17 - HMAC message authentication code
21 #include <openssl/hmac.h>
23 Deprecated since OpenSSL 3.0, can be hidden entirely by defining
24 B<OPENSSL_API_COMPAT> with a suitable version value, see
25 L<openssl_user_macros(7)>:
27 unsigned char *HMAC(const EVP_MD *evp_md, const void *key,
28 int key_len, const unsigned char *d, int n,
29 unsigned char *md, unsigned int *md_len);
31 HMAC_CTX *HMAC_CTX_new(void);
32 int HMAC_CTX_reset(HMAC_CTX *ctx);
34 int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
35 const EVP_MD *md, ENGINE *impl);
36 int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
37 int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
39 void HMAC_CTX_free(HMAC_CTX *ctx);
41 int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
42 void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
43 const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx);
45 size_t HMAC_size(const HMAC_CTX *e);
47 Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining
48 B<OPENSSL_API_COMPAT> with a suitable version value, see
49 L<openssl_user_macros(7)>:
51 int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
56 All of the functions described on this page are deprecated. Applications should
57 instead use L<EVP_MAC_new_ctx(3)>, L<EVP_MAC_free_ctx(3)>, L<EVP_MAC_init(3)>,
58 L<EVP_MAC_update(3)> and L<EVP_MAC_final(3)>.
60 HMAC is a MAC (message authentication code), i.e. a keyed hash
61 function used for message authentication, which is based on a hash
64 HMAC() computes the message authentication code of the B<n> bytes at
65 B<d> using the hash function B<evp_md> and the key B<key> which is
66 B<key_len> bytes long.
68 It places the result in B<md> (which must have space for the output of
69 the hash function, which is no more than B<EVP_MAX_MD_SIZE> bytes).
70 If B<md> is NULL, the digest is placed in a static array. The size of
71 the output is placed in B<md_len>, unless it is B<NULL>. Note: passing a NULL
72 value for B<md> to use the static array is not thread safe.
74 B<evp_md> is a message digest such as EVP_sha1(), EVP_ripemd160() etc. HMAC does
75 not support variable output length digests such as EVP_shake128() and
78 HMAC_CTX_new() creates a new HMAC_CTX in heap memory.
80 HMAC_CTX_reset() clears an existing B<HMAC_CTX> and associated
81 resources, making it suitable for new computations as if it was newly
82 created with HMAC_CTX_new().
84 HMAC_CTX_free() erases the key and other data from the B<HMAC_CTX>,
85 releases any associated resources and finally frees the B<HMAC_CTX>
88 The following functions may be used if the message is not completely
91 HMAC_Init_ex() initializes or reuses a B<HMAC_CTX> structure to use the hash
92 function B<evp_md> and key B<key>. If both are NULL, or if B<key> is NULL
93 and B<evp_md> is the same as the previous call, then the
95 reused. B<ctx> must have been created with HMAC_CTX_new() before the first use
96 of an B<HMAC_CTX> in this function.
98 If HMAC_Init_ex() is called with B<key> NULL and B<evp_md> is not the
99 same as the previous digest used by B<ctx> then an error is returned
100 because reuse of an existing key with a different digest is not supported.
102 HMAC_Init() initializes a B<HMAC_CTX> structure to use the hash
103 function B<evp_md> and the key B<key> which is B<key_len> bytes
106 HMAC_Update() can be called repeatedly with chunks of the message to
107 be authenticated (B<len> bytes at B<data>).
109 HMAC_Final() places the message authentication code in B<md>, which
110 must have space for the hash function output.
112 HMAC_CTX_copy() copies all of the internal state from B<sctx> into B<dctx>.
114 HMAC_CTX_set_flags() applies the specified flags to the internal EVP_MD_CTXs.
115 These flags have the same meaning as for L<EVP_MD_CTX_set_flags(3)>.
117 HMAC_CTX_get_md() returns the EVP_MD that has previously been set for the
120 HMAC_size() returns the length in bytes of the underlying hash function output.
124 HMAC() returns a pointer to the message authentication code or NULL if
127 HMAC_CTX_new() returns a pointer to a new B<HMAC_CTX> on success or
128 B<NULL> if an error occurred.
130 HMAC_CTX_reset(), HMAC_Init_ex(), HMAC_Update(), HMAC_Final() and
131 HMAC_CTX_copy() return 1 for success or 0 if an error occurred.
133 HMAC_CTX_get_md() return the EVP_MD previously set for the supplied HMAC_CTX or
134 NULL if no EVP_MD has been set.
136 HMAC_size() returns the length in bytes of the underlying hash function output
145 L<SHA1(3)>, L<evp(7)>
149 All of these functions were deprecated in OpenSSL 3.0.
151 HMAC_CTX_init() was replaced with HMAC_CTX_reset() in OpenSSL 1.1.0.
153 HMAC_CTX_cleanup() existed in OpenSSL before version 1.1.0.
155 HMAC_CTX_new(), HMAC_CTX_free() and HMAC_CTX_get_md() are new in OpenSSL 1.1.0.
157 HMAC_Init_ex(), HMAC_Update() and HMAC_Final() did not return values in
158 OpenSSL before version 1.0.0.
162 Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
164 Licensed under the Apache License 2.0 (the "License"). You may not use
165 this file except in compliance with the License. You can obtain a copy
166 in the file LICENSE in the source distribution or at
167 L<https://www.openssl.org/source/license.html>.