eng_openssl.c@ 96662

Last change on this file since 96662 was 94082, checked in by vboxsync, 3 years ago
libs/openssl-3.0.1: started applying and adjusting our OpenSSL changes to 3.0.1. bugref:10128
File size: 18.5 KB

Line
1	/*
2	* Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
3	* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4	*
5	* Licensed under the Apache License 2.0 (the "License"). You may not use
6	* this file except in compliance with the License. You can obtain a copy
7	* in the file LICENSE in the source distribution or at
8	* https://www.openssl.org/source/license.html
9	*/
10
11	/* We need to use some engine deprecated APIs */
12	#define OPENSSL_SUPPRESS_DEPRECATED
13
14	/*
15	* RC4 and SHA-1 low level APIs and EVP _meth_ APISs are deprecated for public
16	* use, but still ok for internal use.
17	*/
18	#include "internal/deprecated.h"
19
20	#include <stdio.h>
21	#include <openssl/crypto.h>
22	#include "internal/cryptlib.h"
23	#include "crypto/engine.h"
24	#include <openssl/pem.h>
25	#include <openssl/evp.h>
26	#include <openssl/rand.h>
27	#include <openssl/rsa.h>
28	#include <openssl/dsa.h>
29	#include <openssl/dh.h>
30
31	#include <openssl/hmac.h>
32	#include <openssl/x509v3.h>
33
34	/*
35	* This testing gunk is implemented (and explained) lower down. It also
36	* assumes the application explicitly calls "ENGINE_load_openssl()" because
37	* this is no longer automatic in ENGINE_load_builtin_engines().
38	*/
39	#define TEST_ENG_OPENSSL_RC4
40	#ifndef OPENSSL_NO_STDIO
41	# define TEST_ENG_OPENSSL_PKEY
42	#endif
43	/* #define TEST_ENG_OPENSSL_HMAC */
44	/* #define TEST_ENG_OPENSSL_HMAC_INIT */
45	/* #define TEST_ENG_OPENSSL_RC4_OTHERS */
46	#ifndef OPENSSL_NO_STDIO
47	# define TEST_ENG_OPENSSL_RC4_P_INIT
48	#endif
49	/* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */
50	#define TEST_ENG_OPENSSL_SHA
51	/* #define TEST_ENG_OPENSSL_SHA_OTHERS */
52	/* #define TEST_ENG_OPENSSL_SHA_P_INIT */
53	/* #define TEST_ENG_OPENSSL_SHA_P_UPDATE */
54	/* #define TEST_ENG_OPENSSL_SHA_P_FINAL */
55
56	/* Now check what of those algorithms are actually enabled */
57	#ifdef OPENSSL_NO_RC4
58	# undef TEST_ENG_OPENSSL_RC4
59	# undef TEST_ENG_OPENSSL_RC4_OTHERS
60	# undef TEST_ENG_OPENSSL_RC4_P_INIT
61	# undef TEST_ENG_OPENSSL_RC4_P_CIPHER
62	#endif
63
64	static int openssl_destroy(ENGINE *e);
65
66	#ifdef TEST_ENG_OPENSSL_RC4
67	static int openssl_ciphers(ENGINE e, const EVP_CIPHER *cipher,
68	const int **nids, int nid);
69	#endif
70	#ifdef TEST_ENG_OPENSSL_SHA
71	static int openssl_digests(ENGINE e, const EVP_MD *digest,
72	const int **nids, int nid);
73	#endif
74
75	#ifdef TEST_ENG_OPENSSL_PKEY
76	static EVP_PKEY openssl_load_privkey(ENGINE eng, const char *key_id,
77	UI_METHOD *ui_method,
78	void *callback_data);
79	#endif
80
81	#ifdef TEST_ENG_OPENSSL_HMAC
82	static int ossl_register_hmac_meth(void);
83	static int ossl_pkey_meths(ENGINE e, EVP_PKEY_METHOD *pmeth,
84	const int **nids, int nid);
85	#endif
86
87	/* The constants used when creating the ENGINE */
88	static const char *engine_openssl_id = "openssl";
89	static const char *engine_openssl_name = "Software engine support";
90
91	/*
92	* This internal function is used by ENGINE_openssl() and possibly by the
