Re: EVP_MAC_init - specify the hash algorithm

Thanks for that example. It's very helpful! I didn't know about the new EVP_MAC API (although I see it now in the migration guide). I wrote my implementation based on https://wiki.openssl.org/index.php/EVP_Signing_and_Verifying :-) Tom.III On Tue, Jul 13, 2021 at 4:07 PM Dr Paul Dale wrote:

Re: EVP_MAC_init - specify the hash algorithm

Please don't do it the PKEY way :) Your code should look more like: OSSL_PARAMS params[2]; EVP_MAC *mac = EVP_MAC_new(NULL, "HMAC", NULL); EVP_MAC_CTX *mac_ctx = EVP_MAC_CTX_new(mac); EVP_MAC_free(mac); /* Now or later is all good and depends on the app reusing it or not */

Re: EVP_MAC_init - specify the hash algorithm

This seems to work for me in 3.0, passing the EVP_MD to EVP_DigestSignInit(): pkey = EVP_PKEY_new_mac_key() EVP_DigestSignInit() EVP_DigestSignUpdate() EVP_DigestSignUpdate() . . . EVP_DigestSignFinal() Regards, Tom.III On Tue, Jul 13, 2021 at 11:02 AM Ken Goldman wrote: > Porting to 3.0

Re: RSA_set0_key() equivalent for 3.0.0

On 13/07/2021 22:14, William Roberts wrote: Outside of the migration guide others have pointed out, I think the functions you need are: https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_set1_RSA.html Those functions

Re: RSA_set0_key() equivalent for 3.0.0

Outside of the migration guide others have pointed out, I think the functions you need are: https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_set1_RSA.html Use use EVP level now as pointed out in the guide. On Tue, Jul 13, 2021, 16:04 Ken Goldman wrote: > What is the 3.0.0 equivalent to

Re: RSA_set0_key() equivalent for 3.0.0

On Tue, Jul 13, 2021 at 11:04 PM Ken Goldman wrote: > What is the 3.0.0 equivalent to RSA_set0_key() when I > want to create a key token from n and e. > > Meta question: Is there a porting guide for these > type of questions - something that says, "If you > used this before, use this now." >

Re: RSA_set0_key() equivalent for 3.0.0

There is the migration guide: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod Best regards, Nicola On Wed, Jul 14, 2021, 00:04 Ken Goldman wrote: > What is the 3.0.0 equivalent to RSA_set0_key() when I > want to create a key token from n and e. > > Meta question:

RSA_set0_key() equivalent for 3.0.0

What is the 3.0.0 equivalent to RSA_set0_key() when I want to create a key token from n and e. Meta question: Is there a porting guide for these type of questions - something that says, "If you used this before, use this now."

Re: EVP_MAC_init - specify the hash algorithm

On 7/13/2021 2:50 PM, Matt Caswell wrote: On 13/07/2021 19:02, Ken Goldman wrote: Porting to 3.0 ... HMAC_Init_ex() had a place for the hash algorithm.  EVP_MAC_init() does not, unless it's embedded in the 'params' parameter. Any advice?  Or a sample for doing an HMAC with 3.0? If its

Re: EVP_MAC_init - specify the hash algorithm

On 13/07/2021 19:02, Ken Goldman wrote: Porting to 3.0 ... HMAC_Init_ex() had a place for the hash algorithm.  EVP_MAC_init() does not, unless it's embedded in the 'params' parameter. Any advice?  Or a sample for doing an HMAC with 3.0? If its just a straight forward HMAC you want you can

SSL_connect with TLS 1.3 and client Certificates

Hello all, I am currently trying to build both client and server of an application that uses TLS 1.3 and mutual authentication using certificates. The application works so far - I can establish connections, certificates are verified, data is successfully transmitted, etc. However, I have an

EVP_MAC_init - specify the hash algorithm

Porting to 3.0 ... HMAC_Init_ex() had a place for the hash algorithm. EVP_MAC_init() does not, unless it's embedded in the 'params' parameter. Any advice? Or a sample for doing an HMAC with 3.0?