[openssl-users] openssl dgst computes wrong HMAC?
Hi list, when I use OpenSSL I suspect some funny business going on with the HMAC computation of openssl dgst command line tool. Consider: $ echo -n foobar | openssl dgst -sha256 -hex -hmac aabbcc (stdin)= 6e74cdc3b72b8b66535b914357c7d656a22acbb1700b4e6de688fd5c091d305c But #include stdio.h #include stdint.h #include stdbool.h #include openssl/hmac.h #include hexdump.h int main() { uint8_t digest[32]; HMAC_CTX hmacCtx; HMAC_CTX_init(hmacCtx); HMAC_Init_ex(hmacCtx, \xaa\xbb\xcc, 3, EVP_sha256(), NULL); HMAC_Update(hmacCtx, foobar, 6); unsigned int length; HMAC_Final(hmacCtx, digest, length); HMAC_CTX_cleanup(hmacCtx); HexDump(digest, 32); return 0; } Yields 985343745ee86b452c7c0b327171829c77e1a022f423d95156b52fa22083db8e Also, Python: #!/usr/bin/python3 import Crypto.Hash.HMAC import Crypto.Hash.SHA256 key = b\xaa\xbb\xcc data = bfoobar hmac = Crypto.Hash.HMAC.new(digestmod = Crypto.Hash.SHA256, key = key) hmac.update(data) result = hmac.digest() print(.join(%02x % (c) for c in result)) Yields 985343745ee86b452c7c0b327171829c77e1a022f423d95156b52fa22083db8e Am I using openssl dgst wrong or is it just plain broken? Regards, Johannes ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] openssl dgst computes wrong HMAC?
On 03.02.2015 10:00, Johannes Bauer wrote: when I use OpenSSL I suspect some funny business going on with the HMAC computation of openssl dgst command line tool. Consider: Damn, I'm sorry. Forgot to include the version: OpenSSL 1.0.1f 6 Jan 2014 Regards, Johannes ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] openssl dgst computes wrong HMAC?
Hi list, when I use OpenSSL I suspect some funny business going on with the HMAC computation of openssl dgst command line tool. Consider: $ echo -n foobar | openssl dgst -sha256 -hex -hmac aabbcc (stdin)= 6e74cdc3b72b8b66535b914357c7d656a22acbb1700b4e6de688fd5c091d305c But #include stdio.h #include stdint.h #include stdbool.h #include openssl/hmac.h #include hexdump.h int main() { uint8_t digest[32]; HMAC_CTX hmacCtx; HMAC_CTX_init(hmacCtx); HMAC_Init_ex(hmacCtx, \xaa\xbb\xcc, 3, EVP_sha256(), NULL); HMAC_Update(hmacCtx, foobar, 6); unsigned int length; HMAC_Final(hmacCtx, digest, length); HMAC_CTX_cleanup(hmacCtx); HexDump(digest, 32); return 0; } Yields 985343745ee86b452c7c0b327171829c77e1a022f423d95156b52fa22083db8e Also, Python: #!/usr/bin/python3 import Crypto.Hash.HMAC import Crypto.Hash.SHA256 key = b\xaa\xbb\xcc data = bfoobar hmac = Crypto.Hash.HMAC.new(digestmod = Crypto.Hash.SHA256, key = key) hmac.update(data) result = hmac.digest() print(.join(%02x % (c) for c in result)) Yields 985343745ee86b452c7c0b327171829c77e1a022f423d95156b52fa22083db8e Am I using openssl dgst wrong or is it just plain broken? Regards, Johannes ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] openssl dgst computes wrong HMAC?
On 03.02.2015 10:00, Johannes Bauer wrote: when I use OpenSSL I suspect some funny business going on with the HMAC computation of openssl dgst command line tool. Consider: Damn, I'm sorry. Forgot to include the version: OpenSSL 1.0.1f 6 Jan 2014 Regards, Johannes ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] openssl dgst computes wrong HMAC?
$ echo -n foobar | openssl dgst -sha256 -hex -hmac aabbcc (stdin)= 6e74cdc3b72b8b66535b914357c7d656a22acbb1700b4e6de688fd5c091d305c This gets posted every once in a while -- google around. Something about the hmac switch not doing what you think it's doing. $ echo -n foobar | openssl dgst -sha256 -mac HMAC -macopt hexkey:aabbcc (stdin)= 985343745ee86b452c7c0b327171829c77e1a022f423d95156b52fa22083db8e BBB ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] openssl dgst computes wrong HMAC?
On 03.02.2015 11:16, Billy Brumley wrote: $ echo -n foobar | openssl dgst -sha256 -hex -hmac aabbcc (stdin)= 6e74cdc3b72b8b66535b914357c7d656a22acbb1700b4e6de688fd5c091d305c This gets posted every once in a while -- google around. Something about the hmac switch not doing what you think it's doing. $ echo -n foobar | openssl dgst -sha256 -mac HMAC -macopt hexkey:aabbcc (stdin)= 985343745ee86b452c7c0b327171829c77e1a022f423d95156b52fa22083db8e Ah, interesting. I did google the issue, but only found post of people who didn't realize that echo without -n appends a newline. If this topic really comes up every now and then, I'd still suggest updating the help page to clarify while remaining identical behavior. Currently it reads -hmac argset the HMAC key to arg. I would suggest -hmac strset the HMAC key to the string str. Regards, Johannes ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users