OpenSSL CVS Repository
http://cvs.openssl.org/
____________________________________________________________
________________
Server: cvs.openssl.org Name: Dr.
Stephen Henson
Root: /v/openssl/cvs Email: steve openssl.org
Module: openssl Date:
11-Apr-2007 14:33:07
Branch: HEAD Handle:
2007041113325412
Added files:
openssl/crypto/hmac hm_ameth.c hm_pmeth.c
Modified files:
openssl/crypto/asn1 ameth_lib.c
openssl/crypto/err err.c err.h openssl.ec
openssl/crypto/evp digest.c evp.h m_sigver.c
pmeth_lib.c
openssl/crypto/hmac Makefile hmac.c hmac.h
openssl/crypto/objects obj_dat.h obj_mac.h obj_mac.num
objects.txt
Log:
Experimental HMAC support via EVP_PKEY_METHOD.
Summary:
Revision Changes Path
1.17 +3 -1 openssl/crypto/asn1/ameth_lib.c
1.71 +1 -0 openssl/crypto/err/err.c
1.48 +2 -0 openssl/crypto/err/err.h
1.18 +1 -0 openssl/crypto/err/openssl.ec
1.33 +16 -3 openssl/crypto/evp/digest.c
1.171 +8 -0 openssl/crypto/evp/evp.h
1.5 +29 -15 openssl/crypto/evp/m_sigver.c
1.29 +4 -2 openssl/crypto/evp/pmeth_lib.c
1.7 +2 -2 openssl/crypto/hmac/Makefile
1.1 +154 -0 openssl/crypto/hmac/hm_ameth.c
1.1 +260 -0 openssl/crypto/hmac/hm_pmeth.c
1.20 +10 -0 openssl/crypto/hmac/hmac.c
1.19 +1 -0 openssl/crypto/hmac/hmac.h
1.101 +6 -3
openssl/crypto/objects/obj_dat.h
1.67 +4 -0
openssl/crypto/objects/obj_mac.h
1.57 +1 -0
openssl/crypto/objects/obj_mac.num
1.68 +4 -0
openssl/crypto/objects/objects.txt
____________________________________________________________
________________
patch -p0 <<' .'
Index: openssl/crypto/asn1/ameth_lib.c
============================================================
================
$ cvs diff -u -r1.16 -r1.17 ameth_lib.c
--- openssl/crypto/asn1/ameth_lib.c 27 Oct 2006 11:43:27
-0000 1.16
+++ openssl/crypto/asn1/ameth_lib.c 11 Apr 2007 12:32:54
-0000 1.17
-68,6 +68,7
extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[];
extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;
extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
/* Keep this sorted in type order !! */
static const EVP_PKEY_ASN1_METHOD *standard_methods[] =
-87,8 +88,9
&dsa_asn1_meths[4],
#endif
#ifndef OPENSSL_NO_EC
- &eckey_asn1_meth
+ &eckey_asn1_meth,
#endif
+ &hmac_asn1_meth
};
typedef int sk_cmp_fn_type(const char * const *a, const
char * const *b);
.
patch -p0 <<' .'
Index: openssl/crypto/err/err.c
============================================================
================
$ cvs diff -u -r1.70 -r1.71 err.c
--- openssl/crypto/err/err.c 23 Jun 2006 15:21:31
-0000 1.70
+++ openssl/crypto/err/err.c 11 Apr 2007 12:32:55
-0000 1.71
-150,6 +150,7
{ERR_PACK(ERR_LIB_TS,0,0) ,"time stamp
routines"},
{ERR_PACK(ERR_LIB_ENGINE,0,0) ,"engine
routines"},
{ERR_PACK(ERR_LIB_OCSP,0,0) ,"OCSP
routines"},
+{ERR_PACK(ERR_LIB_HMAC,0,0) ,"HMAC
routines"},
{0,NULL},
};
.
patch -p0 <<' .'