93	* "dynamic" ENGINE support too
94	*/
95	static int bind_helper(ENGINE *e)
96	{
97	if (!ENGINE_set_id(e, engine_openssl_id)
98	\|\| !ENGINE_set_name(e, engine_openssl_name)
99	\|\| !ENGINE_set_destroy_function(e, openssl_destroy)
100	#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
101	\|\| !ENGINE_set_RSA(e, RSA_get_default_method())
102	# ifndef OPENSSL_NO_DSA
103	\|\| !ENGINE_set_DSA(e, DSA_get_default_method())
104	# endif
105	# ifndef OPENSSL_NO_EC
106	\|\| !ENGINE_set_EC(e, EC_KEY_OpenSSL())
107	# endif
108	# ifndef OPENSSL_NO_DH
109	\|\| !ENGINE_set_DH(e, DH_get_default_method())
110	# endif
111	\|\| !ENGINE_set_RAND(e, RAND_OpenSSL())
112	# ifdef TEST_ENG_OPENSSL_RC4
113	\|\| !ENGINE_set_ciphers(e, openssl_ciphers)
114	# endif
115	# ifdef TEST_ENG_OPENSSL_SHA
116	\|\| !ENGINE_set_digests(e, openssl_digests)
117	# endif
118	#endif
119	#ifdef TEST_ENG_OPENSSL_PKEY
120	\|\| !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
121	#endif
122	#ifdef TEST_ENG_OPENSSL_HMAC
123	\|\| !ossl_register_hmac_meth()
124	\|\| !ENGINE_set_pkey_meths(e, ossl_pkey_meths)
125	#endif
126	)
127	return 0;
128	/*
129	* If we add errors to this ENGINE, ensure the error handling is setup
130	* here
131	*/
132	/* openssl_load_error_strings(); */
133	return 1;
134	}
135
136	static ENGINE *engine_openssl(void)
137	{
138	ENGINE *ret = ENGINE_new();
139	if (ret == NULL)
140	return NULL;
141	if (!bind_helper(ret)) {
142	ENGINE_free(ret);
143	return NULL;
144	}
145	return ret;
146	}
147
148	void engine_load_openssl_int(void)
149	{
150	ENGINE *toadd = engine_openssl();
151	if (!toadd)
152	return;
153
154	ERR_set_mark();
155	ENGINE_add(toadd);
156	/*
157	* If the "add" worked, it gets a structural reference. So either way, we
158	* release our just-created reference.
159	*/
160	ENGINE_free(toadd);
161	/*
162	* If the "add" didn't work, it was probably a conflict because it was
163	* already added (eg. someone calling ENGINE_load_blah then calling
164	* ENGINE_load_builtin_engines() perhaps).
165	*/
166	ERR_pop_to_mark();
167	}
168
169	/*
170	* This stuff is needed if this ENGINE is being compiled into a
171	* self-contained shared-library.
172	*/
173	#ifdef ENGINE_DYNAMIC_SUPPORT
174	static int bind_fn(ENGINE e, const char id)
175	{
176	if (id && (strcmp(id, engine_openssl_id) != 0))
177	return 0;
178	if (!bind_helper(e))
179	return 0;
180	return 1;
181	}
182
183	IMPLEMENT_DYNAMIC_CHECK_FN()
184	IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
185	#endif /* ENGINE_DYNAMIC_SUPPORT */
186	#ifdef TEST_ENG_OPENSSL_RC4
187	/*-
188	* This section of code compiles an "alternative implementation" of two modes of
189	* RC4 into this ENGINE. The result is that EVP_CIPHER operation for "rc4"
190	* should under normal circumstances go via this support rather than the default
191	* EVP support. There are other symbols to tweak the testing;
192	* TEST_ENC_OPENSSL_RC4_OTHERS - print a one line message to stderr each time
193	* we're asked for a cipher we don't support (should not happen).
194	* TEST_ENG_OPENSSL_RC4_P_INIT - print a one line message to stderr each time
195	* the "init_key" handler is called.
196	* TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler.
