Wire up HMAC to raw private key methods

Obviously, the brilliant API design kitchen decided that an interface carrying public and private key in its name (so that every sane person thinks of asymmetric cryptography), is also perfectly suitable for MACs. Wire up HMAC since Ruby's OpenSSL gem uses these bindings if the build system detects that EVP_PKEY_new_raw_public_key() is available in evp.h. While there, also add the missing pub_cmp() ameth, which obviously treats two things as equal by returning 1. Reported by jeremy and anton, fixes regress/lib/libssl/openssl-ruby tests ok jsing
author: tb <> 2022-11-18 15:01:04 +0000
committer: tb <> 2022-11-18 15:01:04 +0000
commit: eb6a541f28bbed4ffac5a7a3415572e757ad15d2 (patch)
tree: 6bb36687c28a9ff4ad25e69001d876c7678c0c60
parent: 54b961b017cbfded9bc4892699ccbc35bebf5c6f (diff)
download: openbsd-eb6a541f28bbed4ffac5a7a3415572e757ad15d2.tar.gz
openbsd-eb6a541f28bbed4ffac5a7a3415572e757ad15d2.tar.bz2
openbsd-eb6a541f28bbed4ffac5a7a3415572e757ad15d2.zip
1 files changed, 61 insertions, 2 deletions
diff --git a/src/lib/libcrypto/hmac/hm_ameth.c b/src/lib/libcrypto/hmac/hm_ameth.c
index 86e42bdfab..858110a561 100644
--- a/src/lib/libcrypto/hmac/hm_ameth.c
+++ b/src/lib/libcrypto/hmac/hm_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: hm_ameth.c,v 1.13 2022/11/18 14:45:10 tb Exp $ */
+/* $OpenBSD: hm_ameth.c,v 1.14 2022/11/18 15:01:04 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2007.
 */
@@ -56,6 +56,7 @@
 *
 */
+#include <limits.h>
 #include <stdio.h>
 #include <string.h>
@@ -74,6 +75,13 @@
 */
 static int
+hmac_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+        /* The ameth pub_cmp must return 1 on match, 0 on mismatch. */
+        return ASN1_OCTET_STRING_cmp(a->pkey.ptr, b->pkey.ptr) == 0;
+}
+static int
 hmac_size(const EVP_PKEY *pkey)
 {
        return EVP_MAX_MD_SIZE;
@@ -103,6 +111,51 @@ hmac_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
        }
 }
+static int
+hmac_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv, size_t len)
+{
+        ASN1_OCTET_STRING *os = NULL;
+        if (pkey->pkey.ptr != NULL)
+                goto err;
+        if (len > INT_MAX)
+                goto err;
+        if ((os = ASN1_OCTET_STRING_new()) == NULL)
+                goto err;
+        if (!ASN1_OCTET_STRING_set(os, priv, len))
+                goto err;
+        pkey->pkey.ptr = os;
+        return 1;
+ err:
+        ASN1_OCTET_STRING_free(os);
+        return 0;
+}
+static int
+hmac_get_priv_key(const EVP_PKEY *pkey, unsigned char *priv, size_t *len)
+{
+        ASN1_OCTET_STRING *os = pkey->pkey.ptr;
+        CBS cbs;
+        if (priv == NULL) {
+                *len = os->length;
+                return 1;
+        }
+        if (os == NULL)
+                return 0;
+        CBS_init(&cbs, os->data, os->length);
+        return CBS_write_bytes(&cbs, priv, *len, len);
+}
 #ifdef HMAC_TEST_PRIVATE_KEY_FORMAT
 /* A bogus private key format for test purposes. This is simply the
 * HMAC key with "HMAC PRIVATE KEY" in the headers. When enabled the
@@ -161,12 +214,18 @@ const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = {
        .pem_str = "HMAC",
        .info = "OpenSSL HMAC method",
+        .pub_cmp = hmac_pkey_public_cmp,
        .pkey_size = hmac_size,
        .pkey_free = hmac_key_free,
        .pkey_ctrl = hmac_pkey_ctrl,
 #ifdef HMAC_TEST_PRIVATE_KEY_FORMAT
        .old_priv_decode = old_hmac_decode,
-        .old_priv_encode = old_hmac_encode
+        .old_priv_encode = old_hmac_encode,
 #endif
+        .set_priv_key = hmac_set_priv_key,
+        .get_priv_key = hmac_get_priv_key,
 };
author	tb <>	2022-11-18 15:01:04 +0000
committer	tb <>	2022-11-18 15:01:04 +0000
commit	eb6a541f28bbed4ffac5a7a3415572e757ad15d2 (patch)
tree	6bb36687c28a9ff4ad25e69001d876c7678c0c60
parent	54b961b017cbfded9bc4892699ccbc35bebf5c6f (diff)
download	openbsd-eb6a541f28bbed4ffac5a7a3415572e757ad15d2.tar.gz openbsd-eb6a541f28bbed4ffac5a7a3415572e757ad15d2.tar.bz2 openbsd-eb6a541f28bbed4ffac5a7a3415572e757ad15d2.zip

diff --git a/src/lib/libcrypto/hmac/hm_ameth.c b/src/lib/libcrypto/hmac/hm_ameth.c index 86e42bdfab..858110a561 100644 --- a/src/lib/libcrypto/hmac/hm_ameth.c +++ b/src/lib/libcrypto/hmac/hm_ameth.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: hm_ameth.c,v 1.13 2022/11/18 14:45:10 tb Exp $ */	1	/* $OpenBSD: hm_ameth.c,v 1.14 2022/11/18 15:01:04 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2007.	3	* project 2007.
