2
0

eng_openssl.c 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651
  1. /*
  2. * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
  3. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  4. *
  5. * Licensed under the Apache License 2.0 (the "License"). You may not use
  6. * this file except in compliance with the License. You can obtain a copy
  7. * in the file LICENSE in the source distribution or at
  8. * https://www.openssl.org/source/license.html
  9. */
  10. #include <stdio.h>
  11. #include <openssl/crypto.h>
  12. #include "internal/cryptlib.h"
  13. #include "internal/engine.h"
  14. #include <openssl/pem.h>
  15. #include <openssl/evp.h>
  16. #include <openssl/rand.h>
  17. #include <openssl/rsa.h>
  18. #include <openssl/dsa.h>
  19. #include <openssl/dh.h>
  20. #include <openssl/hmac.h>
  21. #include <openssl/x509v3.h>
  22. /*
  23. * This testing gunk is implemented (and explained) lower down. It also
  24. * assumes the application explicitly calls "ENGINE_load_openssl()" because
  25. * this is no longer automatic in ENGINE_load_builtin_engines().
  26. */
  27. #define TEST_ENG_OPENSSL_RC4
  28. #ifndef OPENSSL_NO_STDIO
  29. #define TEST_ENG_OPENSSL_PKEY
  30. #endif
  31. /* #define TEST_ENG_OPENSSL_HMAC */
  32. /* #define TEST_ENG_OPENSSL_HMAC_INIT */
  33. /* #define TEST_ENG_OPENSSL_RC4_OTHERS */
  34. #define TEST_ENG_OPENSSL_RC4_P_INIT
  35. /* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */
  36. #define TEST_ENG_OPENSSL_SHA
  37. /* #define TEST_ENG_OPENSSL_SHA_OTHERS */
  38. /* #define TEST_ENG_OPENSSL_SHA_P_INIT */
  39. /* #define TEST_ENG_OPENSSL_SHA_P_UPDATE */
  40. /* #define TEST_ENG_OPENSSL_SHA_P_FINAL */
  41. /* Now check what of those algorithms are actually enabled */
  42. #ifdef OPENSSL_NO_RC4
  43. # undef TEST_ENG_OPENSSL_RC4
  44. # undef TEST_ENG_OPENSSL_RC4_OTHERS
  45. # undef TEST_ENG_OPENSSL_RC4_P_INIT
  46. # undef TEST_ENG_OPENSSL_RC4_P_CIPHER
  47. #endif
  48. static int openssl_destroy(ENGINE *e);
  49. #ifdef TEST_ENG_OPENSSL_RC4
  50. static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
  51. const int **nids, int nid);
  52. #endif
  53. #ifdef TEST_ENG_OPENSSL_SHA
  54. static int openssl_digests(ENGINE *e, const EVP_MD **digest,
  55. const int **nids, int nid);
  56. #endif
  57. #ifdef TEST_ENG_OPENSSL_PKEY
  58. static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
  59. UI_METHOD *ui_method,
  60. void *callback_data);
  61. #endif
  62. #ifdef TEST_ENG_OPENSSL_HMAC
  63. static int ossl_register_hmac_meth(void);
  64. static int ossl_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
  65. const int **nids, int nid);
  66. #endif
  67. /* The constants used when creating the ENGINE */
  68. static const char *engine_openssl_id = "openssl";
  69. static const char *engine_openssl_name = "Software engine support";
  70. /*
  71. * This internal function is used by ENGINE_openssl() and possibly by the
  72. * "dynamic" ENGINE support too
  73. */
  74. static int bind_helper(ENGINE *e)
  75. {
  76. if (!ENGINE_set_id(e, engine_openssl_id)
