eng_openssl.c 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666
  1. /*
  2. * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  4. *
  5. * Licensed under the Apache License 2.0 (the "License"). You may not use
  6. * this file except in compliance with the License. You can obtain a copy
  7. * in the file LICENSE in the source distribution or at
  8. * https://www.openssl.org/source/license.html
  9. */
  10. /* We need to use some engine deprecated APIs */
  11. #define OPENSSL_SUPPRESS_DEPRECATED
  12. /*
  13. * RC4 and SHA-1 low level APIs and EVP _meth_ APISs are deprecated for public
  14. * use, but still ok for internal use.
  15. */
  16. #include "internal/deprecated.h"
  17. #include <stdio.h>
  18. #include <openssl/crypto.h>
  19. #include "internal/cryptlib.h"
  20. #include "crypto/engine.h"
  21. #include <openssl/pem.h>
  22. #include <openssl/evp.h>
  23. #include <openssl/rand.h>
  24. #include <openssl/rsa.h>
  25. #include <openssl/dsa.h>
  26. #include <openssl/dh.h>
  27. #include <openssl/hmac.h>
  28. #include <openssl/x509v3.h>
  29. /*
  30. * This testing gunk is implemented (and explained) lower down. It also
  31. * assumes the application explicitly calls "ENGINE_load_openssl()" because
  32. * this is no longer automatic in ENGINE_load_builtin_engines().
  33. */
  34. #define TEST_ENG_OPENSSL_RC4
  35. #ifndef OPENSSL_NO_STDIO
  36. # define TEST_ENG_OPENSSL_PKEY
  37. #endif
  38. /* #define TEST_ENG_OPENSSL_HMAC */
  39. /* #define TEST_ENG_OPENSSL_HMAC_INIT */
  40. /* #define TEST_ENG_OPENSSL_RC4_OTHERS */
  41. #ifndef OPENSSL_NO_STDIO
  42. # define TEST_ENG_OPENSSL_RC4_P_INIT
  43. #endif
  44. /* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */
  45. #define TEST_ENG_OPENSSL_SHA
  46. /* #define TEST_ENG_OPENSSL_SHA_OTHERS */
  47. /* #define TEST_ENG_OPENSSL_SHA_P_INIT */
  48. /* #define TEST_ENG_OPENSSL_SHA_P_UPDATE */
  49. /* #define TEST_ENG_OPENSSL_SHA_P_FINAL */
  50. /* Now check what of those algorithms are actually enabled */
  51. #ifdef OPENSSL_NO_RC4
  52. # undef TEST_ENG_OPENSSL_RC4
  53. # undef TEST_ENG_OPENSSL_RC4_OTHERS
  54. # undef TEST_ENG_OPENSSL_RC4_P_INIT
  55. # undef TEST_ENG_OPENSSL_RC4_P_CIPHER
  56. #endif
  57. static int openssl_destroy(ENGINE *e);
  58. #ifdef TEST_ENG_OPENSSL_RC4
  59. static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
  60. const int **nids, int nid);
  61. #endif
  62. #ifdef TEST_ENG_OPENSSL_SHA
  63. static int openssl_digests(ENGINE *e, const EVP_MD **digest,
  64. const int **nids, int nid);
  65. #endif
  66. #ifdef TEST_ENG_OPENSSL_PKEY
  67. static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
  68. UI_METHOD *ui_method,
  69. void *callback_data);
  70. #endif
  71. #ifdef TEST_ENG_OPENSSL_HMAC
  72. static int ossl_register_hmac_meth(void);
  73. static int ossl_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
  74. const int **nids, int nid);
  75. #endif
  76. /* The constants used when creating the ENGINE */
  77. static const char *engine_openssl_id = "openssl";
  78. static const char *engine_openssl_name = "Software engine support";
  79. /*
  80. * This internal function is used by ENGINE_openssl() and possibly by the
  81. * "dynamic" ENGINE support too
  82. */
  83. static int bind_helper(ENGINE *e)