197	*/
198	# include <openssl/rc4.h>
199	# define TEST_RC4_KEY_SIZE 16
200	typedef struct {
201	unsigned char key[TEST_RC4_KEY_SIZE];
202	RC4_KEY ks;
203	} TEST_RC4_KEY;
204	# define test(ctx) ((TEST_RC4_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx))
205	static int test_rc4_init_key(EVP_CIPHER_CTX ctx, const unsigned char key,
206	const unsigned char *iv, int enc)
207	{
208	const int n = EVP_CIPHER_CTX_get_key_length(ctx);
209
210	# ifdef TEST_ENG_OPENSSL_RC4_P_INIT
211	fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n");
212	# endif
213	if (n <= 0)
214	return n;
215	memcpy(&test(ctx)->key[0], key, n);
216	RC4_set_key(&test(ctx)->ks, n, test(ctx)->key);
217	return 1;
218	}
219
220	static int test_rc4_cipher(EVP_CIPHER_CTX ctx, unsigned char out,
221	const unsigned char *in, size_t inl)
222	{
223	# ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER
224	fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n");
225	# endif
226	RC4(&test(ctx)->ks, inl, in, out);
227	return 1;
228	}
229
230	static EVP_CIPHER *r4_cipher = NULL;
231	static const EVP_CIPHER *test_r4_cipher(void)
232	{
233	if (r4_cipher == NULL) {
234	EVP_CIPHER *cipher;
235
236	if ((cipher = EVP_CIPHER_meth_new(NID_rc4, 1, TEST_RC4_KEY_SIZE)) == NULL
237	\|\| !EVP_CIPHER_meth_set_iv_length(cipher, 0)
238	\|\| !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH)
239	\|\| !EVP_CIPHER_meth_set_init(cipher, test_rc4_init_key)
240	\|\| !EVP_CIPHER_meth_set_do_cipher(cipher, test_rc4_cipher)
241	\|\| !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(TEST_RC4_KEY))) {
242	EVP_CIPHER_meth_free(cipher);
243	cipher = NULL;
244	}
245	r4_cipher = cipher;
246	}
247	return r4_cipher;
248	}
249	static void test_r4_cipher_destroy(void)
250	{
251	EVP_CIPHER_meth_free(r4_cipher);
252	r4_cipher = NULL;
253	}
254
255	static EVP_CIPHER *r4_40_cipher = NULL;
256	static const EVP_CIPHER *test_r4_40_cipher(void)
257	{
258	if (r4_40_cipher == NULL) {
259	EVP_CIPHER *cipher;
260
261	if ((cipher = EVP_CIPHER_meth_new(NID_rc4, 1, 5 /* 40 bits */)) == NULL
262	\|\| !EVP_CIPHER_meth_set_iv_length(cipher, 0)
263	\|\| !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH)
264	\|\| !EVP_CIPHER_meth_set_init(cipher, test_rc4_init_key)
265	\|\| !EVP_CIPHER_meth_set_do_cipher(cipher, test_rc4_cipher)
266	\|\| !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(TEST_RC4_KEY))) {
267	EVP_CIPHER_meth_free(cipher);
268	cipher = NULL;
269	}
270	r4_40_cipher = cipher;
271	}
272	return r4_40_cipher;
273	}
274	static void test_r4_40_cipher_destroy(void)
275	{
276	EVP_CIPHER_meth_free(r4_40_cipher);
277	r4_40_cipher = NULL;
278	}
279	static int test_cipher_nids(const int **nids)
280	{
281	static int cipher_nids[4] = { 0, 0, 0, 0 };
282	static int pos = 0;
283	static int init = 0;
284
285	if (!init) {
286	const EVP_CIPHER *cipher;
287	if ((cipher = test_r4_cipher()) != NULL)
288	cipher_nids[pos++] = EVP_CIPHER_get_nid(cipher);
289	if ((cipher = test_r4_40_cipher()) != NULL)
290	cipher_nids[pos++] = EVP_CIPHER_get_nid(cipher);
291	cipher_nids[pos] = 0;
292	init = 1;
293	}
294	*nids = cipher_nids;
295	return pos;
296	}
297
298	static int openssl_ciphers(ENGINE e, const EVP_CIPHER *cipher,
299	const int **nids, int nid)
