1=pod 2 3=head1 NAME 4 5EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate, 6EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE, 7EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, 8EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, 9EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2, 10EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj - 11EVP digest routines 12 13=head1 SYNOPSIS 14 15 #include <openssl/evp.h> 16 17 void EVP_MD_CTX_init(EVP_MD_CTX *ctx); 18 EVP_MD_CTX *EVP_MD_CTX_create(void); 19 20 int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); 21 int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); 22 int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, 23 unsigned int *s); 24 25 int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); 26 void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); 27 28 int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); 29 30 int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); 31 int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, 32 unsigned int *s); 33 34 int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in); 35 36 #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */ 37 38 39 #define EVP_MD_type(e) ((e)->type) 40 #define EVP_MD_pkey_type(e) ((e)->pkey_type) 41 #define EVP_MD_size(e) ((e)->md_size) 42 #define EVP_MD_block_size(e) ((e)->block_size) 43 44 #define EVP_MD_CTX_md(e) (e)->digest) 45 #define EVP_MD_CTX_size(e) EVP_MD_size((e)->digest) 46 #define EVP_MD_CTX_block_size(e) EVP_MD_block_size((e)->digest) 47 #define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest) 48 49 const EVP_MD *EVP_md_null(void); 50 const EVP_MD *EVP_md2(void); 51 const EVP_MD *EVP_md5(void); 52 const EVP_MD *EVP_sha(void); 53 const EVP_MD *EVP_sha1(void); 54 const EVP_MD *EVP_dss(void); 55 const EVP_MD *EVP_dss1(void); 56 const EVP_MD *EVP_mdc2(void); 57 const EVP_MD *EVP_ripemd160(void); 58 59 const EVP_MD *EVP_get_digestbyname(const char *name); 60 #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) 61 #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) 62 63=head1 DESCRIPTION 64 65The EVP digest routines are a high level interface to message digests. 66 67EVP_MD_CTX_init() initializes digest contet B<ctx>. 68 69EVP_MD_CTX_create() allocates, initializes and returns a digest contet. 70 71EVP_DigestInit_ex() sets up digest context B<ctx> to use a digest 72B<type> from ENGINE B<impl>. B<ctx> must be initialized before calling this 73function. B<type> will typically be supplied by a functionsuch as EVP_sha1(). 74If B<impl> is NULL then the default implementation of digest B<type> is used. 75 76EVP_DigestUpdate() hashes B<cnt> bytes of data at B<d> into the 77digest context B<ctx>. This function can be called several times on the 78same B<ctx> to hash additional data. 79 80EVP_DigestFinal_ex() retrieves the digest value from B<ctx> and places 81it in B<md>. If the B<s> parameter is not NULL then the number of 82bytes of data written (i.e. the length of the digest) will be written 83to the integer at B<s>, at most B<EVP_MAX_MD_SIZE> bytes will be written. 84After calling EVP_DigestFinal_ex() no additional calls to EVP_DigestUpdate() 85can be made, but EVP_DigestInit_ex() can be called to initialize a new 86digest operation. 87 88EVP_MD_CTX_cleanup() cleans up digest context B<ctx>, it should be called 89after a digest context is no longer needed. 90 91EVP_MD_CTX_destroy() cleans up digest context B<ctx> and frees up the 92space allocated to it, it should be called only on a context created 93using EVP_MD_CTX_create(). 94 95EVP_MD_CTX_copy_ex() can be used to copy the message digest state from 96B<in> to B<out>. This is useful if large amounts of data are to be 97hashed which only differ in the last few bytes. B<out> must be initialized 98before calling this function. 99 100EVP_DigestInit() behaves in the same way as EVP_DigestInit_ex() except 101the passed context B<ctx> does not have to be initialized, and it always 102uses the default digest implementation. 103 104EVP_DigestFinal() is similar to EVP_DigestFinal_ex() except the digest 105contet B<ctx> is automatically cleaned up. 106 107EVP_MD_CTX_copy() is similar to EVP_MD_CTX_copy_ex() except the destination 108B<out> does not have to be initialized. 109 110EVP_MD_size() and EVP_MD_CTX_size() return the size of the message digest 111when passed an B<EVP_MD> or an B<EVP_MD_CTX> structure, i.e. the size of the 112hash. 113 114EVP_MD_block_size() and EVP_MD_CTX_block_size() return the block size of the 115message digest when passed an B<EVP_MD> or an B<EVP_MD_CTX> structure. 116 117EVP_MD_type() and EVP_MD_CTX_type() return the NID of the OBJECT IDENTIFIER 118representing the given message digest when passed an B<EVP_MD> structure. 119For example EVP_MD_type(EVP_sha1()) returns B<NID_sha1>. This function is 120normally used when setting ASN1 OIDs. 121 122EVP_MD_CTX_md() returns the B<EVP_MD> structure corresponding to the passed 123B<EVP_MD_CTX>. 