[thirdparty/openssl.git] / doc / man3 / EVP_MAC.pod

=pod

=head1 NAME

EVP_MAC, EVP_MAC_fetch, EVP_MAC_up_ref, EVP_MAC_free, EVP_MAC_name,
EVP_MAC_get_params, EVP_MAC_gettable_params,
EVP_MAC_CTX, EVP_MAC_CTX_new, EVP_MAC_CTX_free, EVP_MAC_CTX_dup,
EVP_MAC_CTX_mac, EVP_MAC_CTX_get_params, EVP_MAC_CTX_set_params,
EVP_MAC_size, EVP_MAC_init, EVP_MAC_update, EVP_MAC_final,
EVP_MAC_CTX_gettable_params, EVP_MAC_CTX_settable_params
- EVP MAC routines

=head1 SYNOPSIS

 #include <openssl/evp.h>

 typedef struct evp_mac_st EVP_MAC;
 typedef struct evp_mac_ctx_st EVP_MAC_CTX;

 EVP_MAC *EVP_MAC_fetch(OPENSSL_CTX *libctx, const char *algorithm,
                        const char *properties);
 int EVP_MAC_up_ref(EVP_MAC *mac);
 void EVP_MAC_free(EVP_MAC *mac);
 const char *EVP_MAC_name(const EVP_MAC *mac);
 int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]);

 EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac);
 void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx);
 EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src);
 EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx);
 int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]);
 int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]);

 size_t EVP_MAC_size(EVP_MAC_CTX *ctx);
 int EVP_MAC_init(EVP_MAC_CTX *ctx);
 int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen);
 int EVP_MAC_final(EVP_MAC_CTX *ctx,
                   unsigned char *out, size_t *outl, size_t outsize);

 const OSSL_PARAM *EVP_MAC_gettable_params(const EVP_MAC *mac);
 const OSSL_PARAM *EVP_MAC_CTX_gettable_params(const EVP_MAC *mac);
 const OSSL_PARAM *EVP_MAC_CTX_settable_params(const EVP_MAC *mac);

=head1 DESCRIPTION

These types and functions help the application to calculate MACs of
different types and with different underlying algorithms if there are
any.

MACs are a bit complex insofar that some of them use other algorithms
for actual computation.  HMAC uses a digest, and CMAC uses a cipher.
Therefore, there are sometimes two contexts to keep track of, one for
the MAC algorithm itself and one for the underlying computation
algorithm if there is one.

To make things less ambiguous, this manual talks about a "context" or
"MAC context", which is to denote the MAC level context, and about a
"underlying context", or "computation context", which is to denote the
context for the underlying computation algorithm if there is one.

=head2 Types

B<EVP_MAC> is a type that holds the implementation of a MAC.

B<EVP_MAC_CTX> is a context type that holds internal MAC information
as well as a reference to a computation context, for those MACs that
rely on an underlying computation algorithm.

=head2 Algorithm implementation fetching

EVP_MAC_fetch() fetches an implementation of a MAC I<algorithm>, given
a library context I<libctx> and a set of I<properties>.
See L<provider(7)/Fetching algorithms> for further information.

The returned value must eventually be freed with
L<EVP_MAC_free(3)>.

EVP_MAC_up_ref() increments the reference count of an already fetched
MAC.

EVP_MAC_free() frees a fetched algorithm.
NULL is a valid parameter, for which this function is a no-op.

=head2 Context manipulation functions

EVP_MAC_CTX_new() creates a new context for the MAC type I<mac>.
The created context can then be used with most other functions
described here.

EVP_MAC_CTX_free() frees the contents of the context, including an
underlying context if there is one, as well as the context itself.
NULL is a valid parameter, for which this function is a no-op.

EVP_MAC_CTX_dup() duplicates the I<src> context and returns a newly allocated
context.

EVP_MAC_CTX_mac() returns the B<EVP_MAC> associated with the context
I<ctx>.

=head2 Computing functions

EVP_MAC_init() sets up the underlying context with information given
through diverse controls.
This should be called before calling EVP_MAC_update() and
EVP_MAC_final().