Index: openssl/crypto/err/err.h
============================================================
================
$ cvs diff -u -r1.47 -r1.48 err.h
--- openssl/crypto/err/err.h 23 Jun 2006 15:21:31
-0000 1.47
+++ openssl/crypto/err/err.h 11 Apr 2007 12:32:55
-0000 1.48
-195,6 +195,7
#define ERR_LIB_ECDH 43
#define ERR_LIB_STORE 44
#define ERR_LIB_TS 45
+#define ERR_LIB_HMAC 46
#define ERR_LIB_USER 128
-227,6 +228,7
#define ECDHerr(f,r)
ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__)
#define STOREerr(f,r)
ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__)
#define TSerr(f,r)
ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__)
+#define HMACerr(f,r)
ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__)
/* Borland C seems too stupid to be able to shift and do
longs in
* the pre-processor :-( */
.
patch -p0 <<' .'
Index: openssl/crypto/err/openssl.ec
============================================================
================
$ cvs diff -u -r1.17 -r1.18 openssl.ec
--- openssl/crypto/err/openssl.ec 12 Feb 2006 23:11:34
-0000 1.17
+++ openssl/crypto/err/openssl.ec 11 Apr 2007 12:32:55
-0000 1.18
-32,6 +32,7
L ECDH crypto/ecdh/ecdh.h crypto/ecdh/ech_err.c
L STORE crypto/store/store.h crypto/store/str_err.c
L TS crypto/ts/ts.h crypto/ts/ts_err.c
+L HMAC crypto/hmac/hmac.h crypto/hmac/hmac_err.c
# additional header files to be scanned for function
names
L NONE crypto/x509/x509_vfy.h NONE
.
patch -p0 <<' .'
Index: openssl/crypto/evp/digest.c
============================================================
================
$ cvs diff -u -r1.32 -r1.33 digest.c
--- openssl/crypto/evp/digest.c 10 Jul 2006 18:36:52
-0000 1.32
+++ openssl/crypto/evp/digest.c 11 Apr 2007 12:32:57
-0000 1.33
-198,19 +198,32
if (ctx->digest &&
ctx->digest->ctx_size)
OPENSSL_free(ctx->md_data);
ctx->digest=type;
- if (type->ctx_size)
+ if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
&& type->ctx_size)
+ {
+ ctx->update = type->update;
ctx->md_data=OPENSSL_malloc(type->ctx_size);
+ }
}
#ifndef OPENSSL_NO_ENGINE
skip_to_init:
#endif
+ if (ctx->pctx)
+ {
+ int r;
+ r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1,
EVP_PKEY_OP_TYPE_SIG,
+ EVP_PKEY_CTRL_DIGESTINIT, 0, ctx);
+ if (r <= 0 && (r != -2))
+ return 0;
+ }
+ if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
+ return 1;
return ctx->digest->init(ctx);
}
int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data,
size_t count)
{
- return ctx->digest->update(ctx,data,count);
+ return ctx->update(ctx,data,count);
}
/* The caller can assume that this removes any secret
data from the context */
-272,7 +285,7
EVP_MD_CTX_cleanup(out);
memcpy(out,in,sizeof *out);
- if (out->digest->ctx_size)
+ if (in->md_data &&
out->digest->ctx_size)
{
if (tmp_buf) out->md_data = tmp_buf;
else
out->md_data=OPENSSL_malloc(out->digest->ctx_size);
.
patch -p0 <<' .'
Index: openssl/crypto/evp/evp.h
============================================================
================
$ cvs diff -u -r1.170 -r1.171 evp.h
--- openssl/crypto/evp/evp.h 8 Feb 2007 19:07:43
-0000 1.170
+++ openssl/crypto/evp/evp.h 11 Apr 2007 12:32:57
-0000 1.171
-115,6 +115,7
#define EVP_PKEY_DSA4 NID_dsaWithSHA1_2
#define EVP_PKEY_DH NID_dhKeyAgreement
#define EVP_PKEY_EC NID_X9_62_id_ecPublicKey
+#define EVP_PKEY_HMAC NID_hmac
#ifdef __cplusplus
extern "C" {
-266,6 +267,8
void *md_data;
/* Public key context for sign/verify */
EVP_PKEY_CTX *pctx;
+ /* Update function: usually copied from EVP_MD */
+ int (*update)(EVP_MD_CTX *ctx,const void *data,size_t
count);
} /* EVP_MD_CTX */;
/* values for EVP_MD_CTX flags */
-276,6 +279,7
* cleaned */
#define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up
ctx->md_data
* in EVP_MD_CTX_cleanup */
+#define EVP_MD_CTX_FLAG_NO_INIT 0x0008 /* Don't
initialized md_data */
/* MD operational flags */
-997,6 +1001,10
#define EVP_PKEY_CTRL_PKCS7_SIGN 5
+#define EVP_PKEY_CTRL_SET_MAC_KEY 6
+
+#define EVP_PKEY_CTRL_DIGESTINIT 7
+
#define EVP_PKEY_ALG_CTRL 0x1000
#define EVP_PKEY_FLAG_AUTOARGLEN 2
.
