[thirdparty/openssl.git] / doc / man3 / EVP_MAC.pod

=pod

=head1 NAME

EVP_MAC, EVP_MAC_CTX, EVP_MAC_CTX_new, EVP_MAC_CTX_new_id, EVP_MAC_CTX_free,
EVP_MAC_CTX_copy, EVP_MAC_CTX_mac, EVP_MAC_size, EVP_MAC_init, EVP_MAC_update,
EVP_MAC_final, EVP_MAC_ctrl, EVP_MAC_vctrl, EVP_MAC_ctrl_str,
EVP_MAC_str2ctrl, EVP_MAC_hex2ctrl, EVP_MAC_nid, EVP_MAC_name,
EVP_get_macbyname, EVP_get_macbynid, EVP_get_macbyobj - EVP MAC routines

=head1 SYNOPSIS

 #include <openssl/evp.h>

 typedef struct evp_mac_st EVP_MAC;
 typedef struct evp_mac_ctx_st EVP_MAC_CTX;

 EVP_MAC_CTX *EVP_MAC_CTX_new(const EVP_MAC *mac);
 EVP_MAC_CTX *EVP_MAC_CTX_new_id(int nid);
 void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx);
 int EVP_MAC_CTX_copy(EVP_MAC_CTX *dest, EVP_MAC_CTX *src);
 const EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx);
 size_t EVP_MAC_size(EVP_MAC_CTX *ctx);
 int EVP_MAC_init(EVP_MAC_CTX *ctx);
 int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen);
 int EVP_MAC_final(EVP_MAC_CTX *ctx, unsigned char *out, size_t *poutlen);
 int EVP_MAC_ctrl(EVP_MAC_CTX *ctx, int cmd, ...);
 int EVP_MAC_vctrl(EVP_MAC_CTX *ctx, int cmd, va_list args);
 int EVP_MAC_ctrl_str(EVP_MAC_CTX *ctx, const char *type, const char *value);
 int EVP_MAC_str2ctrl(EVP_MAC_CTX *ctx, int cmd, const char *value);
 int EVP_MAC_hex2ctrl(EVP_MAC_CTX *ctx, int cmd, const char *value);
 int EVP_MAC_nid(const EVP_MAC *mac);
 const char *EVP_MAC_name(const EVP_MAC *mac);
 const EVP_MAC *EVP_get_macbyname(const char *name);
 const EVP_MAC *EVP_get_macbynid(int nid);
 const EVP_MAC *EVP_get_macbyobj(const ASN1_OBJECT *o);

=head1 DESCRIPTION

These types and functions help the application to calculate MACs of
different types and with different underlying algorithms if there are
any.

MACs are a bit complex insofar that some of them use other algorithms
for actual computation.  HMAC uses a digest, and CMAC uses a cipher.
Therefore, there are sometimes two contexts to keep track of, one for
the MAC algorithm itself and one for the underlying computation
algorithm if there is one.

To make things less ambiguous, this manual talks about a "context" or
"MAC context", which is to denote the MAC level context, and about a
"underlying context", or "computation context", which is to denote the
context for the underlying computation algorithm if there is one.

=head2 Types

B<EVP_MAC> is a type that holds the implementation of a MAC.

B<EVP_MAC_CTX> is a context type that holds internal MAC information
as well as a reference to a computation context, for those MACs that
rely on an underlying computation algorithm.

=head2 Context manipulation functions

EVP_MAC_CTX_new() creates a new context for the MAC type C<mac>.
EVP_MAC_CTX_new_id() creates a new context for the numerical MAC
identity <nid>.
The created context can then be used with most other functions
described here.

EVP_MAC_CTX_free() frees the contents of the context, including an
underlying context if there is one, as well as the context itself.
B<NULL> is a valid parameter, for which this function is a no-op.

EVP_MAC_CTX_copy() makes a deep copy of the C<src> context to the
C<dest> context.
The C<dest> context I<must> have been created before calling this
function.

EVP_MAC_CTX_mac() returns the B<EVP_MAC> associated with the context
C<ctx>.

=head2 Computing functions

EVP_MAC_init() sets up the underlying context with information given
through diverse controls.
This should be called before calling EVP_MAC_update() and
EVP_MAC_final().

