[openssl-users] "openssl dgst" computes wrong HMAC?

Johannes Bauer dfnsonfsduifb at gmx.de
Tue Feb 3 09:00:18 UTC 2015


Hi list,

when I use OpenSSL I suspect some funny business going on with the HMAC
computation of "openssl dgst" command line tool. Consider:

$ echo -n foobar | openssl dgst -sha256 -hex -hmac aabbcc
(stdin)= 6e74cdc3b72b8b66535b914357c7d656a22acbb1700b4e6de688fd5c091d305c

But

#include <stdio.h>
#include <stdint.h>
#include <stdbool.h>
#include <openssl/hmac.h>
#include "hexdump.h"

int main() {
	uint8_t digest[32];
	HMAC_CTX hmacCtx;
	HMAC_CTX_init(&hmacCtx);
	HMAC_Init_ex(&hmacCtx, "\xaa\xbb\xcc", 3, EVP_sha256(), NULL);
	HMAC_Update(&hmacCtx, "foobar", 6);

	unsigned int length;
	HMAC_Final(&hmacCtx, digest, &length);
	HMAC_CTX_cleanup(&hmacCtx);
	HexDump(digest, 32);
	return 0;
}

Yields 985343745ee86b452c7c0b327171829c77e1a022f423d95156b52fa22083db8e

Also, Python:

#!/usr/bin/python3
import Crypto.Hash.HMAC
import Crypto.Hash.SHA256
key = b"\xaa\xbb\xcc"
data = b"foobar"
hmac = Crypto.Hash.HMAC.new(digestmod = Crypto.Hash.SHA256, key = key)
hmac.update(data)
result = hmac.digest()
print("".join("%02x" % (c) for c in result))

Yields 985343745ee86b452c7c0b327171829c77e1a022f423d95156b52fa22083db8e

Am I using "openssl dgst" wrong or is it just plain broken?

Regards,
Johannes


More information about the openssl-users mailing list