patch -p0 <<' .'
Index: openssl/crypto/evp/m_sigver.c
============================================================
================
$ cvs diff -u -r1.4 -r1.5 m_sigver.c
--- openssl/crypto/evp/m_sigver.c 8 Apr 2007 16:53:50
-0000 1.4
+++ openssl/crypto/evp/m_sigver.c 11 Apr 2007 12:32:58
-0000 1.5
-67,7 +67,6
const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey,
int ver)
{
- int r = 0;
if (ctx->pctx == NULL)
ctx->pctx = EVP_PKEY_CTX_new(pkey, e);
if (ctx->pctx == NULL)
-76,9 +75,9
{
if (ctx->pctx->pmeth->verifyctx_init)
{
- r =
ctx->pctx->pmeth->verifyctx_init(ctx->pctx,
ctx);
- if (r <= 0)
+ if
(ctx->pctx->pmeth->verifyctx_init(ctx->pctx,
ctx) <=0)
return 0;
+ ctx->pctx->operation = EVP_PKEY_OP_VERIFYCTX;
}
else if (EVP_PKEY_verify_init(ctx->pctx) <= 0)
return 0;
-87,18 +86,18
{
if (ctx->pctx->pmeth->signctx_init)
{
- r =
ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx);
- if (r <= 0)
+ if
(ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx)
<= 0)
return 0;
+ ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX;
}
- if (EVP_PKEY_sign_init(ctx->pctx) <= 0)
+ else if (EVP_PKEY_sign_init(ctx->pctx) <= 0)
return 0;
}
if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type)
<= 0)
return 0;
if (pctx)
*pctx = ctx->pctx;
- if ((r != 2) && !EVP_DigestInit_ex(ctx, type,
e))
+ if (!EVP_DigestInit_ex(ctx, type, e))
return 0;
return 1;
}
-118,7 +117,11
int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char
*sigret, size_t *siglen)
{
- int r;
+ int sctx, r = 0;
+ if (ctx->pctx->pmeth->signctx)
+ sctx = 1;
+ else
+ sctx = 0;
if (sigret)
{
MS_STATIC EVP_MD_CTX tmp_ctx;
-127,20 +130,26
EVP_MD_CTX_init(&tmp_ctx);
if (!EVP_MD_CTX_copy_ex(&tmp_ctx,ctx))
return 0;
- if (tmp_ctx.pctx->pmeth->signctx)
+ if (sctx)
r = tmp_ctx.pctx->pmeth->signctx(tmp_ctx.pctx,
sigret, siglen, &tmp_ctx);
else
r = EVP_DigestFinal_ex(&tmp_ctx,md,&mdlen);
EVP_MD_CTX_cleanup(&tmp_ctx);
- if (!r)
- return 0;
+ if (sctx || !r)
+ return r;
if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, md,
mdlen) <= 0)
return 0;
}
else
{
- if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, NULL,
+ if (sctx)
+ {
+ if (ctx->pctx->pmeth->signctx(ctx->pctx,
+ sigret, siglen, ctx) <= 0)
+ return 0;
+ }
+ else if (EVP_PKEY_sign(ctx->pctx, sigret, siglen,
NULL,
EVP_MD_size(ctx->digest)) <= 0)
return 0;
}
-153,10 +162,15
unsigned char md[EVP_MAX_MD_SIZE];
int r;
unsigned int mdlen;
+ int vctx;
+ if (ctx->pctx->pmeth->signctx)
+ vctx = 1;
+ else
+ vctx = 0;
EVP_MD_CTX_init(&tmp_ctx);
if (!EVP_MD_CTX_copy_ex(&tmp_ctx,ctx))
return -1;
- if (tmp_ctx.pctx->pmeth->verifyctx)
+ if (vctx)
{
r = tmp_ctx.pctx->pmeth->verifyctx(tmp_ctx.pctx,
sig, siglen, &tmp_ctx);
-164,7 +178,7
else
r = EVP_DigestFinal_ex(&tmp_ctx,md,&mdlen);
EVP_MD_CTX_cleanup(&tmp_ctx);
- if (!r)
- return -1;
+ if (vctx || !r)
+ return r;
return EVP_PKEY_verify(ctx->pctx, sig, siglen, md,
mdlen);
}
.
