mirror of
https://github.com/openssl/openssl.git
synced 2024-12-20 15:33:38 +08:00
192 lines
6.6 KiB
Plaintext
192 lines
6.6 KiB
Plaintext
=pod
|
|
|
|
=head1 NAME
|
|
|
|
EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal - EVP digest routines
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
#include <openssl/evp.h>
|
|
|
|
void EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
|
|
void EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d, unsigned int cnt);
|
|
void EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
|
|
|
|
#define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */
|
|
|
|
int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);
|
|
|
|
#define EVP_MD_type(e) ((e)->type)
|
|
#define EVP_MD_pkey_type(e) ((e)->pkey_type)
|
|
#define EVP_MD_size(e) ((e)->md_size)
|
|
#define EVP_MD_block_size(e) ((e)->block_size)
|
|
|
|
#define EVP_MD_CTX_size(e) EVP_MD_size((e)->digest)
|
|
#define EVP_MD_CTX_block_size(e) EVP_MD_block_size((e)->digest)
|
|
#define EVP_MD_CTX_type(e) ((e)->digest)
|
|
|
|
EVP_MD *EVP_md_null(void);
|
|
EVP_MD *EVP_md2(void);
|
|
EVP_MD *EVP_md5(void);
|
|
EVP_MD *EVP_sha(void);
|
|
EVP_MD *EVP_sha1(void);
|
|
EVP_MD *EVP_dss(void);
|
|
EVP_MD *EVP_dss1(void);
|
|
EVP_MD *EVP_mdc2(void);
|
|
EVP_MD *EVP_ripemd160(void);
|
|
|
|
const EVP_MD *EVP_get_digestbyname(const char *name);
|
|
#define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
|
|
#define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
The EVP digest routines are a high level interface to message digests.
|
|
|
|
B<EVP_DigestInit()> initialises a digest context B<ctx> to use a digest
|
|
B<type>: this will typically be supplied by a function such as
|
|
B<EVP_sha1()>.
|
|
|
|
B<EVP_DigestUpdate()> hashes B<cnt> bytes of data at B<d> into the
|
|
digest context B<ctx>. This funtion can be called several times on the
|
|
same B<ctx> to hash additional data.
|
|
|
|
B<EVP_DigestFinal()> retrieves the digest value from B<ctx> and places
|
|
it in B<md>. If the B<s> parameter is not NULL then the number of
|
|
bytes of data written (i.e. the length of the digest) will be written
|
|
to the integer at B<s>, at most B<EVP_MAX_MD_SIZE> bytes will be written.
|
|
After calling B<EVP_DigestFinal> no additional calls to B<EVP_DigestUpdate>
|
|
can be made, but B<EVP_DigestInit> can be called to initialiase a new
|
|
digest operation.
|
|
|
|
B<EVP_MD_CTX_copy> can be used to copy the message digest state from
|
|
B<in> to B<out>. This is useful if large amounts of data are to be
|
|
hashed which only differ in the last few bytes.
|
|
|
|
B<EVP_MD_size> and B<EVP_MD_CTX_size> return the size of the message digest
|
|
when passed an B<EVP_MD> or an B<EVP_MD_CTX> structure, i.e. the size of the
|
|
hash.
|
|
|
|
B<EVP_MD_block_size> and B<EVP_MD_CTX_block_size> return the block size of the
|
|
message digest when passed an B<EVP_MD> or an B<EVP_MD_CTX> structure.
|
|
|
|
B<EVP_MD_type> and B<EVP_MD_CTX_type> return the NID of the OBJECT IDENTIFIER
|
|
representing the given message digest when passed an B<EVP_MD> structure.
|
|
For example B<EVP_MD_type(EVP_sha1())> returns B<NID_sha1>. This function is
|
|
normally used when setting ASN1 OIDs.
|
|
|
|
B<EVP_MD_CTX_type> return the B<EVP_MD> structure corresponding to the passed
|
|
B<EVP_MD_CTX>.
|
|
|
|
B<EVP_MD_pkey_type> returns the NID of the public key signing algorithm associated
|
|
with this digest. For example B<EVP_sha1()> is associated with RSA so this will
|
|
return B<NID_sha1WithRSAEncryption>. This "link" between digests and signature
|
|
algorithms may not be retained in future versions of OpenSSL.
|
|
|
|
B<EVP_md2>, B<EVP_md5>, B<EVP_sha>, B<EVP_sha1>, B<EVP_mdc2> and B<EVP_ripemd160>
|
|
return B<EVP_MD> structures for the MD2, MD5, SHA, SHA1, MDC2 and RIPEMD160 digest
|
|
algorithms respectively. The associated signature algorithm is RSA in each case.