  77. || !ENGINE_set_name(e, engine_openssl_name)
  78. || !ENGINE_set_destroy_function(e, openssl_destroy)
  79. #ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
  80. # ifndef OPENSSL_NO_RSA
  81. || !ENGINE_set_RSA(e, RSA_get_default_method())
  82. # endif
  83. # ifndef OPENSSL_NO_DSA
  84. || !ENGINE_set_DSA(e, DSA_get_default_method())
  85. # endif
  86. # ifndef OPENSSL_NO_EC
  87. || !ENGINE_set_EC(e, EC_KEY_OpenSSL())
  88. # endif
  89. # ifndef OPENSSL_NO_DH
  90. || !ENGINE_set_DH(e, DH_get_default_method())
  91. # endif
  92. || !ENGINE_set_RAND(e, RAND_OpenSSL())
  93. # ifdef TEST_ENG_OPENSSL_RC4
  94. || !ENGINE_set_ciphers(e, openssl_ciphers)
  95. # endif
  96. # ifdef TEST_ENG_OPENSSL_SHA
  97. || !ENGINE_set_digests(e, openssl_digests)
  98. # endif
  99. #endif
  100. #ifdef TEST_ENG_OPENSSL_PKEY
  101. || !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
  102. #endif
  103. #ifdef TEST_ENG_OPENSSL_HMAC
  104. || !ossl_register_hmac_meth()
  105. || !ENGINE_set_pkey_meths(e, ossl_pkey_meths)
  106. #endif
  107. )
  108. return 0;
  109. /*
  110. * If we add errors to this ENGINE, ensure the error handling is setup
  111. * here
  112. */
  113. /* openssl_load_error_strings(); */
  114. return 1;
  115. }
  116. static ENGINE *engine_openssl(void)
  117. {
  118. ENGINE *ret = ENGINE_new();
  119. if (ret == NULL)
  120. return NULL;
  121. if (!bind_helper(ret)) {
  122. ENGINE_free(ret);
  123. return NULL;
  124. }
  125. return ret;
  126. }
  127. void engine_load_openssl_int(void)
  128. {
  129. ENGINE *toadd = engine_openssl();
  130. if (!toadd)
  131. return;
  132. ENGINE_add(toadd);
  133. /*
  134. * If the "add" worked, it gets a structural reference. So either way, we
  135. * release our just-created reference.
  136. */
  137. ENGINE_free(toadd);
  138. ERR_clear_error();
  139. }
  140. /*
  141. * This stuff is needed if this ENGINE is being compiled into a
  142. * self-contained shared-library.
  143. */
  144. #ifdef ENGINE_DYNAMIC_SUPPORT
  145. static int bind_fn(ENGINE *e, const char *id)
  146. {
  147. if (id && (strcmp(id, engine_openssl_id) != 0))
  148. return 0;
  149. if (!bind_helper(e))
  150. return 0;
  151. return 1;
  152. }
  153. IMPLEMENT_DYNAMIC_CHECK_FN()
  154. IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
  155. #endif /* ENGINE_DYNAMIC_SUPPORT */
  156. #ifdef TEST_ENG_OPENSSL_RC4
  157. /*-
  158. * This section of code compiles an "alternative implementation" of two modes of
  159. * RC4 into this ENGINE. The result is that EVP_CIPHER operation for "rc4"
  160. * should under normal circumstances go via this support rather than the default
  161. * EVP support. There are other symbols to tweak the testing;
  162. * TEST_ENC_OPENSSL_RC4_OTHERS - print a one line message to stderr each time
  163. * we're asked for a cipher we don't support (should not happen).
  164. * TEST_ENG_OPENSSL_RC4_P_INIT - print a one line message to stderr each time
  165. * the "init_key" handler is called.
  166. * TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler.
