Hi,
I tried to use openssl command to generate an HMAC with a key
contains '\0', but failed.
>openssl dgst -sha1 -hmac `cat `
I'm happy if dgst command supports binary format like enc command.
So I appended -hmachex option as the followings:
>openssl dgst -sha1 -hmachex aabbcc0011223344
How about this patch?
Yours,
Shigeo
--- openssl-1.0.1c/apps/dgst.c.org 2012-02-11 01:46:19.0 +0900
+++ openssl-1.0.1c/apps/dgst.c 2012-08-02 14:47:31.368244214 +0900
@@ -74,6 +74,8 @@
#undef PROG
#define PROG dgst_main
+int set_hex(char *in,unsigned char *out,int size); // defined in apps/enc.c
+
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
EVP_PKEY *key, unsigned char *sigin, int siglen,
const char *sig_name, const char *md_name,
@@ -126,6 +128,8 @@
char *engine=NULL;
#endif
char *hmac_key=NULL;
+ char hmac_key_data[EVP_MAX_KEY_LENGTH];
+ int hmac_key_len = -1;
char *mac_name=NULL;
int non_fips_allow = 0;
STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
@@ -226,6 +230,15 @@
break;
hmac_key=*++argv;
}
+ else if (!strcmp(*argv,"-hmachex"))
+ {
+ if (--argc < 1)
+ break;
+ hmac_key_len = strlen(*++argv) / 2;
+ if (!set_hex(*argv, hmac_key_data, sizeof
hmac_key_data))
+ break;
+ hmac_key = hmac_key_data;
+ }
else if (!strcmp(*argv,"-mac"))
{
if (--argc < 1)
@@ -281,6 +294,7 @@
BIO_printf(bio_err,"-signature file signature to verify\n");
BIO_printf(bio_err,"-sigopt nm:vsignature parameter\n");
BIO_printf(bio_err,"-hmac key create hashed MAC with
key\n");
+ BIO_printf(bio_err,"-hmachex hexkey create hashed MAC with key
in hex\n");
BIO_printf(bio_err,"-mac algorithm create MAC (not
neccessarily HMAC)\n");
BIO_printf(bio_err,"-macopt nm:vMAC algorithm parameters or
key\n");
#ifndef OPENSSL_NO_ENGINE
@@ -410,7 +424,7 @@
if (hmac_key)
{
sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, e,
- (unsigned char *)hmac_key, -1);
+ (unsigned char *)hmac_key,
hmac_key_len);
if (!sigkey)
goto end;
}
dgst.patch
Description: Binary data
