1HMAC(3ossl)                         OpenSSL                        HMAC(3ossl)
2
3
4

NAME

6       HMAC, HMAC_CTX_new, HMAC_CTX_reset, HMAC_CTX_free, HMAC_Init,
7       HMAC_Init_ex, HMAC_Update, HMAC_Final, HMAC_CTX_copy,
8       HMAC_CTX_set_flags, HMAC_CTX_get_md, HMAC_size - HMAC message
9       authentication code
10

SYNOPSIS

12        #include <openssl/hmac.h>
13
14        unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
15                            const unsigned char *data, size_t data_len,
16                            unsigned char *md, unsigned int *md_len);
17
18       The following functions have been deprecated since OpenSSL 3.0, and can
19       be hidden entirely by defining OPENSSL_API_COMPAT with a suitable
20       version value, see openssl_user_macros(7):
21
22        HMAC_CTX *HMAC_CTX_new(void);
23        int HMAC_CTX_reset(HMAC_CTX *ctx);
24
25        int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
26                         const EVP_MD *md, ENGINE *impl);
27        int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len);
28        int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
29
30        void HMAC_CTX_free(HMAC_CTX *ctx);
31
32        int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
33        void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
34        const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx);
35
36        size_t HMAC_size(const HMAC_CTX *e);
37
38       The following function has been deprecated since OpenSSL 1.1.0, and can
39       be hidden entirely by defining OPENSSL_API_COMPAT with a suitable
40       version value, see openssl_user_macros(7):
41
42        int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
43                      const EVP_MD *md);
44

DESCRIPTION

46       HMAC is a MAC (message authentication code), i.e. a keyed hash function
47       used for message authentication, which is based on a hash function.
48
49       HMAC() computes the message authentication code of the data_len bytes
50       at data using the hash function evp_md and the key key which is key_len
51       bytes long. The key may also be NULL with key_len being 0.
52
53       It places the result in md (which must have space for the output of the
54       hash function, which is no more than EVP_MAX_MD_SIZE bytes).  If md is
55       NULL, the digest is placed in a static array.  The size of the output
56       is placed in md_len, unless it is NULL. Note: passing a NULL value for
57       md to use the static array is not thread safe.
58
59       evp_md is a message digest such as EVP_sha1(), EVP_ripemd160() etc.
60       HMAC does not support variable output length digests such as
61       EVP_shake128() and EVP_shake256().
62
63       HMAC() uses the default OSSL_LIB_CTX.  Use EVP_Q_mac(3) instead if a
64       library context is required.
65
66       All of the functions described below are deprecated.  Applications
67       should instead use EVP_MAC_CTX_new(3), EVP_MAC_CTX_free(3),
68       EVP_MAC_init(3), EVP_MAC_update(3) and EVP_MAC_final(3) or the 'quick'
69       single-shot MAC function EVP_Q_mac(3).
70
71       HMAC_CTX_new() creates a new HMAC_CTX in heap memory.
72
73       HMAC_CTX_reset() clears an existing HMAC_CTX and associated resources,
74       making it suitable for new computations as if it was newly created with
75       HMAC_CTX_new().
76
77       HMAC_CTX_free() erases the key and other data from the HMAC_CTX,
78       releases any associated resources and finally frees the HMAC_CTX
79       itself.
80
81       The following functions may be used if the message is not completely
82       stored in memory:
83
84       HMAC_Init_ex() initializes or reuses a HMAC_CTX structure to use the
85       hash function evp_md and key key. If both are NULL, or if key is NULL
86       and evp_md is the same as the previous call, then the existing key is
87       reused. ctx must have been created with HMAC_CTX_new() before the first
88       use of an HMAC_CTX in this function.
89
90       If HMAC_Init_ex() is called with key NULL and evp_md is not the same as
91       the previous digest used by ctx then an error is returned because reuse
92       of an existing key with a different digest is not supported.
93
94       HMAC_Init() initializes a HMAC_CTX structure to use the hash function
95       evp_md and the key key which is key_len bytes long.
96
97       HMAC_Update() can be called repeatedly with chunks of the message to be
98       authenticated (len bytes at data).
99
100       HMAC_Final() places the message authentication code in md, which must
101       have space for the hash function output.
102
103       HMAC_CTX_copy() copies all of the internal state from sctx into dctx.
104
105       HMAC_CTX_set_flags() applies the specified flags to the internal
106       EVP_MD_CTXs.  These flags have the same meaning as for
107       EVP_MD_CTX_set_flags(3).
108
109       HMAC_CTX_get_md() returns the EVP_MD that has previously been set for
110       the supplied HMAC_CTX.
111
112       HMAC_size() returns the length in bytes of the underlying hash function
113       output.
114

RETURN VALUES

116       HMAC() returns a pointer to the message authentication code or NULL if
117       an error occurred.
118
119       HMAC_CTX_new() returns a pointer to a new HMAC_CTX on success or NULL
120       if an error occurred.
121
122       HMAC_CTX_reset(), HMAC_Init_ex(), HMAC_Update(), HMAC_Final() and
123       HMAC_CTX_copy() return 1 for success or 0 if an error occurred.
124
125       HMAC_CTX_get_md() return the EVP_MD previously set for the supplied
126       HMAC_CTX or NULL if no EVP_MD has been set.
127
128       HMAC_size() returns the length in bytes of the underlying hash function
129       output or zero on error.
130

CONFORMING TO

132       RFC 2104
133

SEE ALSO

135       SHA1(3), EVP_Q_mac(3), evp(7)
136

HISTORY

138       All functions except for HMAC() were deprecated in OpenSSL 3.0.
139
140       HMAC_CTX_init() was replaced with HMAC_CTX_reset() in OpenSSL 1.1.0.
141
142       HMAC_CTX_cleanup() existed in OpenSSL before version 1.1.0.
143
144       HMAC_CTX_new(), HMAC_CTX_free() and HMAC_CTX_get_md() are new in
145       OpenSSL 1.1.0.
146
147       HMAC_Init_ex(), HMAC_Update() and HMAC_Final() did not return values in
148       OpenSSL before version 1.0.0.
149
151       Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
152
153       Licensed under the Apache License 2.0 (the "License").  You may not use
154       this file except in compliance with the License.  You can obtain a copy
155       in the file LICENSE in the source distribution or at
156       <https://www.openssl.org/source/license.html>.
157
158
159
1603.0.9                             2023-07-27                       HMAC(3ossl)
Impressum