2
0

eng_openssl.c 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648
  1. /*
  2. * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
  3. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  4. *
  5. * Licensed under the OpenSSL license (the "License"). You may not use
  6. * this file except in compliance with the License. You can obtain a copy
  7. * in the file LICENSE in the source distribution or at
  8. * https://www.openssl.org/source/license.html
  9. */
  10. #include <stdio.h>
  11. #include <openssl/crypto.h>
  12. #include "internal/cryptlib.h"
  13. #include "internal/engine.h"
  14. #include <openssl/pem.h>
  15. #include <openssl/evp.h>
  16. #include <openssl/rand.h>
  17. #include <openssl/rsa.h>
  18. #include <openssl/dsa.h>
  19. #include <openssl/dh.h>
  20. #include <openssl/hmac.h>
  21. #include <openssl/x509v3.h>
  22. /*
  23. * This testing gunk is implemented (and explained) lower down. It also
  24. * assumes the application explicitly calls "ENGINE_load_openssl()" because
  25. * this is no longer automatic in ENGINE_load_builtin_engines().
  26. */
  27. #define TEST_ENG_OPENSSL_RC4
  28. #ifndef OPENSSL_NO_STDIO
  29. #define TEST_ENG_OPENSSL_PKEY
  30. #endif
  31. /* #define TEST_ENG_OPENSSL_HMAC */
  32. /* #define TEST_ENG_OPENSSL_HMAC_INIT */
  33. /* #define TEST_ENG_OPENSSL_RC4_OTHERS */
  34. #define TEST_ENG_OPENSSL_RC4_P_INIT
  35. /* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */
  36. #define TEST_ENG_OPENSSL_SHA
  37. /* #define TEST_ENG_OPENSSL_SHA_OTHERS */
  38. /* #define TEST_ENG_OPENSSL_SHA_P_INIT */
  39. /* #define TEST_ENG_OPENSSL_SHA_P_UPDATE */
  40. /* #define TEST_ENG_OPENSSL_SHA_P_FINAL */
  41. /* Now check what of those algorithms are actually enabled */
  42. #ifdef OPENSSL_NO_RC4
  43. # undef TEST_ENG_OPENSSL_RC4
  44. # undef TEST_ENG_OPENSSL_RC4_OTHERS
  45. # undef TEST_ENG_OPENSSL_RC4_P_INIT
  46. # undef TEST_ENG_OPENSSL_RC4_P_CIPHER
  47. #endif
  48. static int openssl_destroy(ENGINE *e);
  49. #ifdef TEST_ENG_OPENSSL_RC4
  50. static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
  51. const int **nids, int nid);
  52. #endif
  53. #ifdef TEST_ENG_OPENSSL_SHA
  54. static int openssl_digests(ENGINE *e, const EVP_MD **digest,
  55. const int **nids, int nid);
  56. #endif
  57. #ifdef TEST_ENG_OPENSSL_PKEY
  58. static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
  59. UI_METHOD *ui_method,
  60. void *callback_data);
  61. #endif
  62. #ifdef TEST_ENG_OPENSSL_HMAC
  63. static int ossl_register_hmac_meth(void);
  64. static int ossl_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
  65. const int **nids, int nid);
  66. #endif
  67. /* The constants used when creating the ENGINE */
  68. static const char *engine_openssl_id = "openssl";
  69. static const char *engine_openssl_name = "Software engine support";
  70. /*
  71. * This internal function is used by ENGINE_openssl() and possibly by the
  72. * "dynamic" ENGINE support too
  73. */
  74. static int bind_helper(ENGINE *e)
  75. {
  76. if (!ENGINE_set_id(e, engine_openssl_id)