  167. */
  168. # include <openssl/rc4.h>
  169. # define TEST_RC4_KEY_SIZE 16
  170. typedef struct {
  171. unsigned char key[TEST_RC4_KEY_SIZE];
  172. RC4_KEY ks;
  173. } TEST_RC4_KEY;
  174. # define test(ctx) ((TEST_RC4_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx))
  175. static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
  176. const unsigned char *iv, int enc)
  177. {
  178. const int n = EVP_CIPHER_CTX_key_length(ctx);
  179. # ifdef TEST_ENG_OPENSSL_RC4_P_INIT
  180. fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n");
  181. # endif
  182. if (n <= 0)
  183. return n;
  184. memcpy(&test(ctx)->key[0], key, n);
  185. RC4_set_key(&test(ctx)->ks, n, test(ctx)->key);
  186. return 1;
  187. }
  188. static int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  189. const unsigned char *in, size_t inl)
  190. {
  191. # ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER
  192. fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n");
  193. # endif
  194. RC4(&test(ctx)->ks, inl, in, out);
  195. return 1;
  196. }
  197. static EVP_CIPHER *r4_cipher = NULL;
  198. static const EVP_CIPHER *test_r4_cipher(void)
  199. {
  200. if (r4_cipher == NULL) {
  201. EVP_CIPHER *cipher;
  202. if ((cipher = EVP_CIPHER_meth_new(NID_rc4, 1, TEST_RC4_KEY_SIZE)) == NULL
  203. || !EVP_CIPHER_meth_set_iv_length(cipher, 0)
  204. || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH)
  205. || !EVP_CIPHER_meth_set_init(cipher, test_rc4_init_key)
  206. || !EVP_CIPHER_meth_set_do_cipher(cipher, test_rc4_cipher)
  207. || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(TEST_RC4_KEY))) {
  208. EVP_CIPHER_meth_free(cipher);
  209. cipher = NULL;
  210. }
  211. r4_cipher = cipher;
  212. }
  213. return r4_cipher;
  214. }
  215. static void test_r4_cipher_destroy(void)
  216. {
  217. EVP_CIPHER_meth_free(r4_cipher);
  218. r4_cipher = NULL;
  219. }
  220. static EVP_CIPHER *r4_40_cipher = NULL;
  221. static const EVP_CIPHER *test_r4_40_cipher(void)
  222. {
  223. if (r4_40_cipher == NULL) {
  224. EVP_CIPHER *cipher;
  225. if ((cipher = EVP_CIPHER_meth_new(NID_rc4, 1, 5 /* 40 bits */)) == NULL
  226. || !EVP_CIPHER_meth_set_iv_length(cipher, 0)
  227. || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH)
  228. || !EVP_CIPHER_meth_set_init(cipher, test_rc4_init_key)
  229. || !EVP_CIPHER_meth_set_do_cipher(cipher, test_rc4_cipher)
  230. || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(TEST_RC4_KEY))) {
  231. EVP_CIPHER_meth_free(cipher);
  232. cipher = NULL;
  233. }
  234. r4_40_cipher = cipher;
  235. }
  236. return r4_40_cipher;
  237. }
  238. static void test_r4_40_cipher_destroy(void)
  239. {
  240. EVP_CIPHER_meth_free(r4_40_cipher);
  241. r4_40_cipher = NULL;
  242. }
  243. static int test_cipher_nids(const int **nids)
  244. {
  245. static int cipher_nids[4] = { 0, 0, 0, 0 };
  246. static int pos = 0;
  247. static int init = 0;
  248. if (!init) {
  249. const EVP_CIPHER *cipher;
  250. if ((cipher = test_r4_cipher()) != NULL)
  251. cipher_nids[pos++] = EVP_CIPHER_nid(cipher);
  252. if ((cipher = test_r4_40_cipher()) != NULL)
  253. cipher_nids[pos++] = EVP_CIPHER_nid(cipher);
  254. cipher_nids[pos] = 0;
  255. init = 1;
  256. }
  257. *nids = cipher_nids;
  258. return pos;
  259. }
  260. static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
  261. const int **nids, int nid)
  262. {