124 125EVP_MD_pkey_type() returns the NID of the public key signing algorithm associated 126with this digest. For example EVP_sha1() is associated with RSA so this will 127return B<NID_sha1WithRSAEncryption>. This "link" between digests and signature 128algorithms may not be retained in future versions of OpenSSL. 129 130EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_mdc2() and EVP_ripemd160() 131return B<EVP_MD> structures for the MD2, MD5, SHA, SHA1, MDC2 and RIPEMD160 digest 132algorithms respectively. The associated signature algorithm is RSA in each case. 133 134EVP_dss() and EVP_dss1() return B<EVP_MD> structures for SHA and SHA1 digest 135algorithms but using DSS (DSA) for the signature algorithm. 136 137EVP_md_null() is a "null" message digest that does nothing: i.e. the hash it 138returns is of zero length. 139 140EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj() 141return an B<EVP_MD> structure when passed a digest name, a digest NID or 142an ASN1_OBJECT structure respectively. The digest table must be initialized 143using, for example, OpenSSL_add_all_digests() for these functions to work. 144 145=head1 RETURN VALUES 146 147EVP_DigestInit_ex(), EVP_DigestUpdate() and EVP_DigestFinal_ex() return 1 for 148success and 0 for failure. 149 150EVP_MD_CTX_copy_ex() returns 1 if successful or 0 for failure. 151 152EVP_MD_type(), EVP_MD_pkey_type() and EVP_MD_type() return the NID of the 153corresponding OBJECT IDENTIFIER or NID_undef if none exists. 154 155EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size(e), EVP_MD_size(), 156EVP_MD_CTX_block_size() and EVP_MD_block_size() return the digest or block 157size in bytes. 158 159EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(), 160EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the 161corresponding EVP_MD structures. 162 163EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj() 164return either an B<EVP_MD> structure or NULL if an error occurs. 165 166=head1 NOTES 167 168The B<EVP> interface to message digests should almost always be used in 169preference to the low level interfaces. This is because the code then becomes 170transparent to the digest used and much more flexible. 171 172SHA1 is the digest of choice for new applications. The other digest algorithms 173are still in common use. 174 175For most applications the B<impl> parameter to EVP_DigestInit_ex() will be 176set to NULL to use the default digest implementation. 177 178The functions EVP_DigestInit(), EVP_DigestFinal() and EVP_MD_CTX_copy() are 179obsolete but are retained to maintain compatibility with existing code. New 180applications should use EVP_DigestInit_ex(), EVP_DigestFinal_ex() and 181EVP_MD_CTX_copy_ex() because they can efficiently reuse a digest context 182instead of initializing and cleaning it up on each call and allow non default 183implementations of digests to be specified. 184 185In OpenSSL 0.9.7 and later if digest contexts are not cleaned up after use 186memory leaks will occur. 187 188=head1 EXAMPLE 189 190This example digests the data "Test Message\n" and "Hello World\n", using the 191digest name passed on the command line. 192 193 #include <stdio.h> 194 #include <openssl/evp.h> 195 196 main(int argc, char *argv[]) 197 { 198 EVP_MD_CTX mdctx; 199 const EVP_MD *md; 200 char mess1[] = "Test Message\n"; 201 char mess2[] = "Hello World\n"; 202 unsigned char md_value[EVP_MAX_MD_SIZE]; 203 int md_len, i; 204 205 OpenSSL_add_all_digests(); 206 207 if(!argv[1]) { 208 printf("Usage: mdtest digestname\n"); 209 exit(1); 210 } 211 212 md = EVP_get_digestbyname(argv[1]); 213 214 if(!md) { 215 printf("Unknown message digest %s\n", argv[1]); 216 exit(1); 217 } 218 219 EVP_MD_CTX_init(&mdctx); 220 EVP_DigestInit_ex(&mdctx, md, NULL); 221 EVP_DigestUpdate(&mdctx, mess1, strlen(mess1)); 222 EVP_DigestUpdate(&mdctx, mess2, strlen(mess2)); 223 EVP_DigestFinal_ex(&mdctx, md_value, &md_len); 224 EVP_MD_CTX_cleanup(&mdctx); 225 226 printf("Digest is: "); 227 for(i = 0; i < md_len; i++) printf("%02x", md_value[i]); 228 printf("\n"); 229 } 230 231=head1 BUGS 232 233The link between digests and signing algorithms results in a situation where 234EVP_sha1() must be used with RSA and EVP_dss1() must be used with DSS 235even though they are identical digests. 236 237=head1 SEE ALSO 238 239L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, 240L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>, 241L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)> 242 243=head1 HISTORY 244 245EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() are 246available in all versions of SSLeay and OpenSSL. 247 248EVP_MD_CTX_init(), EVP_MD_CTX_create(), EVP_MD_CTX_copy_ex(), 249EVP_MD_CTX_cleanup(), EVP_MD_CTX_destroy(), EVP_DigestInit_ex() 250and EVP_DigestFinal_ex() were added in OpenSSL 0.9.7. 251 252EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), 253EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() were 254changed to return truely const EVP_MD * in OpenSSL 0.9.7. 255 256=cut 257