  77. || !ENGINE_set_name(e, engine_openssl_name)
  78. || !ENGINE_set_destroy_function(e, openssl_destroy)
  79. #ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
  80. # ifndef OPENSSL_NO_RSA
  81. || !ENGINE_set_RSA(e, RSA_get_default_method())
  82. # endif
  83. # ifndef OPENSSL_NO_DSA
  84. || !ENGINE_set_DSA(e, DSA_get_default_method())
  85. # endif
  86. # ifndef OPENSSL_NO_EC
  87. || !ENGINE_set_EC(e, EC_KEY_OpenSSL())
  88. # endif
  89. # ifndef OPENSSL_NO_DH
  90. || !ENGINE_set_DH(e, DH_get_default_method())
  91. # endif
  92. || !ENGINE_set_RAND(e, RAND_OpenSSL())
  93. # ifdef TEST_ENG_OPENSSL_RC4
  94. || !ENGINE_set_ciphers(e, openssl_ciphers)
  95. # endif
  96. # ifdef TEST_ENG_OPENSSL_SHA
  97. || !ENGINE_set_digests(e, openssl_digests)
  98. # endif
  99. #endif
  100. #ifdef TEST_ENG_OPENSSL_PKEY
  101. || !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
  102. #endif
  103. #ifdef TEST_ENG_OPENSSL_HMAC
  104. || !ossl_register_hmac_meth()
  105. || !ENGINE_set_pkey_meths(e, ossl_pkey_meths)
  106. #endif
  107. )
  108. return 0;
  109. /*
  110. * If we add errors to this ENGINE, ensure the error handling is setup
  111. * here
  112. */
  113. /* openssl_load_error_strings(); */
  114. return 1;
  115. }
  116. static ENGINE *engine_openssl(void)
  117. {
  118. ENGINE *ret = ENGINE_new();
  119. if (ret == NULL)
  120. return NULL;
  121. if (!bind_helper(ret)) {
  122. ENGINE_free(ret);
  123. return NULL;
  124. }
  125. return ret;
  126. }
  127. void engine_load_openssl_int(void)
  128. {
  129. ENGINE *toadd = engine_openssl();
  130. if (!toadd)
  131. return;
  132. ENGINE_add(toadd);
  133. /*
  134. * If the "add" worked, it gets a structural reference. So either way, we
  135. * release our just-created reference.
  136. */
  137. ENGINE_free(toadd);
  138. ERR_clear_error();
  139. }
  140. /*
  141. * This stuff is needed if this ENGINE is being compiled into a
  142. * self-contained shared-library.
  143. */
  144. #ifdef ENGINE_DYNAMIC_SUPPORT
  145. static int bind_fn(ENGINE *e, const char *id)
  146. {
  147. if (id && (strcmp(id, engine_openssl_id) != 0))
  148. return 0;
  149. if (!bind_helper(e))
  150. return 0;
  151. return 1;
  152. }
  153. IMPLEMENT_DYNAMIC_CHECK_FN()
  154. IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
  155. #endif /* ENGINE_DYNAMIC_SUPPORT */
  156. #ifdef TEST_ENG_OPENSSL_RC4
  157. /*-
  158. * This section of code compiles an "alternative implementation" of two modes of
  159. * RC4 into this ENGINE. The result is that EVP_CIPHER operation for "rc4"
  160. * should under normal circumstances go via this support rather than the default
  161. * EVP support. There are other symbols to tweak the testing;
  162. * TEST_ENC_OPENSSL_RC4_OTHERS - print a one line message to stderr each time
  163. * we're asked for a cipher we don't support (should not happen).
  164. * TEST_ENG_OPENSSL_RC4_P_INIT - print a one line message to stderr each time
  165. * the "init_key" handler is called.
  166. * TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler.