EVP_MAC_update() adds I<datalen> bytes from I<data> to the MAC input.

EVP_MAC_final() does the final computation and stores the result in
the memory pointed at by I<out> of size I<outsize>, and sets the number
of bytes written in I<*outl> at.
If I<out> is B<NULL> or I<outsize> is too small, then no computation
is made.
To figure out what the output length will be and allocate space for it
dynamically, simply call with I<out> being B<NULL> and I<outl>
pointing at a valid location, then allocate space and make a second
call with I<out> pointing at the allocated space.

EVP_MAC_get_params() retrieves details about the implementation
I<mac>.
The set of parameters given with I<params> determine exactly what
parameters should be retrieved.
Note that a parameter that is unknown in the underlying context is
simply ignored.

EVP_MAC_CTX_get_params() retrieves chosen parameters, given the
context I<ctx> and its underlying context.
The set of parameters given with I<params> determine exactly what
parameters should be retrieved.
Note that a parameter that is unknown in the underlying context is
simply ignored.

EVP_MAC_CTX_set_params() passes chosen parameters to the underlying
context, given a context I<ctx>.
The set of parameters given with I<params> determine exactly what
parameters are passed down.
Note that a parameter that is unknown in the underlying context is
simply ignored.
Also, what happens when a needed parameter isn't passed down is
defined by the implementation.

EVP_MAC_gettable_params(), EVP_MAC_CTX_gettable_params() and
EVP_MAC_CTX_settable_params() get a constant B<OSSL_PARAM> array that
decribes the retrievable and settable parameters, i.e. parameters that
can be used with EVP_MAC_CTX_get_params(), EVP_MAC_CTX_get_params()
and EVP_MAC_CTX_set_params(), respectively.
See L<OSSL_PARAM(3)> for the use of B<OSSL_PARAM> as parameter descriptor.

=head2 Information functions

EVP_MAC_size() returns the MAC output size for the given context.

EVP_MAC_name() returns the name of the given MAC implementation.

=head1 PARAMETER NAMES

The standard parameter names are:

=over 4

=item OSSL_MAC_PARAM_KEY ("key") <octet string>

Its value is the MAC key as an array of bytes.

For MACs that use an underlying computation algorithm, the algorithm
must be set first, see parameter names "algorithm" below.

=item OSSL_MAC_PARAM_IV ("iv") <octet string>

Some MAC implementations require an IV, this parameter sets the IV.

=item OSSL_MAC_PARAM_CUSTOM ("custom") <octet string>

Some MAC implementations (KMAC, BLAKE2) accept a Customization String,
this parameter sets the Customization String. The default value is the
empty string.

=item OSSL_MAC_PARAM_SALT ("salt") <octet string>

This option is used by BLAKE2 MAC.

=item OSSL_MAC_PARAM_XOF ("xof") <int>

It's a simple flag, the value 0 or 1 are expected.

This option is used by KMAC.

=item OSSL_MAC_PARAM_FLAGS ("flags") <int>

These will set the MAC flags to the given numbers.
Some MACs do not support this option.

=item OSSL_MAC_PARAM_ENGINE ("engine") <utf8string>

=item OSSL_MAC_PARAM_MD ("md") <utf8string>

=item OSSL_MAC_PARAM_DIGEST ("digest") <utf8string>

=item OSSL_MAC_PARAM_CIPHER ("cipher") <utf8string>

=item OSSL_MAC_PARAM_ALGORITHM ("algorithm") <utf8string>

For MAC implementations that use an underlying computation algorithm,
these parameters set what the algorithm should be, and the engine that
implements the algorithm if needed.

The value is always the name of the intended engine or algorithm.

Note that not all algorithms may support all digests.
HMAC does not support variable output length digests such as SHAKE128
or SHAKE256.

Also note that OSSL_MAC_PARAM_ALGORITHM can be use generically instead
of OSSL_MAC_PARAM_MD, OSSL_MAC_PARAM_DIGEST or OSSL_MAC_PARAM_CIPHER,
and that OSSL_MAC_PARAM_MD and OSSL_MAC_PARAM_DIGEST are also interchangable.

