| =pod |
| |
| =head1 NAME |
| |
| EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal, EVP_MAX_MD_SIZE, |
| EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, |
| EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, |
| EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2, |
| EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj - |
| EVP digest routines |
| |
| =head1 SYNOPSIS |
| |
| #include <openssl/evp.h> |
| |
| void EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); |
| void EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); |
| void EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, |
| unsigned int *s); |
| |
| #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */ |
| |
| int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in); |
| |
| #define EVP_MD_type(e) ((e)->type) |
| #define EVP_MD_pkey_type(e) ((e)->pkey_type) |
| #define EVP_MD_size(e) ((e)->md_size) |
| #define EVP_MD_block_size(e) ((e)->block_size) |
| |
| #define EVP_MD_CTX_md(e) (e)->digest) |
| #define EVP_MD_CTX_size(e) EVP_MD_size((e)->digest) |
| #define EVP_MD_CTX_block_size(e) EVP_MD_block_size((e)->digest) |
| #define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest) |
| |
| EVP_MD *EVP_md_null(void); |
| EVP_MD *EVP_md2(void); |
| EVP_MD *EVP_md5(void); |
| EVP_MD *EVP_sha(void); |
| EVP_MD *EVP_sha1(void); |
| EVP_MD *EVP_dss(void); |
| EVP_MD *EVP_dss1(void); |
| EVP_MD *EVP_mdc2(void); |
| EVP_MD *EVP_ripemd160(void); |
| |
| const EVP_MD *EVP_get_digestbyname(const char *name); |
| #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) |
| #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) |
| |
| =head1 DESCRIPTION |
| |
| The EVP digest routines are a high level interface to message digests. |
| |
| EVP_DigestInit() initializes a digest context B<ctx> to use a digest |
| B<type>: this will typically be supplied by a function such as |
| EVP_sha1(). |
| |
| EVP_DigestUpdate() hashes B<cnt> bytes of data at B<d> into the |
| digest context B<ctx>. This function can be called several times on the |
| same B<ctx> to hash additional data. |
| |
| EVP_DigestFinal() retrieves the digest value from B<ctx> and places |
| it in B<md>. If the B<s> parameter is not NULL then the number of |
| bytes of data written (i.e. the length of the digest) will be written |
| to the integer at B<s>, at most B<EVP_MAX_MD_SIZE> bytes will be written. |
| After calling EVP_DigestFinal() no additional calls to EVP_DigestUpdate() |
| can be made, but EVP_DigestInit() can be called to initialize a new |
| digest operation. |
| |
| EVP_MD_CTX_copy() can be used to copy the message digest state from |
| B<in> to B<out>. This is useful if large amounts of data are to be |
| hashed which only differ in the last few bytes. |
| |
| EVP_MD_size() and EVP_MD_CTX_size() return the size of the message digest |
| when passed an B<EVP_MD> or an B<EVP_MD_CTX> structure, i.e. the size of the |
| hash. |
| |
| EVP_MD_block_size() and EVP_MD_CTX_block_size() return the block size of the |
| message digest when passed an B<EVP_MD> or an B<EVP_MD_CTX> structure. |
| |
| EVP_MD_type() and EVP_MD_CTX_type() return the NID of the OBJECT IDENTIFIER |
| representing the given message digest when passed an B<EVP_MD> structure. |
| For example EVP_MD_type(EVP_sha1()) returns B<NID_sha1>. This function is |
| normally used when setting ASN1 OIDs. |
| |
| EVP_MD_CTX_md() returns the B<EVP_MD> structure corresponding to the passed |
| B<EVP_MD_CTX>. |
| |
| EVP_MD_pkey_type() returns the NID of the public key signing algorithm associated |
| with this digest. For example EVP_sha1() is associated with RSA so this will |
| return B<NID_sha1WithRSAEncryption>. This "link" between digests and signature |
| algorithms may not be retained in future versions of OpenSSL. |
| |
| EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_mdc2() and EVP_ripemd160() |