  167. */
  168. # include <openssl/rc4.h>
  169. # define TEST_RC4_KEY_SIZE 16
  170. typedef struct {
  171. unsigned char key[TEST_RC4_KEY_SIZE];
  172. RC4_KEY ks;
  173. } TEST_RC4_KEY;
  174. # define test(ctx) ((TEST_RC4_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx))
  175. static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
  176. const unsigned char *iv, int enc)
  177. {
  178. # ifdef TEST_ENG_OPENSSL_RC4_P_INIT
  179. fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n");
  180. # endif
  181. memcpy(&test(ctx)->key[0], key, EVP_CIPHER_CTX_key_length(ctx));
  182. RC4_set_key(&test(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx),
  183. test(ctx)->key);
  184. return 1;
  185. }
  186. static int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  187. const unsigned char *in, size_t inl)
  188. {
  189. # ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER
  190. fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n");
  191. # endif
  192. RC4(&test(ctx)->ks, inl, in, out);
  193. return 1;
  194. }
  195. static EVP_CIPHER *r4_cipher = NULL;
  196. static const EVP_CIPHER *test_r4_cipher(void)
  197. {
  198. if (r4_cipher == NULL) {
  199. EVP_CIPHER *cipher;
  200. if ((cipher = EVP_CIPHER_meth_new(NID_rc4, 1, TEST_RC4_KEY_SIZE)) == NULL
  201. || !EVP_CIPHER_meth_set_iv_length(cipher, 0)
  202. || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH)
  203. || !EVP_CIPHER_meth_set_init(cipher, test_rc4_init_key)
  204. || !EVP_CIPHER_meth_set_do_cipher(cipher, test_rc4_cipher)
  205. || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(TEST_RC4_KEY))) {
  206. EVP_CIPHER_meth_free(cipher);
  207. cipher = NULL;
  208. }
  209. r4_cipher = cipher;
  210. }
  211. return r4_cipher;
  212. }
  213. static void test_r4_cipher_destroy(void)
  214. {
  215. EVP_CIPHER_meth_free(r4_cipher);
  216. r4_cipher = NULL;
  217. }
  218. static EVP_CIPHER *r4_40_cipher = NULL;
  219. static const EVP_CIPHER *test_r4_40_cipher(void)
  220. {
  221. if (r4_40_cipher == NULL) {
  222. EVP_CIPHER *cipher;
  223. if ((cipher = EVP_CIPHER_meth_new(NID_rc4, 1, 5 /* 40 bits */)) == NULL
  224. || !EVP_CIPHER_meth_set_iv_length(cipher, 0)
  225. || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH)
  226. || !EVP_CIPHER_meth_set_init(cipher, test_rc4_init_key)
  227. || !EVP_CIPHER_meth_set_do_cipher(cipher, test_rc4_cipher)
  228. || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(TEST_RC4_KEY))) {
  229. EVP_CIPHER_meth_free(cipher);
  230. cipher = NULL;
  231. }
  232. r4_40_cipher = cipher;
  233. }
  234. return r4_40_cipher;
  235. }
  236. static void test_r4_40_cipher_destroy(void)
  237. {
  238. EVP_CIPHER_meth_free(r4_40_cipher);
  239. r4_40_cipher = NULL;
  240. }
  241. static int test_cipher_nids(const int **nids)
  242. {
  243. static int cipher_nids[4] = { 0, 0, 0, 0 };
  244. static int pos = 0;
  245. static int init = 0;
  246. if (!init) {
  247. const EVP_CIPHER *cipher;
  248. if ((cipher = test_r4_cipher()) != NULL)
  249. cipher_nids[pos++] = EVP_CIPHER_nid(cipher);
  250. if ((cipher = test_r4_40_cipher()) != NULL)
  251. cipher_nids[pos++] = EVP_CIPHER_nid(cipher);
  252. cipher_nids[pos] = 0;
  253. init = 1;
  254. }
  255. *nids = cipher_nids;
  256. return pos;
  257. }
  258. static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
  259. const int **nids, int nid)
  260. {
