Prepare to provide EVP_PKEY_new_CMAC_key()

sebastia ran into this when attempting to update security/hcxtools. This will be tested via wycheproof.go once the symbol is public. ok jsing, tested by sebastia
author: tb <> 2021-03-29 15:57:23 +0000
committer: tb <> 2021-03-29 15:57:23 +0000
commit: d9dfab150e9c80a3bafbf4effd23e943ab9ba197 (patch)
tree: bf7d2d4408b27c2ebee7a4c8281f8986c9add8a9 /src/lib/libcrypto/evp/p_lib.c
parent: 2e8ea05ba51067fc5bc08b0749d727cb74a13b62 (diff)
download: openbsd-d9dfab150e9c80a3bafbf4effd23e943ab9ba197.tar.gz
openbsd-d9dfab150e9c80a3bafbf4effd23e943ab9ba197.tar.bz2
openbsd-d9dfab150e9c80a3bafbf4effd23e943ab9ba197.zip
1 files changed, 43 insertions, 8 deletions
diff --git a/src/lib/libcrypto/evp/p_lib.c b/src/lib/libcrypto/evp/p_lib.c
index 13a9d65f28..9577b10ea1 100644
--- a/src/lib/libcrypto/evp/p_lib.c
+++ b/src/lib/libcrypto/evp/p_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p_lib.c,v 1.25 2019/03/17 18:17:45 tb Exp $ */
+/* $OpenBSD: p_lib.c,v 1.26 2021/03/29 15:57:23 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -61,6 +61,7 @@
 #include <openssl/opensslconf.h>
 #include <openssl/bn.h>
+#include <openssl/cmac.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
@@ -216,10 +217,14 @@ EVP_PKEY_up_ref(EVP_PKEY *pkey)
 */
 static int
-pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len)
+pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, int len)
 {
        const EVP_PKEY_ASN1_METHOD *ameth;
-        ENGINE *e = NULL;
+        ENGINE **eptr = NULL;
+        if (e == NULL)
+                eptr = &e;
        if (pkey) {
                if (pkey->pkey.ptr)
                        EVP_PKEY_free_it(pkey);
@@ -234,11 +239,11 @@ pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len)
 #endif
        }
        if (str)
-                ameth = EVP_PKEY_asn1_find_str(&e, str, len);
+                ameth = EVP_PKEY_asn1_find_str(eptr, str, len);
        else
-                ameth = EVP_PKEY_asn1_find(&e, type);
+                ameth = EVP_PKEY_asn1_find(eptr, type);
 #ifndef OPENSSL_NO_ENGINE
-        if (pkey == NULL)
+        if (pkey == NULL && eptr != NULL)
                ENGINE_finish(e);
 #endif
        if (!ameth) {
@@ -258,13 +263,43 @@ pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len)
 int
 EVP_PKEY_set_type(EVP_PKEY *pkey, int type)
 {
-        return pkey_set_type(pkey, type, NULL, -1);
+        return pkey_set_type(pkey, NULL, type, NULL, -1);
+}
+EVP_PKEY *
+EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, size_t len,
+    const EVP_CIPHER *cipher)
+{
+        EVP_PKEY *ret = NULL;
+        CMAC_CTX *cmctx = NULL;
+        if ((ret = EVP_PKEY_new()) == NULL)
+                goto err;
+        if ((cmctx = CMAC_CTX_new()) == NULL)
+                goto err;
+        if (!pkey_set_type(ret, e, EVP_PKEY_CMAC, NULL, -1))
+                goto err;
+        if (!CMAC_Init(cmctx, priv, len, cipher, e)) {
+                EVPerror(EVP_R_KEY_SETUP_FAILED);
+                goto err;
+        }
+        ret->pkey.ptr = (char *)cmctx;
+        return ret;
+ err:
+        EVP_PKEY_free(ret);
+        CMAC_CTX_free(cmctx);
+        return NULL;
 }
 int
 EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len)
 {
-        return pkey_set_type(pkey, EVP_PKEY_NONE, str, len);
+        return pkey_set_type(pkey, NULL, EVP_PKEY_NONE, str, len);
 }
 int
author	tb <>	2021-03-29 15:57:23 +0000
committer	tb <>	2021-03-29 15:57:23 +0000
commit	d9dfab150e9c80a3bafbf4effd23e943ab9ba197 (patch)
tree	bf7d2d4408b27c2ebee7a4c8281f8986c9add8a9 /src/lib/libcrypto/evp/p_lib.c
parent	2e8ea05ba51067fc5bc08b0749d727cb74a13b62 (diff)
download	openbsd-d9dfab150e9c80a3bafbf4effd23e943ab9ba197.tar.gz openbsd-d9dfab150e9c80a3bafbf4effd23e943ab9ba197.tar.bz2 openbsd-d9dfab150e9c80a3bafbf4effd23e943ab9ba197.zip