| return B<EVP_MD> structures for the MD2, MD5, SHA, SHA1, MDC2 and RIPEMD160 digest |
| algorithms respectively. The associated signature algorithm is RSA in each case. |
| |
| EVP_dss() and EVP_dss1() return B<EVP_MD> structures for SHA and SHA1 digest |
| algorithms but using DSS (DSA) for the signature algorithm. |
| |
| EVP_md_null() is a "null" message digest that does nothing: i.e. the hash it |
| returns is of zero length. |
| |
| EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj() |
| return an B<EVP_MD> structure when passed a digest name, a digest NID or |
| an ASN1_OBJECT structure respectively. The digest table must be initialized |
| using, for example, OpenSSL_add_all_digests() for these functions to work. |
| |
| =head1 RETURN VALUES |
| |
| EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() do not return values. |
| |
| EVP_MD_CTX_copy() returns 1 if successful or 0 for failure. |
| |
| EVP_MD_type(), EVP_MD_pkey_type() and EVP_MD_type() return the NID of the |
| corresponding OBJECT IDENTIFIER or NID_undef if none exists. |
| |
| EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size(e), EVP_MD_size(), |
| EVP_MD_CTX_block_size() and EVP_MD_block_size() return the digest or block |
| size in bytes. |
| |
| EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(), |
| EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the |
| corresponding EVP_MD structures. |
| |
| EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj() |
| return either an B<EVP_MD> structure or NULL if an error occurs. |
| |
| =head1 NOTES |
| |
| The B<EVP> interface to message digests should almost always be used in |
| preference to the low level interfaces. This is because the code then becomes |
| transparent to the digest used and much more flexible. |
| |
| SHA1 is the digest of choice for new applications. The other digest algorithms |
| are still in common use. |
| |
| =head1 EXAMPLE |
| |
| This example digests the data "Test Message\n" and "Hello World\n", using the |
| digest name passed on the command line. |
| |
| #include <stdio.h> |
| #include <openssl/evp.h> |
| |
| main(int argc, char *argv[]) |
| { |
| EVP_MD_CTX mdctx; |
| const EVP_MD *md; |
| char mess1[] = "Test Message\n"; |
| char mess2[] = "Hello World\n"; |
| unsigned char md_value[EVP_MAX_MD_SIZE]; |
| int md_len, i; |
| |
| OpenSSL_add_all_digests(); |
| |
| if(!argv[1]) { |
| printf("Usage: mdtest digestname\n"); |
| exit(1); |
| } |
| |
| md = EVP_get_digestbyname(argv[1]); |
| |
| if(!md) { |
| printf("Unknown message digest %s\n", argv[1]); |
| exit(1); |
| } |
| |
| EVP_DigestInit(&mdctx, md); |
| EVP_DigestUpdate(&mdctx, mess1, strlen(mess1)); |
| EVP_DigestUpdate(&mdctx, mess2, strlen(mess2)); |
| EVP_DigestFinal(&mdctx, md_value, &md_len); |
| |
| printf("Digest is: "); |
| for(i = 0; i < md_len; i++) printf("%02x", md_value[i]); |
| printf("\n"); |
| } |
| |
| =head1 BUGS |
| |
| Several of the functions do not return values: maybe they should. Although the |
| internal digest operations will never fail some future hardware based operations |
| might. |
| |
| The link between digests and signing algorithms results in a situation where |
| EVP_sha1() must be used with RSA and EVP_dss1() must be used with DSS |
| even though they are identical digests. |
| |
| The size of an B<EVP_MD_CTX> structure is determined at compile time: this results |
| in code that must be recompiled if the size of B<EVP_MD_CTX> increases. |
| |
| =head1 SEE ALSO |
| |
| L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, |
| L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>, |
| L<sha(3)|sha(3)>, L<digest(1)|digest(1)> |
| |
| =head1 HISTORY |
| |
| EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() are |
| available in all versions of SSLeay and OpenSSL. |
| |
| =cut |