  261. if (!cipher) {
  262. /* We are returning a list of supported nids */
  263. return test_cipher_nids(nids);
  264. }
  265. /* We are being asked for a specific cipher */
  266. if (nid == NID_rc4)
  267. *cipher = test_r4_cipher();
  268. else if (nid == NID_rc4_40)
  269. *cipher = test_r4_40_cipher();
  270. else {
  271. # ifdef TEST_ENG_OPENSSL_RC4_OTHERS
  272. fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for "
  273. "nid %d\n", nid);
  274. # endif
  275. *cipher = NULL;
  276. return 0;
  277. }
  278. return 1;
  279. }
  280. #endif
  281. #ifdef TEST_ENG_OPENSSL_SHA
  282. /* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */
  283. # include <openssl/sha.h>
  284. static int test_sha1_init(EVP_MD_CTX *ctx)
  285. {
  286. # ifdef TEST_ENG_OPENSSL_SHA_P_INIT
  287. fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n");
  288. # endif
  289. return SHA1_Init(EVP_MD_CTX_md_data(ctx));
  290. }
  291. static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count)
  292. {
  293. # ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE
  294. fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n");
  295. # endif
  296. return SHA1_Update(EVP_MD_CTX_md_data(ctx), data, count);
  297. }
  298. static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
  299. {
  300. # ifdef TEST_ENG_OPENSSL_SHA_P_FINAL
  301. fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n");
  302. # endif
  303. return SHA1_Final(md, EVP_MD_CTX_md_data(ctx));
  304. }
  305. static EVP_MD *sha1_md = NULL;
  306. static const EVP_MD *test_sha_md(void)
  307. {
  308. if (sha1_md == NULL) {
  309. EVP_MD *md;
  310. if ((md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption)) == NULL
  311. || !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH)
  312. || !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK)
  313. || !EVP_MD_meth_set_app_datasize(md,
  314. sizeof(EVP_MD *) + sizeof(SHA_CTX))
  315. || !EVP_MD_meth_set_flags(md, 0)
  316. || !EVP_MD_meth_set_init(md, test_sha1_init)
  317. || !EVP_MD_meth_set_update(md, test_sha1_update)
  318. || !EVP_MD_meth_set_final(md, test_sha1_final)) {
  319. EVP_MD_meth_free(md);
  320. md = NULL;
  321. }
  322. sha1_md = md;
  323. }
  324. return sha1_md;
  325. }
  326. static void test_sha_md_destroy(void)
  327. {
  328. EVP_MD_meth_free(sha1_md);
  329. sha1_md = NULL;
  330. }
  331. static int test_digest_nids(const int **nids)
  332. {
  333. static int digest_nids[2] = { 0, 0 };
  334. static int pos = 0;
  335. static int init = 0;
  336. if (!init) {
  337. const EVP_MD *md;
  338. if ((md = test_sha_md()) != NULL)
  339. digest_nids[pos++] = EVP_MD_type(md);
  340. digest_nids[pos] = 0;
  341. init = 1;
  342. }
  343. *nids = digest_nids;
  344. return pos;
  345. }
  346. static int openssl_digests(ENGINE *e, const EVP_MD **digest,
  347. const int **nids, int nid)
  348. {
  349. if (!digest) {
  350. /* We are returning a list of supported nids */
  351. return test_digest_nids(nids);
  352. }
  353. /* We are being asked for a specific digest */
  354. if (nid == NID_sha1)
  355. *digest = test_sha_md();
  356. else {
  357. # ifdef TEST_ENG_OPENSSL_SHA_OTHERS
  358. fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for "
  359. "nid %d\n", nid);
  360. # endif
  361. *digest = NULL;
  362. return 0;
  363. }
  364. return 1;
  365. }
  366. #endif
  367. #ifdef TEST_ENG_OPENSSL_PKEY