  84. {
  85. if (!ENGINE_set_id(e, engine_openssl_id)
  86. || !ENGINE_set_name(e, engine_openssl_name)
  87. || !ENGINE_set_destroy_function(e, openssl_destroy)
  88. #ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
  89. || !ENGINE_set_RSA(e, RSA_get_default_method())
  90. # ifndef OPENSSL_NO_DSA
  91. || !ENGINE_set_DSA(e, DSA_get_default_method())
  92. # endif
  93. # ifndef OPENSSL_NO_EC
  94. || !ENGINE_set_EC(e, EC_KEY_OpenSSL())
  95. # endif
  96. # ifndef OPENSSL_NO_DH
  97. || !ENGINE_set_DH(e, DH_get_default_method())
  98. # endif
  99. || !ENGINE_set_RAND(e, RAND_OpenSSL())
  100. # ifdef TEST_ENG_OPENSSL_RC4
  101. || !ENGINE_set_ciphers(e, openssl_ciphers)
  102. # endif
  103. # ifdef TEST_ENG_OPENSSL_SHA
  104. || !ENGINE_set_digests(e, openssl_digests)
  105. # endif
  106. #endif
  107. #ifdef TEST_ENG_OPENSSL_PKEY
  108. || !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
  109. #endif
  110. #ifdef TEST_ENG_OPENSSL_HMAC
  111. || !ossl_register_hmac_meth()
  112. || !ENGINE_set_pkey_meths(e, ossl_pkey_meths)
  113. #endif
  114. )
  115. return 0;
  116. /*
  117. * If we add errors to this ENGINE, ensure the error handling is setup
  118. * here
  119. */
  120. /* openssl_load_error_strings(); */
  121. return 1;
  122. }
  123. static ENGINE *engine_openssl(void)
  124. {
  125. ENGINE *ret = ENGINE_new();
  126. if (ret == NULL)
  127. return NULL;
  128. if (!bind_helper(ret)) {
  129. ENGINE_free(ret);
  130. return NULL;
  131. }
  132. return ret;
  133. }
  134. void engine_load_openssl_int(void)
  135. {
  136. ENGINE *toadd = engine_openssl();
  137. if (!toadd)
  138. return;
  139. ERR_set_mark();
  140. ENGINE_add(toadd);
  141. /*
  142. * If the "add" worked, it gets a structural reference. So either way, we
  143. * release our just-created reference.
  144. */
  145. ENGINE_free(toadd);
  146. /*
  147. * If the "add" didn't work, it was probably a conflict because it was
  148. * already added (eg. someone calling ENGINE_load_blah then calling
  149. * ENGINE_load_builtin_engines() perhaps).
  150. */
  151. ERR_pop_to_mark();
  152. }
  153. /*
  154. * This stuff is needed if this ENGINE is being compiled into a
  155. * self-contained shared-library.
  156. */
  157. #ifdef ENGINE_DYNAMIC_SUPPORT
  158. static int bind_fn(ENGINE *e, const char *id)
  159. {
  160. if (id && (strcmp(id, engine_openssl_id) != 0))
  161. return 0;
  162. if (!bind_helper(e))
  163. return 0;
  164. return 1;
  165. }
  166. IMPLEMENT_DYNAMIC_CHECK_FN()
  167. IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
  168. #endif /* ENGINE_DYNAMIC_SUPPORT */
  169. #ifdef TEST_ENG_OPENSSL_RC4
  170. /*-
  171. * This section of code compiles an "alternative implementation" of two modes of
  172. * RC4 into this ENGINE. The result is that EVP_CIPHER operation for "rc4"
  173. * should under normal circumstances go via this support rather than the default
  174. * EVP support. There are other symbols to tweak the testing;
  175. * TEST_ENC_OPENSSL_RC4_OTHERS - print a one line message to stderr each time
  176. * we're asked for a cipher we don't support (should not happen).
  177. * TEST_ENG_OPENSSL_RC4_P_INIT - print a one line message to stderr each time
  178. * the "init_key" handler is called.
