On Sun, 14 Jun 2020 07:16:27 +0200, Hal Murray wrote: > > I can't get CMAC to work via PKEY. I get the same error on 1.1.1g and 3.0.0 > > I'm using a cipher that works with the CMAC interface. > > Can anybody see what I'm missing? Yup. It's designed to work with the set of functions EVP_DigestSign*. Attached is the diff of your program, rewritten to use that. Cheers, Richard -- Richard Levitte levitte@xxxxxxxxxxx OpenSSL Project http://www.openssl.org/~levitte/ ===File /tmp/pkey.c.diff==================================== --- /home/levitte/tmp/pkey.c 2020-06-14 14:18:14.351804812 +0200 +++ test-cmac.c 2020-06-14 14:20:04.473406566 +0200 @@ -17,7 +17,7 @@ const unsigned char key[16]; const EVP_CIPHER *cipher; EVP_PKEY *pkey; - EVP_PKEY_CTX *ctx; + EVP_MD_CTX *mctx; printf("Build: %lx, %s\n", \ OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT); @@ -34,18 +34,18 @@ return 1; } - ctx = EVP_PKEY_CTX_new(pkey, NULL); - if (NULL == ctx) { + mctx = EVP_MD_CTX_new(); + if (NULL == mctx) { unsigned long err = ERR_get_error(); char * str = ERR_error_string(err, NULL); printf("## Oops, EVP_PKEY_CTX_new() failed:\n %s.\n", str); return 1; } - if (1 != EVP_PKEY_sign_init(ctx)) { + if (1 != EVP_DigestSignInit(mctx, NULL, NULL, NULL, pkey)) { unsigned long err = ERR_get_error(); char * str = ERR_error_string(err, NULL); - printf("## Oops, EVP_PKEY_sign_init() failed:\n %s.\n", str); + printf("## Oops, EVP_PKEY_DigestSignInit() failed:\n %s.\n", str); return 1; } ============================================================