  263. if (!cipher) {
  264. /* We are returning a list of supported nids */
  265. return test_cipher_nids(nids);
  266. }
  267. /* We are being asked for a specific cipher */
  268. if (nid == NID_rc4)
  269. *cipher = test_r4_cipher();
  270. else if (nid == NID_rc4_40)
  271. *cipher = test_r4_40_cipher();
  272. else {
  273. # ifdef TEST_ENG_OPENSSL_RC4_OTHERS
  274. fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for "
  275. "nid %d\n", nid);
  276. # endif
  277. *cipher = NULL;
  278. return 0;
  279. }
  280. return 1;
  281. }
  282. #endif
  283. #ifdef TEST_ENG_OPENSSL_SHA
  284. /* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */
  285. # include <openssl/sha.h>
  286. static int test_sha1_init(EVP_MD_CTX *ctx)
  287. {
  288. # ifdef TEST_ENG_OPENSSL_SHA_P_INIT
  289. fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n");
  290. # endif
  291. return SHA1_Init(EVP_MD_CTX_md_data(ctx));
  292. }
  293. static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count)
  294. {
  295. # ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE
  296. fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n");
  297. # endif
  298. return SHA1_Update(EVP_MD_CTX_md_data(ctx), data, count);
  299. }
  300. static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
  301. {
  302. # ifdef TEST_ENG_OPENSSL_SHA_P_FINAL
  303. fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n");
  304. # endif
  305. return SHA1_Final(md, EVP_MD_CTX_md_data(ctx));
  306. }
  307. static EVP_MD *sha1_md = NULL;
  308. static const EVP_MD *test_sha_md(void)
  309. {
  310. if (sha1_md == NULL) {
  311. EVP_MD *md;
  312. if ((md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption)) == NULL
  313. || !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH)
  314. || !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK)
  315. || !EVP_MD_meth_set_app_datasize(md,
  316. sizeof(EVP_MD *) + sizeof(SHA_CTX))
  317. || !EVP_MD_meth_set_flags(md, 0)
  318. || !EVP_MD_meth_set_init(md, test_sha1_init)
  319. || !EVP_MD_meth_set_update(md, test_sha1_update)
  320. || !EVP_MD_meth_set_final(md, test_sha1_final)) {
  321. EVP_MD_meth_free(md);
  322. md = NULL;
  323. }
  324. sha1_md = md;
  325. }
  326. return sha1_md;
  327. }
  328. static void test_sha_md_destroy(void)
  329. {
  330. EVP_MD_meth_free(sha1_md);
  331. sha1_md = NULL;
  332. }
  333. static int test_digest_nids(const int **nids)
  334. {
  335. static int digest_nids[2] = { 0, 0 };
  336. static int pos = 0;
  337. static int init = 0;
  338. if (!init) {
  339. const EVP_MD *md;
  340. if ((md = test_sha_md()) != NULL)
  341. digest_nids[pos++] = EVP_MD_type(md);
  342. digest_nids[pos] = 0;
  343. init = 1;
  344. }
  345. *nids = digest_nids;
  346. return pos;
  347. }
  348. static int openssl_digests(ENGINE *e, const EVP_MD **digest,
  349. const int **nids, int nid)
  350. {
  351. if (!digest) {
  352. /* We are returning a list of supported nids */
  353. return test_digest_nids(nids);
  354. }
  355. /* We are being asked for a specific digest */
  356. if (nid == NID_sha1)
  357. *digest = test_sha_md();
  358. else {
  359. # ifdef TEST_ENG_OPENSSL_SHA_OTHERS
  360. fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for "
  361. "nid %d\n", nid);
  362. # endif
  363. *digest = NULL;
  364. return 0;
  365. }
  366. return 1;
  367. }
  368. #endif
  369. #ifdef TEST_ENG_OPENSSL_PKEY
