Thanks for that example. It's very helpful! I didn't know about the new EVP_MAC API (although I see it now in the migration guide). I wrote my implementation based on https://wiki.openssl.org/index.php/EVP_Signing_and_Verifying :-)
Tom.III On Tue, Jul 13, 2021 at 4:07 PM Dr Paul Dale <pa...@openssl.org> wrote: > Please don't do it the PKEY way :) > > Your code should look more like: > > OSSL_PARAMS params[2]; > EVP_MAC *mac = EVP_MAC_new(NULL, "HMAC", NULL); > EVP_MAC_CTX *mac_ctx = EVP_MAC_CTX_new(mac); > EVP_MAC_free(mac); /* Now or later is all good and depends on the app > reusing it or not */ > > params[0] = OSSL_PARAMS_construct_utf8_string("digest", "SHA256", 0); > params[1] = OSSL_PARAMS_construct_end(); > > EVP_MAC_init(mac_ctx, key, key_len, params); > EVP_MAC_update(mac_ctx, data1, data1_len); > EVP_MAC_update(mac_ctx, data2, data2_len); > EVP_MAC_update(mac_ctx, data3, data3_len); > EVP_MAC_final(mac_ctx, out, &out_size, out_len); > EVP_MAC_CTX_free(mac_ctx); > > There are various other calls that tweak the flow but this is the basic > idea. > > > Pauli > > On 14/7/21 8:48 am, Thomas Dwyer III wrote: > > This seems to work for me in 3.0, passing the EVP_MD to > EVP_DigestSignInit(): > > pkey = EVP_PKEY_new_mac_key() > EVP_DigestSignInit() > EVP_DigestSignUpdate() > EVP_DigestSignUpdate() > . > . > . > EVP_DigestSignFinal() > > > Regards, > Tom.III > > > > On Tue, Jul 13, 2021 at 11:02 AM Ken Goldman <kgold...@us.ibm.com> wrote: > >> Porting to 3.0 ... HMAC_Init_ex() had a place for >> the hash algorithm. EVP_MAC_init() does not, >> unless it's embedded in the 'params' parameter. >> >> Any advice? Or a sample for doing an >> HMAC with 3.0? >> >> >