patch -p0 <<' .'
Index: openssl/crypto/evp/pmeth_lib.c
============================================================
================
$ cvs diff -u -r1.28 -r1.29 pmeth_lib.c
--- openssl/crypto/evp/pmeth_lib.c 26 Feb 2007 18:32:53
-0000 1.28
+++ openssl/crypto/evp/pmeth_lib.c 11 Apr 2007 12:32:58
-0000 1.29
-70,14 +70,16
typedef int sk_cmp_fn_type(const char * const *a, const
char * const *b);
STACK *app_pkey_methods = NULL;
-extern EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth,
dsa_pkey_meth, ec_pkey_meth;
+extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth,
dsa_pkey_meth;
+extern const EVP_PKEY_METHOD ec_pkey_meth,
hmac_pkey_meth;
static const EVP_PKEY_METHOD *standard_methods[] =
{
&rsa_pkey_meth,
&dh_pkey_meth,
&dsa_pkey_meth,
- &ec_pkey_meth
+ &ec_pkey_meth,
+ &hmac_pkey_meth,
};
static int pmeth_cmp(const EVP_PKEY_METHOD * const *a,
.
patch -p0 <<' .'
Index: openssl/crypto/hmac/Makefile
============================================================
================
$ cvs diff -u -r1.6 -r1.7 Makefile
--- openssl/crypto/hmac/Makefile 4 Feb 2006 01:45:34
-0000 1.6
+++ openssl/crypto/hmac/Makefile 11 Apr 2007 12:32:59
-0000 1.7
-17,8 +17,8
APPS=
LIB=$(TOP)/libcrypto.a
-LIBSRC=hmac.c
-LIBOBJ=hmac.o
+LIBSRC=hmac.c hm_ameth.c hm_pmeth.c
+LIBOBJ=hmac.o hm_ameth.o hm_pmeth.o
SRC= $(LIBSRC)
.
patch -p0 <<' .'
Index: openssl/crypto/hmac/hm_ameth.c
============================================================
================
$ cvs diff -u -r0 -r1.1 hm_ameth.c
--- /dev/null 2007-04-11 14:33:01 +0200
+++ hm_ameth.c 2007-04-11 14:33:00 +0200
-0,0 +1,154
+/* Written by Dr Stephen N Henson (shensonbigfoot.com) for the OpenSSL
+ * project 2007.
+ */
+/*
============================================================
========
+ * Copyright (c) 2007 The OpenSSL Project. All rights
reserved.
+ *
+ * Redistribution and use in source and binary forms,
with or without
+ * modification, are permitted provided that the
following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the
above copyright
+ * notice, this list of conditions and the following
disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the
above copyright
+ * notice, this list of conditions and the following
disclaimer in
+ * the documentation and/or other materials provided
with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or
use of this
+ * software must display the following
acknowledgment:
+ * "This product includes software developed by
the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)&
quot;
+ *
+ * 4. The names "OpenSSL Toolkit" and
"OpenSSL Project" must not be used to
+ * endorse or promote products derived from this
software without
+ * prior written permission. For written permission,
please contact
+ * licensingOpenSSL.org.