EVP_MAC_reset() resets the computation for the given context.
This may not be supported by the MAC implementation.

EVP_MAC_update() adds C<datalen> bytes from C<data> to the MAC input.

EVP_MAC_final() does the final computation and stores the result in
the memory pointed at by C<out>, and sets its size in the B<size_t>
the C<poutlen> points at.
If C<out> is B<NULL>, then no computation is made.
To figure out what the output length will be and allocate space for it
dynamically, simply call with C<out> being B<NULL> and C<poutlen>
pointing at a valid location, then allocate space and make a second
call with C<out> pointing at the allocated space.

EVP_MAC_ctrl() is used to manipulate or get information on aspects of
the MAC which may vary depending on the MAC algorithm or its
implementation.
This includes the MAC key, and for MACs that use other algorithms to
do their computation, this is also the way to tell it which one to
use.
This functions takes variable arguments, the exact expected arguments
depend on C<cmd>.
EVP_MAC_ctrl() can be called both before and after EVP_MAC_init(), but
the effect will depend on what control is being use.
See L</CONTROLS> below for a description of standard controls.

EVP_MAC_vctrl() is the variant of EVP_MAC_ctrl() that takes a
C<va_list> argument instead of variadic arguments.

EVP_MAC_ctrl_str() is an alternative to EVP_MAC_ctrl() to control the
MAC implementation as E<lt> C<type>, C<value> E<gt> pairs.
The MAC implementation documentation should specify what control type
strings are accepted.

EVP_MAC_str2ctrl() and EVP_MAC_hex2ctrl() are helper functions to
control the MAC implementation with raw strings or with strings
containing hexadecimal numbers.
The latter are decoded into bitstrings that are sent on to
EVP_MAC_ctrl().

=head2 Information functions

EVP_MAC_size() returns the MAC output size for the given context.

EVP_MAC_nid() returns the numeric identity of the given MAC implementation.

EVP_MAC_name() returns the name of the given MAC implementation.

=head2 Object database functions

EVP_get_macbyname() fetches a MAC implementation from the object
database by name.

EVP_get_macbynid() fetches a MAC implementation from the object
database by numeric identity.

EVP_get_macbyobj() fetches a MAC implementation from the object
database by ASN.1 OBJECT (i.e. an encoded OID).

=head1 CONTROLS

The standard controls are:

=over 4

=item B<EVP_MAC_CTRL_SET_KEY>

This control expects two arguments: C<unsigned char *key>, C<size_t keylen>

These will set the MAC key from the given string of the given length.
The string may be any bitstring, and can contain NUL bytes.

For MACs that use an underlying computation algorithm, the algorithm
I<must> be set first, see B<EVP_MAC_CTRL_SET_ENGINE>,
B<EVP_MAC_CTRL_SET_MD> and B<EVP_MAC_CTRL_SET_CIPHER> below.

=item B<EVP_MAC_CTRL_SET_IV>

This control expects two arguments: C<unsigned char *key>, C<size_t keylen>

Some MAC implementations require an IV, this control sets the IV.

=item B<EVP_MAC_CTRL_SET_CUSTOM>

This control expects two arguments: C<unsigned char *key>, C<size_t keylen>

Some MAC implementations (KMAC) require an Customization String,
this control sets the Customization String. The default value is "".

=item B<EVP_MAC_CTRL_SET_XOF>

This control expects one argument: C<int xof>

This option is used by KMAC.


=item B<EVP_MAC_CTRL_SET_FLAGS>

This control expects one argument: C<unsigned long flags>

These will set the MAC flags to the given numbers.
Some MACs do not support this option.

=item B<EVP_MAC_CTRL_SET_ENGINE>

=item B<EVP_MAC_CTRL_SET_MD>

=item B<EVP_MAC_CTRL_SET_CIPHER>

For MAC implementations that use an underlying computation algorithm,
these controls set what the algorithm should be, and the engine that
implements the algorithm if needed.

B<EVP_MAC_CTRL_SET_ENGINE> takes one argument: C<ENGINE *>

B<EVP_MAC_CTRL_SET_MD> takes one argument: C<EVP_MD *>

B<EVP_MAC_CTRL_SET_CIPHER> takes one argument: C<EVP_CIPHER *>

=item B<EVP_MAC_CTRL_SET_SIZE>

For MAC implementations that support it, set the output size that
EVP_MAC_final() should produce.
The allowed sizes vary between MAC implementations.