  370. static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
  371. UI_METHOD *ui_method,
  372. void *callback_data)
  373. {
  374. BIO *in;
  375. EVP_PKEY *key;
  376. fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n",
  377. key_id);
  378. in = BIO_new_file(key_id, "r");
  379. if (!in)
  380. return NULL;
  381. key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL);
  382. BIO_free(in);
  383. return key;
  384. }
  385. #endif
  386. #ifdef TEST_ENG_OPENSSL_HMAC
  387. /*
  388. * Experimental HMAC redirection implementation: mainly copied from
  389. * hm_pmeth.c
  390. */
  391. /* HMAC pkey context structure */
  392. typedef struct {
  393. const EVP_MD *md; /* MD for HMAC use */
  394. ASN1_OCTET_STRING ktmp; /* Temp storage for key */
  395. HMAC_CTX *ctx;
  396. } OSSL_HMAC_PKEY_CTX;
  397. static int ossl_hmac_init(EVP_PKEY_CTX *ctx)
  398. {
  399. OSSL_HMAC_PKEY_CTX *hctx;
  400. if ((hctx = OPENSSL_zalloc(sizeof(*hctx))) == NULL) {
  401. ENGINEerr(ENGINE_F_OSSL_HMAC_INIT, ERR_R_MALLOC_FAILURE);
  402. return 0;
  403. }
  404. hctx->ktmp.type = V_ASN1_OCTET_STRING;
  405. hctx->ctx = HMAC_CTX_new();
  406. if (hctx->ctx == NULL) {
  407. OPENSSL_free(hctx);
  408. return 0;
  409. }
  410. EVP_PKEY_CTX_set_data(ctx, hctx);
  411. EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0);
  412. # ifdef TEST_ENG_OPENSSL_HMAC_INIT
  413. fprintf(stderr, "(TEST_ENG_OPENSSL_HMAC) ossl_hmac_init() called\n");
  414. # endif
  415. return 1;
  416. }
  417. static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx);
  418. static int ossl_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
  419. {
  420. OSSL_HMAC_PKEY_CTX *sctx, *dctx;
  421. /* allocate memory for dst->data and a new HMAC_CTX in dst->data->ctx */
  422. if (!ossl_hmac_init(dst))
  423. return 0;
  424. sctx = EVP_PKEY_CTX_get_data(src);
  425. dctx = EVP_PKEY_CTX_get_data(dst);
  426. dctx->md = sctx->md;
  427. if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx))
  428. goto err;
  429. if (sctx->ktmp.data) {
  430. if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
  431. sctx->ktmp.data, sctx->ktmp.length))
  432. goto err;
  433. }
  434. return 1;
  435. err:
  436. /* release HMAC_CTX in dst->data->ctx and memory allocated for dst->data */
  437. ossl_hmac_cleanup(dst);
  438. return 0;
  439. }
  440. static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx)
  441. {
  442. OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
  443. if (hctx) {
  444. HMAC_CTX_free(hctx->ctx);
  445. OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length);
  446. OPENSSL_free(hctx);
  447. EVP_PKEY_CTX_set_data(ctx, NULL);
  448. }
  449. }
  450. static int ossl_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
  451. {
  452. ASN1_OCTET_STRING *hkey = NULL;
  453. OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
  454. if (!hctx->ktmp.data)
  455. return 0;
  456. hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp);
  457. if (!hkey)
  458. return 0;
  459. EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey);
  460. return 1;
  461. }
  462. static int ossl_int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
  463. {
  464. OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(EVP_MD_CTX_pkey_ctx(ctx));
  465. if (!HMAC_Update(hctx->ctx, data, count))
  466. return 0;
  467. return 1;
  468. }
