EVP_PKEY_new_raw_private_key() vs EVP_PKEY_new_mac_key() ?

Thomas Dwyer III tomiii at tomiii.com
Thu May 14 21:21:30 UTC 2020

Are EVP_PKEY_new_raw_private_key() and EVP_PKEY_new_mac_key() functionally
equivalent? They have very different implementations internally but appear
to produce identical results when used with EVP_DigestSignInit() and key
type EVP_PKEY_HMAC. The documentation says "works like" but it's not clear
whether that really means "equivalent". I'm trying to write portable
(openssl version agnostic) HMAC functions and I'm concerned about the note
that says "New applications should use EVP_PKEY_new_raw_private_key()
instead" when that doesn't exist prior to 1.1.1. Is this the recommended

    EVP_PKEY *pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, ...);
    EVP_PKEY *pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, ...);

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20200514/9b71ef0d/attachment.html>

More information about the openssl-users mailing list