PKEY for CMAC: operation not supported for this keytype.
Hal Murray
hmurray at megapathdsl.net
Sun Jun 14 05:16:27 UTC 2020
I can't get CMAC to work via PKEY. I get the same error on 1.1.1g and 3.0.0
I'm using a cipher that works with the CMAC interface.
Can anybody see what I'm missing?
-------------- next part --------------
/* hack to demonstrate pkey troubles */
/* build with:
* cc -Wall -I/usr/local/ssl/include \
* -L/usr/local/ssl/lib -lcrypto -o pkey pkey.c
*/
#include <stdio.h>
#include <openssl/opensslv.h>
#include <openssl/err.h>
#include <openssl/evp.h>
int main(int argc, char *argv[])
{
const unsigned char key[16];
const EVP_CIPHER *cipher;
EVP_PKEY *pkey;
EVP_PKEY_CTX *ctx;
printf("Build: %lx, %s\n", \
OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT);
printf("Run: %lx, %s\n", \
OpenSSL_version_num(), OpenSSL_version(OPENSSL_VERSION));
cipher = EVP_aes_128_cbc();
pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), cipher);
if (NULL == pkey) {
unsigned long err = ERR_get_error();
char * str = ERR_error_string(err, NULL);
printf("## Oops, EVP_PKEY_new_CMAC_key() failed:\n %s.\n", str);
return 1;
}
ctx = EVP_PKEY_CTX_new(pkey, NULL);
if (NULL == ctx) {
unsigned long err = ERR_get_error();
char * str = ERR_error_string(err, NULL);
printf("## Oops, EVP_PKEY_CTX_new() failed:\n %s.\n", str);
return 1;
}
if (1 != EVP_PKEY_sign_init(ctx)) {
unsigned long err = ERR_get_error();
char * str = ERR_error_string(err, NULL);
printf("## Oops, EVP_PKEY_sign_init() failed:\n %s.\n", str);
return 1;
}
/* More here when we get that far. */
return 0;
}
-------------- next part --------------
--
These are my opinions. I hate spam.
More information about the openssl-users
mailing list