On Thu, 24 Dec 2015 11:24:37 +0300 Dmitry Belyavsky <beld...@gmail.com> wrote:
> > If you try to change the output length via the -macopt option of the > dgst command, you'll see that the text output will be 4 bytes. It is misfeature of dgst command. You have to use -signopt, not -macopt, because dgst command doesn't keep EVP_PKEY_CTX during all the MAC operation. -macopt is used to configure EVP_PKEY_CTX, which is used during EVP_DigestSignInit operation and then destroyed, and -signopt - to configure context, which is used durint EVP_DigestSignFinal. Forutnately, we don't need to configure GOST-MAC algorithm during init state. Internal state is always 64 bit, and is truncated only on the finalization stage. When using API (such as python ctypescrypto.mac module) and preserving same EVP_PKEY_CTX for the lifetime of digest, this problem doesn't occur. _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