|
|
|
|
B<EVP_dss> and B<EVP_dss1> return B<EVP_MD> structures for SHA and SHA1 digest
|
|
algorithms but using DSS (DSA) for the signature algorithm.
|
|
|
|
B<EVP_md_null> is a "null" message digest that does nothing: i.e. the hash it
|
|
returns is of zero length.
|
|
|
|
B<EVP_get_digestbyname>, B<EVP_get_digestbynid> and B<EVP_get_digestbyobj>
|
|
return an B<EVP_MD> structure when passed a digest name, a digest NID or
|
|
and ASN1_OBJECT structure respectively. The digest table must be initialised
|
|
using, for example, B<OpenSSL_add_all_digests()> for these functions to work.
|
|
|
|
=head1 RETURN VALUES
|
|
|
|
EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() do not return values.
|
|
|
|
EVP_MD_CTX_copy() returns 1 if successful or 0 for failure.
|
|
|
|
EVP_MD_type(), EVP_MD_pkey_type() and EVP_MD_type() return the NID of the
|
|
corresponding OBJECT IDENTIFIER or NID_undef if none exists.
|
|
|
|
EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size(e), EVP_MD_size(),
|
|
EVP_MD_CTX_block_size() and EVP_MD_block_size() return the digest or block
|
|
size in bytes.
|
|
|
|
EVP_md_null(), EVP_MD *EVP_md2(), EVP_MD *EVP_md5(), EVP_MD *EVP_sha(),
|
|
EVP_sha1(), EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return
|
|
pointers to the corresponding EVP_MD structures.
|
|
|
|
B<EVP_get_digestbyname>, B<EVP_get_digestbynid> and B<EVP_get_digestbyobj>
|
|
return either an B<EVP_MD> structure or NULL if an error occurs.
|
|
|
|
=head1 NOTES
|
|
|
|
The B<EVP> interface to message digests should almost always be used in
|
|
preference to the low level interfaces. This is because the code then becomes
|
|
transparent to the digest used and much more flexible.
|
|
|
|
SHA1 is the digest of choice for new applications. The other digest algorithms
|
|
are still in common use.
|
|
|
|
=head1 EXAMPLE
|
|
|
|
This example digests the data "Test Message\n" and "Hello World\n", using the
|
|
digest name passed on the command line.
|
|
|
|
#include <stdio.h>
|
|
#include <openssl/evp.h>
|
|
|
|
main(int argc, char *argv[])
|
|
{
|
|
EVP_MD_CTX mdctx;
|
|
const EVP_MD *md;
|
|
char mess1[] = "Test Message\n";
|
|
char mess2[] = "Hello World\n";
|
|
unsigned char md_value[EVP_MAX_MD_SIZE];
|
|
int md_len, i;
|
|
|
|
OpenSSL_add_all_digests();
|
|
|
|
if(!argv[1]) {
|
|
printf("Usage: mdtest digestname\n");
|
|
exit(1);
|
|
}
|
|
|
|
md = EVP_get_digestbyname(argv[1]);
|
|
|
|
if(!md) {
|
|
printf("Unknown message digest %s\n", argv[1]);
|
|
exit(1);
|
|
}
|
|
|
|
EVP_DigestInit(&mdctx, md);
|
|
EVP_DigestUpdate(&mdctx, mess1, strlen(mess1));
|
|
EVP_DigestUpdate(&mdctx, mess2, strlen(mess2));
|
|
EVP_DigestFinal(&mdctx, md_value, &md_len);
|
|
|
|
printf("Digest is: ");
|
|
for(i = 0; i < md_len; i++) printf("%02x", md_value[i]);
|
|
printf("\n");
|
|
}
|
|
|
|
=head1 BUGS
|
|
|
|
B<EVP_MD_CTX_type> is not a good name because its name wrongly implies it does
|
|
the same as B<EVP_MD_type> but takes an B<EVP_MD_CTX> parameter instead.
|
|
|
|
Several of the functions do not return values: maybe they should. Although the
|
|
internal digest operations will never fail some future hardware based operations
|
|
might.
|
|
|
|
The link between digests and signing algorithms results in a situation where
|
|
B<EVP_sha1()> must be used with RSA and B<EVP_dss1()> must be used with DSS
|
|
even though they are identical digests.
|
|
|
|
The size of an B<EVP_MD_CTX> structure is determined at compile time: this results
|
|
in code that must be recompiled if the size of B<EVP_MD_CTX> increases.
|
|
|
|
=head1 SEE ALSO
|
|
|
|
=head1 HISTORY
|
|
|
|
=cut
|