EVP_MAC_init - specify the hash algorithm

Ken Goldman kgoldman at us.ibm.com
Thu Sep 9 23:07:16 UTC 2021

Where does one get the parameter values?

E.g., where would I see the value strings for the EVP_MAC_new algorithm
and the digest parameter values.

I can guess HMAC and SHA256, but are they documented?

Case sensitive?  Which is preferred?

You use EVP_MAC_new, which is undocumented.  The doc sample
uses EVP_MAC_fetch.  Which is preferred?

On 7/13/2021 7:06 PM, Dr Paul Dale wrote:
> Your code should look more like:
>     OSSL_PARAMS params[2];
>     EVP_MAC *mac = EVP_MAC_new(NULL, "HMAC", NULL);
>     EVP_MAC_CTX *mac_ctx = EVP_MAC_CTX_new(mac);
>     EVP_MAC_free(mac); /* Now or later is all good and depends on the app reusing it or not */
>     params[0] = OSSL_PARAMS_construct_utf8_string("digest", "SHA256", 0);
>     params[1] = OSSL_PARAMS_construct_end();
>     EVP_MAC_init(mac_ctx, key, key_len, params);
>     EVP_MAC_update(mac_ctx, data1, data1_len);
>     EVP_MAC_update(mac_ctx, data2, data2_len);
>     EVP_MAC_update(mac_ctx, data3, data3_len);
>     EVP_MAC_final(mac_ctx, out, &out_size, out_len);
>     EVP_MAC_CTX_free(mac_ctx);

More information about the openssl-users mailing list