=item OSSL_MAC_PARAM_SIZE <unsigned int>

For MAC implementations that support it, set the output size that
EVP_MAC_final() should produce.
The allowed sizes vary between MAC implementations.

=back

All these parameters should be used before the calls to any of
EVP_MAC_init(), EVP_MAC_update() and EVP_MAC_final() for a full
computation.
Anything else may give undefined results.

=head1 RETURN VALUES

EVP_MAC_fetch() returns a pointer to a newly fetched EVP_MAC, or
NULL if allocation failed.

EVP_MAC_up_ref() returns 1 on success, 0 on error.

EVP_MAC_free() returns nothing at all.

EVP_MAC_name() returns the name of the MAC, or NULL if NULL was
passed.

EVP_MAC_CTX_new() and EVP_MAC_CTX_dup() return a pointer to a newly
created EVP_MAC_CTX, or NULL if allocation failed.

EVP_MAC_CTX_free() returns nothing at all.

EVP_MAC_CTX_get_params() and EVP_MAC_CTX_set_params() return 1 on
success, 0 on error.

EVP_MAC_init(), EVP_MAC_update(), and EVP_MAC_final() return 1 on success, 0
on error.

EVP_MAC_size() returns the expected output size, or 0 if it isn't
set.
If it isn't set, a call to EVP_MAC_init() should get it set.


=head1 EXAMPLE

  #include <stdlib.h>
  #include <stdio.h>
  #include <string.h>
  #include <stdarg.h>
  #include <unistd.h>

  #include <openssl/evp.h>
  #include <openssl/err.h>
  #include <openssl/params.h>

  int main() {
      EVP_MAC *mac = EVP_MAC_fetch(NULL, getenv("MY_MAC"), NULL);
      const char *cipher = getenv("MY_MAC_CIPHER");
      const char *digest = getenv("MY_MAC_DIGEST");
      const char *key = getenv("MY_KEY");
      EVP_MAC_CTX *ctx = NULL;

      unsigned char buf[4096];
      ssize_t read_l;
      size_t final_l;

      size_t i;

      OSSL_PARAM params[4];
      size_t params_n = 0;

      if (cipher != NULL)
          params[params_n++] =
              OSSL_PARAM_construct_utf8_string("cipher", cipher,
                                               strlen(cipher) + 1, NULL);
      if (digest != NULL)
          params[params_n++] =
              OSSL_PARAM_construct_utf8_string("digest", digest,
                                               strlen(digest) + 1, NULL);
      params[params_n++] =
          OSSL_PARAM_construct_octet_string("key", key, strlen(key), NULL);
      params[params_n] = OSSL_PARAM_construct_end();

      if (mac == NULL
          || key == NULL
          || (ctx = EVP_MAC_CTX_new(mac)) == NULL
          || EVP_MAC_CTX_set_params(ctx, params) <= 0)
          goto err;

      if (!EVP_MAC_init(ctx))
          goto err;

      while ( (read_l = read(STDIN_FILENO, buf, sizeof(buf))) < 0) {
          if (!EVP_MAC_update(ctx, buf, read_l))
              goto err;
      }

      if (!EVP_MAC_final(ctx, buf, &final_l))
          goto err;

      printf("Result: ");
      for (i = 0; i < final_l; i++)
          printf("%02X", buf[i]);
      printf("\n");

      EVP_MAC_CTX_free(ctx);
      EVP_MAC_free(mac);
      exit(0);

   err:
      EVP_MAC_CTX_free(ctx);
      EVP_MAC_free(mac);
      fprintf(stderr, "Something went wrong\n");
      ERR_print_errors_fp(stderr);
      exit (1);
  }

A run of this program, called with correct environment variables, can
look like this:

  $ MY_MAC=cmac MY_KEY=secret0123456789 MY_MAC_CIPHER=aes-128-cbc \
    LD_LIBRARY_PATH=. ./foo < foo.c
  Result: ECCAAFF041B22A2299EB90A1B53B6D45

(in this example, that program was stored in F<foo.c> and compiled to
F<./foo>)

=head1 SEE ALSO

L<property(7)>
L<OSSL_PARAM(3)>,
L<EVP_MAC_BLAKE2(7)>,
L<EVP_MAC_CMAC(7)>,
L<EVP_MAC_GMAC(7)>,
L<EVP_MAC_HMAC(7)>,
L<EVP_MAC_KMAC(7)>,
L<EVP_MAC_SIPHASH(7)>,
L<EVP_MAC_POLY1305(7)>

=head1 HISTORY

These functions were added in OpenSSL 3.0.