  469. static int ossl_hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
  470. {
  471. EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
  472. EVP_MD_CTX_set_update_fn(mctx, ossl_int_update);
  473. return 1;
  474. }
  475. static int ossl_hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig,
  476. size_t *siglen, EVP_MD_CTX *mctx)
  477. {
  478. unsigned int hlen;
  479. OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
  480. int l = EVP_MD_CTX_size(mctx);
  481. if (l < 0)
  482. return 0;
  483. *siglen = l;
  484. if (!sig)
  485. return 1;
  486. if (!HMAC_Final(hctx->ctx, sig, &hlen))
  487. return 0;
  488. *siglen = (size_t)hlen;
  489. return 1;
  490. }
  491. static int ossl_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
  492. {
  493. OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
  494. EVP_PKEY *pk;
  495. ASN1_OCTET_STRING *key;
  496. switch (type) {
  497. case EVP_PKEY_CTRL_SET_MAC_KEY:
  498. if ((!p2 && p1 > 0) || (p1 < -1))
  499. return 0;
  500. if (!ASN1_OCTET_STRING_set(&hctx->ktmp, p2, p1))
  501. return 0;
  502. break;
  503. case EVP_PKEY_CTRL_MD:
  504. hctx->md = p2;
  505. break;
  506. case EVP_PKEY_CTRL_DIGESTINIT:
  507. pk = EVP_PKEY_CTX_get0_pkey(ctx);
  508. key = EVP_PKEY_get0(pk);
  509. if (!HMAC_Init_ex(hctx->ctx, key->data, key->length, hctx->md, NULL))
  510. return 0;
  511. break;
  512. default:
  513. return -2;
  514. }
  515. return 1;
  516. }
  517. static int ossl_hmac_ctrl_str(EVP_PKEY_CTX *ctx,
  518. const char *type, const char *value)
  519. {
  520. if (!value) {
  521. return 0;
  522. }
  523. if (strcmp(type, "key") == 0) {
  524. void *p = (void *)value;
  525. return ossl_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, -1, p);
  526. }
  527. if (strcmp(type, "hexkey") == 0) {
  528. unsigned char *key;
  529. int r;
  530. long keylen;
  531. key = OPENSSL_hexstr2buf(value, &keylen);
  532. if (!key)
  533. return 0;
  534. r = ossl_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key);
  535. OPENSSL_free(key);
  536. return r;
  537. }
  538. return -2;
  539. }
  540. static EVP_PKEY_METHOD *ossl_hmac_meth;
  541. static int ossl_register_hmac_meth(void)
  542. {
  543. EVP_PKEY_METHOD *meth;
  544. meth = EVP_PKEY_meth_new(EVP_PKEY_HMAC, 0);
  545. if (meth == NULL)
  546. return 0;
  547. EVP_PKEY_meth_set_init(meth, ossl_hmac_init);
  548. EVP_PKEY_meth_set_copy(meth, ossl_hmac_copy);
  549. EVP_PKEY_meth_set_cleanup(meth, ossl_hmac_cleanup);
  550. EVP_PKEY_meth_set_keygen(meth, 0, ossl_hmac_keygen);
  551. EVP_PKEY_meth_set_signctx(meth, ossl_hmac_signctx_init,
  552. ossl_hmac_signctx);
  553. EVP_PKEY_meth_set_ctrl(meth, ossl_hmac_ctrl, ossl_hmac_ctrl_str);
  554. ossl_hmac_meth = meth;
  555. return 1;
  556. }
  557. static int ossl_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
  558. const int **nids, int nid)
  559. {
  560. static int ossl_pkey_nids[] = {
  561. EVP_PKEY_HMAC,
  562. 0
  563. };
  564. if (!pmeth) {
  565. *nids = ossl_pkey_nids;
  566. return 1;
  567. }
  568. if (nid == EVP_PKEY_HMAC) {
  569. *pmeth = ossl_hmac_meth;
  570. return 1;
  571. }
  572. *pmeth = NULL;
  573. return 0;
  574. }
  575. #endif
  576. int openssl_destroy(ENGINE *e)
  577. {
  578. test_sha_md_destroy();
  579. #ifdef TEST_ENG_OPENSSL_RC4
  580. test_r4_cipher_destroy();
  581. test_r4_40_cipher_destroy();
  582. #endif
  583. return 1;
  584. }