;
+
+ if (pkey->pkey.ptr != NULL)
+ return 0;
+
+ os = ASN1_OCTET_STRING_new();
+ if (os == NULL)
+ return 0;
+
+
+ if (!ASN1_OCTET_STRING_set(os, priv, len)) {
+ ASN1_OCTET_STRING_free(os);
+ return 0;
+ }
+
+ pkey->pkey.ptr = os;
+ return 1;
+}
+
const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = {
EVP_PKEY_HMAC,
EVP_PKEY_HMAC,
hmac_key_free,
hmac_pkey_ctrl,
- 0, 0
+ NULL,
+ NULL,
+
+ NULL,
+ NULL,
+ NULL,
+
+ NULL,
+ NULL,
+ NULL,
+
+ hmac_set_priv_key,
+ NULL,
};
if (ctx == NULL || ctx_tmp == NULL || ctx_init == NULL)
goto err;
EVP_MD_CTX_set_flags(ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
- mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
+ mac_key = EVP_PKEY_new_private_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
if (mac_key == NULL)
goto err;
if (!EVP_DigestSignInit(ctx_init, NULL, md, NULL, mac_key))
EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
const unsigned char *key, int keylen);
-EVP_PKEY *EVP_PKEY_new_private_key(int type, ENGINE *e, unsigned char *priv,
+EVP_PKEY *EVP_PKEY_new_private_key(int type, ENGINE *e,
+ const unsigned char *priv,
size_t len);
-EVP_PKEY *EVP_PKEY_new_public_key(int type, ENGINE *e, unsigned char *pub,
+EVP_PKEY *EVP_PKEY_new_public_key(int type, ENGINE *e,
+ const unsigned char *pub,
size_t len);
void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data);
goto err;
}
- mackey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, finishedkey, hashsize);
+ mackey = EVP_PKEY_new_private_key(EVP_PKEY_HMAC, NULL, finishedkey,
+ hashsize);
if (mackey == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
ERR_R_INTERNAL_ERROR);
/* Verify the HMAC of the cookie */
hctx = EVP_MD_CTX_create();
- pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
- s->session_ctx->ext.cookie_hmac_key,
- sizeof(s->session_ctx->ext.cookie_hmac_key));
+ pkey = EVP_PKEY_new_private_key(EVP_PKEY_HMAC, NULL,
+ s->session_ctx->ext.cookie_hmac_key,
+ sizeof(s->session_ctx->ext.cookie_hmac_key));
if (hctx == NULL || pkey == NULL) {
EVP_MD_CTX_free(hctx);
EVP_PKEY_free(pkey);
/* HMAC the cookie */
hctx = EVP_MD_CTX_create();
- pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
- s->session_ctx->ext.cookie_hmac_key,
- sizeof(s->session_ctx->ext.cookie_hmac_key));
+ pkey = EVP_PKEY_new_private_key(EVP_PKEY_HMAC, NULL,
+ s->session_ctx->ext.cookie_hmac_key,
+ sizeof(s->session_ctx->ext.cookie_hmac_key));
if (hctx == NULL || pkey == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
ERR_R_MALLOC_FAILURE);
if (!(EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) {
/* TODO(size_t): Convert this function */
- mac_key = EVP_PKEY_new_mac_key(mac_type, NULL,
- mac_secret, (int)*mac_secret_size);
+ mac_key = EVP_PKEY_new_private_key(mac_type, NULL,
+ mac_secret, (int)*mac_secret_size);
if (mac_key == NULL
|| EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key) <= 0) {
EVP_PKEY_free(mac_key);
}
if (str == s->method->ssl3_enc->server_finished_label)
- key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
+ key = EVP_PKEY_new_private_key(EVP_PKEY_HMAC, NULL,
s->server_finished_secret, hashlen);
else
- key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
+ key = EVP_PKEY_new_private_key(EVP_PKEY_HMAC, NULL,
s->client_finished_secret, hashlen);
if (key == NULL