=head1 COPYRIGHT

Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
	1	=pod
	2
	3	=head1 NAME
	4
	5	EVP_MAC, EVP_MAC_fetch, EVP_MAC_up_ref, EVP_MAC_free, EVP_MAC_name,
	6	EVP_MAC_get_params, EVP_MAC_gettable_params,
	7	EVP_MAC_CTX, EVP_MAC_CTX_new, EVP_MAC_CTX_free, EVP_MAC_CTX_dup,
	8	EVP_MAC_CTX_mac, EVP_MAC_CTX_get_params, EVP_MAC_CTX_set_params,
	9	EVP_MAC_size, EVP_MAC_init, EVP_MAC_update, EVP_MAC_final,
	10	EVP_MAC_CTX_gettable_params, EVP_MAC_CTX_settable_params
	11	- EVP MAC routines
	12
	13	=head1 SYNOPSIS
	14
	15	#include <openssl/evp.h>
	16
	17	typedef struct evp_mac_st EVP_MAC;
	18	typedef struct evp_mac_ctx_st EVP_MAC_CTX;
	19
	20	EVP_MAC EVP_MAC_fetch(OPENSSL_CTX libctx, const char *algorithm,
	21	const char *properties);
	22	int EVP_MAC_up_ref(EVP_MAC *mac);
	23	void EVP_MAC_free(EVP_MAC *mac);
	24	const char EVP_MAC_name(const EVP_MAC mac);
	25	int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]);
	26
	27	EVP_MAC_CTX EVP_MAC_CTX_new(EVP_MAC mac);
	28	void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx);
	29	EVP_MAC_CTX EVP_MAC_CTX_dup(const EVP_MAC_CTX src);
	30	EVP_MAC EVP_MAC_CTX_mac(EVP_MAC_CTX ctx);
	31	int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]);
	32	int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]);
	33
	34	size_t EVP_MAC_size(EVP_MAC_CTX *ctx);
	35	int EVP_MAC_init(EVP_MAC_CTX *ctx);
	36	int EVP_MAC_update(EVP_MAC_CTX ctx, const unsigned char data, size_t datalen);
	37	int EVP_MAC_final(EVP_MAC_CTX *ctx,
	38	unsigned char out, size_t outl, size_t outsize);
	39
	40	const OSSL_PARAM EVP_MAC_gettable_params(const EVP_MAC mac);
	41	const OSSL_PARAM EVP_MAC_CTX_gettable_params(const EVP_MAC mac);
	42	const OSSL_PARAM EVP_MAC_CTX_settable_params(const EVP_MAC mac);
	43
	44	=head1 DESCRIPTION
	45
	46	These types and functions help the application to calculate MACs of
	47	different types and with different underlying algorithms if there are
	48	any.
	49
	50	MACs are a bit complex insofar that some of them use other algorithms
	51	for actual computation. HMAC uses a digest, and CMAC uses a cipher.
	52	Therefore, there are sometimes two contexts to keep track of, one for
	53	the MAC algorithm itself and one for the underlying computation
	54	algorithm if there is one.
	55
	56	To make things less ambiguous, this manual talks about a "context" or
	57	"MAC context", which is to denote the MAC level context, and about a
	58	"underlying context", or "computation context", which is to denote the
	59	context for the underlying computation algorithm if there is one.
	60
	61	=head2 Types
	62
	63	B<EVP_MAC> is a type that holds the implementation of a MAC.
	64
	65	B<EVP_MAC_CTX> is a context type that holds internal MAC information
	66	as well as a reference to a computation context, for those MACs that
	67	rely on an underlying computation algorithm.
	68
	69	=head2 Algorithm implementation fetching
	70
	71	EVP_MAC_fetch() fetches an implementation of a MAC I<algorithm>, given
	72	a library context I<libctx> and a set of I<properties>.
	73	See L<provider(7)/Fetching algorithms> for further information.
	74
	75	The returned value must eventually be freed with
	76	L<EVP_MAC_free(3)>.
	77
