Please don't do it the PKEY way :)
Your code should look more like:
OSSL_PARAMS params[2];
EVP_MAC *mac = EVP_MAC_new(NULL, "HMAC", NULL);
EVP_MAC_CTX *mac_ctx = EVP_MAC_CTX_new(mac);
EVP_MAC_free(mac); /* Now or later is all good and depends on the
app reusing it or not */
params[0] = OSSL_PARAMS_construct_utf8_string("digest", "SHA256", 0);
params[1] = OSSL_PARAMS_construct_end();
EVP_MAC_init(mac_ctx, key, key_len, params);
EVP_MAC_update(mac_ctx, data1, data1_len);
EVP_MAC_update(mac_ctx, data2, data2_len);
EVP_MAC_update(mac_ctx, data3, data3_len);
EVP_MAC_final(mac_ctx, out, &out_size, out_len);
EVP_MAC_CTX_free(mac_ctx);
There are various other calls that tweak the flow but this is the basic
idea.
Pauli
On 14/7/21 8:48 am, Thomas Dwyer III wrote:
This seems to work for me in 3.0, passing the EVP_MD to
EVP_DigestSignInit():
pkey = EVP_PKEY_new_mac_key()
EVP_DigestSignInit()
EVP_DigestSignUpdate()
EVP_DigestSignUpdate()
.
.
.
EVP_DigestSignFinal()
Regards,
Tom.III
On Tue, Jul 13, 2021 at 11:02 AM Ken Goldman <kgold...@us.ibm.com
<mailto:kgold...@us.ibm.com>> wrote:
Porting to 3.0 ... HMAC_Init_ex() had a place for
the hash algorithm. EVP_MAC_init() does not,
unless it's embedded in the 'params' parameter.
Any advice? Or a sample for doing an
HMAC with 3.0?
