xref: /freebsd/secure/lib/libcrypto/man/man3/HMAC.3 (revision 397e83df75e0fcd0d3fcb95ae4d794cb7600fc89)
Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)

Standard preamble:
========================================================================
..
..
.. Set up some character translations and predefined strings. \*(-- will
give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
double quote, and \*(R" will give a right double quote. \*(C+ will
give a nicer C++. Capital omega is used to do unbreakable dashes and
therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
nothing in troff, for use with C<>.
.tr \(*W- . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\}
Escape single quotes in literal strings from groff's Unicode transform.

If the F register is >0, we'll generate index entries on stderr for
titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
entries marked with X<> in POD. Of course, you'll have to process the
output yourself in some meaningful fashion.

Avoid warning from groff about undefined register 'F'.
.. .nr rF 0 . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] .\} . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents . \" corrections for vroff . \" for low resolution devices (crt and lpr) \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} ========================================================================

Title "HMAC 3ossl"
HMAC 3ossl "2023-09-19" "3.0.11" "OpenSSL"
For nroff, turn off justification. Always turn off hyphenation; it makes
way too many mistakes in technical documents.
"NAME"
HMAC, HMAC_CTX_new, HMAC_CTX_reset, HMAC_CTX_free, HMAC_Init, HMAC_Init_ex, HMAC_Update, HMAC_Final, HMAC_CTX_copy, HMAC_CTX_set_flags, HMAC_CTX_get_md, HMAC_size \- HMAC message authentication code
"SYNOPSIS"
Header "SYNOPSIS" .Vb 1 #include <openssl/hmac.h> \& unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, const unsigned char *data, size_t data_len, unsigned char *md, unsigned int *md_len); .Ve

The following functions have been deprecated since OpenSSL 3.0, and can be hidden entirely by defining \s-1OPENSSL_API_COMPAT\s0 with a suitable version value, see openssl_user_macros\|(7):

.Vb 2 HMAC_CTX *HMAC_CTX_new(void); int HMAC_CTX_reset(HMAC_CTX *ctx); \& int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md, ENGINE *impl); int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len); int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); \& void HMAC_CTX_free(HMAC_CTX *ctx); \& int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx); \& size_t HMAC_size(const HMAC_CTX *e); .Ve

The following function has been deprecated since OpenSSL 1.1.0, and can be hidden entirely by defining \s-1OPENSSL_API_COMPAT\s0 with a suitable version value, see openssl_user_macros\|(7):

.Vb 2 int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md); .Ve

"DESCRIPTION"
Header "DESCRIPTION" \s-1HMAC\s0 is a \s-1MAC\s0 (message authentication code), i.e. a keyed hash function used for message authentication, which is based on a hash function.

\s-1HMAC\s0() computes the message authentication code of the data_len bytes at \fIdata using the hash function evp_md and the key key which is \fIkey_len bytes long. The key may also be \s-1NULL\s0 with key_len being 0.

It places the result in md (which must have space for the output of the hash function, which is no more than \s-1EVP_MAX_MD_SIZE\s0 bytes). If md is \s-1NULL,\s0 the digest is placed in a static array. The size of the output is placed in md_len, unless it is \s-1NULL.\s0 Note: passing a \s-1NULL\s0 value for md to use the static array is not thread safe.

\fIevp_md is a message digest such as EVP_sha1(), EVP_ripemd160() etc. \s-1HMAC\s0 does not support variable output length digests such as EVP_shake128() and \fBEVP_shake256().

\s-1HMAC\s0() uses the default \s-1OSSL_LIB_CTX\s0. Use EVP_Q_mac\|(3) instead if a library context is required.

All of the functions described below are deprecated. Applications should instead use EVP_MAC_CTX_new\|(3), EVP_MAC_CTX_free\|(3), \fBEVP_MAC_init\|(3), EVP_MAC_update\|(3) and EVP_MAC_final\|(3) or the 'quick' single-shot \s-1MAC\s0 function EVP_Q_mac\|(3).

\fBHMAC_CTX_new() creates a new \s-1HMAC_CTX\s0 in heap memory.

\fBHMAC_CTX_reset() clears an existing \s-1HMAC_CTX\s0 and associated resources, making it suitable for new computations as if it was newly created with HMAC_CTX_new().

\fBHMAC_CTX_free() erases the key and other data from the \s-1HMAC_CTX\s0, releases any associated resources and finally frees the \s-1HMAC_CTX\s0 itself.

The following functions may be used if the message is not completely stored in memory:

\fBHMAC_Init_ex() initializes or reuses a \s-1HMAC_CTX\s0 structure to use the hash function evp_md and key key. If both are \s-1NULL,\s0 or if key is \s-1NULL\s0 and evp_md is the same as the previous call, then the existing key is reused. ctx must have been created with HMAC_CTX_new() before the first use of an \s-1HMAC_CTX\s0 in this function.

If HMAC_Init_ex() is called with key \s-1NULL\s0 and evp_md is not the same as the previous digest used by ctx then an error is returned because reuse of an existing key with a different digest is not supported.

\fBHMAC_Init() initializes a \s-1HMAC_CTX\s0 structure to use the hash function evp_md and the key key which is key_len bytes long.

\fBHMAC_Update() can be called repeatedly with chunks of the message to be authenticated (len bytes at data).

\fBHMAC_Final() places the message authentication code in md, which must have space for the hash function output.

\fBHMAC_CTX_copy() copies all of the internal state from sctx into dctx.

\fBHMAC_CTX_set_flags() applies the specified flags to the internal EVP_MD_CTXs. These flags have the same meaning as for EVP_MD_CTX_set_flags\|(3).

\fBHMAC_CTX_get_md() returns the \s-1EVP_MD\s0 that has previously been set for the supplied \s-1HMAC_CTX.\s0

\fBHMAC_size() returns the length in bytes of the underlying hash function output.

"RETURN VALUES"
Header "RETURN VALUES" \s-1HMAC\s0() returns a pointer to the message authentication code or \s-1NULL\s0 if an error occurred.

\fBHMAC_CTX_new() returns a pointer to a new \s-1HMAC_CTX\s0 on success or \s-1NULL\s0 if an error occurred.

\fBHMAC_CTX_reset(), HMAC_Init_ex(), HMAC_Update(), HMAC_Final() and \fBHMAC_CTX_copy() return 1 for success or 0 if an error occurred.

\fBHMAC_CTX_get_md() return the \s-1EVP_MD\s0 previously set for the supplied \s-1HMAC_CTX\s0 or \s-1NULL\s0 if no \s-1EVP_MD\s0 has been set.

\fBHMAC_size() returns the length in bytes of the underlying hash function output or zero on error.

"CONFORMING TO"
Header "CONFORMING TO" \s-1RFC 2104\s0
"SEE ALSO"
Header "SEE ALSO" \s-1SHA1\s0\|(3), EVP_Q_mac\|(3), evp\|(7)
"HISTORY"
Header "HISTORY" All functions except for \s-1HMAC\s0() were deprecated in OpenSSL 3.0.

\fBHMAC_CTX_init() was replaced with HMAC_CTX_reset() in OpenSSL 1.1.0.

\fBHMAC_CTX_cleanup() existed in OpenSSL before version 1.1.0.

\fBHMAC_CTX_new(), HMAC_CTX_free() and HMAC_CTX_get_md() are new in OpenSSL 1.1.0.

\fBHMAC_Init_ex(), HMAC_Update() and HMAC_Final() did not return values in OpenSSL before version 1.0.0.

"COPYRIGHT"
Header "COPYRIGHT" Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>.