xref: /freebsd/crypto/openssl/doc/man3/X509_digest.pod (revision aa7957345732816fb0ba8308798d2f79f45597f9) 
1e71b7053SJung-uk Kim=pod
2e71b7053SJung-uk Kim
3e71b7053SJung-uk Kim=head1 NAME
4e71b7053SJung-uk Kim
5b077aed3SPierre ProncheryX509_digest,
6b077aed3SPierre ProncheryX509_digest_sig,
7b077aed3SPierre ProncheryX509_CRL_digest,
8e71b7053SJung-uk KimX509_pubkey_digest,
9e71b7053SJung-uk KimX509_NAME_digest,
10e71b7053SJung-uk KimX509_REQ_digest,
11e71b7053SJung-uk KimPKCS7_ISSUER_AND_SERIAL_digest
12e71b7053SJung-uk Kim- get digest of various objects
13e71b7053SJung-uk Kim
14e71b7053SJung-uk Kim=head1 SYNOPSIS
15e71b7053SJung-uk Kim
16e71b7053SJung-uk Kim #include <openssl/x509.h>
17e71b7053SJung-uk Kim
18e71b7053SJung-uk Kim int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
19e71b7053SJung-uk Kim                 unsigned int *len);
20b077aed3SPierre Pronchery ASN1_OCTET_STRING *X509_digest_sig(const X509 *cert,
21b077aed3SPierre Pronchery                                    EVP_MD **md_used, int *md_is_fallback);
22e71b7053SJung-uk Kim
23e71b7053SJung-uk Kim int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md,
24e71b7053SJung-uk Kim                     unsigned int *len);
25e71b7053SJung-uk Kim
26e71b7053SJung-uk Kim int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
27e71b7053SJung-uk Kim                        unsigned char *md, unsigned int *len);
28e71b7053SJung-uk Kim
29e71b7053SJung-uk Kim int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
30e71b7053SJung-uk Kim                     unsigned char *md, unsigned int *len);
31e71b7053SJung-uk Kim
32e71b7053SJung-uk Kim int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
33e71b7053SJung-uk Kim                      unsigned char *md, unsigned int *len);
34e71b7053SJung-uk Kim
35e71b7053SJung-uk Kim #include <openssl/pkcs7.h>
36e71b7053SJung-uk Kim
37e71b7053SJung-uk Kim int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
38e71b7053SJung-uk Kim                                    const EVP_MD *type, unsigned char *md,
39e71b7053SJung-uk Kim                                    unsigned int *len);
40e71b7053SJung-uk Kim
41e71b7053SJung-uk Kim=head1 DESCRIPTION
42e71b7053SJung-uk Kim
43b077aed3SPierre ProncheryX509_digest_sig() calculates a digest of the given certificate I<cert>
44b077aed3SPierre Proncheryusing the same hash algorithm as in its signature, if the digest
45b077aed3SPierre Proncheryis an integral part of the certificate signature algorithm identifier.
46b077aed3SPierre ProncheryOtherwise, a fallback hash algorithm is determined as follows:
47*aa795734SPierre ProncherySHA512 if the signature algorithm is ED25519,
48b077aed3SPierre ProncherySHAKE256 if it is ED448, otherwise SHA256.
49*aa795734SPierre ProncheryThe output parameters are assigned as follows.
50b077aed3SPierre ProncheryUnless I<md_used> is NULL, the hash algorithm used is provided
51b077aed3SPierre Proncheryin I<*md_used> and must be freed by the caller (if it is not NULL).
52b077aed3SPierre ProncheryUnless I<md_is_fallback> is NULL,
53b077aed3SPierre Proncherythe I<*md_is_fallback> is set to 1 if the hash algorithm used is a fallback,
54b077aed3SPierre Proncheryotherwise to 0.
55e71b7053SJung-uk Kim
56b077aed3SPierre ProncheryX509_pubkey_digest() returns a digest of the DER representation of the public
57b077aed3SPierre Proncherykey in the specified X509 I<data> object.
58b077aed3SPierre Pronchery
59b077aed3SPierre ProncheryAll other functions described here return a digest of the DER representation
60b077aed3SPierre Proncheryof their entire I<data> objects.
61b077aed3SPierre Pronchery
62b077aed3SPierre ProncheryThe I<type> parameter specifies the digest to
63b077aed3SPierre Proncherybe used, such as EVP_sha1(). The I<md> is a pointer to the buffer where the
64e71b7053SJung-uk Kimdigest will be copied and is assumed to be large enough; the constant
65b077aed3SPierre ProncheryB<EVP_MAX_MD_SIZE> is suggested. The I<len> parameter, if not NULL, points
66e71b7053SJung-uk Kimto a place where the digest size will be stored.
67e71b7053SJung-uk Kim
68e71b7053SJung-uk Kim=head1 RETURN VALUES
69e71b7053SJung-uk Kim
70b077aed3SPierre ProncheryX509_digest_sig() returns an ASN1_OCTET_STRING pointer on success, else NULL.
71b077aed3SPierre Pronchery
72b077aed3SPierre ProncheryAll other functions described here return 1 for success and 0 for failure.
73e71b7053SJung-uk Kim
74e71b7053SJung-uk Kim=head1 SEE ALSO
75e71b7053SJung-uk Kim
76e71b7053SJung-uk KimL<EVP_sha1(3)>
77e71b7053SJung-uk Kim
78b077aed3SPierre Pronchery=head1 HISTORY
79b077aed3SPierre Pronchery
80b077aed3SPierre ProncheryThe X509_digest_sig() function was added in OpenSSL 3.0.
81b077aed3SPierre Pronchery
82e71b7053SJung-uk Kim=head1 COPYRIGHT
83e71b7053SJung-uk Kim
84*aa795734SPierre ProncheryCopyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
85e71b7053SJung-uk Kim
86b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License").  You may not use
87e71b7053SJung-uk Kimthis file except in compliance with the License.  You can obtain a copy
88e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at
89e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>.
90e71b7053SJung-uk Kim
91e71b7053SJung-uk Kim=cut
92