Provide EVP_PKEY_get0_hmac(). From OpenSSL 1.1.1 which is still

freely licensed.

From jsing

4 files changed, 23 insertions, 3 deletions

diff --git a/lib/libcrypto/Symbols.list b/lib/libcrypto/Symbols.list
index 9fdf723f87f..9a8eacc8e3b 100644
--- a/lib/libcrypto/Symbols.list
+++ b/lib/libcrypto/Symbols.list
@@ -1438,6 +1438,7 @@ EVP_PKEY_get0_DSA
 EVP_PKEY_get0_EC_KEY
 EVP_PKEY_get0_RSA
 EVP_PKEY_get0_asn1
+EVP_PKEY_get0_hmac
 EVP_PKEY_get1_DH
 EVP_PKEY_get1_DSA
 EVP_PKEY_get1_EC_KEY
diff --git a/lib/libcrypto/evp/evp.h b/lib/libcrypto/evp/evp.h
index 22876f9fe99..e8ab36693a4 100644
--- a/lib/libcrypto/evp/evp.h
+++ b/lib/libcrypto/evp/evp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp.h,v 1.74 2019/03/17 18:07:41 tb Exp $ */
+/* $OpenBSD: evp.h,v 1.75 2019/03/17 18:17:44 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -902,6 +902,7 @@ int EVP_PKEY_set_type(EVP_PKEY *pkey, int type);
 int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len);
 int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key);
 void *EVP_PKEY_get0(const EVP_PKEY *pkey);
+const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
 
 #ifndef OPENSSL_NO_RSA
 struct rsa_st;
@@ -1487,6 +1488,7 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_ERROR_LOADING_SECTION			 165
 #define EVP_R_ERROR_SETTING_FIPS_MODE			 166
 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR			 119
+#define EVP_R_EXPECTING_AN_HMAC_KEY			 174
 #define EVP_R_EXPECTING_AN_RSA_KEY			 127
 #define EVP_R_EXPECTING_A_DH_KEY			 128
 #define EVP_R_EXPECTING_A_DSA_KEY			 129
diff --git a/lib/libcrypto/evp/evp_err.c b/lib/libcrypto/evp/evp_err.c
index 814637c739e..6bfb1c1dae9 100644
--- a/lib/libcrypto/evp/evp_err.c
+++ b/lib/libcrypto/evp/evp_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_err.c,v 1.23 2019/03/17 18:07:41 tb Exp $ */
+/* $OpenBSD: evp_err.c,v 1.24 2019/03/17 18:17:44 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -100,6 +100,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
 	{ERR_REASON(EVP_R_ERROR_LOADING_SECTION) , "error loading section"},
 	{ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE), "error setting fips mode"},
 	{ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR), "evp pbe cipherinit error"},
+	{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_AN_HMAC_KEY), "expecting an hmac key"},
 	{ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY)  , "expecting an rsa key"},
 	{ERR_REASON(EVP_R_EXPECTING_A_DH_KEY)    , "expecting a dh key"},
 	{ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY)   , "expecting a dsa key"},
diff --git a/lib/libcrypto/evp/p_lib.c b/lib/libcrypto/evp/p_lib.c
index 0e4c38e2188..13a9d65f28b 100644
--- a/lib/libcrypto/evp/p_lib.c
+++ b/lib/libcrypto/evp/p_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p_lib.c,v 1.24 2018/05/30 15:40:50 tb Exp $ */
+/* $OpenBSD: p_lib.c,v 1.25 2019/03/17 18:17:45 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -282,6 +282,22 @@ EVP_PKEY_get0(const EVP_PKEY *pkey)
 	return pkey->pkey.ptr;
 }
 
+const unsigned char *
+EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len)
+{
+	ASN1_OCTET_STRING *os;
+
+	if (pkey->type != EVP_PKEY_HMAC) {
+		EVPerror(EVP_R_EXPECTING_AN_HMAC_KEY);
+		return NULL;
+	}
+
+	os = EVP_PKEY_get0(pkey);
+	*len = os->length;
+
+	return os->data;
+}
+
 #ifndef OPENSSL_NO_RSA
 RSA *
 EVP_PKEY_get0_RSA(EVP_PKEY *pkey)