	78	EVP_MAC_up_ref() increments the reference count of an already fetched
	79	MAC.
	80
	81	EVP_MAC_free() frees a fetched algorithm.
	82	NULL is a valid parameter, for which this function is a no-op.
	83
	84	=head2 Context manipulation functions
	85
	86	EVP_MAC_CTX_new() creates a new context for the MAC type I<mac>.
	87	The created context can then be used with most other functions
	88	described here.
	89
	90	EVP_MAC_CTX_free() frees the contents of the context, including an
	91	underlying context if there is one, as well as the context itself.
	92	NULL is a valid parameter, for which this function is a no-op.
	93
	94	EVP_MAC_CTX_dup() duplicates the I<src> context and returns a newly allocated
	95	context.
	96
	97	EVP_MAC_CTX_mac() returns the B<EVP_MAC> associated with the context
	98	I<ctx>.
	99
	100	=head2 Computing functions
	101
	102	EVP_MAC_init() sets up the underlying context with information given
	103	through diverse controls.
	104	This should be called before calling EVP_MAC_update() and
	105	EVP_MAC_final().
	106
	107	EVP_MAC_update() adds I<datalen> bytes from I<data> to the MAC input.
	108
	109	EVP_MAC_final() does the final computation and stores the result in
	110	the memory pointed at by I<out> of size I<outsize>, and sets the number
	111	of bytes written in I<*outl> at.
	112	If I<out> is B<NULL> or I<outsize> is too small, then no computation
	113	is made.
	114	To figure out what the output length will be and allocate space for it
	115	dynamically, simply call with I<out> being B<NULL> and I<outl>
	116	pointing at a valid location, then allocate space and make a second
	117	call with I<out> pointing at the allocated space.
	118
	119	EVP_MAC_get_params() retrieves details about the implementation
	120	I<mac>.
	121	The set of parameters given with I<params> determine exactly what
	122	parameters should be retrieved.
	123	Note that a parameter that is unknown in the underlying context is
	124	simply ignored.
	125
	126	EVP_MAC_CTX_get_params() retrieves chosen parameters, given the
	127	context I<ctx> and its underlying context.
	128	The set of parameters given with I<params> determine exactly what
	129	parameters should be retrieved.
	130	Note that a parameter that is unknown in the underlying context is
	131	simply ignored.
	132
	133	EVP_MAC_CTX_set_params() passes chosen parameters to the underlying
	134	context, given a context I<ctx>.
	135	The set of parameters given with I<params> determine exactly what
	136	parameters are passed down.
	137	Note that a parameter that is unknown in the underlying context is
	138	simply ignored.
	139	Also, what happens when a needed parameter isn't passed down is
	140	defined by the implementation.
	141
	142	EVP_MAC_gettable_params(), EVP_MAC_CTX_gettable_params() and
	143	EVP_MAC_CTX_settable_params() get a constant B<OSSL_PARAM> array that
	144	decribes the retrievable and settable parameters, i.e. parameters that
	145	can be used with EVP_MAC_CTX_get_params(), EVP_MAC_CTX_get_params()
	146	and EVP_MAC_CTX_set_params(), respectively.
	147	See L<OSSL_PARAM(3)> for the use of B<OSSL_PARAM> as parameter descriptor.
	148
	149	=head2 Information functions
	150
	151	EVP_MAC_size() returns the MAC output size for the given context.
	152
