[openssl-dev] Keyed hashing APIs for EVP?

Bill Cox waywardgeek at google.com
Sat Jan 16 18:34:25 UTC 2016


It is a yucky rainy 3-day weekend here in Marin, so at long last, I am
working on integrating BLAKE2 into OpenSSL.  Rich Salz has voiced support
for including it, and I've got initial code over on github under
waywardgeek/openssl.  It is just the ref version, so there's nothing
exciting there yet.  I am working on the API calls now, and need some
advice.

BLAKE2 is very cool in many ways, especially to a speed-freak like me.
BLAKE2 is a "keyed hash" that can be used as a MAC directly, without
requiring the overhead of HMAC.  I do not see any support in the EVP for
keyed hash functions.  Did I miss something in the EVP API?  It would not
be the first time.  I'm not being too lazy to read the evp.h.  I just don't
see very well, and as can be seen from my emails, I really don't see what's
in front of me very well.  I looked at every line that contained "digest",
but nothing looked compatible with keyed hashing.

I feel keyed hashing is here to stay.  Keccak also has this feature.
Assuming I'm reading the EVP API correctly, should add support for keyed
digests to EVP.  What do you folks think?

Thanks,
Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160116/f41b8e12/attachment.html>


More information about the openssl-dev mailing list