1=pod 2 3=head1 NAME 4 5X509_digest, 6X509_digest_sig, 7X509_CRL_digest, 8X509_pubkey_digest, 9X509_NAME_digest, 10X509_REQ_digest, 11PKCS7_ISSUER_AND_SERIAL_digest 12- get digest of various objects 13 14=head1 SYNOPSIS 15 16 #include <openssl/x509.h> 17 18 int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, 19 unsigned int *len); 20 ASN1_OCTET_STRING *X509_digest_sig(const X509 *cert, 21 EVP_MD **md_used, int *md_is_fallback); 22 23 int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md, 24 unsigned int *len); 25 26 int X509_pubkey_digest(const X509 *data, const EVP_MD *type, 27 unsigned char *md, unsigned int *len); 28 29 int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, 30 unsigned char *md, unsigned int *len); 31 32 int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, 33 unsigned char *md, unsigned int *len); 34 35 #include <openssl/pkcs7.h> 36 37 int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, 38 const EVP_MD *type, unsigned char *md, 39 unsigned int *len); 40 41=head1 DESCRIPTION 42 43X509_digest_sig() calculates a digest of the given certificate I<cert> 44using the same hash algorithm as in its signature, if the digest 45is an integral part of the certificate signature algorithm identifier. 46Otherwise, a fallback hash algorithm is determined as follows: 47SHA512 if the signature algorithm is ED25519, 48SHAKE256 if it is ED448, otherwise SHA256. 49The output parameters are assigned as follows. 50Unless I<md_used> is NULL, the hash algorithm used is provided 51in I<*md_used> and must be freed by the caller (if it is not NULL). 52Unless I<md_is_fallback> is NULL, 53the I<*md_is_fallback> is set to 1 if the hash algorithm used is a fallback, 54otherwise to 0. 55 56X509_pubkey_digest() returns a digest of the DER representation of the public 57key in the specified X509 I<data> object. 58 59All other functions described here return a digest of the DER representation 60of their entire I<data> objects. 61 62The I<type> parameter specifies the digest to 63be used, such as EVP_sha1(). The I<md> is a pointer to the buffer where the 64digest will be copied and is assumed to be large enough; the constant 65B<EVP_MAX_MD_SIZE> is suggested. The I<len> parameter, if not NULL, points 66to a place where the digest size will be stored. 67 68=head1 RETURN VALUES 69 70X509_digest_sig() returns an ASN1_OCTET_STRING pointer on success, else NULL. 71 72All other functions described here return 1 for success and 0 for failure. 73 74=head1 SEE ALSO 75 76L<EVP_sha1(3)> 77 78=head1 HISTORY 79 80The X509_digest_sig() function was added in OpenSSL 3.0. 81 82=head1 COPYRIGHT 83 84Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. 85 86Licensed under the Apache License 2.0 (the "License"). You may not use 87this file except in compliance with the License. You can obtain a copy 88in the file LICENSE in the source distribution or at 89L<https://www.openssl.org/source/license.html>. 90 91=cut 92