  179. * TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler.
  180. */
  181. # include <openssl/rc4.h>
  182. # define TEST_RC4_KEY_SIZE 16
  183. typedef struct {
  184. unsigned char key[TEST_RC4_KEY_SIZE];
  185. RC4_KEY ks;
  186. } TEST_RC4_KEY;
  187. # define test(ctx) ((TEST_RC4_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx))
  188. static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
  189. const unsigned char *iv, int enc)
  190. {
  191. const int n = EVP_CIPHER_CTX_get_key_length(ctx);
  192. # ifdef TEST_ENG_OPENSSL_RC4_P_INIT
  193. fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n");
  194. # endif
  195. if (n <= 0)
  196. return n;
  197. memcpy(&test(ctx)->key[0], key, n);
  198. RC4_set_key(&test(ctx)->ks, n, test(ctx)->key);
  199. return 1;
  200. }
  201. static int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  202. const unsigned char *in, size_t inl)
  203. {
  204. # ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER
  205. fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n");
  206. # endif
  207. RC4(&test(ctx)->ks, inl, in, out);
  208. return 1;
  209. }
  210. static EVP_CIPHER *r4_cipher = NULL;
  211. static const EVP_CIPHER *test_r4_cipher(void)
  212. {
  213. if (r4_cipher == NULL) {
  214. EVP_CIPHER *cipher;
  215. if ((cipher = EVP_CIPHER_meth_new(NID_rc4, 1, TEST_RC4_KEY_SIZE)) == NULL
  216. || !EVP_CIPHER_meth_set_iv_length(cipher, 0)
  217. || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH)
  218. || !EVP_CIPHER_meth_set_init(cipher, test_rc4_init_key)
  219. || !EVP_CIPHER_meth_set_do_cipher(cipher, test_rc4_cipher)
  220. || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(TEST_RC4_KEY))) {
  221. EVP_CIPHER_meth_free(cipher);
  222. cipher = NULL;
  223. }
  224. r4_cipher = cipher;
  225. }
  226. return r4_cipher;
  227. }
  228. static void test_r4_cipher_destroy(void)
  229. {
  230. EVP_CIPHER_meth_free(r4_cipher);
  231. r4_cipher = NULL;
  232. }
  233. static EVP_CIPHER *r4_40_cipher = NULL;
  234. static const EVP_CIPHER *test_r4_40_cipher(void)
  235. {
  236. if (r4_40_cipher == NULL) {
  237. EVP_CIPHER *cipher;
  238. if ((cipher = EVP_CIPHER_meth_new(NID_rc4, 1, 5 /* 40 bits */)) == NULL
  239. || !EVP_CIPHER_meth_set_iv_length(cipher, 0)
  240. || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH)
  241. || !EVP_CIPHER_meth_set_init(cipher, test_rc4_init_key)
  242. || !EVP_CIPHER_meth_set_do_cipher(cipher, test_rc4_cipher)
  243. || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(TEST_RC4_KEY))) {
  244. EVP_CIPHER_meth_free(cipher);
  245. cipher = NULL;
  246. }
  247. r4_40_cipher = cipher;
  248. }
  249. return r4_40_cipher;
  250. }
  251. static void test_r4_40_cipher_destroy(void)
  252. {
  253. EVP_CIPHER_meth_free(r4_40_cipher);
  254. r4_40_cipher = NULL;
  255. }
  256. static int test_cipher_nids(const int **nids)
  257. {
  258. static int cipher_nids[4] = { 0, 0, 0, 0 };
  259. static int pos = 0;
  260. static int init = 0;
  261. if (!init) {
  262. const EVP_CIPHER *cipher;
  263. if ((cipher = test_r4_cipher()) != NULL)
  264. cipher_nids[pos++] = EVP_CIPHER_get_nid(cipher);
  265. if ((cipher = test_r4_40_cipher()) != NULL)
  266. cipher_nids[pos++] = EVP_CIPHER_get_nid(cipher);
  267. cipher_nids[pos] = 0;
  268. init = 1;
  269. }
  270. *nids = cipher_nids;
  271. return pos;
  272. }
  273. static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