300	{
301	if (!cipher) {
302	/* We are returning a list of supported nids */
303	return test_cipher_nids(nids);
304	}
305	/* We are being asked for a specific cipher */
306	if (nid == NID_rc4)
307	*cipher = test_r4_cipher();
308	else if (nid == NID_rc4_40)
309	*cipher = test_r4_40_cipher();
310	else {
311	# ifdef TEST_ENG_OPENSSL_RC4_OTHERS
312	fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for "
313	"nid %d\n", nid);
314	# endif
315	*cipher = NULL;
316	return 0;
317	}
318	return 1;
319	}
320	#endif
321
322	#ifdef TEST_ENG_OPENSSL_SHA
323	/* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */
324	# include <openssl/sha.h>
325
326	static int test_sha1_init(EVP_MD_CTX *ctx)
327	{
328	# ifdef TEST_ENG_OPENSSL_SHA_P_INIT
329	fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n");
330	# endif
331	return SHA1_Init(EVP_MD_CTX_get0_md_data(ctx));
332	}
333
334	static int test_sha1_update(EVP_MD_CTX ctx, const void data, size_t count)
335	{
336	# ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE
337	fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n");
338	# endif
339	return SHA1_Update(EVP_MD_CTX_get0_md_data(ctx), data, count);
340	}
341
342	static int test_sha1_final(EVP_MD_CTX ctx, unsigned char md)
343	{
344	# ifdef TEST_ENG_OPENSSL_SHA_P_FINAL
345	fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n");
346	# endif
347	return SHA1_Final(md, EVP_MD_CTX_get0_md_data(ctx));
348	}
349
350	static EVP_MD *sha1_md = NULL;
351	static const EVP_MD *test_sha_md(void)
352	{
353	if (sha1_md == NULL) {
354	EVP_MD *md;
355
356	if ((md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption)) == NULL
357	\|\| !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH)
358	\|\| !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK)
359	\|\| !EVP_MD_meth_set_app_datasize(md,
360	sizeof(EVP_MD *) + sizeof(SHA_CTX))
361	\|\| !EVP_MD_meth_set_flags(md, 0)
362	\|\| !EVP_MD_meth_set_init(md, test_sha1_init)
363	\|\| !EVP_MD_meth_set_update(md, test_sha1_update)
364	\|\| !EVP_MD_meth_set_final(md, test_sha1_final)) {
365	EVP_MD_meth_free(md);
366	md = NULL;
367	}
368	sha1_md = md;
369	}
370	return sha1_md;
371	}
372	static void test_sha_md_destroy(void)
373	{
374	EVP_MD_meth_free(sha1_md);
375	sha1_md = NULL;
376	}
377	static int test_digest_nids(const int **nids)
378	{
379	static int digest_nids[2] = { 0, 0 };
380	static int pos = 0;
381	static int init = 0;
382
383	if (!init) {
384	const EVP_MD *md;
385	if ((md = test_sha_md()) != NULL)
386	digest_nids[pos++] = EVP_MD_get_type(md);
387	digest_nids[pos] = 0;
388	init = 1;
389	}
390	*nids = digest_nids;
391	return pos;
392	}
393
394	static int openssl_digests(ENGINE e, const EVP_MD *digest,
395	const int **nids, int nid)
396	{
397	if (!digest) {
398	/* We are returning a list of supported nids */
399	return test_digest_nids(nids);
400	}
401	/* We are being asked for a specific digest */
402	if (nid == NID_sha1)
403	*digest = test_sha_md();
404	else {
405	# ifdef TEST_ENG_OPENSSL_SHA_OTHERS
406	fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for "
407	"nid %d\n", nid);
408	# endif
409	*digest = NULL;
410	return 0;
411	}
412	return 1;
413	}
414	#endif
415
416	#ifdef TEST_ENG_OPENSSL_PKEY
