On Thu, Dec 24, 2015, Dmitry Belyavsky wrote: > > If you try to change the output length via the -macopt option of the dgst > command, you'll see that the text output will be 4 bytes. > It seems to happen because of the internal call to the EVP_MD_size() > function. > > If we change the EVP_MD_CTX_size() definition from a macro to a function > trying to call the ctrl function and then to fallback to the result of the > EVP_MD_size() function, it should improve the situation. >
If you're using it as a MAC via EVP_DigestSign*() you shouldn't need to do any of that. The MAC size is indicated via EVP_DigestSignFinal, looking through the code of the dgst application this should already work (though no current MAC does this) as long as the digest implementation handles things appropriately. By "appropriately" you have to specify "signctx" in the underlying EVP_PKEY_METHOD: see the source for EVP_DigestSignFinal(). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev