Hash Lab

Ecosystem · Libraries

OpenSSL (and family)

The dominant open-source TLS / crypto library, by a wide margin. OpenSSL ships in nearly every Linux distribution, in macOS as a compatibility shim, on Windows via vcpkg, and in countless server applications. Its openssl(1) CLI is the one-liner answer to most hashing questions, and libcrypto is the C library embedded in everything from Postgres to OpenSSH.

The CLI cheatsheet

openssl dgst -sha256 file.bin           # SHA-256 of a file
openssl dgst -sha3-256 -hex file.bin    # SHA3-256
openssl dgst -blake2b512 file.bin       # BLAKE2b-512
openssl dgst -hmac KEY -sha256 file.bin # HMAC-SHA-256

# Streaming via pipe
cat file.bin | openssl dgst -sha512

# Verify a published digest
echo "$EXPECTED  file.bin" | openssl dgst -sha256 -check

Hash algorithms in mainline OpenSSL 3.x

libcrypto programmer-facing API

Modern OpenSSL (3.x) uses the EVP abstraction:

#include <openssl/evp.h>
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
EVP_DigestInit_ex(ctx, EVP_sha256(), NULL);
EVP_DigestUpdate(ctx, data, len);
unsigned char digest[EVP_MAX_MD_SIZE];
unsigned int dlen;
EVP_DigestFinal_ex(ctx, digest, &dlen);
EVP_MD_CTX_free(ctx);

Forks worth knowing

FIPS and HACL*

For regulated environments, OpenSSL ships a FIPS provider. For formally-verified hash code, see HACL* (proven correct in F*). Major projects (Mozilla NSS, EverCrypt) integrate HACL* for performance-critical primitives.

References