PKEY for CMAC: operation not supported for this keytype.
Richard Levitte
levitte at openssl.org
Sun Jun 14 12:22:52 UTC 2020
On Sun, 14 Jun 2020 07:16:27 +0200,
Hal Murray wrote:
>
> I can't get CMAC to work via PKEY. I get the same error on 1.1.1g and 3.0.0
>
> I'm using a cipher that works with the CMAC interface.
>
> Can anybody see what I'm missing?
Yup. It's designed to work with the set of functions EVP_DigestSign*.
Attached is the diff of your program, rewritten to use that.
Cheers,
Richard
--
Richard Levitte levitte at openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
===File /tmp/pkey.c.diff====================================
--- /home/levitte/tmp/pkey.c 2020-06-14 14:18:14.351804812 +0200
+++ test-cmac.c 2020-06-14 14:20:04.473406566 +0200
@@ -17,7 +17,7 @@
const unsigned char key[16];
const EVP_CIPHER *cipher;
EVP_PKEY *pkey;
- EVP_PKEY_CTX *ctx;
+ EVP_MD_CTX *mctx;
printf("Build: %lx, %s\n", \
OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT);
@@ -34,18 +34,18 @@
return 1;
}
- ctx = EVP_PKEY_CTX_new(pkey, NULL);
- if (NULL == ctx) {
+ mctx = EVP_MD_CTX_new();
+ if (NULL == mctx) {
unsigned long err = ERR_get_error();
char * str = ERR_error_string(err, NULL);
printf("## Oops, EVP_PKEY_CTX_new() failed:\n %s.\n", str);
return 1;
}
- if (1 != EVP_PKEY_sign_init(ctx)) {
+ if (1 != EVP_DigestSignInit(mctx, NULL, NULL, NULL, pkey)) {
unsigned long err = ERR_get_error();
char * str = ERR_error_string(err, NULL);
- printf("## Oops, EVP_PKEY_sign_init() failed:\n %s.\n", str);
+ printf("## Oops, EVP_PKEY_DigestSignInit() failed:\n %s.\n", str);
return 1;
}
============================================================
More information about the openssl-users
mailing list