4	*/	4	*/
@@ -56,6 +56,7 @@
56	*	56	*
57	*/	57	*/
58		58
		59	#include <limits.h>
59	#include <stdio.h>	60	#include <stdio.h>
60	#include <string.h>	61	#include <string.h>
61		62
@@ -74,6 +75,13 @@
74	*/	75	*/
75		76
76	static int	77	static int
		78	hmac_pkey_public_cmp(const EVP_PKEY a, const EVP_PKEY b)
		79	{
		80	/* The ameth pub_cmp must return 1 on match, 0 on mismatch. */
		81	return ASN1_OCTET_STRING_cmp(a->pkey.ptr, b->pkey.ptr) == 0;
		82	}
		83
		84	static int
77	hmac_size(const EVP_PKEY *pkey)	85	hmac_size(const EVP_PKEY *pkey)
78	{	86	{
79	return EVP_MAX_MD_SIZE;	87	return EVP_MAX_MD_SIZE;
@@ -103,6 +111,51 @@ hmac_pkey_ctrl(EVP_PKEY pkey, int op, long arg1, void arg2)
103	}	111	}
104	}	112	}
105		113
		114	static int
		115	hmac_set_priv_key(EVP_PKEY pkey, const unsigned char priv, size_t len)
		116	{
		117	ASN1_OCTET_STRING *os = NULL;
		118
		119	if (pkey->pkey.ptr != NULL)
		120	goto err;
		121
		122	if (len > INT_MAX)
		123	goto err;
		124
		125	if ((os = ASN1_OCTET_STRING_new()) == NULL)
		126	goto err;
		127
		128	if (!ASN1_OCTET_STRING_set(os, priv, len))
		129	goto err;
		130
		131	pkey->pkey.ptr = os;
		132
		133	return 1;
		134
		135	err:
		136	ASN1_OCTET_STRING_free(os);
		137
		138	return 0;
		139	}
		140
		141	static int
		142	hmac_get_priv_key(const EVP_PKEY pkey, unsigned char priv, size_t *len)
		143	{
		144	ASN1_OCTET_STRING *os = pkey->pkey.ptr;
		145	CBS cbs;
		146
		147	if (priv == NULL) {
		148	*len = os->length;
		149	return 1;
		150	}
		151
		152	if (os == NULL)
		153	return 0;
		154
		155	CBS_init(&cbs, os->data, os->length);
		156	return CBS_write_bytes(&cbs, priv, *len, len);
		157	}
		158
106	#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT	159	#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT
107	/* A bogus private key format for test purposes. This is simply the	160	/* A bogus private key format for test purposes. This is simply the
108	* HMAC key with "HMAC PRIVATE KEY" in the headers. When enabled the	161	* HMAC key with "HMAC PRIVATE KEY" in the headers. When enabled the
@@ -161,12 +214,18 @@ const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = {
161	.pem_str = "HMAC",	214	.pem_str = "HMAC",
162	.info = "OpenSSL HMAC method",	215	.info = "OpenSSL HMAC method",
163		216
		217	.pub_cmp = hmac_pkey_public_cmp,
		218
164	.pkey_size = hmac_size,	219	.pkey_size = hmac_size,
165		220
166	.pkey_free = hmac_key_free,	221	.pkey_free = hmac_key_free,
167	.pkey_ctrl = hmac_pkey_ctrl,	222	.pkey_ctrl = hmac_pkey_ctrl,
		223
168	#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT	224	#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT
169	.old_priv_decode = old_hmac_decode,	225	.old_priv_decode = old_hmac_decode,
170	.old_priv_encode = old_hmac_encode	226	.old_priv_encode = old_hmac_encode,
171	#endif	227	#endif
		228
		229	.set_priv_key = hmac_set_priv_key,
		230	.get_priv_key = hmac_get_priv_key,
172	};	231	};