]>
Commit | Line | Data |
---|---|---|
3e5d9da5 RS |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
44387c90 DDO |
5 | X509_digest, |
6 | X509_digest_sig, | |
7 | X509_CRL_digest, | |
3e5d9da5 RS |
8 | X509_pubkey_digest, |
9 | X509_NAME_digest, | |
6061f80b | 10 | X509_REQ_digest, |
3ba4dac6 | 11 | PKCS7_ISSUER_AND_SERIAL_digest |
3e5d9da5 RS |
12 | - get digest of various objects |
13 | ||
14 | =head1 SYNOPSIS | |
15 | ||
16 | #include <openssl/x509.h> | |
17 | ||
18 | int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, | |
19 | unsigned int *len); | |
eefdb8e0 DDO |
20 | ASN1_OCTET_STRING *X509_digest_sig(const X509 *cert, |
21 | EVP_MD **md_used, int *md_is_fallback); | |
3e5d9da5 RS |
22 | |
23 | int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md, | |
e9b77246 | 24 | unsigned int *len); |
3e5d9da5 RS |
25 | |
26 | int X509_pubkey_digest(const X509 *data, const EVP_MD *type, | |
27 | unsigned char *md, unsigned int *len); | |
28 | ||
29 | int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, | |
30 | unsigned char *md, unsigned int *len); | |
31 | ||
32 | int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, | |
33 | unsigned char *md, unsigned int *len); | |
34 | ||
f27b9067 RS |
35 | #include <openssl/pkcs7.h> |
36 | ||
3e5d9da5 RS |
37 | int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, |
38 | const EVP_MD *type, unsigned char *md, | |
39 | unsigned int *len); | |
40 | ||
41 | =head1 DESCRIPTION | |
42 | ||
eefdb8e0 DDO |
43 | X509_digest_sig() calculates a digest of the given certificate I<cert> |
44 | using the same hash algorithm as in its signature, if the digest | |
45 | is an integral part of the certificate signature algorithm identifier. | |
46 | Otherwise, a fallback hash algorithm is determined as follows: | |
e304aa87 | 47 | SHA512 if the signature algorithm is ED25519, |
eefdb8e0 | 48 | SHAKE256 if it is ED448, otherwise SHA256. |
e304aa87 | 49 | The output parameters are assigned as follows. |
eefdb8e0 DDO |
50 | Unless I<md_used> is NULL, the hash algorithm used is provided |
51 | in I<*md_used> and must be freed by the caller (if it is not NULL). | |
52 | Unless I<md_is_fallback> is NULL, | |
53 | the I<*md_is_fallback> is set to 1 if the hash algorithm used is a fallback, | |
54 | otherwise to 0. | |
44387c90 | 55 | |
3e5d9da5 | 56 | X509_pubkey_digest() returns a digest of the DER representation of the public |
eefdb8e0 | 57 | key in the specified X509 I<data> object. |
44387c90 | 58 | |
3e5d9da5 | 59 | All other functions described here return a digest of the DER representation |
eefdb8e0 | 60 | of their entire I<data> objects. |
3e5d9da5 | 61 | |
eefdb8e0 DDO |
62 | The I<type> parameter specifies the digest to |
63 | be used, such as EVP_sha1(). The I<md> is a pointer to the buffer where the | |
3e5d9da5 | 64 | digest will be copied and is assumed to be large enough; the constant |
eefdb8e0 | 65 | B<EVP_MAX_MD_SIZE> is suggested. The I<len> parameter, if not NULL, points |
3e5d9da5 RS |
66 | to a place where the digest size will be stored. |
67 | ||
68 | =head1 RETURN VALUES | |
69 | ||
b9f96f30 | 70 | X509_digest_sig() returns an ASN1_OCTET_STRING pointer on success, else NULL. |
44387c90 DDO |
71 | |
72 | All other functions described here return 1 for success and 0 for failure. | |
3e5d9da5 RS |
73 | |
74 | =head1 SEE ALSO | |
75 | ||
9e183d22 | 76 | L<EVP_sha1(3)> |
3e5d9da5 | 77 | |
44387c90 DDO |
78 | =head1 HISTORY |
79 | ||
80 | The X509_digest_sig() function was added in OpenSSL 3.0. | |
81 | ||
3e5d9da5 RS |
82 | =head1 COPYRIGHT |
83 | ||
38fc02a7 | 84 | Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. |
3e5d9da5 | 85 | |
4746f25a | 86 | Licensed under the Apache License 2.0 (the "License"). You may not use |
3e5d9da5 RS |
87 | this file except in compliance with the License. You can obtain a copy |
88 | in the file LICENSE in the source distribution or at | |
89 | L<https://www.openssl.org/source/license.html>. | |
90 | ||
91 | =cut |