  274. const int **nids, int nid)
  275. {
  276. if (!cipher) {
  277. /* We are returning a list of supported nids */
  278. return test_cipher_nids(nids);
  279. }
  280. /* We are being asked for a specific cipher */
  281. if (nid == NID_rc4)
  282. *cipher = test_r4_cipher();
  283. else if (nid == NID_rc4_40)
  284. *cipher = test_r4_40_cipher();
  285. else {
  286. # ifdef TEST_ENG_OPENSSL_RC4_OTHERS
  287. fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for "
  288. "nid %d\n", nid);
  289. # endif
  290. *cipher = NULL;
  291. return 0;
  292. }
  293. return 1;
  294. }
  295. #endif
  296. #ifdef TEST_ENG_OPENSSL_SHA
  297. /* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */
  298. # include <openssl/sha.h>
  299. static int test_sha1_init(EVP_MD_CTX *ctx)
  300. {
  301. # ifdef TEST_ENG_OPENSSL_SHA_P_INIT
  302. fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n");
  303. # endif
  304. return SHA1_Init(EVP_MD_CTX_get0_md_data(ctx));
  305. }
  306. static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count)
  307. {
  308. # ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE
  309. fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n");
  310. # endif
  311. return SHA1_Update(EVP_MD_CTX_get0_md_data(ctx), data, count);
  312. }
  313. static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
  314. {
  315. # ifdef TEST_ENG_OPENSSL_SHA_P_FINAL
  316. fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n");
  317. # endif
  318. return SHA1_Final(md, EVP_MD_CTX_get0_md_data(ctx));
  319. }
  320. static EVP_MD *sha1_md = NULL;
  321. static const EVP_MD *test_sha_md(void)
  322. {
  323. if (sha1_md == NULL) {
  324. EVP_MD *md;
  325. if ((md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption)) == NULL
  326. || !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH)
  327. || !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK)
  328. || !EVP_MD_meth_set_app_datasize(md,
  329. sizeof(EVP_MD *) + sizeof(SHA_CTX))
  330. || !EVP_MD_meth_set_flags(md, 0)
  331. || !EVP_MD_meth_set_init(md, test_sha1_init)
  332. || !EVP_MD_meth_set_update(md, test_sha1_update)
  333. || !EVP_MD_meth_set_final(md, test_sha1_final)) {
  334. EVP_MD_meth_free(md);
  335. md = NULL;
  336. }
  337. sha1_md = md;
  338. }
  339. return sha1_md;
  340. }
  341. static void test_sha_md_destroy(void)
  342. {
  343. EVP_MD_meth_free(sha1_md);
  344. sha1_md = NULL;
  345. }
  346. static int test_digest_nids(const int **nids)
  347. {
  348. static int digest_nids[2] = { 0, 0 };
  349. static int pos = 0;
  350. static int init = 0;
  351. if (!init) {
  352. const EVP_MD *md;
  353. if ((md = test_sha_md()) != NULL)
  354. digest_nids[pos++] = EVP_MD_get_type(md);
  355. digest_nids[pos] = 0;
  356. init = 1;
  357. }
  358. *nids = digest_nids;
  359. return pos;
  360. }
  361. static int openssl_digests(ENGINE *e, const EVP_MD **digest,
  362. const int **nids, int nid)
  363. {
  364. if (!digest) {
  365. /* We are returning a list of supported nids */
  366. return test_digest_nids(nids);
  367. }
  368. /* We are being asked for a specific digest */
  369. if (nid == NID_sha1)
  370. *digest = test_sha_md();
  371. else {
  372. # ifdef TEST_ENG_OPENSSL_SHA_OTHERS
  373. fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for "
  374. "nid %d\n", nid);
  375. # endif
  376. *digest = NULL;
  377. return 0;