=back

All these control should be used before the calls to any of
EVP_MAC_init(), EVP_MAC_update() and EVP_MAC_final() for a full
computation.
Anything else may give undefined results.

=head1 NOTES

EVP_get_macbynid(), EVP_get_macbyobj() and EVP_MAC_name() are
implemented as a macro.

=head1 RETURN VALUES

EVP_MAC_CTX_new() and EVP_MAC_CTX_new_id() return a pointer to a newly
created EVP_MAC_CTX, or NULL if allocation failed.

EVP_MAC_CTX_free() returns nothing at all.

EVP_MAC_CTX_copy(), EVP_MAC_reset(), EVP_MAC_init(), EVP_MAC_update(),
and EVP_MAC_final() return 1 on success, 0 on error.

EVP_MAC_ctrl(), EVP_MAC_ctrl_str(), EVP_MAC_str2ctrl() and
EVP_MAC_hex2ctrl() return 1 on success and 0 or a negative value on
error.
In particular, the value -2 indicates that the given control type
isn't supported by the MAC implementation.

EVP_MAC_size() returns the expected output size, or 0 if it isn't
set.
If it isn't set, a call to EVP_MAC_init() should get it set.

EVP_MAC_nid() returns the numeric identity for the given C<mac>.

EVP_MAC_name() returns the name for the given C<mac>, if it has been
added to the object database.

EVP_add_mac() returns 1 if the given C<mac> was successfully added to
the object database, otherwise 0.

EVP_get_macbyname(), EVP_get_macbynid() and EVP_get_macbyobj() return
the request MAC implementation, if it exists in the object database,
otherwise B<NULL>.

=head1 EXAMPLE

  #include <stdlib.h>
  #include <stdio.h>
  #include <string.h>
  #include <stdarg.h>
  #include <unistd.h>

  #include <openssl/evp.h>
  #include <openssl/err.h>

  int ctrl_ign_unsupported(EVP_MAC_CTX *ctx, int cmd, ...)
  {
      va_list args;
      int rv;

      va_start(args, cmd);
      rv = EVP_MAC_vctrl(ctx, cmd, args);
      va_end(args);

      if (rv == -2)
          rv = 1;       /* Ignore unsupported, pretend it worked fine */

      return rv;
  }

  int main() {
      const EVP_MAC *mac =
          EVP_get_macbyname(getenv("MY_MAC"));
      const EVP_CIPHER *cipher =
          EVP_get_cipherbyname(getenv("MY_MAC_CIPHER"));
      const EVP_MD *digest =
          EVP_get_digestbyname(getenv("MY_MAC_DIGEST"));
      const char *key = getenv("MY_KEY");
      EVP_MAC_CTX *ctx = NULL;

      unsigned char buf[4096];
      ssize_t read_l;
      size_t final_l;

      size_t i;

      if (mac == NULL
          || key == NULL
          || (ctx = EVP_MAC_CTX_new(mac)) == NULL
          || (cipher != NULL
              && !ctrl_ign_unsupported(ctx, EVP_MAC_CTRL_SET_CIPHER, cipher))
          || (digest != NULL
              && !ctrl_ign_unsupported(ctx, EVP_MAC_CTRL_SET_MD, digest))
          || EVP_MAC_ctrl(ctx, EVP_MAC_CTRL_SET_KEY, key, strlen(key)) <= 0)
          goto err;

      if (!EVP_MAC_init(ctx))
          goto err;

      while ( (read_l = read(STDIN_FILENO, buf, sizeof(buf))) < 0) {
          if (!EVP_MAC_update(ctx, buf, read_l))
              goto err;
      }

      if (!EVP_MAC_final(ctx, buf, &final_l))
          goto err;

      printf("Result: ");
      for (i = 0; i < final_l; i++)
          printf("%02X", buf[i]);
      printf("\n");

      EVP_MAC_CTX_free(ctx);
      exit(0);

   err:
      EVP_MAC_CTX_free(ctx);
      fprintf(stderr, "Something went wrong\n");
      ERR_print_errors_fp(stderr);
      exit (1);
  }

A run of this program, called with correct environment variables, can
look like this:

  $ MY_MAC=cmac MY_KEY=secret0123456789 MY_MAC_CIPHER=aes-128-cbc \
    LD_LIBRARY_PATH=. ./foo < foo.c
  Result: ECCAAFF041B22A2299EB90A1B53B6D45

(in this example, that program was stored in F<foo.c> and compiled to
F<./foo>)

=head1 SEE ALSO

L<EVP_MAC_CMAC(7)>,
L<EVP_MAC_GMAC(7)>,
L<EVP_MAC_HMAC(7)>,
L<EVP_MAC_KMAC(7)>,
L<EVP_MAC_SIPHASH(7)>,
L<EVP_MAC_POLY1305(7)>

=head1 COPYRIGHT

Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
567db2c1 RL	1	=pod
	2
	3	=head1 NAME
	4
	5	EVP_MAC, EVP_MAC_CTX, EVP_MAC_CTX_new, EVP_MAC_CTX_new_id, EVP_MAC_CTX_free,
	6	EVP_MAC_CTX_copy, EVP_MAC_CTX_mac, EVP_MAC_size, EVP_MAC_init, EVP_MAC_update,
	7	EVP_MAC_final, EVP_MAC_ctrl, EVP_MAC_vctrl, EVP_MAC_ctrl_str,
	8	EVP_MAC_str2ctrl, EVP_MAC_hex2ctrl, EVP_MAC_nid, EVP_MAC_name,
	9	EVP_get_macbyname, EVP_get_macbynid, EVP_get_macbyobj - EVP MAC routines
	10
	11	=head1 SYNOPSIS
	12
	13	#include <openssl/evp.h>
	14
	15	typedef struct evp_mac_st EVP_MAC;
	16	typedef struct evp_mac_ctx_st EVP_MAC_CTX;
	17
	18	EVP_MAC_CTX EVP_MAC_CTX_new(const EVP_MAC mac);
	19	EVP_MAC_CTX *EVP_MAC_CTX_new_id(int nid);
	20	void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx);
	21	int EVP_MAC_CTX_copy(EVP_MAC_CTX dest, EVP_MAC_CTX src);
	22	const EVP_MAC EVP_MAC_CTX_mac(EVP_MAC_CTX ctx);
	23	size_t EVP_MAC_size(EVP_MAC_CTX *ctx);
	24	int EVP_MAC_init(EVP_MAC_CTX *ctx);
	25	int EVP_MAC_update(EVP_MAC_CTX ctx, const unsigned char data, size_t datalen);
	26	int EVP_MAC_final(EVP_MAC_CTX ctx, unsigned char out, size_t *poutlen);
	27	int EVP_MAC_ctrl(EVP_MAC_CTX *ctx, int cmd, ...);
	28	int EVP_MAC_vctrl(EVP_MAC_CTX *ctx, int cmd, va_list args);
	29	int EVP_MAC_ctrl_str(EVP_MAC_CTX ctx, const char type, const char *value);
	30	int EVP_MAC_str2ctrl(EVP_MAC_CTX ctx, int cmd, const char value);
	31	int EVP_MAC_hex2ctrl(EVP_MAC_CTX ctx, int cmd, const char value);
	32	int EVP_MAC_nid(const EVP_MAC *mac);
	33	const char EVP_MAC_name(const EVP_MAC mac);
	34	const EVP_MAC EVP_get_macbyname(const char name);
	35	const EVP_MAC *EVP_get_macbynid(int nid);
	36	const EVP_MAC EVP_get_macbyobj(const ASN1_OBJECT o);
	37
	38	=head1 DESCRIPTION
	39
	40	These types and functions help the application to calculate MACs of
	41	different types and with different underlying algorithms if there are
	42	any.
	43
	44	MACs are a bit complex insofar that some of them use other algorithms
	45	for actual computation. HMAC uses a digest, and CMAC uses a cipher.
	46	Therefore, there are sometimes two contexts to keep track of, one for
	47	the MAC algorithm itself and one for the underlying computation
	48	algorithm if there is one.
	49
	50	To make things less ambiguous, this manual talks about a "context" or
	51	"MAC context", which is to denote the MAC level context, and about a
	52	"underlying context", or "computation context", which is to denote the
	53	context for the underlying computation algorithm if there is one.
	54
	55	=head2 Types
	56
	57	B<EVP_MAC> is a type that holds the implementation of a MAC.
	58
	59	B<EVP_MAC_CTX> is a context type that holds internal MAC information
	60	as well as a reference to a computation context, for those MACs that
	61	rely on an underlying computation algorithm.
	62
	63	=head2 Context manipulation functions
	64
65	EVP_MAC_CTX_new() creates a new context for the MAC type C<mac>.