417	static EVP_PKEY openssl_load_privkey(ENGINE eng, const char *key_id,
418	UI_METHOD *ui_method,
419	void *callback_data)
420	{
421	BIO *in;
422	EVP_PKEY *key;
423	fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n",
424	key_id);
425	in = BIO_new_file(key_id, "r");
426	if (!in)
427	return NULL;
428	key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL);
429	BIO_free(in);
430	return key;
431	}
432	#endif
433
434	#ifdef TEST_ENG_OPENSSL_HMAC
435
436	/*
437	* Experimental HMAC redirection implementation: mainly copied from
438	* hm_pmeth.c
439	*/
440
441	/* HMAC pkey context structure */
442
443	typedef struct {
444	const EVP_MD md; / MD for HMAC use */
445	ASN1_OCTET_STRING ktmp; /* Temp storage for key */
446	HMAC_CTX *ctx;
447	} OSSL_HMAC_PKEY_CTX;
448
449	static int ossl_hmac_init(EVP_PKEY_CTX *ctx)
450	{
451	OSSL_HMAC_PKEY_CTX *hctx;
452
453	if ((hctx = OPENSSL_zalloc(sizeof(*hctx))) == NULL) {
454	ERR_raise(ERR_LIB_ENGINE, ERR_R_MALLOC_FAILURE);
455	return 0;
456	}
457	hctx->ktmp.type = V_ASN1_OCTET_STRING;
458	hctx->ctx = HMAC_CTX_new();
459	if (hctx->ctx == NULL) {
460	OPENSSL_free(hctx);
461	return 0;
462	}
463	EVP_PKEY_CTX_set_data(ctx, hctx);
464	EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0);
465	# ifdef TEST_ENG_OPENSSL_HMAC_INIT
466	fprintf(stderr, "(TEST_ENG_OPENSSL_HMAC) ossl_hmac_init() called\n");
467	# endif
468	return 1;
469	}
470
471	static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx);
472
473	static int ossl_hmac_copy(EVP_PKEY_CTX dst, EVP_PKEY_CTX src)
474	{
475	OSSL_HMAC_PKEY_CTX sctx, dctx;
476
477	/* allocate memory for dst->data and a new HMAC_CTX in dst->data->ctx */
478	if (!ossl_hmac_init(dst))
479	return 0;
480	sctx = EVP_PKEY_CTX_get_data(src);
481	dctx = EVP_PKEY_CTX_get_data(dst);
482	dctx->md = sctx->md;
483	if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx))
484	goto err;
485	if (sctx->ktmp.data) {
486	if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
487	sctx->ktmp.data, sctx->ktmp.length))
488	goto err;
489	}
490	return 1;
491	err:
492	/* release HMAC_CTX in dst->data->ctx and memory allocated for dst->data */
493	ossl_hmac_cleanup(dst);
494	return 0;
495	}
496
497	static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx)
498	{
499	OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
500
501	if (hctx) {
502	HMAC_CTX_free(hctx->ctx);
503	OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length);
504	OPENSSL_free(hctx);
505	EVP_PKEY_CTX_set_data(ctx, NULL);
506	}
507	}
508
509	static int ossl_hmac_keygen(EVP_PKEY_CTX ctx, EVP_PKEY pkey)
510	{
511	ASN1_OCTET_STRING *hkey = NULL;
512	OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
513	if (!hctx->ktmp.data)
514	return 0;
515	hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp);
516	if (!hkey)
517	return 0;
518	EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey);
519
520	return 1;
521	}
522
523	static int ossl_int_update(EVP_MD_CTX ctx, const void data, size_t count)
524	{
525	OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(EVP_MD_CTX_get_pkey_ctx(ctx));
526	if (!HMAC_Update(hctx->ctx, data, count))
527	return 0;
528	return 1;
529	}
530
531	static int ossl_hmac_signctx_init(EVP_PKEY_CTX ctx, EVP_MD_CTX mctx)
532	{