  378. }
  379. return 1;
  380. }
  381. #endif
  382. #ifdef TEST_ENG_OPENSSL_PKEY
  383. static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
  384. UI_METHOD *ui_method,
  385. void *callback_data)
  386. {
  387. BIO *in;
  388. EVP_PKEY *key;
  389. fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n",
  390. key_id);
  391. in = BIO_new_file(key_id, "r");
  392. if (!in)
  393. return NULL;
  394. key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL);
  395. BIO_free(in);
  396. return key;
  397. }
  398. #endif
  399. #ifdef TEST_ENG_OPENSSL_HMAC
  400. /*
  401. * Experimental HMAC redirection implementation: mainly copied from
  402. * hm_pmeth.c
  403. */
  404. /* HMAC pkey context structure */
  405. typedef struct {
  406. const EVP_MD *md; /* MD for HMAC use */
  407. ASN1_OCTET_STRING ktmp; /* Temp storage for key */
  408. HMAC_CTX *ctx;
  409. } OSSL_HMAC_PKEY_CTX;
  410. static int ossl_hmac_init(EVP_PKEY_CTX *ctx)
  411. {
  412. OSSL_HMAC_PKEY_CTX *hctx;
  413. if ((hctx = OPENSSL_zalloc(sizeof(*hctx))) == NULL)
  414. return 0;
  415. hctx->ktmp.type = V_ASN1_OCTET_STRING;
  416. hctx->ctx = HMAC_CTX_new();
  417. if (hctx->ctx == NULL) {
  418. OPENSSL_free(hctx);
  419. return 0;
  420. }
  421. EVP_PKEY_CTX_set_data(ctx, hctx);
  422. EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0);
  423. # ifdef TEST_ENG_OPENSSL_HMAC_INIT
  424. fprintf(stderr, "(TEST_ENG_OPENSSL_HMAC) ossl_hmac_init() called\n");
  425. # endif
  426. return 1;
  427. }
  428. static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx);
  429. static int ossl_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
  430. {
  431. OSSL_HMAC_PKEY_CTX *sctx, *dctx;
  432. /* allocate memory for dst->data and a new HMAC_CTX in dst->data->ctx */
  433. if (!ossl_hmac_init(dst))
  434. return 0;
  435. sctx = EVP_PKEY_CTX_get_data(src);
  436. dctx = EVP_PKEY_CTX_get_data(dst);
  437. dctx->md = sctx->md;
  438. if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx))
  439. goto err;
  440. if (sctx->ktmp.data) {
  441. if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
  442. sctx->ktmp.data, sctx->ktmp.length))
  443. goto err;
  444. }
  445. return 1;
  446. err:
  447. /* release HMAC_CTX in dst->data->ctx and memory allocated for dst->data */
  448. ossl_hmac_cleanup(dst);
  449. return 0;
  450. }
  451. static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx)
  452. {
  453. OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
  454. if (hctx) {
  455. HMAC_CTX_free(hctx->ctx);
  456. OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length);
  457. OPENSSL_free(hctx);
  458. EVP_PKEY_CTX_set_data(ctx, NULL);
  459. }
  460. }
  461. static int ossl_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
  462. {
  463. ASN1_OCTET_STRING *hkey = NULL;
  464. OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
  465. if (!hctx->ktmp.data)
  466. return 0;
  467. hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp);
  468. if (!hkey)
  469. return 0;
  470. EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey);
  471. return 1;
  472. }
  473. static int ossl_int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
  474. {
  475. OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(EVP_MD_CTX_get_pkey_ctx(ctx));
  476. if (!HMAC_Update(hctx->ctx, data, count))
  477. return 0;
  478. return 1;
  479. }