66	EVP_MAC_CTX_new_id() creates a new context for the numerical MAC
67	identity <nid>.
68	The created context can then be used with most other functions
69	described here.
70
71	EVP_MAC_CTX_free() frees the contents of the context, including an
72	underlying context if there is one, as well as the context itself.
73	B<NULL> is a valid parameter, for which this function is a no-op.
74
75	EVP_MAC_CTX_copy() makes a deep copy of the C<src> context to the
76	C<dest> context.
77	The C<dest> context I<must> have been created before calling this
78	function.
79
80	EVP_MAC_CTX_mac() returns the B<EVP_MAC> associated with the context
81	C<ctx>.
82
83	=head2 Computing functions
84
85	EVP_MAC_init() sets up the underlying context with information given
86	through diverse controls.
87	This should be called before calling EVP_MAC_update() and
88	EVP_MAC_final().
89
90	EVP_MAC_reset() resets the computation for the given context.
91	This may not be supported by the MAC implementation.
92
93	EVP_MAC_update() adds C<datalen> bytes from C<data> to the MAC input.
94
95	EVP_MAC_final() does the final computation and stores the result in
96	the memory pointed at by C<out>, and sets its size in the B<size_t>
97	the C<poutlen> points at.
98	If C<out> is B<NULL>, then no computation is made.
99	To figure out what the output length will be and allocate space for it
100	dynamically, simply call with C<out> being B<NULL> and C<poutlen>
101	pointing at a valid location, then allocate space and make a second
102	call with C<out> pointing at the allocated space.
103
104	EVP_MAC_ctrl() is used to manipulate or get information on aspects of
105	the MAC which may vary depending on the MAC algorithm or its
106	implementation.
107	This includes the MAC key, and for MACs that use other algorithms to
108	do their computation, this is also the way to tell it which one to
109	use.
110	This functions takes variable arguments, the exact expected arguments
111	depend on C<cmd>.
112	EVP_MAC_ctrl() can be called both before and after EVP_MAC_init(), but
113	the effect will depend on what control is being use.
cf1698cb	114	See L</CONTROLS> below for a description of standard controls.
567db2c1 RL	115
	116	EVP_MAC_vctrl() is the variant of EVP_MAC_ctrl() that takes a
	117	C<va_list> argument instead of variadic arguments.
	118
	119	EVP_MAC_ctrl_str() is an alternative to EVP_MAC_ctrl() to control the
	120	MAC implementation as E<lt> C<type>, C<value> E<gt> pairs.
	121	The MAC implementation documentation should specify what control type
	122	strings are accepted.
	123
	124	EVP_MAC_str2ctrl() and EVP_MAC_hex2ctrl() are helper functions to
	125	control the MAC implementation with raw strings or with strings
	126	containing hexadecimal numbers.
	127	The latter are decoded into bitstrings that are sent on to
	128	EVP_MAC_ctrl().
	129
	130	=head2 Information functions
	131
	132	EVP_MAC_size() returns the MAC output size for the given context.
	133
	134	EVP_MAC_nid() returns the numeric identity of the given MAC implementation.
	135
	136	EVP_MAC_name() returns the name of the given MAC implementation.
	137
	138	=head2 Object database functions
	139
	140	EVP_get_macbyname() fetches a MAC implementation from the object
	141	database by name.
	142
	143	EVP_get_macbynid() fetches a MAC implementation from the object
	144	database by numeric identity.
	145
