1 files changed, 61 insertions, 2 deletions
diff --git a/src/lib/libcrypto/hmac/hm_ameth.c b/src/lib/libcrypto/hmac/hm_ameth.c
index 86e42bdfab..858110a561 100644
--- a/src/lib/libcrypto/hmac/hm_ameth.c
+++ b/src/lib/libcrypto/hmac/hm_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: hm_ameth.c,v 1.13 2022/11/18 14:45:10 tb Exp $ */
+/* $OpenBSD: hm_ameth.c,v 1.14 2022/11/18 15:01:04 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2007.
 */
@@ -56,6 +56,7 @@
 *
 */
+#include <limits.h>
 #include <stdio.h>
 #include <string.h>
@@ -74,6 +75,13 @@
 */
 static int
+hmac_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+        /* The ameth pub_cmp must return 1 on match, 0 on mismatch. */
+        return ASN1_OCTET_STRING_cmp(a->pkey.ptr, b->pkey.ptr) == 0;
+}
+static int
 hmac_size(const EVP_PKEY *pkey)
 {
        return EVP_MAX_MD_SIZE;
@@ -103,6 +111,51 @@ hmac_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
        }
 }
+static int
+hmac_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv, size_t len)
+{
+        ASN1_OCTET_STRING *os = NULL;
+        if (pkey->pkey.ptr != NULL)
+                goto err;
+        if (len > INT_MAX)
+                goto err;
+        if ((os = ASN1_OCTET_STRING_new()) == NULL)
+                goto err;
+        if (!ASN1_OCTET_STRING_set(os, priv, len))
+                goto err;
+        pkey->pkey.ptr = os;
+        return 1;
+ err:
+        ASN1_OCTET_STRING_free(os);
+        return 0;
+}
+static int
+hmac_get_priv_key(const EVP_PKEY *pkey, unsigned char *priv, size_t *len)
+{
+        ASN1_OCTET_STRING *os = pkey->pkey.ptr;
+        CBS cbs;
+        if (priv == NULL) {
+                *len = os->length;
+                return 1;
+        }
+        if (os == NULL)
+                return 0;
+        CBS_init(&cbs, os->data, os->length);
+        return CBS_write_bytes(&cbs, priv, *len, len);
+}
 #ifdef HMAC_TEST_PRIVATE_KEY_FORMAT
 /* A bogus private key format for test purposes. This is simply the
 * HMAC key with "HMAC PRIVATE KEY" in the headers. When enabled the
@@ -161,12 +214,18 @@ const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = {
        .pem_str = "HMAC",
        .info = "OpenSSL HMAC method",
+        .pub_cmp = hmac_pkey_public_cmp,
        .pkey_size = hmac_size,
        .pkey_free = hmac_key_free,
        .pkey_ctrl = hmac_pkey_ctrl,
 #ifdef HMAC_TEST_PRIVATE_KEY_FORMAT
        .old_priv_decode = old_hmac_decode,
-        .old_priv_encode = old_hmac_encode
+        .old_priv_encode = old_hmac_encode,
 #endif
+        .set_priv_key = hmac_set_priv_key,
+        .get_priv_key = hmac_get_priv_key,
 };

diff --git a/src/lib/libcrypto/hmac/hm_ameth.c b/src/lib/libcrypto/hmac/hm_ameth.c index 86e42bdfab..858110a561 100644 --- a/src/lib/libcrypto/hmac/hm_ameth.c +++ b/src/lib/libcrypto/hmac/hm_ameth.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: hm_ameth.c,v 1.13 2022/11/18 14:45:10 tb Exp $ */	1	/* $OpenBSD: hm_ameth.c,v 1.14 2022/11/18 15:01:04 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2007.	3	* project 2007.
4	*/	4	*/
@@ -56,6 +56,7 @@
56	*	56	*
57	*/	57	*/
58		58
		59	#include <limits.h>
59	#include <stdio.h>	60	#include <stdio.h>
60	#include <string.h>	61	#include <string.h>
61		62
@@ -74,6 +75,13 @@
74	*/	75	*/
75		76
76	static int	77	static int
		78	hmac_pkey_public_cmp(const EVP_PKEY a, const EVP_PKEY b)
		79	{
		80	/* The ameth pub_cmp must return 1 on match, 0 on mismatch. */
		81	return ASN1_OCTET_STRING_cmp(a->pkey.ptr, b->pkey.ptr) == 0;
		82	}
		83
		84	static int
77	hmac_size(const EVP_PKEY *pkey)	85	hmac_size(const EVP_PKEY *pkey)
78	{	86	{
79	return EVP_MAX_MD_SIZE;	87	return EVP_MAX_MD_SIZE;
@@ -103,6 +111,51 @@ hmac_pkey_ctrl(EVP_PKEY pkey, int op, long arg1, void arg2)
103	}	111	}
104	}	112	}
105		113
		114	static int
		115	hmac_set_priv_key(EVP_PKEY pkey, const unsigned char priv, size_t len)
		116	{
		117	ASN1_OCTET_STRING *os = NULL;
		118
		119	if (pkey->pkey.ptr != NULL)
		120	goto err;
		121
		122	if (len > INT_MAX)
		123	goto err;
		124
		125	if ((os = ASN1_OCTET_STRING_new()) == NULL)
		126	goto err;
		127
		128	if (!ASN1_OCTET_STRING_set(os, priv, len))
		129	goto err;
		130
		131	pkey->pkey.ptr = os;
		132
		133	return 1;
		134
		135	err:
		136	ASN1_OCTET_STRING_free(os);
		137
		138	return 0;
		139	}
		140
		141	static int
		142	hmac_get_priv_key(const EVP_PKEY pkey, unsigned char priv, size_t *len)
		143	{
		144	ASN1_OCTET_STRING *os = pkey->pkey.ptr;
		145	CBS cbs;
		146
		147	if (priv == NULL) {
		148	*len = os->length;
		149	return 1;
		150	}
		151
		152	if (os == NULL)
		153	return 0;
		154
		155	CBS_init(&cbs, os->data, os->length);
		156	return CBS_write_bytes(&cbs, priv, *len, len);
		157	}
		158
106	#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT	159	#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT
107	/* A bogus private key format for test purposes. This is simply the	160	/* A bogus private key format for test purposes. This is simply the
108	* HMAC key with "HMAC PRIVATE KEY" in the headers. When enabled the	161	* HMAC key with "HMAC PRIVATE KEY" in the headers. When enabled the
@@ -161,12 +214,18 @@ const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = {
161	.pem_str = "HMAC",	214	.pem_str = "HMAC",
162	.info = "OpenSSL HMAC method",	215	.info = "OpenSSL HMAC method",
163		216
		217	.pub_cmp = hmac_pkey_public_cmp,
		218
164	.pkey_size = hmac_size,	219	.pkey_size = hmac_size,
165		220
166	.pkey_free = hmac_key_free,	221	.pkey_free = hmac_key_free,
167	.pkey_ctrl = hmac_pkey_ctrl,	222	.pkey_ctrl = hmac_pkey_ctrl,
		223
168	#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT	224	#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT
169	.old_priv_decode = old_hmac_decode,	225	.old_priv_decode = old_hmac_decode,
170	.old_priv_encode = old_hmac_encode	226	.old_priv_encode = old_hmac_encode,
171	#endif	227	#endif
		228
		229	.set_priv_key = hmac_set_priv_key,
		230	.get_priv_key = hmac_get_priv_key,
172	};	231	};