  480. static int ossl_hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
  481. {
  482. EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
  483. EVP_MD_CTX_set_update_fn(mctx, ossl_int_update);
  484. return 1;
  485. }
  486. static int ossl_hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig,
  487. size_t *siglen, EVP_MD_CTX *mctx)
  488. {
  489. unsigned int hlen;
  490. OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
  491. int l = EVP_MD_CTX_get_size(mctx);
  492. if (l < 0)
  493. return 0;
  494. *siglen = l;
  495. if (!sig)
  496. return 1;
  497. if (!HMAC_Final(hctx->ctx, sig, &hlen))
  498. return 0;
  499. *siglen = (size_t)hlen;
  500. return 1;
  501. }
  502. static int ossl_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
  503. {
  504. OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
  505. EVP_PKEY *pk;
  506. ASN1_OCTET_STRING *key;
  507. switch (type) {
  508. case EVP_PKEY_CTRL_SET_MAC_KEY:
  509. if ((!p2 && p1 > 0) || (p1 < -1))
  510. return 0;
  511. if (!ASN1_OCTET_STRING_set(&hctx->ktmp, p2, p1))
  512. return 0;
  513. break;
  514. case EVP_PKEY_CTRL_MD:
  515. hctx->md = p2;
  516. break;
  517. case EVP_PKEY_CTRL_DIGESTINIT:
  518. pk = EVP_PKEY_CTX_get0_pkey(ctx);
  519. key = EVP_PKEY_get0(pk);
  520. if (!HMAC_Init_ex(hctx->ctx, key->data, key->length, hctx->md, NULL))
  521. return 0;
  522. break;
  523. default:
  524. return -2;
  525. }
  526. return 1;
  527. }
  528. static int ossl_hmac_ctrl_str(EVP_PKEY_CTX *ctx,
  529. const char *type, const char *value)
  530. {
  531. if (!value) {
  532. return 0;
  533. }
  534. if (strcmp(type, "key") == 0) {
  535. void *p = (void *)value;
  536. return ossl_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, -1, p);
  537. }
  538. if (strcmp(type, "hexkey") == 0) {
  539. unsigned char *key;
  540. int r;
  541. long keylen;
  542. key = OPENSSL_hexstr2buf(value, &keylen);
  543. if (!key)
  544. return 0;
  545. r = ossl_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key);
  546. OPENSSL_free(key);
  547. return r;
  548. }
  549. return -2;
  550. }
  551. static EVP_PKEY_METHOD *ossl_hmac_meth;
  552. static int ossl_register_hmac_meth(void)
  553. {
  554. EVP_PKEY_METHOD *meth;
  555. meth = EVP_PKEY_meth_new(EVP_PKEY_HMAC, 0);
  556. if (meth == NULL)
  557. return 0;
  558. EVP_PKEY_meth_set_init(meth, ossl_hmac_init);
  559. EVP_PKEY_meth_set_copy(meth, ossl_hmac_copy);
  560. EVP_PKEY_meth_set_cleanup(meth, ossl_hmac_cleanup);
  561. EVP_PKEY_meth_set_keygen(meth, 0, ossl_hmac_keygen);
  562. EVP_PKEY_meth_set_signctx(meth, ossl_hmac_signctx_init,
  563. ossl_hmac_signctx);
  564. EVP_PKEY_meth_set_ctrl(meth, ossl_hmac_ctrl, ossl_hmac_ctrl_str);
  565. ossl_hmac_meth = meth;
  566. return 1;
  567. }
  568. static int ossl_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
  569. const int **nids, int nid)
  570. {
  571. static int ossl_pkey_nids[] = {
  572. EVP_PKEY_HMAC,
  573. 0
  574. };
  575. if (pmeth == NULL) {
  576. *nids = ossl_pkey_nids;
  577. return 1;
  578. }
  579. if (nid == EVP_PKEY_HMAC) {
  580. *pmeth = ossl_hmac_meth;
  581. return 1;
  582. }
  583. *pmeth = NULL;
  584. return 0;
  585. }
  586. #endif
  587. int openssl_destroy(ENGINE *e)
  588. {
  589. test_sha_md_destroy();
  590. #ifdef TEST_ENG_OPENSSL_RC4
  591. test_r4_cipher_destroy();
  592. test_r4_40_cipher_destroy();
  593. #endif
  594. return 1;
  595. }