EVP_MAC_init() in 3.0 alpha 13

Hal Murray hmurray at megapathdsl.net
Mon Apr 5 12:51:35 UTC 2021


It used to take just a ctx.  Now it also wants a key+length and a params.

I have some simple/hack code to time 2 cases.  The first gives it the key each 
time.  The second preloads the key.  That would require an evp per key, but I 
might we willing to make that space/time tradeoff.

The each time mode of my old code put the cipher and key into a params array, 
then called
  EVP_MAC_CTX_set_params(ctx, params) and then
  EVP_MAC_init(ctx)
That's easy to change.  I just drop putting the key into a params slot and 
drop calling set_parms and add the key and parms to EVP_MAC_init.  That worked.

Is there a way to use a preloaded key?  I tried using NULL for key and params 
when calling EVP_MAC_init.  It compiles and runs but doesn't get the right 
answer.  Is that, or something like it supposed to work?

--------

EVP_MAC_CTX_set_params() seems ugly to me.

My inner loop looks like:
  EVP_MAC_CTX_set_params()
  EVP_MAC_init()
  EVP_MAC_update()
  EVP_MAC_final()

I'm trying to make things go fast.  It's going to have to do string compares 
to figure out what I want to do.  I'm working with small blocks of data (48 
bytes) so the setup cost is important.  Or I think it is, so I'm trying to 
measure it.

The case I'm trying to get working is to move the EVP_MAC_CTX_set_params() out 
of the loop.

-- 
These are my opinions.  I hate spam.





More information about the openssl-users mailing list