	153	EVP_MAC_name() returns the name of the given MAC implementation.
	154
	155	=head1 PARAMETER NAMES
	156
	157	The standard parameter names are:
	158
	159	=over 4
	160
	161	=item OSSL_MAC_PARAM_KEY ("key") <octet string>
	162
	163	Its value is the MAC key as an array of bytes.
	164
	165	For MACs that use an underlying computation algorithm, the algorithm
	166	must be set first, see parameter names "algorithm" below.
	167
	168	=item OSSL_MAC_PARAM_IV ("iv") <octet string>
	169
	170	Some MAC implementations require an IV, this parameter sets the IV.
	171
	172	=item OSSL_MAC_PARAM_CUSTOM ("custom") <octet string>
	173
	174	Some MAC implementations (KMAC, BLAKE2) accept a Customization String,
	175	this parameter sets the Customization String. The default value is the
	176	empty string.
	177
	178	=item OSSL_MAC_PARAM_SALT ("salt") <octet string>
	179
	180	This option is used by BLAKE2 MAC.
	181
	182	=item OSSL_MAC_PARAM_XOF ("xof") <int>
	183
	184	It's a simple flag, the value 0 or 1 are expected.
	185
	186	This option is used by KMAC.
	187
	188	=item OSSL_MAC_PARAM_FLAGS ("flags") <int>
	189
	190	These will set the MAC flags to the given numbers.
	191	Some MACs do not support this option.
	192
	193	=item OSSL_MAC_PARAM_ENGINE ("engine") <utf8string>
	194
	195	=item OSSL_MAC_PARAM_MD ("md") <utf8string>
	196
	197	=item OSSL_MAC_PARAM_DIGEST ("digest") <utf8string>
	198
	199	=item OSSL_MAC_PARAM_CIPHER ("cipher") <utf8string>
	200
	201	=item OSSL_MAC_PARAM_ALGORITHM ("algorithm") <utf8string>
	202
	203	For MAC implementations that use an underlying computation algorithm,
	204	these parameters set what the algorithm should be, and the engine that
	205	implements the algorithm if needed.
	206
	207	The value is always the name of the intended engine or algorithm.
	208
	209	Note that not all algorithms may support all digests.
	210	HMAC does not support variable output length digests such as SHAKE128
	211	or SHAKE256.
	212
	213	Also note that OSSL_MAC_PARAM_ALGORITHM can be use generically instead
	214	of OSSL_MAC_PARAM_MD, OSSL_MAC_PARAM_DIGEST or OSSL_MAC_PARAM_CIPHER,
	215	and that OSSL_MAC_PARAM_MD and OSSL_MAC_PARAM_DIGEST are also interchangable.
	216
	217	=item OSSL_MAC_PARAM_SIZE <unsigned int>
	218
	219	For MAC implementations that support it, set the output size that
	220	EVP_MAC_final() should produce.
	221	The allowed sizes vary between MAC implementations.
	222
	223	=back
	224
	225	All these parameters should be used before the calls to any of
	226	EVP_MAC_init(), EVP_MAC_update() and EVP_MAC_final() for a full
	227	computation.
	228	Anything else may give undefined results.
	229
	230	=head1 RETURN VALUES
	231
	232	EVP_MAC_fetch() returns a pointer to a newly fetched EVP_MAC, or
	233	NULL if allocation failed.
	234
	235	EVP_MAC_up_ref() returns 1 on success, 0 on error.
	236
	237	EVP_MAC_free() returns nothing at all.
	238
	239	EVP_MAC_name() returns the name of the MAC, or NULL if NULL was
	240	passed.
	241
	242	EVP_MAC_CTX_new() and EVP_MAC_CTX_dup() return a pointer to a newly
	243	created EVP_MAC_CTX, or NULL if allocation failed.
	244
	245	EVP_MAC_CTX_free() returns nothing at all.
	246
	247	EVP_MAC_CTX_get_params() and EVP_MAC_CTX_set_params() return 1 on
