X509_digest.3ossl 4.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144
  1. .\" -*- mode: troff; coding: utf-8 -*-
  2. .\" Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43)
  3. .\"
  4. .\" Standard preamble:
  5. .\" ========================================================================
  6. .de Sp \" Vertical space (when we can't use .PP)
  7. .if t .sp .5v
  8. .if n .sp
  9. ..
  10. .de Vb \" Begin verbatim text
  11. .ft CW
  12. .nf
  13. .ne \\$1
  14. ..
  15. .de Ve \" End verbatim text
  16. .ft R
  17. .fi
  18. ..
  19. .\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
  20. .ie n \{\
  21. . ds C` ""
  22. . ds C' ""
  23. 'br\}
  24. .el\{\
  25. . ds C`
  26. . ds C'
  27. 'br\}
  28. .\"
  29. .\" Escape single quotes in literal strings from groff's Unicode transform.
  30. .ie \n(.g .ds Aq \(aq
  31. .el .ds Aq '
  32. .\"
  33. .\" If the F register is >0, we'll generate index entries on stderr for
  34. .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
  35. .\" entries marked with X<> in POD. Of course, you'll have to process the
  36. .\" output yourself in some meaningful fashion.
  37. .\"
  38. .\" Avoid warning from groff about undefined register 'F'.
  39. .de IX
  40. ..
  41. .nr rF 0
  42. .if \n(.g .if rF .nr rF 1
  43. .if (\n(rF:(\n(.g==0)) \{\
  44. . if \nF \{\
  45. . de IX
  46. . tm Index:\\$1\t\\n%\t"\\$2"
  47. ..
  48. . if !\nF==2 \{\
  49. . nr % 0
  50. . nr F 2
  51. . \}
  52. . \}
  53. .\}
  54. .rr rF
  55. .\" ========================================================================
  56. .\"
  57. .IX Title "X509_DIGEST 3ossl"
  58. .TH X509_DIGEST 3ossl 2025-01-17 3.4.0 OpenSSL
  59. .\" For nroff, turn off justification. Always turn off hyphenation; it makes
  60. .\" way too many mistakes in technical documents.
  61. .if n .ad l
  62. .nh
  63. .SH NAME
  64. X509_digest,
  65. X509_digest_sig,
  66. X509_CRL_digest,
  67. X509_pubkey_digest,
  68. X509_NAME_digest,
  69. X509_REQ_digest,
  70. PKCS7_ISSUER_AND_SERIAL_digest
  71. \&\- get digest of various objects
  72. .SH SYNOPSIS
  73. .IX Header "SYNOPSIS"
  74. .Vb 1
  75. \& #include <openssl/x509.h>
  76. \&
  77. \& int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
  78. \& unsigned int *len);
  79. \& ASN1_OCTET_STRING *X509_digest_sig(const X509 *cert,
  80. \& EVP_MD **md_used, int *md_is_fallback);
  81. \&
  82. \& int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md,
  83. \& unsigned int *len);
  84. \&
  85. \& int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
  86. \& unsigned char *md, unsigned int *len);
  87. \&
  88. \& int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
  89. \& unsigned char *md, unsigned int *len);
  90. \&
  91. \& int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
  92. \& unsigned char *md, unsigned int *len);
  93. \&
  94. \& #include <openssl/pkcs7.h>
  95. \&
  96. \& int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
  97. \& const EVP_MD *type, unsigned char *md,
  98. \& unsigned int *len);
  99. .Ve
  100. .SH DESCRIPTION
  101. .IX Header "DESCRIPTION"
  102. \&\fBX509_digest_sig()\fR calculates a digest of the given certificate \fIcert\fR
  103. using the same hash algorithm as in its signature, if the digest
  104. is an integral part of the certificate signature algorithm identifier.
  105. Otherwise, a fallback hash algorithm is determined as follows:
  106. SHA512 if the signature algorithm is ED25519,
  107. SHAKE256 if it is ED448, otherwise SHA256.
  108. The output parameters are assigned as follows.
  109. Unless \fImd_used\fR is NULL, the hash algorithm used is provided
  110. in \fI*md_used\fR and must be freed by the caller (if it is not NULL).
  111. Unless \fImd_is_fallback\fR is NULL,
  112. the \fI*md_is_fallback\fR is set to 1 if the hash algorithm used is a fallback,
  113. otherwise to 0.
  114. .PP
  115. \&\fBX509_pubkey_digest()\fR returns a digest of the DER representation of the public
  116. key in the specified X509 \fIdata\fR object.
  117. .PP
  118. All other functions described here return a digest of the DER representation
  119. of their entire \fIdata\fR objects.
  120. .PP
  121. The \fItype\fR parameter specifies the digest to
  122. be used, such as \fBEVP_sha1()\fR. The \fImd\fR is a pointer to the buffer where the
  123. digest will be copied and is assumed to be large enough; the constant
  124. \&\fBEVP_MAX_MD_SIZE\fR is suggested. The \fIlen\fR parameter, if not NULL, points
  125. to a place where the digest size will be stored.
  126. .SH "RETURN VALUES"
  127. .IX Header "RETURN VALUES"
  128. \&\fBX509_digest_sig()\fR returns an ASN1_OCTET_STRING pointer on success, else NULL.
  129. .PP
  130. All other functions described here return 1 for success and 0 for failure.
  131. .SH "SEE ALSO"
  132. .IX Header "SEE ALSO"
  133. \&\fBEVP_sha1\fR\|(3)
  134. .SH HISTORY
  135. .IX Header "HISTORY"
  136. The \fBX509_digest_sig()\fR function was added in OpenSSL 3.0.
  137. .SH COPYRIGHT
  138. .IX Header "COPYRIGHT"
  139. Copyright 2017\-2022 The OpenSSL Project Authors. All Rights Reserved.
  140. .PP
  141. Licensed under the Apache License 2.0 (the "License"). You may not use
  142. this file except in compliance with the License. You can obtain a copy
  143. in the file LICENSE in the source distribution or at
  144. <https://www.openssl.org/source/license.html>.