[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Thu Jun 16 17:40:44 UTC 2016
The branch master has been updated
via ebad0b0beb1bb6913524549514111cbb91e6d494 (commit)
from f219a1b0485309b6814f00985f7bbb45e72ee374 (commit)
- Log -----------------------------------------------------------------
commit ebad0b0beb1bb6913524549514111cbb91e6d494
Author: Nathaniel McCallum <npmccallum at redhat.com>
Date: Wed Jun 15 14:02:04 2016 -0400
Add EVP_PKEY_get0_hmac() function
Before the addition of this function, it was impossible to read the
symmetric key from an EVP_PKEY_HMAC type EVP_PKEY.
Reviewed-by: Emilia Käsper <emilia at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1217)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/evp_err.c | 2 ++
crypto/evp/p_lib.c | 12 ++++++++++++
doc/crypto/EVP_PKEY_set1_RSA.pod | 11 ++++++-----
include/openssl/evp.h | 3 +++
util/libcrypto.num | 1 +
5 files changed, 24 insertions(+), 5 deletions(-)
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index c9c9dc7..50277ff 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -57,6 +57,7 @@ static ERR_STRING_DATA EVP_str_functs[] = {
{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"},
{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_INIT), "EVP_PKEY_encrypt_init"},
{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_OLD), "EVP_PKEY_encrypt_old"},
+ {ERR_FUNC(EVP_F_EVP_PKEY_GET0_HMAC), "EVP_PKEY_get0_hmac"},
{ERR_FUNC(EVP_F_EVP_PKEY_GET0_DH), "EVP_PKEY_get0_DH"},
{ERR_FUNC(EVP_F_EVP_PKEY_GET0_DSA), "EVP_PKEY_get0_DSA"},
{ERR_FUNC(EVP_F_EVP_PKEY_GET0_EC_KEY), "EVP_PKEY_get0_EC_KEY"},
@@ -105,6 +106,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
{ERR_REASON(EVP_R_DIFFERENT_PARAMETERS), "different parameters"},
{ERR_REASON(EVP_R_ERROR_LOADING_SECTION), "error loading section"},
{ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE), "error setting fips mode"},
+ {ERR_REASON(EVP_R_EXPECTING_AN_HMAC_KEY), "expecting an hmac key"},
{ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY), "expecting an rsa key"},
{ERR_REASON(EVP_R_EXPECTING_A_DH_KEY), "expecting a dh key"},
{ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY), "expecting a dsa key"},
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 0b50d32..802f6dd 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -237,6 +237,18 @@ void *EVP_PKEY_get0(const EVP_PKEY *pkey)
return pkey->pkey.ptr;
}
+const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len)
+{
+ ASN1_OCTET_STRING *os = NULL;
+ if (pkey->type != EVP_PKEY_HMAC) {
+ EVPerr(EVP_F_EVP_PKEY_GET0_HMAC, EVP_R_EXPECTING_AN_HMAC_KEY);
+ return NULL;
+ }
+ os = EVP_PKEY_get0(pkey);
+ *len = os->length;
+ return os->data;
+}
+
#ifndef OPENSSL_NO_RSA
int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
{
diff --git a/doc/crypto/EVP_PKEY_set1_RSA.pod b/doc/crypto/EVP_PKEY_set1_RSA.pod
index c6cdcf9..90595d6 100644
--- a/doc/crypto/EVP_PKEY_set1_RSA.pod
+++ b/doc/crypto/EVP_PKEY_set1_RSA.pod
@@ -22,6 +22,7 @@ EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id - EVP_PKEY assignment functions
DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
+ const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey);
DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey);
@@ -45,11 +46,11 @@ EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
EVP_PKEY_get1_EC_KEY() return the referenced key in B<pkey> or
B<NULL> if the key is not of the correct type.
-EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH() and
-EVP_PKEY_get0_EC_KEY() also return the referenced key in B<pkey> or
-B<NULL> if the key is not of the correct type but the reference
-count of the returned key is B<not> incremented and so must not
-be freed up after use.
+EVP_PKEY_get0_hmac(), EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(),
+EVP_PKEY_get0_DH() and EVP_PKEY_get0_EC_KEY() also return the
+referenced key in B<pkey> or B<NULL> if the key is not of the
+correct type but the reference count of the returned key is
+B<not> incremented and so must not be freed up after use.
EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
and EVP_PKEY_assign_EC_KEY() also set the referenced key to B<key>
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 343cd9f..975862f 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -901,6 +901,7 @@ int EVP_PKEY_set_type(EVP_PKEY *pkey, int type);
int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len);
int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key);
void *EVP_PKEY_get0(const EVP_PKEY *pkey);
+const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
# ifndef OPENSSL_NO_RSA
struct rsa_st;
@@ -1484,6 +1485,7 @@ void ERR_load_EVP_strings(void);
# define EVP_F_EVP_PKEY_GET0_DH 119
# define EVP_F_EVP_PKEY_GET0_DSA 120
# define EVP_F_EVP_PKEY_GET0_EC_KEY 131
+# define EVP_F_EVP_PKEY_GET0_HMAC 182
# define EVP_F_EVP_PKEY_GET0_RSA 121
# define EVP_F_EVP_PKEY_KEYGEN 146
# define EVP_F_EVP_PKEY_KEYGEN_INIT 147
@@ -1523,6 +1525,7 @@ void ERR_load_EVP_strings(void);
# define EVP_R_DIFFERENT_PARAMETERS 153
# define EVP_R_ERROR_LOADING_SECTION 165
# define EVP_R_ERROR_SETTING_FIPS_MODE 166
+# define EVP_R_EXPECTING_AN_HMAC_KEY 174
# define EVP_R_EXPECTING_AN_RSA_KEY 127
# define EVP_R_EXPECTING_A_DH_KEY 128
# define EVP_R_EXPECTING_A_DSA_KEY 129
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 44e0a65..ef5dcde 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4149,3 +4149,4 @@ PEM_write_bio_PrivateKey_traditional 4091 1_1_0 EXIST::FUNCTION:
X509_get_pathlen 4092 1_1_0 EXIST::FUNCTION:
ECDSA_SIG_set0 4093 1_1_0 EXIST::FUNCTION:EC
DSA_SIG_set0 4094 1_1_0 EXIST::FUNCTION:DSA
+EVP_PKEY_get0_hmac 4095 1_1_0 EXIST::FUNCTION:
More information about the openssl-commits
mailing list