	248	success, 0 on error.
	249
	250	EVP_MAC_init(), EVP_MAC_update(), and EVP_MAC_final() return 1 on success, 0
	251	on error.
	252
	253	EVP_MAC_size() returns the expected output size, or 0 if it isn't
	254	set.
	255	If it isn't set, a call to EVP_MAC_init() should get it set.
	256
	257
	258	=head1 EXAMPLE
	259
	260	#include <stdlib.h>
	261	#include <stdio.h>
	262	#include <string.h>
	263	#include <stdarg.h>
	264	#include <unistd.h>
	265
	266	#include <openssl/evp.h>
	267	#include <openssl/err.h>
	268	#include <openssl/params.h>
	269
	270	int main() {
	271	EVP_MAC *mac = EVP_MAC_fetch(NULL, getenv("MY_MAC"), NULL);
	272	const char *cipher = getenv("MY_MAC_CIPHER");
	273	const char *digest = getenv("MY_MAC_DIGEST");
	274	const char *key = getenv("MY_KEY");
	275	EVP_MAC_CTX *ctx = NULL;
	276
	277	unsigned char buf[4096];
	278	ssize_t read_l;
	279	size_t final_l;
	280
	281	size_t i;
	282
	283	OSSL_PARAM params[4];
	284	size_t params_n = 0;
	285
	286	if (cipher != NULL)
	287	params[params_n++] =
	288	OSSL_PARAM_construct_utf8_string("cipher", cipher,
	289	strlen(cipher) + 1, NULL);
	290	if (digest != NULL)
	291	params[params_n++] =
	292	OSSL_PARAM_construct_utf8_string("digest", digest,
	293	strlen(digest) + 1, NULL);
	294	params[params_n++] =
	295	OSSL_PARAM_construct_octet_string("key", key, strlen(key), NULL);
	296	params[params_n] = OSSL_PARAM_construct_end();
	297
	298	if (mac == NULL
	299	\|\| key == NULL
	300	\|\| (ctx = EVP_MAC_CTX_new(mac)) == NULL
	301	\|\| EVP_MAC_CTX_set_params(ctx, params) <= 0)
	302	goto err;
	303
	304	if (!EVP_MAC_init(ctx))
	305	goto err;
	306
	307	while ( (read_l = read(STDIN_FILENO, buf, sizeof(buf))) < 0) {
	308	if (!EVP_MAC_update(ctx, buf, read_l))
	309	goto err;
	310	}
	311
	312	if (!EVP_MAC_final(ctx, buf, &final_l))
	313	goto err;
	314
	315	printf("Result: ");
	316	for (i = 0; i < final_l; i++)
	317	printf("%02X", buf[i]);
	318	printf("\n");
	319
	320	EVP_MAC_CTX_free(ctx);
	321	EVP_MAC_free(mac);
	322	exit(0);
	323
	324	err:
	325	EVP_MAC_CTX_free(ctx);
	326	EVP_MAC_free(mac);
	327	fprintf(stderr, "Something went wrong\n");
	328	ERR_print_errors_fp(stderr);
	329	exit (1);
	330	}
	331
	332	A run of this program, called with correct environment variables, can
	333	look like this:
	334
	335	$ MY_MAC=cmac MY_KEY=secret0123456789 MY_MAC_CIPHER=aes-128-cbc \
	336	LD_LIBRARY_PATH=. ./foo < foo.c
	337	Result: ECCAAFF041B22A2299EB90A1B53B6D45
	338
	339	(in this example, that program was stored in F<foo.c> and compiled to
	340	F<./foo>)
	341
	342	=head1 SEE ALSO
	343
	344	L<property(7)>
	345	L<OSSL_PARAM(3)>,
	346	L<EVP_MAC_BLAKE2(7)>,
	347	L<EVP_MAC_CMAC(7)>,
	348	L<EVP_MAC_GMAC(7)>,
	349	L<EVP_MAC_HMAC(7)>,
	350	L<EVP_MAC_KMAC(7)>,
	351	L<EVP_MAC_SIPHASH(7)>,
	352	L<EVP_MAC_POLY1305(7)>
	353
	354	=head1 HISTORY
	355
	356	These functions were added in OpenSSL 3.0.
	357
	358	=head1 COPYRIGHT
	359
	360	Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
	361
	362	Licensed under the Apache License 2.0 (the "License"). You may not use
	363	this file except in compliance with the License. You can obtain a copy
	364	in the file LICENSE in the source distribution or at
	365	L<https://www.openssl.org/source/license.html>.
	366
	367	=cut