EVP_MAC_init() in 3.0 alpha 13

Dr Paul Dale pauli at openssl.org
Mon Apr 12 04:06:07 UTC 2021

Did you attempt to pass NULL for the key and zero for it's length to the 
EVP_MAC_init() call?


On 5/4/21 10:51 pm, Hal Murray wrote:
> It used to take just a ctx.  Now it also wants a key+length and a params.
> I have some simple/hack code to time 2 cases.  The first gives it the key each
> time.  The second preloads the key.  That would require an evp per key, but I
> might we willing to make that space/time tradeoff.
> The each time mode of my old code put the cipher and key into a params array,
> then called
>    EVP_MAC_CTX_set_params(ctx, params) and then
>    EVP_MAC_init(ctx)
> That's easy to change.  I just drop putting the key into a params slot and
> drop calling set_parms and add the key and parms to EVP_MAC_init.  That worked.
> Is there a way to use a preloaded key?  I tried using NULL for key and params
> when calling EVP_MAC_init.  It compiles and runs but doesn't get the right
> answer.  Is that, or something like it supposed to work?
> --------
> EVP_MAC_CTX_set_params() seems ugly to me.
> My inner loop looks like:
>    EVP_MAC_CTX_set_params()
>    EVP_MAC_init()
>    EVP_MAC_update()
>    EVP_MAC_final()
> I'm trying to make things go fast.  It's going to have to do string compares
> to figure out what I want to do.  I'm working with small blocks of data (48
> bytes) so the setup cost is important.  Or I think it is, so I'm trying to
> measure it.
> The case I'm trying to get working is to move the EVP_MAC_CTX_set_params() out
> of the loop.

More information about the openssl-users mailing list