EVP_PKEY_new_raw_private_key() vs EVP_PKEY_new_mac_key() ?
Thomas Dwyer III
tomiii at tomiii.com
Thu May 14 21:21:30 UTC 2020
Are EVP_PKEY_new_raw_private_key() and EVP_PKEY_new_mac_key() functionally
equivalent? They have very different implementations internally but appear
to produce identical results when used with EVP_DigestSignInit() and key
type EVP_PKEY_HMAC. The documentation says "works like" but it's not clear
whether that really means "equivalent". I'm trying to write portable
(openssl version agnostic) HMAC functions and I'm concerned about the note
that says "New applications should use EVP_PKEY_new_raw_private_key()
instead" when that doesn't exist prior to 1.1.1. Is this the recommended
solution?
#if OPENSSL_VERSION_NUMBER < 0x10101000L
EVP_PKEY *pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, ...);
#else
EVP_PKEY *pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, ...);
#endif
Thanks,
Tom.III
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20200514/9b71ef0d/attachment.html>
More information about the openssl-users
mailing list