  368. static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
  369. UI_METHOD *ui_method,
  370. void *callback_data)
  371. {
  372. BIO *in;
  373. EVP_PKEY *key;
  374. fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n",
  375. key_id);
  376. in = BIO_new_file(key_id, "r");
  377. if (!in)
  378. return NULL;
  379. key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL);
  380. BIO_free(in);
  381. return key;
  382. }
  383. #endif
  384. #ifdef TEST_ENG_OPENSSL_HMAC
  385. /*
  386. * Experimental HMAC redirection implementation: mainly copied from
  387. * hm_pmeth.c
  388. */
  389. /* HMAC pkey context structure */
  390. typedef struct {
  391. const EVP_MD *md; /* MD for HMAC use */
  392. ASN1_OCTET_STRING ktmp; /* Temp storage for key */
  393. HMAC_CTX *ctx;
  394. } OSSL_HMAC_PKEY_CTX;
  395. static int ossl_hmac_init(EVP_PKEY_CTX *ctx)
  396. {
  397. OSSL_HMAC_PKEY_CTX *hctx;
  398. if ((hctx = OPENSSL_zalloc(sizeof(*hctx))) == NULL) {
  399. ENGINEerr(ENGINE_F_OSSL_HMAC_INIT, ERR_R_MALLOC_FAILURE);
  400. return 0;
  401. }
  402. hctx->ktmp.type = V_ASN1_OCTET_STRING;
  403. hctx->ctx = HMAC_CTX_new();
  404. if (hctx->ctx == NULL) {
  405. OPENSSL_free(hctx);
  406. return 0;
  407. }
  408. EVP_PKEY_CTX_set_data(ctx, hctx);
  409. EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0);
  410. # ifdef TEST_ENG_OPENSSL_HMAC_INIT
  411. fprintf(stderr, "(TEST_ENG_OPENSSL_HMAC) ossl_hmac_init() called\n");
  412. # endif
  413. return 1;
  414. }
  415. static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx);
  416. static int ossl_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
  417. {
  418. OSSL_HMAC_PKEY_CTX *sctx, *dctx;
  419. /* allocate memory for dst->data and a new HMAC_CTX in dst->data->ctx */
  420. if (!ossl_hmac_init(dst))
  421. return 0;
  422. sctx = EVP_PKEY_CTX_get_data(src);
  423. dctx = EVP_PKEY_CTX_get_data(dst);
  424. dctx->md = sctx->md;
  425. if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx))
  426. goto err;
  427. if (sctx->ktmp.data) {
  428. if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
  429. sctx->ktmp.data, sctx->ktmp.length))
  430. goto err;
  431. }
  432. return 1;
  433. err:
  434. /* release HMAC_CTX in dst->data->ctx and memory allocated for dst->data */
  435. ossl_hmac_cleanup(dst);
  436. return 0;
  437. }
  438. static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx)
  439. {
  440. OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
  441. if (hctx) {
  442. HMAC_CTX_free(hctx->ctx);
  443. OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length);
  444. OPENSSL_free(hctx);
  445. EVP_PKEY_CTX_set_data(ctx, NULL);
  446. }
  447. }
  448. static int ossl_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
  449. {
  450. ASN1_OCTET_STRING *hkey = NULL;
  451. OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
  452. if (!hctx->ktmp.data)
  453. return 0;
  454. hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp);
  455. if (!hkey)
  456. return 0;
  457. EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey);
  458. return 1;
  459. }
  460. static int ossl_int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
  461. {
  462. OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(EVP_MD_CTX_pkey_ctx(ctx));
  463. if (!HMAC_Update(hctx->ctx, data, count))
  464. return 0;
  465. return 1;
  466. }