+ *
+ * 5. Products derived from this software may not be
called "OpenSSL"
+ * nor may "OpenSSL" appear in their names
without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain
the following
+ * acknowledgment:
+ * "This product includes software developed by
the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)&
quot;
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS
IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL
PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
============================================================
========
+ *
+ * This product includes cryptographic software written
by Eric Young
+ * (eaycryptsoft.com). This product includes software
written by Tim
+ * Hudson (tjhcryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include "asn1_locl.h"
+
+#define HMAC_TEST_PRIVATE_KEY_FORMAT
+
+/* HMAC "ASN1" method. This is just here to
indicate the
+ * maximum HMAC output length and to free up an HMAC
+ * key.
+ */
+
+static int hmac_size(const EVP_PKEY *pkey)
+ {
+ return EVP_MAX_MD_SIZE;
+ }
+
+static void hmac_key_free(EVP_PKEY *pkey)
+ {
+ ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING
*)pkey->pkey.ptr;
+ if (os)
+ {
+ if (os->data)
+ OPENSSL_cleanse(os->data, os->length);
+ ASN1_OCTET_STRING_free(os);
+ }
+ }
+
+
+#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT
+/* A bogus private key format for test purposes. This is
simply the
+ * HMAC key with "HMAC PRIVATE KEY" in the
headers. When enabled the
+ * genpkey utility can be used to "generate"
HMAC keys.
+ */
+
+static int old_hmac_decode(EVP_PKEY *pkey,
+ const unsigned char **pder, int derlen)
+ {
+ ASN1_OCTET_STRING *os;
+ os = ASN1_OCTET_STRING_new();
+ if (!os || !ASN1_OCTET_STRING_set(os, *pder, derlen))
+ return 0;
+ EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, os);
+ return 1;
+ }
+
+static int old_hmac_encode(const EVP_PKEY *pkey, unsigned
char **pder)
+ {
+ int inc;
+ ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING
*)pkey->pkey.ptr;
+ if (pder)
+ {
+ if (!*pder)
+ {
+ *pder = OPENSSL_malloc(os->length);
+ inc = 0;
+ }
+ else inc = 1;
+
+ memcpy(*pder, os->data, os->length);
+
+ if (inc)
+ *pder += os->length;
+ }
+
+ return os->length;
+ }
+
+#endif
+
+const EVP_PKEY_ASN1_METHOD hmac_asn1_meth =
+ {
+ EVP_PKEY_HMAC,
+ EVP_PKEY_HMAC,
+ 0,
+
+ "HMAC",
+ "OpenSSL HMAC method",
+
+ 0,0,0,0,
+
+ 0,0,0,
+
+ hmac_size,
+ 0,
+ 0,0,0,0,0,0,
+
+ hmac_key_free,
+ 0,
+#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT
+ old_hmac_decode,
+ old_hmac_encode
+#else
+ 0,0
+#endif
+ };
+
.
patch -p0 <<' .'
Index: openssl/crypto/hmac/hm_pmeth.c
============================================================
================
$ cvs diff -u -r0 -r1.1 hm_pmeth.c
--- /dev/null 2007-04-11 14:33:01 +0200
+++ hm_pmeth.c 2007-04-11 14:33:03 +0200
-0,0 +1,260
+/* Written by Dr Stephen N Henson (shensonbigfoot.com) for the OpenSSL
+ * project 2007.
+ */
+/*
============================================================
========
+ * Copyright (c) 2007 The OpenSSL Project. All rights
reserved.
+ *
+ * Redistribution and use in source and binary forms,
with or without
+ * modification, are permitted provided that the
following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the
above copyright
+ * notice, this list of conditions and the following
disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the
above copyright
+ * notice, this list of conditions and the following
disclaimer in
+ * the documentation and/or other materials provided
with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or
use of this
+ * software must display the following
acknowledgment:
+ * "This product includes software developed by
the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)&
quot;
+ *
+ * 4. The names "OpenSSL Toolkit" and
"OpenSSL Project" must not be used to
+ * endorse or promote products derived from this
software without
+ * prior written permission. For written permission,
please contact
+ * licensingOpenSSL.org.
