Man, try not to ask the questions in so many threads because it backfires with so many fragmentation. I'll try my best to explain the OpenSSL HMAC API to you. I haven't used it because I don't like it and I have mine.
I'm taking as reference the manual as it appears in FreeBSD:
Quote:
#include <openssl/hmac.h>
unsigned char *HMAC(const EVP_MD *evp_md, const void *key,
int key_len, const unsigned char *d, int n, unsigned char *md, unsigned int *md_len);
|
This function does it all. The first argument should be either EVP_sha1() or EVP_md5(). There are more. You just choose it. Key and keylen are obvious. the next is the data (d) and the length of it. Then you have the message digest (md) and a value/result pointer to the length of md. (Remember that this length is of the binary data, not its ASCII hexadecimal representation.
Quote:
void HMAC_CTX_init(HMAC_CTX *ctx);
|
With this one you initialize a HMAC_CTX variable. Note that with the function above you don't need to declare one.
Quote:
void HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md);
|
From the manpage:
Quote:
HMAC_Init() initializes a HMAC_CTX structure to use the hash function
evp_md and the key key which is key_len bytes long. It is deprecated
and only included for backward compatibility with OpenSSL 0.9.6b.
|
Quote:
void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md);
void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
|
These functions are very much like hash functions. The last argument in Init_ex is a EVP_xxx() as described above. Remember that HMAC() does it all by first declaring a HMAC_CTX variable, then initialize the context, then setup the key with _Init, Update() it, call _Final() and the a security cleanup of the context (because the key is there)
Quote:
void HMAC_CTX_cleanup(HMAC_CTX *ctx);
void HMAC_cleanup(HMAC_CTX *ctx);
|
I don't like OpenSSL because it's an horrible API. Sizes should be size_t and much of the book-keeping may be done internally. It may be fast because it has so much assembly, but it's ugly.