  467. static int ossl_hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
  468. {
  469. EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
  470. EVP_MD_CTX_set_update_fn(mctx, ossl_int_update);
  471. return 1;
  472. }
  473. static int ossl_hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig,
  474. size_t *siglen, EVP_MD_CTX *mctx)
  475. {
  476. unsigned int hlen;
  477. OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
  478. int l = EVP_MD_CTX_size(mctx);
  479. if (l < 0)
  480. return 0;
  481. *siglen = l;
  482. if (!sig)
  483. return 1;
  484. if (!HMAC_Final(hctx->ctx, sig, &hlen))
  485. return 0;
  486. *siglen = (size_t)hlen;
  487. return 1;
  488. }
  489. static int ossl_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
  490. {
  491. OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
  492. EVP_PKEY *pk;
  493. ASN1_OCTET_STRING *key;
  494. switch (type) {
  495. case EVP_PKEY_CTRL_SET_MAC_KEY:
  496. if ((!p2 && p1 > 0) || (p1 < -1))
  497. return 0;
  498. if (!ASN1_OCTET_STRING_set(&hctx->ktmp, p2, p1))
  499. return 0;
  500. break;
  501. case EVP_PKEY_CTRL_MD:
  502. hctx->md = p2;
  503. break;
  504. case EVP_PKEY_CTRL_DIGESTINIT:
  505. pk = EVP_PKEY_CTX_get0_pkey(ctx);
  506. key = EVP_PKEY_get0(pk);
  507. if (!HMAC_Init_ex(hctx->ctx, key->data, key->length, hctx->md, NULL))
  508. return 0;
  509. break;
  510. default:
  511. return -2;
  512. }
  513. return 1;
  514. }
  515. static int ossl_hmac_ctrl_str(EVP_PKEY_CTX *ctx,
  516. const char *type, const char *value)
  517. {
  518. if (!value) {
  519. return 0;
  520. }
  521. if (strcmp(type, "key") == 0) {
  522. void *p = (void *)value;
  523. return ossl_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, -1, p);
  524. }
  525. if (strcmp(type, "hexkey") == 0) {
  526. unsigned char *key;
  527. int r;
  528. long keylen;
  529. key = OPENSSL_hexstr2buf(value, &keylen);
  530. if (!key)
  531. return 0;
  532. r = ossl_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key);
  533. OPENSSL_free(key);
  534. return r;
  535. }
  536. return -2;
  537. }
  538. static EVP_PKEY_METHOD *ossl_hmac_meth;
  539. static int ossl_register_hmac_meth(void)
  540. {
  541. EVP_PKEY_METHOD *meth;
  542. meth = EVP_PKEY_meth_new(EVP_PKEY_HMAC, 0);
  543. if (meth == NULL)
  544. return 0;
  545. EVP_PKEY_meth_set_init(meth, ossl_hmac_init);
  546. EVP_PKEY_meth_set_copy(meth, ossl_hmac_copy);
  547. EVP_PKEY_meth_set_cleanup(meth, ossl_hmac_cleanup);
  548. EVP_PKEY_meth_set_keygen(meth, 0, ossl_hmac_keygen);
  549. EVP_PKEY_meth_set_signctx(meth, ossl_hmac_signctx_init,
  550. ossl_hmac_signctx);
  551. EVP_PKEY_meth_set_ctrl(meth, ossl_hmac_ctrl, ossl_hmac_ctrl_str);
  552. ossl_hmac_meth = meth;
  553. return 1;
  554. }
  555. static int ossl_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
  556. const int **nids, int nid)
  557. {
  558. static int ossl_pkey_nids[] = {
  559. EVP_PKEY_HMAC,
  560. 0
  561. };
  562. if (!pmeth) {
  563. *nids = ossl_pkey_nids;
  564. return 1;
  565. }
  566. if (nid == EVP_PKEY_HMAC) {
  567. *pmeth = ossl_hmac_meth;
  568. return 1;
  569. }
  570. *pmeth = NULL;
  571. return 0;
  572. }
  573. #endif
  574. int openssl_destroy(ENGINE *e)
  575. {
  576. test_sha_md_destroy();
  577. #ifdef TEST_ENG_OPENSSL_RC4
  578. test_r4_cipher_destroy();
  579. test_r4_40_cipher_destroy();
  580. #endif
  581. return 1;
  582. }