+ *
+ * 5. Products derived from this software may not be
called "OpenSSL"
+ * nor may "OpenSSL" appear in their names
without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain
the following
+ * acknowledgment:
+ * "This product includes software developed by
the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)&
quot;
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS
IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL
PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
============================================================
========
+ *
+ * This product includes cryptographic software written
by Eric Young
+ * (eaycryptsoft.com). This product includes software
written by Tim
+ * Hudson (tjhcryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include "evp_locl.h"
+
+/* HMAC pkey context structure */
+
+typedef struct
+ {
+ const EVP_MD *md; /* MD for HMAC use */
+ EVP_MD_CTX *mctx; /* Parent EVP_MD_CTX */
+ ASN1_OCTET_STRING ktmp; /* Temp storage for key */
+ HMAC_CTX ctx;
+ } HMAC_PKEY_CTX;
+
+static int pkey_hmac_init(EVP_PKEY_CTX *ctx)
+ {
+ HMAC_PKEY_CTX *hctx;
+ hctx = OPENSSL_malloc(sizeof(HMAC_PKEY_CTX));
+ if (!hctx)
+ return 0;
+ hctx->md = NULL;
+ hctx->mctx = NULL;
+ hctx->ktmp.data = NULL;
+ HMAC_CTX_init(&hctx->ctx);
+
+ ctx->data = hctx;
+ ctx->keygen_info_count = 0;
+
+ return 1;
+ }
+
+static int pkey_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX
*src)
+ {
+ HMAC_PKEY_CTX *sctx, *dctx;
+ if (!pkey_hmac_init(dst))
+ return 0;
+ sctx = src->data;
+ dctx = dst->data;
+ dctx->md = sctx->md;
+ HMAC_CTX_init(&dctx->ctx);
+ HMAC_CTX_copy(&dctx->ctx, &sctx->ctx);
+ if (sctx->ktmp.data)
+ {
+ if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
+ sctx->ktmp.data, sctx->ktmp.length))
+ return 0;
+ }
+ return 1;
+ }
+
+static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx)
+ {
+ HMAC_PKEY_CTX *hctx = ctx->data;
+ HMAC_CTX_cleanup(&hctx->ctx);
+ if (hctx->ktmp.data)
+ {
+ OPENSSL_cleanse(hctx->ktmp.data,
hctx->ktmp.length);
+ OPENSSL_free(hctx->ktmp.data);
+ hctx->ktmp.data = NULL;
+ }
+ OPENSSL_free(hctx);
+ }
+
+static int pkey_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY
*pkey)
+ {
+ ASN1_OCTET_STRING *hkey = NULL;
+ HMAC_PKEY_CTX *hctx = ctx->data;
+ if (!hctx->ktmp.data)
+ return 0;
+ hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp);
+ if (!hkey)
+ return 0;
+ EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey);
+
+ return 1;
+ }
+
+static int int_update(EVP_MD_CTX *ctx,const void
*data,size_t count)
+ {
+ HMAC_PKEY_CTX *hctx = ctx->pctx->data;
+ HMAC_Update(&hctx->ctx, data, count);
+ return 1;
+ }
+
+static int hmac_signctx_init(EVP_PKEY_CTX *ctx,
EVP_MD_CTX *mctx)
+ {
+ HMAC_PKEY_CTX *hctx = ctx->data;
+ hctx->mctx = mctx;
+ EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
+ mctx->update = int_update;
+ return 1;
+ }
+
+static int hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char
*sig, size_t *siglen,
