1X509_DIGEST(3ossl)                  OpenSSL                 X509_DIGEST(3ossl)
2
3
4

NAME

6       X509_digest, X509_digest_sig, X509_CRL_digest, X509_pubkey_digest,
7       X509_NAME_digest, X509_REQ_digest, PKCS7_ISSUER_AND_SERIAL_digest - get
8       digest of various objects
9

SYNOPSIS

11        #include <openssl/x509.h>
12
13        int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
14                        unsigned int *len);
15        ASN1_OCTET_STRING *X509_digest_sig(const X509 *cert,
16                                           EVP_MD **md_used, int *md_is_fallback);
17
18        int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md,
19                            unsigned int *len);
20
21        int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
22                               unsigned char *md, unsigned int *len);
23
24        int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
25                            unsigned char *md, unsigned int *len);
26
27        int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
28                             unsigned char *md, unsigned int *len);
29
30        #include <openssl/pkcs7.h>
31
32        int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
33                                           const EVP_MD *type, unsigned char *md,
34                                           unsigned int *len);
35

DESCRIPTION

37       X509_digest_sig() calculates a digest of the given certificate cert
38       using the same hash algorithm as in its signature, if the digest is an
39       integral part of the certificate signature algorithm identifier.
40       Otherwise, a fallback hash algorithm is determined as follows: SHA512
41       if the signature algorithm is ED25519, SHAKE256 if it is ED448,
42       otherwise SHA256.  The output parameters are assigned as follows.
43       Unless md_used is NULL, the hash algorithm used is provided in *md_used
44       and must be freed by the caller (if it is not NULL).  Unless
45       md_is_fallback is NULL, the *md_is_fallback is set to 1 if the hash
46       algorithm used is a fallback, otherwise to 0.
47
48       X509_pubkey_digest() returns a digest of the DER representation of the
49       public key in the specified X509 data object.
50
51       All other functions described here return a digest of the DER
52       representation of their entire data objects.
53
54       The type parameter specifies the digest to be used, such as EVP_sha1().
55       The md is a pointer to the buffer where the digest will be copied and
56       is assumed to be large enough; the constant EVP_MAX_MD_SIZE is
57       suggested. The len parameter, if not NULL, points to a place where the
58       digest size will be stored.
59

RETURN VALUES

61       X509_digest_sig() returns an ASN1_OCTET_STRING pointer on success, else
62       NULL.
63
64       All other functions described here return 1 for success and 0 for
65       failure.
66

SEE ALSO

68       EVP_sha1(3)
69

HISTORY

71       The X509_digest_sig() function was added in OpenSSL 3.0.
72

74       Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
75
76       Licensed under the Apache License 2.0 (the "License").  You may not use
77       this file except in compliance with the License.  You can obtain a copy
78       in the file LICENSE in the source distribution or at
79       <https://www.openssl.org/source/license.html>.
80
81
82
833.1.1                             2023-08-31                X509_DIGEST(3ossl)
Impressum