533	EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
534	EVP_MD_CTX_set_update_fn(mctx, ossl_int_update);
535	return 1;
536	}
537
538	static int ossl_hmac_signctx(EVP_PKEY_CTX ctx, unsigned char sig,
539	size_t siglen, EVP_MD_CTX mctx)
540	{
541	unsigned int hlen;
542	OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
543	int l = EVP_MD_CTX_get_size(mctx);
544
545	if (l < 0)
546	return 0;
547	*siglen = l;
548	if (!sig)
549	return 1;
550
551	if (!HMAC_Final(hctx->ctx, sig, &hlen))
552	return 0;
553	*siglen = (size_t)hlen;
554	return 1;
555	}
556
557	static int ossl_hmac_ctrl(EVP_PKEY_CTX ctx, int type, int p1, void p2)
558	{
559	OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
560	EVP_PKEY *pk;
561	ASN1_OCTET_STRING *key;
562	switch (type) {
563
564	case EVP_PKEY_CTRL_SET_MAC_KEY:
565	if ((!p2 && p1 > 0) \|\| (p1 < -1))
566	return 0;
567	if (!ASN1_OCTET_STRING_set(&hctx->ktmp, p2, p1))
568	return 0;
569	break;
570
571	case EVP_PKEY_CTRL_MD:
572	hctx->md = p2;
573	break;
574
575	case EVP_PKEY_CTRL_DIGESTINIT:
576	pk = EVP_PKEY_CTX_get0_pkey(ctx);
577	key = EVP_PKEY_get0(pk);
578	if (!HMAC_Init_ex(hctx->ctx, key->data, key->length, hctx->md, NULL))
579	return 0;
580	break;
581
582	default:
583	return -2;
584
585	}
586	return 1;
587	}
588
589	static int ossl_hmac_ctrl_str(EVP_PKEY_CTX *ctx,
590	const char type, const char value)
591	{
592	if (!value) {
593	return 0;
594	}
595	if (strcmp(type, "key") == 0) {
596	void p = (void )value;
597	return ossl_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, -1, p);
598	}
599	if (strcmp(type, "hexkey") == 0) {
600	unsigned char *key;
601	int r;
602	long keylen;
603	key = OPENSSL_hexstr2buf(value, &keylen);
604	if (!key)
605	return 0;
606	r = ossl_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key);
607	OPENSSL_free(key);
608	return r;
609	}
610	return -2;
611	}
612
613	static EVP_PKEY_METHOD *ossl_hmac_meth;
614
615	static int ossl_register_hmac_meth(void)
616	{
617	EVP_PKEY_METHOD *meth;
618	meth = EVP_PKEY_meth_new(EVP_PKEY_HMAC, 0);
619	if (meth == NULL)
620	return 0;
621	EVP_PKEY_meth_set_init(meth, ossl_hmac_init);
622	EVP_PKEY_meth_set_copy(meth, ossl_hmac_copy);
623	EVP_PKEY_meth_set_cleanup(meth, ossl_hmac_cleanup);
624
625	EVP_PKEY_meth_set_keygen(meth, 0, ossl_hmac_keygen);
626
627	EVP_PKEY_meth_set_signctx(meth, ossl_hmac_signctx_init,
628	ossl_hmac_signctx);
629
630	EVP_PKEY_meth_set_ctrl(meth, ossl_hmac_ctrl, ossl_hmac_ctrl_str);
631	ossl_hmac_meth = meth;
632	return 1;
633	}
634
635	static int ossl_pkey_meths(ENGINE e, EVP_PKEY_METHOD *pmeth,
636	const int **nids, int nid)
637	{
638	static int ossl_pkey_nids[] = {
639	EVP_PKEY_HMAC,
640	0
641	};
642
643	if (pmeth == NULL) {
644	*nids = ossl_pkey_nids;
645	return 1;
646	}
647
648	if (nid == EVP_PKEY_HMAC) {
649	*pmeth = ossl_hmac_meth;
650	return 1;
651	}
652
653	*pmeth = NULL;
654	return 0;
655	}
656
657	#endif
658
659	int openssl_destroy(ENGINE *e)
660	{
661	test_sha_md_destroy();
662	#ifdef TEST_ENG_OPENSSL_RC4
663	test_r4_cipher_destroy();
664	test_r4_40_cipher_destroy();
665	#endif
666	return 1;
667	}
668

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/libs/openssl-3.0.3/crypto/engine/eng_openssl.c@ 96662

Download in other formats: