1=pod 2 3=head1 NAME 4 5HMAC, 6HMAC_CTX_new, 7HMAC_CTX_reset, 8HMAC_CTX_free, 9HMAC_Init, 10HMAC_Init_ex, 11HMAC_Update, 12HMAC_Final, 13HMAC_CTX_copy, 14HMAC_CTX_set_flags, 15HMAC_CTX_get_md, 16HMAC_size 17- HMAC message authentication code 18 19=head1 SYNOPSIS 20 21 #include <openssl/hmac.h> 22 23 unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, 24 const unsigned char *data, size_t data_len, 25 unsigned char *md, unsigned int *md_len); 26 27Deprecated since OpenSSL 3.0, can be hidden entirely by defining 28B<OPENSSL_API_COMPAT> with a suitable version value, see 29L<openssl_user_macros(7)>: 30 31 HMAC_CTX *HMAC_CTX_new(void); 32 int HMAC_CTX_reset(HMAC_CTX *ctx); 33 34 int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, 35 const EVP_MD *md, ENGINE *impl); 36 int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len); 37 int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); 38 39 void HMAC_CTX_free(HMAC_CTX *ctx); 40 41 int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); 42 void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); 43 const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx); 44 45 size_t HMAC_size(const HMAC_CTX *e); 46 47Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining 48B<OPENSSL_API_COMPAT> with a suitable version value, see 49L<openssl_user_macros(7)>: 50 51 int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len, 52 const EVP_MD *md); 53 54=head1 DESCRIPTION 55 56HMAC is a MAC (message authentication code), i.e. a keyed hash 57function used for message authentication, which is based on a hash 58function. 59 60HMAC() computes the message authentication code of the I<data_len> bytes at 61I<data> using the hash function I<evp_md> and the key I<key> which is 62I<key_len> bytes long. The I<key> may also be NULL with I<key_len> being 0. 63 64It places the result in I<md> (which must have space for the output of 65the hash function, which is no more than B<EVP_MAX_MD_SIZE> bytes). 66If I<md> is NULL, the digest is placed in a static array. The size of 67the output is placed in I<md_len>, unless it is NULL. Note: passing a NULL 68value for I<md> to use the static array is not thread safe. 69 70I<evp_md> is a message digest such as EVP_sha1(), EVP_ripemd160() etc. 71HMAC does not support variable output length digests such as EVP_shake128() and 72EVP_shake256(). 73 74All of the functions described below are deprecated. 75Applications should instead use L<EVP_MAC_CTX_new(3)>, L<EVP_MAC_CTX_free(3)>, 76L<EVP_MAC_init(3)>, L<EVP_MAC_update(3)> and L<EVP_MAC_final(3)> 77or the 'quick' single-shot MAC function L<EVP_Q_mac(3)>. 78 79HMAC_CTX_new() creates a new HMAC_CTX in heap memory. 80 81HMAC_CTX_reset() clears an existing B<HMAC_CTX> and associated 82resources, making it suitable for new computations as if it was newly 83created with HMAC_CTX_new(). 84 85HMAC_CTX_free() erases the key and other data from the B<HMAC_CTX>, 86releases any associated resources and finally frees the B<HMAC_CTX> 87itself. 88 89The following functions may be used if the message is not completely 90stored in memory: 91 92HMAC_Init_ex() initializes or reuses a B<HMAC_CTX> structure to use the hash 93function I<evp_md> and key I<key>. If both are NULL, or if I<key> is NULL 94and I<evp_md> is the same as the previous call, then the 95existing key is 96reused. I<ctx> must have been created with HMAC_CTX_new() before the first use 97of an B<HMAC_CTX> in this function. 98 99If HMAC_Init_ex() is called with I<key> NULL and I<evp_md> is not the 100same as the previous digest used by I<ctx> then an error is returned 101because reuse of an existing key with a different digest is not supported. 102 103HMAC_Init() initializes a B<HMAC_CTX> structure to use the hash 104function I<evp_md> and the key I<key> which is I<key_len> bytes 105long. 106 107HMAC_Update() can be called repeatedly with chunks of the message to 108be authenticated (I<len> bytes at I<data>). 109 110HMAC_Final() places the message authentication code in I<md>, which 111must have space for the hash function output. 112 113HMAC_CTX_copy() copies all of the internal state from I<sctx> into I<dctx>. 114 115HMAC_CTX_set_flags() applies the specified flags to the internal EVP_MD_CTXs. 116These flags have the same meaning as for L<EVP_MD_CTX_set_flags(3)>. 117 118HMAC_CTX_get_md() returns the EVP_MD that has previously been set for the 119supplied HMAC_CTX. 120 121HMAC_size() returns the length in bytes of the underlying hash function output. 122 123=head1 RETURN VALUES 124 125HMAC() returns a pointer to the message authentication code or NULL if 126an error occurred. 127 128HMAC_CTX_new() returns a pointer to a new B<HMAC_CTX> on success or 129NULL if an error occurred. 130 131HMAC_CTX_reset(), HMAC_Init_ex(), HMAC_Update(), HMAC_Final() and 132HMAC_CTX_copy() return 1 for success or 0 if an error occurred. 133 134HMAC_CTX_get_md() return the EVP_MD previously set for the supplied HMAC_CTX or 135NULL if no EVP_MD has been set. 136 137HMAC_size() returns the length in bytes of the underlying hash function output 138or zero on error. 139 140=head1 CONFORMING TO 141 142RFC 2104 143 144=head1 SEE ALSO 145 146L<SHA1(3)>, EVP_Q_mac(3), L<evp(7)> 147 148=head1 HISTORY 149 150All functions except for HMAC() were deprecated in OpenSSL 3.0. 151 152HMAC_CTX_init() was replaced with HMAC_CTX_reset() in OpenSSL 1.1.0. 153 154HMAC_CTX_cleanup() existed in OpenSSL before version 1.1.0. 155 156HMAC_CTX_new(), HMAC_CTX_free() and HMAC_CTX_get_md() are new in OpenSSL 1.1.0. 157 158HMAC_Init_ex(), HMAC_Update() and HMAC_Final() did not return values in 159OpenSSL before version 1.0.0. 160 161=head1 COPYRIGHT 162 163Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. 164 165Licensed under the Apache License 2.0 (the "License"). You may not use 166this file except in compliance with the License. You can obtain a copy 167in the file LICENSE in the source distribution or at 168L<https://www.openssl.org/source/license.html>. 169 170=cut 171