+ EVP_MD_CTX *mctx)
+ {
+ unsigned int hlen;
+ HMAC_PKEY_CTX *hctx = ctx->data;
+ *siglen = EVP_MD_CTX_size(mctx);
+ if (!sig)
+ return 1;
+
+ HMAC_Final(&hctx->ctx, sig, &hlen);
+ *siglen = (size_t)hlen;
+ return 1;
+ }
+
+static int pkey_hmac_ctrl(EVP_PKEY_CTX *ctx, int type,
int p1, void *p2)
+ {
+ HMAC_PKEY_CTX *hctx = ctx->data;
+ ASN1_OCTET_STRING *key;
+ switch (type)
+ {
+
+ case EVP_PKEY_CTRL_SET_MAC_KEY:
+ if ((!p2 && p1 > 0) || (p1 < -1))
+ return 0;
+ if (!ASN1_OCTET_STRING_set(&hctx->ktmp, p2,
p1))
+ return 0;
+ break;
+
+ case EVP_PKEY_CTRL_MD:
+ hctx->md = p2;
+ break;
+
+ case EVP_PKEY_CTRL_DIGESTINIT:
+ key = (ASN1_OCTET_STRING *)ctx->pkey->pkey.ptr;
+ HMAC_Init_ex(&hctx->ctx, key->data,
key->length, hctx->md,
+ ctx->engine);
+ break;
+
+ default:
+ return -2;
+
+ }
+ return 1;
+ }
+
+static int pkey_hmac_ctrl_str(EVP_PKEY_CTX *ctx,
+ const char *type, const char *value)
+ {
+ if (!value)
+ {
+ return 0;
+ }
+ if (!strcmp(type, "key"))
+ {
+ return pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY,
+ -1, (void *)value);
+ }
+ if (!strcmp(type, "hexkey"))
+ {
+ unsigned char *key;
+ int r;
+ long keylen;
+ key = string_to_hex(value, &keylen);
+ if (!key)
+ return 0;
+ r = pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY,
keylen, key);
+ OPENSSL_free(key);
+ return r;
+ }
+ return -2;
+ }
+
+const EVP_PKEY_METHOD hmac_pkey_meth =
+ {
+ EVP_PKEY_HMAC,
+ 0,
+ pkey_hmac_init,
+ pkey_hmac_copy,
+ pkey_hmac_cleanup,
+
+ 0, 0,
+
+ 0,
+ pkey_hmac_keygen,
+
+ 0, 0,
+
+ 0, 0,
+
+ 0,0,
+
+ hmac_signctx_init,
+ hmac_signctx,
+
+ 0,0,
+
+ 0,0,
+
+ 0,0,
+
+ 0,0,
+
+ pkey_hmac_ctrl,
+ pkey_hmac_ctrl_str
+
+ };
.
patch -p0 <<' .'
Index: openssl/crypto/hmac/hmac.c
============================================================
================
$ cvs diff -u -r1.19 -r1.20 hmac.c
--- openssl/crypto/hmac/hmac.c 17 May 2005 00:01:47
-0000 1.19
+++ openssl/crypto/hmac/hmac.c 11 Apr 2007 12:32:59
-0000 1.20
-147,6 +147,16
EVP_MD_CTX_init(&ctx->md_ctx);
}
+void HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
+ {
+ EVP_MD_CTX_copy(&dctx->i_ctx,
&sctx->i_ctx);
+ EVP_MD_CTX_copy(&dctx->o_ctx,
&sctx->o_ctx);
+ EVP_MD_CTX_copy(&dctx->md_ctx,
&sctx->md_ctx);
+ memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK);
+ dctx->key_length = sctx->key_length;
+ dctx->md = sctx->md;
+ }
+
void HMAC_CTX_cleanup(HMAC_CTX *ctx)
{
EVP_MD_CTX_cleanup(&ctx->i_ctx);
.
patch -p0 <<' .'
Index: openssl/crypto/hmac/hmac.h
============================================================
================
$ cvs diff -u -r1.18 -r1.19 hmac.h
--- openssl/crypto/hmac/hmac.h 31 May 2004 13:28:23
-0000 1.18
+++ openssl/crypto/hmac/hmac.h 11 Apr 2007 12:33:00
-0000 1.19
-99,6 +99,7
unsigned char *HMAC(const EVP_MD *evp_md, const void
*key, int key_len,
const unsigned char *d, size_t n, unsigned char
*md,
unsigned int *md_len);
+void HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
#ifdef __cplusplus
.
patch -p0 <<' .'