	146	EVP_get_macbyobj() fetches a MAC implementation from the object
	147	database by ASN.1 OBJECT (i.e. an encoded OID).
	148
	149	=head1 CONTROLS
	150
	151	The standard controls are:
	152
	153	=over 4
	154
	155	=item B<EVP_MAC_CTRL_SET_KEY>
	156
	157	This control expects two arguments: C<unsigned char *key>, C<size_t keylen>
	158
	159	These will set the MAC key from the given string of the given length.
	160	The string may be any bitstring, and can contain NUL bytes.
	161
	162	For MACs that use an underlying computation algorithm, the algorithm
	163	I<must> be set first, see B<EVP_MAC_CTRL_SET_ENGINE>,
	164	B<EVP_MAC_CTRL_SET_MD> and B<EVP_MAC_CTRL_SET_CIPHER> below.
	165
afc580b9 P	166	=item B<EVP_MAC_CTRL_SET_IV>
	167
	168	This control expects two arguments: C<unsigned char *key>, C<size_t keylen>
	169
	170	Some MAC implementations require an IV, this control sets the IV.
	171
6e624a64 SL	172	=item B<EVP_MAC_CTRL_SET_CUSTOM>
	173
	174	This control expects two arguments: C<unsigned char *key>, C<size_t keylen>
	175
	176	Some MAC implementations (KMAC) require an Customization String,
	177	this control sets the Customization String. The default value is "".
	178
	179	=item B<EVP_MAC_CTRL_SET_XOF>
	180
	181	This control expects one argument: C<int xof>
	182
	183	This option is used by KMAC.
	184
	185
567db2c1 RL	186	=item B<EVP_MAC_CTRL_SET_FLAGS>
567db2c1 RL	187
6e624a64	188	This control expects one argument: C<unsigned long flags>
567db2c1 RL	189
	190	These will set the MAC flags to the given numbers.
	191	Some MACs do not support this option.
	192
	193	=item B<EVP_MAC_CTRL_SET_ENGINE>
	194
	195	=item B<EVP_MAC_CTRL_SET_MD>
	196
	197	=item B<EVP_MAC_CTRL_SET_CIPHER>
	198
	199	For MAC implementations that use an underlying computation algorithm,
	200	these controls set what the algorithm should be, and the engine that
	201	implements the algorithm if needed.
	202
	203	B<EVP_MAC_CTRL_SET_ENGINE> takes one argument: C<ENGINE *>
	204
	205	B<EVP_MAC_CTRL_SET_MD> takes one argument: C<EVP_MD *>
	206
	207	B<EVP_MAC_CTRL_SET_CIPHER> takes one argument: C<EVP_CIPHER *>
	208
	209	=item B<EVP_MAC_CTRL_SET_SIZE>
	210
	211	For MAC implementations that support it, set the output size that
	212	EVP_MAC_final() should produce.
	213	The allowed sizes vary between MAC implementations.
	214
	215	=back
	216
	217	All these control should be used before the calls to any of
	218	EVP_MAC_init(), EVP_MAC_update() and EVP_MAC_final() for a full
	219	computation.
	220	Anything else may give undefined results.
	221
	222	=head1 NOTES
	223
	224	EVP_get_macbynid(), EVP_get_macbyobj() and EVP_MAC_name() are
	225	implemented as a macro.
	226
	227	=head1 RETURN VALUES
	228
	229	EVP_MAC_CTX_new() and EVP_MAC_CTX_new_id() return a pointer to a newly
	230	created EVP_MAC_CTX, or NULL if allocation failed.
	231
	232	EVP_MAC_CTX_free() returns nothing at all.
	233
	234	EVP_MAC_CTX_copy(), EVP_MAC_reset(), EVP_MAC_init(), EVP_MAC_update(),
	235	and EVP_MAC_final() return 1 on success, 0 on error.
	236
	237	EVP_MAC_ctrl(), EVP_MAC_ctrl_str(), EVP_MAC_str2ctrl() and
	238	EVP_MAC_hex2ctrl() return 1 on success and 0 or a negative value on
	239	error.
	240	In particular, the value -2 indicates that the given control type
	241	isn't supported by the MAC implementation.
	242
	243	EVP_MAC_size() returns the expected output size, or 0 if it isn't
	244	set.
