Thanks for that example. It's very helpful! I didn't know about the new EVP_MAC API (although I see it now in the migration guide). I wrote my implementation based on https://wiki.openssl.org/index.php/EVP_Signing_and_Verifying :-)
Tom.III
On Tue, Jul 13, 2021 at 4:07 PM Dr Paul Dale <pauli@xxxxxxxxxxx> wrote:
Please don't do it the PKEY way :)
Your code should look more like:
OSSL_PARAMS params[2];There are various other calls that tweak the flow but this is the basic idea.
EVP_MAC *mac = EVP_MAC_new(NULL, "HMAC", NULL);
EVP_MAC_CTX *mac_ctx = EVP_MAC_CTX_new(mac);
EVP_MAC_free(mac); /* Now or later is all good and depends on the app reusing it or not */
params[0] = OSSL_PARAMS_construct_utf8_string("digest", "SHA256", 0);
params[1] = OSSL_PARAMS_construct_end();
EVP_MAC_init(mac_ctx, key, key_len, params);
EVP_MAC_update(mac_ctx, data1, data1_len);
EVP_MAC_update(mac_ctx, data2, data2_len);
EVP_MAC_update(mac_ctx, data3, data3_len);
EVP_MAC_final(mac_ctx, out, &out_size, out_len);
EVP_MAC_CTX_free(mac_ctx);
Pauli
On 14/7/21 8:48 am, Thomas Dwyer III wrote:
This seems to work for me in 3.0, passing the EVP_MD to EVP_DigestSignInit():
pkey = EVP_PKEY_new_mac_key()
EVP_DigestSignInit()EVP_DigestSignUpdate()EVP_DigestSignUpdate()...EVP_DigestSignFinal()
Regards,Tom.III
On Tue, Jul 13, 2021 at 11:02 AM Ken Goldman <kgoldman@xxxxxxxxxx> wrote:
Porting to 3.0 ... HMAC_Init_ex() had a place for
the hash algorithm. EVP_MAC_init() does not,
unless it's embedded in the 'params' parameter.
Any advice? Or a sample for doing an
HMAC with 3.0?
