[openssl-dev] Variable length of digest
Dr. Stephen Henson
steve at openssl.org
Thu Dec 24 13:10:03 UTC 2015
On Thu, Dec 24, 2015, Dmitry Belyavsky wrote:
>
> If you try to change the output length via the -macopt option of the dgst
> command, you'll see that the text output will be 4 bytes.
> It seems to happen because of the internal call to the EVP_MD_size()
> function.
>
> If we change the EVP_MD_CTX_size() definition from a macro to a function
> trying to call the ctrl function and then to fallback to the result of the
> EVP_MD_size() function, it should improve the situation.
>
If you're using it as a MAC via EVP_DigestSign*() you shouldn't need to do any
of that. The MAC size is indicated via EVP_DigestSignFinal, looking through
the code of the dgst application this should already work (though no current
MAC does this) as long as the digest implementation handles things
appropriately. By "appropriately" you have to specify "signctx" in the
underlying EVP_PKEY_METHOD: see the source for EVP_DigestSignFinal().
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-dev
mailing list