EVP_MAC_init - specify the hash algorithm
Dr Paul Dale
pauli at openssl.org
Fri Sep 10 02:50:31 UTC 2021
My mistake, it's EVP_MAC_fetch not EVP_MAC_new.
The names are all case insensitive and are documented in the man7 pages:
https://www.openssl.org/docs/man3.0/man7/EVP_MAC-HMAC.html and
https://www.openssl.org/docs/man3.0/man7/EVP_MD-SHA2.html.
The HMAC parameter names and types are also there:
https://www.openssl.org/docs/man3.0/man7/EVP_MAC-HMAC.html
Pauli
On 10/9/21 9:07 am, Ken Goldman wrote:
> Where does one get the parameter values?
>
> E.g., where would I see the value strings for the EVP_MAC_new algorithm
> and the digest parameter values.
>
> I can guess HMAC and SHA256, but are they documented?
>
> Case sensitive? Which is preferred?
>
> You use EVP_MAC_new, which is undocumented. The doc sample
> uses EVP_MAC_fetch. Which is preferred?
>
> On 7/13/2021 7:06 PM, Dr Paul Dale wrote:
>>
>> Your code should look more like:
>>
>> OSSL_PARAMS params[2];
>> EVP_MAC *mac = EVP_MAC_new(NULL, "HMAC", NULL);
>> EVP_MAC_CTX *mac_ctx = EVP_MAC_CTX_new(mac);
>> EVP_MAC_free(mac); /* Now or later is all good and depends on the
>> app reusing it or not */
>>
>> params[0] = OSSL_PARAMS_construct_utf8_string("digest", "SHA256",
>> 0);
>> params[1] = OSSL_PARAMS_construct_end();
>>
>> EVP_MAC_init(mac_ctx, key, key_len, params);
>> EVP_MAC_update(mac_ctx, data1, data1_len);
>> EVP_MAC_update(mac_ctx, data2, data2_len);
>> EVP_MAC_update(mac_ctx, data3, data3_len);
>> EVP_MAC_final(mac_ctx, out, &out_size, out_len);
>> EVP_MAC_CTX_free(mac_ctx);
>>
>
>
>
More information about the openssl-users
mailing list