17 - HMAC message authentication code
21 #include <openssl/hmac.h>
23 unsigned char *HMAC(const EVP_MD *evp_md, const void *key,
24 int key_len, const unsigned char *d, int n,
25 unsigned char *md, unsigned int *md_len);
27 HMAC_CTX *HMAC_CTX_new(void);
28 int HMAC_CTX_reset(HMAC_CTX *ctx);
30 int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
31 const EVP_MD *md, ENGINE *impl);
32 int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
33 int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
35 void HMAC_CTX_free(HMAC_CTX *ctx);
37 int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
38 void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
39 const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx);
41 size_t HMAC_size(const HMAC_CTX *e);
45 #if OPENSSL_API_COMPAT < 0x10100000L
46 int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
52 HMAC is a MAC (message authentication code), i.e. a keyed hash
53 function used for message authentication, which is based on a hash
56 HMAC() computes the message authentication code of the B<n> bytes at
57 B<d> using the hash function B<evp_md> and the key B<key> which is
58 B<key_len> bytes long.
60 It places the result in B<md> (which must have space for the output of
61 the hash function, which is no more than B<EVP_MAX_MD_SIZE> bytes).
62 If B<md> is NULL, the digest is placed in a static array. The size of
63 the output is placed in B<md_len>, unless it is B<NULL>. Note: passing a NULL
64 value for B<md> to use the static array is not thread safe.
66 B<evp_md> can be EVP_sha1(), EVP_ripemd160() etc.
68 HMAC_CTX_new() creates a new HMAC_CTX in heap memory.
70 HMAC_CTX_reset() zeroes an existing B<HMAC_CTX> and associated
71 resources, making it suitable for new computations as if it was newly
72 created with HMAC_CTX_new().
74 HMAC_CTX_free() erases the key and other data from the B<HMAC_CTX>,
75 releases any associated resources and finally frees the B<HMAC_CTX>
78 The following functions may be used if the message is not completely
81 HMAC_Init() initializes a B<HMAC_CTX> structure to use the hash
82 function B<evp_md> and the key B<key> which is B<key_len> bytes
83 long. It is deprecated and only included for backward compatibility
86 HMAC_Init_ex() initializes or reuses a B<HMAC_CTX> structure to use the hash
87 function B<evp_md> and key B<key>. If both are NULL (or B<evp_md> is the same
88 as the previous digest used by B<ctx> and B<key> is NULL) the existing key is
89 reused. B<ctx> must have been created with HMAC_CTX_new() before the first use
90 of an B<HMAC_CTX> in this function. B<N.B. HMAC_Init() had this undocumented
91 behaviour in previous versions of OpenSSL - failure to switch to HMAC_Init_ex()
92 in programs that expect it will cause them to stop working>.
94 B<NOTE:> If HMAC_Init_ex() is called with B<key> NULL and B<evp_md> is not the
95 same as the previous digest used by B<ctx> then an error is returned
96 because reuse of an existing key with a different digest is not supported.
98 HMAC_Update() can be called repeatedly with chunks of the message to
99 be authenticated (B<len> bytes at B<data>).
101 HMAC_Final() places the message authentication code in B<md>, which
102 must have space for the hash function output.
104 HMAC_CTX_copy() copies all of the internal state from B<sctx> into B<dctx>.
106 HMAC_CTX_set_flags() applies the specified flags to the internal EVP_MD_CTXs.
107 These flags have the same meaning as for L<EVP_MD_CTX_set_flags(3)>.
109 HMAC_CTX_get_md() returns the EVP_MD that has previously been set for the
112 HMAC_size() returns the length in bytes of the underlying hash function output.
116 HMAC() returns a pointer to the message authentication code or NULL if
119 HMAC_CTX_new() returns a pointer to a new B<HMAC_CTX> on success or
120 B<NULL> if an error occurred.
122 HMAC_CTX_reset(), HMAC_Init_ex(), HMAC_Update(), HMAC_Final() and
123 HMAC_CTX_copy() return 1 for success or 0 if an error occurred.
125 HMAC_CTX_get_md() return the EVP_MD previously set for the supplied HMAC_CTX or
126 NULL if no EVP_MD has been set.
128 HMAC_size() returns the length in bytes of the underlying hash function output
137 L<SHA1(3)>, L<evp(7)>
141 HMAC_CTX_init() was replaced with HMAC_CTX_reset() in OpenSSL versions 1.1.0.
143 HMAC_CTX_cleanup() existed in OpenSSL versions before 1.1.0.
145 HMAC_CTX_new(), HMAC_CTX_free() and HMAC_CTX_get_md() are new in OpenSSL version
148 HMAC_Init_ex(), HMAC_Update() and HMAC_Final() did not return values in
149 versions of OpenSSL before 1.0.0.
153 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
155 Licensed under the OpenSSL license (the "License"). You may not use
156 this file except in compliance with the License. You can obtain a copy
157 in the file LICENSE in the source distribution or at
158 L<https://www.openssl.org/source/license.html>.