	245	If it isn't set, a call to EVP_MAC_init() should get it set.
	246
	247	EVP_MAC_nid() returns the numeric identity for the given C<mac>.
	248
	249	EVP_MAC_name() returns the name for the given C<mac>, if it has been
	250	added to the object database.
	251
	252	EVP_add_mac() returns 1 if the given C<mac> was successfully added to
253	the object database, otherwise 0.
254
255	EVP_get_macbyname(), EVP_get_macbynid() and EVP_get_macbyobj() return
256	the request MAC implementation, if it exists in the object database,
257	otherwise B<NULL>.
258
259	=head1 EXAMPLE
260
261	#include <stdlib.h>
262	#include <stdio.h>
263	#include <string.h>
264	#include <stdarg.h>
265	#include <unistd.h>
266
267	#include <openssl/evp.h>
268	#include <openssl/err.h>
269
270	int ctrl_ign_unsupported(EVP_MAC_CTX *ctx, int cmd, ...)
271	{
272	va_list args;
273	int rv;
274
275	va_start(args, cmd);
276	rv = EVP_MAC_vctrl(ctx, cmd, args);
277	va_end(args);
278
279	if (rv == -2)
280	rv = 1; /* Ignore unsupported, pretend it worked fine */
281
282	return rv;
283	}
284
285	int main() {
286	const EVP_MAC *mac =
287	EVP_get_macbyname(getenv("MY_MAC"));
288	const EVP_CIPHER *cipher =
289	EVP_get_cipherbyname(getenv("MY_MAC_CIPHER"));
290	const EVP_MD *digest =
291	EVP_get_digestbyname(getenv("MY_MAC_DIGEST"));
292	const char *key = getenv("MY_KEY");
293	EVP_MAC_CTX *ctx = NULL;
294
295	unsigned char buf[4096];
296	ssize_t read_l;
297	size_t final_l;
298
299	size_t i;
300
301	if (mac == NULL
302	\|\| key == NULL
303	\|\| (ctx = EVP_MAC_CTX_new(mac)) == NULL
304	\|\| (cipher != NULL
305	&& !ctrl_ign_unsupported(ctx, EVP_MAC_CTRL_SET_CIPHER, cipher))
306	\|\| (digest != NULL
307	&& !ctrl_ign_unsupported(ctx, EVP_MAC_CTRL_SET_MD, digest))
308	\|\| EVP_MAC_ctrl(ctx, EVP_MAC_CTRL_SET_KEY, key, strlen(key)) <= 0)
309	goto err;
310
311	if (!EVP_MAC_init(ctx))
312	goto err;
313
314	while ( (read_l = read(STDIN_FILENO, buf, sizeof(buf))) < 0) {
315	if (!EVP_MAC_update(ctx, buf, read_l))
316	goto err;
317	}
318
319	if (!EVP_MAC_final(ctx, buf, &final_l))
320	goto err;
321
322	printf("Result: ");
323	for (i = 0; i < final_l; i++)
324	printf("%02X", buf[i]);
325	printf("\n");
326
327	EVP_MAC_CTX_free(ctx);
328	exit(0);
329
330	err:
331	EVP_MAC_CTX_free(ctx);
332	fprintf(stderr, "Something went wrong\n");
333	ERR_print_errors_fp(stderr);
334	exit (1);
335	}
336
337	A run of this program, called with correct environment variables, can
338	look like this:
339
340	$ MY_MAC=cmac MY_KEY=secret0123456789 MY_MAC_CIPHER=aes-128-cbc \
341	LD_LIBRARY_PATH=. ./foo < foo.c
342	Result: ECCAAFF041B22A2299EB90A1B53B6D45
343
344	(in this example, that program was stored in F<foo.c> and compiled to
345	F<./foo>)
346
347	=head1 SEE ALSO
348
6723f867	349	L<EVP_MAC_CMAC(7)>,
afc580b9	350	L<EVP_MAC_GMAC(7)>,
c89d9cda	351	L<EVP_MAC_HMAC(7)>,
6e624a64	352	L<EVP_MAC_KMAC(7)>,
c1da4b2a PY	353	L<EVP_MAC_SIPHASH(7)>,
c1da4b2a PY	354	L<EVP_MAC_POLY1305(7)>
567db2c1	355
567db2c1 RL	356	=head1 COPYRIGHT
	357
	358	Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
	359
4746f25a	360	Licensed under the Apache License 2.0 (the "License"). You may not use
567db2c1 RL	361	this file except in compliance with the License. You can obtain a copy
	362	in the file LICENSE in the source distribution or at
	363	L<https://www.openssl.org/source/license.html>.
	364
	365	=cut