Index: openssl/crypto/objects/obj_dat.h
============================================================
================
$ cvs diff -u -r1.100 -r1.101 obj_dat.h
--- openssl/crypto/objects/obj_dat.h 23 Mar 2007 17:04:01
-0000 1.100
+++ openssl/crypto/objects/obj_dat.h 11 Apr 2007 12:33:04
-0000 1.101
-62,9 +62,9
* [including the GNU Public Licence.]
*/
-#define NUM_NID 836
-#define NUM_SN 832
-#define NUM_LN 832
+#define NUM_NID 837
+#define NUM_SN 833
+#define NUM_LN 833
#define NUM_OBJ 787
static unsigned char lvalues[5560]={
-2209,6 +2209,7
{"dsa_with_SHA256","dsa_with_SHA256",NID
_dsa_with_SHA256,9,
&(lvalues[5550]),0},
{"gost89-cnt","gost89-cnt",NID_gost89_cn
t,0,NULL,0},
+{"HMAC","hmac",NID_hmac,0,NULL,0},
};
static ASN1_OBJECT *sn_objs[NUM_SN]={
-2289,6 +2290,7
&(nid_objs[67]),/* "DSA-old" */
&(nid_objs[297]),/* "DVCS" */
&(nid_objs[99]),/* "GN" */
+&(nid_objs[836]),/* "HMAC" */
&(nid_objs[381]),/* "IANA" */
&(nid_objs[34]),/* "IDEA-CBC" */
&(nid_objs[35]),/* "IDEA-CFB" */
-3336,6 +3338,7
&(nid_objs[601]),/* "generic cryptogram"
*/
&(nid_objs[99]),/* "givenName" */
&(nid_objs[835]),/* "gost89-cnt" */
+&(nid_objs[836]),/* "hmac" */
&(nid_objs[772]),/* "hmacWithMD5" */
&(nid_objs[163]),/* "hmacWithSHA1" */
&(nid_objs[773]),/* "hmacWithSHA224" */
.
patch -p0 <<' .'
Index: openssl/crypto/objects/obj_mac.h
============================================================
================
$ cvs diff -u -r1.66 -r1.67 obj_mac.h
--- openssl/crypto/objects/obj_mac.h 23 Mar 2007 17:04:01
-0000 1.66
+++ openssl/crypto/objects/obj_mac.h 11 Apr 2007 12:33:05
-0000 1.67
-3680,3 +3680,7
#define
LN_camellia_256_cfb8 "camellia-256-cfb8"
#define NID_camellia_256_cfb8 765
+#define SN_hmac "HMAC"
+#define LN_hmac "hmac"
+#define NID_hmac 836
+
.
patch -p0 <<' .'
Index: openssl/crypto/objects/obj_mac.num
============================================================
================
$ cvs diff -u -r1.56 -r1.57 obj_mac.num
--- openssl/crypto/objects/obj_mac.num 23 Mar 2007
17:04:02 -0000 1.56
+++ openssl/crypto/objects/obj_mac.num 11 Apr 2007
12:33:05 -0000 1.57
-833,3 +833,4
dsa_with_SHA224 833
dsa_with_SHA256 834
gost89_cnt 835
+hmac 836
.
patch -p0 <<' .'
Index: openssl/crypto/objects/objects.txt
============================================================
================
$ cvs diff -u -r1.67 -r1.68 objects.txt
--- openssl/crypto/objects/objects.txt 23 Mar 2007
17:04:02 -0000 1.67
+++ openssl/crypto/objects/objects.txt 11 Apr 2007
12:33:06 -0000 1.68
-1188,3 +1188,7
: CAMELLIA-128-CFB8 : camellia-128-cfb8
: CAMELLIA-192-CFB8 : camellia-192-cfb8
: CAMELLIA-256-CFB8 : camellia-256-cfb8
+
+# There is no OID that just denotes "HMAC"
oddly enough...
+
+ : HMAC : hmac
.
____________________________________________________________
__________
OpenSSL Project http://www.openssl.org
CVS Repository Commit List
openssl-cvsopenssl.org
Automated List Manager
majordomoopenssl.org
|
